Tuesday, June 2, 2015

Making OpenVPN work inside a docker container

There are a number of possible solutions.  The first looks like a storage container but provides network access. It's a novel approach and one I might implement in the future. It has the benefits of configurations that might differ between prod, stag and dev. It also isolates the network issues from the application container.  It's actually a very strong idea.

In my case it's more complicated that I want.  I have a simple workflow that I want to follow for the time being.  Taking my default Dockerfile I did a chmod +s to the openvpn is running with root privileges which is required in order to update the routes and IP address.
run chmod +s /usr/sbin/openvpn
AND when running the docker container there are two additional params: cap_add and device.
docker run --rm -it --cap-add=NET_ADMIN --device /dev/net/tun -v /data/data1/devbox/shared/:/var/shared/ --name=${boxname} ${imgname} /bin/${shellname} --login
And that worked for me.

One other recommendation was installing sudo.  I suppose that was also an option, however, sudo might leak other root level changes that I might not want to put in application space rather than the environment.

No comments:

Post a Comment

dead pixels

I have never had a dead pixel so when I read: Small numbers (1-3) of stuck or dead pixels are a characteristic of LCD screens. These are n...