Route all traffic through a remote VPN

Hi,

Is it possible to route all outgoing traffic through an external server? I can setup a WireGuard or OpenVPN server at home if needed.


Due to the pandemic I’m working remote, and our company decided to make office work voluntary.

After Covid, I want to move around a bit and travel light. I only need decent wifi/4G to do my (webdev) job so why not right?

Anyway, JetBrains recently announced Projector, allowing me to host my IDE on a server and use a thin client. They provide a Docker image to run it.

I’ve been meaning to use Fly for a while now. And seeing how Projector is nothing but a Docker image I Immediately thought, “Ooh, this sounds Fly”.

And sure enough! It took almost no work to get started with Projector. Added a Volume to it and I’m ready to travel!

Our git instance and development servers are only accessible from home ( ip is whitelisted ).
Some of our clients are in broadcasting ( tv ) and most content is geo-blocked, that’s another reason I want to make it look like my connections are coming from home. I already have an OpenVPN server running at home, so I was hoping I could tunnel all my outgoing traffic through my home network.


However I’m a complete noob when it comes to Docker networking. Is what I want to do possible?

This is theoretically doable but is gonna take some work! I probably would not try OpenVPN, though, since it will be extra tricky to get going.

The simplest option might be to create a Wireguard peer for the service you need to connect to. When you set those up, each one will get a private IPv6 address that’s accessible from your app. You can run these on the same host you’re using for OpenVPN.

The trick is getting those IPs to forward to the right place. It doesn’t look like Projector supports a SOCKS proxy yet, which would be simplest, so you’ll need to run something on your server to proxy connections to the right place. I think this is doable with HAProxy, but you might need different ports per development service.

Assuming you get that going, you should be able to connect to <peer-private-ip> from Projector in your app.

Another option is to do your own wireguard. You can create a wireguard config on your server and then configure your Fly VMs to connect to it and forward all traffic. This is easier than an OpenVPN client because the kernels we use have wireguard support baked in, but it also requires more Docker shenanigans to get connected.

Wow, didn’t expect such a detailed answer so fast!

Thanks for pointing me to a direction.

Guess I have something new to try next weekend!

1 Like