OpenVPN with docker-openvpn and Internal DNS Server

May 27, 2023May 27, 2023| lucaOpenVPN with docker-openvpn and Internal DNS Server| 0 Comment| 15:02
OpenVPN logo
Tags: , , , ,

It seems this configuration is sometimes a bit tricky. At home, I wanted to configure a Raspberry Pi with a OpenVPN docker container, a DNS server (unbound) and other services. Services are behind a reverse proxy, so I need to contact each service by name. Apparently, a configuration like this is pretty common with OpenVPN: you just have to push the DNS server IP to the clients with

push "dhcp-option DNS 192.168.0.20"

where 192.168.0.20 is the desired DNS server. This is typically sufficient.

In some cases though, I couldn’t get this to work. In particular, I couldn’t make this work when the DNS server is on the host, which is also running the OpenVPN container. In this case, I had to do something a bit different.

Solution

The relevant point here is that I had to push the DNS server using the IP in the virtual network created by OpenVPN. So, in my conf file I had this:

server 192.168.255.0 255.255.255.0

192.168.255.0/24 is therefore the subnet used by OpenVPN. In this case, the server itself is 192.168.255.1, and I pushed the DNS server with:

push "dhcp-option DNS 192.168.255.1"

This also needs the container to use the host networking, which you can set when running the container.

Configuration

An example of configuration of the container is:

services:
   [...]
   openvpn:
      image: carlonluca/docker-openvpn:latest
      volumes:
         - [...]
      cap_add:
         - NET_ADMIN
      network_mode: "host"
      [...]

while an example of configuration is:

server 192.168.255.0 255.255.255.0
verb 0
key ...
ca ...
cert ...
dh none
tls-auth ...
key-direction 0
keepalive 10 60
persist-key
persist-tun
port 1194
proto udp
dev tun
status /tmp/openvpn-status.log
topology subnet

user nobody
group nogroup
comp-lzo no

push "block-outside-dns"
push "dhcp-option DNS 192.168.255.1"
push "route 192.168.0.0 255.255.255.0"
push "comp-lzo no"
client-to-client

Docker Image

As a docker image I typically use my image: https://hub.docker.com/r/carlonluca/docker-openvpn. This is simply a fork of https://hub.docker.com/r/kylemanna/openvpn, but with an updated OpenVPN software and with multiarch builds.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Post

Featured Video Play Icon

Hardware Acceleration on WebKit 1, WebKit 2 and QtWebEngine with Qt on Raspberry Pi 2

December 7, 2015December 7, 2015 lucaHardware Acceleration on WebKit 1, WebKit 2 and QtWebEngine with Qt on Raspberry Pi 2
There are a few solutions to get a browser with good performance on Raspberry Pi [...]
View MoreView More

Cross-building ICU for Applications on Embedded Devices

May 26, 2013May 26, 2013 lucaCross-building ICU for Applications on Embedded Devices
There are some pretty common libraries that come very handy in some situations when developing [...]
View MoreView More

Embedded cross-platform development for Android, iOS and Linux Embedded

May 2, 2012May 2, 2012 lucaEmbedded cross-platform development for Android, iOS and Linux Embedded
I recently came across a new problem: cross-platform development of libraries on iOS, Android and Linux [...]
View MoreView More