With Duo Security 2-factor authentication
This image incorporates OpenVPN Access Server with Duo Security 2 factor auth.
All configuration is done via environment variables, for example:
OPENVPN_VPN__DAEMON__0__LISTEN__IP_ADDRESS
is mapped to vpn.daemon.0.listen.ip.address
, which is searched in present configuration files (as.conf and config.json), which is set to a value of an env var.
Duo Security is optional but is highly recommended, since basic account is free. All you need to do is get api credentials and enable post-auth script.
Host Mode (recommended)
Ensure to set your host's interface name
docker run \
--cap-add=NET_ADMIN \
--device /dev/net/tun:/dev/net/tun \
-v ${PWD}/db:/usr/local/openvpn_as/etc/db \
--network=host \
-e OPENVPN_ADMIN_UI__HTTPS__IP_ADDRESS="eth0" \
-e OPENVPN_CS__HTTPS__IP_ADDRESS="eth0" \
-e OPENVPN_VPN__DAEMON__0__LISTEN__IP_ADDRESS="eth0" \
-e OPENVPN_VPN__DAEMON__0__SERVER__IP_ADDRESS="eth0" \
-e OPENVPN_HOST__NAME="localhost" \
-it kireevco/openvpnas
NAT Mode
docker run \
--cap-add=NET_ADMIN \
--device /dev/net/tun:/dev/net/tun \
-v ${PWD}/db:/usr/local/openvpn_as/etc/db \
-p "943:943/tcp" \
-e OPENVPN_ADMIN_UI__HTTPS__IP_ADDRESS="eth0" \
-e OPENVPN_CS__HTTPS__IP_ADDRESS="eth0" \
-e OPENVPN_VPN__DAEMON__0__LISTEN__IP_ADDRESS="eth0" \
-e OPENVPN_VPN__DAEMON__0__SERVER__IP_ADDRESS="eth0" \
-e OPENVPN_HOST__NAME="localhost" \
-it kireevco/openvpnas
-e OPENVPN_DUO_INTEGRATION_KEY="<get-from-duo>"
-e OPENVPN_DUO_SECRET_KEY="<get-from-duo>"
-e OPENVPN_DUO_API_HOSTNAME="<get-from-duo>"
-e OPENVPN_AUTH__MODULE__POST_AUTH_SCRIPT=/usr/local/openvpn_as/scripts/duo_openvpn_as.py"