[...] Error handling desperately needed

[OdinVex]

There's a lot of assumption in the scripts and it tends to break a lot of things. If someone doesn't set TRUST_SUB or GUEST_SUB for example (because they may not want that stuff) it just breaks the server. Depending upon the UI is a bit broken considering it won't run so that the UI can manage to create PKI but the UI can't manage the PKI without the server running. The dockers are also not set up to re-use folders cleanly. Not sure why EasyRSA is involved...OpenSSL works just fine and is required by OpenVPN. Error handling for the UI...same thing. There are no ... || exit ... -style exits for the UI to display ("error code randomnumber" is unhelpful considering there's no way to lookup numbers...) and you pretty much have to go trouncing through the scripts to find out why something may have failed.

[OdinVex]

The proposed docker compose files are also in need of work. iptables v1.8.10 (nf_tables): invalid mask 24' specified (TRUST_SUB, GUEST_SUB...)

Edit: These can be fixed by trimming quotes and single quotes from both ends of the env variables when used.

[OdinVex]

It's also highly recommended to never share 'files' through docker bindings...because most docker installations will create them as directories.

[OdinVex]

Another issue is the specific hardcoding of 0.0.0.0 2080. I use unix sockets (via a shared volume bind dedicated to just the socket) so there's no open ports but any edit of the config requires I double-back and edit it again to undo that. I'll hijack the entrypoint to sed the template for now...

[OdinVex]

I don't see a way to specify the TLS Cipher, such as TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 or a way to disable Compression. Some mobile clients need the MTU set to 1400.