OpenVPN with docker-openvpn and Internal DNS Server

OpenVPN logo

It seems this configuration is sometimes a bit tricky. At home, I wanted to configure a Raspberry Pi with a OpenVPN docker container, a DNS server (unbound) and other services. Services are behind a reverse proxy, so I need to contact each service by name. Apparently, a configuration like this is pretty common with OpenVPN: you just have to push the DNS server IP to the clients with

push "dhcp-option DNS"

where is the desired DNS server. This is typically sufficient.

In some cases though, I couldn’t get this to work. In particular, I couldn’t make this work when the DNS server is on the host, which is also running the OpenVPN container. In this case, I had to do something a bit different.


The relevant point here is that I had to push the DNS server using the IP in the virtual network created by OpenVPN. So, in my conf file I had this:

server is therefore the subnet used by OpenVPN. In this case, the server itself is, and I pushed the DNS server with:

push "dhcp-option DNS"

This also needs the container to use the host networking, which you can set when running the container.


An example of configuration of the container is:

      image: carlonluca/docker-openvpn:latest
         - [...]
         - NET_ADMIN
      network_mode: "host"

while an example of configuration is:

verb 0
key ...
ca ...
cert ...
dh none
tls-auth ...
key-direction 0
keepalive 10 60
port 1194
proto udp
dev tun
status /tmp/openvpn-status.log
topology subnet

user nobody
group nogroup
comp-lzo no

push "block-outside-dns"
push "dhcp-option DNS"
push "route"
push "comp-lzo no"

Docker Image

As a docker image I typically use my image: This is simply a fork of, but with an updated OpenVPN software and with multiarch builds.

Leave a Reply

Your email address will not be published. Required fields are marked *