Open devantoine opened 6 years ago
Is this issue with normal intel based macs? Cos this is also an issue on the latest version for the M1 chip. Cannot ping services behind a VPN.
Has anyone tried setting up a VPN client inside a docker container and pointing other docker containers to it?
What worked for me was to change docker subnet mask from /24 to /28, then restarted and I can now ping, telnet and other things on my vpn network. It says the default is /28 but docker desktop ships with /24 on it. Maybe it's a typo, I don't know.
This is an issue still for me. I am not able to have my docker containers connect using my vpn.
This was happening to me as well, but only when Kubernetes was enabled.
In my case it was because the corporate VPN uses subnets in the 10.x.x.x
range (as many do), specifically 10.1.x.x
, and the Docker Kubnetes engine uses the same subnet for its own network interface (10.1.0.0/16
). Note that this isn't the IP of the tunnel or anything you would see in ifconfig
, just the IP range frequently used in the network behind the VPN.
There is currently no way to configure this from the Docker UI, but if you can change it permanently by editing ~/Library/Group Containers/group.com.docker/cni/10-default.conflist
and restarting the Docker service (from bug icon in top right of dashboard is easiest). Not sure if existing containers need to be rebuilt for any reason. I also have not tested if this will keep working after host reboot or if the Docker app is upgraded.
I changed mine to the unused range 10.250.0.0/16
and it fixed the issue. My 10-default.conflist
now looks like this:
{
"cniVersion": "0.3.1",
"name": "default",
"plugins": [
{
"type": "bridge",
"bridge": "cni0",
"isDefaultGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"subnet": "10.250.0.0/16",
"gateway": "10.250.0.1"
},
"dns": {
"nameservers": ["10.250.0.1"]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
},
"snat": true
}
]
}
Thanks to https://stackoverflow.com/a/68658242 and https://stackoverflow.com/a/69903312 for the direction, as well as @cdenneen above.
ran into the same issue and after hours of testing, I identified the issue to be docker network
related.
did a docker network prune
and the issue is resolved. I think the factory reset method mentioned in this thread is equivalent to that
Pruning docker networks will only work if the network causing the issue is not attached to any containers. Otherwise you will have to kill the containers and then prune. Using docker network inspect
helps to identify the culprit. For a more permanent solution take a look at this guide, which makes use of previously mentioned daemon.json
and the default-address-pool
configuration.
I used
Rest to factory defaults
and now it seems like I'm able to access the resources in the VPN.
I had the same problem on windows: i could not connect on the OpenVPN client connection (on Window) even if WSL2 could connect without any issue. Tried debugging networking, giving host network, etc. but nothing worked and i did not find the issue (maybe an iptable/routing mismatch on the Docker bridge nework?). A docker reset did fix the issue "like magic".
Expected behavior
When I'm connected through a VPN I should be able to access the VPN network inside a container.
Actual behavior
When I'm connected through a VPN I cannot access the VPN network, either by hostname or by IP.
Information
Diagnostic ID: FD552713-528B-478F-9BA6-8A6528AA18A4
Steps to reproduce the behavior
Additional informations
This was working perfectly fine when I was using Linux with the same client.