stackoom
  简体   繁体   中英

Docker Desktop Windows and VPN - no network connection inside container

 原文  2020-03-26 14:10:06       windows/ docker/ vpn

Question

I'm trying to use Docker on Windows while being connected to VPN.

When VPN is not connected, everything works OK.

But when I connect to our corporate VPN using Cisco AnyConnect client, network inside docker container is not working anymore:

docker run alpine ping www.google.com
ping: bad address 'www.google.com'

docker run alpine ping -c 5 216.58.204.36
PING 216.58.204.36 (216.58.204.36): 56 data bytes
--- 216.58.204.36 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

How to fix this issue and make it work?

My setup is:

  • Windows 10 Version 1809 (OS Build 17763.1098)
  • Docker Desktop Community 2.2.0.4 (43472): Engine 19.03.8, Compose 1.25.4, Kubernetes 1.15.5, Notary 0.6.1, Credential Helper 0.6.3
  • Docker is in Windows containers mode with experimental features enabled (needed to run windows and linux images at the same time)

2 answers

solution1
 0  2021-03-15 14:48:32

Actually i did it using Docker Desktop and Hyper-V virtual machines. Using OpenConnect but i think it can be done for most VPN client with minor adaptations.

The fully explained instructions are here Docker Desktop, Hyper-V and VPN with the settings for Docker containers, Windows VMs and Linux VMs

  • I created a new internal Virtual Switch (let's call it "Internal") and assigned to it a static IP address (let's say 192.168.4.2)

  • I created a new VM with Ubuntu server and OpenConnect, connected to both the default Virtual Switch and the "Internal"

  • On the OpenConnect VM

    • Assigned to "Internal" a fixed ip (192.168.4.3)

    • Added a new tun interface "persistent" telling openconnect to use that tun (adding the "-i tun0" parameter as openconnect start parameter)

      sudo ip tuntap add name tun0 mode tun

    • Installed the persist-iptables

    • Forced the ip forwarding

      sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p

    • Setup the routing

      sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT sudo iptables -A FORWARD -o tun0 -j ACCEPT sudo iptables -A FORWARD -i tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -i tun0 -j ACCEPT

    • After connecting the vpn i added permanently the dns servers to the resolve.conf

    • And retrieve the class of addresses of the VPN (like 10. . .* )

  • On the Docker containers

    • Added on Dockerfile the basic route

      RUN route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.4.3

    • Then running the docker file i added the dns giving net admin and sys module permissions

      --dns 8.8.8.8 --dns 10.1.77.21 --dns 10.4.52.21 --dns-search test.dns.it
      --cap-add=NET_ADMIN --cap-add=SYS_MODULE

solution2
 0  2022-02-01 19:57:15

在我的 VPN (AnyConnect) 运行时,我必须从 PowerShell(管理员模式)运行以下命令:

Get-NetAdapter | Where-Object {$_.InterfaceDescription -Match "Cisco AnyConnect"} | Set-NetIPInterface -InterfaceMetric 6000

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Access to vpn hosts from inside Windows Docker Container Docker Container for Windows - desktop app How to get the underlying network interface used by a VPN connection in Windows Docker for Windows - access container in local network Mounting a network folder to a Docker container on Windows 10 Mount Windows network drive in Docker container (Linux) How do I mount a network volume inside my Docker Windows container Windows Docker Desktop Linux mode - docker container time skew Connection refused to localhost with Docker container (Windows) Check network connection in both Windows ce (PDA) and Desktop
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM