Here are step to run a simple OpenVPN service at home, so that I can access home network easily while not at home.
First, clone the git repo for OpenVPN docker container:
git clone https://github.com/kylemanna/docker-openvpn.git
I can use the pre-built docker image from docker hub but it has just been breached so I’d rather build it myself:
cd docker-openvpn && docker build -t openvpn .
Create a docker volume to persist data if the OpenVPN container to be rebuilt:
export $OVPN_DATA=ovpn_data
docker volume create --name $OVPN_DATA
Generate OpenVPN configurations, if there’s no DNS record for the server, use the public IP of the home broadband alternatively.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM
Build a new secret key which will be used to generate user keys. I’d advise to use a strong password which can be saved in a password manager or vault. This is needed everytime when I create a new user.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it openvpn ovpn_initpki
Then the OpenVPN server container can be run as a service:
docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN openvpn
Generate the first user profile. The password for secret key will be needed. Then retrieve the OpenVPN configuration with the 2nd command.
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm -it openvpn easyrsa build-client-full <username> nopass
docker run -v $OVPN_DATA:/etc/openvpn --log-driver=none --rm openvpn ovpn_getclient <username> > <username>.ovpn
This .ovpn file can be used to configure OpenVPN client softwares on laptops or phones.
At last, ensure UDP 1194 port is forwarded to the host of the docker container. This is usually done in the home broadband router.