6

I am trying to run tunnel all my network traffic on my LAN via an OpenVPN client running inside a docker container.

My router and default gateway is running on 10.10.10.1

I have OpenVPN running on in a docker container with its own IP and all ports open on 10.10.10.25

OpenVPN is connecting to my VPN provider - and if run traceroute from inside the running docker container, the traffic is routing correctly via my VPN - curl also works, routing traffic correctly.

However, if I set my default gateway on any LAN devices to 10.10.10.25, I cannot route to the internet.

Routes in the OpenVPN docker container are:

0.0.0.0/1 via 10.8.8.1 dev tun0
default via 10.10.10.1 dev eth0
10.8.8.0/24 dev tun0  proto kernel  scope link  src 10.8.8.46
10.10.10.0/24 dev eth0  proto kernel  scope link  src 10.10.10.25
128.0.0.0/1 via 10.8.8.1 dev tun0
172.83.40.68 via 10.10.10.1 dev eth0

Ifconfig run in the OpenVPN container gives:

eth0      Link encap:Ethernet  HWaddr 02:42:0A:0A:0A:19
          inet addr:10.10.10.25  Bcast:10.10.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2377 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1984 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:370083 (361.4 KiB)  TX bytes:523356 (511.0 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:74 errors:0 dropped:0 overruns:0 frame:0
          TX packets:74 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5769 (5.6 KiB)  TX bytes:5769 (5.6 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.8.46  P-t-P:10.8.8.46  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:27 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1606 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:2274 (2.2 KiB)  TX bytes:241166 (235.5 KiB)

ipv4 forwarding is enables, and default firewall policies are all ACCEPT

I have also tried NATing on the docker container with the command:

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

But I am still unable to get any connection

Some notes:

  • If OpenVPN is not running, I am able to route traffic via the docker container: LAN device -> 10.10.10.25 -> 10.10.10.1 -> WAN
  • OpenVPN is correctly setting up the routes as I am able to access internet from inside the docker container correctly
  • LAN is still accessible via 10.10.10.25 with OpenVPN running
mrwooster
  • 233
  • 3
  • 7
  • I think you can try using this https://hub.docker.com/r/ekristen/openvpn-router/ – silviu3009 May 13 '19 at 08:27
  • There is a --client-to-client flag that openvpn has that allows it to act as a route for incoming packets. Have you looked into that? – LeanMan Dec 16 '20 at 18:56
  • I'm having the same issue, wondering if you found a way to do this? @mrwooster – carbonr Dec 19 '20 at 16:41
  • What do you mean with 'own IP'? Is it's interface directly connected to the Client network? Also could you (or anyone with the same problem) post the routing (ip route) and NAT (iptables -t nat -S) table of the docker host as well as the docker command or compose file you used to start the container? – Trigus Dec 22 '20 at 17:25

0 Answers0