Russian translation of this post is available.
If you would like to use your own server as a proxy, or if you want to establish virtual local network between your devices over the internet, you can follow this short recipe to run OpenVPN without diving too deep into its configuration.
It's just a simplification of kylemanna/openvpn Docker image setup instructions, there is nothing new here. But it's nice to have all the configs on one page to quickly copy and paste.
This guide is provided purely for educational purposes. You should not use it to bypass regional restrictions or something of the sort ☝️
You should have Docker and Docker Compose installed on your server for this to work.
- Docker Installation Docs
- Docker Compose Installation Docs. Notice that you can install it with pip among other methods.
After all this is done, create a new directory somewhere on the server and
cd into it. We're going to put the config and the scripts in there.
version: "3" services: ovpn: image: kylemanna/openvpn:2.4 restart: always volumes: - ./ovpn-data:/etc/openvpn:rw ports: - 1194:1194/udp cap_add: - NET_ADMIN
#!/bin/bash -x docker-compose run --rm ovpn ovpn_genconfig -u udp://YOURIP docker-compose run --rm ovpn ovpn_initpki
YOURIP put the actual public IP address of your server.
Make it executable:
$ chmod +x init.sh
Generate the CA keys
The utility will ask you for the passphrase. Generate a random string (for example, with the 1Password's password generator), paste it and store it. This passphrase will be required to generate new client certificates.
When it asks for Common Name: any name will work.
Run the server
$ docker-compose up -d
The process will run in the background. It's will also automatically start on boot: Docker will take care of that.
To stop it, run:
$ docker-compose down
To see the logs:
$ docker-compose logs
#!/bin/bash -ex docker-compose run --rm ovpn easyrsa build-client-full $1 nopass docker-compose run --rm ovpn ovpn_getclient $1 > $1.ovpn
Make it executable:
chmod +x create_client.sh
From this point on you have working VPN server.
Read on to see how to actually connect to it.
Generating client certificates
create_client.sh accepts a single argument: the name of the certificate. You can run it like this:
$ ./create_client.sh myvpn-me
It will put a
myvpn-me.ovpn file in the same directory: this is the OpenVPN client config. You can download it and load it in your OpenVPN client to connect.
All the clients will connect to the internet through the VPN server. They will also get local IP addresses to connect to each other in this private network.