Run your own dockerized openVPN server at Scaleway

After reading this blog post about becoming your own VPN provider with Docker I thought if this is possible at Scaleway as well.

Scaleway provides real ARM hardware in the cloud and Docker runs well on it. So here are the steps to spin up an own openVPN ARM Docker container at minimal costs.

Install local tools

First install the scaleway commandline tool as well as the VPN client for Mac OSX.

brew install scw  
brew cask install tunnelblick  

Prepare a Scaleway server

If you haven't one yet, create a Scaleway server running with Docker. The commandline tool makes this is really easy.

scw login  
scw create --name scwdocker Docker_1_7_1  
scw start scwdocker  

Prepare and start your openVPN container

The next steps should be done on the Scaleway server, so login to it with

scw exec scwdocker bash  

There already is an ARM port of the jpetazzo/dockvpn Docker image for the Raspberry Pi. We just clone the GitHub repo dimetron/dockvpn-rpi and build the Docker image.

git clone  
cd dockvpn-rpi  
docker build -t jpetazzo/dockvpn .  
docker run -d --cap-add=NET_ADMIN --name=dockvpn -p 1194:1194/udp -p 443:443/tcp jpetazzo/dockvpn  

Now create the ovpn file by running another container and extract it with curl.

docker run --rm -t -i -p 8080:8080 --volumes-from dockvpn jpetazzo/dockvpn serveconfig  
curl -k -v https://localhost:8080 >scwvpn.ovpn  

You now may logout from your Scaleway server.

Back to Mac

Copy the ovpn file back to your Mac with

scw cp scwdocker:dockvpn-rpi/scwvpn.ovpn scwvpn.ovpn  

If the scw cp command hangs, try this command instead

scw exec scwdocker cat dockvpn-rpi/scwvpn.ovpn >scwvpn.ovpn  

Then double click on the ovpn file or open it with

open scwvpn.ovpn  

and Tunnelblick should start and import the file. Now you're ready to connect to your VPN server running at Scaleway!

Please read the security discussion section and decide if you are happy with it.

Stefan Scherer

Read more posts by this author.