mebert1977
commented
6 months ago Closed mebert1977 closed 6 months ago
mebert1977
commented
6 months ago mebert1977
commented
6 months ago openvpn | Configuring networking rules...
openvpn | net.ipv4.ip_forward = 1
openvpn | Configuring iptables...
openvpn | NAT for OpenVPN clients
openvpn | Blocking ICMP for external clients
openvpn | Blocking internal home subnet to access from external openvpn clients (Internet still available)
openvpn | No additional firewall rules to apply.
openvpn | IPT MASQ Chains:
openvpn | MASQUERADE all -- 10.0.70.0/24 anywhere
openvpn | MASQUERADE all -- 10.0.71.0/24 anywhere
openvpn | IPT FWD Chains:
openvpn | 0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 8
openvpn | 0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 0
openvpn | 0 0 DROP 0 -- * * 10.0.71.0/24 192.168.5.0/24
openvpn | Start openvpn process...6e9515b376ec:/opt/app# ps -ef
PID USER TIME COMMAND
1 root 0:00 {docker-entrypoi} /bin/bash ./docker-entrypoint.sh
126 root 0:00 bash
170 nobody 0:00 /usr/sbin/openvpn --cd /etc/openvpn --script-security 2 --config /etc/openvpn/server.conf
178 root 0:00 tail -f openvpn.log
d3vilh
commented
6 months ago Hi @mebert1977 as I see the container is running well.
For UDP you could use following nc -vzu 176.23.0.3 1194 to check if it is accessible outside of the server running the container.
mebert1977
commented
6 months ago Sorry, my mistake.
mebert@VM42:~$ echo -e "\x38\x01\x00\x00\x00\x00\x00\x00\x00" | timeout 10 nc -u 192.168.5.62 1194 | cat -v
mebert@VM42:~$ echo -e "\x38\x01\x00\x00\x00\x00\x00\x00\x00" | timeout 10 nc -u 192.168.5.62 1194 | cat -v
mebert@VM42:~$ echo Container started just now
Container started just now
mebert@VM42:~$ echo -e "\x38\x01\x00\x00\x00\x00\x00\x00\x00" | timeout 10 nc -u 192.168.5.62 1194 | cat -v
@M-@^W^L'uM-]$M-4^A^@^@^@^@^A^@^@^@^@^@^@^@^@^@^@^@So, I know now that the container is listening on port 1194. VM42 is the hostname of the host running docker, so outside the container.
By the way, I just build the container again without openvpn-ui. Will try to create client.ovpn via the command line.
mebert1977
commented
6 months ago YESSS, got it working. Overlooke the whole time the following entries in server.conf and now commented them out.
mebert1977
commented
6 months ago By the way, really awesome made!
I'm struggling for more than a day with the defaulti install. Can you please send me in a direction? Docker host runs on een ubuntu 22.04 instance
Actions taken: 1) installed a docker container from some random supplier and tested this from a different public ip adres to my openvpn-server docker container(not your d3vilh/openvpn-server) and got it working. So NAT etc, whole shebang of port 1194 routing to docker containers works. 2) installed d3vilh/openvpn-server and used the docker-compose-openvpnui.yml with: uncommented management port 2080 and added cap_add NET_ADMIN in openvpn-ui section otherwise didn't start. This resulted in the 2 containers. The UI did connect to openvpn-server and was fully configurable. Though, the vpnserver did not reply to incomming clients. I changed it to mij PUBLIC_IP:1194, but also tested it internally docker_host:1194. No result. The port udp 1194 was exposed from the container. But no luck 3) next step was to disable iptables in openvpn-server because I had the feeling that the packaets where dropped. not only commented thsi out in docker-entrypoint.sh but also in the container. Did not help 4) added verbose logging to 4 and even 11. No logging after the last openvpn messing that it was started when trying to connect with client. Looks like the request isn't received. 5) changed HOME_SUB to 192.168.5.0 as this is the ip ranged I use at home. no luck. 6) with netstat found udp port 1194 is 'listening' so that was correct in the container(openvpn-server) 7) nc -vz 176.23.0.3 1194, nc -vz 1194 in the container gave no result.
8) ps -ef show openvpn is running in the container.
Do you have an idea what can be wrong?