Install and configure OpenVPN server using docker-compose

Hello everyone, lately it has become more and more difficult to feel comfortable on the Internet, most of the useful resources are inaccessible to the average user. In these dark times, VPN is the only stable working solution to circumvent any restrictions on the network.

OpenVPN is one of the most popular programs for organizing a VPN tunnel, and docker-compose is an excellent tool for installing and configuring programs with a single docker-compose.yml file.

In the article I will tell you how to quickly and easily configure OpenVPN server on your own VPS using docker-compose. We take the image as the basis kylemanna/docker-openvpn.

Interested, I ask for cat.

Install OpenVPN Server

So, for work we need: our own VPS server installed by docker and docker-compose.

Create new docker-compose.yml

touch docker-compose.yml

Copy the following lines to the created docker-compose.yml

version: '2'  
services:  
  openvpn:
    cap_add:
     - NET_ADMIN
    image: kylemanna/openvpn
    container_name: openvpn
    ports:
     - "1194:1194/udp"
    restart: always
    volumes:
     - {path_to_save_openvpn_config}:/etc/openvpn

We change {path_to_save_openvpn_config}to the path where OpenVPN will store its settings, I have it /home/administrator/openvpn/.

Docker-compose file is ready. Run the following commands to initialize OpenVPN and create a server certificate. Replace {vpn_server_address}with the address of your server,
it can be either an IP address (10.10.10.8) or a domain name (vpn.server.com).

docker-compose run --rm openvpn ovpn_genconfig -u udp://{vpn_server_address}
docker-compose run --rm openvpn ovpn_initpki

During certificate generation, enter a passphrase (Enter PEM pass phrase) and a certificate name (Common Name).

I advise you not to forget the control phrase, because it will be needed in the next step when creating client certificates.

Generating a certificate usually takes some time, so sit back and relax.

When the certificate is ready, you can start our OpenVPN server.

docker-compose up -d openvpn

Creating Client Certificates

To connect to your OpenVPN server, you need a client certificate.

To create a client certificate, use the following command:

docker-compose run --rm openvpn easyrsa build-client-full {client_name} nopass  

Do not forget to replace it {client_name}with the name of the client, for example my_phone.

When creating the certificate, you will be asked to enter the passpharse from the previous step.

If you want maximum security, I recommend that you remove the option nopassfrom the previous command in order to assign a passphrase to the client certificate.

When the client certificate is generated, let's export it to a .ovpnfile and send it to the client

docker-compose run --rm openvpn ovpn_getclient {client_name} > certificate.ovpn  

That's all, I hope someone this article will help to feel freedom on the Internet again.

You can find more information on the official website of the kylemanna / docker-openvpn image .