Installing and configuring OpenVPN server using docker-compose

Hello everyone, lately it has become increasingly difficult to feel comfortable on the Internet, most of the useful resources are not available to the average user. In these dark times, VPN is the only stably operating solution to bypass any network restrictions.

OpenVPN is one of the most popular programs for organizing a VPN tunnel, and docker-compose is an excellent tool for installing and configuring programs using a single docker-compose.yml file.

In the article, I will tell you how to quickly and easily configure the OpenVPN server on your own VPS using docker-compose. We take the image of kylemanna/docker-openvpn basis.

Interested please under the cat.

Install OpenVPN server

So, for work we need: our own VPS server, installed docker and docker-compose.

Create a new docker-compose.yml

 touch docker-compose.yml 

Copy the following lines into the created docker-compose.yml

 version: '2' services: openvpn: cap_add: - NET_ADMIN image: kylemanna/openvpn container_name: openvpn ports: - "1194:1194/udp" restart: always volumes: - {path_to_save_openvpn_config}:/etc/openvpn 

{path_to_save_openvpn_config} to the path where OpenVPN will store its settings, I have this /home/administrator/openvpn/ .

Docker-compose file is ready. Run the following commands to initialize OpenVPN and create a server certificate. Replace {vpn_server_address} with the address of your server,
This can be either an IP address (10.10.10.8) or a domain name (vpn.server.com).

 docker-compose run --rm openvpn ovpn_genconfig -u udp://{vpn_server_address} docker-compose run --rm openvpn ovpn_initpki 

During certificate generation, enter a pass phrase (Enter PEM pass phrase) and certificate name (Common Name).

I advise you not to forget the control phrase, because You will need it in the next step when creating client certificates.

Generating a certificate usually takes some time, so sit back and relax.

When the certificate is ready, you can run our OpenVPN server.

 docker-compose up -d openvpn 

Creating client certificates

To connect to your OpenVPN server, you need a client certificate.

To create a client certificate, use the following command:

 docker-compose run --rm openvpn easyrsa build-client-full {client_name} nopass 

Do not forget to replace {client_name} with the name of the client, for example my_phone.

During certificate creation, you will be asked to enter a passphrase (Enter passpharse) from the previous step.

If you want maximum security, I recommend removing the nopass option from the previous command in order to assign a nopass to the client certificate.

When the client certificate is generated, let's export it to the .ovpn file and send it to the client.

 docker-compose run --rm openvpn ovpn_getclient {client_name} > certificate.ovpn 

That's all, I hope someone this article will help again to feel freedom on the Internet.

Additional information can be found on the official site image kylemanna / docker-openvpn .