diff --git a/openvpn/setup.sh b/openvpn/setup.sh
index f3189b5..0ec0c86 100755
--- a/openvpn/setup.sh
+++ b/openvpn/setup.sh
@@ -3,22 +3,30 @@
 # setup script for kylemanna/openvpn
 #
 
-OVPN_DATA=${OVPN_DATA:-openvpn_data_1}
-OVPN_SERVER=${OVPN_SERVER:-tcp://vpn.datageek.info}
-OVPN_CLIENT=${OVPN_CLIENT:-client}
+OVPN_DIR=./ovpn
+OVPN_IMG=kylemanna/openvpn
+OVPN_DATA=openvpn_data_1
+OVPN_SERVER=tcp://vpn.datageek.info
 
-select opt in server client quit
+mkdir -p $OVPN_DIR
+
+select opt in server client backup quit
 do
   if [[ $opt == "server" ]]
   then
     echo "setup server ..."
-    docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_genconfig -c -u $OVPN_SERVER
-    docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn ovpn_initpki
+    docker run --volumes-from $OVPN_DATA --rm $OVPN_IMG ovpn_genconfig -u $OVPN_SERVER
+    docker run --volumes-from $OVPN_DATA --rm -it $OVPN_IMG ovpn_initpki
   elif [[ $opt == "client" ]]
   then
     echo "setup client ..."
-    docker run --volumes-from $OVPN_DATA --rm -it kylemanna/openvpn easyrsa build-client-full $OVPN_CLIENT nopass
-    docker run --volumes-from $OVPN_DATA --rm kylemanna/openvpn ovpn_getclient $OVPN_CLIENT > $OVPN_CLIENT.ovpn
+    read -p '>>> ' OVPN_CLIENT
+    docker run --volumes-from $OVPN_DATA --rm -it $OVPN_IMG easyrsa build-client-full ${OVPN_CLIENT:?client is empty} nopass
+    docker run --volumes-from $OVPN_DATA --rm $OVPN_IMG ovpn_getclient $OVPN_CLIENT > $OVPN_DIR/$OVPN_CLIENT.ovpn
+  elif [[ $opt == "backup" ]]
+  then
+    echo "backup volume ..."
+    docker run --rm --volumes-from openvpn_data_1 -v `pwd`/$OVPN_DIR:/backup alpine tar czf /backup/openvpn.tgz /etc/openvpn
   elif [[ $opt == "quit" ]]
   then
     echo "bye"