Deploying OpenVPN Service¶

This Docker image ensures only basic functionality. If you have the capability to configure manually, it is recommended that you build your own setup or refer to the implementation method of this image. Prior knowledge of Linux and Docker is required before use. This image has been tested on Debian 9. The instructions here are for Debian 9, but they generally apply to other systems such as Ubuntu. By default, this service uses port 1190/UDP—ensure this rule is allowed in your firewall.

Prerequisites¶

You need to make the following changes on your server. Run the commands:

echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
sysctl -p

If your server has ufw installed, you must also add the following lines to the beginning of /etc/ufw/before.rules. Adjust eth0 and the subnet according to your actual server interface and network configuration. Note: These lines should be added before any *filter rules.

*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 172.27.27.0/24 -o eth0 -j MASQUERADE
COMMIT

Change the following setting in /etc/default/ufw to ACCEPT:

DEFAULT_FORWARD_POLICY="ACCEPT"

Finally, reload the ufw firewall service:

ufw reload

If your server does not have ufw installed, ensure the FORWARD policy in iptables is set to ACCEPT by running:

Attention

You may need to reapply this rule after a server reboot; installing ufw is recommended.

iptables -P FORWARD ACCEPT

Initialize Configuration¶

Now, create a directory to store the OpenVPN server configuration:

mkdir -p ~/lamda-openvpn-server

Next, initialize the OpenVPN server with the following command:

docker run -it --rm --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn ovpn-server-new

After the command completes, you will find the configuration files in the ~/lamda-openvpn-server directory. The main configuration file is config.ovpn. You can open it with a text editor. It is recommended to modify only the following fields:

# VPN subnet and subnet mask
server 172.27.27.0 255.255.255.0
# VPN service port
port 1190

# Alternatively, if you want a specific network interface on the server to be accessible to VPN clients,
# you can add a route. Note: this only allows access to the IP address of the current host in that subnet.
# For full client access to the subnet, additional configurations are required.
push "route 192.168.68.0 255.255.255.0"

# Replace 114 with your desired DNS server
push "dhcp-option DNS 114.114.114.114"

Create Client Connection Credentials¶

After editing the configuration, create a new client. Replace myname with your preferred name (must be unique):

docker run -it --rm --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn ovpn-client-new myname

Once created, use the following command to retrieve the client’s credentials:

# Note: The IP in the configuration is automatically detected as the current public IP. Modify it if incorrect.
#
# Generate an ovpn profile and redirect output to file myname.ovpn, which can be used in apps like OpenVPN Connect
docker run -it --rm --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn ovpn-client-profile ovpn myname > myname.ovpn
# Generate a lamda-compatible OpenVPNProfile, usable directly in lamda
# Includes a commented section 'properties.local'—you can copy the openvpn.* settings
# into /data/usr/properties.local to enable automatic VPN connection
docker run -it --rm --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn ovpn-client-profile lamda myname

Revoke Client Credentials¶

To revoke a client’s credentials, run the following command. You may need to restart the OpenVPN service afterward:

docker run -it --rm --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn ovpn-client-revoke myname

Start the OpenVPN Service¶

You can now start the OpenVPN service in the foreground to view client connection logs and troubleshoot errors:

docker run -it --rm --name openvpn-server --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn run

Once confirmed working, it is recommended to run the service in the background using:

docker run -d --rm --name openvpn-server --privileged --net host -v ~/lamda-openvpn-server:/etc/openvpn rev1si0n/openvpn run

Reference Documentation¶

Basic documentation: https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
Routing setup: https://community.openvpn.net/openvpn/wiki/BridgingAndRouting

Copy Files via SCP

Deploying a Socks5 Proxy