jortkoopmans
commented
7 years ago For part of your question at a), I think you'd need to add a new route to be pushed to the client. Can you try to add this line to your openvpn.conf:
push "route 10.0.9.0 255.255.255.0"If that doesn't work, can you have a look at the routes at the client?
For part b), I've been hitting the same problem, I've 'hacked' together another docker container to provide a caching DNS server (bind) that would resolve the internal domain names of the containers. Then in the config I've used the options:
push "dhcp-option DNS 10.0.9.50"
push "dhcp-option DOMAIN mydomain.int"
push "dhcp-option SEARCH mydomain.int"Problem is that I haven't dynamically scripted the DNS server address in the container yet, it is hardcoded (in this example to 10.0.9.50) whereas in reality the DNS container IP keeps changing. The config only accepts an IP, no hostname. Also it has to be a real DNS server, it can't just use the containers own name resolution (which does recognise the containers available on the network). Of course for the domain setting you should provide aliases for the containers that match this (for example backendsrv1.mydomain.int).
I think this is a good feature request: Enable the container to dynamically insert a DNS server IP address in the openvpn config, from an optional environment variable where the DNS server hostname is passed to the container. For example -e PUSHDNS=dns.mydomain.int
I know this image was created with the initial purpose of routing all the clients traffic secured through the container (privacy, geolocation restrictions, etc), however I use this container very differently: Provide a secure route into my backend network (host or swarm) to access only the services that I don't want to expose to the world.
juckeltour
waltherg
Shinoby1992
ammarlakis
Hi!
I am running docker version 1.11.2 and a swarm overlay net 10.0.9.0/24 where this docker-openvpn container is running.
... Fri Jan 6 07:38:43 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016 Fri Jan 6 07:38:43 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08 ... Fri Jan 6 07:38:43 2017 UDPv4 link remote: [AF_INET]192.168.0.63:1194 Fri Jan 6 07:38:43 2017 [192.168.0.63] Peer Connection Initiated with [AF_INET]192.168.0.63:1194 ...Its :1194 is mapped to its host 192.168.0.63/enp0s3 (172.17.0.1/docker0). openvpn client is running on another host and connecting successfully to 192.168.0.63:1194 and is able to reach the openvpn container (10.0.9.3).
There are a couple of more containers connected to the overlay net, e.g., 10.0.9.12. I would like to reach these containers, too from my openvpn client, but they are not accessible.
How can I configure the openvpn-container to let the client a) access the other containers within the overlay net and b) to let the client resolve the container's hostnames?
Thanks very much in advance! juckeltour