DevOps

How to Install OpenVPN on Docker {7 Steps}

Introduction

As a full-featured open-source VPN solution, OpenVPN is a frequent choice for privacy-conscious individuals and organizations who need to secure their company networks. Running OpenVPN on Docker allows users to simplify the setup and management of TLS-encrypted virtual private networks.

This article provides steps to install OpenVPN on Docker and connect a client to the server.

How to Install OpenVPN on Docker.

Prerequisites

Set Up OpenVPN on Docker Manually

OpenVPN installation on Docker involves creating a data volume, an image-based container, and a client configuration file. The configuration file requires a valid SSL certificate, also generated during installation.

Follow the steps below to manually install OpenVPN on Docker using a premade OpenVPN Docker image.

Step 1: Create Data Volume

Creating a Docker volume will allow the future OpenVPN container to store relevant information. Follow the procedure below to create a volume on your system:

1. Create an environment variable that stores the volume name:

OVPN_DATA="ovpn-test"

2. Run the following docker volume command:

docker volume create --name $OVPN_DATA
Creating a Docker volume for OpenVPN.

The output shows the name of the created volume.

Step 2: Create OpenVPN Container

After creating the data volume, execute the following command to run the OpenVPN container based on the kylemanna/openvpn Docker image:

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://[server-domain-or-ip-address]
Running an OpenVPN container.

Docker pulls the necessary data and configuration from the registry and generates the config file.

Note: This tutorial assumes you have a domain name and a static IP address to create an OpenVPN server. If you do not have a static IP address, you must use a Dynamic DNS service.

Step 3: Set up Certificates

Next, generate a client certificate to connect to the VPN network. Follow the steps below to create the certificate.

1. Execute the following command to begin the certificate setup process:

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
Entering a new CA key passphrase for new certificate generation.

The command starts the certificate generation process.

2. Type a secure passphrase and press Enter.

Note: Save the CA passphrase for future use because you will need it each time you generate a client certificate.

The output shows the progress of creating an RSA private key.

Generating RSA private key.

3. Enter the name of your user, host, or server to continue the process. The system uses the name to generate a certificate. Depending on your system’s speed, this process may take some time to complete.

Entering passphrase for the private CA key.

4. Enter the passphrase and press Enter.

Certificate generation complete.

The output confirms that the certificate has been created.

Step 4: Start OpenVPN Container

Start the container using the port 1194, which is the default UDP port for OpenVPN:

docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
Creating a new OpenVPN container.

The output shows the container ID.

Step 5: Generate Client Certificate

A client certificate allows a client machine to connect to the OpenVPN server. Generate the certificate with the command below, replacing [client-name] with the name of the client that connects to the server:

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full [client-name] nopass
Generating client certificate.

Type the CA passphrase when prompted and wait for the certificate generation to complete.

Step 6: Compile OpenVPN Configuration File

Use the generated client certificate to compile a client configuration file. The following is the syntax for the file generation:

docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient [client-name]> [file-name].ovpn

Replace [client-name] with the name you used for the client certificate generation. Replace [file-name] with your chosen name (best practice is to use the client name).

Step 7: Connect to Server

With the server running and the client configuration file available, you can connect to the OpenVPN instance you created. Follow the procedure described below:

1. Install the OpenVPN client:

sudo apt install openvpn
Installing OpenVPN.

When prompted, type Y and press Enter. Wait for the installation to finish.

2. Start the connection by using the openvpn command with the configuration file as an argument:

sudo openvpn [client-name].ovpn
Running an OpenVPN instance with the generated configuration file.

The output shows the client communicating with the server:

Note: You can use the generated configuration file to connect to the VPN using any major VPN client, such as OpenVPN Connect or Pritunl.

Set Up OpenVPN on Docker with DockOvpn

DockOvpn is an OpenVPN Docker image that further simplifies the VPN server creation. The image automates the CA certificate and client configuration file creation. To set up a VPN server using DockOvpn, follow the steps below:

1. Use the following command to run the container based on the DockOvpn image:

docker run -it --rm --cap-add=NET_ADMIN -p 1194:1194/udp -p 80:8080/tcp -e HOST_ADDR=$(curl -s https://api.ipify.org) --name dockovpn alekslitvinenk/openvpn
Running a DockOvpn container.

Wait for the process to complete. When DockOvpn generates the client configuration file, a message instructs the user to download the file.

Downloading the client OVPN file.

2. Go to the address printed in the output on your internet browser. The download will start automatically. Alternatively, use the following curl command:

curl http://[ip-address]:80 --output client.ovpn

3. Use the configuration file in a VPN client to connect to your installed OpenVPN server.

Conclusion

After reading this article, you should know how to set up an OpenVPN Docker container and use it to connect your client machines to an encrypted network. Aside from the manual steps, the article also described the automatic DockOvpn procedure.

Next, learn the difference between VPN and VDI (Virtual Desktop Infrastructure).

Đăng ký liền tay Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !

Add Comment

Click here to post a comment

Đăng ký liền tay
Nhận Ngay Bài Mới

Subscribe ngay

Cám ơn bạn đã đăng ký !

Lỗi đăng ký !