{"id":19865721,"url":"https://github.com/aminvakil/docker-ocserv","last_synced_at":"2026-01-05T11:16:20.696Z","repository":{"id":39860462,"uuid":"263648460","full_name":"aminvakil/docker-ocserv","owner":"aminvakil","description":"OpenConnect VPN Server Docker","archived":false,"fork":true,"pushed_at":"2025-02-15T14:28:29.000Z","size":220,"stargazers_count":105,"open_issues_count":5,"forks_count":45,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-15T15:30:00.548Z","etag":null,"topics":["docker","ocserv","ocserv-docker","openconnect","openconnectserver"],"latest_commit_sha":null,"homepage":"https://quay.io/aminvakil/ocserv","language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"TommyLau/docker-ocserv","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/aminvakil.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2020-05-13T14:09:17.000Z","updated_at":"2025-02-15T14:28:14.000Z","dependencies_parsed_at":"2023-09-24T05:16:18.430Z","dependency_job_id":null,"html_url":"https://github.com/aminvakil/docker-ocserv","commit_stats":null,"previous_names":[],"tags_count":41,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aminvakil%2Fdocker-ocserv","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aminvakil%2Fdocker-ocserv/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aminvakil%2Fdocker-ocserv/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/aminvakil%2Fdocker-ocserv/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/aminvakil","download_url":"https://codeload.github.com/aminvakil/docker-ocserv/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":251992967,"owners_count":21677022,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["docker","ocserv","ocserv-docker","openconnect","openconnectserver"],"created_at":"2024-11-12T15:23:56.077Z","updated_at":"2026-01-05T11:16:20.664Z","avatar_url":"https://github.com/aminvakil.png","language":"Dockerfile","funding_links":[],"categories":["Dockerfile"],"sub_categories":[],"readme":"# docker-ocserv\n\ndocker-ocserv is an OpenConnect VPN Server boxed in a Docker image built by [Tommy Lau](mailto:tommy@gen-new.com) currently maintained by [Amin Vakil](mailto:info@aminvakil.com).\n\n## Update on Sep 04, 2021\n\n**Docker images are now tagged!**\n\nYou can stick to a specific `ocserv` version like `quay.io/aminvakil/ocserv:1.1.3`, so you can get bugfixes, security patches and alpine version bumps, and be sure that your ocserv version always remains the same.\n\nYou can also bump each `ocserv` minor update manually using something like `1.1.3-2` and so on.\n\nLatest tags can always be found [here](https://github.com/aminvakil/docker-ocserv/tags) and [here](https://quay.io/aminvakil/ocserv).\n\n## Update on Mar 26, 2021\n\nUpgrade alpine to 3.13.6 to use openssl 1.1.1k-r0.\n\n**Important Note**:\n\nUpdating to this version is highly recommended becuase of this upgrade as [CVE-2021-3449](https://www.openssl.org/news/secadv/20210325.txt).\n\n## Update on Dec 30, 2020\n\nUpgrade alpine to 3.12.3 and ocserv to 1.1.2.\n\n**Important Note**:\n\n`isolate-workers = true` should be disabled in ocserv.conf, otherwise clients keep disconnecting after a while.\n\nThis has been set by default on the new docker images, but you should change your current containers with this command yourself:\n\n```bash\ndocker exec YOUR_CONTAINER_NAME sed -i 's/^isolate-workers/#isolate-workers/' /etc/ocserv/ocserv.conf\n```\n\n## What is OpenConnect Server?\n\n[OpenConnect server (ocserv)](http://www.infradead.org/ocserv/) is an SSL VPN server. It implements the OpenConnect SSL VPN protocol, and has also (currently experimental) compatibility with clients using the [AnyConnect SSL VPN](http://www.cisco.com/c/en/us/support/security/anyconnect-vpn-client/tsd-products-support-series-home.html) protocol.\n\n## How to use this image\n\nGet the docker image by running the following commands:\n\n```bash\ndocker pull quay.io/aminvakil/ocserv\n```\n\nStart an ocserv instance:\n\n```bash\ndocker run --name ocserv --sysctl net.ipv4.ip_forward=1 --cap-add NET_ADMIN --security-opt no-new-privileges -p 443:443 -p 443:443/udp -d quay.io/aminvakil/ocserv\n```\n\nThis will start an instance with the a test user named `test` and password is also `test`.\n\n### Environment Variables\n\nAll the variables to this image is optional, which means you don't have to type in any environment variables, and you can have a OpenConnect Server out of the box! However, if you like to config the ocserv the way you like it, here's what you wanna know.\n\n`CA_CN`, this is the common name used to generate the CA(Certificate Authority).\n\n`CA_ORG`, this is the organization name used to generate the CA.\n\n`CA_DAYS`, this is the expiration days used to generate the CA.\n\n`SRV_CN`, this is the common name used to generate the server certification.\n\n`SRV_ORG`, this is the organization name used to generate the server certification.\n\n`SRV_DAYS`, this is the expiration days used to generate the server certification.\n\n`NO_TEST_USER`, while this variable is set to not empty, the `test` user will not be created. You have to create your own user with password. The default value is to create `test` user with password `test`.\n\nThe default values of the above environment variables:\n\n|   Variable   |     Default     |\n|:------------:|:---------------:|\n|  **CA_CN**   |      VPN CA     |\n|  **CA_ORG**  |     Big Corp    |\n| **CA_DAYS**  |       9999      |\n|  **SRV_CN**  | www.example.com |\n| **SRV_ORG**  |    My Company   |\n| **SRV_DAYS** |       9999      |\n\n### Running examples\n\nStart an instance out of the box with username `test` and password `test`\n\n```bash\ndocker run --name ocserv --sysctl net.ipv4.ip_forward=1 --cap-add NET_ADMIN --security-opt no-new-privileges -p 443:443 -p 443:443/udp -d quay.io/aminvakil/ocserv\n```\n\nStart an instance with server name `my.test.com`, `My Test` and `365` days\n\n```bash\ndocker run --name ocserv --sysctl net.ipv4.ip_forward=1 --cap-add NET_ADMIN --security-opt no-new-privileges -p 443:443 -p 443:443/udp -e SRV_CN=my.test.com -e SRV_ORG=\"My Test\" -e SRV_DAYS=365 -d quay.io/aminvakil/ocserv\n```\n\nStart an instance with CA name `My CA`, `My Corp` and `3650` days\n\n```bash\ndocker run --name ocserv --sysctl net.ipv4.ip_forward=1 --cap-add NET_ADMIN --security-opt no-new-privileges -p 443:443 -p 443:443/udp -e CA_CN=\"My CA\" -e CA_ORG=\"My Corp\" -e CA_DAYS=3650 -d quay.io/aminvakil/ocserv\n```\n\nA totally customized instance with both CA and server certification\n\n```bash\ndocker run --name ocserv --sysctl net.ipv4.ip_forward=1 --cap-add NET_ADMIN --security-opt no-new-privileges -p 443:443 -p 443:443/udp -e CA_CN=\"My CA\" -e CA_ORG=\"My Corp\" -e CA_DAYS=3650 -e SRV_CN=my.test.com -e SRV_ORG=\"My Test\" -e SRV_DAYS=365 -d quay.io/aminvakil/ocserv\n```\n\nStart an instance as above but without test user\n\n```bash\ndocker run --name ocserv --sysctl net.ipv4.ip_forward=1 --cap-add NET_ADMIN --security-opt no-new-privileges -p 443:443 -p 443:443/udp -e CA_CN=\"My CA\" -e CA_ORG=\"My Corp\" -e CA_DAYS=3650 -e SRV_CN=my.test.com -e SRV_ORG=\"My Test\" -e SRV_DAYS=365 -e NO_TEST_USER=1 -v /some/path/to/ocpasswd:/etc/ocserv/ocpasswd -d quay.io/aminvakil/ocserv\n```\n\n**WARNING:** The ocserv requires the ocpasswd file to start, if `NO_TEST_USER=1` is provided, there will be no ocpasswd created, which will stop the container immediately after start it. You must specific a ocpasswd file pointed to `/etc/ocserv/ocpasswd` by using the volume argument `-v` by docker as demonstrated above.\n\n### User operations\n\nAll the users opertaions happened while the container is running. If you used a different container name other than `ocserv`, then you have to change the container name accordingly.\n\n#### Add user\n\nIf say, you want to create a user named `test`, type the following command\n\n```bash\ndocker exec -ti ocserv ocpasswd -c /etc/ocserv/ocpasswd test\nEnter password:\nRe-enter password:\n```\n\nWhen prompt for password, type the password twice, then you will have the user with the password you want.\n\n#### Delete user\n\nDelete user is similar to add user, just add another argument `-d` to the command line\n\n```bash\ndocker exec -ti ocserv ocpasswd -c /etc/ocserv/ocpasswd -d test\n```\n\nThe above command will delete the default user `test`, if you start the instance without using environment variable `NO_TEST_USER`.\n\n#### Change password\n\nChange password is exactly the same command as add user, please refer to the command mentioned above.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faminvakil%2Fdocker-ocserv","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faminvakil%2Fdocker-ocserv","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faminvakil%2Fdocker-ocserv/lists"}