This is a dockerization of OpenVPN for multiple platforms. Key-pairs, keys and certificates are generated in the folder /home/vpn on startup in case in the folder /home/vpn/pki doesn't already exist. The generation can take a long time on devices with low proccesing power like a Raspberry PI's. The /home/vpn folder should be mapped to a persistant volume to preserve the generated keys in case of e.g. restart.
The container is build using the following command
docker buildx create --use
docker buildx build --push --platform linux/arm/v7,linux/arm64/v8,linux/amd64 --tag mscatdk/openvpn:latest .The container can be started as follows
docker run -d --rm --cap-add=NET_ADMIN -v /etc/openvpn:/home/vpn -p 1194:1194/udp -e OPENVPN_HOSTNAME="openvpn.local" mscatdk/openvpnThe environment varibale OPENVPN_HOSTNAME and the volume should be adjusted to your needs.
You can generated the needed keys for client by running the following command
# Comannd output and OVPN file content will be printed to screen
docker run -it --rm -v /etc/openvpn:/home/vpn mscatdk/openvpn /etc/openvpn/create_client.sh [Client name]
# Save the OVPN directly to file
docker run -it --rm -v /etc/openvpn:/home/vpn mscatdk/openvpn /etc/openvpn/create_client.sh [Client name] | sed -n '/^client*/,/<\/tls-auth>/p' > [Client name].ovpn
# Generate ovpn without password
docker run -it --rm -v /etc/openvpn:/home/vpn mscatdk/openvpn /etc/openvpn/create_client.sh [Client name] nopassYou can revoke client access by running the following command
docker run -it --rm -v /etc/openvpn:/home/vpn mscatdk/openvpn /etc/openvpn/revoke_client.sh [Client name]The container has been manually tested on x86 and ARM (Raspberry PI).