Fast and reliable VPN using docker and digitalocean

6/8/2015

docker

I've been using openvpn for a long time, but I was having some problems with performance. I've decided to change the usual approach of having openvpn installed on my host machine and move it to docker. I'm using my own server, but in this blog post I will show you how to do it with digitalocean.

Digitalocean

It's very easy to create a docker machine inside a digitalocean droplet. Just head over to their webpage and follow the instruction. 5 USD/month is reasonable price and you do not need to have it running non-stop. One big advantage is that you are billed for hourly usage This tutorial will cost me just 1 cent. Netflix, hulu are just another benefits.

Ok, if you have an account on digitalocean do not forget to generate a token. You will find it in API section. I've exported the token as my env variable OCEAN_TOKEN.

Let's create a docker machine and setup the docker to use this machine.

$ docker-machine create -d digitalocean --digitalocean-access-token=$OCEAN_TOKEN ocean
INFO[0000] Creating SSH key...
INFO[0001] Creating Digital Ocean droplet...
INFO[0151] "ocean" has been created and is now the active machine.
INFO[0151] To point your Docker client at it, run this in your shell: eval "$(docker-machine env ocean)"
$ eval $(docker-machine env ocean)

Now you have a completely clean docker machine inside of digitalocean server room.

OpenVPN docker

I was creating my own setup, but I have found this, which basically has solved all my problems. It's quite easy to setup. You just need to create two containers, one for the persistent data (or you can just use directory/volume) and one as actual opnvpn application container.

$ OVPN_DATA="ovpn-data"
$ IP=$(docker-machine ip)
$ docker run --name $OVPN_DATA -v /etc/openvpn busybox
$ docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -u udp://$IP

Next command will generate all the certificates and keys. Please save the password for later use.

$ docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki

And finally we can run our vpn container.

$ docker run --volumes-from $OVPN_DATA -d -p 1194:1194/udp --privileged kylemanna/openvpn

Next step is to generate client key. In this case we will generate one without password.

$ docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass

Retrive the client configuration with embedded certificates.

$ docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > CLIENTNAME.ovpn

Now you can use whatever client you like. In case you want to backup the configuration please use following command.

$ docker run --volumes-from $OVPN_DATA -v $(pwd):/backup --rm kylemanna/openvpn tar cvzf /backup/openvpn.tar.gz /etc/openvpn
comments powered by Disqus