└── README.md


/README.md:
--------------------------------------------------------------------------------
 1 | # Quick OpenVPN docker-compose
 2 | 
 3 | * Add a new service in docker-compose.yml
 4 | 
 5 | ```yaml
 6 | version: '2'
 7 | services:
 8 |   openvpn:
 9 |     cap_add:
10 |      - NET_ADMIN
11 |     image: kylemanna/openvpn
12 |     container_name: openvpn
13 |     ports:
14 |      - "1194:1194/udp"
15 |     restart: always
16 |     volumes:
17 |      - ./openvpn-data/conf:/etc/openvpn
18 | ```
19 | 
20 | 
21 | * Initialize the configuration files and certificates
22 | 
23 | ```bash
24 | docker-compose run --rm openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
25 | docker-compose run --rm openvpn ovpn_initpki
26 | ```
27 | 
28 | * Fix ownership (depending on how to handle your backups, this may not be needed)
29 | 
30 | ```bash
31 | sudo chown -R $(whoami): ./openvpn-data
32 | ```
33 | 
34 | * Start OpenVPN server process
35 | 
36 | ```bash
37 | docker-compose up -d openvpn
38 | ```
39 | 
40 | * You can access the container logs with
41 | 
42 | ```bash
43 | docker-compose logs -f
44 | ```
45 | 
46 | * Generate a client certificate
47 | 
48 | ```bash
49 | export CLIENTNAME="your_client_name"
50 | # with a passphrase (recommended)
51 | docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME
52 | # without a passphrase (not recommended)
53 | docker-compose run --rm openvpn easyrsa build-client-full $CLIENTNAME nopass
54 | ```
55 | 
56 | * Retrieve the client configuration with embedded certificates
57 | 
58 | ```bash
59 | docker-compose run --rm openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
60 | ```
61 | 
62 | * Revoke a client certificate
63 | 
64 | ```bash
65 | # Keep the corresponding crt, key and req files.
66 | docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME
67 | # Remove the corresponding crt, key and req files.
68 | docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove
69 | ```
70 | 
71 | ## Debugging Tips
72 | 
73 | * Create an environment variable with the name DEBUG and value of 1 to enable debug output (using "docker -e").
74 | 
75 | ```bash
76 | docker-compose run -e DEBUG=1 -p 1194:1194/udp openvpn
77 | ```
78 | 


--------------------------------------------------------------------------------