Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

The OpenVPN instructions are heavily geared towards "docker-run" vs "docker-compose". I would use my "setup" guide to get it working, then switch over to the docker-compose method. I basically just set it up using /etc/openvpn/ then copied everything to /opt/openvpn/conf/ and used docker-compose and it "just worked". I did have to tweak the setup script a bit for docker-compose vs docker-run.

Docker-Compose:

WD=/opt/openvpn
mkdir -p $WD/{mnt,setup}
cd $WD/setup
cat << 'EOF' >docker-compose.yaml
version: '3.7'

services:
 openvpn:
    container_name: openvpn
    hostname: openvpn
    image: kylemanna/openvpn
    privileged: true
    ports:
      - 1194:1194/udp
    volumes:
      - type: bind
        source: /opt/openvpn/conf/
        target: /etc/openvpn
      - type: bind
        source: /opt/openvpn/mnt/
        target: /mnt

    environment:
      - 'TZ=America/Whitehorse'

    cap_add:
      - NET_ADMIN

EOF
chmod +x docker-compose.yaml

SystemD:

WD=/opt/openvpn/setup
cat << 'EOF' >/opt/openvpn/setup/openvpn.service.setup.sh
cat << 'EOL' >/lib/systemd/system/openvpn.service
[Unit]
Description=OpenVPN Docker Container
Documentation=https://github.com/kylemanna/docker-openvpn
After=network.target docker.service
Requires=docker.service

[Service]
RestartSec=10
Restart=on-abnormal

# Modify IP6_PREFIX to match network config
#Environment="IP6_PREFIX=2001:db8::/64"
#Environment="ARGS=--config openvpn.conf --server-ipv6 2001:db8::/64"
Environment="NAME=openvpn"
Environment="DATA_VOL=/opt/openvpn/conf"
Environment="IMG=kylemanna/openvpn:latest"
Environment="PORT=1194:1194/udp"

# To override environment variables, use local configuration directory:
# /etc/systemd/system/docker-openvpn@foo.d/local.conf
# http://www.freedesktop.org/software/systemd/man/systemd.unit.html

# Clean-up bad state if still hanging around
ExecStartPre=-/usr/bin/docker rm -f $NAME

# Attempt to pull new image for security updates
ExecStartPre=-/usr/bin/docker pull $IMG

# IPv6: Ensure forwarding is enabled on host's networking stack (hacky)
# Would be nice to use systemd-network on the host, but this doesn't work
# http://lists.freedesktop.org/archives/systemd-devel/2015-June/032762.html
ExecStartPre=/bin/sh -c 'test -z "$IP6_PREFIX" && exit 0; sysctl net.ipv6.conf.all.forwarding=1'

# Main process
ExecStart=/usr/bin/docker-compose --project-name openvpn --project-directory /opt/openvpn/setup -f /opt/openvpn/setup/docker-compose.yaml up

# IPv6: Add static route for IPv6 after it starts up
ExecStartPost=/bin/sh -c 'test -z "${IP6_PREFIX}" && exit 0; sleep 1; ip route replace ${IP6_PREFIX} via $(docker inspect -f "{{ .NetworkSettings.GlobalIPv6Address }}" $NAME ) dev docker0'

# Stop Main process
ExecStop=/usr/bin/docker-compose --project-name openvpn --project-directory /opt/openvpn/setup -f /opt/openvpn/setup/docker-compose.yaml stop
# IPv6: Clean-up
ExecStopPost=/bin/sh -c 'test -z "$IP6_PREFIX" && exit 0; ip route del $IP6_PREFIX dev docker0'

[Install]
WantedBy=multi-user.target

EOL
systemctl enable openvpn
systemctl start openvpn
EOF
chmod +x $WD/openvpn.service.setup.sh
$WD/openvpn.service.setup.sh
  • No labels