E
E
Eugene2016-06-14 16:40:57
linux
Eugene, 2016-06-14 16:40:57

What is the reason for the lack of access to external networks when connecting to OpenVPN in a Docker container?

I am learning Docker. For understanding, I took a real task - to transfer services from VPS DO to VPS Vultr. For the future simplicity of such transfers, including.
I started with a simple one - a personal VPN based on OpenVPN. I build an image from the Dockerfile (I copy the current settings and keys from the running server):
FROM debian:latest
MAINTAINER Evgeniy Bekhterev
RUN apt-get update && apt-get install -y openvpn easy-rsa
COPY /openvpn/* /etc/openvpn/
ENTRYPOINT service openvpn start && bash
EXPOSE 1194/udp
Further I start the container, the openvpn service is started, the Internet is visible from the container. I connect as a client, I get 10.8.0.6, but I ping from the client only 10.8.0.1 (container endpoint).
I feel a problem somewhere with nat or routing.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
E
Eugene, 2016-06-14
@misant

I found it myself, as I thought, I need nat from inside the container. Correct Dockerfile:
FROM debian:latest
MAINTAINER Evgeniy Bekhterev
RUN apt-get update && apt-get install -y openvpn easy-rsa iptables
ENTRYPOINT iptables -A FORWARD -i tun0 -j ACCEPT
ENTRYPOINT iptables -A FORWARD -i tun0 -o eth0 - m state --state RELATED,ESTABLISHED -j ACCEPT
ENTRYPOINT iptables -A FORWARD -i eth0 -o tun0 -m state --state RELATED,ESTABLISHED -j ACCEPT
ENTRYPOINT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
COPY / openvpn/* /etc/openvpn/
ENTRYPOINT service openvpn start && bash
EXPOSE 1194/udp
Found the answer with: How to wrap traffic in an OpenVPN tunnel?
PS: when re-creating the container, it turned out that I forgot to specify the nata rule itself

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question