82dfe9cabd
According to the documentation docker-compose run command does not create any of the ports specified in the service configuration. So published ports should be specified in run command, otherwise you wouldn't be able to connect to the openvpn server.
1.7 KiB
1.7 KiB
Quick Start with docker-compose
- Add a new service in docker-compose.yml
version: '2'
services:
openvpn:
cap_add:
- NET_ADMIN
image: kylemanna/openvpn
container_name: openvpn
ports:
- "1194:1194/udp"
restart: always
volumes:
- ./openvpn-data/conf:/etc/openvpn
- Initialize the configuration files and certificates
docker-compose run --rm openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
docker-compose run --rm openvpn ovpn_initpki
- Fix ownership (depending on how to handle your backups, this may not be needed)
sudo chown -R $(whoami): ./openvpn-data
- Start OpenVPN server process
docker-compose up -d openvpn
- You can access the container logs with
docker-compose logs -f
- Generate a client certificate
export CLIENTNAME="your_client_name"
# with a passphrase (recommended)
docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME
# without a passphrase (not recommended)
docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass
- Retrieve the client configuration with embedded certificates
docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
- Revoke a client certificate
# Keep the corresponding crt, key and req files.
docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME
# Remove the corresponding crt, key and req files.
docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove
Debugging Tips
- Create an environment variable with the name DEBUG and value of 1 to enable debug output (using "docker -e").
docker-compose run -e DEBUG=1 -p 1194:1194/udp openvpn