Open jackmerrill opened 2 years ago
Hi,
I'm by no means an expert on this container image, but the first thing to check would be /etc/resolv.conf on your client, after it connected to the server. There you should see which DNS server your client is actually trying to use. Please note that some distributions meddle with this file regularly (symlink it, overwrite it, etc.).
Also you seem to push public DNS servers to your clients. I'm not sure what you are trying to archive with this. Your clients SHOULD have a working public DNS BEFORE they connect to your openvpn server. There should be no need for you to push anything to the clients.
Such a configuration makes only sense if you intend to push a private DNS server (possibly behind the VPN) to the client. If this is your intention, read on...
You should check that the VPN tunnel itself is working properly. Check that you can ping a host on the other side by IP (removing DNS from the equation). Preferably see if you can ping your DNS server. Check the output of "ip route" on the client to see how the routing was set-up by openvpn.
The third thing that comes to mind is, that your DNS server might refuse to answer to a client not on his own network. You might want to check the DNS servers logs (maybe you need to increase verbosity). Check if you are using iptables MASQUERADE target on the openvpn server. Correctly used, MASQUERADE makes traffic from the client appear as coming from the openvpn server itself to other hosts. Depending on your network setup this might be necessary or it might help attackers to circumvent firewall rules.... be sure to understand what it does (read the man page, consult examples on the internet).
Hope this helps!
Hi there! Sorry ahead of time for the long post.
I'm running the
kylemanna/openvpn
docker image and I'm having issues with DNS resolution.My OpenVPN config looks like this:
My current OpenVPN profile looks like this:
To generate the OpenVPN config, I used this command, apart of the docker image:
docker run -v /root/openvpn:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -N -d -u tcp://domain.com
The docker container is running on a swarm manager (on a swarm network), but as a standalone container, and being routed to by Traefik and a dynamic file provider. (routes domain.com:443 to openvpn:443, doing this to keep 443 open for HTTPS connections)
Command used to make the Docker network (in case it's relevant):
docker network create --attachable --subnet=
10.1.0.0/24
-d overlay --gateway=
10.1.0.1
web
I'm using port 443 to bypass most firewalls (ones that block 1194/etc)
On the Docker host, I'm using Ubuntu 20.04, UFW is disabled. I haven't done anything (that works) with iptables.
I've tried nearly every solution that I've found on the internet, but nothing has helped. I can provide anything that may be needed to help.
Thank you!