[Unit] Description=OpenVPN Docker Container Documentation=https://github.com/kylemanna/docker-openvpn After=network.target docker.socket Requires=docker.socket [Service] RestartSec=10 Restart=always # Modify IP6_PREFIX to match network config #Environment="IP6_PREFIX=2001:db8::/64" #Environment="ARGS=--config openvpn.conf --server-ipv6 2001:db8::/64" Environment="NAME=ovpn-%i" Environment="DATA_VOL=ovpn-data-%i" Environment="IMG=kylemanna/openvpn:dev" Environment="PORT=1194:1194/udp" # To override environment variables, use local configuration directory: # /etc/systemd/system/docker-openvpn@foo.d/local.conf # http://www.freedesktop.org/software/systemd/man/systemd.unit.html # Clean-up bad state if still hanging around ExecStartPre=-/usr/bin/docker rm -f $NAME # Attempt to pull new image for security updates ExecStartPre=-/usr/bin/docker pull $IMG # IPv6: Ensure forwarding is enabled on host's networking stack (hacky) # Would be nice to use systemd-network on the host, but this doens't work # http://lists.freedesktop.org/archives/systemd-devel/2015-June/032762.html ExecStartPre=/bin/sh -c 'test -z "$IP6_PREFIX" && exit 0; sysctl net.ipv6.conf.all.forwarding=1' # Main process ExecStart=/usr/bin/docker run --rm --privileged --volumes-from ${DATA_VOL}:ro --name ${NAME} -p ${PORT} ${IMG} ovpn_run $ARGS # IPv6: Add static route for IPv6 after it starts up ExecStartPost=/bin/sh -c 'test -z "${IP6_PREFIX}" && exit 0; sleep 1; ip route replace ${IP6_PREFIX} via $(docker inspect -f "{{ .NetworkSettings.GlobalIPv6Address }}" $NAME ) dev docker0' # IPv6: Clean-up ExecStopPost=/bin/sh -c 'test -z "$IP6_PREFIX" && exit 0; ip route del $IP6_PREFIX dev docker0' [Install] WantedBy=multi-user.target