[GH-ISSUE #364] I cannot use docker host dns resolvers #336

New issue

Closed

opened 2026-03-02 08:01:27 +03:00 by kerem · 1 comment

kerem commented

2026-03-02 08:01:27 +03:00

Owner

Originally created by @Issam2204 on GitHub (Apr 8, 2023).
Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/364

Hello, this might be more of a docker question than ipsec-vpn-server question, but I don't know how to setup the vpn to use the host DNS resolver instead of specifying the DNS server(s) like "1.1.1.1".

This is my setup:

Docker host (Debian server), DNS-over-TLS pointing to --> VPS with Adguard Home (Debian server)

Now, I want to install ipsec-vpn-server on the docker host but relying on the internal host DNS configuration so that I can benefit of DNS-over-TLS and ad-blocking.

Things I've tried:

VPN_DNS_SRV1=172.17.0.1
VPN_DNS_SRV2=172.17.0.1

VPN_DNS_SRV1=127.0.0.1
VPN_DNS_SRV2=127.0.0.1

I can connect using my iPhone, but I don't have internet connectivity. It must be related to the DNS configuration.

I'd like to avoid using the actual IP address of the AdGuard Home server because then it will be plain DNS.

Hopefully someone can help!

Originally created by @Issam2204 on GitHub (Apr 8, 2023). Original GitHub issue: https://github.com/hwdsl2/docker-ipsec-vpn-server/issues/364 Hello, this might be more of a docker question than ipsec-vpn-server question, but I don't know how to setup the vpn to use the host DNS resolver instead of specifying the DNS server(s) like "1.1.1.1". This is my setup: Docker host (Debian server), DNS-over-TLS pointing to --> VPS with Adguard Home (Debian server) Now, I want to install ipsec-vpn-server on the docker host but relying on the internal host DNS configuration so that I can benefit of DNS-over-TLS and ad-blocking. Things I've tried: VPN_DNS_SRV1=172.17.0.1 VPN_DNS_SRV2=172.17.0.1 or VPN_DNS_SRV1=127.0.0.1 VPN_DNS_SRV2=127.0.0.1 I can connect using my iPhone, but I don't have internet connectivity. It must be related to the DNS configuration. I'd like to avoid using the actual IP address of the AdGuard Home server because then it will be plain DNS. Hopefully someone can help!

kerem closed this issue

2026-03-02 08:01:28 +03:00

kerem commented

2026-03-02 08:01:28 +03:00

Author

Owner

@hwdsl2 commented on GitHub (Apr 9, 2023):

@Issam2204 Hello! I am not familiar with this use case. I think that specifying DNS servers that use DNS-over-TLS may not be supported in Libreswan. The following steps have not been tested. Things you can try:

Check your Docker host's /etc/resolv.conf (or similar) to find out what DNS server(s) the Docker host uses for the DNS-over-TLS.
Specify those DNS servers as VPN_DNS_SRV1 and VPN_DNS_SRV2 in your env file, then re-create the Docker container.
You can also read about host network mode.

@hwdsl2 commented on GitHub (Apr 9, 2023): @Issam2204 Hello! I am not familiar with this use case. I think that specifying DNS servers that use DNS-over-TLS may not be supported in Libreswan. The following steps have not been tested. Things you can try: 1. Check your Docker host's `/etc/resolv.conf` (or similar) to find out what DNS server(s) the Docker host uses for the DNS-over-TLS. 2. Specify those DNS servers as `VPN_DNS_SRV1` and `VPN_DNS_SRV2` in your `env` file, then re-create the Docker container. 3. You can also read about [host network mode](https://github.com/hwdsl2/docker-ipsec-vpn-server/blob/master/docs/advanced-usage.md#about-host-network-mode).

kerem referenced this issue

2026-03-02 08:35:41 +03:00

[PR #336] [CLOSED] Implement 'additional users' for IKEv2 config #487