我成功运行了 docker openvpn 容器:
~# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
5eeb8d1226e9 kylemanna/openvpn "ovpn_run" 47 hours ago Up 18 minutes 0.0.0.0:1194->1194/udp openvpn
但是当我尝试使用 openvpn 客户端从外部连接时,什么也没有发生。在日志中:
% sudo openvpn client-1.ovpn
Thu Dec 6 13:34:34 2018 OpenVPN 2.4.3 x86_64-suse-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 20 2017
Thu Dec 6 13:34:34 2018 library versions: OpenSSL 1.1.0i-fips 14 Aug 2018, LZO 2.10
Thu Dec 6 13:34:34 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]внешний_ip_сервера_с_OpenVPN:1194
Thu Dec 6 13:34:34 2018 UDP link local: (not bound)
Thu Dec 6 13:34:34 2018 UDP link remote: [AF_INET]remote_server_ip:1194
同样在服务器端:
# netstat -nulp|grep 1194
udp6 0 0 :::1194 :::* 8112/docker-proxy
和
# iptables -L -n | grep 1194
ACCEPT udp -- 0.0.0.0/0 172.19.0.2 udp dpt:1194
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq portid ac1f6b4db9fa state UP group default qlen 1000
link/ether ac:1f:6b:4d:b9:fa brd ff:ff:ff:ff:ff:ff
inet ip_address/32 brd ip_address scope global eth0
valid_lft forever preferred_lft forever
inet6 2001:8d8:1801:61::1/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::ae1f:6bff:fe4d:b9fa/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop portid ac1f6b4db9fb state DOWN group default qlen 1000
link/ether ac:1f:6b:4d:b9:fb brd ff:ff:ff:ff:ff:ff
4: br-4dc510063f2a: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:d7:aa:86:60 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 scope global br-4dc510063f2a
valid_lft forever preferred_lft forever
inet6 fe80::42:d7ff:feaa:8660/64 scope link
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:c4:84:9c:ef brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:c4ff:fe84:9cef/64 scope link
valid_lft forever preferred_lft forever
1576: br-3c2ef746c1b5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:a8:d3:b8:22 brd ff:ff:ff:ff:ff:ff
inet 172.20.0.1/16 scope global br-3c2ef746c1b5
valid_lft forever preferred_lft forever
inet6 fe80::42:a8ff:fed3:b822/64 scope link
valid_lft forever preferred_lft forever
1578: veth3fc5c9b@if1577: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-3c2ef746c1b5 state UP group default
link/ether c2:27:b0:d6:f5:f1 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::c027:b0ff:fed6:f5f1/64 scope link
valid_lft forever preferred_lft forever
1580: veth8f1ee8f@if1579: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-3c2ef746c1b5 state UP group default
link/ether 8a:40:d6:b7:3a:16 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::8840:d6ff:feb7:3a16/64 scope link
valid_lft forever preferred_lft forever
1604: veth87309bd@if1603: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-3c2ef746c1b5 state UP group default
link/ether ee:e4:90:25:31:c1 brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::ece4:90ff:fe25:31c1/64 scope link
valid_lft forever preferred_lft forever
1606: vethefa313b@if1605: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-01bd8ae1015f state UP group default
link/ether ba:43:f5:dc:43:cf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::b843:f5ff:fedc:43cf/64 scope link
valid_lft forever preferred_lft forever
102: br-01bd8ae1015f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:a0:60:c4:af brd ff:ff:ff:ff:ff:ff
inet 172.19.0.1/16 scope global br-01bd8ae1015f
valid_lft forever preferred_lft forever
inet6 fe80::42:a0ff:fe60:c4af/64 scope link
valid_lft forever preferred_lft forever