search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.62k stars 2.37k forks source link

Can't route all traffic through VPN #638

Open ruippeixotog opened 3 years ago

ruippeixotog commented 3 years ago

I want to migrate my existing OpenVPN install to use this Docker container but I'm having some trouble finding the right settings so that it can route all Internet traffic through the VPN.

I'm trying to set an OpenVPN instance with the following setup:

In order to build a config for this, I configuring the following service in my docker-compose.yml file:

  openvpn:
    image: kylemanna/openvpn
    container_name: openvpn
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    volumes:
      - $MY_HOST_CONF_DIR:/etc/openvpn
    ports:
      - 1194:1194

And I ran the following commands:

$ docker-compose run --rm openvpn ovpn_genconfig -N -d -u tcp://$MY_DNS -s 10.9.0.0/24 -p "route 192.168.1.0 255.255.255.0"

$ docker-compose run --rm openvpn ovpn_initpki
$ docker-compose run --rm openvpn easyrsa build-client-full $MY_CLIENT nopass

$ docker-compose run --rm openvpn ovpn_getclient $MY_CLIENT > $MY_CLIENT.ovpn

I'm now trying to connect to connect with Tunnelblick. If I connect with the "Route all IPv4 traffic through the VPN" option I can't reach either 192.168.9.0/24 addresses nor Internet addresses. If I connect without this option I can access 192.168.9.0/24 addresses.

I'm not an expert in networking or OpenVPN configuration, so I may be missing something obvious. What am I doing wrong?

ivanNieto13 commented 3 years ago

I'm facing the same issue, did you find any solution?

ruippeixotog commented 3 years ago

Unfortunately not, I've made no progress so far. Documentation seems to assume that all traffic is routed through the VPN by default, but I can't get it to work even with the default config. Maybe one of the maintainers can help with this?

ivanNieto13 commented 3 years ago

I tried adding this to /etc/docker/daemon.json file: { "iptables": true } and it worked.

ruippeixotog commented 3 years ago

That didn't work for me unfortunately and it's surprising that it worked for you, given that iptables should be true by default. Can you share the exact config you used (minus public IPs and other sensitive info)?

batesenergy commented 2 years ago

@ruippeixotog If you are running on this on GCP or other cloud services make sure your VM has "IP Forwarding" enabled.

ruippeixotog commented 2 years ago

@batesenergy I was trying to run it in my own server, which used to run OpenVPN outside Docker without any problems. In any case, I ended up moving to WireGuard, which is simpler and has a much better supported Docker image.