container-openvpn/init/docker-openvpn@.service

[Unit]
Description=OpenVPN Docker Container
Documentation=https://github.com/kylemanna/docker-openvpn
After=network.target docker.socket
Requires=docker.socket

[Service]
RestartSec=10
Restart=always

# Modify IP6_PREFIX to match network config
#Environment="IP6_PREFIX=2001:db8::/64"
#Environment="ARGS=--config openvpn.conf --server-ipv6 2001:db8::/64"
Environment="NAME=ovpn-%i"
Environment="DATA_VOL=ovpn-data-%i"
Environment="IMG=kylemanna/openvpn:latest"
Environment="PORT=1194:1194/udp"

# To override environment variables, use local configuration directory:
# /etc/systemd/system/docker-openvpn@foo.d/local.conf
# http://www.freedesktop.org/software/systemd/man/systemd.unit.html

# Clean-up bad state if still hanging around
ExecStartPre=-/usr/bin/docker rm -f $NAME

# Attempt to pull new image for security updates
ExecStartPre=-/usr/bin/docker pull $IMG

# IPv6: Ensure forwarding is enabled on host's networking stack (hacky)
# Would be nice to use systemd-network on the host, but this doens't work
# http://lists.freedesktop.org/archives/systemd-devel/2015-June/032762.html
ExecStartPre=/bin/sh -c 'test -z "$IP6_PREFIX" && exit 0; sysctl net.ipv6.conf.all.forwarding=1'

# Main process
ExecStart=/usr/bin/docker run --rm --privileged -v ${DATA_VOL}:/etc/openvpn:ro --name ${NAME} -p ${PORT} ${IMG} ovpn_run $ARGS

# IPv6: Add static route for IPv6 after it starts up
ExecStartPost=/bin/sh -c 'test -z "${IP6_PREFIX}" && exit 0; sleep 1; ip route replace ${IP6_PREFIX} via $(docker inspect -f "{{ .NetworkSettings.GlobalIPv6Address }}" $NAME ) dev docker0'

# IPv6: Clean-up
ExecStopPost=/bin/sh -c 'test -z "$IP6_PREFIX" && exit 0; ip route del $IP6_PREFIX dev docker0'

[Install]
WantedBy=multi-user.target