Richard Bucker

Making OpenVPN work inside a docker container

Posted at — Jun 2, 2015

There are a number of possible solutions.  The first looks like a storage container but provides network access. It’s a novel approach and one I might implement in the future. It has the benefits of configurations that might differ between prod, stag and dev. It also isolates the network issues from the application container.  It’s actually a very strong idea.In my case it’s more complicated that I want.  I have a simple workflow that I want to follow for the time being.  Taking my default Dockerfile I did a chmod +s to the openvpn is running with root privileges which is required in order to update the routes and IP address.run chmod +s /usr/sbin/openvpnAND when running the docker container there are two additional params: cap_add and device.docker run –rm -it –cap-add=NET_ADMIN –device /dev/net/tun -v /data/data1/devbox/shared/:/var/shared/ –name=${boxname} ${imgname} /bin/${shellname} –loginAnd that worked for me.One other recommendation was installing sudo.  I suppose that was also an option, however, sudo might leak other root level changes that I might not want to put in application space rather than the environment.