About

Docker Setup

So I'm considering buying a subscription to a VPN provider in order to protect my potential torrenting traffic. I don't particularly want to pay for a UseNet subscription because that I can only use for one thing, but a VPN I can use for all my devices. I can also direct docker containers to network through the NordVPN container I plan to set up.

Below are the settings used in OpenMediaVault's Docker plugin. Unless listed here, all other settings should remain as default.

General

Docker Image: bubuntux/nordvpn:amd64-latest

Container Name: NordVPN

Restart Policy: unless-stopped

Networking

Network Mode: Host May change this to Bridge if I can't get other traffic thru the VPN. Just means I'll have to specify that certain containers must go thru the VPN container.

Ports: 0000:0000/tcp

Environmental Variables

USER: j.morgan22@gmail.com PASS: COUNTRY: Switzerland CATEGORY: Standard VPN servers PROTOCOL: UDP NETWORK: 10.0.0.0/24 GROUPID: 100 NET_IFACE: enp0s25 TZ: America/Indiana/Indianapolis

Maybe if I add a whitelist variable so DuckDNS can get through?

Volumes and Bind Mounts

/sharedfolders/Storage/NordVPN : /vpn

Extra Arguments

--cap-add=NET_ADMIN --device /dev/net/tun --name vpn

Environmental Variables

USER - User for NordVPN account.

PASS - Password for NordVPN account, surrounding the password in single quotes will prevent issues with special characters such as $.

COUNTRY - Use servers from an specific country (IE United_States, Australia, NZ, Hong Kong, MX, full list).

CATEGORY - Use servers from an specific category (IE Double_VPN, Standard VPN servers). Allowed categories are:

• Standard VPN servers Get connected to ultra-fast VPN servers anywhere around the globe to change your IP address and protect your browsing activities.
• P2P Choose from hundreds of servers optimized for P2P sharing. NordVPN has no bandwidth limits and doesn’t log any of your activity.
• Dedicated IP servers Order a dedicated IP address, which can only be used by you and will not be shared with any other NordVPN users.
• Double VPN Send your Internet traffic through two different VPN servers for double encryption. Recommended for the most security-focused.
• Onion Over VPN For maximum online security and privacy, combine the benefits of NordVPN with the anonymizing powers of the Onion Router.

PROTOCOL - Specify OpenVPN protocol. Allowed protocols are:

• UDP
• TCP

WHITELIST - List of domains that are gonna be accessible outside vpn (IE rarbg.to,yts.am).

NETWORK - CIDR networks (IE 192.168.1.0/24), add a route to allows replies once the VPN is up.

NETWORK6 - CIDR IPv6 networks (IE fe00:d34d:b33f::/64), add a route to allows replies once the VPN is up.

OPENVPN_OPTS - Used to pass extra parameters to openvpn full list.

TZ - Set a timezone (IE EST5EDT, America/Denver, full list).

GROUPID - Set the GID for the vpn. Shouldn't this be PGID? Is PUID necessary?

NET_IFACE - Network Interface to bind the vpn (Useful when combined with –network host to protect the entire host).

Routing Traffic From Other Dockers

I'm gathering that in order to run traffic from other docker containers, all I have to do is put a command in the extra arguments field in OpenMediaVault: --net=container:vpn.