Menu
I have recently installed privacy vpn, and it turns out that enabled openvpn breaks docker.
When I try to run docker-compose up i get following error
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network Disabling vpn fixes the problem (however I'd rather not disable it). Is there any way to make these two co-exist peacefully? I use debian jessie, and my openvpn has following version string
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017 A lot of people "solved" this problem by disabling the openvpn, so I'm asking specifically on how to make these two work at the same time.
References:
If this makes any difference my vpn provider is: https://www.ovpn.com/ and here is (somewhat redacted) config file:
client dev tun proto udp remote host port remote-random mute-replay-warnings replay-window 256 push "dhcp-option DNS 46.227.67.134" push "dhcp-option DNS 192.165.9.158" remote-cert-tls server cipher aes-256-cbc pull nobind reneg-sec 432000 resolv-retry infinite comp-lzo verb 1 persist-key persist-tun auth-user-pass /etc/openvpn/credentials ca ovpn-ca.crt tls-auth ovpn-tls.key 1 
672
Encapsulating software within a container brings a lot of benefits, such as quicker deployment, easier development and - last but not least - isolation of your host system from the application.
But TCP 443 is the port used for HTTPS traffic, and a lot of websites use HTTPS by default. So by having an OpenVPN TCP daemon on port TCP 443, chances are that even on such a restricted network your OpenVPN client program will be able to make a connection to the OpenVPN Access Server using the TCP fallback.
Create /etc/openvpn/fix-routes.sh script with following contents:
#!/bin/sh echo "Adding default route to $route_vpn_gateway with /0 mask..." ip route add default via $route_vpn_gateway echo "Removing /1 routes..." ip route del 0.0.0.0/1 via $route_vpn_gateway ip route del 128.0.0.0/1 via $route_vpn_gateway Add executable bit to the file: chmod o+x /etc/openvpn/fix-routes.sh. Change owner of this file to root: chown root:root /etc/openvpn/fix-routes.sh.
Add to your config following two lines:
script-security 2 route-up /etc/openvpn/fix-routes.sh Openvpn adds routes that for following networks: 0.0.0.0/1 and 128.0.0.0/1 (these routes cover entire IP range), and docker can't find range of IP addresses to create it's own private network.
You need to add a default route (to route everything through openvpn) and disable these two specific routes. fix-routes script does that.
This script is called after openvpn adds its own routes. To execute scripts you'll need to set script-security to 2 which allows execution of bash scripts from openvpn context.
I'd like to thank author of this comment on github, also thanks to ovpn support.
111
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With