This tutorial will explain how to setup and run an OpenVPN container with the help of Docker.

OpenVPN provides a way to create virtual private networks (VPNs) using TLS (evolution of SSL) encryption. OpenVPN protects the network traffic from eavesdropping and man-in-the-middle (MITM) attacks. The private network can be used to securely connect a device, such as a laptop or mobile phone running on an insecure WiFi network, to a remote server that then relays the traffic to the Internet. Private networks could also be created to securely connect devices to each other over the Internet.

Docker provides a way to encapsulate the OpenVPN server process and configuration data so that it is more easily managed. The Docker OpenVPN image is prebuilt (source is available) and includes all of the necessary dependencies to run the server in a sane and stable environement. Scripts are included to significantly automate the standard use case, but still allow for full manual configuration if desired. A Docker volume container is used to hold the configuration and EasyRSA PKI certificate data as well.

• Setup the Docker daemon on Ubuntu 14.04 LTS
• Fetch a prebuilt Docker image from Docker Hub
• Setup a Docker volume container to hold the configuration data
• Generate a EasyRSA PKI certificate authority (CA)
• Handle starting the Docker container on boot
• Introduce advanced topic

• Basic Linux shell knowledge. This guide largely assumes that the user is capable of setting up and running Linux daemons in a traditional sense.
• Shell access on a remote server. A DigitalOcean 1 CPU / 512 MB RAM droplet running Ubuntu 14.04 is assumed for this tutorial. Docker makes running the image on any host Linux distribution easy. Any virtual host will work as long as the host is running QEMU/KVM or Xen virtualization technology, OpenVZ will not work.
• A local client such as an Android phone, laptop or PC. Almost all operating systems are supported via various OpenVPN clients.

Docker is moving fast and Ubuntu's long term support (LTS) policy doesn't keep up. To work around this we'll install a PPA that will get us the latest version of Docker.

1. Add the upstream Docker repository package signing key:

   curl https://get.docker.io/gpg | sudo apt-key add -
   

2. Add the upstream Docker repository to apt's repository source list:

   echo deb http://get.docker.io/ubuntu docker main | sudo tee /etc/apt/sources.list.d/docker.list
   

3. Update apt's packages and install the Docker package:

   sudo apt-get update && sudo apt-get install -y lxc-docker
   

4. Add your user to the docker group to enable communication with the Docker daemon as a normal user, where $USER is your username:

   usermod -aG docker $USER
   

5. Reconnect to the server after issuing this command and verify group membership:

   id
   

6. Optional: Run bash in a simple Debian Docker image (--rm to cleanup container after exit and -it for interactive):

   docker run --rm -it debian:jessie bash -l
   

   In the container run the following and then logout, note the container hash is unqiue:

   root@de8ffd8f82f6:/# cat /etc/issue.net
   Debian GNU/Linux jessie/sid
   root@de8ffd8f82f6:/# logout
   

• How To Write an Article for the DigitalOcean Community
• How To Format DigitalOcean Articles For Publication