This is a example of how you can make the device connect to a self hosted VPN server. This example uses DigitalOcean and OpenVPN.
The container needs to have access to the host network (thus network_mode: host) and to be privileged (otherwise the ovpn command will fail).
Resin runs single-container applications in privileged mode, but multicontainer applications need to have privileged: true in the docker-compose.yml file.
-
Deploy the code on a device
-
Create a VPN server. See this guide.
-
Now, we need to transfer the ovpn file you created in previous step to the device
- Enable PasswordAuthentication on your server, revert the step described here
- Get the file on the device (multiple ways):
- From host:
scp <username>@<server_ip>:<path_to_ovpn_file> /var/libs/docker/volumes/<resin_app_id>_vpn/client.ovpn - Or from container:
scp <username>@<server_ip>:<path_to_ovpn_file> /usr/vpn/client.ovpn - Or add the file through
COPY client.ovpn .in Dockerfile. This approach is less desirable because it requires you to keep track of file in git and also makes it harder to have different files for more devices.
- From host:
Remember to replace the placeholders with actual values.
-
At the next iteration of the loop, the VPN should be enabled.
-
(Optional) Disable back PasswordAuthentication on the server.