How we solved host VPN conflicts by running OpenVPN inside Docker containers
Captain's log, stardate d642.y41/AB
Captain's log, stardate d642.y41/AB
When your development workflow depends on OpenVPN but your host machine is forced to run a corporate VPN, things can get complicated fast. Host-level VPN software often takes over routing rules, intercepts private networks, and breaks access to remote development services, even when your OpenVPN configuration is correct.
Our team faced this exact issue. Instead of fighting with the host VPN client, we chose a better alternative: we moved the OpenVPN connection inside our Docker development containers.
This article explains the problem, the reasoning, and the complete solution, step by step.
Modern corporate VPN clients often enforce strict security policies. They often:
Override routing tables globally.
Capture private CIDR ranges (especially 10.0.0.0/8).
Redirect internal traffic through themselves.
Block route additions from other VPN clients.
Interfere with Docker bridged networking.
Our development environment relied on OpenVPN to reach remote services. The OpenVPN client could still “connect”, but the host VPN silently hijacked traffic and routed it through its own tunnel instead. OpenVPN showed as connected, but the dev environment was unreachable.
Here’s the key insight: Docker containers run in their own network namespaces. That means host VPN routing rules don’t affect container routing.
By moving OpenVPN into the container:
Host VPN policies cannot override it.
Each service gets an isolated VPN tunnel.
No host OS hacks or route overrides are needed.
Developers can still keep the required corporate VPN active on the host.
The VPN configuration becomes reproducible and version-controlled.
This technique cleanly separates host networking (corporate VPN) from development networking (OpenVPN inside Docker), creating a stable and conflict-free environment.
First, ensure the package is available in your Dockerfile:
RUN apt-get install -yqq ... openvpn
RUN mkdir -p /opt/openvpn && chown -R user:user /opt/openvpn
OpenVPN needs privileges to create tun devices. In your docker-compose.yml:
privileged: true
cap_add:
- NET_ADMIN
Developers store VPN files
under .dockerdev/ovpn/:
volumes:
- ./ovpn:/opt/openvpn
Make sure these files are ignored by Git.
*.ovpn
OPEN_VPN_CONFIG=/opt/openvpn/$CUSTOMER_NETWORK.ovpn
if [ -f "$OPEN_VPN_CONFIG" ]; then
echo "Connecting with VPN"
sudo openvpn --daemon --log-append /var/log/openvpn/openvpn.log --config $OPEN_VPN_CONFIG
fi
exec "$@"
The container checks the selected network and launches OpenVPN automatically.
CUSTOMER_NETWORK: dev-eu-west-3
The value must match an existing .ovpn file:
dev-eu-west-3.ovpn
Once the infrastructure is in place, the developer workflow is simple:
bin/dockerdev setup
Place them in .dockerdev/ovpn/dev-eu-west-3.ovpn
cd .dockerdev
cp compose.override.yml.sample compose.override.yml
Edit as needed setting the CUSTOMER_NETWORK environment variable to the right VPN name.
bin/dockerdev start server
If an OpenVPN profile exists, the VPN starts inside the container automatically.
Running OpenVPN inside Docker gives you:
✅ No more routing conflicts.
✅ Clean separation between host and development networks.
✅ Predictable and isolated development routing.
✅ Zero host OS changes.
✅ Faster onboarding for developers.
✅ A fully reproducible environment.
✅ Reliable access to cloud services behind OpenVPN.
This architecture dramatically improved our development workflow, and it’s a pattern any remote-friendly or cloud-based team can benefit from.
Project setup can be a very cumbersome process for developers. In this blog post, our developer Dani explains how he uses Docker to develop in Rails
Read full article
Docker can be beneficial not just for deploying applications but also for local development. By creating a Docker environment for our Rust API, we can ensure a consistent and isolated development experience across different machines and team members.
Read full article
In this article, we'll explore SQLx - a robust database toolkit for Rust.
Read full article