问题描述
我最近安装了隐私vpn,事实证明启用的openvpn会破坏docker。
当我尝试运行 docker-compose up
时,出现以下错误
错误:在分配给网络
的默认值中找不到可用的,不重叠的IPv4地址池pre>
禁用vpn可以解决此问题(但是我宁愿不禁用它)。有什么办法可以使这两者和平共处?我使用debian jessie,并且我的openvpn具有以下版本字符串
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL( OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6]建于2017年6月26日
很多人通过禁用openvpn来解决这个问题,所以我专门问如何使这两个同时工作。
参考文献:
如果我的vpn提供程序的任何区别是:,这里是(已编辑)配置文件:
客户端
dev tun
prod udp
远程主机端口
远程随机
静音重放警告
重放窗口256
推 dhcp-option DNS 46.227.67.134
push dhcp-option DNS 192.165.9.158
remote-cert-tls服务器
密码aes-256-cbc
pull
nobind
reneg-sec 432000
resolv-retry无限
comp-lzo
动词1
persist-key
持续执行
auth-user-pass / etc / openvpn / credentials
ca ovpn- ca.crt
tls-auth ovpn-tls.key 1
解决方案
解决方案(TL; DR;)
创建
/etc/openvpn/fix-routes.sh
包含以下内容的脚本:#!/ bin / sh
echo将默认路由添加到$ route_vpn_gateway带有/ 0掩码...
ip路由通过$ route_vpn_gateway添加默认值
echo正在删除/ 1条路由...
ip route del 0.0.0.0/ 1通过$ route_vpn_gateway
ip路由del 128.0.0.0/1通过$ route_vpn_gateway
添加可执行文件位文件:
chmod o + x /etc/openvpn/fix-routes.sh
。将此文件的所有者更改为root:chown root:root /etc/openvpn/fix-routes.sh
。
添加到配置中的以下两行:
脚本安全2
route-up /etc/openvpn/fix-routes.sh
说明
Openvpn添加以下网络的路由:
0.0.0.0/1
和128.0.0.0/ 1
(这些路由覆盖整个IP范围),而docker无法找到IP地址范围来创建自己的专用网络。
您需要添加一条默认路由(通过openvpn路由所有路由)并禁用这两个特定路由。
fix-routes
脚本可以做到这一点。
openvpn添加自己的路由后,将调用此脚本。要执行脚本,您需要将
script-security
设置为2
,以允许从openvpn上下文执行bash脚本。
谢谢
我要感谢,也要感谢。
I have recently installed privacy vpn, and it turns out that enabled openvpn breaks docker.
When I try to run
docker-compose up
i get following errorERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
Disabling vpn fixes the problem (however I'd rather not disable it). Is there any way to make these two co-exist peacefully? I use debian jessie, and my openvpn has following version string
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
A lot of people "solved" this problem by disabling the openvpn, so I'm asking specifically on how to make these two work at the same time.
References:
If this makes any difference my vpn provider is: https://www.ovpn.com/ and here is (somewhat redacted) config file:
client dev tun proto udp remote host port remote-random mute-replay-warnings replay-window 256 push "dhcp-option DNS 46.227.67.134" push "dhcp-option DNS 192.165.9.158" remote-cert-tls server cipher aes-256-cbc pull nobind reneg-sec 432000 resolv-retry infinite comp-lzo verb 1 persist-key persist-tun auth-user-pass /etc/openvpn/credentials ca ovpn-ca.crt tls-auth ovpn-tls.key 1
解决方案Solution (TL;DR;)
Create
/etc/openvpn/fix-routes.sh
script with following contents:#!/bin/sh echo "Adding default route to $route_vpn_gateway with /0 mask..." ip route add default via $route_vpn_gateway echo "Removing /1 routes..." ip route del 0.0.0.0/1 via $route_vpn_gateway ip route del 128.0.0.0/1 via $route_vpn_gateway
Add executable bit to the file:
chmod o+x /etc/openvpn/fix-routes.sh
. Change owner of this file to root:chown root:root /etc/openvpn/fix-routes.sh
.Add to your config following two lines:
script-security 2 route-up /etc/openvpn/fix-routes.sh
Explanation
Openvpn adds routes that for following networks:
0.0.0.0/1
and128.0.0.0/1
(these routes cover entire IP range), and docker can't find range of IP addresses to create it's own private network.You need to add a default route (to route everything through openvpn) and disable these two specific routes.
fix-routes
script does that.This script is called after openvpn adds its own routes. To execute scripts you'll need to set
script-security
to2
which allows execution of bash scripts from openvpn context.Thanks
I'd like to thank author of this comment on github, also thanks to ovpn support.
这篇关于如何使OpenVPN与Docker配合使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!