Hi everyone!
We are installing all the VPN clients in docker (forticlient, openvpn, globalprotect, anyconnect …) so that all users of the office can use them at the same time.

But we have two problems that I do not know how to solve …

1. I get access to the vpn network from the host that contains the containers but not from any other computer on the LAN. Do I have to configure this host to route traffic to the VPN?
2. I get to ping the vpn network of any client, but it is not able to resolve by DNS …

Our network would be something like this:

LAN
192.168.1.0/24

Docker Host
192.168.1.10

Docker containers
172.17.0.0/16

Thanks for the help!

Are you passing through the vpn ports? And what type of network setup are you using in your docker containers?

Hi Daniel!
I’m sorry, my Docker level is a beginner and probably is not doing something right … I do not want to map any port to the containers, I want to access the VPN network through the different containers. I have created the default network (docker0).

Does each VPN need to be seperated and isolated from each other?

Here’s some docs that will help make it easier https://docs.docker.com/v17.09/engine/userguide/networking/.

Not necessarily, our idea is that we can route traffic to the corresponding vpn container:
domainA -> docker1
domainB-> docker2 and so on.
The problem is that I can not understand how to get from the internal Lan to those VPN networks … Thanks for the help

You will need to setup a bridge network.
https://docs.docker.com/v17.09/engine/userguide/networking/#bridge-networks

And configure the DNS to route your network, you may have to configure multiple subnets so that they are the only ones talking to the appropriate containers or install a IP filter/whitelist.

When multiple containers are launched simultaneously, the startup time for containers increases with the number of containers being launched. For example, if I try to launch 70 containers, it takes ~20 seconds for all containers to be running. After some performance mazziosmenu debugging using pprof and perf, it was observed that docker spends majority its time connecting each container to the network (possibly spinning on iptable lock). If I disable the network (–network=none), the startup time for 70 containers krogerfeedback is ~8 seconds.

Thanks for everyone’s help!
I don’t know if it is the best way but it has worked for us creating a new network macvlan type and assigning the same subnet as our network.
After routing the traffic from the vpn network to the corresponding docker, we have managed to reach the destination.
Do you think that is the best way to do it?

This particular papers fabulous, and My spouse and i enjoy each of the perform that you have placed into this. I’m sure that you will be making a really useful place. I has been additionally pleased. Good perform! Savers Survey