1

I have few docker containers on the same machine and one of them is running OpenVPN server, so it has network interface tun0 (192.168.255.1). This virtual private network has one client 192.168.255.2 remotely.
I need to be able to communicate with that remote client from another docker containers or from the host machine, as if they would be in the same local network. I added route on the host machine:

# ip route add 192.168.255.0/24 dev docker0

Now I can ping 192.168.255.1 (VPN server) but clients are unreachable:

# ping 192.168.255.2
PING 192.168.255.2 (192.168.255.2) 56(84) bytes of data.
From 172.17.0.1 icmp_seq=1 Destination Host Unreachable
From 172.17.0.1 icmp_seq=2 Destination Host Unreachable
From 172.17.0.1 icmp_seq=3 Destination Host Unreachable

I tried TAP and TUN OpenVPN device modes, default and subnet topologies - doesn't help

Andrii Zymohliad
  • 113
  • 1
  • 5

1 Answers1

1

You should have a look at my answer here: https://serverfault.com/a/879809/67419 that's exactly what I have configured execpt that I did not use the default Docker bridge but created a dedicated one. But it would work similarly with the default bridge.

You indeed have to add the proper route (as you did), but you also need at least to allow FORWARDING on your iptables, something like sudo iptables -A FORWARD -i tun+ -j ACCEPT.

Make sure also to have client-to-client and topology subnet at least in your OpenVPN server configuration.

All the details are in my other answer.

Huygens
  • 1,708
  • 3
  • 20
  • 36