Public | Automated Build

Last pushed: a year ago
Short Description
Yet another OpenVPN container. Designed to use bridged network mode.
Full Description

Yet another OpenVPN container. Designed to use bridged network mode.

General usage

Usage example using docker-compose

version: "2"
    image: zim32/openvpn:latest
    container_name: openvpn
      - "1194:1194/udp"
      - /dev/tun:/dev/tun
    privileged: true

1) Modify env variables for your needs

  • REMOTE_HOST - host users will connect to. Default: Change to your server IP
  • REMOTE_PORT - port users will connect to. Default: 1194
  • OPENVPN_PROTO - used protocol. Default: udp
  • OPENVPN_PORT - port openvpn will listen to. Default: 1194
  • OPENVPN_DEV - device mode. Default: tun
  • OPENVPN_NET_ADDR - vpn network ip. Default: ""
  • OPENVPN_NET_MASK - vpn network mask. Default: ""
  • ALLOW_INET - whether to provide internet to clients. If true, init script will create needed iptables rules. Default: true

2) Run service

docker-compose -f compose.yml up -d openvpn

3) If you need custom certificate variables just copy original /etc/openvpn/easy-rsa/vars file, modify it and mount back to container

4) At first run you need to make some initialization in order to generate needed server certificates and process configuration files. Run:

docker-compose -f compose.yml exec openvpn initvpn

And complete all steps. After all you will see DONE. It means everything is good

5) Restart container. After this step openvpn will start listening to incoming connections

docker-compose -f compose.yml restart openvpn

You can verify openvpn started by running docker-compose -f compose.yml logs openvpn

6) Generate first user certificate

docker-compose -f compose.yml exec openvpn usercert

And complete all steps

7) Copy generated user certificate back to host

docker cp openvpn:/etc/openvpn/keys/

8) Copy to your local computer

9) Unpack it and use

sudo openvpn --config config.ovpn

If you need another user certificate just repeat steps 4-7. Don't forget to change user name and email in generated certificate

There are two important files: /root/server.append.conf and /root/user.append.ovpn. Content from this files is appended to
/etc/openvpn/server.conf and /root/user.template.ovpn respectively during step 3. Use them (create and mount inside container) if you want to add some configuration to all your server or all clients configuration (f.e. to push custom routes etc.)


There are also so called client profiles. They are located in folder /root/profiles/profile_name.ovpn, where profile_name is first argument of usercert command.
This files will be appended while generating client's certificates.
Two profiles exists by default: all-traffic and local-only.

The first one will redirect all client's traffic to OpenVPN server.
The second one is for vpn network only.

You can mount /root/profiles folder and add custom profiles if you want.


Nothing is mounted by default in this container. So if you want to persist you configuration you can mount /etc/openvpn directory to persist container recreation.
But keep this folder is a safe place in this case.

By default client-to-client is disabled. If you need it use /root/server.append.conf file. Put "client-to-client" there.

Docker Pull Command
Source Repository