Ale*_*rov 6 windows vpn docker
我正在尝试在连接到 VPN 的同时在 Windows 上使用 Docker。
当 VPN 未连接时,一切正常。
但是当我使用 Cisco AnyConnect 客户端连接到我们的公司 VPN 时,docker 容器内的网络不再工作:
docker run alpine ping www.google.com
ping: bad address 'www.google.com'
docker run alpine ping -c 5 216.58.204.36
PING 216.58.204.36 (216.58.204.36): 56 data bytes
--- 216.58.204.36 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
如何解决此问题并使其正常工作?
我的设置是:
实际上我是使用 Docker Desktop 和 Hyper-V 虚拟机完成的。使用 OpenConnect,但我认为只需稍作修改即可适用于大多数 VPN 客户端。
此处提供了完整说明的说明Docker Desktop、Hyper-V 和 VPN,以及 Docker 容器、Windows VM 和 Linux VM 的设置
我创建了一个新的内部虚拟交换机(我们称之为“内部”)并为其分配了一个静态 IP 地址(假设为 192.168.4.2)
I created a new VM with Ubuntu server and OpenConnect, connected to both the default Virtual Switch and the "Internal"
On the OpenConnect VM
Assigned to "Internal" a fixed ip (192.168.4.3)
Added a new tun interface "persistent" telling openconnect to use that tun (adding the "-i tun0" parameter as openconnect start parameter)
sudo ip tuntap add name tun0 mode tun
Installed the persist-iptables
Forced the ip forwarding
sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p
Setup the routing
sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT sudo iptables -A FORWARD -o tun0 -j ACCEPT sudo iptables -A FORWARD -i tun0 -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -i tun0 -j ACCEPT
After connecting the vpn i added permanently the dns servers to the resolve.conf
And retrieve the class of addresses of the VPN (like 10...* )
On the Docker containers
Added on Dockerfile the basic route
RUN route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.4.3
Then running the docker file i added the dns giving net admin and sys module permissions
--dns 8.8.8.8 --dns 10.1.77.21 --dns 10.4.52.21 --dns-search test.dns.it
--cap-add=NET_ADMIN --cap-add=SYS_MODULE
| 归档时间: |
|
| 查看次数: |
1804 次 |
| 最近记录: |