[lxc-users] OpenVPN server in a container... can connect but no webpages load

Idafe Houghton idafe.houghton at gmail.com
Thu Dec 29 02:54:33 UTC 2016 

Any feedback is welcome.

Best regards.

2016-12-29 3:45 GMT+01:00 Idafe Houghton <idafe.houghton at gmail.com>:

> Or else you should enable  proxy_arp=1 to your bridge interface.
>
> Have you checked that you can go outside internet from within your
> container? (without all the vpn thing?)
>
> 2016-12-29 3:39 GMT+01:00 Idafe Houghton <idafe.houghton at gmail.com>:
>
>> What I may say, may seem stupid, but just to make sure...
>>
>> May you tell us your NATting tables?
>>
>> Thanks.
>>
>> 2016-12-27 21:13 GMT+01:00 John <da_audiophile at yahoo.com>:
>>
>>> Goal: I currently have standalone box running openvpn that is correctly
>>> configured and works.  My goal is to move that to a container.
>>>
>>>
>>> Problem: I can connect to the openvpn server in the container but I
>>> cannot load webpages, they just timeout. I must not have something
>>> configured correctly.
>>>
>>> I have a very basic setup without a firewall currently (I will add ufw
>>> once I verify function without it):
>>>
>>>
>>> 1) Host OS: Arch Linux x86_64. I have a netctl loading br0 (see below).
>>> 2) LXC: I created a basic lxc with just base and openvpn.  I copied the
>>> contents of /etc/openvpn/* from the functional system to the lxc's
>>> /etc/openvpn.
>>> 3) I am forwarding port 443 (which is what I am running openvpn on, to
>>> the internal IP of the container).
>>>
>>> My netctl bridge profile on the host OS, /etc/netctl/bridge:
>>>
>>> =============================
>>> Description='lxc bridge'
>>> Interface=br0
>>> Connection=bridge
>>> BindsToInterfaces=('eth0')
>>> IP=dhcp
>>>
>>>
>>> Output of `ip a` on the host OS:
>>> =============================
>>> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 4096 qdisc noqueue state UNKNOWN group
>>> default
>>> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>>> inet 127.0.0.1/8 scope host lo
>>> valid_lft forever preferred_lft forever
>>> inet6 ::1/128 scope host
>>> valid_lft forever preferred_lft forever
>>>
>>>
>>> 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc
>>> fq_codel master br0 state UP group default qlen 1000
>>> link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff
>>> inet6 fe80::21e:6ff:fe33:59e7/64 scope link
>>> valid_lft forever preferred_lft forever
>>>
>>>
>>> 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
>>> UP group default
>>> link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff
>>> inet 192.168.1.245/24 brd 192.168.1.255 scope global br0
>>> valid_lft forever preferred_lft forever
>>> inet6 fe80::21e:6ff:fe33:59e7/64 scope link
>>> valid_lft forever preferred_lft forever
>>>
>>>
>>> Output of `ip r` on the host OS:
>>> =============================
>>> default via 192.168.1.1 dev br0 src 192.168.1.245 metric 203
>>> 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.245 metric
>>> 203
>>>
>>>
>>> Output of `sysctl net.ipv4.conf | grep forward` on the host OS:
>>> =============================
>>> net.ipv4.conf.all.forwarding = 1
>>> net.ipv4.conf.all.mc_forwarding = 0
>>> net.ipv4.conf.br0.forwarding = 1
>>> net.ipv4.conf.br0.mc_forwarding = 0
>>> net.ipv4.conf.default.forwarding = 1
>>> net.ipv4.conf.default.mc_forwarding = 0
>>> net.ipv4.conf.eth0.forwarding = 1
>>> net.ipv4.conf.eth0.mc_forwarding = 0
>>> net.ipv4.conf.lo.forwarding = 1
>>> net.ipv4.conf.lo.mc_forwarding = 0
>>>
>>>
>>>
>>> My container config, /var/lib/lxc/base/config:
>>>
>>> =============================
>>> lxc.rootfs = /var/lib/lxc/base/rootfs
>>> lxc.rootfs.backend = dir
>>> lxc.utsname = base
>>> lxc.arch = x86_64
>>> lxc.include = /usr/share/lxc/config/archlinux.common.conf
>>>
>>> ## network
>>> lxc.network.type = veth
>>> lxc.network.flags = up
>>> lxc.network.link = br0
>>> lxc.network.name = eth0
>>> lxc.network.ipv4 = 192.168.1.246/24
>>> lxc.network.ipv4.gateway = 192.168.1.1
>>>
>>> ## systemd within the lxc
>>> lxc.autodev = 1
>>> lxc.hook.autodev = /var/lib/lxc/base/autodev
>>> lxc.pts = 1024
>>> lxc.kmsg = 0
>>>
>>> ## for openvpn
>>> lxc.cgroup.devices.allow = c 10:200 rwm
>>> _______________________________________________
>>> lxc-users mailing list
>>> lxc-users at lists.linuxcontainers.org
>>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20161229/9960d0e2/attachment.html>

More information about the lxc-users mailing list