I have recently installed privacy vpn, and it turns out that enabled openvpn breaks docker.
When I try to run docker-compose up
i get following error
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
Disabling vpn fixes the problem (however I'd rather not disable it). Is there any way to make these two co-exist peacefully? I use debian jessie, and my openvpn has following version string
OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 26 2017
A lot of people "solved" this problem by disabling the openvpn, so I'm asking specifically on how to make these two work at the same time.
References:
If this makes any difference my vpn provider is: https://www.ovpn.com/ and here is (somewhat redacted) config file:
client
dev tun
proto udp
remote host port
remote-random
mute-replay-warnings
replay-window 256
push "dhcp-option DNS 46.227.67.134"
push "dhcp-option DNS 192.165.9.158"
remote-cert-tls server
cipher aes-256-cbc
pull
nobind
reneg-sec 432000
resolv-retry infinite
comp-lzo
verb 1
persist-key
persist-tun
auth-user-pass /etc/openvpn/credentials
ca ovpn-ca.crt
tls-auth ovpn-tls.key 1
Create /etc/openvpn/fix-routes.sh
script with following contents:
#!/bin/sh
echo "Adding default route to $route_vpn_gateway with /0 mask..."
ip route add default via $route_vpn_gateway
echo "Removing /1 routes..."
ip route del 0.0.0.0/1 via $route_vpn_gateway
ip route del 128.0.0.0/1 via $route_vpn_gateway
Add executable bit to the file: chmod o+x /etc/openvpn/fix-routes.sh
. Change owner of this file to root: chown root:root /etc/openvpn/fix-routes.sh
.
Add to your config following two lines:
script-security 2
route-up /etc/openvpn/fix-routes.sh
Openvpn adds routes that for following networks: 0.0.0.0/1
and 128.0.0.0/1
(these routes cover entire IP range), and docker can't find range of IP addresses to create it's own private network.
You need to add a default route (to route everything through openvpn) and disable these two specific routes. fix-routes
script does that.
This script is called after openvpn adds its own routes. To execute scripts you'll need to set script-security
to 2
which allows execution of bash scripts from openvpn context.
I'd like to thank author of this comment on github, also thanks to ovpn support.