OpenVPN is a highly flexible open-source VPN solution that provides secure point-to-point or site-to-site connections. When deploying OpenVPN, one effective and efficient approach is to use Docker, a platform for developing, shipping, and running applications in containers. Docker offers isolation, portability, and scalability, making it a great choice for hosting services like OpenVPN. Docker Compose, a tool for defining and running multi-container Docker applications, simplifies the orchestration of OpenVPN server deployment.
Docker installed on your server (either a Linux, Windows, or Mac system).
Docker Compose installed.
Basic knowledge of Docker, Docker Compose, and OpenVPN configuration.
Step 1: Set Up Docker Environment
Before we can deploy OpenVPN within a Docker container, we need to ensure that Docker and Docker Compose are installed and running on your system. Follow these steps to verify your environment:
If these commands return the versions without errors, your Docker environment is set up correctly. If not, refer to the official Docker documentation to install the required components.
Step 2: Create a Docker Compose File
Now we will create a Docker Compose file that specifies the configuration for our OpenVPN server container. Docker Compose simplifies managing and configuring multi-container Docker environments. We will use the kylemanna/openvpn image, a well-maintained OpenVPN server Docker image.
First, create a directory for your OpenVPN setup:
mkdir openvpn-docker
cd openvpn-docker
Next, create a docker-compose.yml file in this directory with the following content:
The image field specifies the Docker image to use. kylemanna/openvpn is a widely used OpenVPN server image.
container_name sets the name of the container to openvpn-server.
environment defines several OpenVPN environment variables like port, protocol, subnet, and persistent keys.
ports exposes the OpenVPN port (1194) over UDP.
volumes maps the ./data directory to the OpenVPN configuration inside the container.
cap_add grants the container additional capabilities, specifically NET_ADMIN for networking.
restart ensures the container restarts automatically in case of failure.
Step 3: Initialize the OpenVPN Configuration
After defining the Docker Compose file, we need to initialize the OpenVPN configuration by generating the necessary certificates and keys. We will do this by running a few Docker commands.
Start by creating the OpenVPN server configuration using the following command:
docker-compose run --rm openvpn ovpn_genconfig -u udp://:1194
Replace with your server’s IP address. This command will generate the default OpenVPN configuration for your server.
Next, generate the public/private keys and certificates for the OpenVPN server:
docker-compose run --rm openvpn ovpn_initpki
This command will initialize the Public Key Infrastructure (PKI) used by OpenVPN, generating the server and client certificates.
Step 4: Start the OpenVPN Server
Now that the configuration is in place, we can start the OpenVPN server container with Docker Compose:
docker-compose up -d
The -d flag runs the container in detached mode. This will start the OpenVPN server in the background.
Step 5: Generate Client Configuration
To connect clients to the OpenVPN server, we need to generate client configuration files. You can do this with the following command:
docker-compose run --rm openvpn ovpn_getclient > .ovpn
Replace with a desired name for the client. This will generate a configuration file with the necessary certificates and keys.
Step 6: Testing the VPN Connection
To test your OpenVPN server, you can use any OpenVPN client and import the generated .ovpn file. After importing it, try connecting to your OpenVPN server. If the connection is successful, you will be securely connected to your server through the VPN tunnel.
Step 7: Managing the OpenVPN Server
To stop the OpenVPN server, use the following command:
docker-compose down
If you want to restart the server, use:
docker-compose restart
These commands will stop and restart the Docker container as needed.
