search

wfg / docker-openvpn-client

OpenVPN client with killswitch and proxy servers; built on Alpine
MIT License
353 stars 108 forks source link

Host traffic #2

Closed orsa86 closed 3 years ago

orsa86 commented 4 years ago

Hi,

this is more of a "is it possible" related question, and it's not really an issue with the image. The image works great with the other containers, but I was trying to redirect the host traffic to vpn container, but without success. I have rpi on which this docker container is running. My idea was to route some other clients (laptops, smartvs...) to the rpi and then forward them to the docker vpn container so that those clients are using the vpn as well. I was trying to do this with iptables on the rpi but without success. Is it possible to achieve this?

I tried below rules, but they don't work:

iptables -t nat -A PREROUTING -d 192.168.1.100 -j DNAT --to-destination 172.17.0.2 iptables -t nat -A OUTPUT -d 192.168.1.100 -j DNAT --to-destination 172.17.0.2

Thanks!

wfg commented 4 years ago

Glad the image is working well for you.

This could be possible if you are able to configure the clients to use a SOCKS5 proxy (if they can use an HTTP proxy, it's possible today). If you're interested, I could see about adding Shadowsocks or something similar.

I'm not sure about the iptables rules. It could be possible, but I'd rather just install Shadowsocks :)

wfg commented 4 years ago

@orsa86 Shadowsocks has been implemented. Can you see if your clients can connect?

orsa86 commented 4 years ago

No. I can't make it work. I know it should be possible with the iptables, I just need to find the correct command, and I would preffer this approach. In any case, thanks for the effort.

wfg commented 4 years ago

How would you point the clients to the Pi? Where would you be configuring the iptables rules?

orsa86 commented 4 years ago

Actually, I had a similar setup in the past and it worked great. I had OpenVpn installed directly on my RPI. For the clients I wanted to use OpenVpn I changed the "default gateway" to the ip address of the rpi. Then on the rpi I added iptables rules to forward the traffic to the 10.8.0.1 which was tun0. That worked! Later on I decided to move to docker containers and that is when I installed your image. Problem now is that I don't have ip address 10.8.0.1 on my rpi nor tun0 interface, so I can't use the same iptables rules. I did try to add iptables rule to forward the traffic to the internal ip address of the docker openvpn container, but that didn't work.