Giter Club home page Giter Club logo

docker-openvpn's Introduction

logo

Private Internet Access

A Centos Docker container for connecting to the PIA servers using OpenVPN, based on colinherbert/pia-openvpn Has a firewall/killswitch configured, so your information cannot be leaked if the vpn connection fails.

Improvements

  • Updated Dockerfile to fetch new configuration directly from PIA on each build
  • Changed openvpn.sh so it works with Centos
  • Updated README
  • Added firewall/killswitch support
  • Automatically creates tunnel device

What is Private Internet Access

Private Internet Access VPN Service encrypts your connection and provides you with an anonymous IP to protect your privacy.

How to use this image

This image provides the configuration file for each region managed by PIA.

The goal is to start this container first then run other container within the PIA VPN via --net=container:pia.

Starting the client

docker run --cap-add=NET_ADMIN --name=pia -d \
  --restart=always \
  --dns 209.222.18.222 --dns 209.222.18.218 \
  -e 'REGION=<region>' \
  -e 'USERNAME=<pia_username>' \
  -e 'PASSWORD=<pia_password>' \
  itsdaspecialk/pia-openvpn

Substitute the environment variables REGION, USERNAME, and PASSWORD as needed. Note that REGION is optional, and defaults to US East.

Due to the nature of the VPN client, this container must be started with some additional privileges. --cap-add=NET_ADMIN makes sure that the tunnel can be created from within the container.

Starting the container in privileged mode would also achieve this, but keeping the privileges to the minimum required is preferable.

NOTE: In most cases, a DNS server must be specified using --dns <ip-address>. It is recommended to use the PIA DNS servers, whose addresses are listed above, or can be found on their client support page under DNS Leak Protection.

Creating a container that uses PIA VPN

docker run -it --rm --net=container:pia centos

The IP address returned after this execution should be different from the IP address you would get without specifying --net=container:pia.

Advanced usage

Additional arguments for the openvpn client

Every parameter provided to the docker run command is directly passed as an argument to the openvpn executable.

This will run the openvpn client with the --pull option:

docker run ... --name=pia \
  itsdaspecialk/pia-openvpn \
    --pull

Avoid passing credentials in environment variables

By default this image relies on the variables USERNAME and PASSWORD to be set in order to successfully connect to the PIA VPN.

It is possible to use instead a pre-existing volume/file containing the credentials.

docker run ... --name=pia \
  -v '<path/to/auth.conf>:/pia/auth.conf' \
  itsdaspecialk/pia-openvpn \
    --auth-user-pass auth.conf

Connection between containers behind PIA

Any container started with --net=container:... will use the same network stack as the PIA container, therefore they will share the same local IP address.

Prior to Docker 1.9 --link=pia:mycontainer was the recommended way to connect to a specific container.

Since Docker 1.9, it is recommended to use a non default network allowing containers to address each other by name.

Creation of a network

docker network create pia_network

This creates a network called pia_network in which containers can address each other by name; the /etc/hosts is updated automatically for each container added to the network.

Start the PIA container in the pia_network

docker run ... --net=pia_network --name=pia itsdaspecialk/pia-openvpn

In pia_network there is now a resolvable name pia that points to that newly created container.

Create a container behind the PIA VPN

This step is the same as the earlier one

# Create an HTTP service that listens on port 80
docker run ... --net=container:pia --name=myservice myservice

This container is not addressable by name in pia_network, but given that the network stack used by myservice is the same as the pia container, they have the same IP address and the service running in this container will be accessible at http://pia:80.

Create a container that access the service

docker run ... --net=pia_network tutum/curl curl -s http://pia/

The container is started within the same network as pia but is not behind the VPN. It can access services started behind the VPN container such as the HTTP service provided by myservice.

docker-openvpn's People

Contributors

kraemerk avatar

Watchers

avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.