How To Setup OpenVPN With docker-compose

Hello! Internet privacy concerns is a huge trend right now, and OpenVPN seems to be the most widely used solution. But many of us are having troubles setting it up. Docker-compose is a great tool to install software and configure it with just one .yml file. Let's make OpenVPN setup painless with help of docker-compose.

This post guides you through all the steps needed to setup your OpenVPN server instance. Our setup will be based on kylemanna/docker-openvpn image.

Set up OpenVPN server

First of all, check that Docker and docker-compose are installed. The commands below should return the current version of docker and docker-compose installed.

docker -v  
docker-compose -v  

Create new docker-compose.yml

touch docker-compose.yml  

Copy and paste this template to your docker-compose.yml

version: '2'  
     - NET_ADMIN
    image: kylemanna/openvpn
    container_name: openvpn
     - "1194:1194/udp"
    restart: always
     - {path_to_save_openvpn_config}:/etc/openvpn

Change {path_to_save_openvpn_config} to the path where you want OpenVPN to store it's files, for example /home/administrator/openvpn.

After it's done, you need to initialize configuration files and certificates for OpenVPN. Run these command to do it:

    docker-compose run --rm openvpn ovpn_genconfig -u udp://{vpn_server_address}
    docker-compose run --rm openvpn ovpn_initpki

Replace {vpn_server_address} with your server address, it could be IP address ( or domain name (

Type any pass phrase and name for you certificate. Certificate generation will take some time, be patient.

creating certificate

Start OpenVPN server process

docker-compose up -d openvpn  

Generating Client Certificates

For establishing a connection to your OpenVPN server you need provide a client with the certificate file. It can be easily done with docker-compose.
First of all, build a client certificate with the command below. Provide it with the pass phrase from the previous step.

docker-compose run --rm openvpn easyrsa build-client-full {client_name} nopass  

By avoiding nopass option you can specify the client certificate pass phrase, it's highly recommended.
When the client certificate is generated, export it to a file and send it to the client with the next command:

docker-compose run --rm openvpn ovpn_getclient {client_name} > certificate.ovpn  

creating client certificate

That's it! More details can be found on the official GitHub page of the kylemanna/docker-openvpn image.

Enjoy safe and secure browsing!

Originally published at