OpenVPN in Docker - Linux

Guestbook

Linux modules

1
2
# vi /etc/modules-load.d/iptables.conf
iptable-filter

Create OpenVPN volume

1
2
3
4
5
6
# mkdir -p /data/openvpn

# docker run -v /data/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://192.168.0.96

# docker run -v /data/openvpn:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki
Password: password

Generate client, openvpn-client1

1
2
3
# docker run -v /data/openvpn:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full openvpn-client1 nopass
# docker run -v /data/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient openvpn-client1 > /data/openvpn/openvpn-client1.ovpn
* Different client create different profile.

Create OpenVPN container

1
2
3
4
5
6
7
8
# docker run  -v /data/openvpn:/etc/openvpn \
-d -p 1194:1194/udp --restart=always --name openvpn \
--cap-add=NET_ADMIN \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
--sysctl net.ipv6.conf.default.forwarding=1 \
--sysctl net.ipv6.conf.all.forwarding=1  \
--name openvpn \
kylemanna/openvpn

openvpn-client1.ovpn sample

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
openvpn-client1.ovpn

client
nobind
dev tun
remote-cert-tls server

remote bastet.unixhk.com 1194 udp

<key>
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCoA4iiNIn4SgfN
3G1sJfmNZIBSd/kInua265NLUBhGpndLwzh+IBoYNIPuP1K+yTOcrDtUpr/KKW+H
i7mX3yNhxRwzV9to2uLbn2lfERAsUjn71fRw+z9P6Zv1C84Jlq1RneMOyo0RRL3/
AU9dr3PFZSJC3dyGtA5RWjs3ID7CwaxY4VbJdZZztvf8tNqPMfyQOlnerrkTHU5I
f54h7YzAGkd5fR1a77IB0Ly/GWgXtGwgZWEJnI6DofTTjDwmeIR71B49l7Mdby8j
blJLIVDW99YgVuXamylw7kVlvp2aJCiVYihsiQ3baG/8Y/p8IBw3UT5H4OQey89J
CA5BPG15AgMBAAECggEAM5niPO8l8LvL6c3pTW3cVzCmuK1gLuWetk9jzZ2r1wcJ
XJt4nkP9v7FhU6rfHvlsgJHlJvqPrOdM+bRQK/S8SSrgnmQ9XtbbFdi/5BK5hOM8
K7xqdsiziTeWToxxm0BLuuVi9wf+i28xa0Bbv8pDJD0LaL37HOPwAcxUo3mjzOxv
OY9GLCGQf2yb4mTpR4iZhO8hqoEvyjQvMImPikOd92TMX1M1TK2wVsWaqYDeeuy3
gkSrsRPx1Df70o6ZPgckJmUp0Gir3HN2w9HxD3l67EWAFjG5FduPtjpMLR2WSeuN
BBsMuQIbXadHgM6VMjffiGHzku5ypuW038SdqpSaAQKBgQDS0WC7vgZNLfLf4UuA
CqY5waMlv14koX5gI+hAmg0jF5lqfABP6tclH2mQvBQxsbF4pHhpe/oQ1pHURtz7
AtykTLD5/BxayzwBvZPUXqfKluFBOuWBie6JO8SjMPrQLmfk9V2xSr5jDY4gKUBd
4YCWG7nCkYQezxkbQZyt/ObmpQKBgQDMBbCibdRDj+A8i7trC9kToH16nQo+BBar
vh7kzttskhVeXLrPeWs1UtySYeg22+XR632uBHth5YKyHqnQPabWPnwRQne6v7Cx
yDxP6k5ALIwLyysxwFXdcAy01WdfB5dXxpRT4BOqzqIUtSXGG3lykZn6BbNjxJpW
WbccGv7HRQKBgF5zdDVo84XMmk33sE3Td5nUyXV2AYXD3MzSCZI38r7QKentWG51
tqJpKnCv8xQ4mlyEw3XvF6BHodpLTWIgbB4oRfoaG9IJz/6vovW42tAHPTBuZLje
xUIyxuyeWyC+ScnorGtsI1RZlF2QXcgx6dxW26jybREolAUEJmBFOGYJAoGAL7FE
0TOLYx/G82BWt3dVj1j8/CSpuEWMZylSX3pboM2lYSGcKdPgU97C4RUyC2DsIF5E
SuGRVhkorCqu15cR4RNKPV6kTmtxCp4cOzIyiJ3hPwCHYGHtsI346mzYdUZ5AnPR
SKog7tTO3rhZ1C2n/jg7Hk8m2DOlQHpIa7GDzWECgYB1mpxgHEG1O6EnXB2SJJEL
eh/rprUBvc8cdALnoGtXgnQuNRdkQtuMJMOCXIjQ86563xUr97ip4l7ZkxSYRt+d
vjHagfH1vwDlPeb79UVZJFbJiLI3WwyWjPfDs1SEL1LEjosV2xePz/nASH7kP/yy
jd/SckWQ+v9CQcZnn9zcCw==
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
MIIDZDCCAkygAwIBAgIRAPTU6JZQ+C7qxPrQVZRbjQgwDQYJKoZIhvcNAQELBQAw
GTEXMBUGA1UEAwwOb3BlbnZwbi1zZXJ2ZXIwHhcNMjUwMjI2MDIzMTU2WhcNMjcw
NjAxMDIzMTU2WjAaMRgwFgYDVQQDDA9vcGVudnBuLWNsaWVudDEwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoA4iiNIn4SgfN3G1sJfmNZIBSd/kInua2
65NLUBhGpndLwzh+IBoYNIPuP1K+yTOcrDtUpr/KKW+Hi7mX3yNhxRwzV9to2uLb
n2lfERAsUjn71fRw+z9P6Zv1C84Jlq1RneMOyo0RRL3/AU9dr3PFZSJC3dyGtA5R
Wjs3ID7CwaxY4VbJdZZztvf8tNqPMfyQOlnerrkTHU5If54h7YzAGkd5fR1a77IB
0Ly/GWgXtGwgZWEJnI6DofTTjDwmeIR71B49l7Mdby8jblJLIVDW99YgVuXamylw
7kVlvp2aJCiVYihsiQ3baG/8Y/p8IBw3UT5H4OQey89JCA5BPG15AgMBAAGjgaUw
gaIwCQYDVR0TBAIwADAdBgNVHQ4EFgQUqVBR9HbchkBf69/asNMTziEPzCEwVAYD
VR0jBE0wS4AULi+SlOPcjZX6EthSKkqoRiAT0XKhHaQbMBkxFzAVBgNVBAMMDm9w
ZW52cG4tc2VydmVyghRYDa/jY0qTdkpH9wqRc+MgY+ZjHDATBgNVHSUEDDAKBggr
BgEFBQcDAjALBgNVHQ8EBAMCB4AwDQYJKoZIhvcNAQELBQADggEBAGaig27LJ9AF
CvAQlGx3A5hnt4rLu5i4lXzuWZL6bcxbzK+uGdi8CetJEBeQGC8QQ+WtCLMa5TF6
MPUiJK/bH9i2tWd478KQc5HI4EqDjBlsWoDpGwwnABdhI1fUTlI7YNri/cyHjlIQ
+HuPpxh9pcf9ooY9ZK7RxOgXIBoJlVyOoFi7zDFz8CtF1RUMcQRAsImznL08X+58
xhBtDXZOmtXVJvVQZDl8QX56FG6Xh5pXqzqtxkRzRq2BszZRxiKDbNj0faT2xwER
ydVuFSaSJPhL/eOmm4NlF2PqSnZe3hu64dGCr76dWX82xR/P6PhSYk5f8PXDkW6n
E8e90Zwa+SA=
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
MIIDVDCCAjygAwIBAgIUWA2v42NKk3ZKR/cKkXPjIGPmYxwwDQYJKoZIhvcNAQEL
BQAwGTEXMBUGA1UEAwwOb3BlbnZwbi1zZXJ2ZXIwHhcNMjUwMjI1MTIyMTIwWhcN
MzUwMjIzMTIyMTIwWjAZMRcwFQYDVQQDDA5vcGVudnBuLXNlcnZlcjCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKTQPA6+2OAgGm+KyUJnLYNKsZWXXX/Z
3M9w7dy3Png5rJ4+fJwdEv2427pmf1QXj6XvO4r6gspCSyoFgAp7TFFgbwlX9JsQ
dzwGp3VcBuTJpOrDrGID1P80/8EzZ2gpzxo8p7QXOZYeIec4GO94KVEFHHvgbutW
3AfqgYTKevg4Y3BcvS7TImQC0mwSexKKqmXqCZguCuDgEct/Uff9p6jzt4L0lVro
Al/dk8mw5WWoyR9fLJx39+IOEmYNzd4/k27v++vYHUP0r6pwa0YWpyZDOQFBXvgo
IWf0iZCmaH2mOJoypIQ0S45SjP1sF069sdjKp2pdobE9YmQm13eol10CAwEAAaOB
kzCBkDAdBgNVHQ4EFgQULi+SlOPcjZX6EthSKkqoRiAT0XIwVAYDVR0jBE0wS4AU
Li+SlOPcjZX6EthSKkqoRiAT0XKhHaQbMBkxFzAVBgNVBAMMDm9wZW52cG4tc2Vy
dmVyghRYDa/jY0qTdkpH9wqRc+MgY+ZjHDAMBgNVHRMEBTADAQH/MAsGA1UdDwQE
AwIBBjANBgkqhkiG9w0BAQsFAAOCAQEASddW+5flwTbBCzpWVoMu3XRLNQoC8Ll+
cpTH5bNo+FIFxKuop49CNH3xlNqDVga10DEDhvSuyJVdcpuqxboBuNPKK3Wm4/Vs
ssT0mup6YmQ5pSqACAw5QjJyimvkYbJsee4+SLpcGhM/cRZtSIA7b/qTTgn4cfbE
fUlqwN8OmW9jhvvwnh1xzQCl0d1vMELYKU6GlPr4/xiamJWhfrIXyaC4PFm0KU6G
Rad/CgBaMbjR3ndr22CTAlxCAjgGKu3Cl1l4yLpX0wVKh67pRY1y2ku7Ds8prTan
fZDYYZMWppdMm9J+n2kW4N/nIwQsgllrS0r0Z06aFvHN7olxUIr1eA==
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
6b28205add7cd7d6cde2f0be7ee29dd9
10aa3af7ff65be1f11c61316fff68dfa
d65f54db826183dda3edf307fb591bab
ed402eef8bac87561431a686d37a3488
373e051dfff3d3ea7b1adfc11ed11e7a
90758f6e20c297a07ba67adc24168c2c
f90654f4b66318c7193563c6d677a797
af9d03f962c4d799d89c1776de60dc6b
518cff91f895d63ab6b8405313941fa4
e3f089aa21d38bf5de60d7a8eb591de6
cfbea7f461c3491cfaabb875b3b66fb2
05e4b365eed0cee1d94ab2a6d2e3ed2a
8b541d19c090eed7f894dbb5347d4196
10807da89126f8892d224ea1ae6ee575
a8a1d112eec92e7f9ae4d2699f252620
e46dd89b0f23e9f51b98497f3fc4c843
-----END OpenVPN Static key V1-----
</tls-auth>

redirect-gateway def1

Command line to connect OpenVPN client

1
$ sudo openvpn --config openvpn-client.ovpn