Run a container with an openvpn-client in Docker

146 0

A How-To

A guide to get a Docker container to connect via a VPN using OpenVPN and a VPN service.

Basics Explained

I recently started working with Docker containers. I became so obsessed that I have been adding docker containers for everything I could think of. For one of these containers, I decided that I wanted it to run through a vpn so that it’s IP address would be different than my own. Most of the solutions I found on the internet were about creating your own VPN. Finally, I came across a docker container that will run a container with an openvpn-client in Docker.

This is a Docker container (dperson/open-vpn client) that allows you to connect to your vpn service using OpenVPN. The container you wish to run through the VPN is dependent on this VPN container running before it does.  At the end I will show a way to test that it is actually connected to the IP of the VPN service you add. This uses docker composer and here is an example yml file.

services:
  vpn:
    image: dperson/openvpn-client
    # cap_add, security_opt, and volume required for the image to function
    cap_add:
      - net_admin
    ports:
      - 6379:6379
      - 80:80
      - 443:443
      - 4443:4443
    dns:
      - 8.8.8.8
      - 8.8.4.4
    devices:
      - '/dev/net:/dev/net:rwm'
    environment:
      TZ: 'EST5EDT'
      ROUTE: '10.0.0.0/8'
    networks:
      - default

    # if using '-d' or 'DNS' you can't enable the `read_only: true` option
    read_only: true
    tmpfs:
      - /run
      - /tmp
    restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    volumes:
    # Replace "service1" with and image with an actual service you want to run
  service1:
    image: docker_hub_user/container_name
    depends_on:
      - vpn
    environment:
      TZ: 'EST5EDT'
    network_mode: "service:vpn"
    restart: unless-stopped
    stdin_open: true
    tty: true
    volumes:
      - /srv/service1:/var/lib/service1:Z

Notice that at the end there is a service called service1. Here is where you would add your service that you want to run through the vpn. If you already have the yml file for your docker just replace the service1 name and add the rest of it to this file. Keep in mind they need to line up like here. Once merged, you will be left with one docker compose file. Just think one above the other.

If your other file has ports expressed, you need to remove them from that section and add then in the vpn service section. I added Google dns in mine, but you do not have to. You can change your time zone and ROUTE. The ROUTE is your internal ip address block. I put an example in this file and here are some other examples: https://en.wikipedia.org/wiki/Reserved_IP_addresses.

The work begins

The first thing to do is install docker and docker compose on your machine. You can create a directory and place the docker-compose.yml and then create another directory inside of that called vpn and in it place your .ovpn file from your vpn service and rename it to .conf instead of .ovpn. Open your new .conf file and look for the line with auth-user-pass and add vpn.auth after it, save and close. Next create a vpn.auth file and add your username for your vpn service on the top line and on the second line add your password, close and save it. Ultimately you should have added 2 files to the vpn directory; the .conf file and the vpn.auth. Back up one level to the first directory and run the following command:

docker compose up -d

Afterwards you can check that the container is running by typing

docker ps

If it is running, you can test what ip it is connecting to by navigating to the directory where you docker-compose.yml file is located. Type the following command to return your external (public) ip address:

curl ifconfig.me

Next type the following to see the ip address that is being used by the container running through the vpn:

docker compose exec vpn bash -c "curl ifconfig.me"

You can also replace ‘vpn’ with the name of the service you added below the vpn section, to the command above and you will get the same ip as your vpn ip that was returned. If everything worked correctly then you should see a different ip address from each command and that means your service is using a different ip address than your own. Which means you are now able to run a container with an openvpn-client in Docker now.

If there is a problem, you can see the logs by typing the following in the same directory to get an idea of what might be happening:

docker compose logs

Find more posts on https://notposted.com

Total 0 Votes
0

Tell us how can we improve this post?

+ = Verify Human or Spambot ?

About The Author

Coolest hedgehog in town!

No Comments on "Run a container with an openvpn-client in Docker"

Leave a Comment

Your email address will not be published. Required fields are marked *