This repository contains a docker compose template and utils scripts to run a VPN in docker containers. The VPN connection happens in VPN container, but network interface attaches to another individual route container. Check other branches for more features!
To configure OpenVPN place the ovpn.conf file in the ./vpn directory, you can also specify additional command line arguments in the docker-compose.yml file. Your scripting integrations can be placed in ./scripts/up-init, ./scripts/down-init, etcetera.
Directory ./vpn/rr contains always, auth-failure, connection-failure symlinks that points to always.d/00, auth-failure.d/00, connection-failure.d/00 respectively and change to next number named directory, after the event corresponding link name hapends.
always— every container restartauth-failure— every auth failureconnection-failure— after exceedconnect-retry-max
There is some scripts:
addnetns.sh— adds symlinks to/etc/netnsand/var/run/netnsdirectories to give ability to enter route network namespace usingip netns execcommanddelnetns.sh— removes symlinks added byaddnetns.shfrom/etc/netns,/var/run/netnsdirectoriesenterns.sh— enters route network namespace usingaddnetns.shandip netns execuserns.sh— same asenterns.shbut with sudo wrapperaddbypass.sh— adds ip rule with 30000 priority to use main routing table for packets from VPN containerdelbypass.sh— removes ip rule added byaddbypass.sh
Scripts from ./scripts directory used inside container
To build a VPN chain you need to setup two (or more) instances of containerized VPN and use route container from fisrt as network for VPN container from second one.
You should limit packets size from second instance to pass size limit of first one (--mssfix 1400 in OpenVPN).
Also it would be good to set different network interface names (--dev in OpenVPN).