Simple OpenVPN Server with Docker

How to create your own dockerized VPN Server in a minute

When I was doing some works, there was a requirement to whitelist development machine by IP Address from the United States. Since I was located in one of South East Asia countries, obviously I didn’t have a connection with US IP Address. So it would be reasonable to buy a VPN service for this.

But why buy a VPN service if we could use the existing VPS and set up a VPN server on it?

As you may guess, I already have VPS running for my development needs. So I would like to install the OpenVPN server in it. There are tons of tutorials out there on how to set up a VPN server by yourself. But mostly it’s a long tutorial with a lot of steps like this one.

Usually, these long steps can be simplified by using a container like Docker. So, in this tutorial, I will show you how to install the OpenVPN server quickly by using existing Docker image.

Requirements

I assume you already have a VPS running by now. If not, you can buy a VPS with affordable price on DigitalOcean. I have one there too, and I would say it’s enough for our needs.

You can use any OS, but for simplicity, I’ll be using Ubuntu.

If you already have a VPS running, next thing you need is to install Docker.

After all of the requirements fulfilled, we can continue to the next step.

Solution

There are 3 variables need to be defined.

The first variable is $OVPN_DATA. It is for data volume container. It’s recommended to use the ovpn-data- prefix to operate seamlessly with the reference systemd service.

The second variable is $VPN_SERVERNAME. The value should be a domain name or IP Address.

The final variable is $CLIENTNAME. It’ll be used as a client definition. You can name it with something memorable, so you’ll be able to notice where you’re being connected.

The following is an example of value for each variable.

OVPN_DATA="ovpn-data-example-us01"
VPN_SERVERNAME="vpn.example.com"
CLIENTNAME="us01.vpn.example.com"

Let’s begin by creating $OVPN_DATA docker volume.

docker volume create --name $OVPN_DATA

Next step is to initialize the $OVPN_DATA container. It will be used to hold the configuration files and certificates.

docker run \
    -v $OVPN_DATA:/etc/openvpn \
    --log-driver=none \
    --rm \
    kylemanna/openvpn \
    ovpn_genconfig \
        -u udp://${VPN_SERVERNAME}

The container will ask you for a passphrase to protect the private key used by the newly generated certificate authority.

docker run \
    -v $OVPN_DATA:/etc/openvpn \
    --log-driver=none \
    --rm \
    -it \
    kylemanna/openvpn \
    ovpn_initpki

Wait until the initialize process finished.

After the previous process finished, we can start the OpenVPN server process.

docker run \
    -v $OVPN_DATA:/etc/openvpn \
    -d \
    -p 1194:1194/udp \
    --cap-add=NET_ADMIN \
    kylemanna/openvpn

Now that we already have OpenVPN service started, we can generate a client certificate without a passphrase to be used on our local machine.

docker run \
    -v $OVPN_DATA:/etc/openvpn \
    --log-driver=none \
    --rm \
    -it \
    kylemanna/openvpn \
    easyrsa build-client-full $CLIENTNAME nopass

After the certificate created, we can retrieve the client configuration with embedded certificates file.

docker run \
    -v $OVPN_DATA:/etc/openvpn \
    --log-driver=none \
    --rm \
    kylemanna/openvpn \
    ovpn_getclient $CLIENTNAME > ${CLIENTNAME}.ovpn

And that’s it. Download ${CLIENTNAME}.ovpn to your local machine. Use OpenVPN client for Windows, or Tunnelblick for macOS, or any other VPN client for your operating system.

That’s all I can write today. Hope this quick tutorial useful for you.

References

Cover Photo by Petter Lagson on Unsplash

Subscribe to Go Do Dev

Get the latest posts delivered right to your inbox.

Delivered by FeedBurner or subscribe via RSS with Feedly!