Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Best practice for connecting to a vpn though docker [closed]

Tags:

docker

docker-compose

openvpn

Some apps we have depend on being connected to our VPN to connect to different (not-yet dockerized)solutions.

What is the 'docker way' of doing this? In my mind adding OpenVPN to an existing image is against the docker philosophy.

From where I'm standing I feel that creating a docker VPN client container makes the most sense. But what would that look like? I use docker compose, so there would definitely be a 

myContainer
- links: myVPNClient

but would I then have to forward ports? Or what would have to happen to enable myContainer to connect through the openVPN container.

like image 834
Jono Avatar asked Jan 21 '16 01:01

Jono

People also ask

Can a Docker container use a VPN?

VPN Passthrough Docker Desktop networking can work when attached to a VPN. To do this, Docker Desktop intercepts traffic from the containers and injects it into the host as if it originated from the Docker application.

How do I access Docker network from outside?

To make a port available to services outside of Docker, or to Docker containers which are not connected to the container's network, use the --publish or -p flag. This creates a firewall rule which maps a container port to a port on the Docker host to the outside world.

How does Docker work under the hood?

It's an open source project and provides the same basic functionality the Docker engine does but without root privileges. It works by creating a chroot -like environment over the extracted container and uses various implementation strategies to mimic chroot execution with just user-level privileges.

2 Answers

Another option would be to ask Jess Frazelle (jfrazelle), who is in the habit of containerizing everything.

Sure enough, she has a jfrazelle/dockerfiles/openvpn project which exposes it directly to the host:

vpn:
  build: .
  volumes:
    - .:/etc/openvpn
  net: host
  devices:
    - /dev/net/tun:/dev/net/tun
  cap_add:
    - NET_ADMIN

It uses a TUN (not TAP) interface.

like image 195
VonC Avatar answered Oct 08 '22 04:10

VonC

Probably the easiest solution would be to configure any containers that need the vpn to use the network namespace of the vpn container. That is, your docker-compose.yml would include something like:

vpn:
  image: myvpn_image

app1:
  image: app1_image
  net: container:vpn

With this configuration, the vpn container and the app1 container see the same network evironment.

like image 6
larsks Avatar answered Oct 08 '22 04:10

larsks
Sign in to Comment

Related questions

How to pass container ip as ENV to other container in docker-compose file
Can't access publicly exposed Docker container port from external machine, only from localhost?
docker-compose.yml vs docker-stack.yml what difference?
Docker Registry vs Docker "Trusted" Registry
Docker /bin/bash: nodemon: command not found
permission denied, mkdir in container on openshift
Can Docker COPY commands be chained
Docker Unknown flag --mount
Dot and colon meaning
Bumping package.json version without invalidating docker cache
How to make GitLab Runner in Docker see a custom CA Root certificate
Deploy WAR in Tomcat on Kubernetes
debug spring-boot in docker
Output of `tail -f` at the end of a docker CMD is not showing
docker-compose up and user inputs on stdin
Quotes on docker-compose.yml ports make any difference?
Architecture of a Docker multi-apps server regarding to database
How to add a file to an image in Dockerfile without using the ADD or COPY directive
How to connect to local MySQL server through Docker?
How do you set-up Mongo replica set on Kubernetes?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!