Claude Code VPN Container

Docker container with WireGuard VPN and kill switch for isolated Claude Code usage.

Views1
PublishedJan 14, 2026

Loading actions...

5 minBeginnerpromptSingle file

Skill content

Main instructions and any bundled files for this skill.

markdown

Русская версия

Claude Code VPN Container

Docker container with WireGuard VPN and kill switch for isolated Claude Code usage.

Features

  • WireGuard VPN with automatic connection
  • Kill switch — all traffic blocked without VPN
  • Mount any project folder
  • Authentication persists between restarts

Requirements

  • Docker + Docker Compose
  • Colima (for macOS) or Docker Desktop
  • WireGuard configuration from your VPN provider
  • Claude Pro/Max subscription

Installation

1. Clone the repository

git clone <repo-url>
cd claude_docker

2. Create .env file

cp .env.example .env

Edit .env:

PROJECT_PATH=/path/to/your/projects

3. Add WireGuard config

Copy config from your VPN provider:

cp ~/Downloads/your-vpn.conf wireguard/wg0.conf

Or create from example:

cp wireguard/wg0.conf.example wireguard/wg0.conf
# Edit wireguard/wg0.conf

4. Start

# Start Colima (macOS)
colima start

# Build and run
docker compose build
docker compose up -d

# Verify VPN
docker compose exec claude-vpn curl -s http://ifconfig.me

5. Run Claude Code

docker compose exec -it claude-vpn claude /projects/your-project

On first run, authenticate via browser (Pro/Max subscription).

Usage

# Run Claude for a project
docker compose exec -it claude-vpn claude /projects/myproject

# Interactive shell
docker compose exec -it claude-vpn bash

# Check VPN
docker compose exec claude-vpn wg show
docker compose exec claude-vpn curl -s http://ifconfig.me

# Stop
docker compose stop

# Start
docker compose start

# Full stop
docker compose down

Multiple projects simultaneously

Open multiple terminals:

# Terminal 1
docker compose exec -it claude-vpn claude /projects/project1

# Terminal 2
docker compose exec -it claude-vpn claude /projects/project2

Structure

.
├── Dockerfile
├── docker-compose.yml
├── entrypoint.sh
├── .env                    # your settings (not in git)
├── .env.example
├── wireguard/
│   ├── wg0.conf           # your VPN config (not in git)
│   └── wg0.conf.example
└── claude-config/          # Claude auth data (not in git)

Kill Switch

Implemented via iptables:

  • All traffic DROP by default
  • Only WireGuard (wg0) traffic allowed
  • No internet if VPN goes down

Troubleshooting

HTTPS timeout

Some HTTPS services are slow through VPN. MTU is already set to 1280 for compatibility.

Authentication not persisting

Make sure claude-config/ folder exists and is mounted.

Share: