| docker | ||
| resources | ||
| .env | ||
| .gitignore | ||
| .wg-docker_bash-completion | ||
| docker-compose.env.yml | ||
| docker-compose.yml | ||
| Dockerfile | ||
| entrypoint.sh | ||
| install.sh | ||
| Makefile | ||
| README.md | ||
| TODO.md | ||
| wg-docker | ||
wg-docker [wip]
This repository contain a simple docker setup for wireguard.
requirements: debian|alpine, docker, wireguard, firefox, thunderbird, proxychains space requirements:
alpine, docker images:
- alpine:3.16.3: 5.54MB
- wg-docker/alpine:0.0.1: 19.1MB
debian, docker images:
- debian:stable: 124MB
- wg-docker/debian:0.0.1: 270MB
Build the image
docker build . -t wg-docker/alpine:0.0.1
docker build . -f Dockerfile.debian -t wg-docker/debian:0.0.1
Usage
The usage would be similar to wg-quick
usage: wg-docker [up|shell|firefox|thunderbird] [profile_name]
start the container with profile 'lattuga'
wg-docker up lattuga
start the container and the firefox profile, proxied to container with profile lattuga
wg-docker firefox lattuga
[wip] start the container and the thunderbird profile, proxied to container with profile lattuga
[wip] start a shell proxied
wg-docker shell lattuga
for now start the container and then proxychains every command
wg-docker up lattuga
proxychains git clone ...
ssh to container
ssh -ND 9999 root@172.20.0.10
-N : Do not execute a remote command. This is useful for just forwarding ports.
-D : Specifies a local “dynamic” application-level port forwarding.
This works by allocating a socket to listen to port on the local
side, optionally bound to the specified bind_address. Whenever a
connection is made to this port, the connection is forwarded over
the secure channel, and the application protocol is then used to
determine where to connect to from the remote machine. Currently
the SOCKS4 and SOCKS5 protocols are supported, and ssh will act
as a SOCKS server.
Create a profile in firefox
In Firefox in about:profiles create a new profile and then go to 'settings', 'network settings' to manually setup the proxy to your choosen socks_port.
Tips
Vpn rotations
Use of healthcheck as scheduler to avoid installing crontab, and change configuration file every while (better would be a change of vpn-endpoint every firefox profile restart)
Paste your public ssh key in ./authorized_keys or alternatively PermitRootLogin with password and initialize a password
sed -ie 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config;
echo 'test' | chpasswd
service ssh restart
Why
Often I'm browsing some sites through torbrowser and I need at the same time to visit other sites, related to different contexts, and I prefer to open those pages with another network profile, es. via vpn.
I'm currently using mullvad as vpn provider so in this repository there are names of files related to mullvad, but it can be applied easily to other vpns providers that offer wireguard.
Consulted Links
- [from ubuntu] https://github.com/linuxserver/docker-wireguard
- [from alpine] https://github.com/jordanpotter/docker-wireguard
- https://gitlab.torproject.org/legacy/trac/-/wikis/doc/TorPlusVPN
- https://gitlab.tails.boum.org/tails/blueprints/-/wikis/vpn_support/
- https://tails.boum.org/support/faq/index.en.html#index20h2
- https://www.whonix.org/wiki/FAQ#How_does_Whonix_work?
- https://www.qubes-os.org/intro/
- https://www.whonix.org/wiki/Qubes
- https://packages.debian.org/bullseye/proxychains
- https://manpages.debian.org/bullseye/tsocks/tsocks.8.en.html
Other similar needings
Common ways to visit a site that doesn't allow traffic from tor:
- web.archive.org, check if archive as a copy paste the link after the / in the archive url https://web.archive.org/https://tor-blocking.website/path-to-resource
1.3G Whoonix size