Running your own VPS server is definitely one of the best ways to secure your internet traffic, protect privacy, and access remote networks safely. OpenVPN is an open source VPN solution, and when combined with Docker, it becomes super easy to deploy, manage, and scale without dealing with additional complexity.
Instead of installing OpenVPN directly on your host system, you can always run it inside the Docker container to make it more portable, isolated, and quick for deployment. So if you want to set up a personal VPN for secure browsing or enable remote access, OpenVPN is a reliable solution.
In this guide, we shall discuss how to use OpenVPN with Docker, from prerequisites to a troubleshooting guide.
Why Run OpenVPN in Docker?
Running OpenVPN with Docker has multiple advantages, such as:
- It increases the portability between different environments and cloud providers.
- It keeps your VPN environment safe and separate from the host OS.
- Docker images like kylemanna/openvpn or linuxserver/openvpn-as provide ready-to-use setups.
- You can quickly spin up multiple instances if you need redundancy or load balancing.
- With Docker compose, you can easily manage the OpenVPN server with other services.
- No clutter of manually installed dependencies since everything is enclosed inside the container.
Prerequisites for OpenVPN on Docker
Before you start deploying OpenVPN on Docker, ensure that you have the following prerequisites ready to roll:
- A Linux server or supported VPS like Ubuntu.
- Install Docker and verify it by running docker –version.
- Root or sudo privileges.
- Firewall rules adjusted to allow VPN traffic.
- Basic familiarity with Docker commands.
Deployment Options for OpenVPN in Docker
There are multiple different ways to deploy OpenVPN in Docker depending on your requirements.
Get exclusive access to all things tech-savvy, and be the first to receive
the latest updates directly in your inbox.
- Using Prebuilt Docker Images
- Popular community images such as:
- kylemanna/openvpn – lightweight, widely used.
- linuxserver/openvpn-as – includes a web UI for easier management.
- Popular community images such as:
- With Docker Compose
Docker Compose simplifies configuration and management of the OpenVPN container. It also allows integration with other services in a single YAML file.
- Custom Dockerfile
If you need full control over the OpenVPN system, then you could build with a custom Dockerfile.
Step-by-Step Guide to Deploy OpenVPN in Docker
Step 1: Pull an OpenVPN Docker image
Run the following command to pull an OpenVPN Docker image:
docker pull kylemanna/openvpn
Step 2: Initialize the OpenVPN server configuration (and PKI)
- Now, create a directory on the host to store the OpenVPN configuration file by running: mkdir -p ~/openvpn-data
- Initialize the OpenVPN server configuration inside the container:
docker run -v ~/openvpn-data:/etc/openvpn –rm kylemanna/openvpn ovpn_genconfig -u udp://YOUR_SERVER_IP
Replace YOUR_SERVER_IP with your server’s public IP address or domain name.
- Next, initialize the public key infrastructure (PKI):
docker run -v ~/openvpn-data:/etc/openvpn –rm -it kylemanna/openvpn ovpn_initpki
Step 3: Start the OpenVPN server container
You can run the OpenVPN in the background, expose the port 1194/udp, and then allow networking capabilities.
docker run -d –name openvpn \
-v ~/openvpn-data:/etc/openvpn \
-p 1194:1194/udp \
–cap-add=NET_ADMIN \
–device /dev/net/tun \
kylemanna/openvpn
- –cap-add=NET_ADMIN lets the container manage routes/iptables inside its namespace.
- –device /dev/net/tun ensures the TUN device is available (needed on many hosts).
- -p 1194:1194/udp publishes the VPN port to the host.
Verify it’s up:
docker logs -f openvpn
You should see OpenVPN listening on 0.0.0.0:1194 (or your chosen port/proto) with no errors.
Step 4: Expose and configure ports, routing, and firewall
Open the VPN port on the host firewall
- UFW:
sudo ufw allow 1194/udp
sudo ufw status
- firewalld:
sudo firewall-cmd –permanent –add-port=1194/udp
sudo firewall-cmd –reload
Enable IP forwarding on the host (so VPN clients can reach the internet/LAN)
sudo sysctl -w net.ipv4.ip_forward=1
echo ‘net.ipv4.ip_forward=1’ | sudo tee -a /etc/sysctl.conf
sudo sysctl -p
(If you’ll use IPv6, also set net.ipv6.conf.all.forwarding=1.)
DNS for clients (optional but recommended)
If your client wants to use specific DNS, add lines to the server config in the data folder.
push “redirect-gateway def1”
push “dhcp-option DNS 1.1.1.1”
push “dhcp-option DNS 9.9.9.9”
Then restart:
docker restart openvpn
Step 5: Generate and manage client profiles
Create client certs and export ready-to-use .ovpn files.
Create a client certificate (with or without password)
docker run –rm -it -v ~/openvpn-data:/etc/openvpn \
kylemanna/openvpn easyrsa build-client-full alice nopass
docker run –rm -it -v ~/openvpn-data:/etc/openvpn \
kylemanna/openvpn easyrsa build-client-full bob
Export the .ovpn profile
docker run –rm -v ~/openvpn-data:/etc/openvpn \
kylemanna/openvpn ovpn_getclient alice > alice.ovpn
Send alice.ovpn to the user/device and import it into any OpenVPN client (Windows/macOS/Linux, iOS, Android).
Revoke a client (if lost/compromised)
docker run –rm -it -v ~/openvpn-data:/etc/openvpn \
kylemanna/openvpn easyrsa revoke alice
docker run –rm -v ~/openvpn-data:/etc/openvpn \
kylemanna/openvpn easyrsa gen-crl
docker restart openvpn
Smoke test
- Connect from a client with alice.ovpn.
- Visit https://ifconfig.io (or similar) to confirm your public IP is the server’s.
- If DNS doesn’t resolve, recheck the push “dhcp-option DNS …” lines.
Optional: run with Docker Compose
If you prefer Compose, create docker-compose.yml:
services:
openvpn:
image: kylemanna/openvpn
container_name: openvpn
restart: unless-stopped
cap_add:
– NET_ADMIN
devices:
– /dev/net/tun:/dev/net/tun
ports:
– “1194:1194/udp”
volumes:
– ./openvpn-data:/etc/openvpn
Then:
docker compose up -d
Configuring OpenVPN with Docker Compose
Using Docker Compose simplifies the management of OpenVPN containers by allowing you to define configurations in a docker-compose.yml file. Instead of running multiple docker run commands, you can declare the image, volumes, ports, and environment variables in one YAML configuration file. This makes it easy to scale, update, and redeploy the OpenVPN server with minimal effort.
Example docker-compose.yml:
version: ‘3.8’
services:
openvpn:
image: kylemanna/openvpn
container_name: openvpn-server
ports:
– “1194:1194/udp”
volumes:
– ./openvpn-data/conf:/etc/openvpn
cap_add:
– NET_ADMIN
restart: always
With this file in place, you can start the OpenVPN server using:
docker-compose up -d
Connecting Clients to Docker OpenVPN
Once the server is up and running, you need to generate client configuration files (.ovpn) that contain all the important certificates and connection details. These can be distributed among users who would connect to the VPN.
- Generate client config
docker run -v $(pwd)/openvpn-data/conf:/etc/openvpn –rm kylemanna/openvpn easyrsa build-client-full client1 nopass
docker run -v $(pwd)/openvpn-data/conf:/etc/openvpn –rm kylemanna/openvpn ovpn_getclient client1 > client1.ovpn
- Transfer the .ovpn file to the client machine securely.
- Use an OpenVPN client (available for Linux, macOS, Windows, Android, and iOS).
openvpn –config client1.ovpn - Once connected, all traffic (or configured routes) will go through the VPN tunnel.
Managing and Monitoring OpenVPN Docker Containers
It is super important to manage and monitor OpenVPN Docker Containers regularly to keep them efficient and in top notch condition. Here are a few things to keep an eye on:
- Start/Stop containers:
docker start openvpn-server
docker stop openvpn-server
- View logs:
docker logs -f openvpn-server - Update OpenVPN server image:
docker-compose pull
docker-compose up -d
- Add or revoke users: Use the EasyRSA utilities inside the container to generate or revoke client certificates.
For automated monitoring, you can always integrate tools like Prometheus or Grafana.
Common Issues and Troubleshooting
| Issue | Possible Cause | Solution |
| Clients can’t connect | Ports not exposed or firewall blocking | Ensure 1194/udp is open on the host and mapped in Docker |
| DNS not resolving inside VPN | Missing DNS config in .ovpn file | Add DNS servers (push “dhcp-option DNS 8.8.8.8”) to server config |
| Certificate errors | Misconfigured EasyRSA or expired certs | Re-generate certificates and ensure client uses the updated .ovpn file |
| Slow VPN speed | Limited CPU/memory resources or UDP blocked | Allocate more resources or switch to TCP port for OpenVPN |
| Container won’t start | Volume/permission issues | Verify volume mounts and permissions of openvpn-data/conf directory |
Conclusion – Using OpenVPN Docker Containers
Running OpenVPN with Docker gives you the perfect balance between a lightweight, portable, and manageable VPN solution. You can employ the flexibility of a Docker container with the customization of an OpenVPN to securely manage servers!
FAQs
What is OpenVPN in Docker?
OpenVPN in Docker is a containerized VPN setup that allows you to run a secure OpenVPN server using Docker or Docker Compose, simplifying deployment and management.
Can I use Docker Compose for OpenVPN?
Yes. Docker Compose simplifies managing OpenVPN by defining the service, volumes, and ports in a YAML file, making deployment repeatable and efficient.
Can I run multiple VPN clients with Docker OpenVPN?
Yes. You can generate multiple client profiles and connect several devices simultaneously, as long as your server resources support it.
