kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.77k stars 2.39k forks source link

If possible #197

Open tratz11 opened 7 years ago

tratz11 commented 7 years ago

Sorry if this seems a little off, i downloaded your docker image and got it working but was wondering if there is a way of doing something. Is there a way for the clients once they connect to the container to be routed between the container and the host without doing a nat masquerade or is that a limitation of docker? Basically i wanted to be able to ping the vpn subnet from the host and ping the host ip from the server subnet

--Tracy

kylemanna commented 7 years ago

This is a limitation of docker. It gets really clunky trying to merge the host and container's networking. Simplest way this might work is with docker run --network host ... and then you may need to add entries to the routing table.

tratz11 commented 7 years ago

Kyle

I was trying to avoid that. The long story is that I am trying to get a pbx to work with openvpn on a vps. The manufacturer doesn't want any extra nics installed on the box. When I asked someone how they did it, they told me that they used docker to container openvpn so that the system still has one Nic active. I figured since you had the most pulls on github, you could point me in the right direction. The issue with sip is that it really doesn't like nat and was hoping to avoid it. Once I turn on the host networking it sees the tun adapter and the pbx stops.

Thanks for the advice the container is pretty slick

Tracy On Wed, Jan 4, 2017 at 10:56 AM Kyle Manna notifications@github.com wrote:

This is a limitation of docker. It gets really clunky trying to merge the host and container's networking. Simplest way this might work is with docker run --network host ... and then you may need to add entries to the routing table.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/kylemanna/docker-openvpn/issues/197#issuecomment-270405969, or mute the thread https://github.com/notifications/unsubscribe-auth/AXwt9cs3P7E1ZHIH4r44UjTxBE1ElPUQks5rO8EKgaJpZM4Lak9r .

kylemanna commented 7 years ago

docker run --network host ... doesn't use NAT. Please refer to the Docker documentation.

tratz11 commented 7 years ago

That is true. Now one last question. If I am using the gateway asdress, what would be the IP address for the client to access the host? If I use the outside ip, it would use the real route to get there. Would I use eth0 of the container or use the docker0 ip

--Tracy On Wed, Jan 4, 2017 at 11:47 AM Kyle Manna notifications@github.com wrote:

docker run --network host ... doesn't use NAT. Please refer to the Docker documentation.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/kylemanna/docker-openvpn/issues/197#issuecomment-270420599, or mute the thread https://github.com/notifications/unsubscribe-auth/AXwt9WZVRRB6egAj7N8U7U9vh6yZRoNeks5rO800gaJpZM4Lak9r .

kylemanna commented 7 years ago

If you're talking about ovpn_genconfig then you should always use the external facing IP so that the clients get properly generated certificates.