Docker container and host network VPN
NetworkingDockerVpnNetworking Problem Overview
I'm trying to run docker image on MacOS with VPN turned on (TUN device). Docker container can access internet, but is not able to access resources behind vpn. What is the right way to make Docker go to VPN network?
I've tried
docker run --net host
to make docker share host network, it didn't help.
Host can access VPN resources, docker container can't resolve their names..
Networking Solutions
Solution 1 - Networking
I had to restart docker after connecting host machine to VPN.
sudo systemctl restart docker docker start {name-of-container}
Solution 2 - Networking
Not sure if it's best solution.
I took DNS that appears on my host after connecting to VPN
scutil --dns | grep 'nameserver\[[0-9]*\]'
nameserver[0] : xxx.xxx.xxx.xxx
Modified docker run command:
docker run --cidfile="docker.pid" --dns=xxx.xxx.xxx.xxx --publish-all
Now docker container can access resources behind VPN... It works, but I have no idea if it's good or bad...
Solution 3 - Networking
I had this exact problem. I tried other solutions suggested here, but they didn't work for me. After a lot of trial and error this solution worked very nicely:
Add "bip": "192.168.1.5/24" to the daemon.json configuration file. This file can be found in the docker desktop settings under docker engine or at /etc/docker/daemon.json. BIP is the setting for bridge IP addresses and will change the IPs docker assigns in its subnet. By changing this setting I avoided conflicts between VPN and docker ip addresses.
Restart docker daemon.
Stop all containers.
Run ‘docker network prune’ to remove unused networks.
Restart all containers. This will recreate their networks with the new IP addresses.
You may still need to restart docker after connecting to the VPN in the future. See this thread for other solutions and ideas: https://github.com/docker/for-mac/issues/2820
Solution 4 - Networking
Had a similar problem. OP's solution worked, but so did simply restarting my docker vm:
docker-machine restart $host
Inspiration: https://www.reddit.com/r/docker/comments/39z4xd/when_my_docker_host_is_connected_to_vpn_i_can_no/
Solution 5 - Networking
What worked for me was to change docker subnet mask from /24 to /28, then restarted and I can now ping, telnet and other things on my vpn network. It says the default is /28 but docker desktop ships with /24 on it. Maybe it's a typo, I don't know.
Solution 6 - Networking
Had this issue on docker version 3.6.0 (67351) running on Mac
What worked for me is combining the solutions posted by @Sheridan Rea and @Marco
-
Changed Docker subnet to 192.168.65.0/28. It was set to 192.168.63.0/24 before. Clicked Apply & Restart / Restart Docker
-
Run
docker network prune
-
Run
docker compose up
Simply changing Docker subnet didn't worked for me
Now I can ping IP addresses behind VPN