Running containers through an OpenVPN container

  • Here's my goal: Run sabnzbd and deluge containers through an openvpn container. I know that there are some "bundled" images out there for things like deluge+openvpn, but I'd prefer not to have separate vpn connections for each container since the number of connections are limited by my vpn provider.


    This works to create the openvpn container:

    Code
    docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn -v /etc/openvpn/client:/vpn -d dperson/openvpn-client -f ""


    This appears to work to create the deluge container:

    Code
    docker run -d --name=deluge --net=container:vpn -e PUID=1000 -e PGID=1000 -v /root/deluge/downloads:/downloads -v /root/deluge/config:/config linuxserver/deluge


    And this is where I'm probably getting hung up:

    Code
    docker run -it --name web -p 8112:8112 -e SSI=y --link vpn:deluge -d dperson/nginx -w "http://deluge:8112/;/deluge/"

    Most of the examples I've seen indicate that I should use -p 80:80, but I can't do that because OMV is already using port 80. So I just figured that I would use port 8112 instead, and hit the page with http://<OMV IP>:8112, but I get nothing at all.


    Any ideas? I've already spent around 12 hours trying to get this working.


    Thanks!

  • In this docker create command:


    docker run -d --name=deluge --net=container:vpn -e PUID=1000 -e PGID=1000 -v /root/deluge/downloads:/downloads -v /root/deluge/config:/config linuxserver/deluge


    What user:group are 1000:1000?


    Why are you trying to write the downloads and config into the root user's home folder? Only the root user can do that.

    --
    Google is your friend and Bob's your uncle!


    OMV AMD64 7.x on headless Chenbro NR12000 1U 1x 8m Quad Core E3-1220 3.1GHz 32GB ECC RAM.

  • Honestly, I have no idea. I've just been trying everything I can, and saw that user:group in an example.


    I'm using the root home folder just for testing purposes for now. It does work because the containers have been writing their config files there.

  • Slightly modified commands:



    Code
    docker run -d -it --name vpn --cap-add=NET_ADMIN --device /dev/net/tun -v /etc/openvpn/client:/vpn dperson/openvpn-client -f ""
    docker run -d --name=deluge --net=container:vpn -v /sharedfolders/download/deluge/complete:/downloads -v /sharedfolders/download/deluge/config:/config linuxserver/deluge
    docker run -d -it --name web -p 8112:8112 -e SSI=y --link vpn:deluge dperson/nginx -w "http://deluge:8112/;/deluge/"

    The vpn container gets a valid IP from my vpn provider. From within the web container, I can ping "deluge" (returning the IP of the deluge container), and I can curl http://deluge:8112 (returning HTML from the deluge GUI page). But I just can't access the deluge GUI from my PC on my LAN at all.

  • Have you managed to find a solution to this?

    OMV 4.1.4 Arrakis | 34TB SnapRAID+MergerFS
    Supermicro X10SLM+-F| Xeon E3-1285L | 16gb ECC Ram | LSI SAS9220-8i
    5 x 8TB WD Red | 2x 3TB WD Red | 128gb Samsung 830 EVO

  • Interestingly enough, the maintainer of the container posted a link to a sample docker compose file that may be helpful in getting your containers set up.


    As an aside, the command that finally worked for me was the following (note I'm on ARM so I needed the armhf build):


    sudo docker run -it --restart=always --dns XXX.XXX.XXX.XXX --cap-add=NET_ADMIN --device /dev/net/tun --name vpn -v /srv/dev-disk-by-label-storage/home/docker/.config/vpn:/vpn -e PGID=100 -e PUID=1001 -d dperson/openvpn-client:armhf -f ""


    edit: just replace the dns X's with your own dns, or remove it entirely if you don't want to specify the dns server

    OMV 4.1.22-1 Arrakis | Odroid XU4Q | armhf-gang | docker noob

  • Special thanks to Jonatron and gaelic for their work in this thread. I think I finally have this working. I completely gave up on using a proxy, although I'd like to revisit that. Here's how I built my OpenVPN container:



    Rather than store the VPN server info and my account and password in the container config, I stored that info in an ovpn file and auth file for the container to reference. Here's how I built my Transmission container:

    Code
    docker run -d --name=transmission \
        --restart=unless-stopped \
        --net=container:openvpn \
        -v /etc/localtime:/etc/localtime:ro \
        -v /sharedfolders/config/transmission:/config \
        -v /sharedfolders/download:/downloads \
        -v /sharedfolders/watch:/watch \
        -e PGID=100 \
        -e PUID=1000 \
        linuxserver/transmission


    And here's how I built my SABNZBD container:

    PUID 100 is a user that I created called "container" for all of my containers so that I don't have to run them as root. I'm not sure that's an option that I can pass to the OpenVPN container. Also, I was able to avoid using a proxy by using the ROUTE option on the OpenVPN container (thanks to Jonatron for that tip). Really, I just wanted to share this for others who are looking for the complete picture. I'm also hoping that folks who know a lot more than me can help me with a few things:

    • Please critique my design! Help me make it better and more secure.
    • If I wanted to use a proxy, e.g., nginx, how do I get around the fact that OMV is already using port 80?
    • How can I ensure that the OpenVPN container always starts before the other two? I've seen comments about Docker Compose, but don't know anything about it.
    • How can I specify a user and group for the OpenVPN container?
    • If I use Watchtower to keep these containers up to date, won't it break the Transmission and SABNZBD containers every time the OpenVPN container is updated?

    Thanks!

  • Hey @dildano,


    have you managed to get an answer on your 3rd question?


    I do have a similiar challenge. I'm using the Docker plugin where I have 4 containers, one of them is OpenVPN.


    I need a kind of boot sequence to make sure that OpenVPN is started first, then a pause of 2 minutes, then the rest should start.


    Otherwise my containers will get into a "death" status, as the VPN is not yet available.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!