search

dperson / openvpn-client

GNU Affero General Public License v3.0
1.06k stars 587 forks source link

How to use port forwarding from VPN provider? #321

Open jeff47 opened 4 years ago

jeff47 commented 4 years ago

Hello, I am trying to get this container to provide an openvpn connection to an rtorrent container. My VPN provider forwards ports, but how do I open them in the right container to accept incoming connections? It seems like they must be open in the openvpn-client container, since that's the one listening to the VPN provider - but that container does not have a service listening on that port, it's in the rtorrent container that uses openvpn-client for net access.

Does this make sense?

arpitgupta commented 4 years ago

This is how it works when one container uses other containers network. To enable port forwarding via your vpn you can add env variables in your compose file such as

VPNPORT: 'some_port1;tcp'
VPNPORT_2: 'some_port2;udp'
....
VPNPORT_5:  'some_port3;udp'

Also configure any ports in the vpn container that you might need to access like the ports for the http end points etc would go into the ports section of your compose file.

jeff47 commented 4 years ago

Sorry, I'm not sure I understand.

My VPN provider forwards port 42350.

I use docker-compose. So in the VPN service section, I add an 

services:
 vpn:
    environment:
      - VPNPORT: '42350;tcp'
    ports:
      - 42350:42350

I'm confused as to how the vpn container knows how to forward 42350 to the rtorrent container.

arpitgupta commented 4 years ago

I am not 100% sure on this as i far from an expert in this :). Here is the code that sets this up https://github.com/dperson/openvpn-client/blob/master/openvpn.sh#L249.

My understanding is all out bound connections from your container will always go through the vpn. VPN port forwarding is used for in bound connections when a peer might want to talk to your service it then allows in coming connections from that port. You can then use the ports or the expose sections in your compose file to map it.

For example in your case if port 42350 is only used by the service and you dont need to explicitly access it like a web ui you can just do

expose:
  - 42350

This will allow communication between the vpn client container and your rttorrent container on this port.

Nathan-Kr commented 3 years ago

Sorry but i couldn't understand how to set it up right. To be honest i don't really understand how the networking is working. Specifying -net=container:vpn what does that really do ? I tried -p and --expose on my vpn docker i didn't work but it doesn't really make any sense for me as the port is forwarded to the exit of openvpn tunel not the host IP. It's like theire is a firewall or something.

For the webui it's just work specifying -p 1234:1234 on my vpn docker.

Nathan-Kr commented 3 years ago

ok nvm i just needed to use the -p option in the script openvpn.sh not in the docker option.

for those who wondering here is how i create my docker where 1234 is the webui port of qbittorrent and 2594 the port forwarded by my vpn provider for incomming connection. docker run -d --cap-add=NET_ADMIN --device /dev/net/tun --name vpn --dns 8.8.4.4\ -v /media/safe/ovpn:/vpn -p 1234:1234 dperson/openvpn-client -r 10.10.10.0/24 -p 2594

banjaxed commented 2 years ago 
services:
 vpn:
    environment:
      - VPNPORT: '42350;tcp'
    ports:
      - 42350:42350

I'm confused as to how the vpn container knows how to forward 42350 to the rtorrent container.

For anyone finding this in 2022 and this isn't working the compose syntax should be:

services:
  vpn-client:
    environment:
      - VPNPORT=12345;tcp
      - VPNPORT_2=12346;tcp
     (...)
  torrent-client:
    network_mode: "service:vpn-client"
  (...)

this works for me to forward my AirVPN port to a torrent client docker. just add a nginx-proxy docker to access the torrent client's WebUI port from LAN.

veri-tty commented 10 months ago 
services:
 vpn:
    environment:
      - VPNPORT: '42350;tcp'
    ports:
      - 42350:42350

I'm confused as to how the vpn container knows how to forward 42350 to the rtorrent container.

For anyone finding this in 2022 and this isn't working the compose syntax should be:

services:
  vpn-client:
    environment:
      - VPNPORT=12345;tcp
      - VPNPORT_2=12346;tcp
     (...)
  torrent-client:
    network_mode: "service:vpn-client"
  (...)

this works for me to forward my AirVPN port to a torrent client docker. just add a nginx-proxy docker to access the torrent client's WebUI port from LAN.

hi, i know im pretty late to this but should i have the port i want to forward in the list of ports and as - VPNPORT_2=12346;tcp in the enviroment file?