Skip to content

tmknight/docker-nordvpn

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Docker NordVPN

GitHubPackage DockerPublishing DockerSize DockerPulls

The NordVPN client for Docker

Leveraging the latest native NordVPN client, iptables and the Nord API to create the fastest, most stable connection possible.

The Essentials

Build based on:

  • NordVPN 3.15.5
  • Ubuntu 22.04

Examples of use:

Docker Hub repository:

Optimized for NordLynx:

  • NordLynx is NordVPN's fast/stable implementation of Wireguard; it is the recommended and default TECHNOLOGY

Requirements

Wireguard on the host

  • You must install Wireguard on your host in order to leverage NordLynx

Capabilities

Environment

  • TOKEN

    • Or USER & PASS/PASSFILE if you, for some reason, decide to use these instead
  • NET_LOCAL

    • Technically not required for the container to work, but it should be set if local traffic is to be routed through NordVPN

Recommendations

IPv6

  • IPv6 support is limited and generally not supported by most VPN providers at this time

  • Therefore, it is recommended to disable IPv6 support in your container via sysctl:

    • net.ipv6.conf.all.disable_ipv6=1

DNS

  • Prior to establishing the tunnel, the host DNS settings will be used

  • If you are concerned with DNS leakage (which will only be nordvpn.com), you should set docker DNS

Environment Variables

Generally, the default settings will provide a great experience, however, several environment variables are available to provide flexibility:

Variable Default Description
BYPASS_LIST Comma-separated list of domain names that should bypass VPN (i.e. these connections should not be secured); if set, FIREWALL will default to FALSE
CHECK_CONNECTION_INTERVAL 60 Time in seconds to check connection state and remediate as required
CHECK_CONNECTION_URL https://www.google.com URL used by CHECK_CONNECTION_INTERVAL
CONNECTION_FILTERS To connect to the fastest, lowest load server of special interest. Use the NordVPN API to help craft your filters; largely for OpenVPN, though useful with NordLynx when wanting to set a specific country/city (e.g filters[country_city_id]=8980922)
CONNECT Provide a [country] (Australia), [server] (jp35), [country_code] (us), [city] (Hungary Budapest) or [group] (Onion_Over_VPN) (note CONNECT overrides CONNECTION_FILTERS; use one or the other)
CYBER_SEC FALSE Learn more at NordVPN (TRUE/FALSE)
DNS A comma-separated list of IPv4/IPv6 addresses to be set as the VPN tunnel DNS servers, or non-IP hostnames to be set as the tunnel's DNS search domains (leave unset to use NordVPN servers)
FIREWALL TRUE Use the NordVPN firewall over iptables (TRUE/FALSE; will default to FALSE when BYPASS_LIST in use)
KILLSWITCH TRUE Use the NordVPN kill switch; FIREWALL must also be TRUE (TRUE/FALSE)
NET_LOCAL Add a route to local IPv4 network once the VPN is up; the Docker network is automatically added; must be CIDR IPv4 format (e.g. 192.168.1.0/24)
NET6_LOCAL Add a route to local IPv4 network once the VPN is up; the Docker network is automatically added; must be CIDR IPv6 format (e.g. fe00:d34d:b33f::/64)
OBFUSCATE FALSE Only valid when using TECHNOLOGY OpenVPN; learn more at NordVPN (TRUE/FALSE)
PASS Password for NordVPN account; surround in single quotes to prevent issues with special characters such as $ (not required when using TOKEN or PASSFILE)
PASSFILE For use with USER and docker secrets, this should be set to /run/secrets/<secret_name>; this file should contain just the account password on the first line
PORT_RANGE Port range to whitelist for both UDP and TCP; (e.g. PORT_RANGE=9091 9095)
PORTS Semicolon delimited list of ports to whitelist for both UDP and TCP; (e.g PORTS=9091;9095)
POST_CONNECT Command to execute after successful connection
PRE_CONNECT Command to execute before attempt to connect
PROTOCOL UDP Only valid when using TECHNOLOGY OpenVPN (TCP/UDP)
REFRESH_CONNECTION_INTERVAL 120 Time in minutes to trigger VPN reconnection to help ensure best connection available (0 = disable)
TECHNOLOGY NordLynx Specify the VPN Technology to use (NordLynx/OpenVPN)
TOKEN RECOMMENDED; use in place of USER and PASS for NordVPN account; generated from your NordVPN account web portal
USER User for NordVPN account (not required when using TOKEN)

Additional Information

Using the NordVPN API

Credits

Disclaimers

This project is independently developed for personal use; there is no affiliation with NordVPN or Nord Security companies. Nord Security companies are not responsible for, nor have control over, the nature, content and availability of this project.