This is a docker image of an OpenVPN client tied to a SOCKS proxy server. It is useful to isolate network changes (so the host is not affected by the modified routing).
This supports directory style (where the certificates are not bundled together in one
.ovpn file) and those that contains
(For the same thing in WireGuard, see kizzx2/docker-wireguard-socks-proxy)
This is arguably the easiest way to achieve "app based" routing. For example, you may only want certain applications to go through your WireGuard tunnel while the rest of your system should go through the default gateway. You can also achieve "domain name based" routing by using a PAC file that most browsers support.
In the sockd.sh file you will find the ip command setting routes to some subnet via a hosts ip address. This is seemingly the only way the routing tables inside the container can reach the given subnets.
start in this repository:
/your/openvpn/directory should contain one OpenVPN
.conf file. It can reference other certificate files or key files in the same directory.
docker run directly:
docker run -it --rm --device=/dev/net/tun --cap-add=NET_ADMIN \ --name openvpn-client \ --volume /your/openvpn/directory/:/etc/openvpn/:ro -p 1080:1080 \ kizzx2/openvpn-client-socks
Then connect to SOCKS proxy through through
local.docker:1080. For example:
curl --proxy socks5h://local.docker:1080 ipinfo.io
You can easily convert this to an HTTP proxy using http-proxy-to-socks, e.g.
hpts -s 127.0.0.1:1080 -p 8080