Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Hitting resources in a private network from within a Docker container using VPN

Tags:

docker

networking

docker-machine

vpn

I'm running Docker 1.9.1 on OSX, and I'm connected to my private work network with Cisco AnyConnect VPN. A service that I'm running in a Docker container connects to a DB within the work network, and is unreachable from within the container, but reachable from outside the container in OSX. It's also reachable from within the container if I'm connected directly to the work network, not through VPN. I suspect I may have to do some network configuration with the docker-machine VM, but I'm not sure where to go from here.

like image 344
Jared Avatar asked Jan 03 '16 20:01

Jared

2 Answers

If you are using Virtualbox as your hypervisor for the docker-machines, I suggest you set your network mode as Bridged Adapter. This way your VM will be connected to the network individually just like your own machine. Also to gather more information for troubleshooting try pinging the db host machine from the container machine command line. use docker exec -it <container-name> /bin/bash

like image 165
Miad Abrin Avatar answered Oct 15 '22 03:10

Miad Abrin

Check your routing inside the Docker Machine VM with

docker-machine ssh default
$ route -n

which looks like this on a fresh machine:

docker@default:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 1 0 0 eth0 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.99.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

If you've created a lot of networks, i.e. by using docker-compose it might have created routes to stacks, which conflict with your VPN or local network routes.

docker@dev15:~$ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.2.2 0.0.0.0 UG 1 0 0 eth0 10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 lo 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-7400365dbd39 172.25.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br-4db568a601b4 [...] 192.168.80.0 0.0.0.0 255.255.240.0 U 0 0 0 br-97690a1b4313 192.168.105.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

TL;dr

It should be safe to remove all networks, with

docker network rm $(docker network ls -q)

since active networks are not removed by default ... but nonetheless be careful when running rm commands :)

like image 39
schmunk Avatar answered Oct 15 '22 02:10

schmunk
Sign in to Comment

Related questions

Retrofit get a parameter from a redirect URL
How can I count each UDP packet sent out by subprocesses?
HTTP Proxy support with WKWebView
Network call on alarm times out
AF_PACKET and Ethernet
Difference between DatagramSocket and DatagramChannel
Simulating variable network conditions in tests
How do I specify which network interface the Android emulator should use on my development machine?
Is there a std::streambuf version that converts host to network byte order?
Severe UDP packet loss on some Android devices
Windows Filtering Platform Callout Drivers - Samples, Tutorials, Help
Socket.Select returns error "An operation was attempted on something that is not a socket"
fsc.exe is very slow because it tries to access crl.microsoft.com
How to get proxy settings from system settings in Java
Affect the order of NetworkInterface.getNetworkInterfaces enumeration in Java 6 on Linux
How to broadcast in java network
Java multiplayer game - networking concepts
Measuring Download Speed with Java/Android
How to get the first available TCP port to listen to?
Programmatically create Ad-Hoc network OS X

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!