{"id":19630608,"url":"https://github.com/zwimer/docker-openvpn-pia","last_synced_at":"2026-06-17T07:31:52.926Z","repository":{"id":109086171,"uuid":"529983396","full_name":"zwimer/docker-openvpn-pia","owner":"zwimer","description":"Fedora OpenVPN docker container using PIA","archived":false,"fork":false,"pushed_at":"2023-12-30T04:58:20.000Z","size":23,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-26T20:43:24.548Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/zwimer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null}},"created_at":"2022-08-28T21:26:08.000Z","updated_at":"2023-12-30T05:05:53.000Z","dependencies_parsed_at":"2023-11-27T10:10:15.418Z","dependency_job_id":null,"html_url":"https://github.com/zwimer/docker-openvpn-pia","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/zwimer/docker-openvpn-pia","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zwimer%2Fdocker-openvpn-pia","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zwimer%2Fdocker-openvpn-pia/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zwimer%2Fdocker-openvpn-pia/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zwimer%2Fdocker-openvpn-pia/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/zwimer","download_url":"https://codeload.github.com/zwimer/docker-openvpn-pia/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/zwimer%2Fdocker-openvpn-pia/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34439294,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-17T02:00:05.408Z","response_time":127,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-11T12:04:34.514Z","updated_at":"2026-06-17T07:31:52.911Z","avatar_url":"https://github.com/zwimer.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Private Internet Access\nA Fedora Docker container for connecting to the PIA servers using OpenVPN, based on [ItsDaSpecialK/docker-openvpn](https://bitbucket.org/ItsDaSpecialK/docker-openvpn/src/master/) and [colinherbert/pia-openvpn](https://hub.docker.com/r/colinhebert/pia-openvpn/)\nHas a firewall/killswitch configured, so your information cannot be leaked if the vpn connection fails.\n\n## Improvements\n* Updated Dockerfile to fetch new configuration directly from PIA on each build\n* Changed openvpn.sh so it works with Fedora\n* Updated README\n* Added firewall/killswitch support\n* Automatically creates tunnel device\n* Uses PIA NextGen Servers\n* Ability to specify network interface to use\n\n# What is Private Internet Access\nPrivate Internet Access VPN Service encrypts your connection and provides you with an anonymous IP to protect your privacy.\n\n# How to use this image\nThis image provides the configuration file for each region managed by PIA.\n\nThe goal is to start this container first then run other container within the PIA VPN via `--net=container:pia`.\n\n\n## Starting the client\n```Shell\ndocker run --cap-add=NET_ADMIN --name=pia -d \\\n  --restart=always \\\n  --dns 209.222.18.222 --dns 209.222.18.218 \\\n  -e 'REGION=\u003cregion\u003e' \\\n  -e 'USERNAME=\u003cpia_username\u003e' \\\n  -e 'PASSWORD=\u003cpia_password\u003e' \\\n  zwimer/pia-openvpn\n```\n\nSubstitute the environment variables `REGION`, `USERNAME`, and `PASSWORD` as needed. Note that `REGION` is optional, and defaults to `US East`.\n\nDue to the nature of the VPN client, this container must be started with some additional privileges. `--cap-add=NET_ADMIN` makes sure that the tunnel can be created from within the container.\n\nStarting the container in privileged mode would also achieve this, but keeping the privileges to the minimum required is preferable.\n\n*NOTE:* In most cases, a DNS server must be specified using `--dns \u003cip-address\u003e`. It is recommended to use the PIA DNS servers, whose addresses are listed above, or can be found on their [client support page](https://www.privateinternetaccess.com/pages/client-support/) under `DNS Leak Protection`.\n\n## Creating a container that uses PIA VPN\n```Shell\ndocker run -it --rm --net=container:pia centos\n```\n\nThe IP address returned after this execution should be different from the IP address you would get without specifying `--net=container:pia`.\n\n# Advanced usage\n\n## Additional arguments for the openvpn client\nEvery parameter provided to the `docker run` command is directly passed as an argument to the [openvpn executable](https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage).\n\nThis will run the openvpn client with the `--pull` option:\n```Shell\ndocker run ... --name=pia \\\n  zwimer/pia-openvpn \\\n    --pull\n```\n\n## Avoid passing credentials in environment variables\nBy default this image relies on the variables `USERNAME` and `PASSWORD` to be set in order to successfully connect to the PIA VPN.\n\nIt is possible to use instead a pre-existing volume/file containing the credentials.\n```Shell\ndocker run ... --name=pia \\\n  -v '\u003cpath/to/auth.conf\u003e:/pia/auth.conf' \\\n  zwimer/pia-openvpn \\\n    --auth-user-pass auth.conf\n```\n\n## Specifying the connection strength\nYou can also specify the connection strength using the environment variable `CONNECTIONSTRENGTH`. If it is not specified, it defaults to `strong`, but you could alternatively also specify `normal`.\n\n## Connection between containers behind PIA\nAny container started with `--net=container:...` will use the same network stack as the PIA container, therefore they will share the same local IP address.\n\n[Prior to Docker 1.9](https://docs.docker.com/engine/userguide/networking/default_network/dockerlinks/) `--link=pia:mycontainer` was the recommended way to connect to a specific container.\n\n[Since Docker 1.9](https://docs.docker.com/engine/userguide/networking/dockernetworks/), it is recommended to use a non default network allowing containers to address each other by name.\n\n## Specifying the network interface\nYou can also specify the network interface using the environment variable `NETWORKINTERFACE`. If it is not specified, it defaults to `eth0`.\n\n### Creation of a network\n```Shell\ndocker network create pia_network\n```\n\nThis creates a network called `pia_network` in which containers can address each other by name; the `/etc/hosts` is updated automatically for each container added to the network.\n\n### Start the PIA container in the pia_network\n```Shell\ndocker run ... --net=pia_network --name=pia zwimer/pia-openvpn\n```\n\nIn `pia_network` there is now a resolvable name `pia` that points to that newly created container.\n\n### Create a container behind the PIA VPN\nThis step is the same as the earlier one\n```Shell\n# Create an HTTP service that listens on port 80\ndocker run ... --net=container:pia --name=myservice myservice\n```\n\nThis container is not addressable by name in `pia_network`, but given that the network stack used by `myservice` is the same as the `pia` container, they have the same IP address and the service running in this container will be accessible at `http://pia:80`.\n\n### Create a container that access the service\n```Shell\ndocker run ... --net=pia_network tutum/curl curl -s http://pia/\n```\n\nThe container is started within the same network as `pia` but is not behind the VPN.\nIt can access services started behind the VPN container such as the HTTP service provided by `myservice`.\n\n# Sample Configuration\nThis is a sample docker-compose file based on the one which I've been using.\n```\nversion: \"2.1\"\nservices:\n  pia-vpn:\n    container_name: pia-vpn\n    image: zwimer/pia-openvpn\n    restart: always\n    cap_add:\n      - net_admin\n    dns:\n      - 209.222.18.222\n      - 209.222.18.218\n    ports:\n      - 9091:9091\n    volumes:\n      - /path/on/host:/path/in/container:ro\n    environment:\n      REGION: \"US East\"\n    command: [\"--auth-user-pass\", \"/path/in/container/auth.conf\"]\n  transmission:\n    container_name: transmission\n    image: linuxserver/transmission\n    restart: always\n    network_mode: \"service:pia-vpn\"\n    depends_on:\n      - pia-vpn\n    volumes:\n      - /path/on/host:/config \n      - /path/on/host:/downloads \n  sabnzbd:\n    container_name: sabnzbd\n    image: linuxserver/sabnzbd\n    restart: always\n    network_mode: \"service:pia-vpn\"\n    depends_on:\n      - pia-vpn\n    volumes:\n      - /path/on/host:/config\n      - /path/on/host:/downloads \n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzwimer%2Fdocker-openvpn-pia","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fzwimer%2Fdocker-openvpn-pia","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fzwimer%2Fdocker-openvpn-pia/lists"}