Using Docksal with VPNs

The approach described here is only possible with Docker Desktop (Mac and Windows). It won’t work when using Docksal with VirtualBox on Mac/Windows, nor will it help on Linux.

Some VPNs are configured to intercept and re-route all traffic (let’s call them “greedy”), thus breaking access to the IP that Docksal is using. Attempting to change network routing while connected to a greedy VPN will usually result in VPN dropping the connection. Enterprise security at work here.

The one thing VPNs cannot do though, is mess with the hosts loopback interface ( That’s how your traditional web server is not affected by a greedy VPN connection - it just binds to (or more likely to - port 80 on all network interfaces).

Binding to can be achieved with Docksal like this:

fin config set --global DOCKSAL_VHOST_PROXY_IP=
fin system reset vhost-proxy

You can then access http://localhost (or and see the “Project missing” page from Docksal’s vhost-proxy container.

Now, how do you get http://myproject.docksal working in this setup? <anything>.docksal resolves to by default, which won’t work while connected to a greedy VPN.

For now, you will have to manually add an DNS override in your hosts file, e.g.: myproject.docksal

Test it with a ping:

$ ping myproject.docksal
PING myproject.docksal ( 56 data bytes
64 bytes from icmp_seq=0 ttl=64 time=0.048 ms