docker containers available within VPN network and dns resolution [dns][vps][docker]

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
k1r0s
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 18, 2021 6:25 pm

docker containers available within VPN network and dns resolution [dns][vps][docker]

Post by k1r0s » Sat Sep 18, 2021 7:36 pm

Hello ppl

Im a fullstack developer with some experience in linux env.. willing to learn anything new!

Im going to explain what I need so you have some ctxt.

I have a vps with docker installed. I want to deploy some apps but I want these apps only to be accessed within a VPN. This vpn might be accessed by several clients, some of them sbc devices, and some people's PCs.

I want these PCs to resolve some hosts (dumbservice -> 10.0.x.x) but I do not want all traffic to be redirected through the VPN (just when the domain is resolved by the vpn provided DNS) is that even possible?

Then, these sbc devices will be available on port 22, I want to be able to ssh into them

I've been following this sample https://github.com/fscm/docker-openvpn/

After connecting to the vpn server Im unable to resolve hosts outside the vpn..

Thanks in advance
Last edited by k1r0s on Sat Sep 18, 2021 9:38 pm, edited 1 time in total.

k1r0s
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 18, 2021 6:25 pm

Re: docker containers available within VPN network and dns resolution (yet another noob needs help)

Post by k1r0s » Sat Sep 18, 2021 9:37 pm

I've finally succeeded to have a working vpn

kylemanna/openvpn image gives me internet access

CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1a9aeaeef256 httpd:2.4 "httpd-foreground" 4 seconds ago Up 3 seconds 80/tcp my-apache-app
db1723970b24 kylemanna/openvpn "ovpn_run" 4 minutes ago Up 4 minutes 0.0.0.0:1194->1194/udp, :::1194->1194/udp ovpn

I've created a docker network

both containers showed above are on the same network and both can see each other:

root@localhost:~# docker exec -it ovpn sh
/ # ping my-apache-app
PING my-apache-app (172.18.0.3): 56 data bytes
64 bytes from 172.18.0.3: seq=0 ttl=64 time=0.181 ms
64 bytes from 172.18.0.3: seq=1 ttl=64 time=0.152 ms
64 bytes from 172.18.0.3: seq=2 ttl=64 time=0.118 ms

How I can allow vpn clients connected to ovpn see the httpd container?

k1r0s
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 18, 2021 6:25 pm

Re: docker containers available within VPN network and dns resolution [dns][vps][docker]

Post by k1r0s » Sat Sep 18, 2021 10:25 pm

reading through https://dev.to/setevoy/openvpn-dns-and- ... ation-225f

I guess I can drop openvpn server outside of docker env, run it native in the VPS and make the network resolution. But I guess it should be a way to let docker do its job..

k1r0s
OpenVpn Newbie
Posts: 4
Joined: Sat Sep 18, 2021 6:25 pm

Re: docker containers available within VPN network and dns resolution [dns][vps][docker]

Post by k1r0s » Sun Sep 19, 2021 12:13 pm

Hello again,

Im going to approach by other means

- I'm going to natively install openvpn on the VPS
- create a docker container with vpn client and connect it to the vps server
- once connected change the IP
- additional application containers will use the same network space that of the previous container (connected to the vpn)
- third party clients will need to have a /etc/hosts file pointing to that IP we changed the container above

However there are drawbacks since other applications have to explicitly change its network configuration.

I would like to think some seamlessly solution is possible https://openvpn.net/community-resources ... -bridging/

I wonder if an openvpn server can indeed provide ip addresses within the same range so clients are able to see services already present in that space ie: docker applications.

:')

Post Reply