As title says, I have a Docker container with Mullvad VPN installed, here’s Dockerfile:
FROM ubuntu:24.04
LABEL maintainer="Bernard Ko"
# Install Mullvad VPN binaries only. We don't install the Debian package
# directly since it depends on systemd, which is difficult to setup in
# containers because it requires to be running as PID 1.
RUN DEBIAN_FRONTEND=noninteractive apt-get --yes update &&
apt-get --yes install ca-certificates dbus curl dnsutils &&
curl -fsSL -o mullvadvpn.deb "https://mullvad.net/download/app/deb/latest" &&
dpkg-deb -R mullvadvpn.deb /tmp/pkg &&
mv /tmp/pkg/usr/bin/* /usr/local/bin/ &&
rm -f mullvadvpn.deb &&
rm -rf /tmp/pkg &&
apt-get --yes clean &&
rm -rf /var/lib/apt/lists/*
VOLUME /conf
ENV MULLVAD_SETTINGS_DIR=/conf
ENTRYPOINT ["/usr/local/bin/mullvad-daemon"]
CMD ["-v"]
Container created, Mullvad set up and connected with local network sharing allowed.
I’d like to use this container as a local SOCKS5 proxy. For that purpose I’ve installed danted inside it (for now just using docker exec on launched container, not editing Dockerfile). Here’s my /etc/danted.conf:
debug: 0
logoutput: stdout
errorlog: stderr
user.privileged: root
user.unprivileged: nobody
internal: 0.0.0.0 port = 51840
external: wg0-mullvad
clientmethod: none
socksmethod: none
client pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect ioop data tcpinfo
}
socks pass {
from: 0.0.0.0/0 to: 0.0.0.0/0
log: connect disconnect ioop data tcpinfo
}
Port 51840 on container was exposed for TCP and UDP both.
I launched danted with corresponding command, and TCP traffic proxies perfectly, which can’t be said about UDP. Tried to test with the following script and it get stuck forever without getting any response. This is what’s printed in danted output:
Feb 12 23:16:19 (1739391379.045180) danted[85151]: info: Dante/server[1/1] v1.4.3 running
Feb 12 23:16:19 (1739391379.048056) danted[85155]: info: pass(1): tcp/accept [: 172.20.0.1.54090 172.20.0.2.51840
TCP_INFO:
tcpi_state : 1 (ESTABLISHED)
tcpi_ca_state : 0 (TCP_CA_Open)
tcpi_retransmits : 0
tcpi_probes : 0
tcpi_backoff : 0
tcpi_options : 7 (TS, SACK, Wscale)
tcpi_snd_wscale : 7
tcpi_rcv_wscale : 7
tcpi_rto : 205000
tcpi_ato : 40000
tcpi_snd_mss : 1448
tcpi_rcv_mss : 536
tcpi_unacked : 0
tcpi_sacked : 0
tcpi_lost : 0
tcpi_retrans : 0
tcpi_fackets : 0
tcpi_last_data_sent : 98
tcpi_last_ack_sent : 0
tcpi_last_data_recv : 98
tcpi_last_ack_recv : 98
tcpi_pmtu : 1500
tcpi_rcv_ssthresh : 64076
tcpi_rtt : 34
tcpi_rttvar : 17
tcpi_snd_ssthresh : 2147483647
tcpi_snd_cwnd : 10
tcpi_advmss : 1448
tcpi_reordering : 3
tcpi_rcv_rtt : 0
tcpi_rcv_space : 14600
tcpi_total_retrans : 0
Feb 12 23:16:19 (1739391379.057075) danted[85156]: info: pass(1): udp/udpassociate [: 0.0.0.0.46195 172.20.0.2.42720
Feb 12 23:16:19 (1739391379.063535) danted[85172]: info: pass(1): udp/udpassociate ]: 0/0 -> 0.0.0.0.46195 172.20.0.2.42720 -> 0/0: local client closed. Session duration: 0s
Feb 12 23:16:19 (1739391379.064099) danted[85172]: info: pass(1): tcp/accept ]: 0 -> 172.20.0.1.54090 172.20.0.2.51840 -> 0: local client closed. Session duration: 0s
If I disconnect from Mullvad and set up eth0 as an external interface in /etc/danted.conf, proxying works perfect. But I need it to work through Mullvad VPN.
Any ideas what’s wrong here?
