How to quickly set up an OpenVPN server on your VPS

If you would like to use your own server as a proxy, or if you want to establish virtual local network between your devices over the internet, you can follow this short recipe to run OpenVPN without diving too deep into its configuration.

It's just a simplification of kylemanna/openvpn Docker image setup instructions, there is nothing new here. But it's nice to have all the configs on one page to quickly copy and paste.

This guide is provided purely for educational purposes. You should not use it to bypass regional restrictions or something of the sort ☝️

Prerequisites

You should have Docker and Docker Compose installed on your server for this to work.

After all this is done, create a new directory somewhere on the server and cd into it. We're going to put the config and the scripts in there.

Create docker-compose.yml

version: "3"
services:
  ovpn:
    image: kylemanna/openvpn:2.4
    restart: always
    volumes:
      - ./ovpn-data:/etc/openvpn:rw
    ports:
      - 1194:1194/udp
    cap_add:
      - NET_ADMIN

Create init.sh

#!/bin/bash -x
docker-compose run --rm ovpn ovpn_genconfig -u udp://YOURIP
docker-compose run --rm ovpn ovpn_initpki

Instead of YOURIP put the actual public IP address of your server.

Make it executable:

$ chmod +x init.sh

Generate the CA keys

$ ./init.sh

The utility will ask you for the passphrase. Generate a random string (for example, with the 1Password's password generator), paste it and store it. This passphrase will be required to generate new client certificates.

When it asks for Common Name: any name will work.

Run the server

$ docker-compose up -d

The process will run in the background. It's will also automatically start on boot: Docker will take care of that.

To stop it, run:

$ docker-compose down

To see the logs:

$ docker-compose logs

Create create_client.sh

#!/bin/bash -ex
docker-compose run --rm ovpn easyrsa build-client-full $1 nopass
docker-compose run --rm ovpn ovpn_getclient $1 > $1.ovpn

Make it executable:

chmod +x create_client.sh

That's it

From this point on you have working VPN server.

Read on to see how to actually connect to it.

Generating client certificates

create_client.sh accepts a single argument: the name of the certificate. You can run it like this:

$ ./create_client.sh myvpn-me

It will put a myvpn-me.ovpn file in the same directory: this is the OpenVPN client config. You can download it and load it in your OpenVPN client to connect.

All the clients will connect to the internet through the VPN server. They will also get local IP addresses to connect to each other in this private network.