Page 1 of 1

Complex route behind client, not working

Posted: Wed Sep 18, 2019 3:20 pm
by SaturnusDJ
I've routed quite some stuff from the VPN server network to clients. Worked well.

Today I am trying to make something from the client available to nodes in the server's network.

On the client is VirtualBox. In VirtualBox is a Ubuntu VM. On this Ubuntu is Docker. In Docker is a container. On the other side of the VPN is a host that also runs Docker. A container needs to reach the container on the VM of the client.

Docker container server side( subnet /16)
Ubuntu VM ( subnet /24 vbox host-only adapter and nat adapter, ip forwarding)
Mac OSX ( /24 as IP in the VPN tun network, ip forwarding)
VPN host ( in the VPN, subnet /24 LAN, ip forwarding)
Docker container client side ( subnet /16)

From the client side towards the server side, ping and traceroute work.
Opposite, no.

I have set up ccd according to and are added in ccd and server config. Client config dir enabled.

As by chance the Docker container server side actually really is on the server. So I am pinging and tracerouting from there. Nothing.
Routing on the server:

Code: Select all

route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface         UG    0      0        0 enp2s0     U     0      0        0 br-b4f958c91e44     UG    0      0        0 tun0     U     0      0        0 br-98aca2b16399     U     0      0        0 docker0   U     0      0        0 enp2s0   UG    0      0        0 tun0 UH    0      0        0 tun0   UG    0      0        0 tun0

Code: Select all

traceroute to (, 30 hops max, 60 byte packets
 1  * * *
30 entries without anything. Same for

Pinging the client from the server works, when using the VPN client side ip address.

Any clue?

Re: Complex route behind client, not working

Posted: Fri Sep 20, 2019 10:46 am
by SaturnusDJ
It turn out to probably be a VirtualBox limitation.

Host-only probably really is host only, decpite setting up routes that should make the host a forwarder.
It is currently solved with NAT port forwarding, which is still a limitation of course.