search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.62k stars 2.37k forks source link

Traffic not beeing redirected #733

Open thalesmaoa opened 1 year ago

thalesmaoa commented 1 year ago

Hi there, I need some help in order to understand an odd behavior in my docker container. I can connect, but I have no internet connection.

At server side, I have internet connection:

thales@vps:~$ docker start openvpn-server 
openvpn-server
thales@vps:~$ docker exec -it openvpn-server bash
bash-5.0# ping -c 3 google.com
PING google.com (64.233.177.100): 56 data bytes
64 bytes from 64.233.177.100: seq=0 ttl=106 time=6.895 ms
64 bytes from 64.233.177.100: seq=1 ttl=106 time=6.918 ms
64 bytes from 64.233.177.100: seq=2 ttl=106 time=6.959 ms

--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 6.895/6.924/6.959 ms

At client side, after connected, I have no internet.

thales@Air-de-Thales ~ % ping -c 3 google.com
PING google.com (142.251.133.174): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- google.com ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

To solve it, I've created a iptables NAT inside the container:

thales@vps:~$ docker exec -it openvpn-server bash
bash-5.0# iptables -t nat -A POSTROUTING -s 10.254.254.0/24 -o eth0 -j MASQUERADE

After that, at client side:

thales@Air-de-Thales ~ % ping -c 3 google.com
PING google.com (142.251.133.174): 56 data bytes
64 bytes from 142.251.133.174: icmp_seq=0 ttl=113 time=260.459 ms
64 bytes from 142.251.133.174: icmp_seq=1 ttl=113 time=252.645 ms
64 bytes from 142.251.133.174: icmp_seq=2 ttl=113 time=363.672 ms

--- google.com ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 252.645/292.259/363.672/50.598 ms
mattiabasone commented 1 year ago

I've a similar problem runnung iptables -L seems no rules has been applied after container startup, but if i try to add the iptables rule like you did seems it doesn't work for me.

image

thalesmaoa commented 1 year ago

Replace -C by -A. Append the rule.

mattiabasone commented 1 year ago

Thanks @thalesmaoa, but I've just tried with append but it's not working, anyway the rule seems to be applied just checked with iptables -t nat -L

thalesmaoa commented 1 year ago

Can you post the full command history?