18

Some apps we have depend on being connected to our VPN to connect to different (not-yet dockerized)solutions.

What is the 'docker way' of doing this? In my mind adding OpenVPN to an existing image is against the docker philosophy.

From where I'm standing I feel that creating a docker VPN client container makes the most sense. But what would that look like? I use docker compose, so there would definitely be a 

myContainer
- links: myVPNClient

but would I then have to forward ports? Or what would have to happen to enable myContainer to connect through the openVPN container.

Jono
  • 3,393
  • 6
  • 33
  • 48

2 Answers2

19

Another option would be to ask Jess Frazelle (jfrazelle), who is in the habit of containerizing everything.

Sure enough, she has a jfrazelle/dockerfiles/openvpn project which exposes it directly to the host:

vpn:
  build: .
  volumes:
    - .:/etc/openvpn
  net: host
  devices:
    - /dev/net/tun:/dev/net/tun
  cap_add:
    - NET_ADMIN

It uses a TUN (not TAP) interface.

Community
  • 1
  • 1
VonC
  • 1,262,500
  • 529
  • 4,410
  • 5,250
  • I'm still getting errors, in my .opvn file I'm copying my .crt files and .key file into /etc/openvpn/. Then I get this error on run: jono@JonosMacbookPro:~/projects/hobvpn-client% docker-compose run vpn hobnob.opvn [16:03:04] Options error: --ca fails with 'ca.crt': No such file or directory Options error: --cert fails with 'local.crt': No such file or directory Options error: --key fails with 'local.key': No such file or directory Options error: Please correct these errors. – Jono Jan 23 '16 at 00:04
  • 1
    It would be best to ask a separate question to address those errors. – VonC Jan 23 '16 at 01:11
6

Probably the easiest solution would be to configure any containers that need the vpn to use the network namespace of the vpn container. That is, your docker-compose.yml would include something like:

vpn:
  image: myvpn_image

app1:
  image: app1_image
  net: container:vpn

With this configuration, the vpn container and the app1 container see the same network evironment.

larsks
  • 277,717
  • 41
  • 399
  • 399