View Source

See Manual at https://github.com/d3vilh/openvpn-server
UI Port 8080
login admin
Password UI_passw0rd
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh ./get-docker.sh

systemctl enable --now docker.socket
systemctl enable --now docker

cd ~
git clone https://github.com/d3vilh/openvpn-ui.git
cd ~/openvpn-ui/

#prepare folders
mkdir -p /opt/openvpn/
mkdir -p /opt/openvpn/pki
mkdir -p /opt/openvpn/db
mkdir -p /opt/openvpn/clients
mkdir -p /opt/openvpn/log
mkdir -p /opt/openvpn/config/
touch /opt/openvpn/fw-rules.sh

# set Certificates fields
echo 'set_var EASYRSA_DN           "org"' >/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_REQ_COUNTRY  "UA"' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_REQ_PROVINCE "KV"' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_REQ_CITY     "Kyiv"' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_REQ_ORG      "Company"' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_REQ_EMAIL    "tech@example.com"' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_REQ_OU       "Tech"' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_REQ_CN       "vpn.example.com"' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_KEY_SIZE     2048' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_CA_EXPIRE    3650' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_CERT_EXPIRE  825' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_CERT_RENEW   30' >>/opt/openvpn/config/easy-rsa.vars
echo 'set_var EASYRSA_CRL_DAYS     180' >>/opt/openvpn/config/easy-rsa.vars
ln -s  /opt/openvpn/config/easy-rsa.vars /opt/openvpn/pki/vars

# customize paths
yes| cp --force docs/docker-compose.yml ./docker-compose.yml
sed -i '/version/d' docker-compose.yml
sed -i 's/[.]\/pki/\/opt\/openvpn\/pki/g' docker-compose.yml
sed -i 's/[.]\/clients/\/opt\/openvpn\/clients/g' docker-compose.yml
sed -i 's/[.]\/config/\/opt\/openvpn\/config/g' docker-compose.yml
sed -i 's/[.]\/staticclients/\/opt\/openvpn\/staticclients/g' docker-compose.yml
sed -i 's/[.]\/log/\/opt\/bis\/openvpn\/log/g' docker-compose.yml
sed -i 's/[.]\/fw-rules.sh/\/opt\/openvpn\/fw-rules.sh/g' docker-compose.yml
sed -i 's/[.]\/db/\/opt\/openvpn\/db/g' docker-compose.yml
sed -i 's/[.]\//\/opt\/openvpn/g' docker-compose.yml
sed -i '/volumes:/a\           - \/opt\/openvpn\/server.conf:\/etc\/openvpn\/server.conf' docker-compose.yml

# Set default UI admin password
sed -i 's/gagaZush/UI_passw0rd/g' docker-compose.yml

# OpenVpn server config
cat <<EOF > /opt/openvpn/server.conf
management 0.0.0.0 2080
dev tun
port 1194
proto udp
topology subnet
keepalive 10 120
max-clients 100
persist-key
persist-tun
explicit-exit-notify 1
user nobody
group nogroup
client-config-dir /etc/openvpn/staticclients
ifconfig-pool-persist pki/ipp.txt
ca pki/ca.crt
cert pki/issued/server.crt
key pki/private/server.key
crl-verify pki/crl.pem
dh pki/dh.pem
tls-crypt pki/ta.key
tls-version-min 1.2
remote-cert-tls client
cipher AES-256-GCM

data-ciphers AES-256-GCM:AES-192-GCM:AES-128-GCM
auth SHA512

server 10.0.70.0 255.255.255.0           # Trusted VPN subnet
route 10.0.71.0 255.255.255.0            # Route to Guest VPN subnet
push "route 10.0.60.0 255.255.255.0"     # Route to Home VPN subnet
push "dhcp-option DNS 8.8.8.8"             # DNS1 server for VPN clients
push "dhcp-option DNS 1.0.0.1"             # DNS2 server for VPN clients
push "redirect-gateway def1 bypass-dhcp"    # Redirect gateway for VPN clients
log /var/log/openvpn/openvpn.log
verb 3
status /var/log/openvpn/openvpn-status.log
status-version 2
EOF

# visual check
cat docker-compose.yml
diff docker-compose.yml docs/docker-compose.yml

# execute
docker compose up -d