Openvpn Issue accessing resources in internal network (192.168.1.0). Docker network is OK

aristosv · 20 July 2019 05:07

I have been trying for a while now to fix this issue and I could really use some help. My purpose here is to NOT use the --net=host option (which resolves the issue) because I consider it a workaround and not an actual solution.

My problem is that when connecting to openvpn, I can only access the containers within the same docker server, but none of my network resources. Basically anything in 172.17.0.x is accessible, but anything in 192.168.1.x is not accessible.

The problem is resolved when I install openvpn using the --net=host option, but I don’t want to do that.

When I install openvpn like this:

echo installing openvpn
docker run -d \
 --restart=always \
 --name openvpn \
 -h openvpn \
 -e PUID=1001 -e PGID=1001 \
 -e TZ=Europe/Nicosia \
 -p 943:943 \
 -p 9443:9443 \
 -p 1194:1194/udp \
 --cap-add=NET_ADMIN \
 -v openvpn:/config \
 linuxserver/openvpn-as

this is how it’s configured by default.

This configuration is NOT working. I can only access the containers within the same docker server, but none of the resources in 192.168.1.0/24

When I install openvpn like this:

echo installing openvpn
docker run -d \
 --restart=always \
 --name openvpn \
 -h openvpn \
 -e PUID=1001 -e PGID=1001 \
 -e TZ=Europe/Nicosia \
 --net=host \
 --cap-add=NET_ADMIN \
 -v openvpn:/config \
 linuxserver/openvpn-as

this is how it’s configured by default.

https://i.ibb.co/93sPRz9/2.jpg

This configuration is working. I can access all the resources in 192.168.1.0/24. But it’s using --net=host and I don’t want that.

So obviously there’s some additional information in the second option because it takes into consideration ens192 which is the actual physical ethernet of the docker host.

So to make this work without the --net=host option, I compared the two installations and added 192.168.1.0/24 under the routing section but I still can’t access anything in 192.168.1.0/24.

I don’t know what I’m doing wrong here, any help is appreciated.
Thanks

aptalca · 20 July 2019 05:12

Add your subnet to the private network section under routing

aristosv · 20 July 2019 05:45

Do you mean

Configuration > VPN Settings > Routing > Specify the private subnets to which all clients should be given access (one per line)

I added 192.168.1.0/24 there, but it didn’t fix the issue.

aptalca · 20 July 2019 06:45

Don’t know what to tell you. That’s the setting and it works fine here in bridge networking. Perhaps something to do with the rest of the config.

Did you restart the container afterwards?

aristosv · 20 July 2019 13:51

Yes, the server also.

srslol · 21 July 2019 01:24

Are you using Ubuntu by chance? Here’s how I route 3 different networks through one server using netplan. /etc/netplan/

This file describes the network interfaces available on your system

For more information, see netplan(5).

network:
version: 2
renderer: networkd
ethernets:
eth0:
dhcp4: no
addresses:
- 10.11.12.244/24
nameservers:
addresses: [10.11.12.10,10.11.12.11]
routes:
- to: 10.11.12.0/24
via: 10.11.12.1
- to: 172.16.1.0/24
via: 172.16.1.1
- to: 10.13.1.0/24
via: 10.13.1.1
eth1:
dhcp4: no
addresses: [52.38.22.49/28]
gateway4: 52.38.22.41
nameservers:
addresses: [8.8.8.8,75.75.75.75]

aristosv · 21 July 2019 03:49

I’m using debian buster, but I guess it would work the same.
So there’s work to be done on the docker host for openvpn to work?