Internet connection stops after turning on OpenVPN

[ghost]

Hi guys! I'm currently running some container that require remote connection with services such as databases or API that are only available through a VPN.

The current docker machine i'm running is the one based on the virtualbox drive and it works just fine when i connect to the VPN through the host OS (in this case OS X Sierra). I can also make the VPN work from the inside of the container running the OpenVPN as daemon and adjusting the IP routes. But when i switch to the docker machine created with xhyve the connection do not work on the container. I cannot even reach google.

I've tried both ways: a) connecting to VPN through the host OS and b) connecting to VPN from the inside of the container. Both are not working properly.

My guess is this is some issues with the network configuration devices on the docker machine itself?

Not sure how much info (dumps/outputs) would you guys need to debug it. So ping me with the ones needed to complement the report.

btw: this drive has a freaking good performance on my other projects! lot more lightweight and faster.

[Strech]

Try this one gist, you have to allow for bridge100 usage of vpn (utun0 or utun1 ...)

https://gist.github.com/mowings/633a16372fb30ee652336c8417091222

[imranity]

same here 😞

[ChrisBuchholz]

Any update on this? Can we possibly get this working without having to run a script after connecting to the VPN?

[tetherit]

Doesn't seem to help here :(

$  interfaces=( $(netstat -in | egrep 'utun\d .*\d+\.\d+\.\d+\.\d+' | cut -d ' ' -f 1) )
rulefile="rules.tmp"
echo "" > $rulefile
sudo pfctl -a com.apple/tun -F nat
for i in "${interfaces[@]}"
do
  RULE="nat on ${i} proto {tcp, udp, icmp} from 192.168.64.0/24 to any -> ${i}"
  echo $RULE >> $rulefile
done
sudo pfctl -a com.apple/tun -f $rulefile
No ALTQ support in kernel
ALTQ related functions disabled
nat cleared
pfctl: Use of -f option, could result in flushing of rules
present in the main ruleset added by the system at startup.
See /etc/pf.conf for further details.

No ALTQ support in kernel
ALTQ related functions disabled
$

I tried to also enable "Firewall" under System Preferences -> Security and re-run the script, still says No ALTQ support in kernel and still no Internet :( -

$  docker pull ubuntu:latest
Error response from daemon: Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

These are my interfaces:

$  ifconfig 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
	options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
	inet 127.0.0.1 netmask 0xff000000 
	inet6 ::1 prefixlen 128 
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
	nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	options=b<RXCSUM,TXCSUM,VLAN_HWTAGGING>
	ether 50:e5:49:ef:45:8f 
	inet6 fe80::14ea:f077:5638:4c28%en0 prefixlen 64 secured scopeid 0x4 
	inet 192.168.88.123 netmask 0xffffff00 broadcast 192.168.88.255
	inet 10.10.1.88 netmask 0xffffff00 broadcast 10.10.1.255
	inet 192.168.200.50 netmask 0xffffff00 broadcast 192.168.200.255
	inet 192.168.0.88 netmask 0xffffff00 broadcast 192.168.0.255
	inet 192.168.109.180 netmask 0xffffff00 broadcast 192.168.109.255
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 2030
	lladdr 00:49:e5:50:7c:f8:4a:00 
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect <full-duplex>
	status: inactive
tap1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether f2:c9:37:4a:1a:01 
	inet 10.11.0.3 netmask 0xffff0000 broadcast 10.11.255.255
	media: autoselect
	status: active
	open (pid 126)
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
	inet6 fe80::612e:5633:874a:fba0%utun0 prefixlen 64 scopeid 0x8 
	inet6 fd9c:cf81:26ab:b93a:612e:5633:874a:fba0 prefixlen 64 
	nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
	inet6 fe80::8e08:9cea:3582:a01c%utun1 prefixlen 64 scopeid 0x9 
	nd6 options=201<PERFORMNUD,DAD>
vmnet1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 00:50:56:c0:00:01 
	inet 192.168.13.1 netmask 0xffffff00 broadcast 192.168.13.255
vmnet8: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	ether 00:50:56:c0:00:08 
	inet 172.16.206.1 netmask 0xffffff00 broadcast 172.16.206.255
en5: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
	ether 2a:b3:7b:6a:87:dc 
	media: autoselect
	status: active
bridge100: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 52:e5:49:fe:db:64 
	inet 192.168.64.1 netmask 0xffffff00 broadcast 192.168.64.255
	Configuration:
		id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
		maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
		root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
		ipfilter disabled flags 0x2
	member: en5 flags=3<LEARNING,DISCOVER>
	        ifmaxaddr 0 port 13 priority 0 path cost 0
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: active

[retraut]

Same issue here