Docker Compose for container management
Having explored the fundamentals of Docker and its power to deploy encapsulated applications, we now …
read moreIn today’s world, especially with the rise of remote work, companies need secure and efficient solutions to connect remote offices, mobile workers, and internal networks. One of the most widely-used tools for this purpose is a VPN ( Virtual Private Network), which allows organizations to establish encrypted and protected connections over the internet. In this article, we’ll explore the basics of VPNs, how they work in a business context, and, finally, show you how to deploy your own VPN on a self-managed server using Docker, simplifying the management and maintenance of your network infrastructure.
A VPN (Virtual Private Network) is a technology solution that allows both businesses and individuals to create secure, encrypted connections between remote devices and internal networks over the internet. Originally designed to securely connect remote offices to private internal networks, VPNs have evolved into a key tool in modern network infrastructures.
In a business context, VPNs are used to ensure that remote employees can securely access internal network resources from anywhere in the world. Moreover, they offer an effective way to unify distributed networks, enabling companies to expand their infrastructure without compromising security.
A VPN works as an intermediary between your device and the network you wish to connect to. Instead of sending your traffic directly over the internet, your device establishes an encrypted connection with a VPN server, which then forwards your traffic to its final destination. This process is known as a “VPN tunnel,” and it’s responsible for keeping your data secure throughout the transfer.
The most commonly used encryption protocols in VPNs are OpenVPN and WireGuard. Both are secure and widely used, but they differ in their approach and performance. OpenVPN is a mature and stable protocol, whereas WireGuard is more modern and efficient, though still in development. The choice between the two depends on your specific needs and preferences.
VPNs are a crucial tool for businesses of all sizes, providing secure and remote connectivity. Some of the most common use cases in a corporate environment include:
Deploying a business VPN with Docker allows companies to maintain full control over their infrastructure, ensuring both security and performance. Docker makes it easy and fast to deploy, reducing the complexities of managing physical servers. This solution is ideal for businesses that need secure connections between their offices or for employees who require remote access to the internal network from any location.
Docker is a platform that allows you to package applications and services in isolated environments. This provides businesses with a secure, portable, and easy-to-manage environment for their VPN, ensuring a reliable infrastructure with minimal technical overhead.
There are several tools available that allow you to deploy a customized VPN, such as OpenVPN or WireGuard®, among others. However, self-hosting a VPN does come with certain technical challenges. It requires knowledge of how to configure and maintain the service. Additionally, the administrator is responsible for keeping the software up to date and protected from potential vulnerabilities.
Thanks to modern virtualization tools like Docker, it’s possible to deploy a VPN service in just a few minutes without dealing with complex server configurations. To follow this practical example, make sure you have Docker installed on your machine. If you haven’t installed it yet, you can find the installation instructions on the official Docker website.
In this example, we will use a preconfigured Docker image for OpenVPN, the kylemanna/docker-openvpn image, one of the most complete and popular implementations for deploying OpenVPN in Docker. Unlike the official image, it includes additional tools that make VPN management easier, such as scripts for automatically generating certificates and keys, simplifying the PKI setup. Additionally, it has the backing of an active community, ensuring regular updates and improvements. This option is ideal for testing environments or scenarios where ease of setup and flexibility are prioritized.
However, for production environments, it’s advisable to consider using the official OpenVPN image. It offers greater stability and long-term support, which are crucial factors when ensuring a reliable and secure service in critical infrastructures. Using the official version may be the better choice when security and long-term maintenance are top priorities.
Open a terminal and run the following command to
generate the necessary configuration files. If you’re working in a local environment, you can use localhost
or your
machine’s local IP to set up the service:
docker run -v $(pwd)/openvpn-data/conf:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://localhost
This command will create a folder named openvpn-data, where all the configuration files will be stored. Now, it’s the perfect time to initialize the PKI (Public Key Infrastructure) required for the OpenVPN server. To do this, run the following command:
docker run -v $(pwd)/openvpn-data/conf:/etc/openvpn -v $(pwd)/openvpn-data/pki:/etc/easyrsa/pki --rm -it kylemanna/openvpn ovpn_initpki
You will be prompted to enter several passwords that will secure the communication between the VPN server and the clients. It’s crucial to remember these passwords, as they will be needed for future modifications or when adding new clients. You will also be asked to provide some details for the Certificate Authority (CA), which are essential for generating the necessary certificates.
Once all the configuration files and certificates are ready, you can start the VPN server using Docker by running the following command:
docker run -v $(pwd)/openvpn-data/conf:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
The -p 1194:1194/udp
parameter indicates that the VPN server will listen on port 1194 UDP, which is the default port,
while --cap-add=NET_ADMIN
is required to allow Docker to properly configure the network. If everything has been set up
correctly, the container ID should appear on your screen.
Once the VPN server is up and running, it’s time to generate the necessary certificates for the clients that will connect to the server. To do this, run the following command:
docker run -v $(pwd)/openvpn-data/conf:/etc/openvpn --rm -it kylemanna/openvpn easyrsa build-client-full CLIENTNAME nopass
Replace CLIENTNAME
with the name you want to assign to the client. This command will generate a certificate and a key
for the specified client. If you prefer to protect the certificate with a password, simply omit the nopass
parameter.
Once the certificate has been generated, you can export it to an .ovpn
file to import it into your preferred VPN
client. This way, you can connect to the VPN server from any compatible device.
docker run -v $(pwd)/openvpn-data/conf:/etc/openvpn --rm kylemanna/openvpn ovpn_getclient CLIENTNAME > $(pwd)/CLIENTNAME.ovpn
So far, we’ve explored how to virtualize a VPN using Docker, but the issue is that we’re doing this in a local environment, which doesn’t fully utilize the advantages of a VPN since they are typically used to connect devices across different locations. To address this, you’ll need a remote server to deploy your VPN.
For this, you can use a cloud service provider like Linode, Google Cloud, Azure, or AWS. These providers offer affordable virtual servers with a wide range of configuration options. Once you’ve set up your server, you can follow the same steps we’ve outlined above to deploy your VPN in the cloud, wherever your server is located.
If you are outside of Spain and need a VPN in this country, I recommend using VPS from Raiola Networks, a hosting provider with servers in Spain ( specifically Madrid). Raiola Networks offers a wide range of hosting services, including VPS, dedicated servers, and web hosting. Additionally, they have excellent technical support and competitive prices.
Once you’ve deployed your VPN server in the cloud, you can connect to it from any compatible device. To do this, you’ll
need the .ovpn
file you generated earlier, as well as a compatible VPN client. If you’re using Linux, you can use
NetworkManager to import the .ovpn
file and configure the connection. If you’re on macOS or Windows, you can use
applications like OpenVPN Connect or Tunnelblick to connect to your VPN server. Simply use the .ovpn
file, which
contains the necessary configuration to connect to the server.
If you prefer not to self-host a VPN on your own server, you can use third-party services like ProtonVPN. This service allows you to connect to servers in over 50 countries and offers a no-logs policy, ensuring your privacy and anonymity online. Additionally, ProtonVPN uses military-grade encryption and secure protocols to protect your internet traffic.
In this article, we have reviewed how VPNs are an essential tool for businesses seeking to securely and efficiently connect their employees and offices. We have also shown how it’s possible to deploy a self-managed VPN using Docker, which simplifies administration and gives companies full control over their network infrastructure. With this solution, businesses can ensure secure and scalable connections without relying on third-party providers.
That may interest you
Having explored the fundamentals of Docker and its power to deploy encapsulated applications, we now …
read moreIn the vast universe of programming, there are principles that, although not commandments, provide …
read moreIntroduction In the previous chapters of our series on Flutter, we’ve laid down a solid …
read moreConcept to value