Question VPN but just for 1 docker?

Currently reading
Question VPN but just for 1 docker?

253
27
NAS
DS1019+
Mobile operating system
  1. Android
bit of a strange one this, but here goes.
i run xteve in a docker on my NAS for serving IPTV, however as is the norm with some ISPs and IPTV they are getting blocked during certain times, so connecting via a VPN is required to get round it.

the IPTV hosts provides access to a surfshark VPN, but as my IPTV is being served by the NAS i would need to isntall the VPN connection on the NAS, which would then affect all services running on the NAS (dropping my downstream from 220Mbps to around 70Mbps).

is it possible to add the surfshark VPN connection on the NAS but it only apply to the xteve docker and nothing else?
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Run your xteve docker container with --net=container:nameOfYourVPNContainer. Beforehand have a separate VPN container running that you will use as a gateway with the --net command in your xteve container.
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
i didn't mean running the VPN as a container, i meant adding it using the network settings in the DSM control panel.

it connects as an OpenVPN client connection.
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
I understand that but considering that you need to target a single docker container, why not run a VPN docker container towards Shark and use it as a gateway?

Haven't tried pushing one single docker container under a vpn running on DSM lvl before.
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
makes sense, how would i do that?
this is a little over my pay grade :)
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Have a look here ilteoood/docker-surfshark and download it from hub

So run this container with your credential and then as the instructions say, run your xteve container by adding --net=container:YourSharVPNContianerName
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
ok i have the vpn container installed, configured, and running.
however, before setting any container to try and use it, how do i confirm that it is connected and running? ie how can see what WAN IP address it has compared to the other containers?
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
ok i have the vpn container installed, configured, and running.
however, before setting any container to try and use it, how do i confirm that it is connected and running? ie how can see what WAN IP address it has compared to the other containers?
Connect to it using the Terminal tab. Run the bash command to get a new window. Then inside it run, curl ifconfig.me command. It should return your current public WAN address that the container has.
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
it seems that vpn container doesn't have bash
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
try sh or ash
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
looks like it might be a DNS issue, as when i do curl <ip address> i get a response with some html code.

looking at the command to link it to a container, it is

sudo docker run -it --net=container:VPN_CONTAINER_NAME TARGET_CONTAINER_NAME /bin/sh

however, is it possible to do this within the docker UI? so that i don't need to start it via a command?
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Nope. Portainer as a UI alternative but that's about it.
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
after some playing with this, and discussion with the developer, apparently this won't work on a synology NAS.

The container is initially connected to the VPN (as you can see with the message Wed Jul 15 12:25:49 2020 Initialization Sequence Completed), but after the connection can't reach internet because the dedicated device (tun) isn't properly configured.
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
You can configure this ofc, but it will not survive update of DSM. So in a long term it might not be a solution.
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
what would be involved in configuring it?

however, i'm not too sure the devs explanation is correct. if do a curl ifconfig.me then it fails, however if i do a curl <ip address> then i get an html response. wouldn't that suggest that it does have internet access, but it's a DNS issue instead?
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
wouldn't that suggest that it does have internet access, but it's a DNS issue instead?
Correct.

Try and set this docker container from a command line using docker run but add the --dns=8.8.8.8 as a parameter. You can change to whatever public DNS you want. Google dns here was just as example
 
253
27
NAS
DS1019+
Mobile operating system
  1. Android
hmmm that didn't seem to work, still getting "could not resolve host"

this is the command i ran to create the container

Code:
sudo docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name surfshark -e SURFSHARK_USER=************** -e SURFSHARK_COUNTRY=nl -e SURFSHARK_PASSWORD=************** ilteoood/docker-surfshark --dns=8.8.8.8
 

Rusty

Moderator
NAS Support
2,486
746
www.blackvoid.club
NAS
DS412+, DS718+, DS918+, 2x RS3614RPxs+ with expansions
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Move dns switch before the variable (user, pass etc). Not sure it will make any difference but give it a go.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads

Top