apt update
apt install git docker.io docker-compose

cd ~
git clone https://github.com/d3vilh/openvpn-ui.git
cd ~/openvpn-ui/
cp docs/docker-compose.yml .

# Prepare files and directories
mkdir -p /opt/openvpn/
mkdir -p /opt/openvpn/pki
mkdir -p /opt/openvpn/db
mkdir -p /opt/openvpn/clients
mkdir -p /opt/openvpn/log
touch /opt/openvpn/fw-rules.sh
touch /opt/openvpn/config/easy-rsa.vars

# start
vi docker-compose.yml
docker-compose up -d

#check log
docker logs openvpn

# go inside container
docker exec -it  openvpn bash
root@n200:~/openvpn-ui# iptables -v
iptables v1.8.7 (nf_tables): no command specified
Try `iptables -h' or 'iptables --help' for more information.

Some VPN Speedtest (server is on Intel N200)


Some additional info

root@n200:~/openvpn-ui# docker ps -a
CONTAINER ID   IMAGE                          COMMAND                  CREATED          STATUS          PORTS                                       NAMES
53df1a9bd798   d3vilh/openvpn-server:latest   "/bin/sh -c ./docker…"   13 minutes ago   Up 12 minutes   0.0.0.0:1194->1194/udp, :::1194->1194/udp   openvpn
ffd21ab71ec4   d3vilh/openvpn-ui:latest       "/bin/sh -c /opt/sta…"   19 minutes ago   Up 17 minutes   0.0.0.0:8080->8080/tcp, :::8080->8080/tcp   openvpn-ui


iptables on host system

root@n200:~/openvpn-ui# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-ISOLATION-STAGE-1  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            172.18.0.2           tcp dpt:8080
ACCEPT     udp  --  0.0.0.0/0            172.18.0.3           udp dpt:1194

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0
DOCKER-ISOLATION-STAGE-2  all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0


root@n200:~/openvpn-ui# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  0.0.0.0/0            0.0.0.0/0            ADDRTYPE match dst-type LOCAL

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER     all  --  0.0.0.0/0           !127.0.0.0/8          ADDRTYPE match dst-type LOCAL

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  172.17.0.0/16        0.0.0.0/0
MASQUERADE  all  --  172.18.0.0/16        0.0.0.0/0
MASQUERADE  tcp  --  172.18.0.2           172.18.0.2           tcp dpt:8080
MASQUERADE  udp  --  172.18.0.3           172.18.0.3           udp dpt:1194

Chain DOCKER (2 references)
target     prot opt source               destination
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
RETURN     all  --  0.0.0.0/0            0.0.0.0/0
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 to:172.18.0.2:8080
DNAT       udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:1194 to:172.18.0.3:1194


firewall inside container

53df1a9bd798:/opt/app# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       1    --  10.0.71.0/24         0.0.0.0/0            icmptype 8
DROP       1    --  10.0.71.0/24         0.0.0.0/0            icmptype 0
DROP       0    --  10.0.71.0/24         192.168.50.0/24

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


53df1a9bd798:/opt/app# iptables -L -n -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DOCKER_OUTPUT  0    --  0.0.0.0/0            127.0.0.11

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
DOCKER_POSTROUTING  0    --  0.0.0.0/0            127.0.0.11
MASQUERADE  0    --  10.0.70.0/24         0.0.0.0/0
MASQUERADE  0    --  10.0.71.0/24         0.0.0.0/0

Chain DOCKER_OUTPUT (1 references)
target     prot opt source               destination
DNAT       6    --  0.0.0.0/0            127.0.0.11           tcp dpt:53 to:127.0.0.11:36327
DNAT       17   --  0.0.0.0/0            127.0.0.11           udp dpt:53 to:127.0.0.11:37983

Chain DOCKER_POSTROUTING (1 references)
target     prot opt source               destination
SNAT       6    --  127.0.0.11           0.0.0.0/0            tcp spt:36327 to::53
SNAT       17   --  127.0.0.11           0.0.0.0/0            udp spt:37983 to::53


53df1a9bd798:/opt/app# iptables -v
iptables v1.8.10 (nf_tables): no command specified
Try `iptables -h' or 'iptables --help' for more information.




root@n200:~/openvpn-ui# docker -v
Docker version 24.0.5, build 24.0.5-0ubuntu1~22.04.1

root@n200:~/openvpn-ui# docker-compose -v
docker-compose version 1.29.2, build unknown


  • No labels

Site may be often unavailable due to Russian invasion, but you can Help Ukraine