Use a Docker image with an editor and connect the volume container:
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn vi /etc/openvpn/openvpn.conf
The run-time image (kylemanna/openvpn) is intended to be an ephemeral image. Nothing should be saved in it so that it can be re-downloaded and re-run when updates are pushed (i.e. newer version of OpenVPN or even Debian). The data container contains all this data and is attached at run time providing a safe home.
If it was all in one container, an upgrade would require a few steps to extract all the data, perform some upgrade import, and re-run. This technique is also prone to people losing their EasyRSA PKI when they forget where it was. With everything in the data container upgrading is as simple as re-running docker pull kylemanna/openvpn and then docker run ... kylemanna/openvpn.
Split tunnels are configurations where only some of the traffic from a client goes to the VPN, with the remainder routed through the normal non-VPN interfaces. You'll want to disable a default route (-d) when you generate the configuration, but still use NAT (-N) to keep network address translation enabled.
ovpn_genconfig -N -d ...
You can pass multiple (-e) options to ovpn_genconfig. For example, if you need to add 'duplicate-cn' and 'topology subnet' to the server configuration you could do something like this:
ovpn_genconfig -e 'duplicate-cn' -e 'topology subnet' -u udp://VPN.SERVERNAME.COM
I am using ESXi with TAP mode, but I can only ping the host machine and not other devices on the same subnet. How can I fix this?
To resolve this issue, you can try enabling Promiscuous Mode on the vSwitch configuration for the virtual switch that your VM is connected to. However, please note that this is just one possible solution and may not work in all cases.
Reboot the VM and start the docker container again. You should be able to ping other devices on the same subnet. And find your SMB share over home network.