from alpine:3.9; run openvpn; ipv6

$ docker-compose up
Creating network "hacktheboxplayground_default" with driver "bridge"
Creating hacktheboxplayground_playground_1 ...
Creating hacktheboxplayground_playground_1 ... done
Attaching to hacktheboxplayground_playground_1
playground_1  | Wed Mar 13 11:51:09 2019 OpenVPN 2.4.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 26 2018
playground_1  | Wed Mar 13 11:51:09 2019 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10
playground_1  | Wed Mar 13 11:51:09 2019 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
playground_1  | Wed Mar 13 11:51:09 2019 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
playground_1  | Wed Mar 13 11:51:09 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]88.198.233.171:1337
playground_1  | Wed Mar 13 11:51:09 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
playground_1  | Wed Mar 13 11:51:09 2019 UDP link local: (not bound)
playground_1  | Wed Mar 13 11:51:09 2019 UDP link remote: [AF_INET]88.198.233.171:1337
playground_1  | Wed Mar 13 11:51:09 2019 TLS: Initial packet from [AF_INET]88.198.233.171:1337, sid=4dec3562 a2db9821
playground_1  | Wed Mar 13 11:51:10 2019 VERIFY OK: depth=1, C=UK, ST=City, L=London, O=HackTheBox, CN=HackTheBox CA, name=htb, emailAddress=info@hackthebox.eu
playground_1  | Wed Mar 13 11:51:10 2019 VERIFY KU OK
playground_1  | Wed Mar 13 11:51:10 2019 Validating certificate extended key usage
playground_1  | Wed Mar 13 11:51:10 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
playground_1  | Wed Mar 13 11:51:10 2019 VERIFY EKU OK
playground_1  | Wed Mar 13 11:51:10 2019 VERIFY OK: depth=0, C=UK, ST=City, L=London, O=HackTheBox, CN=htb, name=htb, emailAddress=info@hackthebox.eu
playground_1  | Wed Mar 13 11:51:10 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
playground_1  | Wed Mar 13 11:51:10 2019 [htb] Peer Connection Initiated with [AF_INET]88.198.233.171:1337
playground_1  | Wed Mar 13 11:51:11 2019 SENT CONTROL [htb]: 'PUSH_REQUEST' (status=1)
playground_1  | Wed Mar 13 11:51:11 2019 PUSH: Received control message: 'PUSH_REPLY,route 10.10.10.0 255.255.255.0,route-ipv6 dead:beef::/64,tun-ipv6,route-gateway 10.10.12.1,topology subnet,ping 10,ping-restart 120,ifconfig-ipv6 dead:beef:2::12b3/64 dead:beef:2::1,ifconfig 10.10.14.181 255.255.252.0,peer-id 3,cipher AES-256-GCM'
playground_1  | Wed Mar 13 11:51:11 2019 OPTIONS IMPORT: timers and/or timeouts modified
playground_1  | Wed Mar 13 11:51:11 2019 OPTIONS IMPORT: --ifconfig/up options modified
playground_1  | Wed Mar 13 11:51:11 2019 OPTIONS IMPORT: route options modified
playground_1  | Wed Mar 13 11:51:11 2019 OPTIONS IMPORT: route-related options modified
playground_1  | Wed Mar 13 11:51:11 2019 OPTIONS IMPORT: peer-id set
playground_1  | Wed Mar 13 11:51:11 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
playground_1  | Wed Mar 13 11:51:11 2019 OPTIONS IMPORT: data channel crypto options modified
playground_1  | Wed Mar 13 11:51:11 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
playground_1  | Wed Mar 13 11:51:11 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
playground_1  | Wed Mar 13 11:51:11 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
playground_1  | Wed Mar 13 11:51:11 2019 ROUTE_GATEWAY 172.31.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:**:**:**:**:**
playground_1  | Wed Mar 13 11:51:11 2019 GDG6: remote_host_ipv6=n/a
playground_1  | Wed Mar 13 11:51:11 2019 ROUTE6_GATEWAY 2001:3984:3989::1 IFACE=eth0
playground_1  | Wed Mar 13 11:51:11 2019 TUN/TAP device tun0 opened
playground_1  | Wed Mar 13 11:51:11 2019 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
playground_1  | Wed Mar 13 11:51:11 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
playground_1  | Wed Mar 13 11:51:11 2019 /sbin/ip link set dev tun0 up mtu 1500
playground_1  | Wed Mar 13 11:51:11 2019 /sbin/ip addr add dev tun0 10.10.14.181/22 broadcast 10.10.15.255
playground_1  | Wed Mar 13 11:51:11 2019 /sbin/ip -6 addr add dead:beef:2::12b3/64 dev tun0
playground_1  | Wed Mar 13 11:51:11 2019 /sbin/ip route add 10.10.10.0/24 via 10.10.12.1
playground_1  | Wed Mar 13 11:51:11 2019 add_route_ipv6(dead:beef::/64 -> dead:beef:2::1 metric -1) dev tun0
playground_1  | Wed Mar 13 11:51:11 2019 /sbin/ip -6 route add dead:beef::/64 dev tun0
playground_1  | Wed Mar 13 11:51:11 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
playground_1  | Wed Mar 13 11:51:11 2019 Initialization Sequence Completed

$ docker-compose exec playground ping -c 4 10.10.10.105
PING 10.10.10.105 (10.10.10.105): 56 data bytes
64 bytes from 10.10.10.105: seq=0 ttl=63 time=301.586 ms
64 bytes from 10.10.10.105: seq=1 ttl=63 time=37.489 ms
64 bytes from 10.10.10.105: seq=2 ttl=63 time=58.592 ms
64 bytes from 10.10.10.105: seq=3 ttl=63 time=271.025 ms

--- 10.10.10.105 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 37.489/167.173/301.586 ms

Dockerfile

@@ -0,0 +1,8 @@
+FROM alpine:3.9
+
+RUN apk add --no-cache openvpn
+
+VOLUME /hackthebox
+WORKDIR /hackthebox
+
+CMD ["openvpn", "--config", "/hackthebox/vpn-config.ovpn"]

docker-compose.yml

@@ -0,0 +1,29 @@
+version: '2.1'
+
+networks:
+  default:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+      - subnet: 2001:3984:3989::/64
+
+volumes:
+  hackthebox:
+
+services:
+  playground:
+    build: .
+    image: fphammerle/hackthebox-playground
+    volumes:
+    - hackthebox:/hackthebox
+    devices:
+    - /dev/net/tun
+    cap_add:
+    - NET_ADMIN
+    # https://github.com/dperson/openvpn-client/issues/75
+    sysctls:
+    - net.ipv6.conf.all.disable_ipv6=0
+
+# https://docs.docker.com/compose/compose-file/compose-file-v2/