OpenVPN server (or client) in a Docker container complete with an EasyRSA PKI CA.
mkdir -p /data/openvpn
docker run \
--name OPENVPN \
--cap-add NET_ADMIN \
-e OPENVPN_PROTO=tcp \
-p 1194:1194 \
-v "/data/openvpn:/openvpn" \
tsaikd/openvpn
docker-compose up -d
docker exec "OPENVPN" easyrsa build-client-full CLIENTNAME nopass
docker exec "OPENVPN" ovpn_getclient CLIENTNAME PROTO IP PORT > CLIENTNAME.ovpn
docker exec "OPENVPN" ovpn_revoke CLIENTNAME
TCP connection established with [AF_INET]XXX.XXX.XXX.XXX:XXXXX
TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:XXXXX, sid=XXXXXXXX XXXXXXXX
VERIFY ERROR: depth=0, error=CRL has expired: CN=XXXXX
OpenSSL: error:140360B2:SSL routines:ACCEPT_SR_CERT:no certificate returned
TLS_ERROR: BIO read tls_read_plaintext error
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed
run the following command to regenerate easyrsa CRL
docker exec "OPENVPN" easyrsa gen-crl
docker run \
--name VPNCLIENT \
--cap-add NET_ADMIN \
--device /dev/net/tun \
-v "/data/CLIENTNAME.ovpn:/openvpn/client.ovpn" \
tsaikd/openvpn \
openvpn --config /openvpn/client.ovpn
docker run \
--net=container:VPNCLIENT \
alpine:3.7
$ apk add --no-cache curl
$ curl http://ifconfig.io
The OpenVPN documentation recommends using the UDP protocol :
The OpenVPN protocol itself functions best over just the UDP protocol. And by default the connection profiles that you can download from the Access Server are preprogrammed to always first try UDP, and if that fails, then try TCP
To do this you just need to change the environment variable to OPENVPN_PROTO=udp
.
Then you specify to contact the udp protocol of your container by doing this : "1194:1194/udp"
So when you will create a client file, you just have to change from tcp
to udp
.