[lxc-users] OpenVPN server in a container... can connect but no webpages load

John da_audiophile at yahoo.com
Thu Dec 29 10:16:01 UTC 2016 

Sorry for the post, the problem was in my lxc configuration.  

 
      From: Idafe Houghton <idafe.houghton at gmail.com>
 To: LXC users mailing-list <lxc-users at lists.linuxcontainers.org> 
 Sent: Wednesday, December 28, 2016 9:54 PM
 Subject: Re: [lxc-users] OpenVPN server in a container... can connect but no webpages load
   
Any feedback is welcome.

Best regards.
2016-12-29 3:45 GMT+01:00 Idafe Houghton <idafe.houghton at gmail.com>:

Or else you should enable  proxy_arp=1 to your bridge interface.

Have you checked that you can go outside internet from within your container? (without all the vpn thing?)
2016-12-29 3:39 GMT+01:00 Idafe Houghton <idafe.houghton at gmail.com>:

What I may say, may seem stupid, but just to make sure...

May you tell us your NATting tables?

Thanks.
2016-12-27 21:13 GMT+01:00 John <da_audiophile at yahoo.com>:

Goal: I currently have standalone box running openvpn that is correctly configured and works.  My goal is to move that to a container.


Problem: I can connect to the openvpn server in the container but I cannot load webpages, they just timeout. I must not have something configured correctly.

I have a very basic setup without a firewall currently (I will add ufw once I verify function without it):


1) Host OS: Arch Linux x86_64. I have a netctl loading br0 (see below).
2) LXC: I created a basic lxc with just base and openvpn.  I copied the contents of /etc/openvpn/* from the functional system to the lxc's /etc/openvpn.
3) I am forwarding port 443 (which is what I am running openvpn on, to the internal IP of the container).

My netctl bridge profile on the host OS, /etc/netctl/bridge:

=============================
Description='lxc bridge'
Interface=br0
Connection=bridge
BindsToInterfaces=('eth0')
IP=dhcp


Output of `ip a` on the host OS:
=============================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 4096 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever


2: eth0: <BROADCAST,MULTICAST,PROMISC,U P,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21e:6ff:fe33:59e7/64 scope link
valid_lft forever preferred_lft forever


3: br0: <BROADCAST,MULTICAST,UP,LOWER_ UP> mtu 1500 qdisc noqueue state UP group default
link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.245/24 brd 192.168.1.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::21e:6ff:fe33:59e7/64 scope link
valid_lft forever preferred_lft forever


Output of `ip r` on the host OS:
=============================
default via 192.168.1.1 dev br0 src 192.168.1.245 metric 203
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.245 metric 203


Output of `sysctl net.ipv4.conf | grep forward` on the host OS:
=============================
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwardin g = 0
net.ipv4.conf.br0.forwarding = 1
net.ipv4.conf.br0.mc_forwardin g = 0
net.ipv4.conf.default.forwardi ng = 1
net.ipv4.conf.default.mc_forwa rding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwardi ng = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0



My container config, /var/lib/lxc/base/config:

=============================
lxc.rootfs = /var/lib/lxc/base/rootfs
lxc.rootfs.backend = dir
lxc.utsname = base
lxc.arch = x86_64
lxc.include = /usr/share/lxc/config/archlinu x.common.conf

## network
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.ipv4 = 192.168.1.246/24
lxc.network.ipv4.gateway = 192.168.1.1

## systemd within the lxc
lxc.autodev = 1
lxc.hook.autodev = /var/lib/lxc/base/autodev
lxc.pts = 1024
lxc.kmsg = 0

## for openvpn
lxc.cgroup.devices.allow = c 10:200 rwm
______________________________ _________________
lxc-users mailing list
lxc-users at lists.linuxcontainer s.org
http://lists.linuxcontainers.o rg/listinfo/lxc-users






_______________________________________________
lxc-users mailing list
lxc-users at lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users

   
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20161229/e94b5678/attachment-0001.html>

More information about the lxc-users mailing list