OpenVPN with docker-openvpn and Internal DNS Server

May 27, 2023May 27, 2023| lucaOpenVPN with docker-openvpn and Internal DNS Server| 0 Comment| 15:02
OpenVPN logo
Tags: , , , ,

It seems this configuration is sometimes a bit tricky. At home, I wanted to configure a Raspberry Pi with a OpenVPN docker container, a DNS server (unbound) and other services. Services are behind a reverse proxy, so I need to contact each service by name. Apparently, a configuration like this is pretty common with OpenVPN: you just have to push the DNS server IP to the clients with

push "dhcp-option DNS 192.168.0.20"

where 192.168.0.20 is the desired DNS server. This is typically sufficient.

In some cases though, I couldn’t get this to work. In particular, I couldn’t make this work when the DNS server is on the host, which is also running the OpenVPN container. In this case, I had to do something a bit different.

Solution

The relevant point here is that I had to push the DNS server using the IP in the virtual network created by OpenVPN. So, in my conf file I had this:

server 192.168.255.0 255.255.255.0

192.168.255.0/24 is therefore the subnet used by OpenVPN. In this case, the server itself is 192.168.255.1, and I pushed the DNS server with:

push "dhcp-option DNS 192.168.255.1"

This also needs the container to use the host networking, which you can set when running the container.

Configuration

An example of configuration of the container is:

services:
   [...]
   openvpn:
      image: carlonluca/docker-openvpn:latest
      volumes:
         - [...]
      cap_add:
         - NET_ADMIN
      network_mode: "host"
      [...]

while an example of configuration is:

server 192.168.255.0 255.255.255.0
verb 0
key ...
ca ...
cert ...
dh none
tls-auth ...
key-direction 0
keepalive 10 60
persist-key
persist-tun
port 1194
proto udp
dev tun
status /tmp/openvpn-status.log
topology subnet

user nobody
group nogroup
comp-lzo no

push "block-outside-dns"
push "dhcp-option DNS 192.168.255.1"
push "route 192.168.0.0 255.255.255.0"
push "comp-lzo no"
client-to-client

Docker Image

As a docker image I typically use my image: https://hub.docker.com/r/carlonluca/docker-openvpn. This is simply a fork of https://hub.docker.com/r/kylemanna/openvpn, but with an updated OpenVPN software and with multiarch builds.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Programming using the Android NDK with Qt Creator

August 17, 2012August 17, 2012 lucaProgramming using the Android NDK with Qt Creator
I recently had to implement libraries for the Android OS using the Android NDK, or [...]
View MoreView More

Compiling SQLCipher for Windows

August 11, 2012August 11, 2012 lucaCompiling SQLCipher for Windows
SQLCipher is a great extension to the SQLite library. It can be used to encrypt [...]
View MoreView More
Featured Video Play Icon

Qt on Linux i.MX 6

October 11, 2014October 11, 2014 lucaQt on Linux i.MX 6
i.MX 6 is a good device. Qt runs pretty well on it. Also a plugin [...]
View MoreView More