Implement OpenVPN with Docker

Implement OpenVPN with Docker

Why do I need OpenVPN?

To answer this question let see what is OpenVPN. According to OpenVPN website:

OpenVPN provides flexible VPN solutions to secure your data communications, whether it's for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers. Our VPN Server software solution can be deployed on-premises using standard servers or virtual appliances, or on the cloud.

OpenVPN provide you a tunnel between your personal computer and the server where OpenVPN is installed. This tunnel is secured from end to end, that way nobody can locate the origin of your requests. As well the website you will connect to will not be able to know where you are. In few countries, Internet face censure and internet providers will not permit you to access the websites you want. With a VPN, the trafic of your computer will be hidden.

Why installing my own VPN

Majorities of VPN providers can be quite expensive, if you already pay the service of a server, why paying more for a VPN when you can do it by yourself. OpenVPN is open source and completely free.

Why using docker

Docker let you separate all the process of your system in different containers. The big advantages are the easy deployment and the fact that a docker can run on different OS without any changes in the configuration of the container

OK, let's go

To deploy this service you will need installed on your server:

To mount this docker we will use the image provided by LinuxServer

Run as docker CLI

You can run the docker with the Docker CLI. For that run this command:

docker run -d \
  --name=openvpn-as \
  --cap-add=NET_ADMIN \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Paris \
  -e INTERFACE=eth0 \
  -p 1194:1194/udp \
  -v <path to data>:/config \
  --restart unless-stopped \
  ghcr.io/linuxserver/openvpn-as

Let's understand what this command do

  • --name give a name to your container. You can choose the name you want
  • --cap-add Give the rights to your docker to manage the connection
  • -e PUID and -e GUID give the id of the owner of the process. If you don't want to run the process as a root get the UID and GID of the user needed
  • -e TZ give the timezone used in the container
  • -e INTERFACE (optional) Give the interface used to expose OpenVPN
  • -p 1194:1194/udp Expose the port 1194 on the host linked to the same port on your docker

Run with docker-compose

If you want to run the service with docker compose, you can create a folder to contain the files you need:

mkdir -p OpenVpnDocker/openvpn-dada/conf
cd OpenVpnDocker

And you can now create your docker-compose.yml file:

version: '3'
services:
  openvpn:
    container_name: OpenVPN
    cap_add:
     - NET_ADMIN
    image: ghcr.io/linuxserver/openvpn-as
    environment:
      - PUID=1000
      - PGID=1000
    ports:
     - "1194:1194/udp"
    restart: always
    volumes:
     - ./openvpn-data/conf:/etc/openvpn

Finally to run your container:

docker-compose up -d

Create a user certificate file

To be able to connect to your VPN, the client will need a certificate. To create it run:

docker run -v ./openvpn-data:/etc/openvpn --rm -it ghcr.io/linuxserver/openvpn-as easyrsa build-client-full <CLIENTNAME> nopass

Replace CLIENTNAME by the name of the user you are creating a certificate for. Now the certificate is created, it's time to retrieve it:

docker run -v $OVPN_DATA:/etc/openvpn --rm ghcr.io/linuxserver/openvpn-as ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

Replace CLIENTNAME by the name of the user you are creating a certificate for. You should now have a file named CLIENTNAME.ovpn. That's the file you will need to connect to your VPN. You can download it or copy it in the user's personal computer.

Connect the client to the server

There is few softwares to connect to the VPN from your computer. OpenVPN did their own client which works very well, for Windows, Mac, iOS, Android or Linux.

Once installed, the client will ask for the configuration file, it's the ovpn file we created earlier. Nothing more to do, the client will connect to the VPN by itself.

Conclusion

You now have a fully operational VPN between your computer and your server.

I hope this tutorial has been helpful, feel free to comment if you have any question. Keep Coding