Routing (?) only working with --net=host?
For some reason, the vpn tunnel is only working, if I'm running the container with host networking.
When using bridged networking as shown in the setup guide, vpn clients can connect to the server, but they can't reach any local or external hosts, neither by name, nor by ip.
I suspect, I have to do some additional routing inside the container or on the docker host, but TBH I had to fiddle around with too much networking the last two days and may not be able to see the wood for the trees anymore.
What I'm forgetting here?
This is my current config:
ovpn_env.sh:
declare -x OVPN_AUTH=
declare -x OVPN_CIPHER=
declare -x OVPN_CLIENT_TO_CLIENT=
declare -x OVPN_CN=my.example.org
declare -x OVPN_COMP_LZO=0
declare -x OVPN_DEFROUTE=1
declare -x OVPN_DEVICE=tun
declare -x OVPN_DEVICEN=0
declare -x OVPN_DISABLE_PUSH_BLOCK_DNS=0
declare -x OVPN_DNS=1
declare -x OVPN_DNSMASQ=0
declare -x OVPN_DNS_SERVERS=([0]="192.168.4.248")
declare -x OVPN_ENV=/etc/openvpn/ovpn_env.sh
declare -x OVPN_EXTRA_CLIENT_CONFIG=()
declare -x OVPN_EXTRA_SERVER_CONFIG=()
declare -x OVPN_FRAGMENT=
declare -x OVPN_KEEPALIVE='10 60'
declare -x OVPN_MTU=
declare -x OVPN_NAT=1
declare -x OVPN_PORT=1194
declare -x OVPN_PROTO=udp
declare -x OVPN_PUSH=()
declare -x OVPN_ROUTES=([0]="192.168.254.0/24")
declare -x OVPN_SERVER=192.168.255.0/24
declare -x OVPN_SERVER_URL=udp://my.example.org
declare -x OVPN_TLS_CIPHER=
openvpn.conf:
server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/my.example.org.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/my.example.org.crt
dh /etc/openvpn/pki/dh.pem
tls-crypt /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun
proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log
user nobody
group nogroup
comp-lzo no
### Route Configurations Below
route 192.168.254.0 255.255.255.0
### Push Configurations Below
setenv opt "block-outside-dns"
push "dhcp-option DNS 192.168.4.248"
push "comp-lzo no"