This is a Docker image of an OpenVPN client that supports many common VPN service providers.
Running a vpn client as a Docker container provides a method of encrypting communication of other containers through the VPN. All that has to be done is to point the other containers network to the VPN container. For instance, in docker-compose.yml
this would look like network_mode: service:openvpn-client
.
It can be pulled from Docker Hub or built on your machine.
To pull it from Docker Hub, run
docker pull blobaugh/openvpn-client
To build yourself, run
docker build -t blobaugh/openvpn-client https://github.com/blobaugh/docker-openvpn-client
This image requires the container to have NET_ADMIN
capability, and /dev/net/tun
accessibility. The following are simplified examples of running the container. In order for you to run it the environment variables for the VPN provides must be set.
docker run --cap-add=NET_ADMIN --device=/dev/net/tun blobaugh/openvpn-client
services:
openvpn-client:
image: blobaugh/openvpn-client
container_name: openvpn-client
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
restart: unless-stopped
Variable | Description |
---|---|
VPN_SERVICE | VPN Service to connect to. Must match the folder in the services directory. E.G tunnelbear |
VPN_SERVER | Which VPN endpoint to connect to. Must match a services/VPN_SERVICE file, without the extension. E.G United States |
VPN_USER | VPN service account user name |
VPN_PASS | VPN service account password |
For convenience, a .env
file can be utilized to pass in configuration. An example file exists in .env.example
. Rename this file to .env
and fill it in with your values.
docker run --env-file .env [fill in the rest]
services:
openvpn-client:
env_file: .env
[fill in the rest]
The following is a list of currently supported VPN services. This image is designed to be easily expandable, and new VPN services can be easily added.
List of services currently supported:
Service | VPN_SERVICE value |
---|---|
TunnelBear | tunnelbear |
Private Internet Access (PIA) | pia |
Adding support for a new VPN service is generall accomplished by copying in the *.ovpn
files to the service's folder.
Lets walk through an example of adding support for PIA.
- Under the
services
folder, create a new folder for the service. In this case, name itpia
. - Add the
*.ovpn
and supporting files from your VPN service. - Edit the
*.ovpn
files to ensure file system paths point properly to other files, such as key files. - E.G:
ca CACertificate.crt
becomes/services/pia/ca CACertificate.crt
Pull requests for new features and VPN services are welcome.
Issues questions and feature requests can be made via a GitHub Issue
From the directory with the Dockerfile
run:
docker build -t blobaugh/openvpn-client .
docker login
docker tag blobaugh/openvpn-client blobaugh/openvpn-client:TAGVERSION
docker push blobaugh/openvpn-client:TAGVERSION
dc down && dc stop && docker build -t blobaugh/openvpn-client . && dc up
Add the following to the *.ovpn
file:
pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "
Run an Ubuntu container with this container as its network stack:
docker run -it --network="container:openvpn-client" ubuntu bash
Check the public IP inside the Ubuntu container:
apt update && apt install iproute2 curl -y && curl https://ipinfo.io/ip
- Do not allow traffic until VPN connection is running