OpenVPN client Docker image

About

OpenVPN client in the Docker container.

Upstream Links

• Docker Registry @monstrenyatko/openvpn-client
• GitHub @monstrenyatko/docker-openvpn-client

Quick Start

Container is already configured for automatic restart (See docker-compose.yml).

Container configures firewall to block all traffic while VPN network is disconnected.

• Configure environment:

  • OPENVPN_CLIENT_CONFIG: path to ovpn file:

      export OPENVPN_CLIENT_CONFIG="<path-to-ovpn-file>"

  • NET_LOCAL: [OPTIONAL] local network to setup back route rule, this is required to allow connections from your local network to the service working over VPN client network:

      export NET_LOCAL="192.168.0.0/16"

  • DOCKER_REGISTRY: [OPTIONAL] registry prefix to pull image from a custom Docker registry:

      export DOCKER_REGISTRY="my_registry_hostname:5000/"

• Pull prebuilt Docker image:

    docker-compose pull

• Start prebuilt image:

    docker-compose up -d

• Stop/Restart:

    docker-compose stop
    docker-compose start

• Configuration:

  • [OPTIONAL] Allow incoming connections to some port from local network:

    • Set NET_LOCAL environment variable, see Configure environment section

    • Add to docker-compose.yml the ports section:

        openvpn-client:
          ports:
            - 8080:8080

• Start service working over VPN. The simplest way to do this is to utilize the network stack of the VPN client container:

  • Add --network=container:openvpn-client option to docker run command

  • Start service container:

      docker run --rm -it --network=container:openvpn-client alpine:3 /bin/sh

  NOTE: The service container needs to be restarted/recreated when VPN container is restarted/recreated, otherwise network connection will not be recovered.

Build own image

• default target platform:

    cd <path to sources>
    DOCKER_BUILDKIT=1 docker build --tag <tag name> .

• arm/v6 target platform:

    cd <path to sources>
    DOCKER_BUILDKIT=1 docker build --platform=linux/arm/v6 --tag <tag name> .