VPN Server With Docker

Muhammad Sahputra
4 min readNov 4, 2017

Setting up VPN never been this easy. Containers really change the way we interact with technologies. Let say you need secure VPN connection to secure your connection whenever browsing internet in public wifi such as cafe, or airport. Public VPN available, yes, but most of the time they are blocked by network provider. Why? Because they’re known servers. It is easy for network provider to block them. Another reason not to use public VPN is because the servers managed by other party. If you are type of person who consider a lot about privacy, you might want to setup your own VPN server.

I always have a VPN server setup’d somwhere. So whenever I need, I can always connect and use. Long long time ago, setting up VPN on private server involving lot of steps. Its more difficult than using container.

Container

One of easy-to-use docker image container for VPN server is the following project,

So if you already have a linux box setup’d somewhere, and it has docker software installed properly, the only thing you need to prepare is an environment variable to feed into docker containers containing credential to connect to the VPN.

$ cat /home/sahputra/vpn.env
VPN_IPSEC_PSK=blahblah
VPN_USER=sahputra
VPN_PASSWORD=password

Since the VPN server using IPSEC, so you need to provide IPSEC PSK (Pre-Shared Key), VPN User, and VPN Password to connect with. Once env file ready, its time to start VPN server.

$ docker run --name vpn --env-file /home/sahputra/vpn.env --restart=always -p 500:500/udp -p 4500:4500/udp -v /lib/modules:/lib/modules:ro -d --privileged hwdsl2/ipsec-vpn-server

Remembered that the image required privilege mode, so you need to give that option when running the container.

$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
639ede396e1c hwdsl2/ipsec-vpn-server "/opt/src/run.sh" 2 hours ago Up About an hour 0.0.0.0:500->500/udp, 0.0.0.0:4500->4500/udp vpn

Notice that the container publish port 4500/udp and 500/udp on your server, those ports are required by VPN client to connect to.

That’s all. Now you have a running VPN server. If you want to see the logs to see if server ready to accept connection (or if any error occurred)

$ docker logs vpn

VPN Client

Once VPN server ready, we can configure any client such as laptop or gadget such as android / iPhone to connect. Here’s sample of setting up VPN client in MacOS.

Add VPN configuration from System Preferences
Configure IP address and Username
Configure VPN password and Pre-Shared Key

Once configured, start the VPN. Don’t forget if you want to route all the traffic towards your VPN server then configure it through “advanced” configuration.

Send all traffic over VPN connection

Sending all traffic over VPN connection means all traffic from your laptop will be going through VPN server. Let say your server located in Germany, then all your internet connection will be channeled through that server in Germany.

iPhone

Here’s how to connect from iPhone.

Once connected, you can check your internet connection IP address, that is the IP address used to reach any server in internet. It will be showing your VPN server IP address.

Bypass Restriction

Yes, channeling your connection through VPN not only make it more secure but also can be used as a way to bypass restriction by network provider. It really depend on how strict your network provider rules is, but in most of case they unable to block private VPN server (because user might need VPN to officially connect to their office network, blocking VPN protocol would raise issue from them). Mostly they will block public-known VPN service provider, so if you’re using private server that is most likely outside their list then you can easily bypassed the restriction.

WhatsApp voice call getting blocked? Well, maybe you can try to setup your own VPN server with docker and see if service is working now 🙂.

--

--