Tutorial: Set Up OpenVPN With docker-compose

Hello! Internet privacy concerns is a huge trend right now, and OpenVPN seems to be the most widely used solution. But many of us are having troubles setting it up. Docker-compose is a great tool to install software and configure it with just one .yml file. Let's make OpenVPN setup painless with help of docker-compose.

This post guides you through all the steps needed to setup your OpenVPN server instance. Our setup will be based on kylemanna/docker-openvpn image.

Set up OpenVPN server

First of all, check that Docker and docker-compose are installed. The commands below should return the current version of docker and docker-compose installed.

docker -v  
docker-compose -v  

Create new docker-compose.yml

touch docker-compose.yml  

Copy and paste this template to your docker-compose.yml

version: '2'  
services:  
  openvpn:
    cap_add:
     - NET_ADMIN
    image: kylemanna/openvpn
    container_name: openvpn
    ports:
     - "1194:1194/udp"
    restart: always
    volumes:
     - {path_to_save_openvpn_config}:/etc/openvpn

Change {path_to_save_openvpn_config} to the path where you want OpenVPN to store it's files, for example /home/administrator/openvpn.

After it's done, you need to initialize configuration files and certificates for OpenVPN. Run these command to do it:

    docker-compose run --rm openvpn ovpn_genconfig -u udp://{vpn_server_address}
    docker-compose run --rm openvpn ovpn_initpki

Replace {vpn_server_address} with your server address, it could be IP address (10.10.10.2) or domain name (vpn.server.com).

Type any pass phrase and name for you certificate. Certificate generation will take some time, be patient.

creating certificate

Start OpenVPN server process

docker-compose up -d openvpn  

Generating Client Certificates

For establishing a connection to your OpenVPN server you need provide a client with the certificate file. It can be easily done with docker-compose.
First of all, build a client certificate with the command below. Provide it with the pass phrase from the previous step.

docker-compose run --rm openvpn easyrsa build-client-full {client_name} nopass  

By avoiding nopass option you can specify the client certificate pass phrase, it's highly recommended.
When the client certificate is generated, export it to a file and send it to the client with the next command:

docker-compose run --rm openvpn ovpn_getclient {client_name} > certificate.ovpn  

creating client certificate

That's it! More details can be found on the official GitHub page of the kylemanna/docker-openvpn image.

Enjoy safe and secure browsing! In the mean time check out our awesome project.

Ilya P

Read more posts by this author.

Subscribe to Ambar Blog. How we made your docs searchable

Get the latest posts delivered right to your inbox.

or subscribe via RSS with Feedly!