A feature-rich and reliable VPN container image for PIA + WireGuard
- Strict killswitch - Zero-leak design with fast engagement (~25ms on amd64)
- WireGuard speed - Tested at greater than 95% of line speed with automatic MSS clamping
- Reliable reconnect - Handles outages gracefully and avoids reconnect churn
- Port forwarding - Manages port acquisition, keepalive, and expiry/refresh
- Port syncing - Automatically syncs port to qBittorrent, Deluge, Transmission, and custom endpoints
- SOCKS5 + HTTP Proxies - Allows other machines and containers to access VPN (optional authentication)
- DoT Support - Encrypt your DNS requests to further anonymize
- Observability -
/health,/ready,/metrics(prometheus), and/metrics?format=json - Smart server selection - Chooses the lowest-latency server from selected location(s), or from all locations
- Minimal host support - Supports WireGuard userspace (wireguard-go) and iptables-legacy auto-fallback
- No manual auth token - Auth token acquired automatically and kept fresh
- Dedicated IP support - Connect to a reserved PIA IP using your dedicated IP token
- Multi-architecture images - amd64, arm64, and armv7
Versions: latest, develop, and semantic (v1, v1.0, v1.0.0)
Copy-Paste Examples:
services:
pia-tun:
image: x0lie/pia-tun:latest
container_name: pia-tun
cap_add:
- NET_ADMIN
cap_drop:
- ALL
secrets:
- pia_user
- pia_pass
secrets:
pia_user:
file: ./secrets/pia_user
pia_pass:
file: ./secrets/pia_passImage also available as ghcr.io/x0lie/pia-tun
Special thanks to Kevin for getting me into containerization
Built with:
- WireGuard - Fast, modern VPN protocol
- Prometheus - Metrics and monitoring
- Alpine Linux - Lightweight container base
Not affiliated with Private Internet Access