Add DNS Management and Kill Switch options to setup

[zefie]

Made this setup for a custom docker-compose, kill switch does appear to work, or at least a test with curl using the socks proxy wouldn't connect to anything when I disconnected the VPN.

I've documented the effects of the DNS options in the comments of the config file.

Anyway, I figured I'd offer my modifications in case you are interested. Thanks for your initial work on it :)

[krey]

Hi @zefie

Thanks very much for the PR and sorry for the delay.

I don't know much about networks, but if I'm reading the Arch wiki's OpenVPN#Prevent_leaks_if_VPN_goes_down correctly, the concern is that the VPN goes down and then you start using the "regular" network connection.

This doesn't seem possible in the case of protonvpn-docker because the SOCKS server is configured to use the proton0 network interface. So as long as you're connecting to the SOCKS proxy (as in the curl example), you should be fine.

Please correct me if I'm wrong

[zefie]

Thank you for the reply. I will have to do more testing with the kill switch to verify it works as intended outside of the SOCKS proxy. I will let you know what I find.

[zefie]

After some further testing I have found the Kill Switch to be working. Other dockers in the compose routed through the protonvpn network cease working after a disconnection. However, it may work a bit too well, as you are not able to switch servers or reconnect to the VPN without restarting the protonvpn docker itself. (Eg once the first VPN connection disconnects, the Kill Switch enables, and nothing works until its restarted.)

[krey]

Let's say you have a script that downloads a bunch of webpages, but you wanna protect your identity. You could do

protonvpn connect
curl https://example.com/first --output first
curl https://example.com/second --output second
...
curl https://example.com/last --output last
protonvpn disconnect

What if the vpn connection fails while downloading https://example.com/second?

curl will fail and every subsequent download will go through your physical network unprotected.

If you're using the kill switch however, protovpn will block all network traffic so all subsequent downloads will fail and your IP will be kept private.

Alternatively, you could run protonvpn-docker

docker-compose run --service-ports protonvpn-docker
curl -x socks5h://127.0.0.1:1080 https://example.com/first --output first
curl -x socks5h://127.0.0.1:1080 https://example.com/second --output second
...
curl -x socks5h://127.0.0.1:1080 https://example.com/last --output last
# stop docker

What if the vpn connection fails while downloading https://example.com/second?

Because of the fact that the proxy is bound to the container's proton0 interface, all subsequent downloads will fail and your IP will be kept private.

So the kill switch and the protonvpn-docker solve the same problem in different ways. Therefore I don't think protonvpn-docker benefits from protonvpn's kill switch functionality.

Let me know how you see it