OpenVPN is a VPN that lets you securely access your homelab from anywhere. LabStart installs the OpenVPN server, but you need to complete setup via CLI.
- Installs OpenVPN server container
- Mounts config directory at
~/LabStart/config/openvpn
Generate server configuration and certificates:
sudo docker exec -it openvpn ovpn_genconfig -u udp://YOUR_SERVER_IP_OR_DOMAIN
sudo docker exec -it openvpn ovpn_initpkiYou'll be prompted to:
- Set a CA key passphrase
- Confirm the passphrase
- Set a Common Name (use your domain or IP)
Forward port 1194/UDP to your server's IP address.
Example (UniFi):
- Go to Settings → Routing → Port Forwarding
- Create New Rule:
- Name: OpenVPN
- Protocol: UDP
- Port: 1194
- Forward IP: [your server IP]
- Forward Port: 1194
Create a client certificate and config file:
sudo docker exec -it openvpn easyrsa build-client-full CLIENTNAME nopass
sudo docker exec openvpn ovpn_getclient CLIENTNAME > ~/client.ovpnReplace CLIENTNAME with a device identifier (e.g., laptop, phone).
Desktop (Windows/Mac/Linux):
- Install OpenVPN from https://openvpn.net/community-downloads/
- Import the
client.ovpnfile - Connect
Mobile (iOS/Android):
- Install OpenVPN Connect app
- Import the
client.ovpnfile - Connect
Repeat step 3 with different client names:
sudo docker exec -it openvpn easyrsa build-client-full laptop nopass
sudo docker exec openvpn ovpn_getclient laptop > ~/laptop.ovpnCan't connect?
- Check port forwarding is active (UDP 1194)
- Verify your server IP/domain is correct in client config
- Check firewall allows UDP 1194
- Restart OpenVPN container:
sudo docker restart openvpn
Certificate errors?
- Make sure you ran
ovpn_initpkifirst - Check CA passphrase is correct
Need to revoke a client?
sudo docker exec -it openvpn easyrsa revoke CLIENTNAME
sudo docker exec -it openvpn easyrsa gen-crl
sudo docker restart openvpnNeed help? Open an issue: https://github.com/endergate/LabStart/issues