You can run this entire first section with ryansch/openvpn:latest on a more powerful machine than the pi.
OVPN_DATA="ovpn-data"
docker run -v $OVPN_DATA:/etc/openvpn --rm ryansch/openvpn:latest ovpn_genconfig -d -N -b -C AES-256-CBC -T TLS-DHE-RSA-WITH-AES-256-GCM-SHA384 -a SHA512 -n 192.168.8.1 -p 'route 192.168.8.0 255.255.255.0' -u udp://<OPENVPN_HOST>
-e 'topology subnet' -p 'dhcp-option DOMAIN <LAN_DOMAIN>
' -E 'remote <OPENVPN_HOST>
443 tcp'
docker run -v $OVPN_DATA:/etc/openvpn --rm -it -e EASYRSA_KEY_SIZE=4096 ryansch/openvpn:latest ovpn_initpki
docker run -v $OVPN_DATA:/etc/openvpn --rm -it -e EASYRSA_KEY_SIZE=4096 ryansch/openvpn:latest easyrsa build-client-full <CLIENT_NAME>
nopass
docker run -v $OVPN_DATA:/etc/openvpn --rm ryansch/openvpn:latest ovpn_getclient <CLIENT_NAME>
> <CLIENT_NAME>
.ovpn
docker run --net=none -it --rm -v $OVPN_DATA:/etc/openvpn ryansch/openvpn:latest ovpn_copy_server_files
docker run -v $OVPN_DATA:/etc/openvpn -w /etc/openvpn --rm ryansch/openvpn:latest tar -zcv server > openvpn-server-data.tar.gz
Copy tarball to rasp pi.
mkdir /opt/openvpn
Copy docker-compose.yml and openvpn.servce to /opt/openvpn
docker run -it --rm -v openvpn_data:/etc/openvpn -v $(pwd):/host -w /etc/openvpn ryansch/openvpn:latest tar --strip-components=1 -zxvf /host/openvpn-server-data.tar.gz
sudo systemctl enable /opt/openvpn/openvpn.service
sudo systemctl start openvpn