-
-
Notifications
You must be signed in to change notification settings - Fork 76
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connect problem #66
Comments
Hi @zackph168 Seems you have issue with firewall of openvpn container. Thanks! |
Sure, this is docker-compose.yml configure
docker logs -f openvpn:
docker logs -f openvpn-ui:
Hostserver iptables rules:
This is a fresh installation on a Centos 7 server, and it has the same issue. Even though I have enabled ipv4.forward, it still doesn't work... Thank you! |
By default clients lands to TRUST_SUB subnet, which is default in your configuration:
When container start it apply SNAT(MASQUERADE) towards default internal container interface ( IPT MASQ Chains:
# Warning: iptables-legacy tables present, use iptables-legacy to see them
MASQUERADE all -- 10.0.70.0/24 anywhere
MASQUERADE all -- 10.0.71.0/24 anywhere
IPT FWD Chains:
# Warning: iptables-legacy tables present, use iptables-legacy to see them
0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 8
0 0 DROP 1 -- * * 10.0.71.0/24 0.0.0.0/0 icmptype 0
0 0 DROP 0 -- * * 10.0.71.0/24 192.168.88.0/24 As you check The Host server FW chains looks also legit and you don't have any additional rules there or containers except UI and openvpn-server. Seems containervise we good and have to dig the session level. Please share the Client side ( Server side ( Check version of openvpn-client you use to connect to the server (there were limitations for legacy openvpn-clients and new servers)? Once client is connected do you see it in sessions list on OpenVPN-UI main page? I would recommend to change |
HI @zackph168 If your clients have access to local subnet, then SNAT/MASQUERADE works as expected. In the session log we see following client options:
Please check that:
You could change these parameters with UI or in |
I've encountered the same issue; the client can connect to the server. The OpenVPN client can ping the container's IP address, but it cannot ping the host machine's IP address. Within the container, it is possible to access the internet and ping the host machine. Have you resolved this issue? server.conf server 10.0.70.0 255.255.255.0 docker-compose.yml services: |
@zackph168 Have you resolved this issue? |
After deploying the docker containers for openvpn-server and openvpn-ui, everything works normally up to the point of creating certificates and connecting to the openvpn server. However, after connecting to the server, I cannot access the external network, only internal network communication is possible.
Here is my connection log, which looks normal. Below are the container's routing table and iptables rules.
How can I view detailed client connection reports and observe the entire connection process?
The text was updated successfully, but these errors were encountered: