How to Install OpenVPN on Docker

OpenVPN is an open source VPN solution that enables secure point to point connections in routed or bridged configurations and remote access facilities. Docker is an open platform that allows developers to automate the deployment of applications inside lightweight portable containers. Combining these two technologies can create a powerful and flexible VPN solution.

In this article, we will cover the steps required to install and configure OpenVPN on Docker which can further customize it to suit specific needs.

Prerequisites

Before we begin, ensure you have the following:

1. Linux-based servers such as Ubuntu and CentOS etc.
2. Docker and Docker Compose are installed on your server.
3. Basic understanding of command-line operations.

Installing OpenVPN on Docker

Following are the steps described below to install OpenVPN on Docker:

Step 1: Install Docker and Docker Compose

First, if you have not already installed Docker, refer to our guide on how to install Docker on the Ubuntu Linux system. After that install Docker Compose by typing the following command in the terminal:

sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose

Verify Installation with the following command:

docker --version

docker-compose --version

Step 2: Create Docker Network

Next, create a dedicated Docker network for OpenVPN:

docker network create openvpn

Step 3: Create OpenVPN Docker Volume

To store OpenVPN configuration files, create a Docker VPN volume:

docker volume create openvpn-data

Step 4: Deploy OpenVPN Container

Pull the official OpenVPN Docker image and deploy the container. This example uses the kylemanna/openvpn image:

docker pull kylemanna/openvpn

Step 5: Initialize OpenVPN Configuration

Once the image is pulled, initialize the Docker OpenVPN configuration:

docker run -v openvpn-data:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u

docker run -v openvpn-data:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpki

Replace VPN.SERVERNAME.COM with the actual domain or IP address of your Docker VPN server.

Step 6: Start OpenVPN Server

Now, start the OpenVPN server container:

docker run -v openvpn-data:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN --name openvpn --network openvpn kylemanna/openvpn

Step 7: Generate Client Certificates and Configuration

To connect clients to the VPN, generate the client certificates and configuration files:

docker run -v openvpn-data:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME

docker run -v openvpn-data:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

Replace CLIENTNAME with the desired name of the client configuration.

Step 8: Distribute Client Configuration

Download the generated .ovpn file and distribute it to the clients. Clients can use this file to connect to the OpenVPN server using the OpenVPN client software.

Step 9: Connect OpenVPN Server

On the client machine, install the OpenVPN client software and import the .ovpn file. Use the OpenVPN client to connect to the server.

Security Considerations

Following are some security considerations described below while installing OpenVPN on Docker:

• Use strong and unique passphrases for the CA and server certificates.
• Keep the OpenVPN server and client software updated with the latest security patches.
• Use strong encryption ciphers like AES-256-CBC.
• Implement certificate revocation to quickly disable compromised certificates.
• Back up your configuration files, certificates, and keys regularly.

Conclusion

By following these steps, you have successfully installed and configured OpenVPN on Docker. This setup ensures a secure and scalable VPN solution that can be easily managed and deployed using Docker’s containerization technology.

FAQ