Skip to content

irishpadres/docker-nordvpn

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

577 Commits
.github/workflows
.github/workflows
 
 
examples
examples
 
 
opt
opt
 
 
scripts
scripts
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
nordvpn.dockerfile
nordvpn.dockerfile
 
 

Repository files navigation

Docker NordVPN

GitHubPackage DockerPublishing DockerSize DockerPulls

The NordVPN client for Docker

Leveraging the latest native NordVPN client, iptables and the Nord API to create the fastest, most stable connection possible.

The Essentials

Build based on:

  • NordVPN 3.16.8
  • Ubuntu 22.04
    • Updated nighty

Examples of use:

Docker Hub repository:

Optimized for NordLynx:

  • NordLynx is NordVPN's fast/stable implementation of Wireguard; it is the recommended and default TECHNOLOGY

Requirements

Wireguard on the host

  • You must install Wireguard on your host in order to leverage NordLynx

Capabilities

Environment

  • TOKEN

    • ONLY TOKENS ARE VIABLE IN A CONTAINER
    • The use of USERNAME and PASSWORD has been deprecated wherein only TOKEN or login via browser are accepted with the Linux client

  • NET_LOCAL

    • Technically not required for the container to work, but it should be set if local traffic is to be routed through NordVPN

Recommendations

IPv6

  • IPv6 support is limited and generally not supported by most VPN providers at this time

  • Therefore, it is recommended to disable IPv6 support in your container via sysctl:

    • net.ipv6.conf.all.disable_ipv6=1

DNS

  • Prior to establishing the tunnel, the host DNS settings will be used

  • If you are concerned with DNS leakage (which will only be nordvpn.com), you should set docker DNS

Environment Variables

Generally, the default settings will provide a great experience, however, several environment variables are available to provide flexibility:

Variable Default Description
BYPASS_LIST Comma-separated list of domain names that should bypass VPN (i.e. these connections should not be secured); if set, FIREWALL will default to FALSE
CHECK_CONNECTION_INTERVAL 60 Time in seconds to check connection state and remediate as required
CHECK_CONNECTION_URL https://www.google.com URL used by CHECK_CONNECTION_INTERVAL
CONNECTION_FILTERS To connect to the fastest, lowest load server of special interest. Use the NordVPN API to help craft your filters; largely for OpenVPN, though useful with NordLynx when wanting to set a specific country/city (e.g filters[country_city_id]=8980922)
CONNECT Provide a [country] (Australia), [server] (jp35), [country_code] (us), [city] (Hungary Budapest) or [group] (Onion_Over_VPN) (note CONNECT overrides CONNECTION_FILTERS; use one or the other)
CYBER_SEC FALSE Learn more at NordVPN (TRUE/FALSE)
DNS A comma-separated list of IPv4/IPv6 addresses to be set as the VPN tunnel DNS servers, or non-IP hostnames to be set as the tunnel's DNS search domains (leave unset to use NordVPN servers)
FIREWALL TRUE Use the NordVPN firewall over iptables (TRUE/FALSE; will default to FALSE when BYPASS_LIST in use)
KILLSWITCH TRUE Use the NordVPN kill switch; FIREWALL must also be TRUE (TRUE/FALSE)
NET_LOCAL Add a route to local IPv4 network once the VPN is up; the Docker network is automatically added; must be CIDR IPv4 format (e.g. 192.168.1.0/24)
NET6_LOCAL Add a route to local IPv4 network once the VPN is up; the Docker network is automatically added; must be CIDR IPv6 format (e.g. fe00:d34d:b33f::/64)
OBFUSCATE FALSE Only valid when using TECHNOLOGY OpenVPN; learn more at NordVPN (TRUE/FALSE)
PORT_RANGE Port range to whitelist for both UDP and TCP; (e.g. PORT_RANGE=9091 9095)
PORTS Semicolon delimited list of ports to whitelist for both UDP and TCP; (e.g PORTS=9091;9095)
POST_CONNECT Command to execute after successful connection
PRE_CONNECT Command to execute before attempt to connect
PROTOCOL UDP Only valid when using TECHNOLOGY OpenVPN (TCP/UDP)
REFRESH_CONNECTION_INTERVAL 120 Time in minutes to trigger VPN reconnection to help ensure best connection available (0 = disable)
TECHNOLOGY NordLynx Specify the VPN Technology to use (NordLynx/OpenVPN)
TOKEN Generated from your NordVPN account web portal

Troubleshooting

  • Ensure you have read all of the above information
  • Ensure you have pulled the latest available image
    • Use --force-recreate to be sure
  • Check and double-check all of your values
  • Perform the following:
    • Start a basic container:
      • docker run -it --rm --name=nordvpn-tmp tmknight88/nordvpn:latest bash
    • Perform the following in the container:
      • nordvpnd &
      • nordvpn login --token [your token]
      • nordvpn connect
    • If basic container connectes without issue, then slowly/one-at-a-time, start applying any cusomizations and go through the previous steps with each change (yes, laborious, but that's what it takes)
      • docker run -it --rm --name=nordvpn-tmp -v [something] tmknight88/nordvpn:latest bash
      • docker run -it --rm --name=nordvpn-tmp -v [something] -e [something else] tmknight88/nordvpn:latest bash
      • docker run -it --rm --name=nordvpn-tmp -v [something] -e [something else] -e [and so on] tmknight88/nordvpn:latest bash
  • If you've performed all of the above without determining the issue, feel free to open an issue
    • Be sure to include your log entries and be as descriptive as possible

Additional Information

Using the NordVPN API

Credits

Disclaimers

This project is independently developed for personal use; there is no affiliation with NordVPN or Nord Security companies. Nord Security companies are not responsible for, nor have control over, the nature, content and availability of this project.

About

NordVPN for Docker

Resources

Readme

License

GPL-3.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages

  • Shell 94.1%
  • Dockerfile 5.9%