Docker – Access VPN of docker container from outside (host machine or other containers)

dockeropenvpnroutingvpn

I have few docker containers on the same machine and one of them is running OpenVPN server, so it has network interface tun0 (192.168.255.1). This virtual private network has one client 192.168.255.2 remotely.
I need to be able to communicate with that remote client from another docker containers or from the host machine, as if they would be in the same local network.
I added route on the host machine:

# ip route add 192.168.255.0/24 dev docker0

Now I can ping 192.168.255.1 (VPN server) but clients are unreachable:

# ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
From 172.17.0.1 icmp_seq=1 Destination Host Unreachable
From 172.17.0.1 icmp_seq=2 Destination Host Unreachable
From 172.17.0.1 icmp_seq=3 Destination Host Unreachable

I tried TAP and TUN OpenVPN device modes, default and subnet topologies – doesn't help

Best Answer

You should have a look at my answer here: https://serverfault.com/a/879809/67419 that's exactly what I have configured execpt that I did not use the default Docker bridge but created a dedicated one. But it would work similarly with the default bridge.

You indeed have to add the proper route (as you did), but you also need at least to allow FORWARDING on your iptables, something like sudo iptables -A FORWARD -i tun+ -j ACCEPT.

Make sure also to have client-to-client and topology subnet at least in your OpenVPN server configuration.

All the details are in my other answer.

Related Solutions

docker – Fixing DNS Resolution Issues on Ubuntu 14.04 Desktop Host

Woo, I found a post on github that solved my problem.

After Steve K. pointed out that it wasn't actually a DNS issue and was a connectivity issue, I was able to find a post on github that described how to fix this problem.

Apparently the docker0 network bridge was hung up. Installing bridge-utils and running the following got my Docker in working order:

apt-get install bridge-utils
pkill docker
iptables -t nat -F
ifconfig docker0 down
brctl delbr docker0
service docker restart

Debian – No IPv6 connectivity from docker container

So after waiting two weeks for an answer and researching another few hours after opening up a bounty i found the solution.

Set up a new IPv6 enabled network and assign a subnet available to me (a /80 of my /64)
```
docker network create --ipv6 --subnet=w:x:y:z:aaaa::/80 myfancynetwork
```
Now start a container and connect it to the new network. Find out it's IP address. Let's say it's w:x:y:z:aaaa::5 in this example.
Enable proxy_ndp
```
sysctl net.ipv6.conf.eth0.proxy_ndp=1
```
You may also configure this setting via /etc/sysctl.conf, to make it persistent.
Add proxy to make my host (IPv6 enable) to respond to Neighbour Sollicitation messages from my router (like: "hey, who's hosting w:x:y:z:aaaa::5?") with Neighbour Advertisement messages ("that would be me!").
```
ip -6 neigh add proxy w:x:y:z:aaaa::5 dev eth0
```
ndppd may help you to automatically advertize any hosts on your network.

Bam, that's it.

Best Answer

Related Solutions

docker – Fixing DNS Resolution Issues on Ubuntu 14.04 Desktop Host

Debian – No IPv6 connectivity from docker container

Related Topic