.. _Step 1. Initialize OpenVPN using Docker: *************************************** Step 1: Initialize OpenVPN using Docker *************************************** .. include:: urls.rst .. contents:: Table of Contents **Objective**: Create an OpenVPN Docker container using the default configuration. 6.1.1. Choosing a VPN port ============================ Before you begin, **choose** a UDP port (or ports) that you want to use for your OpenVPN connection. You might ask, why does a port matter? Outgoing port restrictions Some networks restrict ports to control outgoing traffic. For example, a network wants to prevent torrents (port ranges 6700-6999) or defend again viruses that use Window's file sharing (135-139). A network might block the VPN port ``1194`` intentionally. + Using a common port can by-pass that restriction. Seeking to be anonymous Using port ``1194`` announces to your ISP or network admin that you are using a VPN. You might want to hide that you are using a VPN. + Using another port can help mask a VPN tunnel. + It takes a sophisticated operation to detect a VPN. ---- 1. **Browse** the |list of TCP and UDP port numbers| from Wikipedia. #. **Select** a well-known **UDP** port that is likely to be open (DNS, NTP), that masks your usage (masquerade your data as a streaming video or game), or pick a port at random. .. csv-table:: Suggested UDP Ports :header: "UPD Port Number", "Description" :widths: 1, 10 22,Secure Shell (SSH) 53,Domain Name System (DNS) 123,Network Time Protocol (NTP) 465, 554,Real Time Streaming Protocol (RTSP) 943, 972, 995,Post Office Protocol 3 over TLS/SSL (POP3S) 1935,Real Time Messaging Protocol (RTMP) 1234,VLC media player default port for UDP/RTP stream 10007,VoIP providers (ports 10000-20000) 11211,Memcached 3074,Xbox LIVE 3748, 5005,Real-time Transport Protocol media data (RTP) 5730, 8080, 17500,Dropbox LanSync Protocol (db-lsp) 25575,Minecraft #. **Open** the port in your firewall. + Typically, VPNs use UDP instead of TCP. + We can open a port on the firewall to accept UDP traffice only. + For example, this command open ports *123* using UDP. The firewall rejects TCP requests using port 123. .. code-block:: bash ufw allow 123/udp 6.1.2. Set up the Docker Container =================================== .. Note:: This page is based on @gurayy's |Set Up a VPN Server With Docker In 5 Minutes| blog post. * We will make some configuration changes. 1. Follow the |Set Up a VPN Server With Docker In 5 Minutes| guide #. Note the following changes #. Replace ``$PWD`` with ``/root`` for all instances + ``$PWD`` returns or displays the current directory. + This path will become incorrect if the user is not in the *home* directory. #. Replace ``IP_ADDRESS:3000`` with the IP address of your VPS. #. Replace the port (``3000``) with a port of your choice. #. Add the ``--name`` flag to the run command that starts the daemon process .. figure:: images/modified-run-command.png Example of changes .. .. code-block:: bash .. .. # Original command .. docker run -v $PWD/vpn-data:/etc/openvpn -d -p 3000:1194/udp --cap-add=NET_ADMIN myownvpn .. .. # Modified command with --name and absolute path .. docker run --name openvpn -v /root/vpn-data:/etc/openvpn -d -p 3000:1194/udp --cap-add=NET_ADMIN myownvpn Verify the Installation ------------------------ At this point, you should have OpenVPN running in a Docker container and the configs files stored in ``~/vpn-data``. Verify that: #. the **firewall** accepts UDP connections on the specified port. #. the Docker **container** is running. * You should see your running OpenVPN container with an exposed port mapped to ``1194``. #. the **configuration** files are in directory ``~/vpn-data``. .. code-block:: bash root@vps298933:~# ls -lh ~/vpn-data/ total 20K drwxr-xr-x 2 root root 4.0K Apr 18 21:04 ccd -rw-r--r-- 1 root root 650 Apr 18 21:06 crl.pem -rw-r--r-- 1 root root 642 Apr 18 21:04 openvpn.conf -rw-r--r-- 1 root root 813 Apr 18 21:04 ovpn_env.sh drwx------ 6 root root 4.0K Apr 18 21:09 pki root@vps298933:~# #. you have a file with an extension ``.ovpn`` in the root (``~``) directory. #. Edit the ``.ovpn`` file using ``nano`` or another editor and verify that the IP address, port and protocol are correct. The configuration might work on some systems, but there is a |configuration error| that prevents the client from communicating with the VPN server. Please continue to the next step to correct the invalid configuration.