本文介绍了如何使OpenVPN与Docker配合使用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我最近安装了隐私vpn,事实证明启用的openvpn会破坏docker。



当我尝试运行 docker-compose up 时,出现以下错误

 错误:在分配给网络
的默认值中找不到可用的,不重叠的IPv4地址池pre>

禁用vpn可以解决此问题(但是我宁愿不禁用它)。有什么办法可以使这两者和平共处?我使用debian jessie,并且我的openvpn具有以下版本字符串

  OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL( OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6]建于2017年6月26日

很多人通过禁用openvpn来解决这个问题,所以我专门问如何使这两个同时工作。



参考文献:




如果我的vpn提供程序的任何区别是:,这里是(已编辑)配置文件:

 客户端
dev tun

prod udp

远程主机端口
远程随机

静音重放警告
重放窗口256

推 dhcp-option DNS 46.227.67.134
push dhcp-option DNS 192.165.9.158

remote-cert-tls服务器
密码aes-256-cbc
pull

nobind
reneg-sec 432000
resolv-retry无限

comp-lzo
动词1

persist-key
持续执行
auth-user-pass / etc / openvpn / credentials
ca ovpn- ca.crt
tls-auth ovpn-tls.key 1


解决方案

解决方案(TL; DR;)



创建 /etc/openvpn/fix-routes.sh 包含以下内容的脚本:

 #!/ bin / sh 

echo将默认路由添加到$ route_vpn_gateway带有/ 0掩码...
ip路由通过$ route_vpn_gateway添加默认值

echo正在删除/ 1条路由...
ip route del 0.0.0.0/ 1通过$ route_vpn_gateway
ip路由del 128.0.0.0/1通过$ route_vpn_gateway

添加可执行文件位文件: chmod o + x /etc/openvpn/fix-routes.sh 。将此文件的所有者更改为root: chown root:root /etc/openvpn/fix-routes.sh



添加到配置中的以下两行:

 脚本安全2 
route-up /etc/openvpn/fix-routes.sh



说明



Openvpn添加以下网络的路由: 0.0.0.0/1 128.0.0.0/ 1 (这些路由覆盖整个IP范围),而docker无法找到IP地址范围来创建自己的专用网络。



您需要添加一条默认路由(通过openvpn路由所有路由)并禁用这两个特定路由。 fix-routes 脚本可以做到这一点。



openvpn添加自己的路由后,将调用此脚本。要执行脚本,您需要将 script-security 设置为 2 ,以允许从openvpn上下文执行bash脚本。



谢谢



我要感谢,也要感谢。


I have recently installed privacy vpn, and it turns out that enabled openvpn breaks docker.

When I try to run docker-compose up i get following error

ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

Disabling vpn fixes the problem (however I'd rather not disable it). Is there any way to make these two co-exist peacefully? I use debian jessie, and my openvpn has following version string

 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017

A lot of people "solved" this problem by disabling the openvpn, so I'm asking specifically on how to make these two work at the same time.

References:

  1. https://stackoverflow.com/a/45377351/7918
  2. https://stackoverflow.com/a/42499393/7918

If this makes any difference my vpn provider is: https://www.ovpn.com/ and here is (somewhat redacted) config file:

client
dev tun

proto udp

remote host port
remote-random

mute-replay-warnings
replay-window 256

push "dhcp-option DNS 46.227.67.134"
push "dhcp-option DNS 192.165.9.158"

remote-cert-tls server
cipher aes-256-cbc
pull

nobind
reneg-sec 432000
resolv-retry infinite

comp-lzo
verb 1

persist-key
persist-tun
auth-user-pass /etc/openvpn/credentials
ca ovpn-ca.crt
tls-auth ovpn-tls.key 1
解决方案

Solution (TL;DR;)

Create /etc/openvpn/fix-routes.sh script with following contents:

#!/bin/sh

echo "Adding default route to $route_vpn_gateway with /0 mask..."
ip route add default via $route_vpn_gateway

echo "Removing /1 routes..."
ip route del 0.0.0.0/1 via $route_vpn_gateway
ip route del 128.0.0.0/1 via $route_vpn_gateway

Add executable bit to the file: chmod o+x /etc/openvpn/fix-routes.sh. Change owner of this file to root: chown root:root /etc/openvpn/fix-routes.sh.

Add to your config following two lines:

 script-security 2
 route-up  /etc/openvpn/fix-routes.sh

Explanation

Openvpn adds routes that for following networks: 0.0.0.0/1 and 128.0.0.0/1 (these routes cover entire IP range), and docker can't find range of IP addresses to create it's own private network.

You need to add a default route (to route everything through openvpn) and disable these two specific routes. fix-routes script does that.

This script is called after openvpn adds its own routes. To execute scripts you'll need to set script-security to 2 which allows execution of bash scripts from openvpn context.

Thanks

I'd like to thank author of this comment on github, also thanks to ovpn support.

这篇关于如何使OpenVPN与Docker配合使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

07-15 22:32