🚀 Installing a VPN Server with Docker on Proxmox – The Ultimate Guid
🧠 Why Run a VPN in Docker on Proxmox?
Running a VPN server is often a first step toward building a secure self-hosted infrastructure. But when you combine:
- 🧩 Docker – for modular, reproducible environments,
- 🧱 Proxmox VE – for rock-solid virtualization and LXC containers,
- 🔒 VPN – for encrypted access to your internal network,
...you get a powerful, portable, and private network layer under your full control.
📋 What We’ll Cover
- 🛠️ Requirements & Environment
- ⚙️ Setting up the Proxmox environment
- 📦 Deploying a Docker container
- 🔐 Installing the VPN server (WireGuard or OpenVPN)
- 🌍 Accessing your VPN and testing
- 🧰 Tips, tricks & troubleshooting
Let’s dive in!
🧰 Requirements
Before we start, here’s what you’ll need:
✅ Item | 🔎 Details |
---|---|
🖥️ Proxmox VE | Version 7.x or newer |
📦 Docker | Installed inside an LXC container or VM |
🌐 Public IP | For remote VPN access |
🔁 Port forwarding | On your router, if behind NAT |
🧑💻 Basic Linux skills | Just a bit helps a lot |
🏗️ Step 1: Create a Proxmox Container or VM
You can run Docker inside a Debian-based LXC container or a Proxmox VM. For simplicity and performance, we’ll go with an LXC container.
🔧 Create LXC Container (Debian-based)
- Go to Proxmox Web UI
- Click ➕ Create CT
- Choose:
- Template:
debian-12-standard_*.tar.zst
- Disk size: 8GB+
- Network: Bridged or NAT
- Template:
- Click Finish, then Start the container
🐳 Step 2: Install Docker
🐧 Log into the container:
pct enter <container_id>
🔄 Update packages:
apt update && apt upgrade -y
📥 Install Docker:
curl -fsSL https://get.docker.com | sh
Test it:
docker run hello-world
Congrats 🎉 — Docker is running inside your container!
🔐 Step 3: Deploy a VPN Server (WireGuard)
✅ Why WireGuard?
WireGuard is blazing fast, secure, and easy to configure.
🧱 Create a Docker volume (optional but recommended):
docker volume create wg_data
🚀 Run WireGuard container:
We’ll use the excellent linuxserver/wireguard image.
docker run -d --name=wireguard --cap-add=NET_ADMIN --cap-add=SYS_MODULE -e PUID=1000 -e PGID=1000 -e SERVERURL=your.domain.com -e SERVERPORT=51820 -e PEERS=3 -e PEERDNS=1.1.1.1 -e INTERNAL_SUBNET=10.13.13.0 -v wg_data:/config -v /lib/modules:/lib/modules -p 51820:51820/udp --sysctl="net.ipv4.conf.all.src_valid_mark=1" --restart unless-stopped lscr.io/linuxserver/wireguard:latest
🔁 Replace
your.domain.com
with your actual domain or public IP.
After a few seconds, the container will auto-generate peer configs. 🎯
📲 Step 4: Access & Use the VPN
To access client configs:
docker exec -it wireguard cat /config/peer1/peer1.conf
📱 Import this into the WireGuard app on iOS, Android, Windows, or Linux.
📡 Open the port on your router:
Forward UDP 51820 to your Proxmox host (or container) IP.
🧪 Step 5: Test Your VPN
On your phone or laptop:
- Connect to Wi-Fi (external to your server)
- Start the WireGuard VPN
- Visit https://whatismyipaddress.com
- It should now show your server’s public IP 🌍
Congratulations, you're browsing via your own secure VPN! 🎉🔐
🧠 Bonus: OpenVPN Alternative (Optional)
Prefer OpenVPN?
Use the linuxserver/openvpn-as Docker image instead:
docker run -d --name=openvpn-as -e PUID=1000 -e PGID=1000 -e TZ=Europe/Sofia -p 943:943 -p 9443:9443 -p 1194:1194/udp -v ovpn_data:/config --cap-add=NET_ADMIN --restart unless-stopped lscr.io/linuxserver/openvpn-as:latest
Then access it at https://<server-ip>:943
.
🛠️ Troubleshooting Tips
❗ Issue | 🧩 Solution |
---|---|
VPN not connecting | Check port forwarding, firewall, or docker network |
No internet via VPN | Check net.ipv4.ip_forward=1 and routing |
DNS leaks | Set proper PEERDNS or use encrypted DNS |
🧩 Useful Extras
- 📘 WireGuard Documentation
- 🧰 Docker Compose alternative
- 📁 Backup configs from
/var/lib/docker/volumes/wg_data/_data
💬 Final Thoughts
Setting up your own VPN server with Docker under Proxmox combines the best of virtualization, containerization, and privacy.
- 💡 For beginners — this setup builds confidence.
- ⚙️ For experts — it's the foundation for more advanced self-hosted networks.
If you found this guide helpful, feel free to leave a comment or follow for more DevOps and self-hosting tutorials! 🚀
🙌 Stay safe, stay private, and keep building! 👨💻👩💻
Written with ❤️ by [Your Name] for the Dev.to community.
Top comments (0)