{"id":20014993,"url":"https://github.com/ethack/docker-vpn","last_synced_at":"2025-10-09T08:11:15.413Z","repository":{"id":38086954,"uuid":"156956803","full_name":"ethack/docker-vpn","owner":"ethack","description":"Conveniently connect to Cisco AnyConnect or OpenVPN endpoints using a docker container","archived":false,"fork":false,"pushed_at":"2025-03-04T02:48:34.000Z","size":17,"stargazers_count":112,"open_issues_count":3,"forks_count":34,"subscribers_count":5,"default_branch":"master","last_synced_at":"2025-05-25T02:06:33.200Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ethack.png","metadata":{"files":{"readme":"Readme.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2018-11-10T07:05:05.000Z","updated_at":"2025-05-20T02:18:29.000Z","dependencies_parsed_at":"2025-01-28T01:11:25.037Z","dependency_job_id":"9d406af4-2d30-48c0-bf10-868e311f8ca2","html_url":"https://github.com/ethack/docker-vpn","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/ethack/docker-vpn","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Fdocker-vpn","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Fdocker-vpn/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Fdocker-vpn/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Fdocker-vpn/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ethack","download_url":"https://codeload.github.com/ethack/docker-vpn/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ethack%2Fdocker-vpn/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279001100,"owners_count":26082991,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-09T02:00:07.460Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-13T07:44:24.775Z","updated_at":"2025-10-09T08:11:15.394Z","avatar_url":"https://github.com/ethack.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"## About\n\ndocker-vpn is an alternative to installing VPN software on your host system and routing all your traffic through a VPN. This is useful if you want to have control over which traffic is sent through the VPN. Sending all your traffic through a VPN is a privacy concern and limits your internet connection to the speed of your VPN.\n\nThe [`ethack/vpn`](https://hub.docker.com/r/ethack/vpn) Docker image and accompanying shell script provide the following:\n- OpenVPN client\n- Cisco AnyConnect or Juniper Pulse client\n- SSH server (default port 2222) with public key authentication enabled and configured\n- SOCKS 5 server (default port 1080)\n- HTTP Proxy server (default port 1088)\n- SSH config file entry created for each VPN connection\n\n## Install\n\n- [Install Docker](https://docs.docker.com/install/) using the instructions or use `curl -fsSL https://get.docker.com -o get-docker.sh | sh` if you have a supported linux distro and like to live dangerously.\n- Source `vpn.sh` in your `.bashrc` file or current shell. E.g. `source vpn.sh`\n\n## Usage\n\n```\n# openvpn NAME [OpenVPN args...]\n# e.g.\nopenvpn foo https://vpn.example.com\n\n# openconnect NAME [OpenConnect args...]\n# e.g.\nopenconnect bar https://vpn.example.com\n```\n\nThe first argument is an arbitrary name that you give your VPN connection. This is used in the Docker container names and the SSH config file. The rest of the arguments are passed to the VPN client. Each example above will connect to a VPN located at vpn.example.com.\n\nOnce connected, you will see a message telling you which ports are available and the name of the ssh config profile.\n\n```\n============================================\nSSH Port: 2222\nSOCKS Proxy Port: 1080\nHTTP Proxy Port: 1088\nUse: ssh foo\n============================================\n```\n\nI recommend using a proxy switcher browser extension like one of the following. This allows you to quickly switch proxies on/off or tunnel certain websites through a proxy while letting all other traffic go through your default gateway.\n* Proxy SwitchyOmega [[source]](https://github.com/FelisCatus/SwitchyOmega) [[Chrome]](https://chrome.google.com/webstore/detail/proxy-switchyomega/padekgcemlokbadohgkifijomclgjgif) [[Firefox]](https://addons.mozilla.org/en-US/firefox/addon/switchyomega/)\n* FoxyProxy Standard [[source]](https://github.com/foxyproxy/firefox-extension) [[Firefox]](https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard/)\n\n### OpenVPN Config File\n\n```\nopenvpn foo\n```\n\nTo connect to the `foo` VPN put your config file at `~/.vpn/foo.ovpn` and then you can run `openvpn foo` to automatically use the corresponding config file.\n\nYou can optionally put your credentials in `~/.vpn/foo.creds`. The username goes on the first line and the password on the second line. This gives up some security for the convenience of not having to enter your username and password. You will still be prompted for your 2FA code if your VPN endpoint requires it. You can run `chmod 600 ~/.vpn/foo.creds` to ensure only the file owner can read it.\n\n### OpenConnect Profile\n\nOpenConnect offers an additional interactive command `openconnect_new_profile` which will guide you through a creation of a configuration profile. Once created, the profile is saved in `~/.vpn/NAME.profile` and `~/.vpn/NAME.secret`. To connect using a profile you can simply use `openconnect NAME` and the VPN connection will be established without any interaction. Currently, the following options are supported:\n\n- Hostname \u0026 optional port\n- Username authentication\n  - with password\n  - without password\n  - with password \u0026 external 2-factor authentication\n- Connection group\n\nIf you need custom configs for the openconnect client, you can create a file called `~/.vpn/foo.config` where you can \nuse the wide range of configuration available at the [openconnect documentation](https://www.infradead.org/openconnect/manual.html).\nThe file would be mounted inside the container and passed to the CLI with `--config` option.\n\n## Customizing\n\nYou can customize options by setting the following environment variables. The defaults are shown below.\n\n* `BIND_INTERFACE`: 127.0.0.1\n* `SSH_PORT`: 2222\n* `SOCKS_PORT`: 1080\n* `HTTP_PROXY_PORT`: 1088\n* `AUTHORIZED_KEYS`: Any keys allowed to SSH as the current user to the current machine, any keys configured in `ssh-agent`, and any keys found in `~/.ssh/*.pub`.\n\n### Custom hosts\n\nIn order to have custom hostname resolution done inside the container, you can add a `~/.vpn/NAME.hosts`, `NAME` being\nthe profile config for either openconnect or openvpn. The format of the files follows the same standard as your \n/etc/hosts file:\n\n```\nmy-custom-hostname  1.1.1.1\n```\n\nThe hosts will then be added one by one to the docker command args, which would then edit the `/etc/hosts` file inside\nthe container. See docker [--add-host option](https://docs.docker.com/reference/cli/docker/container/run/#add-host) for\nmore information.\n\n### Custom ENV\n\nYou can add a custom env that is then passed to the docker cli using the file `~/.vpn/NAME.env`, `NAME` being\nthe profile config for either openconnect or openvpn. See \n[--env-file option](https://docs.docker.com/compose/environment-variables/set-environment-variables/#substitute-with---env-file) \nfor more information.\n\n### Custom mounts\n\nTo mount custom files or folders on the container, add a file `~/.vpn/NAME.mounts`, `NAME` being the profile for either\nopenconnect or openvpn. The file follows the same format as the hosts file, where the first element is the local file,\nand the second is the remote file:\n\n```\n/local/file/to/be/mounted   /container/mount/point\n```\n\nPlease note that **neither of the file paths can contain spaces.**\n\n### Advanced Forwarding\n\ndocker-vpn provides all the power of an OpenSSH server. For example:\n\n* Dynamic port forwarding (SOCKS proxy) `ssh -D 1080 foo` - Starts a socks5 proxy on port 1080. Connections using this proxy will be tunneled through SSH into the container and then tunneled to the `foo` network through the VPN client.\n* Local port forwarding `ssh -L 8080:private.foo.com:80 foo` - Forwards port 80 on private.foo.com so that you can access it from localhost:8080.\n* Jump hosts `ssh -J foo user@private.foo.com` - Allows connecting via SSH to a remote server private.foo.com that is not directly accessible but is accessible by using the docker-vpn `foo` as a jump host. (Requires OpenSSH 7.3)\n* TUN/TAP support - SSH has [builtin tunneling support](https://wiki.archlinux.org/index.php/VPN_over_SSH#OpenSSH's_built_in_tunneling). This is similar to just connecting directly with OpenVPN or OpenConnect software, but gives you the power (and responsibility) to configure your own routing.\n\n## Limitations\n- If you have multiple VPNs you want to connect to at once, you have to choose ports that do not conflict.\n- VPN configurations can be wildly different. I created these to make my specific use case easier. Other configurations may require passing in your own command line options and adding your own volume mounts.\n\n## Credits\n- https://github.com/Praqma/alpine-sshd\n- https://github.com/vimagick/dockerfiles/blob/master/openconnect/Dockerfile\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethack%2Fdocker-vpn","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fethack%2Fdocker-vpn","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fethack%2Fdocker-vpn/lists"}