Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision |
docker_notes:docker-deluge [2024-01-10 Wed wk02 19:24] – [Docker Deluge Image / Service] baumkp | docker_notes:docker-deluge [2024-01-10 Wed wk02 20:04] – [OpenVPN setup] baumkp |
---|
* where $lan is set to lan interface, e.g. enp1s0 | * where $lan is set to lan interface, e.g. enp1s0 |
* ''%%docker run -it --network macnet1 --ip=192.168.1.98 --cap-add=NET_ADMIN --name alpine deluge-openvpn-nftables /bin/sh%%'' | * ''%%docker run -it --network macnet1 --ip=192.168.1.98 --cap-add=NET_ADMIN --name alpine deluge-openvpn-nftables /bin/sh%%'' |
* When running nftables to stop leakage of vpn it was found that the docker networking cause failure. Docker use loop address 127.0.0.11 to resolve its dns queries and then refers to the nominated local dns. See ''/etc/resolv.conf''. The docker documentation states that the user should not directly modify the resolv.conf file as it may adversely affect docker performance. As the openvpn program rewrites resolv.conf anyway I decided to do the same in a oneshot to point dns directly . | * When running nftables to stop leakage of vpn it was found that the docker networking cause failure. Docker use loop address 127.0.0.11 to resolve its dns queries and then refers to the nominated local dns. See ''/etc/resolv.conf''. The docker documentation states that the user should not directly modify the resolv.conf file as it may adversely affect docker performance. As the openvpn program rewrites resolv.conf anyway I decided to do the same in a oneshot to point dns directly. I subsequently remembered the basics of UNIX the /etc/hosts file, this is the lowest level DNS on every machine. I simply added the relevant Private VPN end hosts files in here and this worked a beaut. |
* Need to manually create ++/dev/net/tun|<code bash> | * Need to manually create ++/dev/net/tun|<code bash> |
#!/bin/sh | #!/bin/sh |
chmod 660 /dev/net/tun | chmod 660 /dev/net/tun |
| |
echo "nameserver 192.168.1.1" > /etc/resolv.conf | echo "103.231.89.219 au-mel.pvdata.host" >> /etc/hosts #This adds a PrivatVPN host to the host DNS |
| echo "103.231.88.203 au-mel.pvdata.host" >> /etc/hosts #This adds a PrivatVPN host to the host DNS |
| echo "143.244.63.96 au-syd.pvdata.host" >> /etc/hosts #This adds a PrivatVPN host to the host DNS |
| echo "143.244.33.81 sg-sin.pvdata.host" >> /etc/hosts #This adds a PrivatVPN host to the host DNS |
| |
| /usr/sbin/openvpn /etc/openvpn/privatvpn.conf & #This runs the openvpn program in background using nominated configuration file |
</code>++ see [[https://serverfault.com/questions/1003011/openvpn-error-cannot-open-tun-tap-dev-dev-net-tun-no-such-file-or-directory|OpenVPN - ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)]] | </code>++ see [[https://serverfault.com/questions/1003011/openvpn-error-cannot-open-tun-tap-dev-dev-net-tun-no-such-file-or-directory|OpenVPN - ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)]] |
*Inside container command to run ''/usr/sbin/openvpn /etc/openvpn/privatvpn.conf'', add & to free up terminal | *Inside container command to run ''/usr/sbin/openvpn /etc/openvpn/privatvpn.conf'', add & to free up terminal |
| |
=====Docker network===== | =====Docker network===== |
As described in the vpn section [[https://wiki.kptree.net/doku.php?id=tech_notes:docker-deluge#openvpn_setup|openvpn setup]], I decided to go with the docker macvlan network setup. This needs to be separately created and can then be called up when the container is run. A static ip address can be assigned when run. | As described in the vpn section [[https://wiki.kptree.net/doku.php?id=docker_notes:docker-deluge#openvpn_setup|openvpn setup]], I decided to go with the docker macvlan network setup. This needs to be separately created and can then be called up when the container is run. A static ip address can be assigned when run. |
<code bash> | <code bash> |
docker network create -d macvlan \ | docker network create -d macvlan \ |