tunle is a Dockerized tunneling tool providing a VPN or Proxy tunnel for all Docker containers. tunle's goal is to provide easy setup for all the most popular VPN providers, across multiple architectures.
Copy one of the samples configs from configs for OpenVPN
docker run -d \
--rm \
--name tunle \
--env-file sample.cfg \
--device /dev/net/tun \
--cap-drop all \
--cap-add MKNOD \
--cap-add SETUID \
--cap-add SETGID \
--cap-add NET_ADMIN \
--cap-add NET_RAW \
retenet/tunleVWireguard Currently only supported with predefined config
docker run -d \
--rm \
--name tunle \
-e VPN_TYPE=wireguard \
-v /home/user/wg_vpn:/etc/wireguard \
--device /dev/net/tun \
--cap-drop all \
--cap-add MKNOD \
--cap-add SETUID \
--cap-add SETGID \
--cap-add NET_ADMIN \
--cap-add NET_RAW \
retenet/tunleDefault Docker Capability List:
- CHOWN
- DAC_OVERRIDE
- FOWNER
- FSETID
- KILL
- SETGID
- SETUID
- SETPCAP
- NET_BIND_SERVICE
- NET_RAW
- SYS_CHROOT
- MKNOD
- AUDIT_WRITE
- SETFCAP
Now attach the desired container using --net=container:tunle
docker run -it --rm --net=container:tunle ubuntu:bionic
The default provider for tunle is generic
NOTE: If the container fails to start you may need disable IPv6 by using the arg --sysctl net.ipv6.conf.all.disable_ipv6=0. This definitely applies to Hack the Box unless I can get it fixed
- amd64
- arm32v6
- arm32v7
- arm64v8
- i386
- Generic OpenVPN Config
- Generic Wireguard Config
- CyberGhost
- ExpressVPN
- I2P
- IPVanish
- Private Internet Access
- NordVPN
- ShadowSocks
- SurfShark
- TunnelBear
- TorGuard
- Tor Transparent Proxy
- Hack The Box
- Mullvad
- Others TBD