search

machine-drivers / docker-machine-driver-xhyve

docker-machine/minikube/minishift driver plugin for xhyve/hyperkit (native macOS hypervisor.framework)
https://godoc.org/github.com/machine-drivers/docker-machine-driver-xhyve
BSD 3-Clause "New" or "Revised" License
888 stars 74 forks source link

Internet connection stops after turning on OpenVPN #164

Open ghost opened 7 years ago

ghost commented 7 years ago

Hi guys! I'm currently running some container that require remote connection with services such as databases or API that are only available through a VPN.

The current docker machine i'm running is the one based on the virtualbox drive and it works just fine when i connect to the VPN through the host OS (in this case OS X Sierra). I can also make the VPN work from the inside of the container running the OpenVPN as daemon and adjusting the IP routes. But when i switch to the docker machine created with xhyve the connection do not work on the container. I cannot even reach google.

I've tried both ways: a) connecting to VPN through the host OS and b) connecting to VPN from the inside of the container. Both are not working properly.

My guess is this is some issues with the network configuration devices on the docker machine itself?

Not sure how much info (dumps/outputs) would you guys need to debug it. So ping me with the ones needed to complement the report.

btw: this drive has a freaking good performance on my other projects! lot more lightweight and faster.

Strech commented 7 years ago

Try this one gist, you have to allow for bridge100 usage of vpn (utun0 or utun1 ...)

https://gist.github.com/mowings/633a16372fb30ee652336c8417091222

hayderimran7 commented 7 years ago

same here 😞

ChrisBuchholz commented 6 years ago

Any update on this? Can we possibly get this working without having to run a script after connecting to the VPN?

tetherit commented 6 years ago

Doesn't seem to help here :(

$  interfaces=( $(netstat -in | egrep 'utun\d .*\d+\.\d+\.\d+\.\d+' | cut -d ' ' -f 1) )
rulefile="rules.tmp"
echo "" > $rulefile
sudo pfctl -a com.apple/tun -F nat
for i in "${interfaces[@]}"
do
  RULE="nat on ${i} proto {tcp, udp, icmp} from 192.168.64.0/24 to any -> ${i}"
  echo $RULE >> $rulefile
done
sudo pfctl -a com.apple/tun -f $rulefile
No ALTQ support in kernel
ALTQ related functions disabled
nat cleared
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
$

I tried to also enable "Firewall" under System Preferences -> Security and re-run the script, still says No ALTQ support in kernel and still no Internet :( -

$  docker pull ubuntu:latest
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

These are my interfaces:

$  ifconfig 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
    inet 127.0.0.1 netmask 0xff000000 
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
    ether 50:e5:49:ef:45:8f 
    inet6 fe80::14ea:f077:5638:4c28%en0 prefixlen 64 secured scopeid 0x4 
    inet 192.168.88.123 netmask 0xffffff00 broadcast 192.168.88.255
    inet 10.10.1.88 netmask 0xffffff00 broadcast 10.10.1.255
    inet 192.168.200.50 netmask 0xffffff00 broadcast 192.168.200.255
    inet 192.168.0.88 netmask 0xffffff00 broadcast 192.168.0.255
    inet 192.168.109.180 netmask 0xffffff00 broadcast 192.168.109.255
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 2030
    lladdr 00:49:e5:50:7c:f8:4a:00 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect <full-duplex>
    status: inactive
tap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether f2:c9:37:4a:1a:01 
    inet 10.11.0.3 netmask 0xffff0000 broadcast 10.11.255.255
    media: autoselect
    status: active
    open (pid 126)
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::612e:5633:874a:fba0%utun0 prefixlen 64 scopeid 0x8 
    inet6 fd9c:cf81:26ab:b93a:612e:5633:874a:fba0 prefixlen 64 
    nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
    inet6 fe80::8e08:9cea:3582:a01c%utun1 prefixlen 64 scopeid 0x9 
    nd6 options=201<PERFORMNUD,DAD>
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 00:50:56:c0:00:01 
    inet 192.168.13.1 netmask 0xffffff00 broadcast 192.168.13.255
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether 00:50:56:c0:00:08 
    inet 172.16.206.1 netmask 0xffffff00 broadcast 172.16.206.255
en5: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    ether 2a:b3:7b:6a:87:dc 
    media: autoselect
    status: active
bridge100: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=3<RXCSUM,TXCSUM>
    ether 52:e5:49:fe:db:64 
    inet 192.168.64.1 netmask 0xffffff00 broadcast 192.168.64.255
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x2
    member: en5 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 13 priority 0 path cost 0
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
retraut commented 6 years ago

Same issue here