Force the traffic of a Firefox container tab to pass through a VPN or Tor
On newer version of Firefox, it is possible to use container tabs, which isolate the cookies from the normal tabs.
It is also possible to assign different proxies to be used in different containers using container tabs.
Then, we can create a docker container with a VPN client and a proxy server running. By doing this, we can assign our docker proxy to a container tab so that all the traffic of that tab goes through the VPN that is running only inside the docker container.
git clone https://github.com/Nickguitar/VPNTabs
Important note: if your user doesn't have permission to run docker containers you will need to run the script with sudo
cp /path/to/vpn/files/* ovpn_files/
./VPNTabs --build
It's only recommended to use --map
in private networks, or if using good firewall rules if in a public network
./VPNTabs --run <OPENVPN FILE> [--map] [--port <PORT>] [--name <CONTAINER NAME>] [--ask-credendials]
e.g.:
./VPNTabs --run mullvad_us_all.ovpn --name Mullvad_US
./VPNTabs --run --tor
[Alternative] Instead of using VPNTabs
, you can run your custom script or use docker-compose. Here is an example:
# To run a VPN container
docker run -d \
--cap-add=NET_ADMIN \
--device /dev/net/tun \
--sysctl net.ipv6.conf.all.disable_ipv6=0 \
-p "9050:9050" \
--name "<NAME OF YOUR CONTAINER>" \
-e OVPN_FILE="<YOUR VPN FILE NAME>" \
-e VPN_USER="<YOUR VPN USER>" \
-e VPN_PASSWORD="YOUR VPN PASSWORD" \
-v "<PATH/TO/YOUR/VPN/FILES/FOLDER>:/ovpn" \
vpntabs
# To run a TOR container
docker run -d \
--name "TOR" \
-p "9050:9050" \
-e TOR_CONTAINER="1" \
vpntabs
The envoriment variable OVPN_FILE
is used to know which file OpenVPN should use.
For docker-compose you can use docker-compose-ylm
. Configs are well documented in the docker-compose.ylm
file
$ ./VPNTabs -r ovpn_files/mullvad_br_sao.conf
___
"._`-. (\-.
'-.`;.--.___/ _`>
`"( ) , )
\\----\-\
VPN Tabs
Use Firefox container
tabs with VPN
Nicholas Ferreira & Gabriel Belli
[+] Proxy server is running on socks://172.17.0.4:9050 with mullvad_br_sao.conf
Container id: 1a322089b9e
Now every website you access using those container tabs will pass through your local proxy, which points to a docker container whose traffic pass through your VPN. =)
- You can generate as many containers as you want, each one running a different VPN config file. In this way, it is possible to have multiple container tabs, each with a different VPN.
- To generate another container with another ovpn config file, just place the config file inside
ovpn_files
and follow step 5. - VPNTabs has a built in kill switch into its proxy. When connected to a VPN, VPNTabs uses Squid Proxy, which is configured to only use VPN's interface as gateway. When using TOR instead VPN, the TOR proxy won't route if TOR network is down anyway.
- Since the VPN client is running inside a docker container, all your other network traffic isn't being tunneled through the VPN. The only connections going through the VPN are those pointing to the local proxy you've created.