search

dperson / openvpn-client

GNU Affero General Public License v3.0
1.06k stars 588 forks source link

Unable to Forward Ports from DC++ Container -> OpenVPN-Client Container -> OpenVPN Server #61

Closed whispy closed 7 years ago

whispy commented 7 years ago

I'm trying to route a docker container for AirDC++ (p2p application https://hub.docker.com/r/gangefors/airdcpp-webclient/) through the openvpn-client image to an openvpn server I have running on a VPS.

I can get the AirDC++ web UI to connect through the VPN to a hub (basically, a DC++ server) and other users can access my files. However, I cannot access other users' files. Looking around, this issue is usually (in non-Docker, non-VPN cases) caused by the required ports for the P2P connection not being forwarded (more general info: http://dcplusplus.sourceforge.net/webhelp/settings_connectivity_manual.html). The specific ports I'm trying to open/forward are 14237/tcp, 21248/udp, and 21933/tcp.

The logs in the openvpn-client container show that it is connecting to the openvpn server properly, and the VPN is being initialized.

For testing purposes, I changed the AirDC++ container from using your openvpn-client container's network, and ran it using the default docker network through my LAN. The AirDC++ container connected fine and I was able to properly access other users' files. Upon changing it back to using the openvpn-client container's network, I became unable to access other users' files. As such, I believe that the openvpn-client container is somehow not forwarding the required ports through to the VPN server.

My run command for the AirDC++ container looks like (removed volume links): 

docker run -it --name docker-airdcpp-2 --net=container:docker-ovpn-client-2 -d gangefors/airdcpp-webclient

Then, the run command for the openvpn-client container looks like:

docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name docker-ovpn-client-2 -v /volume2/docker/openvpn-client:/vpn -d dperson/openvpn-client -d -p '14237' -p '21248' -p '21933'

I've read through the instructions in the README, and believed that the -p '<port>' option would do what I needed, but that doesn't appear to be the case.

Please let me know if you have any idea how I can get this working. Thanks for making such a great Docker image, and thanks for taking the time to read this.

whispy commented 7 years ago

I figured it out. I had to fiddle with the iptables on the server. I had to add the following to my PREROUTING table:

iptables -t nat -A PREROUTING -i eth0 -p tcp --dport {port I want routed} -j DNAT --to-destination {openvpn-client's tun ip}
dperson commented 7 years ago

Glad you were able to get things working.