Skip to content

Instantly share code, notes, and snippets.

@odarriba

odarriba/OpenVPN on Docker and Raspberry Pi.md

Last active March 12, 2024 15:13
Show Gist options
  • Save odarriba/2116b7a7ea38400b4fe32c3647c8291c to your computer and use it in GitHub Desktop.
Save odarriba/2116b7a7ea38400b4fe32c3647c8291c to your computer and use it in GitHub Desktop.
Download ZIP
How to install OpenVPN with Docker on Raspberry Pi
Raw
OpenVPN on Docker and Raspberry Pi.md

First of all, we are going to store all the data in a Docker shared volume, called openvpn_data.

To initialise the OpenVPN configuration and CA:

$ docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_genconfig -u udp://your-vpn.address.com
$ docker run -v openvpn_data:/etc/openvpn --rm -it evolvedm/openvpn-rpi ovpn_initpki

To start daemon (and auto-restart it):

$ docker run -v openvpn_data:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN -e --restart=always --name openvpn_server evolvedm/openvpn-rpi

And to create new profiles:

$ docker run -v openvpn_data:/etc/openvpn --rm -it evolvedm/openvpn-rpi easyrsa build-client-full **CLIENTNAME**
$ docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_getclient **CLIENTNAME** > **CLIENTNAME**.ovpn

Then you can download your .ovpn file and start using your OpenVPN!! (if the port is correctly exposed)

About security

I'm not a real fan of giving your data security to other's containers, so if you want to compile your own image, you can use this repo:

https://github.com/evolvedm/docker-openvpn-rpi/blob/dc6159c0738a67802444a3a16ecfe6cb4e508280/Dockerfile

@odarriba
Copy link
Author

looks like you are running the script in a folder in which you don't have permissions.

docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_getclient CLIENT is run with sudo.
> CLIENT.ovpn is done with your user's privileges.

Your best chance is to execute it in a folder in which you can create/write files or:

$ sudo docker run -v openvpn_data:/etc/openvpn --rm evolvedm/openvpn-rpi ovpn_getclient CLIENT | sudo tee CLIENT.ovpn

@shadowhunter1967
Copy link

Tx a lot, It seems you are correct.

Its a bit strange since I executed a 'chmod a+rw ' on the folder that did not have had the correct result.
I removed the user (and it home folder tree) an retried. Now it seems to do what I expected it to do.

@danmihu
Copy link

danmihu commented Nov 28, 2020

Thx man, it works smoothly !!!

@sukruburakcetin
Copy link

@odarriba

When I reboot raspberry pi 3 with sudo reboot command after the installation of the configuration above, the connection will be lost. How can I prevent this occurrence? Because, when I have an electricity problem(same as rebooting the raspberry pi3), I also lost the connection and the .ovpn file won't work anymore.

--restart=always --name openvpn_server

Is this command prevent losing connection when the system is rebooted?

@veleek
Copy link

veleek commented Jan 5, 2022
edited
Loading

@sukruburakcetin --restart=always just tells docker that it should restart the container if it crashes for some reason (see https://docs.docker.com/engine/reference/commandline/run/#restart-policies---restart) . It won't have any impact if docker itself crashes (e.g. if your VPN server loses power).

You need to use something else on you raspberry pi to ensure that docker is started up. I recommend using something like Docker Compose to store all of the configuration and then ensuring that docker-compose script runs on restart.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment