Run your own dockerized openVPN server at Scaleway

After reading this blog post about becoming your own VPN provider with Docker I thought if this is possible at Scaleway as well.

Scaleway provides real ARM hardware in the cloud and Docker runs well on it. So here are the steps to spin up an own openVPN ARM Docker container at minimal costs.

Install local tools

First install the scaleway commandline tool as well as the VPN client for Mac OSX.

brew install scw
brew cask install tunnelblick

Prepare a Scaleway server

If you haven't one yet, create a Scaleway server running with Docker. The commandline tool makes this is really easy.

scw login
scw create --name scwdocker Docker_1_7_1
scw start scwdocker

Prepare and start your openVPN container

The next steps should be done on the Scaleway server, so login to it with

scw exec scwdocker bash

There already is an ARM port of the jpetazzo/dockvpn Docker image for the Raspberry Pi. We just clone the GitHub repo dimetron/dockvpn-rpi and build the Docker image.

git clone https://github.com/dimetron/dockvpn-rpi.git
cd dockvpn-rpi
docker build -t jpetazzo/dockvpn .
docker run -d --cap-add=NET_ADMIN --name=dockvpn -p 1194:1194/udp -p 443:443/tcp jpetazzo/dockvpn

Now create the ovpn file by running another container and extract it with curl.

docker run --rm -t -i -p 8080:8080 --volumes-from dockvpn jpetazzo/dockvpn serveconfig
curl -k -v https://localhost:8080 >scwvpn.ovpn 

You now may logout from your Scaleway server.

Back to Mac

Copy the ovpn file back to your Mac with

scw cp scwdocker:dockvpn-rpi/scwvpn.ovpn scwvpn.ovpn

If the scw cp command hangs, try this command instead

scw exec scwdocker cat dockvpn-rpi/scwvpn.ovpn >scwvpn.ovpn

Then double click on the ovpn file or open it with

open scwvpn.ovpn

and Tunnelblick should start and import the file. Now you're ready to connect to your VPN server running at Scaleway!

Please read the security discussion section and decide if you are happy with it.

Stefan Scherer

Read more posts by this author.