<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div id="yui_3_16_0_ym19_1_1482988379670_9019"><span>Sorry for the post, the problem was in my lxc configuration. </span></div><div class="qtdSeparateBR" id="yui_3_16_0_ym19_1_1482988379670_9020"><br><br></div><div class="yahoo_quoted" id="yui_3_16_0_ym19_1_1482988379670_9106" style="display: block;"> <blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; padding-left: 5px;" id="yui_3_16_0_ym19_1_1482988379670_9107"> <div style="font-family: HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1482988379670_9113"> <div style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" id="yui_3_16_0_ym19_1_1482988379670_9112"> <div dir="ltr"> <font size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Idafe Houghton <idafe.houghton@gmail.com><br> <b><span style="font-weight: bold;">To:</span></b> LXC users mailing-list <lxc-users@lists.linuxcontainers.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, December 28, 2016 9:54 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: [lxc-users] OpenVPN server in a container... can connect but no webpages load<br> </font> </div> <div class="y_msg_container" id="yui_3_16_0_ym19_1_1482988379670_9111"><br><div id="yiv5093723489"><div id="yui_3_16_0_ym19_1_1482988379670_9110"><div dir="ltr">Any feedback is welcome.<br clear="none"><br clear="none">Best regards.</div><div class="yiv5093723489gmail_extra" id="yui_3_16_0_ym19_1_1482988379670_9109"><br clear="none"><div class="yiv5093723489gmail_quote" id="yui_3_16_0_ym19_1_1482988379670_9108">2016-12-29 3:45 GMT+01:00 Idafe Houghton <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:idafe.houghton@gmail.com" target="_blank" href="mailto:idafe.houghton@gmail.com">idafe.houghton@gmail.com</a>></span>:<br clear="none"><div class="yiv5093723489yqt3446860225" id="yiv5093723489yqt22381"><blockquote class="yiv5093723489gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" id="yui_3_16_0_ym19_1_1482988379670_9115"><div dir="ltr" id="yui_3_16_0_ym19_1_1482988379670_9114">Or else you should enable proxy_arp=1 to your bridge interface.<br clear="none"><br clear="none">Have you checked that you can go outside internet from within your container? (without all the vpn thing?)</div><div class="yiv5093723489HOEnZb" id="yui_3_16_0_ym19_1_1482988379670_9119"><div class="yiv5093723489h5" id="yui_3_16_0_ym19_1_1482988379670_9118"><div class="yiv5093723489gmail_extra" id="yui_3_16_0_ym19_1_1482988379670_9117"><br clear="none"><div class="yiv5093723489gmail_quote" id="yui_3_16_0_ym19_1_1482988379670_9116">2016-12-29 3:39 GMT+01:00 Idafe Houghton <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:idafe.houghton@gmail.com" target="_blank" href="mailto:idafe.houghton@gmail.com">idafe.houghton@gmail.com</a>></span>:<br clear="none"><blockquote class="yiv5093723489gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" id="yui_3_16_0_ym19_1_1482988379670_9121"><div dir="ltr" id="yui_3_16_0_ym19_1_1482988379670_9120">What I may say, may seem stupid, but just to make sure...<br clear="none"><br clear="none">May you tell us your NATting tables?<br clear="none"><br clear="none">Thanks.</div><div class="yiv5093723489m_-5952083928553971972HOEnZb" id="yui_3_16_0_ym19_1_1482988379670_9124"><div class="yiv5093723489m_-5952083928553971972h5" id="yui_3_16_0_ym19_1_1482988379670_9123"><div class="yiv5093723489gmail_extra" id="yui_3_16_0_ym19_1_1482988379670_9122"><br clear="none"><div class="yiv5093723489gmail_quote" id="yui_3_16_0_ym19_1_1482988379670_9126">2016-12-27 21:13 GMT+01:00 John <span dir="ltr"><<a rel="nofollow" shape="rect" ymailto="mailto:da_audiophile@yahoo.com" target="_blank" href="mailto:da_audiophile@yahoo.com">da_audiophile@yahoo.com</a>></span>:<br clear="none"><blockquote class="yiv5093723489gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" id="yui_3_16_0_ym19_1_1482988379670_9125">Goal: I currently have standalone box running openvpn that is correctly configured and works. My goal is to move that to a container.<br clear="none">
<br clear="none">
<br clear="none">
Problem: I can connect to the openvpn server in the container but I cannot load webpages, they just timeout. I must not have something configured correctly.<br clear="none">
<br clear="none">
I have a very basic setup without a firewall currently (I will add ufw once I verify function without it):<br clear="none">
<br clear="none">
<br clear="none">
1) Host OS: Arch Linux x86_64. I have a netctl loading br0 (see below).<br clear="none">
2) LXC: I created a basic lxc with just base and openvpn. I copied the contents of /etc/openvpn/* from the functional system to the lxc's /etc/openvpn.<br clear="none">
3) I am forwarding port 443 (which is what I am running openvpn on, to the internal IP of the container).<br clear="none">
<br clear="none">
My netctl bridge profile on the host OS, /etc/netctl/bridge:<br clear="none">
<br clear="none">
=============================<br clear="none">
Description='lxc bridge'<br clear="none">
Interface=br0<br clear="none">
Connection=bridge<br clear="none">
BindsToInterfaces=('eth0')<br clear="none">
IP=dhcp<br clear="none">
<br clear="none">
<br clear="none">
Output of `ip a` on the host OS:<br clear="none">
=============================<br clear="none">
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 4096 qdisc noqueue state UNKNOWN group default<br clear="none">
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br clear="none">
inet <a rel="nofollow" shape="rect" target="_blank" onclick="return window.theMainWindow.showLinkWarning(this)" href="http://127.0.0.1/8">127.0.0.1/8</a> scope host lo<br clear="none">
valid_lft forever preferred_lft forever<br clear="none">
inet6 ::1/128 scope host<br clear="none">
valid_lft forever preferred_lft forever<br clear="none">
<br clear="none">
<br clear="none">
2: eth0: <BROADCAST,MULTICAST,PROMISC,U P,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000<br clear="none">
link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff<br clear="none">
inet6 fe80::21e:6ff:fe33:59e7/64 scope link<br clear="none">
valid_lft forever preferred_lft forever<br clear="none">
<br clear="none">
<br clear="none">
3: br0: <BROADCAST,MULTICAST,UP,LOWER_ UP> mtu 1500 qdisc noqueue state UP group default<br clear="none">
link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff<br clear="none">
inet <a rel="nofollow" shape="rect" target="_blank" onclick="return window.theMainWindow.showLinkWarning(this)" href="http://192.168.1.245/24">192.168.1.245/24</a> brd 192.168.1.255 scope global br0<br clear="none">
valid_lft forever preferred_lft forever<br clear="none">
inet6 fe80::21e:6ff:fe33:59e7/64 scope link<br clear="none">
valid_lft forever preferred_lft forever<br clear="none">
<br clear="none">
<br clear="none">
Output of `ip r` on the host OS:<br clear="none">
=============================<br clear="none">
default via 192.168.1.1 dev br0 src 192.168.1.245 metric 203<br clear="none">
<a rel="nofollow" shape="rect" target="_blank" onclick="return window.theMainWindow.showLinkWarning(this)" href="http://192.168.1.0/24">192.168.1.0/24</a> dev br0 proto kernel scope link src 192.168.1.245 metric 203<br clear="none">
<br clear="none">
<br clear="none">
Output of `sysctl net.ipv4.conf | grep forward` on the host OS:<br clear="none">
=============================<br clear="none">
net.ipv4.conf.all.forwarding = 1<br clear="none">
net.ipv4.conf.all.mc_forwardin g = 0<br clear="none">
net.ipv4.conf.br0.forwarding = 1<br clear="none">
net.ipv4.conf.br0.mc_forwardin g = 0<br clear="none">
net.ipv4.conf.default.forwardi ng = 1<br clear="none">
net.ipv4.conf.default.mc_forwa rding = 0<br clear="none">
net.ipv4.conf.eth0.forwarding = 1<br clear="none">
net.ipv4.conf.eth0.mc_forwardi ng = 0<br clear="none">
net.ipv4.conf.lo.forwarding = 1<br clear="none">
net.ipv4.conf.lo.mc_forwarding = 0<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
My container config, /var/lib/lxc/base/config:<br clear="none">
<br clear="none">
=============================<br clear="none">
lxc.rootfs = /var/lib/lxc/base/rootfs<br clear="none">
lxc.rootfs.backend = dir<br clear="none">
lxc.utsname = base<br clear="none">
lxc.arch = x86_64<br clear="none">
lxc.include = /usr/share/lxc/config/archlinu x.common.conf<br clear="none">
<br clear="none">
## network<br clear="none">
lxc.network.type = veth<br clear="none">
lxc.network.flags = up<br clear="none">
lxc.network.link = br0<br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lxc.network.name/">lxc.network.name</a> = eth0<br clear="none">
lxc.network.ipv4 = <a rel="nofollow" shape="rect" target="_blank" onclick="return window.theMainWindow.showLinkWarning(this)" href="http://192.168.1.246/24">192.168.1.246/24</a><br clear="none">
lxc.network.ipv4.gateway = 192.168.1.1<br clear="none">
<br clear="none">
## systemd within the lxc<br clear="none">
lxc.autodev = 1<br clear="none">
lxc.hook.autodev = /var/lib/lxc/base/autodev<br clear="none">
lxc.pts = 1024<br clear="none">
lxc.kmsg = 0<br clear="none">
<br clear="none">
## for openvpn<br clear="none">
lxc.cgroup.devices.allow = c 10:200 rwm<br clear="none">
______________________________ _________________<br clear="none">
lxc-users mailing list<br clear="none">
lxc-users@lists.<a rel="nofollow" shape="rect" target="_blank" href="http://linuxcontainers.org/">linuxcontainer s.org</a><br clear="none">
<a rel="nofollow" shape="rect" target="_blank" href="http://lists.linuxcontainers/">http://lists.linuxcontainers</a>.o rg/listinfo/lxc-users</blockquote></div><br clear="none"></div>
</div></div></blockquote></div><br clear="none"></div>
</div></div></blockquote></div></div><br clear="none"></div></div></div><br><div class="yqt3446860225" id="yqt37996">_______________________________________________<br clear="none">lxc-users mailing list<br clear="none"><a shape="rect" ymailto="mailto:lxc-users@lists.linuxcontainers.org" href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br clear="none"><a shape="rect" href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></div><br><br></div> </div> </div> </blockquote> </div></div></body></html>