[prev in list] [next in list] [prev in thread] [next in thread]
List: lxc-users
Subject: Re: [lxc-users] OpenVPN server in a container... can connect but no webpages load
From: John <da_audiophile () yahoo ! com>
Date: 2016-12-29 10:16:01
Message-ID: 1222973535.3517120.1483006561048 () mail ! yahoo ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Sorry for the post, the problem was in my lxc configuration.
From: Idafe Houghton <idafe.houghton@gmail.com>
To: LXC users mailing-list <lxc-users@lists.linuxcontainers.org>
Sent: Wednesday, December 28, 2016 9:54 PM
Subject: Re: [lxc-users] OpenVPN server in a container... can connect but no \
webpages load
Any feedback is welcome.
Best regards.
2016-12-29 3:45 GMT+01:00 Idafe Houghton <idafe.houghton@gmail.com>:
Or else you should enable proxy_arp=1 to your bridge interface.
Have you checked that you can go outside internet from within your container? \
(without all the vpn thing?) 2016-12-29 3:39 GMT+01:00 Idafe Houghton \
<idafe.houghton@gmail.com>:
What I may say, may seem stupid, but just to make sure...
May you tell us your NATting tables?
Thanks.
2016-12-27 21:13 GMT+01:00 John <da_audiophile@yahoo.com>:
Goal: I currently have standalone box running openvpn that is correctly configured \
and works. My goal is to move that to a container.
Problem: I can connect to the openvpn server in the container but I cannot load \
webpages, they just timeout. I must not have something configured correctly.
I have a very basic setup without a firewall currently (I will add ufw once I verify \
function without it):
1) Host OS: Arch Linux x86_64. I have a netctl loading br0 (see below).
2) LXC: I created a basic lxc with just base and openvpn. I copied the contents of \
/etc/openvpn/* from the functional system to the lxc's /etc/openvpn. 3) I am \
forwarding port 443 (which is what I am running openvpn on, to the internal IP of the \
container).
My netctl bridge profile on the host OS, /etc/netctl/bridge:
=============================
Description='lxc bridge'
Interface=br0
Connection=bridge
BindsToInterfaces=('eth0')
IP=dhcp
Output of `ip a` on the host OS:
=============================
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 4096 qdisc noqueue state UNKNOWN group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,U P,LOWER_UP> mtu 1500 qdisc fq_codel master \
br0 state UP group default qlen 1000 link/ether 00:1e:06:33:59:e7 brd \
ff:ff:ff:ff:ff:ff inet6 fe80::21e:6ff:fe33:59e7/64 scope link
valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_ UP> mtu 1500 qdisc noqueue state UP group \
default link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.245/24 brd 192.168.1.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::21e:6ff:fe33:59e7/64 scope link
valid_lft forever preferred_lft forever
Output of `ip r` on the host OS:
=============================
default via 192.168.1.1 dev br0 src 192.168.1.245 metric 203
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.245 metric 203
Output of `sysctl net.ipv4.conf | grep forward` on the host OS:
=============================
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwardin g = 0
net.ipv4.conf.br0.forwarding = 1
net.ipv4.conf.br0.mc_forwardin g = 0
net.ipv4.conf.default.forwardi ng = 1
net.ipv4.conf.default.mc_forwa rding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.eth0.mc_forwardi ng = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
My container config, /var/lib/lxc/base/config:
=============================
lxc.rootfs = /var/lib/lxc/base/rootfs
lxc.rootfs.backend = dir
lxc.utsname = base
lxc.arch = x86_64
lxc.include = /usr/share/lxc/config/archlinu x.common.conf
## network
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.network.name = eth0
lxc.network.ipv4 = 192.168.1.246/24
lxc.network.ipv4.gateway = 192.168.1.1
## systemd within the lxc
lxc.autodev = 1
lxc.hook.autodev = /var/lib/lxc/base/autodev
lxc.pts = 1024
lxc.kmsg = 0
## for openvpn
lxc.cgroup.devices.allow = c 10:200 rwm
______________________________ _________________
lxc-users mailing list
lxc-users@lists.linuxcontainer s.org
http://lists.linuxcontainers.o rg/listinfo/lxc-users
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
[Attachment #5 (text/html)]
<html><head></head><body><div style="color:#000; background-color:#fff; \
font-family:HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, Helvetica, \
Arial, Lucida Grande, sans-serif;font-size:16px"><div \
id="yui_3_16_0_ym19_1_1482988379670_9019"><span>Sorry for the post, the problem was \
in my lxc configuration. </span></div><div class="qtdSeparateBR" \
id="yui_3_16_0_ym19_1_1482988379670_9020"><br><br></div><div class="yahoo_quoted" \
id="yui_3_16_0_ym19_1_1482988379670_9106" style="display: block;"> <blockquote \
style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; margin-top: 5px; \
padding-left: 5px;" id="yui_3_16_0_ym19_1_1482988379670_9107"> <div \
style="font-family: HelveticaNeue-Light, Helvetica Neue Light, Helvetica Neue, \
Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" \
id="yui_3_16_0_ym19_1_1482988379670_9113"> <div style="font-family: HelveticaNeue, \
Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;" \
id="yui_3_16_0_ym19_1_1482988379670_9112"> <div dir="ltr"> <font size="2" \
face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Idafe \
Houghton <idafe.houghton@gmail.com><br> <b><span style="font-weight: \
bold;">To:</span></b> LXC users mailing-list \
<lxc-users@lists.linuxcontainers.org> <br> <b><span style="font-weight: \
bold;">Sent:</span></b> Wednesday, December 28, 2016 9:54 PM<br> <b><span \
style="font-weight: bold;">Subject:</span></b> Re: [lxc-users] OpenVPN server in a \
container... can connect but no webpages load<br> </font> </div> <div \
class="y_msg_container" id="yui_3_16_0_ym19_1_1482988379670_9111"><br><div \
id="yiv5093723489"><div id="yui_3_16_0_ym19_1_1482988379670_9110"><div dir="ltr">Any \
feedback is welcome.<br clear="none"><br clear="none">Best regards.</div><div \
class="yiv5093723489gmail_extra" id="yui_3_16_0_ym19_1_1482988379670_9109"><br \
clear="none"><div class="yiv5093723489gmail_quote" \
id="yui_3_16_0_ym19_1_1482988379670_9108">2016-12-29 3:45 GMT+01:00 Idafe Houghton \
<span dir="ltr"><<a rel="nofollow" shape="rect" \
ymailto="mailto:idafe.houghton@gmail.com" target="_blank" \
href="mailto:idafe.houghton@gmail.com">idafe.houghton@gmail.com</a>></span>:<br \
clear="none"><div class="yiv5093723489yqt3446860225" \
id="yiv5093723489yqt22381"><blockquote class="yiv5093723489gmail_quote" \
style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;" \
id="yui_3_16_0_ym19_1_1482988379670_9115"><div dir="ltr" \
id="yui_3_16_0_ym19_1_1482988379670_9114">Or else you should enable proxy_arp=1 \
to your bridge interface.<br clear="none"><br clear="none">Have you checked that you \
can go outside internet from within your container? (without all the vpn \
thing?)</div><div class="yiv5093723489HOEnZb" \
id="yui_3_16_0_ym19_1_1482988379670_9119"><div class="yiv5093723489h5" \
id="yui_3_16_0_ym19_1_1482988379670_9118"><div class="yiv5093723489gmail_extra" \
id="yui_3_16_0_ym19_1_1482988379670_9117"><br clear="none"><div \
class="yiv5093723489gmail_quote" id="yui_3_16_0_ym19_1_1482988379670_9116">2016-12-29 \
3:39 GMT+01:00 Idafe Houghton <span dir="ltr"><<a rel="nofollow" shape="rect" \
ymailto="mailto:idafe.houghton@gmail.com" target="_blank" \
href="mailto:idafe.houghton@gmail.com">idafe.houghton@gmail.com</a>></span>:<br \
clear="none"><blockquote class="yiv5093723489gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex;" \
id="yui_3_16_0_ym19_1_1482988379670_9121"><div dir="ltr" \
id="yui_3_16_0_ym19_1_1482988379670_9120">What I may say, may seem stupid, but just \
to make sure...<br clear="none"><br clear="none">May you tell us your NATting \
tables?<br clear="none"><br clear="none">Thanks.</div><div \
class="yiv5093723489m_-5952083928553971972HOEnZb" \
id="yui_3_16_0_ym19_1_1482988379670_9124"><div \
class="yiv5093723489m_-5952083928553971972h5" \
id="yui_3_16_0_ym19_1_1482988379670_9123"><div class="yiv5093723489gmail_extra" \
id="yui_3_16_0_ym19_1_1482988379670_9122"><br clear="none"><div \
class="yiv5093723489gmail_quote" id="yui_3_16_0_ym19_1_1482988379670_9126">2016-12-27 \
21:13 GMT+01:00 John <span dir="ltr"><<a rel="nofollow" shape="rect" \
ymailto="mailto:da_audiophile@yahoo.com" target="_blank" \
href="mailto:da_audiophile@yahoo.com">da_audiophile@yahoo.com</a>></span>:<br \
clear="none"><blockquote class="yiv5093723489gmail_quote" style="margin:0 0 0 \
.8ex;border-left:1px #ccc solid;padding-left:1ex;" \
id="yui_3_16_0_ym19_1_1482988379670_9125">Goal: I currently have standalone box \
running openvpn that is correctly configured and works. My goal is to move that \
to a container.<br clear="none"> <br clear="none">
<br clear="none">
Problem: I can connect to the openvpn server in the container but I cannot load \
webpages, they just timeout. I must not have something configured correctly.<br \
clear="none"> <br clear="none">
I have a very basic setup without a firewall currently (I will add ufw once I verify \
function without it):<br clear="none"> <br clear="none">
<br clear="none">
1) Host OS: Arch Linux x86_64. I have a netctl loading br0 (see below).<br \
clear="none"> 2) LXC: I created a basic lxc with just base and openvpn. I \
copied the contents of /etc/openvpn/* from the functional system to the lxc's \
/etc/openvpn.<br clear="none"> 3) I am forwarding port 443 (which is what I am \
running openvpn on, to the internal IP of the container).<br clear="none"> <br \
clear="none"> My netctl bridge profile on the host OS, /etc/netctl/bridge:<br \
clear="none"> <br clear="none">
=============================<br clear="none">
Description='lxc bridge'<br clear="none">
Interface=br0<br clear="none">
Connection=bridge<br clear="none">
BindsToInterfaces=('eth0')<br clear="none">
IP=dhcp<br clear="none">
<br clear="none">
<br clear="none">
Output of `ip a` on the host OS:<br clear="none">
=============================<br clear="none">
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 4096 qdisc noqueue state UNKNOWN group \
default<br clear="none"> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00<br \
clear="none"> inet <a rel="nofollow" shape="rect" target="_blank" onclick="return \
window.theMainWindow.showLinkWarning(this)" href="http://127.0.0.1/8">127.0.0.1/8</a> \
scope host lo<br clear="none"> valid_lft forever preferred_lft forever<br \
clear="none"> inet6 ::1/128 scope host<br clear="none">
valid_lft forever preferred_lft forever<br clear="none">
<br clear="none">
<br clear="none">
2: eth0: <BROADCAST,MULTICAST,PROMISC,U P,LOWER_UP> mtu 1500 qdisc fq_codel \
master br0 state UP group default qlen 1000<br clear="none"> link/ether \
00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff<br clear="none"> inet6 \
fe80::21e:6ff:fe33:59e7/64 scope link<br clear="none"> valid_lft forever \
preferred_lft forever<br clear="none"> <br clear="none">
<br clear="none">
3: br0: <BROADCAST,MULTICAST,UP,LOWER_ UP> mtu 1500 qdisc noqueue state UP \
group default<br clear="none"> link/ether 00:1e:06:33:59:e7 brd ff:ff:ff:ff:ff:ff<br \
clear="none"> inet <a rel="nofollow" shape="rect" target="_blank" onclick="return \
window.theMainWindow.showLinkWarning(this)" \
href="http://192.168.1.245/24">192.168.1.245/24</a> brd 192.168.1.255 scope global \
br0<br clear="none"> valid_lft forever preferred_lft forever<br clear="none">
inet6 fe80::21e:6ff:fe33:59e7/64 scope link<br clear="none">
valid_lft forever preferred_lft forever<br clear="none">
<br clear="none">
<br clear="none">
Output of `ip r` on the host OS:<br clear="none">
=============================<br clear="none">
default via 192.168.1.1 dev br0 src 192.168.1.245 metric 203<br clear="none">
<a rel="nofollow" shape="rect" target="_blank" onclick="return \
window.theMainWindow.showLinkWarning(this)" \
href="http://192.168.1.0/24">192.168.1.0/24</a> dev br0 proto kernel scope link src \
192.168.1.245 metric 203<br clear="none"> <br clear="none">
<br clear="none">
Output of `sysctl net.ipv4.conf | grep forward` on the host OS:<br clear="none">
=============================<br clear="none">
net.ipv4.conf.all.forwarding = 1<br clear="none">
net.ipv4.conf.all.mc_forwardin g = 0<br clear="none">
net.ipv4.conf.br0.forwarding = 1<br clear="none">
net.ipv4.conf.br0.mc_forwardin g = 0<br clear="none">
net.ipv4.conf.default.forwardi ng = 1<br clear="none">
net.ipv4.conf.default.mc_forwa rding = 0<br clear="none">
net.ipv4.conf.eth0.forwarding = 1<br clear="none">
net.ipv4.conf.eth0.mc_forwardi ng = 0<br clear="none">
net.ipv4.conf.lo.forwarding = 1<br clear="none">
net.ipv4.conf.lo.mc_forwarding = 0<br clear="none">
<br clear="none">
<br clear="none">
<br clear="none">
My container config, /var/lib/lxc/base/config:<br clear="none">
<br clear="none">
=============================<br clear="none">
lxc.rootfs = /var/lib/lxc/base/rootfs<br clear="none">
lxc.rootfs.backend = dir<br clear="none">
lxc.utsname = base<br clear="none">
lxc.arch = x86_64<br clear="none">
lxc.include = /usr/share/lxc/config/archlinu x.common.conf<br clear="none">
<br clear="none">
## network<br clear="none">
lxc.network.type = veth<br clear="none">
lxc.network.flags = up<br clear="none">
lxc.network.link = br0<br clear="none">
<a rel="nofollow" shape="rect" target="_blank" \
href="http://lxc.network.name/">lxc.network.name</a> = eth0<br clear="none"> \
lxc.network.ipv4 = <a rel="nofollow" shape="rect" target="_blank" onclick="return \
window.theMainWindow.showLinkWarning(this)" \
href="http://192.168.1.246/24">192.168.1.246/24</a><br clear="none"> \
lxc.network.ipv4.gateway = 192.168.1.1<br clear="none"> <br clear="none">
## systemd within the lxc<br clear="none">
lxc.autodev = 1<br clear="none">
lxc.hook.autodev = /var/lib/lxc/base/autodev<br clear="none">
lxc.pts = 1024<br clear="none">
lxc.kmsg = 0<br clear="none">
<br clear="none">
## for openvpn<br clear="none">
lxc.cgroup.devices.allow = c 10:200 rwm<br clear="none">
______________________________ _________________<br clear="none">
lxc-users mailing list<br clear="none">
lxc-users@lists.<a rel="nofollow" shape="rect" target="_blank" \
href="http://linuxcontainers.org/">linuxcontainer s.org</a><br clear="none"> <a \
rel="nofollow" shape="rect" target="_blank" \
href="http://lists.linuxcontainers/">http://lists.linuxcontainers</a>.o \
rg/listinfo/lxc-users</blockquote></div><br clear="none"></div> \
</div></div></blockquote></div><br clear="none"></div> \
</div></div></blockquote></div></div><br clear="none"></div></div></div><br><div \
class="yqt3446860225" \
id="yqt37996">_______________________________________________<br \
clear="none">lxc-users mailing list<br clear="none"><a shape="rect" \
ymailto="mailto:lxc-users@lists.linuxcontainers.org" \
href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br \
clear="none"><a shape="rect" \
href="http://lists.linuxcontainers.org/listinfo/lxc-users" \
target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></div><br><br></div> \
</div> </div> </blockquote> </div></div></body></html>
[Attachment #6 (text/plain)]
_______________________________________________
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic