-
Notifications
You must be signed in to change notification settings - Fork 120
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect to hosts through VPN #1803
Comments
Thanks for your report. There seems to be a genuine clash between your environment's legitimate use of 192.168.65.x and the internal VM<->host use of 192.168.65.x. I believe it only manifests in 17.06 because we've reserved more IP addresses to use for additional clients. For the record here are the 2 shell fragments we discussed for changing the internal IP addresses on community slack:
and
(I believe both are needed) |
Thanks for the feedback. That fixed my issue and allowed me to connect over the VPN. Just curious, is this fix documented anywhere and what are the consequences of using this approach? |
@alexschultz thanks for the confirmation! This workaround isn't documented anywhere yet, but I'll try to write it up and make a PR here: https://github.com/docker/docker.github.io/blob/master/docker-for-mac/networking.md which will be published https://docs.docker.com/docker-for-mac/networking/ The only consequence is that it breaks a new feature of the networking component that you probably aren't using. If you are developing with https://github.com/linuxkit/linuxkit then you can type There are 2 code changes I'd like to make
|
When `bridge-connections` is enabled the server will reserve more IP addresses for clients such as LinuxKit which connect to the vpnkit network. Previously it was not possible to adjust fully the range of addresses handed out, so if you had a clash you were out of luck. This patch plumbs through a new `slirp/highest-ip` setting so that clashes can be worked around. Related to [docker/for-mac#1803] Signed-off-by: David Scott <dave.scott@docker.com>
The issue [docker/for-mac#1803] describes a situation where the internal IP addresses used by Docker for Mac clashed with IP addresses in use on the local environment. This problem became worse in 17.06 because we expanded the number of IP addresses we reserved, making clashes more likely. This patch describes how to work around a clash by changing the internal IP addresses used by Docker for Mac. Signed-off-by: David Scott <dave.scott@docker.com>
FYI we've gone a step further and added a UI element to allow the network to be customised. It should be in the 17.07 edge release, due very soon. |
That's awesome thank you!
…On Fri, Jul 14, 2017, 6:26 AM David Scott ***@***.***> wrote:
FYI we've gone a step further and added a UI element to allow the network
to be customised. It should be in the 17.07 edge release, due very soon.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#1803 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABc4Y8eKJSCpT-6ZBy2fF7qPEf-Snpzhks5sN16IgaJpZM4OLBYe>
.
|
how to make the same configuration explained above in the UI? |
Alexschultz, legitimate concerns, and djs55 excellent response in addressing alexschulttz's concerns. |
Closed issues are locked after 30 days of inactivity. If you have found a problem that seems similar to this, please open a new issue. Send feedback to Docker Community Slack channels #docker-for-mac or #docker-for-windows. |
Expected behavior
Should be able to access hosts accross vpn
Actual behavior
DNS resolves IP address, but is not able to connect
Information
just upgraded to docker for mac ce Version 17.06.0-ce-mac18 (18433). I have a compose file with many containers that connect over a VPN. The problem I am having is that I can resolve hostnames over the VPN to an IP address, but when I actually make a request to the host I am trying to hit, it gives me a response from a totally different (invalid) IP address. I know DNS is resolving the host because when I ping the host, it shows the correct IP address but the response is supposedly coming from something else
PING example.host.com (192.168.65.174) 56(84) bytes of data.
From something-else.host.com (192.168.65.2) icmp_seq=1 Destination Host Unreachable
From something-else.host.com (192.168.65.2) icmp_seq=2 Destination Host Unreachable
From something-else.host.com (192.168.65.2) icmp_seq=3 Destination Host Unreachable’
[OK] db.git
[OK] vmnetd
[OK] dns
[OK] driver.amd64-linux
[OK] virtualization VT-X
[OK] app
[OK] moby
[OK] system
[OK] moby-syslog
[OK] db
[OK] env
[OK] virtualization kern.hv_support
[OK] slirp
[OK] osxfs
[OK] moby-console
[OK] logs
[OK] docker-cli
[OK] menubar
[OK] disk
9848A4C6-554E-4390-91CC-2E179F94C995
Steps to reproduce the behavior
The text was updated successfully, but these errors were encountered: