There is not much to be found online about running a VPN inside Docker. Indeed, I do not believe many out there have thought about it, however leveraging a VPN inside of Docker unlocks a wealth of new possibilities. Here are just a few examples that come to mind, some of which I have used on various projects.
- Secure and encrypted communication of Docker containers to the outside world. This can be a great way to get local resources through an untrusted network.
- Keep Docker containers separate from the local network, while still allowing access to the outside world.
- Connecting remote Docker networks together. As an example, a VPN can securely sync data across multiple datacenters or regions.
- Become cloud and server agnostic. By connecting your containers to a VPN, the containers can be freely moved around environments, and even live on separate clouds, without the need to reconfigure anything. Spin up the containers elsewhere, connect to the VPN, resume operations as normal.
- Take advantage of cloud resources, locked into your private intranet. Perhaps useful for periodic large compute loads. Save money by not paying for servers until they are needed, with nearly the safety of an on premise solution.
- For the devious, punch a hole in a firewall to bypass restrictions and allow your containers freedom to roam the world.
Now that the wheels are turning in that ole noggin, let me show you how I built a simple Docker container that is a client for any network supporting the openvpn client.
If you would like to play with the ideas presented here, a more advanced image is available on Github at https://github.com/blobaugh/docker-openvpn-client.
It is also available as a pre-built Docker image at https://hub.docker.com/r/blobaugh/openvpn-client
Though the container in the Github repository has support for multiple VPN services, via passing in a config file, I will keep this one a bit simpler.
FROM ubuntuRUN apt update && \apt install openvpn curl -yCOPY vpn-files /vpn