Skip to content

theohbrothers/docker-openvpn

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

175 Commits
.github
.github
 
 
.vscode
.vscode
 
 
generate
generate
 
 
variants
variants
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

docker-openvpn

github-actions github-release docker-image-size

Dockerized openvpn.

easy-rsa is not included, since is not best practice to be signing or be able to sign certs on the server. it is better to run easy-rsa in a separate container.

Tags

Tag Dockerfile Build Context
:2.6.12-alpine-edge, :latest View
:2.6.11-alpine-3.18 View
:2.5.10-alpine-3.17 View
:2.4.12-alpine-3.12 View
:2.4.11-alpine-3.11 View
:2.4.11-alpine-3.10 View
:2.4.6-alpine-3.9 View
:2.4.6-alpine-3.8 View
:2.4.4-alpine-3.7 View
:2.4.4-alpine-3.6 View
:2.3.18-alpine-3.5 View
:2.3.18-alpine-3.4 View
:2.3.18-alpine-3.3 View

Usage

It is assumed that you have knowledge of configuring openvpn. If needed, refer to the official manuals:

To run the image, at the least you should mount a /etc/openvpn/server.conf, which may be a unified openvpn profile (see INLINE FILE SUPPORT section in the openvpn manual).

docker run --rm -it --cap-add NET_ADMIN -v /path/to/server.conf:/etc/openvpn/server.conf theohbrothers/docker-openvpn:2.6.12-alpine-edge

Environment variables

The defaults should work, so that there should be no need to specify any environment variable when running the container.

Environment variables Description Default Value
OPENVPN_CONFIG_FILE Absolute path to the server config /etc/openvpn/server.conf
OPENVPN_ROUTES Space-delimited CIDRs to add iptables POSTROUTING MASQUERADE rules, performed only when NAT=1 and NAT_MASQUERADE=1 192.168.50.0/24 192.168.51.0/24
NAT Whether to use NAT. 0 to disable. 1 to enable. 1
NAT_INTERFACE Interface on which to use NAT. E.g. eth0 eth0
NAT_MASQUERADE Whether to add iptables POSTROUTING MASQUERADE rules, if NAT=1. 0 to disable. 1 to enable. Disable this if running as a client. 1
CUSTOM_FIREWALL_SCRIPT Full path to a custom script for firewall. If present, this script is executed before any other iptables rules are provisioned /etc/openvpn/firewall.sh

docker-entrypoint.sh

The entrypoint script performs (in order):

  1. Normalize environment variables
  2. Provision the tun device
  3. Execute the CUSTOM_FIREWALL_SCRIPT if it exists
  4. Provision a NAT POSTROUTING iptables rule for tunnel-to-world packets
  5. Provision a NAT POSTROUTING iptables rule each entry in OPENVPN_ROUTES
  6. List iptables
  7. Generate the final openvpn command line

IPv4 and IPv6 forwarding

If not already enabled on the host, ipv4 and ipv6 forwarding may be enabled at container runtime by using the sysctls key in docker-compose.yml, or with --sysctl flag in docker-run

Development

Requires Windows powershell or pwsh.

# Install Generate-DockerImageVariants module: https://github.com/theohbrothers/Generate-DockerImageVariants
Install-Module -Name Generate-DockerImageVariants -Repository PSGallery -Scope CurrentUser -Force -Verbose

# Edit ./generate templates

# Generate the variants
Generate-DockerImageVariants .

About

Dockerized openvpn 🐳

Topics

docker openvpn buildx generate-dockerimagevariants

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

1 fork
Report repository

Releases 23

20240727.0.0 Latest
Jul 27, 2024
+ 22 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages