OpenVPN On CoreOS Container Linux On DigitalOcean
11 Nov 2019
Using a VPN is useful for a whole host of reasons. Unfortunately, you either have to pay for a hosted service (which means trusting the service provider) or you have to host it yourself (and VPNs are famously difficult to configure and maintain).
Fortunately, there’s a handy little Docker image for OpenVPN that makes installation and configuration a breeze. And with the wide variety of hosting providers on the market today you can host your own OpenVPN server on the cheap with minimal headache.
This post will document the full installation and configuration of OpenVPN under Docker on CoreOS Container Linux on a DigitalOcean $10/month droplet. You could probably run it just fine on their $5/month plan but I didn’t test that.
Click through the DigitalOcean Droplet creation screen, picking CoreOS (from the “Container Distributions” tab) and the $10/month Droplet size.
You should be able to ssh in to your new machine with:
Installing and Configuring OpenVPN
Once you have shell access on your Container Linux instance you can
configure the OpenVPN container. We’re using the
and will follow the Quick Start instructions there.
First, pick a name for the Docker Volume that will provide persistence for OpenVPN and store it in an environment variable:
Initialize the configuration files and certificates (you’ll be prompted to pick a passphrase):
docker volume create --name $OVPN_DATA docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_genconfig -u udp://vpn.example.com docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn ovpn_initpki
vpn.example.com with your VPN server’s DNS name.)
Start the OpenVPN server (using the provided systemd service):
curl -L https://raw.githubusercontent.com/kylemanna/docker-openvpn/master/init/docker-openvpn%40.service | sudo tee /etc/systemd/system/docker-openvpn@.service sudo systemctl enable --now email@example.com
@primary in the service name. That should match the
ovpn-data-SUFFIX from the volume you created earlier.)
At this point OpenVPN is configured and will autostart at boot. Now we need to generate client certificates that can be used to connect to the OpenVPN server. Let’s create one now without a passphrase and retrieve its associated ovpn file:
CLIENTNAME=my-cool-machine docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it kylemanna/openvpn easyrsa build-client-full $CLIENTNAME nopass docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm kylemanna/openvpn ovpn_getclient $CLIENTNAME > $CLIENTNAME.ovpn
At this point you can copy the
$CLIENTNAME.ovpn file to your client
scp or similar), drop it in
/etc/openvpn/ and use it to
connect to the VPN:
(user@vpn-client) $ sudo openvpn --config /etc/openvpn/$CLIENTNAME.ovpn
If you’ve ever attempted setting up an OpenVPN server from scratch you might be surprised to discover that WE’RE DONE! Enjoy your shiny new VPN server!
blog comments powered by Disqus
- GitHub Profile
- Stack Overflow Careers Profile
- Stack Overflow Profile
- G+ Profile
- PGP Public Key
- Rafty -- Ripper and Friggin Transcoder, Y'all
- Make Readme Markdown
- Diffview Mode
- Indent Hints Mode
- Track That Thing
- Co-Founder & CEO of Directangular, LLC.
- Previously: Linux Kernel development for QuIC. Some of my work (a little stale) is available on the Code Aurora Forum, here, here, here, and here.
- My nerd hobby: Creating and contributing to a variety of Open Source projects. See my GitHub profile.