Sort of shooting in the dark here as I have exhausted my abilities.
I am running the latest on my raspberry PI, and I am working on building a project. It uses hostapd to make a wireless network, a web interface I made and openvpn to make a sort of travel VPN enabled hotspot. Pretty neat and works well mostly. I recently decided to convert all the tools to docker and I have everything working except the VPN part.
Just to point out, if I install openvpn on the host (apt-get install openvpn)
and run:
openvpn --config /path/to/config.ovpn --daemon
everything works fine as intended.
However I am trying to have the same effect using your container (Which is awesome BTW I use it elsewhere too)
The vpn container launches, connects and works, however everything connecting to it on the host has trouble. For instance, if I SSH into the RPI4, and do a simple:
ping 8.8.8.8
or
ping google.com
It fails with an "operation not permitted". So I am pretty sure this is an iptables/routing issue. However the routes seem OK and seem to get implemented via the --network host, but I dont think any IPTables commands are running on the host, only inside the container.
I found running something like:
iptables -A INPUT -i eth0 -m state --state NEW -p udp --dport 1194 -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i tun+ -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i wlan0 -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -i tun0 -j ACCEPT
iptables -I FORWARD -o tun0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.35.0.0/24 -o eth0 -j MASQUERADE
Seems to make things better. When connected to the wifi provided by hostapd, things seem to work, but the local DNS on the PI can't connect or talk which is odd.
I know this is a strange issue with a lot of moving pieces, but I was just curious if anything stood out to anyone.
Sort of shooting in the dark here as I have exhausted my abilities.
I am running the latest on my raspberry PI, and I am working on building a project. It uses hostapd to make a wireless network, a web interface I made and openvpn to make a sort of travel VPN enabled hotspot. Pretty neat and works well mostly. I recently decided to convert all the tools to docker and I have everything working except the VPN part.
Just to point out, if I install openvpn on the host (apt-get install openvpn) and run:
openvpn --config /path/to/config.ovpn --daemoneverything works fine as intended.However I am trying to have the same effect using your container (Which is awesome BTW I use it elsewhere too)
The vpn container launches, connects and works, however everything connecting to it on the host has trouble. For instance, if I SSH into the RPI4, and do a simple:
It fails with an "operation not permitted". So I am pretty sure this is an iptables/routing issue. However the routes seem OK and seem to get implemented via the --network host, but I dont think any IPTables commands are running on the host, only inside the container.
I found running something like:
Seems to make things better. When connected to the wifi provided by hostapd, things seem to work, but the local DNS on the PI can't connect or talk which is odd.
I know this is a strange issue with a lot of moving pieces, but I was just curious if anything stood out to anyone.