This is a WireGuard client docker that uses the CyberGhost Cli. It allows routing containers traffic through WireGuard.

Docker Image

WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general-purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances.

Start the image using optional environment variables shown below. The end-user must supply a volume for local storage of the CyberGhost auth and token files. Supplied DNS is optional to avoid using ISP DNS during the initial connection.

docker run -d --cap-add=NET_ADMIN --dns 1.1.1.1 \
           -v /local/path/to/config:/home/root/.cyberghost:rw \
           -e [email protected] \
           -e PASS=mypassword \
           -e NETWORK=192.168.1.0/24 \
           -e WHITELISTPORTS=9090,8080 \
           cyberghostvpn

Other containers can connect to this image using by using its network connection. --net=container:cyberghostvpn

docker run -d --net=container:cyberghostvpn other-container

Note: If the other containers have exposed ports for example a WEBUI. Forward that port in the cyberghostvpn image, add the port to WHITELISTPORTS environment variable, and set your local LAN using NETWORK environment variable. See Environment variables below for details.

Once the initial setup is made the image will copy a run.sh file into the local volume (config folder). Open run.sh and edit the command sudo cyberghostvpn --connect --torrent --country-code NL --wireguard to the desired. Examples:

• sudo cyberghostvpn --traffic --country-code CA --wireguard --connect
• sudo cyberghostvpn --streaming 'Netflix US' --country-code US --wireguard --connect

See GyberGhost selecting a country or single server for more details

Login by providing the ACC and PASS environment variables

docker run -d --cap-add=NET_ADMIN --dns 1.1.1.1 \
           -v /local/path/to/config:/home/root/.cyberghost:rw \
           -e [email protected] \
           -e PASS=mypasswowrd \
           cyberghostvpn

Access ports [webUI] by providing the NETWORK and WHITELISTPORTS environment variables. Where NETWORK is the users network and WHITELISTPORTS is the ports the user wants to expose.

docker run -d --cap-add=NET_ADMIN --dns 1.1.1.1 \
           -v /local/path/to/config:/home/root/.cyberghost:rw \
           -e NETWORK=192.168.1.0/24 \
           -e WHITELISTPORTS=9090,8080 \
           cyberghostvpn

• NETWORK - Adds a route to the local network once the VPN is connected. CIDR networks [192.168.1.0/24]
• WHITELISTPORTS - Allow access to listed ports when VPN is connected. Delimited by comma [8080,8081,9000]
• ACC - CyberGhost username - Used for login
• PASS - CyberGhost password - Used for login

This image has a custom built-in firewall. On initial start, all traffic is blocked except CyberGhost API IP and Local DNS for resolve. After VPN is connected Local DNS is blocked on Port 53. For first time use the firewall will go through a setup phase to include whitelisted ports where the firewall will be inactive.

See the firewall section located in start.sh for details.

This project was developed independently for personal use. CyberGhost has no affiliation, nor has control over the content or availability of this project.