VPNs are a common way to access content, which is not available in your country or to protect your internet surfing.
There are many VPN providers out there, but most of them are very expensive and you have no control about your data, which is send through their servers. But also the free ones aren’t perfect, bandwidth limits or slow speed.
If you’re a tech junkie like me, you probably have standing somewhere a dedicated server or VPS out there in a data center. This is best suitable for a private VPN for yourself.
Requirements
- Docker installed and running on Debian or Ubuntu
- As first step, we are going to ssh into our server and define a variable with the name of our volume, which our docker container is using for storing all data for the OpenVPN.
OVPN_DATA="ovpn-data-jstrauss"2. After that we are going to create the volume with the name we defined above.
docker volume create --name $OVPN_DATA3. After creating the volume, we create the OpenVPN container.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COMParameters:
- -v $OVPN_DATA:/etc/openvpn → Parameter to define the volume, which should be used by the container. $OVPN_DATA is the variable/path on the host system, we defined before and /etc/openvpn is the path we mount the volume in the container.
- --log-driver=none → Nothing will be logged
- --rm → means automatically remove the container when it exits.
- kylemanna/openvpn → the image we are using
Replace VPN.SERVERNAME.COM with your server hostname or with the IP-address of your server.
4. As next step we have to initialize the PKI System to generate the CA certificate for our server.
docker run -v $OVPN_DATA:/etc/openvpn --rm -it kylemanna/openvpn ovpn_initpkiAfter running this command, you will be prompted to enter a passphrase for the certificate.
IMPORTANT! Write down somewhere the CA passphrase, you will need it later on during the setup process and every time when you generate a client certificate.
5. After generating the CA certificate and filling out all informations the command above asked us, we can finally start our OpenVPN service.
docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpnParameters:
- -p 1194:1194/udp → defines the UDP port which will be mapped to the outside the container. The 1194 UDP port is the standard port for OpenVPN, which will be used for the communication between the client and the server.
- --cap-add=NET_ADMIN → will apply additional linux capibilities to the container
6. Generate client certificates
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAMEReplace CLIENTNAME with a describing name for your client, the name is used for the client identification and for the filename.
Without the nopass argument the certificate requires a password everytime you try to connect. If you do not want to protect your client certificate with a password add the nopass argument at the end of the command.
7. Transfer the client certificate from the docker container to the host filesystem.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpnReplace CLIENTNAME with the name you defined on the client certificate generation above.
Connecting to the VPN Server
To connect to the VPN Server you have to use a VPN client.
For Windows, Mac, Linux, Android or iOS, you can use the OpenVPN Connect Client.
In the OpenVPN App you have to import the .ovpn OpenVPN Certificate.
