Docker & OpenVPN (timeout) [Résolu]

Ce site est optimisé pour être consulté depuis un navigateur moderne dans lequel JavaScript est activé.

Docker & OpenVPN (timeout) [Résolu]

farfeduc

Bonjour !

Avant de rentrer dans les détails voici ce que je cherche à faire : rendre accessible des conteneurs docker uniquement au travers d'un VPN lui même dans un conteneur docker (obligé car j'utilise CoreOS).

Voici donc mes différents fichiers de configuration :

docker-compose.yml :

version: '2'

networks:
  vpn:
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.111.0/24

services:
  ovpn-data:
    image: busybox
    volumes:
      - /home/farfeduc/openvpn:/etc/openvpn

  openvpn:
    build: .
    command: /etc/openvpn/run.sh
    privileged: true
    volumes_from:
      - ovpn-data
    ports:
      - "1194:1194"
    cap_add:
      - NET_ADMIN
    networks:
      vpn:
        ipv4_address: 192.168.111.254

  dnsmasq:
    image: jpillora/dnsmasq
    container_name: dnsmasq
    expose:
      - "53"
      - "5380"
    environment:
      - "USER=admin"
      - "PASS=password"
    volumes:
      - /home/farfeduc/dnsmasq/dnsmasq.conf:/etc/dnsmasq.conf
    networks:
      vpn:
        ipv4_address: 192.168.111.40

  web:
    image: nginx:alpine
    container_name: nginx
    expose:
      - "80"
    networks:
      vpn:
        ipv4_address: 192.168.111.50

Dockerfile :

FROM kylemanna/openvpn

RUN apk add -U bridge-utils iptables

run.sh :

#!/bin/sh
/etc/openvpn/firewall.sh
/etc/openvpn/bridge-start
ovpn_run

firewall.sh :

 iptables -A INPUT -p tcp -m tcp --dport 1194 -j ACCEPT
 iptables -t nat -I PREROUTING -p tcp -d *.*.*.* --dport 1194 -j DNAT --to 192.168.111.254
 iptables -I FORWARD -p tcp -d 192.168.111.254 --dport 1194
 iptables -A INPUT -i tap0 -j ACCEPT
 iptables -A INPUT -i br0 -j ACCEPT
 iptables -A FORWARD -i br0 -j ACCEPT

bridge-start :

#!/bin/sh
# On créer un tunnel persistant en mode TAP.
openvpn --mktun --dev tap0
# On créer une nouvelle interface de type "bridge".
brctl addbr br0
brctl addif br0 tap0
brctl addif br0 eth0
# On configure les interfaces en mode promiscuous (elles écoutent tout,
# mais n'ont pas d'adresses IP)
ifconfig eth0 0.0.0.0 promisc up
ifconfig tap0 0.0.0.0 promisc up
# On configure l'IP de l'interface "bridge" avec l'ancienne adresse de eth0
ifconfig br0 192.168.111.254 netmask 255.255.255.0 broadcast 192.168.111.255
# On remet la passerelle par défaut, qui a été effacée
# lors de la création du bridge.
route add default gw 192.168.111.254 br0
# On ajoute les routes pour atteindre les réseaux de la zone local.
route add -net 192.168.111.0 netmask 255.255.255.0 br0

openvpn.conf :

local 192.168.111.254
port 1194
proto tcp
dev tap0
verb 5
key /etc/openvpn/pki/private/girardeau.me.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/girardeau.me.crt
dh /etc/openvpn/pki/dh.pem
ifconfig-pool-persist /etc/openvpn/ipp.txt
server-bridge 192.168.111.254 255.255.255.0 192.168.111.100 192.168.111.200
push "route 192.168.111.0 255.255.255.0"
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"

client-to-client
keepalive 10 120
comp-lzo

persist-key
persist-tun

log-append /etc/openvpn/server.log

### Push Configurations Below
push "block-outside-dns"

client.ovpn :

client
nobind
dev tap
key-direction 1
remote-cert-tls server

remote mon.ndd 1194 tcp



<key>
-----BEGIN PRIVATE KEY-----
ma-private-key
-----END PRIVATE KEY-----
</key>
<cert>
-----BEGIN CERTIFICATE-----
mon-cert
-----END CERTIFICATE-----
</cert>
<ca>
-----BEGIN CERTIFICATE-----
mon-ca-cert
-----END CERTIFICATE-----
</ca>
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
ma-key
-----END OpenVPN Static key V1-----
</tls-auth>
key-direction 1

redirect-gateway def1
comp-lzo

log serveur (docker) :

openvpn_1    | Mon Feb 20 16:50:55 2017 TUN/TAP device tap0 opened
openvpn_1    | Mon Feb 20 16:50:55 2017 Persist state set to: ON
openvpn_1    | iptables: No chain/target/match by that name.

log serveur (openvpn) :

Mon Feb 20 16:50:56 2017 us=149285 Current Parameter Settings:
Mon Feb 20 16:50:56 2017 us=149405   config = '/etc/openvpn/openvpn.conf'
Mon Feb 20 16:50:56 2017 us=149433   mode = 1
Mon Feb 20 16:50:56 2017 us=149458   persist_config = DISABLED
Mon Feb 20 16:50:56 2017 us=149483   persist_mode = 1
Mon Feb 20 16:50:56 2017 us=150893   show_ciphers = DISABLED
Mon Feb 20 16:50:56 2017 us=150947   show_digests = DISABLED
Mon Feb 20 16:50:56 2017 us=150973   show_engines = DISABLED
Mon Feb 20 16:50:56 2017 us=150998   genkey = DISABLED
Mon Feb 20 16:50:56 2017 us=151023   key_pass_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=151048   show_tls_ciphers = DISABLED
Mon Feb 20 16:50:56 2017 us=151072 Connection profiles [default]:
Mon Feb 20 16:50:56 2017 us=151097   proto = tcp-server
Mon Feb 20 16:50:56 2017 us=151122   local = '192.168.111.254'
Mon Feb 20 16:50:56 2017 us=151147   local_port = 1194
Mon Feb 20 16:50:56 2017 us=151171   remote = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=151196   remote_port = 1194
Mon Feb 20 16:50:56 2017 us=151221   remote_float = DISABLED
Mon Feb 20 16:50:56 2017 us=151245   bind_defined = DISABLED
Mon Feb 20 16:50:56 2017 us=151269   bind_local = ENABLED
Mon Feb 20 16:50:56 2017 us=151293   connect_retry_seconds = 5
Mon Feb 20 16:50:56 2017 us=151317   connect_timeout = 10
Mon Feb 20 16:50:56 2017 us=151341   connect_retry_max = 0
Mon Feb 20 16:50:56 2017 us=151365   socks_proxy_server = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=151390   socks_proxy_port = 0
Mon Feb 20 16:50:56 2017 us=151414   socks_proxy_retry = DISABLED
Mon Feb 20 16:50:56 2017 us=151438   tun_mtu = 1500
Mon Feb 20 16:50:56 2017 us=151462   tun_mtu_defined = ENABLED
Mon Feb 20 16:50:56 2017 us=151486   link_mtu = 1500
Mon Feb 20 16:50:56 2017 us=151562   link_mtu_defined = DISABLED
Mon Feb 20 16:50:56 2017 us=151591   tun_mtu_extra = 32
Mon Feb 20 16:50:56 2017 us=151617   tun_mtu_extra_defined = ENABLED
Mon Feb 20 16:50:56 2017 us=151641   mtu_discover_type = -1
Mon Feb 20 16:50:56 2017 us=151665   fragment = 0
Mon Feb 20 16:50:56 2017 us=151689   mssfix = 1450
Mon Feb 20 16:50:56 2017 us=151713   explicit_exit_notification = 0
Mon Feb 20 16:50:56 2017 us=151737 Connection profiles END
Mon Feb 20 16:50:56 2017 us=151762   remote_random = DISABLED
Mon Feb 20 16:50:56 2017 us=151786   ipchange = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=151835   dev = 'tap0'
Mon Feb 20 16:50:56 2017 us=151862   dev_type = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=151887   dev_node = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=151912   lladdr = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=151936   topology = 1
Mon Feb 20 16:50:56 2017 us=151960   tun_ipv6 = DISABLED
Mon Feb 20 16:50:56 2017 us=151984   ifconfig_local = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=152008   ifconfig_remote_netmask = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=152032   ifconfig_noexec = DISABLED
Mon Feb 20 16:50:56 2017 us=152057   ifconfig_nowarn = DISABLED
Mon Feb 20 16:50:56 2017 us=152081   ifconfig_ipv6_local = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=152105   ifconfig_ipv6_netbits = 0
Mon Feb 20 16:50:56 2017 us=152130   ifconfig_ipv6_remote = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=152155   shaper = 0
Mon Feb 20 16:50:56 2017 us=152179   mtu_test = 0
Mon Feb 20 16:50:56 2017 us=152203   mlock = DISABLED
Mon Feb 20 16:50:56 2017 us=152227   keepalive_ping = 10
Mon Feb 20 16:50:56 2017 us=152251   keepalive_timeout = 120
Mon Feb 20 16:50:56 2017 us=152276   inactivity_timeout = 0
Mon Feb 20 16:50:56 2017 us=152300   ping_send_timeout = 10
Mon Feb 20 16:50:56 2017 us=152325   ping_rec_timeout = 240
Mon Feb 20 16:50:56 2017 us=152349   ping_rec_timeout_action = 2
Mon Feb 20 16:50:56 2017 us=152374   ping_timer_remote = DISABLED
Mon Feb 20 16:50:56 2017 us=152398   remap_sigusr1 = 0
Mon Feb 20 16:50:56 2017 us=152423   persist_tun = ENABLED
Mon Feb 20 16:50:56 2017 us=152447   persist_local_ip = DISABLED
Mon Feb 20 16:50:56 2017 us=152472   persist_remote_ip = DISABLED
Mon Feb 20 16:50:56 2017 us=152496   persist_key = ENABLED
Mon Feb 20 16:50:56 2017 us=152560   passtos = DISABLED
Mon Feb 20 16:50:56 2017 us=152585   resolve_retry_seconds = 1000000000
Mon Feb 20 16:50:56 2017 us=157496   username = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157561   groupname = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157587   chroot_dir = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157612   cd_dir = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157636   writepid = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157661   up_script = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157685   down_script = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157709   down_pre = DISABLED
Mon Feb 20 16:50:56 2017 us=157733   up_restart = DISABLED
Mon Feb 20 16:50:56 2017 us=157757   up_delay = DISABLED
Mon Feb 20 16:50:56 2017 us=157781   daemon = DISABLED
Mon Feb 20 16:50:56 2017 us=157805   inetd = 0
Mon Feb 20 16:50:56 2017 us=157829   log = ENABLED
Mon Feb 20 16:50:56 2017 us=157853   suppress_timestamps = DISABLED
Mon Feb 20 16:50:56 2017 us=157878   nice = 0
Mon Feb 20 16:50:56 2017 us=157902   verbosity = 5
Mon Feb 20 16:50:56 2017 us=157926   mute = 0
Mon Feb 20 16:50:56 2017 us=157950   gremlin = 0
Mon Feb 20 16:50:56 2017 us=157975   status_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=157999   status_file_version = 1
Mon Feb 20 16:50:56 2017 us=158023   status_file_update_freq = 60
Mon Feb 20 16:50:56 2017 us=158047   occ = ENABLED
Mon Feb 20 16:50:56 2017 us=158071   rcvbuf = 0
Mon Feb 20 16:50:56 2017 us=158095   sndbuf = 0
Mon Feb 20 16:50:56 2017 us=158119   mark = 0
Mon Feb 20 16:50:56 2017 us=158143   sockflags = 0
Mon Feb 20 16:50:56 2017 us=158167   fast_io = DISABLED
Mon Feb 20 16:50:56 2017 us=158191   lzo = 7
Mon Feb 20 16:50:56 2017 us=158215   route_script = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158239   route_default_gateway = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158264   route_default_metric = 0
Mon Feb 20 16:50:56 2017 us=158288   route_noexec = DISABLED
Mon Feb 20 16:50:56 2017 us=158312   route_delay = 0
Mon Feb 20 16:50:56 2017 us=158337   route_delay_window = 30
Mon Feb 20 16:50:56 2017 us=158361   route_delay_defined = DISABLED
Mon Feb 20 16:50:56 2017 us=158386   route_nopull = DISABLED
Mon Feb 20 16:50:56 2017 us=158411   route_gateway_via_dhcp = DISABLED
Mon Feb 20 16:50:56 2017 us=158436   max_routes = 100
Mon Feb 20 16:50:56 2017 us=158460   allow_pull_fqdn = DISABLED
Mon Feb 20 16:50:56 2017 us=158484   management_addr = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158542   management_port = 0
Mon Feb 20 16:50:56 2017 us=158571   management_user_pass = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158596   management_log_history_cache = 250
Mon Feb 20 16:50:56 2017 us=158621   management_echo_buffer_size = 100
Mon Feb 20 16:50:56 2017 us=158646   management_write_peer_info_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158670   management_client_user = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158695   management_client_group = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158720   management_flags = 0
Mon Feb 20 16:50:56 2017 us=158744   shared_secret_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=158769   key_direction = 0
Mon Feb 20 16:50:56 2017 us=158793   ciphername_defined = ENABLED
Mon Feb 20 16:50:56 2017 us=158817   ciphername = 'BF-CBC'
Mon Feb 20 16:50:56 2017 us=158842   authname_defined = ENABLED
Mon Feb 20 16:50:56 2017 us=158866   authname = 'SHA1'
Mon Feb 20 16:50:56 2017 us=158890   prng_hash = 'SHA1'
Mon Feb 20 16:50:56 2017 us=158915   prng_nonce_secret_len = 16
Mon Feb 20 16:50:56 2017 us=158939   keysize = 0
Mon Feb 20 16:50:56 2017 us=158963   engine = DISABLED
Mon Feb 20 16:50:56 2017 us=158987   replay = ENABLED
Mon Feb 20 16:50:56 2017 us=159012   mute_replay_warnings = DISABLED
Mon Feb 20 16:50:56 2017 us=159036   replay_window = 64
Mon Feb 20 16:50:56 2017 us=159060   replay_time = 15
Mon Feb 20 16:50:56 2017 us=159084   packet_id_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159109   use_iv = ENABLED
Mon Feb 20 16:50:56 2017 us=159133   test_crypto = DISABLED
Mon Feb 20 16:50:56 2017 us=159158   tls_server = ENABLED
Mon Feb 20 16:50:56 2017 us=159182   tls_client = DISABLED
Mon Feb 20 16:50:56 2017 us=159206   key_method = 2
Mon Feb 20 16:50:56 2017 us=159231   ca_file = '/etc/openvpn/pki/ca.crt'
Mon Feb 20 16:50:56 2017 us=159279   ca_path = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159305   dh_file = '/etc/openvpn/pki/dh.pem'
Mon Feb 20 16:50:56 2017 us=159330   cert_file = '/etc/openvpn/pki/issued/mon.ndd.crt'
Mon Feb 20 16:50:56 2017 us=159355   extra_certs_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159379   priv_key_file = '/etc/openvpn/pki/private/mon.ndd.key'
Mon Feb 20 16:50:56 2017 us=159404   pkcs12_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159428   cipher_list = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159452   tls_verify = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159477   tls_export_cert = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159545   verify_x509_type = 0
Mon Feb 20 16:50:56 2017 us=159576   verify_x509_name = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159602   crl_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=159627   ns_cert_type = 0
Mon Feb 20 16:50:56 2017 us=159651   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159676   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159701   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159725   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159749   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159774   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159798   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159823   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159847   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159871   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159895   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159919   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159943   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159968   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=159992   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=160016   remote_cert_ku[i] = 0
Mon Feb 20 16:50:56 2017 us=160041   remote_cert_eku = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=160066   ssl_flags = 0
Mon Feb 20 16:50:56 2017 us=160090   tls_timeout = 2
Mon Feb 20 16:50:56 2017 us=160115   renegotiate_bytes = -1
Mon Feb 20 16:50:56 2017 us=160139   renegotiate_packets = 0
Mon Feb 20 16:50:56 2017 us=160163   renegotiate_seconds = 3600
Mon Feb 20 16:50:56 2017 us=160188   handshake_window = 60
Mon Feb 20 16:50:56 2017 us=160213   transition_window = 3600
Mon Feb 20 16:50:56 2017 us=160237   single_session = DISABLED
Mon Feb 20 16:50:56 2017 us=160261   push_peer_info = DISABLED
Mon Feb 20 16:50:56 2017 us=160286   tls_exit = DISABLED
Mon Feb 20 16:50:56 2017 us=160310   tls_auth_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=160339   server_network = 0.0.0.0
Mon Feb 20 16:50:56 2017 us=160366   server_netmask = 0.0.0.0
Mon Feb 20 16:50:56 2017 us=160398   server_network_ipv6 = ::
Mon Feb 20 16:50:56 2017 us=160423   server_netbits_ipv6 = 0
Mon Feb 20 16:50:56 2017 us=160474   server_bridge_ip = 192.168.111.254
Mon Feb 20 16:50:56 2017 us=161838   server_bridge_netmask = 255.255.255.0
Mon Feb 20 16:50:56 2017 us=161912   server_bridge_pool_start = 192.168.111.100
Mon Feb 20 16:50:56 2017 us=161942   server_bridge_pool_end = 192.168.111.200
Mon Feb 20 16:50:56 2017 us=161968   push_entry = 'route 192.168.111.0 255.255.255.0'
Mon Feb 20 16:50:56 2017 us=161993   push_entry = 'redirect-gateway def1 bypass-dhcp'
Mon Feb 20 16:50:56 2017 us=162018   push_entry = 'dhcp-option DNS 8.8.8.8'
Mon Feb 20 16:50:56 2017 us=162044   push_entry = 'block-outside-dns'
Mon Feb 20 16:50:56 2017 us=162069   push_entry = 'route-gateway 192.168.111.254'
Mon Feb 20 16:50:56 2017 us=162094   push_entry = 'ping 10'
Mon Feb 20 16:50:56 2017 us=162118   push_entry = 'ping-restart 120'
Mon Feb 20 16:50:56 2017 us=162142   ifconfig_pool_defined = ENABLED
Mon Feb 20 16:50:56 2017 us=162170   ifconfig_pool_start = 192.168.111.100
Mon Feb 20 16:50:56 2017 us=162199   ifconfig_pool_end = 192.168.111.200
Mon Feb 20 16:50:56 2017 us=162227   ifconfig_pool_netmask = 255.255.255.0
Mon Feb 20 16:50:56 2017 us=162252   ifconfig_pool_persist_filename = '/etc/openvpn/ipp.txt'
Mon Feb 20 16:50:56 2017 us=162277   ifconfig_pool_persist_refresh_freq = 600
Mon Feb 20 16:50:56 2017 us=162328   ifconfig_ipv6_pool_defined = DISABLED
Mon Feb 20 16:50:56 2017 us=162361   ifconfig_ipv6_pool_base = ::
Mon Feb 20 16:50:56 2017 us=162386   ifconfig_ipv6_pool_netbits = 0
Mon Feb 20 16:50:56 2017 us=162411   n_bcast_buf = 256
Mon Feb 20 16:50:56 2017 us=162435   tcp_queue_limit = 64
Mon Feb 20 16:50:56 2017 us=162460   real_hash_size = 256
Mon Feb 20 16:50:56 2017 us=162484   virtual_hash_size = 256
Mon Feb 20 16:50:56 2017 us=162541   client_connect_script = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=162570   learn_address_script = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=162595   client_disconnect_script = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=162620   client_config_dir = '/etc/openvpn/ccd'
Mon Feb 20 16:50:56 2017 us=162644   ccd_exclusive = DISABLED
Mon Feb 20 16:50:56 2017 us=162669   tmp_dir = '/tmp'
Mon Feb 20 16:50:56 2017 us=162694   push_ifconfig_defined = DISABLED
Mon Feb 20 16:50:56 2017 us=162721   push_ifconfig_local = 0.0.0.0
Mon Feb 20 16:50:56 2017 us=162749   push_ifconfig_remote_netmask = 0.0.0.0
Mon Feb 20 16:50:56 2017 us=162774   push_ifconfig_ipv6_defined = DISABLED
Mon Feb 20 16:50:56 2017 us=162805   push_ifconfig_ipv6_local = ::/0
Mon Feb 20 16:50:56 2017 us=162836   push_ifconfig_ipv6_remote = ::
Mon Feb 20 16:50:56 2017 us=162861   enable_c2c = ENABLED
Mon Feb 20 16:50:56 2017 us=162886   duplicate_cn = DISABLED
Mon Feb 20 16:50:56 2017 us=162910   cf_max = 0
Mon Feb 20 16:50:56 2017 us=162935   cf_per = 0
Mon Feb 20 16:50:56 2017 us=162960   max_clients = 1024
Mon Feb 20 16:50:56 2017 us=162985   max_routes_per_client = 256
Mon Feb 20 16:50:56 2017 us=163010   auth_user_pass_verify_script = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=163035   auth_user_pass_verify_script_via_file = DISABLED
Mon Feb 20 16:50:56 2017 us=163060   port_share_host = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=163085   port_share_port = 0
Mon Feb 20 16:50:56 2017 us=163109   client = DISABLED
Mon Feb 20 16:50:56 2017 us=163134   pull = DISABLED
Mon Feb 20 16:50:56 2017 us=163158   auth_user_pass_file = '[UNDEF]'
Mon Feb 20 16:50:56 2017 us=163186 OpenVPN 2.3.14 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 18 2016
Mon Feb 20 16:50:56 2017 us=163213 library versions: LibreSSL 2.4.4, LZO 2.09
Mon Feb 20 16:50:56 2017 us=163337 NOTE: when bridging your LAN adapter with the TAP adapter, note that the new bridge adapter will often take on its own IP address that is different from what the LAN adapter was previously set to
Mon Feb 20 16:50:56 2017 us=163895 Diffie-Hellman initialized with 4096 bit key
Mon Feb 20 16:50:56 2017 us=166614 TLS-Auth MTU parms [ L:1576 D:1210 EF:40 EB:0 ET:0 EL:3 ]
Mon Feb 20 16:50:56 2017 us=166709 Socket Buffers: R=[87380->87380] S=[16384->16384]
Mon Feb 20 16:50:56 2017 us=171931 TUN/TAP device tap0 opened
Mon Feb 20 16:50:56 2017 us=175612 TUN/TAP TX queue length set to 100
Mon Feb 20 16:50:56 2017 us=175737 Data Channel MTU parms [ L:1576 D:1450 EF:44 EB:143 ET:32 EL:3 AF:3/1 ]
Mon Feb 20 16:50:56 2017 us=175777 Listening for incoming TCP connection on [AF_INET]192.168.111.254:1194
Mon Feb 20 16:50:56 2017 us=175817 TCPv4_SERVER link local (bound): [AF_INET]192.168.111.254:1194
Mon Feb 20 16:50:56 2017 us=175842 TCPv4_SERVER link remote: [undef]
Mon Feb 20 16:50:56 2017 us=175873 MULTI: multi_init called, r=256 v=256
Mon Feb 20 16:50:56 2017 us=176097 IFCONFIG POOL: base=192.168.111.100 size=101, ipv6=0
Mon Feb 20 16:50:56 2017 us=176166 IFCONFIG POOL LIST
Mon Feb 20 16:50:56 2017 us=176236 MULTI: TCP INIT maxclients=1024 maxevents=1028
Mon Feb 20 16:50:56 2017 us=176307 Initialization Sequence Completed

- log client :

Mon Feb 20 17:55:52 2017 OpenVPN 2.4.0 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Dec 27 2016
Mon Feb 20 17:55:52 2017 Windows version 6.1 (Windows 7) 64bit
Mon Feb 20 17:55:52 2017 library versions: OpenSSL 1.0.2i  22 Sep 2016, LZO 2.09
Enter Management Password:
Mon Feb 20 17:55:53 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]monip:1194
Mon Feb 20 17:55:53 2017 Attempting to establish TCP connection with [AF_INET]monip:1194 [nonblock]
Mon Feb 20 17:57:53 2017 TCP: connect to [AF_INET]monip:1194 failed: Connection timed out (WSAETIMEDOUT)
Mon Feb 20 17:57:53 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Mon Feb 20 17:57:58 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]monip:1194
Mon Feb 20 17:57:58 2017 Attempting to establish TCP connection with [AF_INET]monip:1194 [nonblock]
Mon Feb 20 17:59:59 2017 TCP: connect to [AF_INET]monip:1194 failed: Connection timed out (WSAETIMEDOUT)
Mon Feb 20 17:59:59 2017 SIGUSR1[connection failed(soft),init_instance] received, process restarting
Mon Feb 20 18:00:04 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]monip:1194
Mon Feb 20 18:00:04 2017 Attempting to establish TCP connection with [AF_INET]monip:1194 [nonblock]

Il me semble au vu de tout ça que c'est un soucis au niveau de mes iptables vu qu'il me dit Network unreachable mais pourtant, quand je suis dans le conteneur et que je fais un ifconfig je me retrouve avec :

br0       Link encap:Ethernet  HWaddr 02:42:C0:A8:6F:FE
          inet addr:192.168.111.254  Bcast:192.168.111.255  Mask:255.255.255.0
          inet6 addr: fe80::42:c0ff:fea8:6ffe/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:3405 (3.3 KiB)  TX bytes:972 (972.0 B)

eth0      Link encap:Ethernet  HWaddr 02:42:C0:A8:6F:FE
          inet6 addr: fe80::42:c0ff:fea8:6ffe/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:27 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3859 (3.7 KiB)  TX bytes:1860 (1.8 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tap0      Link encap:Ethernet  HWaddr C2:6C:E6:37:C0:2B
          inet6 addr: fe80::c06c:e6ff:fe37:c02b/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:0 (0.0 B)  TX bytes:4705 (4.5 KiB)

Si vous avez des questions n'hésitez pas. J'espère que quelqu'un pourra m'aider 😁

farfeduc

Quelques précisions supplémentaires :
- Le script ovpn_run est le script de l'image d'origine. (c'est lui qui sort l'erreur iptables dans les logs)
- La commande iptables -L -n -v dans le conteneur me retourne :

Chain INPUT (policy ACCEPT 4 packets, 320 bytes)
 pkts bytes target     prot opt in     out     source               destination
    2   104 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1194
    0     0 ACCEPT     all  --  tap0   *       0.0.0.0/0            0.0.0.0/0
  974  311K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0            tcp  --  *      *       0.0.0.0/0            192.168.111.254      tcp dpt:1194
  974  311K ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT 8 packets, 528 bytes)
 pkts bytes target     prot opt in     out     source               destination

La commande iptables -t nat -L -n -v :

Chain PREROUTING (policy ACCEPT 979 packets, 312K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            monip        tcp dpt:1194 to:192.168.111.254


Chain INPUT (policy ACCEPT 1 packets, 52 bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER_OUTPUT  all  --  *      *       0.0.0.0/0            127.0.0.11

Chain POSTROUTING (policy ACCEPT 978 packets, 312K bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DOCKER_POSTROUTING  all  --  *      *       0.0.0.0/0            127.0.0.11
    0     0 MASQUERADE  all  --  *      eth0    192.168.111.0/24     0.0.0.0/0

Chain DOCKER_OUTPUT (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 DNAT       tcp  --  *      *       0.0.0.0/0            127.0.0.11           tcp dpt:53 to:127.0.0.11:40063
    0     0 DNAT       udp  --  *      *       0.0.0.0/0            127.0.0.11           udp dpt:53 to:127.0.0.11:46647

Chain DOCKER_POSTROUTING (1 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 SNAT       tcp  --  *      *       127.0.0.11           0.0.0.0/0            tcp spt:40063 to::53
    0     0 SNAT       udp  --  *      *       127.0.0.11           0.0.0.0/0            udp spt:46647 to::53

- docker network ls :

NETWORK ID          NAME                DRIVER              SCOPE
b374e49f589d        bridge              bridge              local
7b6fd769a141        host                host                local
25e814e76534        none                null                local
524d8646c78b        vpn_default         bridge              local
02b1a5e1914e        vpn_vpn             bridge              local

farfeduc

J'ai trouvé un workaround depuis. Je publie un tuto dès que j'ai le temps qui permet de faire ce qui me posait soucis ici.

EDIT : j'ai renommé en résolu même si ce n'est pas vraiment résolu mais c'est surtout pour noter que je n'ai plus besoin d'aide.