< Back to home

Open VPN with docker compose

To find your public IP : ip addr show and check. Here my public IP is 192.*.*.1* [redacted ]


You should have Docker and Docker Compose installed on your server for this to work.

After all this is done, create a new directory somewhere on the server[mkdir openvpn-compose] and cd into it. We're going to put the config and the scripts in there.

Create docker-compose.yml

version: "3"
    image: kylemanna/openvpn:2.4
    restart: always
      - ./ovpn-data:/etc/openvpn:rw
      - 1194:1194/udp
      - NET_ADMIN

Create init.sh

#!/bin/bash -x
docker-compose run --rm ovpn ovpn_genconfig -u udp://YOURIP
docker-compose run --rm ovpn ovpn_initpki

Instead of YOURIP put the actual public IP address of your server.

#!/bin/bash -x
docker-compose run --rm ovpn ovpn_genconfig -u udp://192.*.*.1*
docker-compose run --rm ovpn ovpn_initpki

Another way to find your IP is to go to wifi settings and click on setting of the wifi network you are connected to.

Make it executable:

$ chmod +x init.sh

Generate the CA keys

$ ./init.sh

The utility will ask you for the passphrase. Generate a random string (for example, with the 1Password's password generator), paste it and store it. This passphrase will be required to generate new client certificates.

When it asks for Common Name: any name will work.

Run the server

$ docker-compose up -d

The process will run in the background. It's will also automatically start on boot: Docker will take care of that.

To stop it, run:

$ docker-compose down

To see the logs:

$ docker-compose logs

Create create_client.sh

#!/bin/bash -ex
docker-compose run --rm ovpn easyrsa build-client-full $1 nopass
docker-compose run --rm ovpn ovpn_getclient $1 > $1.ovpn123

Make it executable:

chmod +x create_client.sh

That's it

From this point on you have working VPN server.

Read on to see how to actually connect to it.

Generating client certificates

create_client.sh accepts a single argument: the name of the certificate. You can run it like this:

$ ./create_client.sh myvpn-me

It will put a myvpn-me.ovpn file in the same directory: this is the OpenVPN client config. You can download it and load it in your OpenVPN client to connect.

All the clients will connect to the internet through the VPN server. They will also get local IP addresses to connect to each other in this private network.

Test connection

To test connection go to network setting and import .ovpn file.

Turn on VPN and check logs with docker-compose logs command

test and connect vpn

sudo openvpn --config gourav_ec2_openvpn.ovpn

OVPN Setup

Do the following setup in the server which you want to work as an VPN

Step 1. Create your working directory

mkdir ovpn && cd ovpn

Step 2. Create docker-compose

vim docker-compose

version: '3.1'





image: kylemanna/openvpn:2.4

container_name: openvpn


- "1194:1194/udp"

restart: always


- ./openvpn-data/conf:/etc/openvpn

Step 3. Now run the command to create a VPN server

docker-compose run --rm openvpn ovpn_genconfig -u udp://{vpn_server_address}:1194

docker-compose run --rm openvpn ovpn_initpki

Step 4. To create client certificate , run the following commands:

docker-compose run --rm openvpn easyrsa build-client-full {client_name} nopass

docker-compose run --rm openvpn ovpn_getclient {client_name} > {client_name}.ovpn

COPY CLIENT CERTIFICATE in your machine AND Connect using command:

sudo openvpn --config client.ovpn

TO get ip address:---

curl ident.me.


curl ifconfig.me.

1: list clients

docker-compose run --rm openvpn ovpn_listclients

2: create user

docker-compose run --rm openvpn easyrsa build-client-full test@test.com

3: Get client

docker-compose run --rm openvpn ovpn_getclient test@test.com > test.ovpn

4: remove client *******

docker-compose run --rm openvpn ovpn_revokeclient myemail@test.com remove

5: Connect openvpn

sudo openvpn --config test.ovpn


# Keep the corresponding crt, key and req files.

docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME

# Remove the corresponding crt, key and req files.

docker-compose run --rm openvpn ovpn_revokeclient $CLIENTNAME remove