K
K
kocmoc-dev2021-04-11 12:23:12
linux
kocmoc-dev, 2021-04-11 12:23:12

How to correctly configure Docker routing in an OpenVPN network?

Good afternoon! The task is to organize communication between docker networks through a private openVPN network. A container is created on the server with OpenVPN installed in it as a server and an additional network with addresses 192.168.2.0/24 is created in docker. The OpenVpn server itself and other docker containers connect to this network. Next, on another machine, an OpenVpn client is created in Docker, which connects to the server. The client also has a separate docker network 192.168.3.0/24. So here's the connection between the client and the server made everything work. Both the server and the client ping between themselves and from other containers, both the client and the server, but the other containers themselves (not the server and not the client) are not available. You need to make access to all containers in the networks 192.168.3.0 and 192.168.2.0

Файл настроек сервера port 1194
proto udp
dev tun
ca /etc/openvpn/keys/ca.crt
cert /etc/openvpn/keys/server.crt
key /etc/openvpn/keys/server.key
dh /etc/openvpn/keys/dh.pem
server 192.168.50.0 255.255.255.0
client-config-dir /etc/openvpn/ccd ifconfig-pool-persist /etc/openvpn/ipp.txt
cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-256-CBC
auth SHA512
tls-auth /etc/openvpn/keys/ta.key 1
tls-server
tls-version-min 1.2
key-direction 0
keepalive 10 60
persist-key
persist-tun
client-to-client
keepalive 10 120
comp-lzo no
max-clients 10
persist-key persist-tun route-method exe
status /etc/openvpn/log/openvpn-status.log
log /etc/openvpn/log/openvpn.log
verb 3
mute 20
route 192.168.3.0 255.255.255.0
route 192.168.2.0 255.255.25O.0
push «route 192.168.3.0 255.255.255.0»
push «route 192.168.2.0 255.255.255.0»
push «route 192.168.50.0 255.255.255.0»


Маршруты сервера
default via 192.168.2.1 dev eth0
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.2
192.168.3.0/24 via 192.168.50.2 dev tun0
192.168.50.0/24 via 192.168.50.2 dev tun0
192.168.50.2 dev tun0 proto kernel scope link src 192.168.50.1


Those. the server itself is pinged from the client 192.168.3.2 -> 192.168.2.2 and back. Ping from 192.168.3.3 -> 192.168.3.2 also passes when adding a route to it
ip route add 192.168.3.0/24 via 192.168.2.2
Ping from 192.168.3.2 does not work -> 192.168.3.3 Ping from 192.168.2.2
to 192.168.3.3 does not work

Answer the question

In order to leave comments, you need to log in

1 answer(s)
K
kocmoc-dev, 2021-04-14
@kocmoc-dev

As they say, ask a question yourself and answer it. The answer turned out to be very simple. The bottom line is that you need to register a new default gateway in each docker container, for example, 192.168.3.3, which is just either a container with an OpenVPN client or an OpenVPN server.
If the OpenVPN client has an address of 192.168.2.2, then inside the docker container with IP 192.168.2.3 you need to
replace default via 192.168.2.1 with default via 192.168.2.2
ip route replace default via 192.168.2.2
After which the container's routing table will take the following form:

[email protected]:/# ip route
default via 192.168.2.2 dev eth0 
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.3

For those who are interested, here is the server routing table
[email protected]:/# ip route
default via 192.168.2.1 dev eth0 
192.168.2.0/24 dev eth0 proto kernel scope link src 192.168.2.2 
192.168.3.0/24 via 192.168.50.2 dev tun0 
192.168.50.0/24 dev tun0 proto kernel scope link src 192.168.50.1

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question