Custom dockerfile install of NordVPN

A user reached out noting that a connected service with network_mode="container:vpn" couldn't get into the webUI. I directed them to the documentation for reference, but the included iptables were insufficient for their custom rolled nordVPN container. After some testing and work, it was found that the container couldn't reach any internal resources, and packets could reach the vpn container, but weren't making it back out again indicating iptables blocks on the outbound direction of the docker0 interface.

I had him drop all tables and add the bottom most iptables chain which resolved the connectivity issue.

Below is his custom image and run statements, as well as the iptables that worked around the issue.


#Credit of these goes to OxyTJ

FROM ubuntu:18.04
RUN apt update && \
    apt install -y net-tools && \
    apt install -y wget && \
    wget -O /tmp/nordrepo.deb && \
    apt install -y /tmp/nordrepo.deb && \
    apt update && \
    apt install -y nordvpn=$VERSION && \
    apt remove -y wget nordvpn-release && \
    apt upgrade -y

ENTRYPOINT ["/usr/sbin/nordvpnd", "&"]
docker run --detach -ti \
  --name=nordvpn \
  --cap-add=NET_ADMIN \
  --cap-add=SYS_MODULE \
  --device /dev/net/tun \
  --sysctl net.ipv4.conf.all.rp_filter=2 \
  --env="USER=<username>" \
  --env="PASS=<password>" \
  --env="CONNECT=United_States" \
  --env="TECHNOLOGY=NordLynx" \
  --publish 9090:9090 \
  --publish 6881:6881 \
  --publish 6881:6881/udp \

docker run --detach -ti \
  --name=qbittorrent \
  --env="PGID=1000" \
  --env="TZ=America/Chicago" \
  --env="UMASK_SET=022" \
  --env="WEBUI_PORT=9090" \
  --network=container:nordvpn \
  --volume=/storage/qbittorrent/config:/config \
  --volume=/storage/qbittorrent/downloads:/downloads \
iptables -A INPUT -s -j ACCEPT
iptables -A FORWARD -s -j ACCEPT
iptables -A FORWARD -d -j ACCEPT
iptables -A OUTPUT -d -j ACCEPT