brozek/website
1
0
Fork 0
mirror of https://github.com/Brandon-Rozek/website.git synced 2024-11-09 18:50:34 -05:00
Code Issues Projects Releases Packages Wiki Activity

New Post

Browse source
This commit is contained in:
Brandon Rozek 2020-04-30 23:43:59 -04:00
parent d9942249cd
commit 06735baaa6
1 changed files with 56 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

56
content/blog/openvpncontainer.md Normal file
View file

@ -0,0 +1,56 @@
---
title: "OpenVPN Container"
date: 2020-04-30T23:20:49-04:00
draft: false
tags: ["containers"]
---
Instead of configuring multiple containers to use a VPN, we can setup a VPN container and route the other containers traffic through this container. This post will outline how to do that with [dperson's OpenVPN Container](https://github.com/dperson/openvpn-client).
I'm a huge fan of docker-compose, so here we go:
```yaml
version: "3.3"
services:
openvpn-client:
image: dperson/openvpn-client
cap_add:
- net_admin
security_opt:
- label:disable
container_name: openvpn-client
hostname: openvpn-client
environment:
- PUID=1000
- PGID=1000
volumes:
- /dev/net:/dev/net:z
- /volumes/openvpn-client/vpn/:/vpn
restart: always
```
The `net_admin` capability according to the documentation "perform various network-related operations". This would make sense since an additional network interface is configured for a VPN connection. The `label:disable` definition is to disable label confinement.
## Routing Traffic through VPN
Let's say your ISP throttles torrent connections and you want to route your `qBittorrent` container so that you can download Linux distributions faster. Here's how you can define it in the docker-compose file.
```yaml
qbittorrent:
image: linuxserver/qbittorrent
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- UMASK_SET=022
- WEBUI_PORT=8000
volumes:
- /volumes/qbittorrent/config:/config
- /volumes/qbittorrent/downloads:/downloads
network_mode: service:openvpn-client
restart: always
```
## Network Workarounds
Sadly as of the time of writing, routing a container's traffic makes it lose its ability to belong to a network. I knocked into this when I tried accessing the qBittorrent API. So for the sake of example, if you want to connect to qbittorrent, you need to route the traffic to the openvpn-client container at port 8000 which we specified earlier to be the webui port of qbittorrent.