Why do I need OpenVPN?
To answer this question let see what is OpenVPN. According to OpenVPN website:
OpenVPN provides flexible VPN solutions to secure your data communications, whether it's for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers. Our VPN Server software solution can be deployed on-premises using standard servers or virtual appliances, or on the cloud.
OpenVPN provide you a tunnel between your personal computer and the server where OpenVPN is installed. This tunnel is secured from end to end, that way nobody can locate the origin of your requests. As well the website you will connect to will not be able to know where you are. In few countries, Internet face censure and internet providers will not permit you to access the websites you want. With a VPN, the trafic of your computer will be hidden.
Why installing my own VPN
Majorities of VPN providers can be quite expensive, if you already pay the service of a server, why paying more for a VPN when you can do it by yourself. OpenVPN is open source and completely free.
Why using docker
Docker let you separate all the process of your system in different containers. The big advantages are the easy deployment and the fact that a docker can run on different OS without any changes in the configuration of the container
OK, let's go
To deploy this service you will need installed on your server:
- Docker installed
- Docker-compose installed Optional but recomanded
- Access to your server
To mount this docker we will use the image provided by LinuxServer
Run as docker CLI
You can run the docker with the Docker CLI. For that run this command:
docker run -d \
--name=openvpn-as \
--cap-add=NET_ADMIN \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=Europe/Paris \
-e INTERFACE=eth0 \
-p 1194:1194/udp \
-v <path to data>:/config \
--restart unless-stopped \
ghcr.io/linuxserver/openvpn-as
Let's understand what this command do
- --name give a name to your container. You can choose the name you want
- --cap-add Give the rights to your docker to manage the connection
- -e PUID and -e GUID give the id of the owner of the process. If you don't want to run the process as a root get the UID and GID of the user needed
- -e TZ give the timezone used in the container
- -e INTERFACE (optional) Give the interface used to expose OpenVPN
- -p 1194:1194/udp Expose the port 1194 on the host linked to the same port on your docker
Run with docker-compose
If you want to run the service with docker compose, you can create a folder to contain the files you need:
mkdir -p OpenVpnDocker/openvpn-dada/conf
cd OpenVpnDocker
And you can now create your docker-compose.yml file:
version: '3'
services:
openvpn:
container_name: OpenVPN
cap_add:
- NET_ADMIN
image: ghcr.io/linuxserver/openvpn-as
environment:
- PUID=1000
- PGID=1000
ports:
- "1194:1194/udp"
restart: always
volumes:
- ./openvpn-data/conf:/etc/openvpn
Finally to run your container:
docker-compose up -d
Create a user certificate file
To be able to connect to your VPN, the client will need a certificate. To create it run:
docker run -v ./openvpn-data:/etc/openvpn --rm -it ghcr.io/linuxserver/openvpn-as easyrsa build-client-full <CLIENTNAME> nopass
Replace CLIENTNAME by the name of the user you are creating a certificate for. Now the certificate is created, it's time to retrieve it:
docker run -v $OVPN_DATA:/etc/openvpn --rm ghcr.io/linuxserver/openvpn-as ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn
Replace CLIENTNAME by the name of the user you are creating a certificate for. You should now have a file named CLIENTNAME.ovpn. That's the file you will need to connect to your VPN. You can download it or copy it in the user's personal computer.
Connect the client to the server
There is few softwares to connect to the VPN from your computer. OpenVPN did their own client which works very well, for Windows, Mac, iOS, Android or Linux.
Once installed, the client will ask for the configuration file, it's the ovpn file we created earlier. Nothing more to do, the client will connect to the VPN by itself.
Conclusion
You now have a fully operational VPN between your computer and your server.
I hope this tutorial has been helpful, feel free to comment if you have any question. Keep Coding