search

wfg / docker-openvpn-client

OpenVPN client with killswitch and proxy servers; built on Alpine
MIT License
353 stars 107 forks source link

Container with network_mode set on vpn client not starting #86

Open HDebeuf opened 1 year ago

HDebeuf commented 1 year ago

I'm trying to setup a VPN client on a balena.io powered Raspberry Pi 4 from my local network to a remote network who has an OpenVPN server container set. The aim is to set an eclipse-mosquitto mqtt in my local network and let is subscribe to a remote eclipse-mosquitto mqtt instance to get securely remote Unraid server statistics and display results in my local Home Assistant dashboard.

The issue I encounter, is that my local mqtt instance doesn't start when I add the network_mode: service:openvpn. I've also tried with network_mode: container:openvpn. No logs are thrown helping me to discover the root cause. Trying with another container like nginx seems to result with the same issue. The OpenVPN client seem to correctly connect to the remote network as I am able to SSH into the container and ping my remote mqtt instance or other devices. When I remove the network_mode on the container, it starts as expected.

My compose file:

version: "2.1"

volumes:
    mqtt_config:
    vpn_config:

services:
  openvpn:
    image: ghcr.io/wfg/openvpn-client:latest
    cap_add:
      - net_admin
    restart: unless-stopped
    environment:
      - KILL_SWITCH= iptables
      - HTTP_PROXY=on
      - SOCKS_PROXY=on
      - SUBNETS=192.168.178.0/24 
      - VPN_CONFIG_FILE=configfilename.ovpn
    ports:
      - 11883:1883
      - 19001:9001
    devices:
      - "/dev/net/tun:/dev/net/tun"
    volumes:
      - vpn_config:/data/vpn
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=0

  mqtt:
    image: eclipse-mosquitto
    network_mode: container:openvpn
    volumes:
      - mqtt_config:/mosquitto/config
    restart: unless-stopped
    depends_on:
      - openvpn

Have you got any advice for this kind of setup?

Thank you.

Best regards,

ungerrj commented 1 year ago

The particular syntax I'm using for the same approach (successfully) is network_mode: "service: openvpn"

I believe using service in compose means you're referencing another container started within this compose (composition?) whereas container would refer to something started independently.

I haven't done any testing with your approach, but I am using double quotes on mine, which could play a role if it's looking for a string value on that key.

HDebeuf commented 1 year ago

@ungerrj Thank you for the tip. I gave it a try by testing service and container mode, but unfortunately the same issue occurs.