We recommend using openvpn inside a docker container to run the server and client. We used the https://github.com/kylemanna/docker-openvpn for our testing.
In this tutorial we assume that the VPN server is running on the Cloud and the VPN client is running locally.
Quick Start for Server
Generating a client configuration
Setup the environment variables with appropriate values for your setup.
OVPN_DATA="ovpn-data-flightgoggles" CLIENTNAME="client" CLIENTNAME_CERT="client.ovpn"
Replace VPN.SERVERNAME.COM for the following variable with your public IP address
SERVERNAME="udp://VPN.SERVERNAME.COM"
Make a data volume container containing the configuration files and certificates.
docker volume create --name $OVPN_DATA
Next we generate the configuration files and certificate. The container will prompt for a passphrase to protect the private key used by the newly generated certificate authority.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u $SERVERNAME docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
Start OpenVPN server process
docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN --privileged --name=openvpn -e DEBUG=1 kylemanna/openvpn
Generate a client certificate without a passphrase
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full $CLIENTNAME nopass
Retrieve the client configuration with embedded certificates
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME_CERT
If you are using AWS or a server with access restrictions, you need to expose port 1194 for UDP use by changing the security group.
Once, the configuration has been generated. Find the docker container’s name using
docker ps
Kill the container using
Replace name-of-container in the following line with the name of the container from the above command.
docker kill name-of-container
Starting the OpenVPN server
Setup the environment variables with appropriate values for your setup.
OVPN_DATA="ovpn-data-flightgoggles" CLIENTNAME="client" CLIENTNAME_CERT="client.ovpn"
Start OpenVPN server process
docker run -v $OVPN_DATA:/etc/openvpn -p 1194:1194/udp --cap-add=NET_ADMIN --privileged --net=host --name=openvpn -e DEBUG=1 kylemanna/openvpn
Quick Start for Client
Copy the configuration file to the client and run the openvpn client using
CLIENTNAME_CERT="client.ovpn" sudo openvpn --config $CLIENTNAME_CERT