Docker container running a tinc VPN node. Fork of https://github.com/JensErat/docker-tinc
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
Charles Reid d9a77fdb67 update docs 4 years ago
Dockerfile Build upon experimental to avoid broken dependencies 7 years ago
LICENSE.md Initial release 7 years ago
README.md update docs 4 years ago

README.md

d-tinc

Written by Jens Erat (email@jenserat.de), modified by charlesreid1

Licensed under BSD license.

Everything has been heavily modified.

tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. This Dockerfile provides an image for running tinc 1.1 (pre release, as packaged by Debian).

Building

Start by building the container:

docker build -t stormy_tinc .

Initializing

The default entrypoint of the container is tinc, so you can use docker run and issue commands directly to tinc.

For example, if the following command is run,

docker run stormy_tinc init 

it will run the command tinc init inside the container. This command creates a basic config file for you.

Running

To start tinc:

docker run stormy_tinc start

Configuration

In the container, the directory /etc/tinc is marked as a persistent volume. Tinc scripts should be available there. For example:

/etc/tinc
    master/
        tinc-up
        tinc-down
        tinc.conf
        hosts/
    skyhook/
        ...

Mount the ./etc/tinc directory into the container as /etc/tinc.

Devices

tinc requires access to /dev/net/tun. Allow the container access to the device and grant the NET_ADMIN capability:

    --device=/dev/net/tun --cap-add NET_ADMIN

Running

A reasonable basic run command loading persisted configuratino from /srv/tinc and creating the VPN on the host network would be

    docker run -d \
        --name tinc \
        --net=host \
        --device=/dev/net/tun \
        --cap-add NET_ADMIN \
        --volume /srv/tinc:/etc/tinc \
        stormy_tinc start -D

Everything following start are parameters to tincd, -D makes sure the daemon stays active and does not actually daemonize, which would terminate the container.

Where's My VPN?

When tinc has created a connection with other nodes in the peer-to-peer virtual private network, it provides a network device with a particular route for particular IP addresses.

That network device can either be made available to other docker containers, or it can be made available to everyone on the host machine.

Option 1: Container Links: To make a VPN available to other docker containers, but not to everyone on the host machine, just link the tinc container to other containers.

Option 2: Make Available on Host: To make a VPN available to the host machine as well, use --net=host.

A reasonable basic run command loading persisted config from /srv/tinc and creating the VPN on the host network would be:

    docker run -d \
        --name tinc \
        --net=host \
        --device=/dev/net/tun \
        --cap-add NET_ADMIN \
        --volume /srv/tinc:/etc/tinc \
        stormy_tinc start -D

Everything following start are parameters to tincd, -D makes sure the daemon stays active and does not actually daemonize, which would terminate the container.

Administration and Maintenance

Instead of passing start as tinc command, you can also execute arbitrary other tinc commands. Run help for getting a list, of read the tinc documentation.

To enter the container for various reasons, use docker exec, for example as docker exec -ti [container-name] /bin/bash.

Image Updates

The image is linked to the official Debian images, and automatically rebuild whenever the base image is updated. tinc is fetched from the Debian experimental repositories (where tinc 1.1 pre release versions are available).