Stack Overflow Asked by Tiago Machado on March 2, 2021
Good morning!
Im using check point mobile to connect to my client VPN, and I have 2 containers in docker: mysql and karaf both sharing the network I created using the command docker network create --subnet=vpnAddress mynet
I used the command --network=mynet when running the containers.
Until here its all ok, I can connect via putty ssh to karaf, install the kar and all bundles are ok.
But when calling the services I realize that the container is not connected to the VPN, even so that I created a network with the VPN address. I need to be connected to the VPN in order to call the services.
Im connected externally(outside docker) to the VPN using the check point mobile, but I need docker to add/connect to the VPN.
Im using windows 10 (using docker with linux containers), I tried to go to C:ProgramDataDockerDesktoptmp-d4w and edit the file host.docker.internal too and change the IP to my VPN address, but none works.
I searched a lot, and I saw people talking about docker vpn images such as nordVpn or openVpn, but I cant use that.
I have been told I need to add the vpn network to docker, But im green at networking and I dont know how to do it, and what I did didn’t work.
Hope you can help me. thanks!
edit: in docker engine i added the "bip": "vpnAddress/24"
I realize now that network bridge uses the VPN address now, tried to --network=bridge in both karaf and mysql container, but now karaf cant connect to mysql, but if I use the default docker create network mynet and run the 2 container using that network it works, but no luck with the VPN this way.
I haven't used Docker on Windows, but a quick look at some VPN containers shows that, in *nix at least, they use --device /dev/net/tun --cap-add=NET_ADMIN to expose the VPN "device" to the container. Other containers then use docker networking or links to connect to this VPN container - so looking at how the VPN containers do it might be helpful.
One suggestion for Mac seems to be using extra_hosts like so:
extra_hosts:
- "vpn.company.com:172.21.1.1"
You might be able to hack it with something like that. (or physically adding 172.21.1.1 vpn.company.com to /etc/hosts in the container). Also, checking for IP address conflicts between the Docker daemon and your host machine.
Windows docs seem to suggest they don't support network interfaces as "devices", so you probably need to either create a very specific docker network or modify host networking settings, starting with getting Docker daemon to recognize the VPN network.
See the Configure Advanced Networking section for some examples. I'd try creating a network associated with the VPN device first, then look into flags like --subnet and --gateway.
docker network create -d transparent
-o com.docker.network.windowsshim.interface="Ethernet 2" TransparentNet2
This creates a network with a particular subnet and gateway, then runs a container with a statically-assigned IP on that network.
C:> docker network create -d transparent
--subnet=10.123.174.0/23
--gateway=10.123.174.1 MyTransparentNet
C:> docker run -it --network=MyTransparentNet
--ip=10.123.174.105 windowsservercore cmd
Good luck!
Correct answer by Curtis Mattoon on March 2, 2021
The best way to handle these things is to use a Linux container and install VPN and perform the work whatever you want and push the Linux container to the docker hub to share the work. Don't forget to add the documentation on how to retrieve the work(where you saved your work) from Linux container.
Answered by harvey on March 2, 2021
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP