starred/docker-ipsec-vpn-server

Fork 0

mirror of https://github.com/hwdsl2/docker-ipsec-vpn-server.git synced 2026-04-26 10:05:48 +03:00

[GH-ISSUE #193] VPN shared with other containers and bug in run.sh #178

New issue

Closed

opened 2026-03-02 07:44:30 +03:00 by kerem · 5 comments

kerem commented

2026-03-02 07:44:30 +03:00

Owner

Originally created by @mbio16 on GitHub (May 23, 2020).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/193

Hello,

I found closed issue which described that VPN cant be shared with other containers.

Is there any progress?

And also I found bug which might not happen on all host os. However I am using CentOS Linux release 8.1.1911 (Core) .

iptables module is not supported by default in container:

modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.18.0-147.8.1.el8_1.x86_64/modules.dep.bin'

The following commands are dropped during starting ipsec:

iptables -I INPUT 1 -p udp --dport 1701 -m policy --dir in --pol none -j DROP

...

iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o eth+ -j MASQUERADE

in case to share module I used compose file and added following:

 volumes: 
      - /lib/modules/4.18.0-147.8.1.el8_1.x86_64:/lib/modules/4.18.0-147.8.1.el8_1.x86_64

Originally created by @mbio16 on GitHub (May 23, 2020). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/193 Hello, I found closed [issue](https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/70) which described that VPN cant be shared with other containers. Is there any progress? And also I found bug which might not happen on all host os. However I am using CentOS Linux release 8.1.1911 (Core) . iptables module is not supported by default in container: ```bash modprobe: ERROR: ../libkmod/libkmod.c:586 kmod_search_moddep() could not open moddep file '/lib/modules/4.18.0-147.8.1.el8_1.x86_64/modules.dep.bin' ``` The following commands are dropped during starting ipsec: ```bash iptables -I INPUT 1 -p udp --dport 1701 -m policy --dir in --pol none -j DROP ... iptables -t nat -I POSTROUTING -s "$L2TP_NET" -o eth+ -j MASQUERADE ``` in case to share module I used compose file and added following: ```yml volumes: - /lib/modules/4.18.0-147.8.1.el8_1.x86_64:/lib/modules/4.18.0-147.8.1.el8_1.x86_64 ```

kerem closed this issue

2026-03-02 07:44:31 +03:00

kerem commented

2026-03-02 07:44:32 +03:00

Author

Owner

@hwdsl2 commented on GitHub (May 23, 2020):

@mbio16 Hello! Thanks for the report. I'll take a look at the CentOS 8 issue. Can you explain your use case in more detail? If you want to "share" the VPN with other containers, then that other container may need to act as a VPN client and connect to the container that the VPN server is in.

@hwdsl2 commented on GitHub (May 23, 2020): @mbio16 Hello! Thanks for the report. I'll take a look at the CentOS 8 issue. Can you explain your use case in more detail? If you want to "share" the VPN with other containers, then that other container may need to act as a VPN client and connect to the container that the VPN server is in.

kerem commented

2026-03-02 07:44:32 +03:00

Author

Owner

@hwdsl2 commented on GitHub (May 23, 2020):

@mbio16 I tested on CentOS 8 and it seems to work fine without the errors you mentioned. Tested using Docker version 19.03.9, build 9d988398e7, both with and without using Docker compose. CentOS kernel version was 4.18.0-147.8.1.el8_1.x86_64.

Did you try the latest version of the Docker image in this repo [1]?

[1] https://github.com/hwdsl2/docker-ipsec-vpn-server#update-docker-image

@hwdsl2 commented on GitHub (May 23, 2020): @mbio16 I tested on CentOS 8 and it seems to work fine without the errors you mentioned. Tested using Docker version `19.03.9, build 9d988398e7`, both with and without using Docker compose. CentOS kernel version was `4.18.0-147.8.1.el8_1.x86_64`. Did you try the latest version of the Docker image in this repo [1]? [1] https://github.com/hwdsl2/docker-ipsec-vpn-server#update-docker-image

kerem commented

2026-03-02 07:44:32 +03:00

Author

Owner

@mbio16 commented on GitHub (May 23, 2020):

@hwdsl2 We have vpn-server which has two networks connected, one is bridge network (allows container to be able to use host interface) and the second network is overlay network in swarm cluster (network is attachable). I would like to be able to route traffic from the vpn tunnel to another container in overlay network and back. The traffic from the tunnel is routed well. However to route traffic back the host, the host is trying arp request for the ip address that is not in the same subnet even it has static route record in routing table (to vpn-server). And without any reply it does not send anything.

About the Cent os it might be the docker engine which is 19.03.8. However the errors in iptables does not affect the server (it works fine). It is able to listen on ports and accepts clients. I thought the error in FORWADING chain cots me the routing but it did not.

If you have any experience with routing in container network that could help, that would be great.

@mbio16 commented on GitHub (May 23, 2020): @hwdsl2 We have vpn-server which has two networks connected, one is bridge network (allows container to be able to use host interface) and the second network is overlay network in swarm cluster (network is attachable). I would like to be able to route traffic from the vpn tunnel to another container in overlay network and back. The traffic from the tunnel is routed well. However to route traffic back the host, the host is trying arp request for the ip address that is not in the same subnet even it has static route record in routing table (to vpn-server). And without any reply it does not send anything. About the Cent os it might be the docker engine which is 19.03.8. However the errors in iptables does not affect the server (it works fine). It is able to listen on ports and accepts clients. I thought the error in FORWADING chain cots me the routing but it did not. If you have any experience with routing in container network that could help, that would be great.

kerem commented

2026-03-02 07:44:32 +03:00

Author

Owner

@mbio16 commented on GitHub (Jun 6, 2020):

@hwdsl2 found that the situation described earlier occurs only with windows based container. With linux based container it works fine.

@mbio16 commented on GitHub (Jun 6, 2020): @hwdsl2 found that the situation described earlier occurs only with windows based container. With linux based container it works fine.

kerem commented

2026-03-02 07:44:32 +03:00

Author

Owner

@hwdsl2 commented on GitHub (Jun 6, 2020):

@mbio16 Thank you for the update. This Docker image does not currently support Docker for Windows or Mac. For your routing related question, the "proxyarp" option in /etc/ppp/options.xl2tpd, which is added by default [1] in the Docker image, should help in your use case. If not working, I suggest that you switch to Linux based container.

[1] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/run.sh#L278

@hwdsl2 commented on GitHub (Jun 6, 2020): @mbio16 Thank you for the update. This Docker image does not currently support Docker for Windows or Mac. For your routing related question, the "proxyarp" option in `/etc/ppp/options.xl2tpd`, which is added by default [1] in the Docker image, should help in your use case. If not working, I suggest that you switch to Linux based container. [1] https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/run.sh#L278

No labels

bug

pull-request

question

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/docker-ipsec-vpn-server#178

No description provided.

Rows
Columns