Claude Code VPN Container
Docker container with WireGuard VPN and kill switch for isolated Claude Code usage.
Loading actions...
Skill content
Main instructions and any bundled files for this skill.
Claude Code VPN Container
Docker container with WireGuard VPN and kill switch for isolated Claude Code usage.
Features
- WireGuard VPN with automatic connection
- Kill switch — all traffic blocked without VPN
- Mount any project folder
- Authentication persists between restarts
Requirements
- Docker + Docker Compose
- Colima (for macOS) or Docker Desktop
- WireGuard configuration from your VPN provider
- Claude Pro/Max subscription
Installation
1. Clone the repository
git clone <repo-url>
cd claude_docker
2. Create .env file
cp .env.example .env
Edit .env:
PROJECT_PATH=/path/to/your/projects
3. Add WireGuard config
Copy config from your VPN provider:
cp ~/Downloads/your-vpn.conf wireguard/wg0.conf
Or create from example:
cp wireguard/wg0.conf.example wireguard/wg0.conf
# Edit wireguard/wg0.conf
4. Start
# Start Colima (macOS)
colima start
# Build and run
docker compose build
docker compose up -d
# Verify VPN
docker compose exec claude-vpn curl -s http://ifconfig.me
5. Run Claude Code
docker compose exec -it claude-vpn claude /projects/your-project
On first run, authenticate via browser (Pro/Max subscription).
Usage
# Run Claude for a project
docker compose exec -it claude-vpn claude /projects/myproject
# Interactive shell
docker compose exec -it claude-vpn bash
# Check VPN
docker compose exec claude-vpn wg show
docker compose exec claude-vpn curl -s http://ifconfig.me
# Stop
docker compose stop
# Start
docker compose start
# Full stop
docker compose down
Multiple projects simultaneously
Open multiple terminals:
# Terminal 1
docker compose exec -it claude-vpn claude /projects/project1
# Terminal 2
docker compose exec -it claude-vpn claude /projects/project2
Structure
.
├── Dockerfile
├── docker-compose.yml
├── entrypoint.sh
├── .env # your settings (not in git)
├── .env.example
├── wireguard/
│ ├── wg0.conf # your VPN config (not in git)
│ └── wg0.conf.example
└── claude-config/ # Claude auth data (not in git)
Kill Switch
Implemented via iptables:
- All traffic DROP by default
- Only WireGuard (wg0) traffic allowed
- No internet if VPN goes down
Troubleshooting
HTTPS timeout
Some HTTPS services are slow through VPN. MTU is already set to 1280 for compatibility.
Authentication not persisting
Make sure claude-config/ folder exists and is mounted.
Related Skills
Frontend Typescript Linting.mdc
TypeScript and ESLint rules that MUST be followed when creating, modifying, or reviewing any file under apps/frontend/, including .ts, .tsx, .js, and .jsx files. Also apply when discussing frontend li...
2. Apply Deepthink Protocol (reason about dependencies
risks