Docker Openvpn

This project provides a complete OpenVPN server deployment packaged as a Docker container, with an integrated EasyRSA certificate authority for automated public-key infrastructure management. It handles the full lifecycle of a VPN server, from initial PKI bootstrap and server configuration generation to client certificate issuance and revocation, all within a containerized environment.

The server is configured entirely through Docker environment variables, eliminating the need for manual configuration file editing. It supports time-based one-time password (TOTP) authentication as a second factor, adding an extra layer of security beyond certificate-based authentication. The container uses Docker volumes for persistent state, ensuring configuration and certificates survive container restarts and upgrades, and can be managed as a systemd service for automatic startup and failure recovery.

The toolkit includes utilities for generating single-file OpenVPN client configurations with embedded certificates for easy distribution, as well as tools for listing, revoking, and managing client certificates. It also provides operational features such as debug logging activation and server status reporting for monitoring connected clients and traffic statistics.

Features

Containerized Server Deployments - Initializes a data volume with configuration and certificates, then starts an OpenVPN server inside a Docker container.

OpenVPN Deployments - Provides a complete OpenVPN server deployment packaged as a Docker container with integrated EasyRSA PKI management.

VPN - Generates the OpenVPN server configuration file with default settings for the containerized VPN.

VPN Client Configuration Exports - Produces single-file OpenVPN client configurations with embedded certificates for easy distribution.

VPN Server Orchestration - Runs a full OpenVPN server inside a Docker container with persistent data volumes and systemd service integration.

OpenVPN Server Startups - Starts the OpenVPN server inside the container using the generated configuration and certificates.

Client Configuration Bundles - Produces single-file OpenVPN client configurations with embedded certificates for easy distribution.

Full-Tunnel VPN Routers - Forces all client network traffic through the VPN tunnel using the redirect-gateway def1 option.

VPN Client Configuration Generators - Generates single-file OpenVPN client configurations with embedded certificates for easy distribution and import.

OpenVPN Client Configuration Generators - Produces ready-to-use OpenVPN client configuration files with embedded certificates for easy distribution.

Certificate Authorities - Generates Diffie-Hellman parameters, server keys, a self-signed CA, and TLS auth key for the VPN.

Client Certificate Generators - Creates client certificates and keys using EasyRSA for authenticating VPN connections.

Certificate Authority Managers - Creates and manages a public-key infrastructure with EasyRSA for issuing, listing, and revoking client certificates.

PKI Management - Generates a complete public-key infrastructure inside the container using EasyRSA.

TOTP Authentication Systems - Integrates time-based one-time password verification via an authentication script for OpenVPN logins.

Docker Volume Persistence - Stores configuration, certificates, and keys on a Docker volume for persistence across restarts.

Environment Variable Configuration - Controls server behavior entirely through Docker environment variables, avoiding manual config file editing.

Systemd Service Deployments - Automatically starts, restarts on failure, and cleans up a Docker-based OpenVPN container using systemd.

Certificate Revocation Tools - Ships a dedicated command to revoke client certificates and remove VPN access.

Docker Container Service Automation - Manages a Docker-based OpenVPN server as a systemd service with automatic startup and restart.

Systemd Service Registrations - Manages the container lifecycle with a systemd unit that auto-starts and restarts on failure.

Certificate Revocations - Invalidates client certificates to prevent further VPN connections, with optional file deletion.

One-Time Passwords - Requires time-based one-time passwords from authenticator apps as a second factor for VPN logins.

TOTP Secret Provisioners - Generates TOTP secrets, displays QR codes for authenticator app scanning, and stores backup credentials.

Two-Factor Authentication - Enforces time-based one-time passwords from authenticator apps as a second factor for OpenVPN client logins.

Multi-Factor VPN Authenticators - Enforces time-based one-time passwords from authenticator apps as a second factor for VPN logins.

kylemannadocker-openvpn

Features

Star history