From ccb8d86d356c951f9412efd0160056b1a688a4da Mon Sep 17 00:00:00 2001
From: L4RM4ND <21357789+l4rm4nd@users.noreply.github.com>
Date: Sat, 18 May 2024 00:11:23 +0200
Subject: [PATCH] add openvpn-as

---
 README.md                           |  1 +
 examples/openvpn/README.md          | 11 +++++++++
 examples/openvpn/docker-compose.yml | 36 +++++++++++++++++++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100644 examples/openvpn/README.md
 create mode 100644 examples/openvpn/docker-compose.yml

diff --git a/README.md b/README.md
index ef7acc3..b68b663 100644
--- a/README.md
+++ b/README.md
@@ -141,6 +141,7 @@ A [VPN](https://en.wikipedia.org/wiki/Virtual_private_network) is a mechanism fo
 - [wg-easy](examples/wg-easy) - The easiest way to install & manage WireGuard on any Linux host. All-in-one deployment of a WireGuard VPN network service + web management UI.
 - [WireGuard](examples/wireguard) - WireGuard by Linuxserver.io is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography.
 - [IPSec VPN Server](examples/ipsec-vpn-server) - Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2.
+- [OpenVPN-AS](examples/openvpn) - OpenVPN Access Server delivers an enterprise VPN solution for businesses of all sizes, providing a securely encrypted connection to private networks over unsecured public internet.
 - [Firezone](examples/firezone) - Self-hosted secure remote access gateway that supports the WireGuard protocol. It offers a Web GUI, 1-line install script, multi-factor auth (MFA), and SSO.
 - ~~[Netbird](https://github.com/netbirdio/netbird)~~ - Quickly connect your computers, servers, cloud instances, and IoT devices into a secure private network. No configuration required.
 - [Headscale](examples/headscale) - An open source, self-hosted implementation of the Tailscale control server.
diff --git a/examples/openvpn/README.md b/examples/openvpn/README.md
new file mode 100644
index 0000000..a50eff4
--- /dev/null
+++ b/examples/openvpn/README.md
@@ -0,0 +1,11 @@
+# References
+
+- https://openvpn.net/as-docs/docker.html
+
+# Notes
+
+Default username is `openvpn`. 
+
+The password is auto-generated and displayed in container logs.
+
+Admin web UI is accessible at `https://<IP>:943`
diff --git a/examples/openvpn/docker-compose.yml b/examples/openvpn/docker-compose.yml
new file mode 100644
index 0000000..e45400f
--- /dev/null
+++ b/examples/openvpn/docker-compose.yml
@@ -0,0 +1,36 @@
+version: '3.3'
+
+services:
+  openvpn-as:
+    image: openvpn/openvpn-as
+    container_name: openvpn-as
+    hostname: openvpn-as
+    restart: always
+    cap_add:
+      - NET_ADMIN
+    ports:
+      - 443:443/tcp # openvpn over tcp
+      - 1194:1194/udp # openvpn over udp
+      - 943:943/tcp # openvpn admin ui
+    expose:
+      - 443 # openvpn over tcp
+      - 1194 # openvpn over udp
+      - 943 # openvpn as admin ui
+    volumes:
+      - ${DOCKER_VOLUME_STORAGE:-/mnt/docker-volumes}/openvpn:/openvpn 
+    #networks:
+    #  - proxy
+    #labels:
+    #  - traefik.enable=true
+    #  - traefik.docker.network=proxy
+    #  - traefik.http.routers.openvpn.rule=Host(`openvpn.example.com`)
+    #  - traefik.http.services.openvpn.loadbalancer.server.port=943
+    #  # Optional part when proxying to services that already provide ssl/tls  
+    #  - traefik.http.services.openvpn.loadbalancer.server.scheme=https
+    #  - traefik.http.services.openvpn.loadbalancer.serverstransport=insecureTransport@file
+    #  # Optional part for traefik middlewares
+    #  - traefik.http.routers.openvpn.middlewares=local-ipwhitelist@file
+
+#networks:
+#  proxy:
+#    external: true