Page 1 of 1

VPN client in a docker running on server

Posted: Fri Feb 19, 2021 9:34 am
by tomcy21
Hi there,
I'm kind of lost in all the networking features between docker and Softether.

I setup a Softether Server on an AWS EC2 instance (Ubuntu 18.04);
I can connect to the VPN from anywhere (linux and windows computer)- no problem.

On my AWS EC2 instance, I have dockers running different applications eg webserver.
I would that each virtualhub to form a LAN between its client and a docker container. See attached picture for better understanding

I tried to run VPN client in a docker in the server using this docker image https://github.com/nefarius/docker-softether-vpn-client. I tried different adress of the server : public ip of the server, localhost, eth0 IP ... but I can't make it work. Using "network_mode: host" option in the docker-compose makes me loose the ssh connection to my instance.
(I can connect to the server using this docker on my linux computer. And only the docker is connected to the VPN, my computer keep its public IP)

Do you have an idea about this problem ? Maybe it's a bad network design. I know docker can create bridges and virtual interfaces. Maybe I should connect the docker to a virtualHub with a local_bridge or something like this ?

Thank you ;)

Re: VPN client in a docker running on server

Posted: Mon Feb 22, 2021 5:23 am
by drkrool
Hi,
With such setup, it could be needed to use the bridge feature.
Ususally it's writen in the github page of the docker as there is no official docker of softether as it's not really written for it provided it's made to use the NIC directly

Re: VPN client in a docker running on server

Posted: Mon Feb 22, 2021 10:33 am
by tomcy21
Hi @drkrool, thanks for your answer!
Indeed I think I should use a local bridge and not a vpn client in the docker for performance reasons.

However i struggle setting up the local bridge to the docker network.
I created a docker bridge :

Code: Select all

 docker network create -d bridge --subnet 192.168.5.0/24 --gateway 192.168.5.1 test_bridge1 
For test purpose i'm running nginx docker on the server with this docker-compose:

Code: Select all

version: "3"

services:
  web_server:
    image: nginx:latest
    container_name: web_server
    ports:
      - 8080:80
    network_mode: test_bridge1
My container got an IP, 192.168.5.2.
My virtualHub, SecureNat is disabled, no dhcp.
When I create the softether local bridge, I target my VirualHub and the interface br-.... that was created when create the docker bridge (first command up here)

But now when connection, the client don't get an IP and of course I can't access the webserver.
I'm surely totaly wrong somewhere trying to figure it out.