docker-openvpn
🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
A Docker container that turns any Linux server into a private VPN in a handful of commands, it handles all key generation and configuration automatically so you skip manual OpenVPN setup entirely.
docker-openvpn packages a complete OpenVPN server into a Docker container, making it straightforward to run a private VPN on any Linux server without manually installing and configuring OpenVPN and its dependencies. OpenVPN is software that creates encrypted network tunnels, commonly used to let remote devices connect to a private network as if they were physically on-site, or to route all internet traffic through a trusted server.
The setup process happens in a handful of Docker commands. First, you create a persistent storage volume to hold configuration files and security certificates. Then you run initialization scripts that automatically generate the cryptographic material a VPN needs: encryption keys, a certificate authority, and a TLS authentication key. After that, starting the VPN server is a single Docker run command. Each client gets a configuration file generated by a script inside the container, and that single file can be handed to the client device to connect.
Because everything runs inside Docker, the same image works on Ubuntu, Debian, Arch, Fedora, and other Linux distributions without touching the host system's installed software. You can run a current version of OpenVPN on an older server that would not normally support it. The configuration and certificates live in a Docker volume, making them easy to back up separately from the container itself.
The project uses UDP on port 1194 and routes all client traffic through the VPN by default. The README includes a security discussion noting that the certificate authority key is stored in the container for convenience but recommends protecting it with a passphrase or moving it to an offline system for stricter security. Two-factor authentication for clients is described in supplementary documentation.
Support for systemd init scripts and Docker Compose is available in the docs folder. The project was tested on a low-cost Digital Ocean server and includes a link to a corresponding community tutorial. A Docker Hub image is provided for direct download without building from source.
Where it fits
- Set up a private VPN on a cheap cloud server so remote team members can securely access internal resources.
- Route all internet traffic from your devices through a trusted server to avoid untrusted public Wi-Fi.
- Run a current version of OpenVPN on an older Linux server without affecting the host system's installed software.