Closed mebert1977 closed 6 months ago
openvpn | Configuring networking rules...
openvpn | net.ipv4.ip_forward = 1
openvpn | Configuring iptables...
openvpn | NAT for OpenVPN clients
openvpn | Blocking ICMP for external clients
openvpn | Blocking internal home subnet to access from external openvpn clients (Internet still available)
openvpn | No additional firewall rules to apply.
openvpn | IPT MASQ Chains:
openvpn | MASQUERADE all -- 10.0.70.0/24 anywhere
openvpn | MASQUERADE all -- 10.0.71.0/24 anywhere
openvpn | IPT FWD Chains:
openvpn | 0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 8
openvpn | 0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 0
openvpn | 0 0 DROP 0 -- * * 10.0.71.0/24 192.168.5.0/24
openvpn | Start openvpn process...
6e9515b376ec:/opt/app# ps -ef
PID USER TIME COMMAND
1 root 0:00 {docker-entrypoi} /bin/bash ./docker-entrypoint.sh
126 root 0:00 bash
170 nobody 0:00 /usr/sbin/openvpn --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf
178 root 0:00 tail -f openvpn.log
Hi @mebert1977 as I see the container is running well.
For UDP you could use following nc -vzu 176.23.0.3 1194
to check if it is accessible outside of the server running the container.
Sorry, my mistake.
mebert@VM42:~$ echo -e "\x38\x01\x00\x00\x00\x00\x00\x00\x00" | timeout 10 nc -u 192.168.5.62 1194 | cat -v
mebert@VM42:~$ echo -e "\x38\x01\x00\x00\x00\x00\x00\x00\x00" | timeout 10 nc -u 192.168.5.62 1194 | cat -v
mebert@VM42:~$ echo Container started just now
Container started just now
mebert@VM42:~$ echo -e "\x38\x01\x00\x00\x00\x00\x00\x00\x00" | timeout 10 nc -u 192.168.5.62 1194 | cat -v
@M-@^W^L'uM-]$M-4^A^@^@^@^@^A^@^@^@^@^@^@^@^@^@^@^@
So, I know now that the container is listening on port 1194. VM42 is the hostname of the host running docker, so outside the container.
By the way, I just build the container again without openvpn-ui. Will try to create client.ovpn via the command line.
YESSS, got it working. Overlooke the whole time the following entries in server.conf and now commented them out.
By the way, really awesome made!
I'm struggling for more than a day with the defaulti install. Can you please send me in a direction? Docker host runs on een ubuntu 22.04 instance
Actions taken: 1) installed a docker container from some random supplier and tested this from a different public ip adres to my openvpn-server docker container(not your d3vilh/openvpn-server) and got it working. So NAT etc, whole shebang of port 1194 routing to docker containers works. 2) installed d3vilh/openvpn-server and used the docker-compose-openvpnui.yml with: uncommented management port 2080 and added cap_add NET_ADMIN in openvpn-ui section otherwise didn't start. This resulted in the 2 containers. The UI did connect to openvpn-server and was fully configurable. Though, the vpnserver did not reply to incomming clients. I changed it to mij PUBLIC_IP:1194, but also tested it internally docker_host:1194. No result. The port udp 1194 was exposed from the container. But no luck 3) next step was to disable iptables in openvpn-server because I had the feeling that the packaets where dropped. not only commented thsi out in docker-entrypoint.sh but also in the container. Did not help 4) added verbose logging to 4 and even 11. No logging after the last openvpn messing that it was started when trying to connect with client. Looks like the request isn't received. 5) changed HOME_SUB to 192.168.5.0 as this is the ip ranged I use at home. no luck. 6) with netstat found udp port 1194 is 'listening' so that was correct in the container(openvpn-server) 7) nc -vz 176.23.0.3 1194, nc -vz 1194 in the container gave no result.
8) ps -ef show openvpn is running in the container.
Do you have an idea what can be wrong?