search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.78k stars 2.4k forks source link

how to client-to-client #726

Open Linyuxujun opened 2 years ago

Linyuxujun commented 2 years ago

hello, i can ping 192.168.255.1

image

but I can't ping another client.
image

this is my conf: image

Please tell me how to client-to-client ,thanks

brainv commented 1 year ago

@Linyuxujun check if the client 192.168.255.10 is allowed to accept icmp

thalesmaoa commented 1 year ago

I'm facing the same problem. I really appreciate any kind of help.

Here is my openvpn.conf:

server 10.254.254.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/185.18.23.109.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/185.18.23.109.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"

client-to-client
client-config-dir ccd

route 192.168.200.0 255.255.255.0
push "route 192.168.200.0 255.255.255.0"

I have the client config:

$ cat ccd/thales 
iroute 192.168.200.0 255.255.255.0

Everything seems to run fine, routes are pushed to client, however it is not been mapped to host, but it is to docker container.

$ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         0.0.0.0         0.0.0.0         U     0      0        0 venet0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0
172.18.0.0      0.0.0.0         255.255.0.0     U     0      0        0 br-d28d8278c890
185.18.23.0     0.0.0.0         255.255.255.0   U     0      0        0 venet0

$ docker exec -it openvpn-server bash
bash-5.0# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.17.0.1      0.0.0.0         UG    0      0        0 eth0
10.254.254.0    10.254.254.2    255.255.255.0   UG    0      0        0 tun0
10.254.254.2    0.0.0.0         255.255.255.255 UH    0      0        0 tun0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 eth0
192.168.200.0   10.254.254.2    255.255.255.0   UG    0      0        0 tun0

But, even with it been mapped inside docker, it can't ping my lan. I suppose it is not allowed for server to client.

$ docker exec -it openvpn-server bash
bash-5.0# ping 192.168.200.1
PING 192.168.200.1 (192.168.200.1): 56 data bytes
^C
--- 192.168.200.1 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss

But even from client to client, I'm having problem.

I'm lost.