All Articles

Launch OpenVPN server in Docker in 2 seconds

Preface

Have you ever had a situation when you needed to virtually place yourself into a different city, country, or continent for whatever reason? Being a software developer and, at the same time, being very passionate about Internet and cyber security, I have such a need very often, and, therefore, the ability to quickly start reliable VPN server with a decent level of security is essential.

Theme image

Nowadays, the quickest possible way to launch anything anywhere is Docker. Many hosting platforms already provide VPS with preinstalled Docker and even if it’s not the case — it’s a matter of just a couple of minutes to install it yourself. Having this said, for me it was a no-brainer that the service I needed should be a Docker image. Of course, there are thousands of such images on Docker Hub, just try to make a search by “openvpn” keyword and you will end up with more than 50 pages listing different images. But none of them sufficed my needs: they were either too complicated in setup (the most popular image requires a volume container and few “docker run” commands with different set of parameters) or lacked decent documentation, or were abandoned long ago. At some point I got tired trying to find an existing solution and decided to make my own openvpn docker image.

Dockovpn logo

I began my work on the Docker-Openvpn project vigorously and kept working at a good pace all the time, though sometimes it felt like I went down the wrong way and I had to go back to the drawing board. For instance, when I realised that Ubuntu was rather a bad choice to use as a base image, I had to start everything anew with Alpine Linux. Nonetheless, the project saw the daylight very soon and now I’m very proud to present it to the wide audience.

Setup Guide

Let me guide you through a few very simple steps to bootstrap dockerized OpenVPN server. The overall process of getting your VPS with Digital Ocean shouldn’t take longer than 3 minutes and bootstrapping the service takes just 2 seconds. So, here we go. In order to use Docker-Openvpn you have to have few things:

  1. Server.
  2. Docker.
  3. Public IP address.

To keep things as simple as possible, we will be using Digital Ocean hosting provider. To highlight but some of its features:

  1. It provides easy access to the servers,
  2. It has prebuilt Linux images with Docker on board,
  3. It’s reasonably priced: we can get by with its cheapest instance which costs only $5 a months and yet we will be capable of lunching few more containers on the same instance.

After logging into your DO account, you will be taken into the dashboard. This is how mine looks like:

Dockovpn logo

From this point, you need to hit the big green button “Create” in the top right corner. You will see the list of available options:

Dockovpn logo

Click on “Droplets” item.

Dockovpn logo

Go to the “Marketplace” tab and select Docker image, scroll the page down to pick a VPS of a right size. In our case, it is an instance with 1GB RAM, 1CPU and 25GB SSD storage. This should totally suffice our needs, unless we’re going to have hundreds of simultaneous connections to our server, but this goes beyond the purposes of this service.

Dockovpn logo

Scroll the page down and pick the datacenter location for your server. We will use Amsterdam location in this tutorial, and, after we have the service up and running we will check that our internet IP address is in Netherlands.

Dockovpn logo

Make sure to add your ssh key. This step is optional, but I highly recommend you to do so if you want to access your server via ssh the easy way.

Dockovpn logo

Scroll the page further down and hit the big green button “Create Droplet”.

Dockovpn logo

Your VPS — droplet, in terms of Digital Ocean — is now being created. The process shouldn’t take long — usually, up to 1 minute.

Dockovpn logo

After your droplet was created it was also be assigned a public IP address. Copy it for the future use.

Dockovpn logo

Now, go in your terminal window and type:

ssh root@<address>

You should see the following output:

Dockovpn logo

Copy and paste the snippet bellow into your terminal window:

docker run --cap-add=NET_ADMIN \
-it -p 1194:1194/udp -p 8080:8080/tcp \
-e HOST_ADDR=$(curl -s https://api.ipify.org) \
alekslitvinenk/openvpn

You will see the following output:

Dockovpn logo

Now, you should be able to go to the http:<your server's url>:8080/ and download client.ovpn file. Use it with your favourite OpenVPN client. I prefer Tunnelblick for Mac and in my case it’s enough just to double-click this configuration file to install it.

Dockovpn logo

Dockovpn logo

Dockovpn logo

Dockovpn logo

Dockovpn logo

Now, you can check your location with any whois service. It should tell you that your internet IP address is the IP address of your VPS server and you are virtually located in the area your datacenter is. In my case it should be Amsterdam:

Dockovpn logo

Now you can browse the Internet safely.

Note:

If the way of downloading client.ovpn plain HTTP doesn’t seem secure enough to you, there’s an option to download zipped archive with password protection. Just add czp <password> option to the last line of the previous snippet, where password is the password of your choice:

docker run --cap-add=NET_ADMIN \
-it -p 1194:1194/udp -p 8080:8080/tcp \
-e HOST_ADDR=$(curl -s https://api.ipify.org) \
alekslitvinenk/openvpn czp somepassword

Dockovpn logo

P.S.

If you think this project is useful, please star it on GitHub https://github.com/alekslitvinenk/docker-openvpn

Published 2 Aug 2019

Software engineer, philosopher, enthusiast.Alexander Litvinenko on Twitter