oxlade39/piaportforward

Private Internet Access OpenVPN client with support for port forwarding

Getting Started

This docker image will connect to PIA with OpenVPN using your PIA credentials and then request a port be opened via PIA's service. Only some regions support port forwarding so make sure you select a supporting region.

Prerequisities

In order to run this container you'll need docker installed.

• Windows
• OS X
• Linux

Usage

docker

docker run --rm --cap-add NET_ADMIN --device /dev/net/tun -e "REGION=France" -v $(pwd)/.creds:/etc/openvpn/pia/pass --name pia oxlade39/piaportforward

docker-compose

version: '3'

networks:
    pia:
      driver: bridge
      ipam:
        config:
          - subnet: 172.20.0.0/24

services:
  pia:
    image: oxlade39/piaportforward
    container_name: pia
    environment:
      - REGION=France
    networks:
      pia:
        ipv4_address: 172.20.0.5
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - /config/pia/.credentials:/etc/openvpn/pia/pass:ro
      - /config/pia:/config
    restart: unless-stopped

The image requires NET_ADMIN and --device /dev/net/tun to support creating the tun virtual interface.

Environment Variables

• REGION - specifies the PIA region to use as a connection

Volumes

• /etc/openvpn/pia/pass - Line delimited pia username and password
• /config/* - Files containing useful VPN connection information. Like the VPN IP, the interface and the dynamically allocated port.

Useful File Locations

• /config/vpnportfw - File containing the opened port available for port forwarding.

Testing

Get your externally visible IP address from a normal shell

$ wget -qO- https://ipinfo.io/ip
213.205.194.254

Get your externally visible IP address from a container attached to your pia instance.

$ docker run --rm --network=container:pia alpine:3.8 wget -qO- https://ipinfo.io/ip

If this port is different from above then the traffic is routing via the VPN.

Attaching other containers

To attach other containers you can use --network=container:${piaportforward_container_name} in docker or in docker-compose:

my_linked_container:
  image: some/image
  container_name: my_linked_container
  network_mode: service:${piaportforward_container_name}

Find Us

• GitHub

Acknowledgments

• www.pantz.org. I followed this guide and used modified, dockerized versions of the scripts listed here.
• qdm12/private-internet-access-docker. I started using this but then decided to write my own supporting port forwarding.