How to install OpenVPN with Docker on Raspberry Pi

OpenVPN on Docker and Raspberry Pi.md

First of all, we are going to store all the data in a Docker shared volume, called openvpn_data.

To initialise the OpenVPN configuration and CA:

$ docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_genconfig -u udp://your-vpn.address.com
$ docker run -v openvpn_data:/etc/openvpn --rm -it evolvedm/openvpn-rpi ovpn_initpki

To start daemon (and auto-restart it):

$ docker run -v openvpn_data:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN -e --restart=always --name openvpn_server evolvedm/openvpn-rpi

And to create new profiles:

$ docker run -v openvpn_data:/etc/openvpn --rm -it evolvedm/openvpn-rpi easyrsa build-client-full **CLIENTNAME**
$ docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_getclient **CLIENTNAME** > **CLIENTNAME**.ovpn

Then you can download your .ovpn file and start using your OpenVPN!! (if the port is correctly exposed)

About security

I'm not a real fan of giving your data security to other's containers, so if you want to compile your own image, you can use this repo:

https://github.com/evolvedm/docker-openvpn-rpi/blob/dc6159c0738a67802444a3a16ecfe6cb4e508280/Dockerfile

Hello
I've just followed this on my rpi3
Is it possible to get access to the web gui using this guide?

Unfortunately the link to compile my own image is no longer available and a 404 error occurs.

Unfortunately the link to compile my own image is no longer available and a 404 error occurs.

I think you can find a copy on https://github.com/lunderhage/docker-openvpn-rpi

However it's a custom image and I haven't got time to test. Use it with care!

All went wel until the getclient. These seems to be a permission issue. Any clue why ?

Command: sudo docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_getclient CLIENT > CLIENT.ovpn
Response: -bash: CLIENT.ovpn: Permission denied

looks like you are running the script in a folder in which you don't have permissions.

docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_getclient CLIENT is run with sudo.
> CLIENT.ovpn is done with your user's privileges.

Your best chance is to execute it in a folder in which you can create/write files or:

$ sudo docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_getclient CLIENT | sudo tee CLIENT.ovpn

Tx a lot, It seems you are correct.

Its a bit strange since I executed a 'chmod a+rw ' on the folder that did not have had the correct result.
I removed the user (and it home folder tree) an retried. Now it seems to do what I expected it to do.

Thx man, it works smoothly !!!

@odarriba

When I reboot raspberry pi 3 with sudo reboot command after the installation of the configuration above, the connection will be lost. How can I prevent this occurrence? Because, when I have an electricity problem(same as rebooting the raspberry pi3), I also lost the connection and the .ovpn file won't work anymore.

--restart=always --name openvpn_server

Is this command prevent losing connection when the system is rebooted?

@sukruburakcetin --restart=always just tells docker that it should restart the container if it crashes for some reason (see https://docs.docker.com/engine/reference/commandline/run/#restart-policies---restart) . It won't have any impact if docker itself crashes (e.g. if your VPN server loses power).

You need to use something else on you raspberry pi to ensure that docker is started up. I recommend using something like Docker Compose to store all of the configuration and then ensuring that docker-compose script runs on restart.