Fedya

Posted on Jun 24

Installing a VPN Server with Docker on Proxmox – The Ultimate Guide

🚀 Installing a VPN Server with Docker on Proxmox – The Ultimate Guid

🧠 Why Run a VPN in Docker on Proxmox?

Running a VPN server is often a first step toward building a secure self-hosted infrastructure. But when you combine:

🧩 Docker – for modular, reproducible environments,
🧱 Proxmox VE – for rock-solid virtualization and LXC containers,
🔒 VPN – for encrypted access to your internal network,

...you get a powerful, portable, and private network layer under your full control.

📋 What We’ll Cover

🛠️ Requirements & Environment
⚙️ Setting up the Proxmox environment
📦 Deploying a Docker container
🔐 Installing the VPN server (WireGuard or OpenVPN)
🌍 Accessing your VPN and testing
🧰 Tips, tricks & troubleshooting

Let’s dive in!

🧰 Requirements

Before we start, here’s what you’ll need:

✅ Item	🔎 Details
🖥️ Proxmox VE	Version 7.x or newer
📦 Docker	Installed inside an LXC container or VM
🌐 Public IP	For remote VPN access
🔁 Port forwarding	On your router, if behind NAT
🧑‍💻 Basic Linux skills	Just a bit helps a lot

🏗️ Step 1: Create a Proxmox Container or VM

You can run Docker inside a Debian-based LXC container or a Proxmox VM. For simplicity and performance, we’ll go with an LXC container.

🔧 Create LXC Container (Debian-based)

Go to Proxmox Web UI
Click ➕ Create CT
Choose:
- Template: debian-12-standard_*.tar.zst
- Disk size: 8GB+
- Network: Bridged or NAT
Click Finish, then Start the container

🐳 Step 2: Install Docker

🐧 Log into the container:

pct enter <container_id>

🔄 Update packages:

apt update && apt upgrade -y

📥 Install Docker:

curl -fsSL https://get.docker.com | sh

Test it:

docker run hello-world

Congrats 🎉 — Docker is running inside your container!

🔐 Step 3: Deploy a VPN Server (WireGuard)

✅ Why WireGuard?

WireGuard is blazing fast, secure, and easy to configure.

🧱 Create a Docker volume (optional but recommended):

docker volume create wg_data

🚀 Run WireGuard container:

We’ll use the excellent linuxserver/wireguard image.

docker run -d   --name=wireguard   --cap-add=NET_ADMIN   --cap-add=SYS_MODULE   -e PUID=1000   -e PGID=1000   -e SERVERURL=your.domain.com   -e SERVERPORT=51820   -e PEERS=3   -e PEERDNS=1.1.1.1   -e INTERNAL_SUBNET=10.13.13.0   -v wg_data:/config   -v /lib/modules:/lib/modules   -p 51820:51820/udp   --sysctl="net.ipv4.conf.all.src_valid_mark=1"   --restart unless-stopped   lscr.io/linuxserver/wireguard:latest

🔁 Replace your.domain.com with your actual domain or public IP.

After a few seconds, the container will auto-generate peer configs. 🎯

📲 Step 4: Access & Use the VPN

To access client configs:

docker exec -it wireguard cat /config/peer1/peer1.conf

📱 Import this into the WireGuard app on iOS, Android, Windows, or Linux.

📡 Open the port on your router:

Forward UDP 51820 to your Proxmox host (or container) IP.

🧪 Step 5: Test Your VPN

On your phone or laptop:

Connect to Wi-Fi (external to your server)
Start the WireGuard VPN
Visit https://whatismyipaddress.com
It should now show your server’s public IP 🌍

Congratulations, you're browsing via your own secure VPN! 🎉🔐

🧠 Bonus: OpenVPN Alternative (Optional)

Prefer OpenVPN?

Use the linuxserver/openvpn-as Docker image instead:

docker run -d   --name=openvpn-as   -e PUID=1000   -e PGID=1000   -e TZ=Europe/Sofia   -p 943:943   -p 9443:9443   -p 1194:1194/udp   -v ovpn_data:/config   --cap-add=NET_ADMIN   --restart unless-stopped   lscr.io/linuxserver/openvpn-as:latest

Then access it at https://<server-ip>:943.

🛠️ Troubleshooting Tips

❗ Issue	🧩 Solution
VPN not connecting	Check port forwarding, firewall, or docker network
No internet via VPN	Check `net.ipv4.ip_forward=1` and routing
DNS leaks	Set proper `PEERDNS` or use encrypted DNS

🧩 Useful Extras

📘 WireGuard Documentation
🧰 Docker Compose alternative
📁 Backup configs from /var/lib/docker/volumes/wg_data/_data

💬 Final Thoughts

Setting up your own VPN server with Docker under Proxmox combines the best of virtualization, containerization, and privacy.

💡 For beginners — this setup builds confidence.
⚙️ For experts — it's the foundation for more advanced self-hosted networks.

If you found this guide helpful, feel free to leave a comment or follow for more DevOps and self-hosting tutorials! 🚀

🙌 Stay safe, stay private, and keep building! 👨‍💻👩‍💻

Written with ❤️ by [Your Name] for the Dev.to community.

DEV Community