1

I've used docker to deploy Guacamole and I've installed OpenVPN as a client on my server Ubuntu 18.04. I'm trying to get the docker network guacnetwork_compose to have a connection to my VPN network adapter tun0 because I want to access to other clients via VNC or RDP using the Guacamole service.

My subnets:

  • OpenVPN: 10.20.0.0/16 -> tun0
  • Host: 172.16.1.0/24 -> ens3
  • Docker: 172.17.0.0/16 -> docker0
  • Guacamole container: 172.23.0.0/16

My docker-compose.yml file:

version: '2.0'

networks:
  guacnetwork_compose:
    driver: bridge

services:
  # guacd
  guacd:
    container_name: guacd_compose
    image: guacamole/guacd
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./drive:/drive:rw
    - ./record:/record:rw
  # postgres
  postgres:
    container_name: postgres_guacamole_compose
    environment:
      PGDATA: /var/lib/postgresql/data/guacamole
      POSTGRES_DB: guacamole_db
      POSTGRES_PASSWORD: 'xxxxx'
      POSTGRES_USER: guacamole_user
    image: postgres:15.2-alpine
    networks:
      guacnetwork_compose:
    restart: always
    volumes:
    - ./init:/docker-entrypoint-initdb.d:z
    - ./data:/var/lib/postgresql/data:Z

  # guacamole
  guacamole:
    container_name: guacamole_compose
    depends_on:
    - guacd
    - postgres
    environment:
      GUACD_HOSTNAME: guacd
      POSTGRES_DATABASE: guacamole_db
      POSTGRES_HOSTNAME: postgres
      POSTGRES_PASSWORD: 'xxxxx'
      POSTGRES_USER: guacamole_user
    image: guacamole/guacamole
    links:
    - guacd
    networks:
      guacnetwork_compose:
    ports:
    - 8080/tcp
    restart: always

  # nginx
  nginx:
   container_name: nginx_guacamole_compose
   restart: always
   image: nginx
   volumes:
   - ./nginx/templates:/etc/nginx/templates:ro
   - ./nginx/ssl/self.cert:/etc/nginx/ssl/self.cert:ro
   - ./nginx/ssl/self-ssl.key:/etc/nginx/ssl/self-ssl.key:ro
   ports:
   - 8443:443
   links:
   - guacamole
   networks:
     guacnetwork_compose:

I've tried to create rules with iptables:

iptables -t nat -A POSTROUTING -s 172.23.0.0/16 -d 10.20.0.0/16 -j MASQUERADE
iptables -A FORWARD -s 172.23.0.0/16 -d 10.20.0.0/16 -j ACCEPT
iptables -A FORWARD -d 172.23.0.0/16 -s 10.20.0.0/16 -j ACCEPT

but I still can't connect via VNC or RDP to my clients. All my clients have OpenVpn configured. I can connect to my clients by VNC Viewer and Remote Desktop but I want to unify everything in Guacamole

Angelo Uceda Malca
  • 15
  • 2

0 Answers0