search

flant / ovpn-admin

Simple web UI to manage OpenVPN users.
Apache License 2.0
1.39k stars 261 forks source link

Docker DNS #102

Closed GogoFC closed 2 years ago

GogoFC commented 2 years ago

I did the docker install, admin panel works fine, downloads config, connects to VPN server, but no DNS.

The network device at the end gets created, does that look about right? Do I need to set DNS somewhere? resolv conf has 8.8.8.8 

 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:16:3c:50:a6:50 brd ff:ff:ff:ff:ff:ff
    inet ***.***.***.107/24 brd ***.***.***.255 scope global eth0
       valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:9b:7a:5a:57 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
4: br-08b73f914e97: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:23:ca:39:02 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-08b73f914e97
       valid_lft forever preferred_lft forever
19: br-c0afce801385: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
    link/ether 02:42:87:db:b4:dd brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.1/16 brd 172.19.255.255 scope global br-c0afce801385
       valid_lft forever preferred_lft forever
23: vethf30acfe@if22: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-c0afce801385 state UP group default
    link/ether ca:52:84:a7:df:11 brd ff:ff:ff:ff:ff:ff link-netnsid 0
obur5 commented 2 years ago

Hi, please add to file "openvpn.conf" in folder "setup" the following at the end push "dhcp-option DNS 1.1.1.1" push "dhcp-option DNS 1.0.0.1"

and add to "client.conf.tpl" in folder "templates" folowing after remote-cert-tls server: ignore-unknown-option block-outside-dns block-outside-dns

run again start.sh to rebuild containers

athamour1 commented 2 years ago

Based on that idea I want to add pihole service in the docker-compose file. I added the service like so:

pi hole service
```yaml pihole: container_name: pihole image: pihole/pihole:latest depends_on: - "openvpn" # ports: # - "53:53/tcp" # - "53:53/udp" # - "67:67/udp" # - "8081:80/tcp" env_file: - ./pihole/.env environment: TZ: 'Europe/Athens' # Change that with your timezone WEBPASSWORD: 'askdlasjd32r2fweasfq' DNS1: 1.1.1.1 # CloudFlare ServerIP: 172.19.2.1 # https://github.com/Simonwep/openvpn-pihole/blob/master/docker-compose.yml volumes: - './pihole/etc-pihole/:/etc/pihole/' - './pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/' cap_add: - NET_ADMIN networks: npm_backend: ipv4_address: 172.19.2.1 # from npm-backend network restart: unless-stopped ```

The pihole service works ok and I can see the web panel, in the openvpn.conf I added the DNS with push "dhcp-option DNS 172.19.2.1", I updated the client.conf.tpl file as shown.

Then I recreated the containers but know in the client side the DNS queries don't pass through pihole (and I can't resolve any page) the problem I think is that the IP from the pihole container isn't “visible” through the VPN tunnel. How I can resolve that ???

athamour1 commented 2 years ago

Found it, i had to add push "route 172.19.0.0 255.255.0.0" in the openvpn.conf file and add route in the ovpn-admin panel image