Docker Community Forums

Share and learn in the Docker community.

How to connect to VPN from container


(Radim Daniel Pánek) #1

Hi - I need help with connect to VPN. I have OS X connected via openVpn to VPN and I want connect from container via ssh to our server, which is in VPN.
It’s possible from host, but not from container ssh: Could not resolve hostname xxx.domain: Name or service not known

How do I do that? very thanks


(Jeff Anderson) #2

The most likely candidate issue is that Docker manages your /etc/resolv.conf inside the container. Generally speaking, when you connect to a VPN, you need to change that. Does your /etc/resolv.conf get updated when your VPN connects?

I did play with this image some time ago: https://hub.docker.com/r/dperson/openvpn-client/

I do remember getting it working, but I don’t recall if I tested any internally resolvable IPs.

Cheers!


(Risa) #3

Edit with update bc I solved it: I was able to solve my own problem. It was ultimately my VPN setup on the Mac that was causing the issue.

I switched VPN from Cisco IPSec to PPTP, put in the necessary info, and in the Advanced settings, checked the Send all traffic over VPN connection checkbox. Restarted the docker machine and rebuilt my image. Boom, it worked. :smile:


Hi, I’m running docker 1.9.1 and am struggling with this very same issue of needing to connect to a VPN from my container. I’m trying to create a dev environment for a rails app, and the gems are hosted behind a company firewall. My docker host is Mac OSX 10.11 el capitan, and docker uses VirtualBox VM, all set up thru docker’s installer. If I bundle on my local machine with VPN turned on, I can grab my gems without a problem.

My Dockerfile needs to pull down the gems that can only be accessed via VPN.
Here’s the snippet (I don’t have any EXPORT commands)

WORKDIR /tmp
COPY Gemfile Gemfile
COPY Gemfile.lock Gemfile.lock

RUN bundle config --global silence_root_warning 1
RUN gem install bundler && bundle install --jobs 20 --retry 5

When I try to build my container called web, it comes up with

Successfully installed bundler-1.11.2
1 gem installed   # meaning I can fetch gems from rubygems
Fetching source index from http://gems.thru.my.vpn.com/
Retrying fetcher due to error (2/6): Bundler::HTTPError Could not fetch specs from http://gems.thru.my.vpn.com/
Retrying fetcher due to error (3/6): Bundler::HTTPError Could not fetch specs from http://gems.thru.my.vpn.com/
Retrying fetcher due to error (4/6): Bundler::HTTPError Could not fetch specs from http://gems.thru.my.vpn.com/
Retrying fetcher due to error (5/6): Bundler::HTTPError Could not fetch specs from http://gems.thru.my.vpn.com/
Retrying fetcher due to error (6/6): Bundler::HTTPError Could not fetch specs from http://gems.thru.my.vpn.com/
Could not fetch specs from http://gems.thru.my.vpn.com/

On my Mac, I’m connected to the VPN via Cisco IPSec done thru system prefs.

In my container, my /etc/resolv.conf file says (both when on VPN and not):

root@01a7bbf1e266:/tmp# cat /etc/resolv.conf
search bad
nameserver 10.0.1.1

On my Mac, I can ping my gem location without an issue. From the container I cannot.

When I do netstat -nr without being connected to the VPN I get the following on my Mac:

vboxnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	ether 0a:00:27:00:00:00
	inet 192.168.99.1 netmask 0xffffff00 broadcast 192.168.99.255

When I connect to VPN, this is what I get on my Mac:

vboxnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	ether 0a:00:27:00:00:00
	inet 192.168.99.1 netmask 0xffffff00 broadcast 192.168.99.255
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
	inet 10.3.255.97 --> 10.3.255.97 netmask 0xffffff00

I’ve tried various methods like --add-host=localhost:127.0.0.1 on docker run but maybe I am doing it wrong, since I see new containers being displayed in Kitematic. (Is that normal?)

This is the general process of what I’m doing:

docker-machine start default
docker-machine env default
eval "$(docker-machine env default)"
docker build -t web .   #from within the rails repo where the dockerfile resides
# bundle fails
docker run --add-host="localhost:127.0.0.1" --rm -it web bash
# I get console access so I try to bundle but no luck

Could I get a step-by-step process to solve this issue? I don’t think OpenVPN is the solution since I don’t need a VPN server. I need my container to connect to the VPN that my Mac is connected to. Thank you!