Jump to content
Not connected, Your IP: 18.116.63.236
AirVPN
Luftikus

Setting up Docker Containers with VPN on Arch Linux

By Luftikus, ... in Troubleshooting and Problems

Recommended Posts

Luftikus    1

Luftikus
Posted ...

Hi VPN Experts,

 

I've been reading many hours but I'm still completely lost as to how to achieve what I want. My goal is to set up one or more Docker Containers and run all the applications that should go through the VPN from within said containers so that all the other traffic is uneffected by the VPN. That means that Eddi or OpenVPN, a torrent client etc. must go into a container.

Please bear in mind that I'm a complete beginner/noob, but it is my understanding that this solution is a viable, resource light alternative to a VM or an even more complicated(?) Iptables-based split tunneling solution. A more costly way would be to buy a Raspberry Pi and set it up as a proxy server with AirVPN running on it, right?

 

Anyway, I've installed the openvpn package and Docker on Arch Linux but I don't know how to proceed from here. Any help is greatly appreciated.

 

Cheers

 

Share this post

Link to post

InactiveUser    185

InactiveUser
Posted ...

Using containers definitely creates less resource overhead than using virtual machines.

 

I personally prefer LXC, here's the Arch Wiki entry:

https://wiki.archlinux.org/index.php/Linux_Containers

 

Example of how to use OpenVPN in an LXC container:

https://wiki.archlinux.org/index.php/OpenVPN_in_Linux_containers

 

I cannot vouch for this solution as I have yet to try it myself, but it should give you some ideas on how to proceed.

Maybe I'll come up with a tutorial on this topic but I'm not sure I can find the time, so, no promises.

Luftikus reacted to this

all of my content is released under CC-BY-SA 2.0

Share this post

Link to post

NaDre    154

NaDre
Posted ...

...

... run all the applications that should go through the VPN .... so that all the other traffic is uneffected by the VPN. That means that Eddi or OpenVPN, a torrent client etc. must go into a container.

...

 

There is a less complicated way. First you need to set up "source address routing". See these posts:

 

https://airvpn.org/topic/14634-problems-using-air-vpn-as-non-default-route/

 

https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398

 

See the second half of the second post above - the Linux part about source address routing.

 

Then bind the torrent client to the VPN IP address.

 

For rtorrent use the "bind" directive in the config file - e.g. "bind = 10.88.0.2".

 

If you do not want to have to edit the rtorrent config file to change the address to bind to, you could generate the rtorrent config file in the "up.sh" script.

 

I have a patch for the OpenVPN client that allows me to control what IP address my VPN interface "appears" to have. I think you could achieve the same effect by assigning a second IP address to the VPN interface (which remains fixed, using "ip addess ...") and using some IPTABLES rules to redirect and mangle packets ("iptables ... -j DNAT ..." and "iptables ... -j SNAT ..."), again in the "up.sh" script. But I do not have that handy to give to you.

 

Other torrent clients can be bound to a specific IP address too. Most daemon type programs can be - e.g. BIND, SSHD, SQUID.

Luftikus reacted to this

Share this post

Link to post

Luftikus    1

Luftikus
Posted ...

I cannot vouch for this solution as I have yet to try it myself, but it should give you some ideas on how to proceed.

Maybe I'll come up with a tutorial on this topic but I'm not sure I can find the time, so, no promises.

 

I patiently look forward to that day.  

 

I'll also have a closer look at LXC.

 

 

 

...

... run all the applications that should go through the VPN .... so that all the other traffic is uneffected by the VPN. That means that Eddi or OpenVPN, a torrent client etc. must go into a container.

...

 

There is a less complicated way. First you need to set up "source address routing". See these posts:

 

https://airvpn.org/topic/14634-problems-using-air-vpn-as-non-default-route/

 

https://airvpn.org/topic/14158-question-run-airvpn-as-non-primary-network-adapter/?p=27398

 

See the second half of the second post above - the Linux part about source address routing.

 

Then bind the torrent client to the VPN IP address.

 

For rtorrent use the "bind" directive in the config file - e.g. "bind = 10.88.0.2".

 

If you do not want to have to edit the rtorrent config file to change the address to bind to, you could generate the rtorrent config file in the "up.sh" script.

 

I have a patch for the OpenVPN client that allows me to control what IP address my VPN interface "appears" to have. I think you could achieve the same effect by assigning a second IP address to the VPN interface (which remains fixed, using "ip addess ...") and using some IPTABLES rules to redirect and mangle packets ("iptables ... -j DNAT ..." and "iptables ... -j SNAT ..."), again in the "up.sh" script. But I do not have that handy to give to you.

 

Other torrent clients can be bound to a specific IP address too. Most daemon type programs can be - e.g. BIND, SSHD, SQUID.

 

That looks really promising as well. In fact, I've skimmed through your stickied post about split tunneling on Windows before and caught me thinking, "that's what I'm looking for if only it was for Linux". I guess you've pointed out the direction and I'll read up on that. Thanks.

Share this post

Link to post

Luftikus    1

Luftikus
Posted ...

There's quite a convenient solution for the setup I was looking for and I would like to share it for future visitors of this thread.

 

All you need to do is installing docker, download an image and adjust it to your needs, i.e. set folders, and minor things like that. the image in question runs on an Arch Linux base and contains Deluge, OpenVPN and Privoxy. Iptables are preconfigured. AirVPN is supported.

 

https://hub.docker.com/r/binhex/arch-delugevpn

InactiveUser reacted to this

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...