This is a standard OpenVPN server in a Docker container complete with an EasyRSA PKI CA, based on Kyle Manna's image, but with the XOR obfuscation patches developed by Tunnelblick.
-
Create a directory to hold your configuration files and keys.
-
Create a docker-compose.yml entry, mounting this directory to /etc/openvpn. (The included model)
-
Initialize the configuration filesand certificates. The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority.
% docker compose run --rm openvpnd ovpn_genconfig -u udp://VPN.SERVERNAME.COM % docker compose run --rm -it openvpnd ovpn_initpki -
Start OpenVPN server process
% docker compose up -d openvpnd -
Generate a client certificate without a passphrase
% docker compose run --rm -it openvpnd easyrsa build-client-full CLIENTNAME nopass -
Retrieve the client configuration with embedded certificates
% docker compose run --rm openvpnd ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn -
To enable obfuscation, add the following line to openvpn.conf and to the client.ovpn file. xxxxx is the password.
scramble obfuscate xxxxxxxxxx