'Docker Openvpn network forward doesn't work
I would like to connect from a php docker, through a OpenVPN docker to a OpenVPN client.
I have added a Docker network (192.168.200.0/24) The php docker has the ip 192.168.200.3
The vpn docker has the ip 192.168.200.2
The configuration of the vpn docker looks like
root@ip-10-8-0-20:/home/ubuntu/docker-compose# cat vpn/openvpn-data/conf/openvpn.conf
server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/vpn.***.de.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/vpn.***.de.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
comp-lzo no
### Route Configurations Below
route 192.168.255.0 255.255.255.0
### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
push "comp-lzo no"
push "route 192.168.200.0 255.255.255.0"
the .env file of the vpn docker looks like
root@ip-10-8-0-20:/home/ubuntu/docker-compose# cat vpn/openvpn-data/conf/ovpn_env.sh
declare -x OVPN_AUTH=
declare -x OVPN_CIPHER=
declare -x OVPN_CLIENT_TO_CLIENT=
declare -x OVPN_CN=vpn.***.de
declare -x OVPN_COMP_LZO=0
declare -x OVPN_DEFROUTE=1
declare -x OVPN_DEVICE=tun
declare -x OVPN_DEVICEN=0
declare -x OVPN_DISABLE_PUSH_BLOCK_DNS=0
declare -x OVPN_DNS=1
declare -x OVPN_DNS_SERVERS=([0]="8.8.8.8" [1]="8.8.4.4")
declare -x OVPN_ENV=/etc/openvpn/ovpn_env.sh
declare -x OVPN_EXTRA_CLIENT_CONFIG=()
declare -x OVPN_EXTRA_SERVER_CONFIG=()
declare -x OVPN_FRAGMENT=
declare -x OVPN_KEEPALIVE='10 60'
declare -x OVPN_MTU=
declare -x OVPN_NAT=0
declare -x OVPN_PORT=1194
declare -x OVPN_PROTO=udp
declare -x OVPN_PUSH=([0]="route 192.168.200.0 255.255.255.0")
declare -x OVPN_ROUTES=([0]="192.168.255.0/24")
declare -x OVPN_SERVER=192.168.255.0/24
declare -x OVPN_SERVER_URL=udp://vpn.***.de
declare -x OVPN_TLS_CIPHER=
So I have created a client config and put it on the local server where the php script needs to connect to. I started the vpn docker sucessfully and the server has the vpn Ip 192.168.255.1. I started the vpn connection and it connected correctly on the local server. It gets the vpn ip 192.168.255.6.
I can ping from vpn docker to the local server and return. That works. After that I added a route on php docker:
ip route add 192.168.255.0/24 via 192.168.200.3
I can ping 192.168.255.1 from php docker sucessfully but not 192.168.255.6 (local server)
So I have checked the forwarding in vpn docker:
So I thought I have to add an iptables rule
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
But still won't work. Then I thought I have to add another ip table rule
iptables -A FORWARD -p tcp -i eth1 -o tun0 --match multiport --dports=80,443 -m conntrack --ctstate=NEW -j ACCEPT
I want to call a website through port 80 from php docker on local server but it still won't work.
I don't know what I am missing. Could you help me to find the problem?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|