docker vpn gateway without modifying ip tables

Published

I am currently hiring a VPS to host my website and some other stuff. All neatly running in dockers (since last week). One of the things i want the VPS to do, is monitor my home automation stuff using prometheus, but i forsee more scripts running there for my home automation as well. Since i dont want to open all kind of ports i had the following solution in mind:

enter image description here

I have an openvpn server running at home, so i want a docker container that connects to this VPN and allows any other containers in its docker network full access to my home network. For now thats only a prometheus container. I managed to setup a VPN client which connects to my home, and i can ping my local devices via the docker exec command. The issue however is connecting prometheus to both the VPN as the other docker networks.
What i have tried is:

  • Setup a simple docker network (bridge mode) between the prometheus and openvpn docker, which unfortunately doesn’t give prometheus access to my local devices. Not very surprising, if i connect my laptop to a VPN the other devices on my network aren’t on the VPN either.
  • giving the openvpn container network_mode: host , this one i dont want to try again. The entire VPS was no longer accessible and i had to connect via the host (the company i hire the VPS from) backend to turn off the openvpn container.
  • giving the prometheus container network_mode: container:openvpn , this allows prometheus to connect to my local devices but the ‘limitation’ of this network mode is that the prometheus container can no longer connect to other docker networks (or have a hostname) and is thus not visible for grafana.
  • messing around with the docker networks ipam subnet and gateway, but that causes the openvpn connection to fail.

I think by now its quite clear that i am new to docker. That is why i use portainer and mess with the docker compose files in there. Also i am not very comfortable with Linux yet. So i don’t want to mess with my host (the VPS server, not the company). I read something about modifying the host IP tables but that kinda scares me.

In my ideal world there would be a docker compose setting i can use to get this up and running, but i dont think there is. Below you find my docker-compose for the openvpn, the prometheus is on another stack but it is currently just connected to the ‘vpn’ and ‘grafana_backend’ networks (which doesnt work).

services:
  openvpn:
    container_name: openvpn
    hostname: openvpn
    image: adito/openvpn-client
    restart: always
    volumes:
      - /root/openvpn/kingtechvps.ovpn:/opt/openvpn/openvpn-config.ovpn:ro
    cap_add:
      - NET_ADMIN
    command: openvpn --config /opt/openvpn/openvpn-config.ovpn
    devices:
      - /dev/net/tun
    networks:
      - vpn
    #ports:
    #  - 545:80
    #  vpn:
    #    ipv4_address: 172.10.54.2
    #dns: ${HOST_IP_ADDRESS} # We use unbound listening on the host interface, leading to dnscrypt

networks:
  vpn:
    driver: bridge
    external: true
    name: vpn
    #ipam:
    #  driver: default
    #  config:
    #    - subnet: 172.10.54.0/16
    #      gateway: 172.10.54.2

Can anyone help me get this up and running?

Source: Docker Questions

Published
Categorised as docker, docker-compose, docker-networking, openvpn, vpn Tagged , , , ,

Answers

Leave a Reply

Still Have Questions?


Our dedicated development team is here for you!

We can help you find answers to your question for as low as 5$.

Contact Us
faq