Skip to content

Instantly share code, notes, and snippets.

@crowjdh

crowjdh/openvpn_rpi.md

Last active December 12, 2022 13:59
Show Gist options
  • Save crowjdh/eb711ca4f69131b1d56b85f16ef78ba5 to your computer and use it in GitHub Desktop.
Save crowjdh/eb711ca4f69131b1d56b85f16ef78ba5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
openvpn_rpi.md

Volume

OVPN_DATA="openvpn-data"
docker volume create --name $OVPN_DATA

Server

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm mjenz/rpi-openvpn ovpn_genconfig -u udp://your.vpnhost.com

# Edit VPN options
doas vim /var/lib/docker/volumes/$OVPN_DATA/_data/openvpn.conf

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it mjenz/rpi-openvpn ovpn_initpki
# Test with smaller key size
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it -e EASYRSA_KEY_SIZE=512 mjenz/rpi-openvpn ovpn_initpki

docker run -v $OVPN_DATA:/etc/openvpn --restart unless-stopped -d --name openvpn -p 1194:1194/udp --privileged=true mjenz/rpi-openvpn

Client Profile

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it mjenz/rpi-openvpn easyrsa build-client-full personal
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm mjenz/rpi-openvpn ovpn_getclient personal > personal.ovpn

Test with smaller key size

  • Edit "profile" > ADVANCED tab > Enable Custom Options > Custom Options
tls-cipher "DEFAULT:@SECLEVEL=0"

Troubleshoot

docker exec -ti openvpn easyrsa gen-crl
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment