docker-vpn icon indicating copy to clipboard operation
docker-vpn copied to clipboard

Published 20 hours ago verified publisher icon ethack

Multiple new features supported for the VPN connection

Open bvanelli opened this issue 1 year ago • 2 comments
trafficstars

As discussed in #19, I implemented a couple of new functions to integrate the docker image, namely:

Features:

  • Add support for custom config files for the openconnect using profile.config
  • Add support for custom environment files for all connections using profile.env
  • Add support for custom file and folder mounts inside the container using profile.mounts
  • Use a ssh proxy instead of the python implementation for faster proxy speed
  • Use squid as an http proxy for an additional HTTP proxy (as not every service supports socks5)

Fixes:

  • Bump alpine version to 3.18.6

The only thing I was not 100% happy with was the fact that the startup of squid cannot wait for the start of the VPN, so I had to add a delay of 15 seconds, as I could not find a better way to do it. If this is not done, squid starts before the VPN connection and ends up not working properly.

Maybe give some thoughs regarding the changes.

Closes https://github.com/ethack/docker-vpn/issues/19

bvanelli avatar Mar 14 '24 19:03 bvanelli

Thank you for the contribution!

I have a couple questions.

Use a ssh proxy instead of the python implementation for faster proxy speed

Did you run into issues with speed that caused you to replace pproxy? I understand theoretically, compiled C will be faster than Python, but I'm really curious if you hit limits in real world usage that you needed to solve. Using ssh -D is an elegant solution though.

Use squid as an http proxy for an additional HTTP proxy (as not every service supports socks5)

pproxy also supports HTTP proxy and quite a few other protocols. It would have been pretty simple to add an HTTP proxy in using the existing pproxy base (and as a bonus maybe wouldn't need the sleep). Squid is undoubtedly more configurable and powerful, but that comes at a cost of complexity in its config. My question is why you decided on adding in Squid (e.g. prior experience with it; special need for its performance; just found a popular HTTP proxy; only one you could get to work; etc)?

I'm not strongly opposed to the changes or anything. I'm just trying to understand the reasoning behind them. That way if anyone ever re-works this project or runs into issues we can make informed decisions.

ethack avatar Mar 20 '24 03:03 ethack

Hello @ethack ,

I guess I owe an explanation for all the proxy changes: in fact, it wasn't the raw speed that was causing the hickups I was experiencies with pproxy, but my theory is that it was having multi-connection, all streaming data at the same time (in the form of a docker pull). I was using skopeo to syncronize docker images, and skopeo create multiple paralell connection to download and upload all layers, which is what I think caused the drop in performance (sometimes going down to a couple kb/s).

I do not discard that this issue might have been caused by slow VPN though, and maybe it's a coincidence it was fixed after I updated the proxy config.

I'll try to come back with a reproduceable example for the pproxy shortcomings, and if I cannot reproduce I'll revert the proxy changes.

bvanelli avatar Mar 20 '24 20:03 bvanelli