debian - How make openvpn work with docker -


i have installed privacy vpn, , turns out enabled openvpn breaks docker.

when try run docker-compose up following error 

error: not find available, non-overlapping ipv4 address pool among defaults assign network

disabling vpn fixes problem (however i'd rather not disable it). there way make these 2 co-exist peacefully? use debian jessie, , openvpn has following version string

 openvpn 2.3.4 x86_64-pc-linux-gnu [ssl (openssl)] [lzo] [epoll] [pkcs11] [mh] [ipv6] built on jun 26 2017

a lot of people "solved" problem disabling openvpn, i'm asking on how make these 2 work @ same time.

references:

  1. https://stackoverflow.com/a/45377351/7918
  2. https://stackoverflow.com/a/42499393/7918

if makes difference vpn provider is: https://www.ovpn.com/ , here (somewhat redacted) config file: 

client dev tun  proto udp  remote host port remote-random  mute-replay-warnings replay-window 256  push "dhcp-option dns 46.227.67.134"     push "dhcp-option dns 192.165.9.158"  remote-cert-tls server cipher aes-256-cbc pull  nobind reneg-sec 432000 resolv-retry infinite  comp-lzo verb 1  persist-key persist-tun auth-user-pass /etc/openvpn/credentials ca ovpn-ca.crt tls-auth ovpn-tls.key 1

solution (tl;dr;)

create /etc/openvpn/fix-routes.sh script following contents: 

#!/bin/sh  echo "adding default route $route_vpn_gateway /0 mask..." ip route add default via $route_vpn_gateway  echo "removing /1 routes..." ip route del 0.0.0.0/1 via $route_vpn_gateway ip route del 128.0.0.0/1 via $route_vpn_gateway

add executable bit file: chmod o+x /etc/openvpn/fix-routes.sh. change owner of file root: chown root:root /etc/openvpn/fix-routes.sh.

add config following 2 lines: 

 script-security 2  route-up  /etc/openvpn/fix-routes.sh

explanation

openvpn adds routes following networks: 0.0.0.0/1 , 128.0.0.0/1 (these routes cover entire ip range), , docker can't find range of ip addresses create it's own private network.

you need add default route (to route through openvpn) , disable these 2 specific routes. fix-routes script that.

this script called after openvpn adds own routes. execute scripts you'll need set script-security 2 allows execution of bash scripts openvpn context.

thanks

i'd thank author of comment on github, ovpn support.


Comments

Post a Comment

Popular posts from this blog

PHP and MySQL WP -

i trying accomplish 2 things here code. writing php directly wp page using insert php plugin. 1) query mysql database , return results 1 column 4 columns. 2) make each result own hyperlink directs user new wp page runs new query on page. i able query show results , turn results dynamic hyperlink, cannot formatting down. right returns result 1 column. here have: [insert_php] $servername = "localhost"; $username = "login"; //edited privacy $password = "password"; //edited privacy $database = "database"; //edited privacy // create connection $conn = new mysqli($servername, $username, $password, $database); // check connection if ($conn->connect_error) { die("connection failed: " . $conn->connect_error); } echo "connected successfully"; //get results database $result = mysqli_query($conn,"select mine mines order mine"); $all_property = array(); //declare array saving property //showing proper...
Read more

android - InAppBilling registering BroadcastReceiver in AndroidManifest -

i'm implementing inapp billing in android app. works well, however, i'm trying decouple broadcast receiver activity manifest. suggestion in android's trivialdrive sample: // important: dynamically register broadcast messages updated purchases. // register receiver here instead of <receiver> in manifest // because call getpurchases() @ startup, therefore can ignore // broadcasts sent while app isn't running. // note: registering listener in activity bad idea, done here // because sample. regardless, receiver must registered after // iabhelper setup, before first call getpurchases(). currently there's class extends broadcastreceiver : public class iabbroadcastreceiver extends broadcastreceiver { /** * intent action receiver should filter for. */ public static final string action = "com.android.vending.billing.purchases_updated"; private final iabbroadcastlistener mlistener; public iabbroadcastreceiver(iabbroadcastlistener listener) { m...
Read more

go - golang pprof for c library code -

i have been trying profile golang application pprof, seems details of c code(linked static library) missed in output result. flame graph from frame graph can see c code time consuming reported within "runtime._externalcode", no details @ all. , sure static library compiled debug enable. so there way make pprof details(like stack trace) of 3rd party c code? or there other golang profiling tool this?
Read more