Jump to content
Not connected, Your IP: 3.147.65.47
toyah

Docker network problem when AirVPN is running

Recommended Posts

Hi,

 

Ubuntu 17.10

AirVPN 2.13.6, running through Eddie

 

When I try to start my app in Docker using "docker-compose up", I get an error:

ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network

If I disable network lock and stop Eddie, Docker will start up just fine.

 

After Googling I found a possible explanation and solution in https://stackoverflow.com/questions/45692255/how-make-openvpn-work-with-docker.

With my minimal VPN and network knowledge I'm unable to judge if this is a valid and safe solution.

 

Can anyone knowledgeable comment on this solution?

 

Share this post


Link to post

After Googling I found a possible explanation and solution in https://stackoverflow.com/questions/45692255/how-make-openvpn-work-with-docker.

With my minimal VPN and network knowledge I'm unable to judge if this is a valid and safe solution.

 

Can anyone knowledgeable comment on this solution?

 

Hello,

 

it looks very unsafe. The script removes the tunneling routes to the VPN gateway, so your system traffic will not be necessarily tunneled over AirVPN. Comment by grisha explains the problem as well.

 

Kind regards

Share this post


Link to post

Ok, if it looks unsafe to you I won't apply it

 

I'm not sure how to configure grisha's proposal...

 

I suddenly had a bright moment.

Docker uses 172.0.0.0/24 for networking.

The "ip route" command shows that the two apps in my Docker container use 172.17.0.0/16 and 172.18.0.0/16.

I'm ok if traffic to and from these apps don't go through VPN.

 

So I added 172.17.0.0/16 and 172.18.0.0/16 to Routes with destination 'Outside the VPN tunnel'.

And that works!

Almost...

It fails when I activate Network Lock, as Docker tries to append to iptables...

 

So I guess I can't run Docker when I also want network lock

Share this post


Link to post

Nice, tx for posting!
Not working with Docker right now, but when I pick it up again I'll try it out.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...