Make Containers use a VPN container

Currently reading
Make Containers use a VPN container

7
0
NAS
718+ / 918+
Operating system
  1. Linux
  2. macOS
  3. Windows
  4. other
Mobile operating system
  1. Android
I have setup a few conainters and they are all working great.

I know want a few of the containers to use a VPN.

i've installed NORDVPN Container

I know need to point Transmission , Jackett and NZGBet to use this container as a gatway but cirrently stumped to see how to do it.

I've seen some docker examples that use Compose and set NetWork_Mode to container:vpn
but i have 0 idea how to implement compose in syno docker and really dont want to if i dont have too.

Is there a really easy way to do this. ??
 
I've seen some docker examples that use Compose and set NetWork_Mode to container:vpn
but i have 0 idea how to implement compose in syno docker and really dont want to if i dont have too.
This makes the other container(s) hook into the network device of the vpn container.

If you are lucky the image of the vpn container provides a http_proxy or socks_proxy. If it does, you can try to use it as proxy in the containers you want to go thru the vpn container.

Whilethe first approach will work with every image, the second approach pretty much depends on wether the vpn client image has this functionality build in or not.
 
Why don't you check if a proxy is available in the image, and make your other containers use it?
Given by the impression your posts leave, I would strongly suggest to use this approach.

The other approach can't be configured from the docker-ui. You will definitly need to connect to the terminal (using ssh with a client like putty?) and become root to use the dock-compose cli command. For your use cas, there is nothing synology specific in the docker-compose.<ml that needs special treatment.

You might want to start sharing relevant details, like: which docker image? what docker-compose.yml?
 
Currently my setup is the following

bubntux/nordvpn
linuxserver/lidarr
linuxserver/sonarr
linuxserver/radarr
linuxserver/hydra
linuxserver/Jackett
linuxserver/nzbget
linuxserver/transmission
pyouroboros/ouroboros

what i would like is for

linuxserver/hydra
linuxserver/Jackett
linuxserver/nzbget
linuxserver/transmission

to use the network of bubntux/nordvpn


as a work around and not a very good one as it is slow and someitimes just stops working altogether i have done the following

Setup my 718+ to use a vpn connection
moved

linuxserver/hydra
linuxserver/Jackett
linuxserver/nzbget
linuxserver/transmission

to the 718+
 
The description of bubuntux/nordvpn, indicate that the image does not have a build-in http proxy. Their "Local Netwrok access to services connection to the internet through the VPN" section introduces another container to act as forward_proxy, but not in the sence of a http_proxy. Seems unnecesarily complicated to me.

Seems like you'kk have to wait for someone who actualy uses a vpn container.

Good luck!

 
So this is the short-version command I use to start up my NordVPN docker container:

docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name nordvpn3 --restart unless-stopped -v /etc/localtime:/etc/localtime:ro -v /etc/TZ:/etc/TZ:ro -e [email protected] -e PASS='****' -e COUNTRY='Switzerland' -e NETWORK='192.168.0.0/24;192.168.1.0/24;192.168.3.0/24' -e RANDOM_TOP=10 -e TECHNOLOGY=OpenVPN -e PROTOCOL=openvpn_udp -e CATEGORY='Standard VPN servers' -e TZ='Europe/Amsterdam' -e OPENVPN_OPTS='--pull-filter ignore "ping-restart" --ping-exit 180' -d azinchen/nordvpn

Note that I use another NordVPN container image, but this also doesn't include a HTTP forward proxy server for network clients. So it doesn't matter I think. I then do this:
docker run -d --restart unless-stopped --name privoxyCH --net=container:nordvpn3 -v /etc/localtime:/etc/localtime:ro -v /etc/TZ:/etc/TZ:ro -e TZ='Europe/Amsterdam' splazit/privoxy-alpine

A Docker container with a proxy server is now attached to the NordVPN docker container. This should run on port 8118, so from your network you can access the internet trough the nordvpn using http://nas_ip:8118 .

Other Docker containers can also use this same method that the proxy server used to use the NordVPN connection with the --net=container:nordvpn3 argument. Just adjust it to the name of your NordVPN container.
 
So this is the short-version command I use to start up my NordVPN docker container:

docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name nordvpn3 --restart unless-stopped -v /etc/localtime:/etc/localtime:ro -v /etc/TZ:/etc/TZ:ro -e [email protected] -e PASS='****' -e COUNTRY='Switzerland' -e NETWORK='192.168.0.0/24;192.168.1.0/24;192.168.3.0/24' -e RANDOM_TOP=10 -e TECHNOLOGY=OpenVPN -e PROTOCOL=openvpn_udp -e CATEGORY='Standard VPN servers' -e TZ='Europe/Amsterdam' -e OPENVPN_OPTS='--pull-filter ignore "ping-restart" --ping-exit 180' -d azinchen/nordvpn

Note that I use another NordVPN container image, but this also doesn't include a HTTP forward proxy server for network clients. So it doesn't matter I think. I then do this:
docker run -d --restart unless-stopped --name privoxyCH --net=container:nordvpn3 -v /etc/localtime:/etc/localtime:ro -v /etc/TZ:/etc/TZ:ro -e TZ='Europe/Amsterdam' splazit/privoxy-alpine

A Docker container with a proxy server is now attached to the NordVPN docker container. This should run on port 8118, so from your network you can access the internet trough the nordvpn using http://nas_ip:8118 .

Other Docker containers can also use this same method that the proxy server used to use the NordVPN connection with the --net=container:nordvpn3 argument. Just adjust it to the name of your NordVPN container.

ok thats very helpful :)

4 questions.

1) i assume that these cmds have to be run in ssh or can they be run from the terminal window within the docker container?

2) What is splazit/privoxy-alpine[/icode ?

3) do i need to move ALL my envronment variables into the run command?

4) I use ouborous to auto update the container , works like an absolute charm , updates and restarts. Will this break if i start the containers using a terminal rather than the GUI ?
-- post merged: --

Check this image Joentje/nordvpn-proxy
works like a charm
does that one support wireguard ?
 
ok thats very helpful :)

4 questions.

1) i assume that these cmds have to be run in ssh or can they be run from the terminal window within the docker container?

2) What is splazit/privoxy-alpine[/icode ?

3) do i need to move ALL my envronment variables into the run command?

4) I use ouborous to auto update the container , works like an absolute charm , updates and restarts. Will this break if i start the containers using a terminal rather than the GUI ?
-- post merged: --


does that one support wireguard ?
No not yet
 
1) i assume that these cmds have to be run in ssh or can they be run from the terminal window within the docker container?
in SSH...

2) What is splazit/privoxy-alpine[/icode ?
That is the container image I used that has a HTTP forward proxy server. See here on Docker Hub.

3) do i need to move ALL my envronment variables into the run command?
I cannot answer this question because I see you are trying to use docker-compose. I have no knowledge & experience with docker-compose yet... :(

4) I use ouborous to auto update the container , works like an absolute charm , updates and restarts. Will this break if i start the containers using a terminal rather than the GUI ?
Euhm I can tell you one thing that can maybe be helpful.
If container A is attached to container B by using --net=container:*** , then container A needs to be shutdown before you can take down container B. Container A can only be started up again after container B is back up.

If you don't do this, container A will be broken and will not be able to connect until it has restarted...

This is from my experience at least..
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

ye, feels like routing issue. Internet connection is working until tunnel is up. After that tunnel seems...
Replies
26
Views
4,925
Oh, I see! That does appear to be a lot easier. Thanks for your reply! (y)
Replies
8
Views
2,947
Well, that's the reason as you already noticed. So you haven't migrated the @docker content? Do you have...
Replies
5
Views
1,877
Well, I just took a dive into the steps because I used the automated script and I think Pullio bricked...
Replies
6
Views
3,776
Question! maybe someone know if it is possible... At the moment I'm using VDSM as a VPN Gateway for my...
Replies
8
Views
6,510
I want to be able to deploy Docker containers on a seperate Ubuntu VM I have running on my DS718+ . But I...
Replies
0
Views
3,479

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top