openvpn-client icon indicating copy to clipboard operation
openvpn-client copied to clipboard
verified publisher icon dperson

Port forwarding

Open Nigelsp opened this issue 11 months ago • 13 comments

I have a docker application that is using the network connection provided by the open-vpn client. My application needs to receive udp packets on port 42000. The connection is working fine , other than udp packets on 42000 are not reaching the application.

I cannot seem to open port 42000 using the -p 42000;udp option.

I start the openvpn client with: docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name open-vpn --dns 8.8.4.4 -p 42000:42000/udp -v /root/Documents/openvpn:/vpn -d dperson/openvpn-client -r 192.0.2.0/24 -p 42000;udp

the openvpn client responds with bash: udp: command not found...

How should I be opening this port?

Nigelsp avatar Jan 15 '25 11:01 Nigelsp

This working for me:

services:
  openvpn_client:
    image: dperson/openvpn-client
    cap_add:
      - NET_ADMIN
    volumes:
      - ./client.ovpn:/vpn/client.conf
    command: "-c /vpn/client.conf"
    devices:
      - /dev/net/tun:/dev/net/tun
  web:
    image: my_image
    network_mode: "service:openvpn_client"

In the openvpn server (APT Distro), assuming web docker compose service is listening 8080 port and 2.2.2.2 is the public server ip address, and the openvpn subnet is 10.8.0.0 (cat /etc/openvpn/server.conf):

apt install iptables-persistent -y
iptables -t nat -A PREROUTING -p tcp -d 2.2.2.2 --dport 8080 -j DNAT --to-destination 10.8.0.2:8080
iptables -A FORWARD -p tcp -d 10.8.0.2 --dport 8080 -j ACCEPT
netfilter-persistent save

Open http://2.2.2.2:8080

Should work.

SiestaCat avatar Jan 15 '25 15:01 SiestaCat

Thanks for the reply. Im still having no joy :-( Im using the official openvpn server docker image. Openserver has a web ui that handles port forwarding but Im guessing this assumes its not in a container

Ive added iptables -t nat -A PREROUTING -d 209.250.230.194 -p udp --dport 42000 -j DNAT --to-dest 192.0.2.2:42000 iptables -t filter -A INPUT -p tcp -d 209.250.230.194 --dport 42000 -j ACCEPT iptables -A FORWARD -p udp -d 192.0.2.2 --dport 42000 -j ACCEPT

209.250.230.194 is the public ip, and 192.0.2.2 is the fixed address of the container using the vpn (ie the tun0 ip)

still no packets getting through

Nigelsp avatar Jan 17 '25 19:01 Nigelsp

Oh. My example was for a openvpn server directly installed on a vps https://github.com/angristan/openvpn-install

Tomorrow I will try with server docker version and I will come back with an update.

SiestaCat avatar Jan 17 '25 22:01 SiestaCat

Please provide your "openvpn server docker image" config

SiestaCat avatar Jan 18 '25 10:01 SiestaCat

Here is the docker compose file that creates the container

version: '3.8'

services: openvpn-as: image: openvpn/openvpn-as container_name: openvpn-as2 ports: - "1194:1194/udp" - "42000:42000/udp" - "443:443/tcp" - "943:943/tcp" volumes: - /opt/openvpn:/openvpn cap_add: - MKNOD - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun command: /usr/local/openvpn_as/scripts/openvpnas --nodaemon --pidfile=/ovpn/tmp/openvpn.pid networks: - openvpn_net

networks: openvpn_net: driver: bridge

Nigelsp avatar Jan 18 '25 11:01 Nigelsp

I will check it in the next days.

Cheers 🍻

SiestaCat avatar Jan 24 '25 00:01 SiestaCat

I managed to get it working using the method described here: https://openvpn.net/as-docs/tutorials/tutorial--create-dmz.html#tutorial--create-a-dmz-in-access-server

The "trick" was to realise that the public ip is actually the docker ip, not the actual public ip

Nigelsp avatar Jan 24 '25 10:01 Nigelsp

Hello. Sorry to jump in here but I'm way out of my depth and I'm very confused. I have an application that is not connectable using ports forwarded by my VPN. The connection is fine but the application is timing out and not accepting incoming traffic. Would your above solution help me with this?

flapjack89 avatar Jan 24 '25 15:01 flapjack89

I will if I can, but also somewhat confused! Can you describe your setup? Mine is:

Application--->>DPersonOpenVPN Client---->>OpenVPNServer----->> Internet With about 10 UDP & TCP ports open. My added complication is all the elements are running in separate Docker containers Without Docker, things are a bit easier!

Nigelsp avatar Jan 24 '25 17:01 Nigelsp

For my setup I have one container running this openvpn-client. I have another container running qBittorrent. qBittorrent runs through the vpn fine but I can't connect to the qBitorrent client from outside using port forwarding with my vpn. I'm so lost. I just don't have the knowledge!

Yeah I'm understanding now that the networking of the containers is more complicated. I think your solution is the one I need I just don't know how to actually do it

flapjack89 avatar Jan 25 '25 20:01 flapjack89

What vpnserver does your vpnclient connect to? Is that a server you have control over, or is it a commercial service? To allow incoming connections you need ports opening and forwarding on the vpn server, not the client

Nigelsp avatar Jan 25 '25 21:01 Nigelsp

I use AirVPN

flapjack89 avatar Jan 25 '25 23:01 flapjack89

Ok, well you need to open the ports at Airvpn. Their website explains how to do it.

https://airvpn.org/faq/port_forwarding/

As your application (in a container) is using the network stack of the dperson openvpn client (also in a container?), the ports will be forwarded all the way through No other changes should be necessary

Nigelsp avatar Jan 26 '25 10:01 Nigelsp