tinc is a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet.
This Dockerfile provides an image for running tinc 1.1 (pre release, as packaged by Debian).
The default entrypoint of the container is tinc, so you can directly issue commands to tinc, for example docker run ghcr.io/flosoft/tinc init
(which will run tinc init
inside the container) to have tinc create the basic configuration for you. Tinc's configuration is persisted as a volume, you can also share a host folder in /etc/tinc
.
tinc requires access to /dev/net/tun
. Allow the container access to the device and grant the NET_ADMIN
capability:
--device=/dev/net/tun --cap-add NET_ADMIN
To make the VPN available to the host, and not only (linked) containers, use --net=host
.
A reasonable basic run command loading persisted configuration from /srv/tinc
and creating the VPN on the host network would be
docker run -d \
--name tinc \
--net=host \
--device=/dev/net/tun \
--cap-add NET_ADMIN \
--volume /srv/tinc:/etc/tinc \
ghcr.io/flosoft/tinc start -D
Everything following start
are parameters to tincd
, -D
makes sure the daemon stays active and does not actually daemonize, which would terminate the container.
Github Container Registry
Docker Image: ghcr.io/flosoft/tinc
Link: https://github.com/flosoft/docker-tinc/pkgs/container/tinc
Docker Hub
Docker Image: florider89/tinc
Link: https://hub.docker.com/r/florider89/tinc
Instead of passing start
as tinc command, you can also execute arbitrary other tinc commands. Run help
for getting a list, of read the tinc documentation.
To enter the container for various reasons, use docker exec
, for example as docker exec -ti [container-name] /bin/bash
.
The image is based on the official Debian images, and is regularly rebuilt to encompas base image updates. tinc is fetched from the Debian experimental repositories (where tinc 1.1 pre release versions are available).