Reaching a docker container through a dockerized openvpn from a client

Published

I’m trying to reach a docker container through a vpn tunnel. The target docker container and the openvpn docker container are both on the same remote machine.

So far I have,

  • created a docker network with a bridge driver on subnet 172.18.0.0/16 with gateway 172.18.0.1
  • attached a nginx container to this network : nginxdemos/hello
  • created a pki
  • deployed an openvpn server in a container with the subnet 10.8.0.0 255.255.255.0
  • attached the openvpn server container to the docker network 172.18.0.0/16
  • started an openvpn client

What is working :

  • I can ping my openvpn server from my openvpn client
  • I can ping nginxdemos/hello from the openvpn server container

What I can’t do :

  • reach nginxdemos/hello from my openvpn client. On a browser from the openvpn client, I expect to type the ip 10.8.0.1 and be forwarded to the nginx container.
    I suppose I missed some routing properties in openvpn.

If anyone can help me on this I would be really grateful

I tried to add this line to the server conf :
push "route 172.18.0.0 255.255.0.0"
but no success.

I looked into my openvpn container but there seems to be not iptables in it.

The docker image for openvpn :

FROM alpine:latest

RUN apk --no-cache add openvpn bash openrc
RUN rc-update add openvpn default

EXPOSE 1194/udp

CMD openvpn --config /etc/openvpn/server.conf

I run this image with

sudo docker run -it -v /home/server-private-pki:/etc/openvpn --device=/dev/net/tun --privileged docker-openvpn /bin/sh

The openvpn server conf file :

port 1194
;proto tcp
proto udp
dev tun

# private
ca    /etc/openvpn/ca.crt
cert  /etc/openvpn/{{openvpn_server_name}}.crt
dh    /etc/openvpn/dh.pem
key   /etc/openvpn/{{openvpn_server_name}}.key

# server config
server 10.8.0.0 255.255.255.0

push "route 172.18.0.0 255.255.0.0"

ifconfig-pool-persist ipp.txt
cipher AES-256-CBC
keepalive 10 60

# downgrade privileges
user nobody
group nobody

persist-key
persist-tun

# log
status openvpn-status.log
verb 3

Source: Docker Questions

Published
Categorised as docker, networking, openvpn Tagged , ,

Answers

Leave a Reply

Still Have Questions?


Our dedicated development team is here for you!

We can help you find answers to your question for as low as 5$.

Contact Us
faq