Comment by yonixw

4 years ago

I did something similar with docker. I ran both OpenVPN client and SSH client inside a docker, so only the SSH client would be affected by the OpenVPN controlling the container network. And by telling the SSH client to port forward, and by exposing the same port forward from the docker to the local computer, I could use it to travel through the VPN while all other ports on the local computer were unaffected.

Here is my code for reference: https://github.com/yonixw/ssh-vpn-docker

2 comments

yonixw

symlinkk 4 years ago

According to your README you require NET_ADMIN permissions and you are mapping the host /dev/net/tun into the container. Doesn’t this mean you are affecting the host network as well? Sorry not super familiar with Docker’s security model

yonixw 4 years ago

It doesn't.. tested on Windows (WSL) and MacOS.