This is based on kylemanna/openvpn
docker image. See
their documents on how to setup the keys and what not.
All default settings are in default_settings.env
.
Run docker-compose config
to review them.
- Setup the environment
- Create volume
- Create password file
- Generate config
- Generate server files
- Save server files
- Load server files
- Generate client file(s)
- Get client file(s)
- List clients
$ make env
Note: A generated random password is saved to /tmp/ovpn_passwd.txt
. You should
move it to a safe place. (preferably, /tmp is tmpfs
).
You will be asked for password which is saved from make env
step. You could paste it here
from cat /tmp/ovpn_passwd.txt | xclip -selection c
$ make server
Save server files
$ make save_server
Load server files On the server machine that will run the openvpn server.
# Make sure a volume is created
$ make volume
$ make load_server
You will need to enter the generated password from the make env
step.
# default client vagrant
$ make client
# generate a different client
$ make OVPN_CLIENT=mickey client
Get client file(s)
# get default client set in OVPN_CLIENT env variable
$ make get_client
# get a specific client
$ make OVPN_CLIENT=mickey get_client
Env Variable |
Value |
---|---|
OVPN_IMG | kylemanna/openvpn |
OVPN_TAG | latest |
OVPN_DATA | openvpn-data |
OVPN_PASSWD | /tmp/ovpn_passwd.txt |
OVPN_CIPHER | AES-256-CBC |
OVPN_AUTH | SHA384 |
OVPN_PROTO | udp |
OVPN_CN | neofob.info |
OVPN_RHOST | openvpn.local |
OVPN_RPORT | 443 |
OVPN_CLIENT | vagrant |
OVPN_KEY_SIZE | 4096 |
OVPN_SERVER_FILE | /tmp/server.tar.xz |
Footnote: As of alpine:3.10.2
, there is a bug that when you run make server
,
the script/program easyrsa
in kylemanna/openvpn
will complain about failing to read
/etc/openvpn/pki/.rnd
. Build your own OVPN_IMG
from docker-openvpn
with alpine:3.8
as your base image.
author: tuan t. pham