To some of you, the idea of running a VPN inside a docker container might seem foreign, however running a VPN in a docker container has its benefits and here are several reasons why you will want to run a vpn in a docker container:
- To isolate sensitive applications such as torrent clients or cryptocurrency wallets by isolating their traffic from the host system and other containers, reducing the attack surface.
- To access region-restricted content by bypassing geographical restrictions on websites and services by connecting the container to a VPN server in the desired location.
- To easily connect containers to different networks.
- Prevent ISP tracking by hiding your online activity from your internet service provider (ISP) by routing container traffic through the VPN tunnel.
To answer some of the questions that might have come to your mind like: What is a VPN? How does running a VPN in a docker container even work?
A VPN is like a private tunnel for your internet traffic. It encrypts your data and hides your IP address, protecting your privacy and online activity.
Running an application in a Docker container behind a VPN leverages the docker networking concept where the application container’s network interface is linked to the interface of another container running a VPN client.
This is the underlying idea:
The Docker container for the VPN client operates as a container, establishing connections with VPN servers offered by VPN providers. Meanwhile, an application container utilizes the network interface of the VPN client’s container. Consequently, all communication from the application container to the internet, as well as from the internet, is routed through the VPN container, forming the VPN network.
In this tutorial I will be using Docker-surfshark
Docker-surfshark vpn is a Docker container that allows you to connect to the Surfshark VPN service using the OpenVPN client. Surfshark VPN is a secure and fast VPN provider that offers unlimited bandwidth, access to geo-restricted content, and protection from online threats. Users have downloaded this Docker image more than 1 million times from Docker Hub
To use docker-surfshark vpn, you need to have a Surfshark account and the credentials (username and password) that are provided by Surfshark.
You also need to have Docker installed on your system and the ability to run Docker commands with sudo privileges.
Pull the docker-surfshark image from Docker Hub using the command:
sudo docker pull ilteoood/docker-surfshark
Run the docker-surfshark container using the command:
sudo docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name CONTAINER_NAME -e SURFSHARK_USER=YOUR_SURFSHARK_USER -e SURFSHARK_PASSWORD=YOUR_SURFSHARK_PASSWORD ilteoood/docker-surfshark
You can specify the country and city of the VPN server you want to connect to using the environment variables `SURFSHARK_COUNTRY` and `SURFSHARK_CITY`.
For example, to connect to a server in Italy, Milan, you can use the command:
sudo docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name CONTAINER_NAME -e SURFSHARK_USER=YOUR_SURFSHARK_USER -e SURFSHARK_PASSWORD=YOUR_SURFSHARK_PASSWORD -e SURFSHARK_COUNTRY=it -e SURFSHARK_CITY=mil ilteoood/docker-surfshark
If you want to attach another container to the VPN, you can simply run it with the network mode set to the name of the docker-surfshark container.
For example, to run an alpine container with the VPN, you can use the command:
sudo docker run -it --net=container:CONTAINER_NAME alpine /bin/sh`
To check if your IP address has changed in the VPN container, you can use the command: