search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.62k stars 2.37k forks source link

Routing (?) only working with --net=host? #674

Open derandiunddasbo opened 2 years ago

derandiunddasbo commented 2 years ago

I went down a deep rabbit hole the last two days to get name resolution working over openvpn and after all it turned out as a problem with pihole rather than openvpn. But now I'm stuck at the last piece of the puzzle.

For some reason, the vpn tunnel is only working, if I'm running the container with host networking.

When using bridged networking as shown in the setup guide, vpn clients can connect to the server, but they can't reach any local or external hosts, neither by name, nor by ip.

I suspect, I have to do some additional routing inside the container or on the docker host, but TBH I had to fiddle around with too much networking the last two days and may not be able to see the wood for the trees anymore.

What I'm forgetting here?

This is my current config:

ovpn_env.sh:

declare -x OVPN_AUTH=
declare -x OVPN_CIPHER=
declare -x OVPN_CLIENT_TO_CLIENT=
declare -x OVPN_CN=my.example.org
declare -x OVPN_COMP_LZO=0
declare -x OVPN_DEFROUTE=1
declare -x OVPN_DEVICE=tun
declare -x OVPN_DEVICEN=0
declare -x OVPN_DISABLE_PUSH_BLOCK_DNS=0
declare -x OVPN_DNS=1
declare -x OVPN_DNSMASQ=0
declare -x OVPN_DNS_SERVERS=([0]="192.168.4.248")
declare -x OVPN_ENV=/etc/openvpn/ovpn_env.sh
declare -x OVPN_EXTRA_CLIENT_CONFIG=()
declare -x OVPN_EXTRA_SERVER_CONFIG=()
declare -x OVPN_FRAGMENT=
declare -x OVPN_KEEPALIVE='10 60'
declare -x OVPN_MTU=
declare -x OVPN_NAT=1
declare -x OVPN_PORT=1194
declare -x OVPN_PROTO=udp
declare -x OVPN_PUSH=()
declare -x OVPN_ROUTES=([0]="192.168.254.0/24")
declare -x OVPN_SERVER=192.168.255.0/24
declare -x OVPN_SERVER_URL=udp://my.example.org
declare -x OVPN_TLS_CIPHER=

openvpn.conf:

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/my.example.org.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/my.example.org.crt
dh /etc/openvpn/pki/dh.pem
tls-crypt /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
route 192.168.254.0 255.255.255.0

### Push Configurations Below
setenv opt "block-outside-dns"
push "dhcp-option DNS 192.168.4.248"
push "comp-lzo no"
sxyandapp commented 2 years ago

我在k8s中进行了尝试,没有成功

djmaze commented 1 year ago

Had a similar problem. Check your MTU settings: https://mlohr.com/docker-mtu/