How to Force All Traffic Through a VPN on Windows Using Docker (When Your Router Can’t)

Published January 16, 2026 | By Adblockdude

How to Force All Traffic Through a VPN on Windows Using Docker (When Your Router Can’t)

When your router can’t run a VPN client (which is very common with ISP-provided or locked-down models, instructions here for doing it though), one workaround is to route all network traffic through a Windows machine running a VPN inside a Docker container. In this setup, the Windows PC effectively becomes a gateway: other devices send their traffic to it, Windows forwards it to the Docker virtual machine, and the VPN container tunnels it out to the internet. It’s not as clean or simple as a true router-level VPN, and it comes with real limitations (firewalls, sleep states, Docker networking quirks), but it can achieve “whole-network VPN” behavior when traditional router installs aren’t possible.

If you’re running MacOS there are different instructions for installing a VPN in Docker on MacOS + instructions for routing traffic.

Windows Architecture Reality

So we need:

  1. Windows to forward traffic

  2. Windows to NAT into Docker VM

  3. Docker VM to forward into VPN tunnel (click here for instructions on installing the VPN Docker container on Windows).

Requirements

The Hard Limits

Know this!

  1. If Windows sleeps → internet dies

  2. Docker updates can break networking

  3. WSL2 networking is NAT’d → adds latency

  4. Some devices (Chromecast, consoles) hate non-standard gateways

  5. This is not “set and forget”

Click if you need a NordVPN service account

Step 0 – Verify Docker is Using WSL2

In PowerShell:

wsl -l -v

You should see:

docker-desktop Running 2

If not, fix that first.

Step 1 – Enable IP Forwarding in Windows

Open PowerShell as Administrator:

Get-NetIPInterface

Find your main LAN interface (usually Ethernet or Wi-Fi), note the InterfaceIndex.

Then:

Set-NetIPInterface -InterfaceIndex <index> -Forwarding Enabled

Now enable the routing service:

sc config RemoteAccess start= auto
sc start RemoteAccess

This is important. Without this, Windows often won’t forward packets reliably.

Step 2 – Allow Forwarding Through Windows Firewall

Still in admin PowerShell:

netsh advfirewall firewall add rule name="Allow Forwarded Traffic" dir=in action=allow protocol=any
netsh advfirewall firewall add rule name="Allow Forwarded Traffic" dir=out action=allow protocol=any

Or, more controlled:

Set-NetFirewallProfile -Profile Domain,Public,Private -AllowInboundRules True

(You can tighten later.)

Step 3 – Run NordVPN in Docker

Example:

docker run -d ^
--name nordvpn ^
--cap-add=NET_ADMIN ^
--device /dev/net/tun ^
nordvpn/nordvpn

Then:

docker exec -it nordvpn bash
nordvpn login
nordvpn connect

Verify tunnel:

ip a

You must see tun0. If not, stop.

Step 4 – Enter the Docker VM (WSL2)

In PowerShell:

wsl -d docker-desktop

Now you are inside the Linux VM that actually hosts the container network.

Step 5 – Enable Forwarding in WSL2

sudo sysctl -w net.ipv4.ip_forward=1

Step 6 – NAT WSL2 Traffic Into the VPN Tunnel

Still inside WSL2:

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

Allow forwarding:

sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

At this point:

Windows can forward → WSL2 can forward → VPN tunnel exists

The pipeline is now technically functional.

Step 7 – Make Windows the Gateway for Other Devices

This is where router reality kicks in.

Case A – Router Allows DHCP Gateway Override (Rare)

Router LAN settings:

Gateway: <Windows IP>

Done.

Case B – Router Does NOT Allow (Most Common)

You must set per device:

Example on a device:

IP: 192.168.1.100
Subnet: 255.255.255.0
Gateway: 192.168.1.50 ← Windows machine
DNS: 1.1.1.1

Now that device routes:

Device → Windows → WSL2 → NordVPN → Internet

Step 8 – Test

On the device:

If not:

  • Check Windows firewall

  • Check ip route in WSL2

  • Check iptables -t nat -L

Click here if you want to save on NordVPN

Powered by WordPress and Simple Affiliate WordPress Theme