docker networking with vpn in container
There are many quirks, tricks, and caveats of container networking.
One trick I have used to my advantage was how a VPN works within a container.
I was working on a system that had to change VPN connections every few hours. Easy enough, I just wrote a Golang
application which uses OpenVPN
to switch the VPN at a set interval.
However if run directly on the host, this would mean that any other ongoing network connections would be dropped each time the VPN was switched.
To mitigate this, I installed openVPN inside a Docker container, and then put my Golang VPN switching application inside this container.
Then, give the container the --privileged
and --net=host
flags so that it can properly bind to the host network interface(s).
Now, within the container, I am connected through a VPN. However on the host, I am still connected through my original connection.
As the VPN connection changes within my container, my network connection on my host remains unaffected.
Another plus (or caveat, depending on the situation) - other containers using --net=host
will connect through the VPN as well.
This effectively allows you to have a "VPN Management" container, and then various application containers which can make use of the shared VPN connection.
last updated 2024-03-18