diff --git a/Dockerfile b/Dockerfile
index acd5eb5..5b2bdff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,7 +4,7 @@ RUN apt update && apt dist-upgrade -y
RUN apt install -y openvpn openvpn-auth-ldap easy-rsa
-ADD vars /etc/openvpn/vars
+WORKDIR /etc/openvpn
RUN make-cadir easy-rsa/
@@ -17,8 +17,15 @@ RUN export EASYRSA_BATCH=1 && ./easyrsa build-server-full server nopass
RUN ./easyrsa gen-dh
RUN openvpn --genkey secret /etc/openvpn/server/ta.key
-ADD server.conf /etc/openvpn/server.conf
-
-CMD ['openvpn','/etc/openvpn/server.conf']
+RUN mkdir -p /dev/net && \
+ mknod /dev/net/tun c 10 200 && \
+ chmod 600 /dev/net/tun
+COPY server.conf /etc/openvpn/server.conf
+
+ADD entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+
+CMD ["openvpn","/etc/openvpn/server.conf"]
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100755
index 0000000..babc776
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+mkdir -p /dev/net
+if [ ! -c /dev/net/tun ]; then
+ mknod /dev/net/tun c 10 200
+fi
+
+exec $@
diff --git a/examples/ldap.conf b/examples/ldap.conf
new file mode 100644
index 0000000..392a3da
--- /dev/null
+++ b/examples/ldap.conf
@@ -0,0 +1,16 @@
+
+ URL ldap://ldap
+ BindDN cn=admin,dc=domain,dc=org
+ Password secret
+ Timeout 15
+ FollowReferrals yes
+ TLSCACertFile /usr/local/etc/ssl/ca.pem
+ TLSCACertDir /etc/ssl/certs
+ TLSCertFile /usr/local/etc/ssl/client-cert.pem
+ TLSKeyFile /usr/local/etc/ssl/client-key.pem
+
+
+ BaseDN "ou=users,dc=domain,dc=org"
+ SearchFilter "(|(uid=%u)(cn=%u)(mail=%u))"
+ RequireGroup false
+
diff --git a/examples/server.conf b/examples/server.conf
new file mode 100644
index 0000000..022197a
--- /dev/null
+++ b/examples/server.conf
@@ -0,0 +1,27 @@
+port 1194
+proto udp
+dev tun
+
+ca /etc/openvpn/easy-rsa/pki/ca.crt
+cert /etc/openvpn/easy-rsa/pki/issued/server.crt
+key /etc/openvpn/easy-rsa/pki/private/server.key # keep secret
+dh /etc/openvpn/easy-rsa/pki/dh.pem
+crl-verify /etc/openvpn/easy-rsa/pki/crl.pem
+
+topology subnet
+server 10.8.0.0 255.255.255.0
+ifconfig-pool-persist ipp.txt
+push "route 192.168.10.0 255.255.255.0"
+
+client-to-client
+duplicate-cn
+keepalive 10 120
+cipher AES-256-CBC
+
+persist-key
+persist-tun
+status /var/log/openvpn-status.log
+verb 3
+explicit-exit-notify 1
+plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn/auth/ldap.conf" login
+crl-verify /etc/openvpn/easy-rsa/pki/crl.pem