How to set up an OpenVPN-server with Docker

Prerequisites

  • You must have Docker installed
  • A domain that resolves to your public IP address, possibly by using a DDNS client. I’m using this DDNS-client since I’m using Cloudflares name servers.
  • A static local IP address assigned in your DHCP that points to your server
  • Access to your router to open port UDP/1194 and point to the static server IP

If you’re unsure about how to open ports then check out this help article from PureVPN.

If you’re unsure about the DDNS-part you can check out No-IP.com.

This article is based on this guide using this Docker image.

The image is hosted at Docker Hub (image digest 643531abb010). Be sure to read through the Dockerfile before using! One should never blindly trust a Docker image unless you’ve checked it out yourself. It’s also great to ensure that the base image is an official image.

Setup steps

Note that our Docker config files will live in your home directory in a folder called /docker-config/openvpn.

1. Generate config

docker run --rm \
  -v ~/docker-config/openvpn:/etc/openvpn \
  --log-driver=none \
  kylemanna/openvpn \
  ovpn_genconfig -u udp://your-ddns.domain

2. Initiate keys

docker run --rm -it \
  -v ~/docker-config/openvpn:/etc/openvpn \
  --log-driver=none \
  kylemanna/openvpn \
  ovpn_initpki

Common name is your DDNS-domain. Set a secret password and store it for later. You will need it when adding new users etc.

3. Start container

docker run -d \
  --name=openvpn-server \
  --restart=unless-stopped \
  -v ~/docker-config/openvpn:/etc/openvpn \
  -p 1194:1194/udp \
  --cap-add=NET_ADMIN \
  kylemanna/openvpn

4. Create user

Optionally you can replace “username” to set your own username.

With certificate authentication (no password required when connecting to VPN):

docker run --rm -it \
  -v ~/docker-config/openvpn:/etc/openvpn \
  --log-driver=none \
  kylemanna/openvpn \
  easyrsa build-client-full username nopass

Or with password authentication:

docker run --rm -it \
  -v ~/docker-config/openvpn:/etc/openvpn \
  --log-driver=none \
  kylemanna/openvpn \
  easyrsa build-client-full username

5. Download user config

We just generated the VPN config-file, but it’s inside the container. Let’s copy it to our host machine:

docker run --rm \
  -v ~/docker-config/openvpn:/etc/openvpn \
  --log-driver=none \
  kylemanna/openvpn \
  ovpn_getclient username > username.ovpn

6. Setup VPN-client

Import username.ovpn to your VPN app and connect! For macOS I would recommend Tunnelblick.

Wrapping up!

So now you’ve just configured and started an OpenVPN-server running inside Docker. If your domain is configured correctly along with port openings and DHCP setup then you should be able to connect to the VPN.

Nice to know

If you wanna add another user you can just execute step 4-6 in the list above.

If you ever need to SSH into your container you can do like this:

docker exec -it openvpn-server /bin/bash

Or if you want to remove a user you can do like this:

docker exec -it openvpn-server easyrsa revoke username

Remember to replace “username” with the user you’re trying to delete.

That’s it! Enjoy!

By Rune Sum

This is my blog about all the stupid coding I do.

Leave a comment