Skip to content


Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time

English | 中文简体

Change mac-docker-connector to desktop-docker-connector to support both Docker Desktop for Mac and Docker Desktop for Windows


Docker Desktop for Mac and Windows does not provide access to container IP from host(macOS or Windows). Reference Known limitations, use cases, and workarounds. There is a complex solution, which is also my source of inspiration. The main idea is to build a VPN between the macOS/Windows host and the docker virtual machine.

+---------------+          +--------------------+
|               |          | Hypervisor/Hyper-V |
| macOS/Windows |          |  +-----------+     |
|               |          |  | Container |     |
|               |   vpn    |  +-----------+     |
|   VPN Client  |<-------->|   VPN Server       |
+---------------+          +--------------------+

But the macOS/Windows host cannot access the container, the vpn port must be exported and forwarded. Since the VPN connection is duplex, so we can reverse it.

+---------------+          +--------------------+
|               |          | Hypervisor/Hyper-V |
| macOS/Windows |          |  +-----------+     |
|               |          |  | Container |     |
|               |   vpn    |  +-----------+     |
| VPN Server    |<-------->|   VPN Client       |
+---------------+          +--------------------+

Even so, we need to do more extra work to use openvpn, such as certificates, configuration, etc. All I want is to access the container via IP, why is it so cumbersome. No need for security, multi-clients, or certificates, just connect.

+---------------+          +--------------------+
|               |          | Hypervisor/Hyper-V |
| macOS/Windows |          |  +-----------+     |
|               |          |  | Container |     |
|               |   udp    |  +-----------+     |
| TUN Server    |<-------->|   TUN Client       |
+---------------+          +--------------------+

In the view of Docker and iptables, this tool also provides the ability of two subnets to access each other.

|      Hypervisor/Hyper-V       | 
| +----------+     +----------+ | 
| | subnet 1 |<--->| subnet 2 | |
| +----------+     +----------+ |




Install mac client of desktop-docker-connector.

$ brew tap wenjunxiao/brew
$ brew install docker-connector

Config route of docker network

$ docker network ls --filter driver=bridge --format "{{.ID}}" | xargs docker network inspect --format "route {{range .IPAM.Config}}{{.Subnet}}{{end}}" >> "$(brew --prefix)/etc/docker-connector.conf"

Start the service

$ sudo brew services start docker-connector


Need to install tap driver tap-windows from OpenVPN. Download the latest version and install.

Download windows client of desktop-docker-connector from Releases, and then unzip it.

Append bridge network to options.conf, format like route


Run directly by bat start-connector.bat or install as service by follow step:

  1. Run the bat install-service.bat to install as windows service.
  2. Run the bat start-service.bat to start the connector service. And finally, you can run the bat stop-service.bat to stop the connector service, run the bat uninstall-service.bat to uninstall the connector service.


Install docker front of desktop-docker-connector

$ docker pull wenjunxiao/desktop-docker-connector

Start the docker front. The network must be host, and add NET_ADMIN capability.

$ docker run -it -d --restart always --net host --cap-add NET_ADMIN --name desktop-connector wenjunxiao/desktop-docker-connector

If you want to expose the containers of docker to other pepole, Please reference docker-accessor


Basic configuration items, do not need to modify these, unless your environment conflicts, if necessary, then the docker container desktop-docker-connector also needs to be started with the same parameters

  • addr virtual network address, default (change if it conflict)

  • port udp listen port, default 2511 (change if it conflict)

    port 2511
  • mtu the MTU of network, default 1400

    mtu 1400
  • host udp listen host, used to be connected by desktop-docker-connector, default for security and adaptation


    Dynamic hot-loading configuration items can take effect without restarting, and need to be added or modified according to your needs.

  • route Add a route to access the docker container subnet, usually when you create a bridge network by docker network create --subnet app, run echo "route" >> "$(brew --prefix)/etc/docker-connector.conf" to append route to config file.

  • iptables Insert(+) or delete(-) a iptable rule for two subnets to access each other.


    The ip is subnet address without mask, and join with + to insert a rule, and join with - to delete a rule.

  • expose Expose you docker container to other pepole, default disabled.


    the exposed address should be connected by docker-accessor. And then add expose after then route you want to be exposed

    route expose
  • token Define the access token and the virtual IP assigned after connection

    token token-name

    The token name is customized and unique, and the IP must be valid in the virtual network defined by addr

  • hosts allows the custom domain with ip, also can be used in the container

    hosts /etc/hosts .local .inc

    The first parameter is the hosts file, and the subsequent parameters are the filtered domain name suffix

  • proxy allows services that listen locally on to be accessed by the container


    The first part is the address where the local service listens, and the port 80 in the latter part is the port where the proxy listens


The connector provides the ability for the mac/windows host to directly access the docker container







No packages published