Alternate server address range breaks routing

[gcleaves]

Hello. I have set up the container following the Readme. If I start the container like this:

docker run --name openvpn -v ovpn-data:/etc/openvpn --rm -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn ovpn_run --server 192.168.222.0 255.255.255.0

the VPN clients can't reach any hosts on the LAN. It's the --server 192.168.222.0 255.255.255.0 which breaks things, because if I start the container like this:

docker run --name openvpn -v ovpn-data:/etc/openvpn --rm -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

everything works well correctly.

Can anybody tell me why the alternate server address is causing a problem?

[marvin-w]

Hi,

you kinda mixed up the commands quite considerably.

First, setting the server ip and subnet should be done by using the genconfig script.

Try:

docker run -v ovpn-data:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp://VPN.SERVERNAME.COM -s 192.168.222.0/24

followed by

docker run -v ovpn-data:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

See also: https://github.com/kylemanna/docker-openvpn/issues/394#issuecomment-393281593

[jswetzen]

I’m sorry to resurrect an old issue, but at least it’s open. I might have the same problem, because I have a host IP range of 10.0.0.1/24. Do I then have to run he config with the -s option? Because I can access the internet from within the container, and I can ping the container IP VPN, but nothing else works.

[marvin-w]

@jswetzen: Yes, you need to use the -s option.

I can't further assist you without having more details sorry.

[jswetzen]

Can't further assist? You answered quickly and helped already 👍 For anyone else with a different IP range, using -s 10.0.0.0/24 did not work, presumably because it conflicted with the internal network. -s 10.0.1.0/25 worked, I'm thinking because it could then access the 10.0.0.0/24 subnet without conflicting.