Open VPN with docker compose
Prerequisites
You should have Docker and Docker Compose installed on your server for this to work.
- Docker Compose Installation Docs. Notice that you can install it with pip among other methods.
After all this is done, create a new directory somewhere on the server[mkdir openvpn-compose
] and cd
into it. We're going to put the config and the scripts in there.
Create docker-compose.yml
version: "3"
services:
ovpn:
image: kylemanna/openvpn:2.4
restart: always
volumes:
- ./ovpn-data:/etc/openvpn:rw
ports:
- 1194:1194/udp
cap_add:
- NET_ADMIN
Create init.sh
#!/bin/bash -x
docker-compose run --rm ovpn ovpn_genconfig -u udp://YOURIP
docker-compose run --rm ovpn ovpn_initpki
Instead of YOURIP
put the actual public IP address of your server.
#!/bin/bash -x
docker-compose run --rm ovpn ovpn_genconfig -u udp://192.*.*.1*
docker-compose run --rm ovpn ovpn_initpki
Another way to find your IP is to go to wifi settings and click on setting of the wifi network you are connected to.
Make it executable:
$ chmod +x init.sh
Generate the CA keys
$ ./init.sh
The utility will ask you for the passphrase. Generate a random string (for example, with the 1Password's password generator), paste it and store it. This passphrase will be required to generate new client certificates.
When it asks for Common Name: any name will work.
Run the server
$ docker-compose up -d
The process will run in the background. It's will also automatically start on boot: Docker will take care of that.
To stop it, run:
$ docker-compose down
To see the logs:
$ docker-compose logs
Create create_client.sh
#!/bin/bash -ex
docker-compose run --rm ovpn easyrsa build-client-full $1 nopass
docker-compose run --rm ovpn ovpn_getclient $1 > $1.ovpn123
Make it executable:
chmod +x create_client.sh
That's it
From this point on you have working VPN server.
Read on to see how to actually connect to it.
Generating client certificates
create_client.sh
accepts a single argument: the name of the certificate. You can run it like this:
$ ./create_client.sh myvpn-me
It will put a myvpn-me.ovpn
file in the same directory: this is the OpenVPN client config. You can download it and load it in your OpenVPN client to connect.
All the clients will connect to the internet through the VPN server. They will also get local IP addresses to connect to each other in this private network.
Test connection
To test connection go to network setting and import .ovpn file.
Turn on VPN and check logs with docker-compose logs
command
test and connect vpn
OVPN Setup
Do the following setup in the server which you want to work as an VPN
Step 1. Create your working directory
mkdir ovpn && cd ovpn
Step 2. Create docker-compose
vim docker-compose
version: '3.1'
services:
openvpn:
cap_add:
- NET_ADMIN
image: kylemanna/openvpn:2.4
container_name: openvpn
ports:
- "1194:1194/udp"
restart: always
volumes:
- ./openvpn-data/conf:/etc/openvpn
Step 3. Now run the command to create a VPN server
docker-compose run --rm openvpn ovpn_genconfig -u udp://{vpn_server_address}:1194
docker-compose run --rm openvpn ovpn_initpki
Step 4. To create client certificate , run the following commands:
docker-compose run --rm openvpn easyrsa build-client-full {client_name} nopass
docker-compose run --rm openvpn ovpn_getclient {client_name} > {client_name}.ovpn
COPY CLIENT CERTIFICATE in your machine AND Connect using command:
sudo openvpn --config client.ovpn
TO get ip address:---
curl ident.me.
OR
curl ifconfig.me.
1: list clients
docker-compose run --rm openvpn ovpn_listclients
2: create user
docker-compose run --rm openvpn easyrsa build-client-full test@test.com
3: Get client
docker-compose run --rm openvpn ovpn_getclient test@test.com > test.ovpn
4: remove client *******
docker-compose run --rm openvpn ovpn_revokeclient myemail@test.com remove
- Install client openvpn
5: Connect openvpn
sudo openvpn --config test.ovpn
###########
# Keep the corresponding crt, key and req files.
docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME
# Remove the corresponding crt, key and req files.
docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove