Docker Desktop, Hyper-V VMs and VPN Sharing.

Docker Desktop, Hyper-V and VPN

Here i will share an openconnect vpn for my docker desktop installation and for my VMs under hyper-v For my installation the VPN network is a 10.0.0.0/255.0.0.0 address

On the host

Docker

Install Docker Destkop on the host from https://www.docker.com/products/docker-desktop. Probably you will be asked to install the WSL2 new kernel. Just do it!
Restart as needed :P

Add the network connection

Search on the menu for "View network connections" and check what are the existing interfaces
Add a new network interface on Hyper-V Manager (Virtual Switch Manager->New Virtual Network Switch) and select "Internal" as "Connection Type". Leave everything as default, name it e.g. "Internal network"
Always on the manager open the guest vm "Settings" and "Add a new Hardware" selecting "Network Adapter"
Select the "Internal network" virtual switch and leave it as is

Setup the network configuration

Search on the menu for "View network connections" and right click on the one just added to open the properties
Open the "Internet protocol Version 4 (TCP/IPv4)" and set the following (this is a likely unused address). This will be the static address of your host machine inside the "Internal network"
- Check "Use the following IP Address"
- IP Address: 192.168.4.1
- Netmask: 255.255.255.0

Create the "VPN Proxy" VM

Actually i used an Ubuntu Server installation capped to 5% of CPU and 512Mb RAM

You should first add a new network adapter connected with the "Internal network" other than the default one

Create the client VMS

You should first add a new network adapter connected with the "Internal network" other than the default one

On the VPN Proxy VM

During the setup assign dhcp to both interfaces

Edit then the file /etc/netplan/00-installer-config.yaml and it should be something like the following, make a couple of tries to check if you are using the right ethernet :)

network:
  ethernets:
    eth0:
      addresses:
      - 192.168.4.2/24
      nameservers: {}
    eth1:
      dhcp4: true
  version: 2

Once done run

sudo netplan apply

Setup the vpn

Install Openconnect or OpenVPN (for those i know what to do :P )

Openconnect

Add a virtual tun interface

sudo ip tuntap add name tun0 mode tun

When starting openconnect add the followin parameter:

-i tun0

OpenVPN

Edit the openvpn config file ( /etc/openvpn/client.conf) and add or modify the tun to use

dev tun0

Then be sure to persist the tun adding (if not present) the following line

persist-tun

Setup the routing

Install persistent iptables (they will be saved on /etc/iptables/rules.v4 and /etc/iptables/rules.v6)

sudo apt-get install iptables-persistent

Allow the IP forwardin

sudo echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf && sysctl -p

I assume that the interface involved is the eth0 in netplan (or wetheaver are you using)

sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
sudo iptables -A FORWARD -o tun0 -j ACCEPT
sudo iptables -A FORWARD -i tun0 -m conntrack --ctstate ESTABLISHED,RELATED   -j ACCEPT
sudo iptables -A INPUT -i tun0 -j ACCEPT

Then you can save the changes

iptables-save > /etc/iptables/rules.v4

Now you can try connect to your vpn and check if the connection works.

Getting the DNS

Check the DNS server with "cat /etc/resolv.conf". For me it was the following. Take note of the two nameservers and the source (that will be used for linux )

options edns0 trust-ad
nameserver 10.1.49.21
nameserver 10.4.8.21
search mshome.net test.dns.it

Linux client machine

First should assign a static ip to the machine on the "Internal Network"

Then should add the dns servers to /etc/resolv.conf, i used too the 8.8.8.8 from google

nameserver 8.8.8.8
nameserver 10.1.49.21
nameserver 10.4.8.21
search mshome.net test.dns.it

And add the route, all 10.* will go to the VPN client machine

sudo route -p add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.4.2

Docker Desktop Container

In the Dockerfile add the route

RUN route add -net 10.0.0.0 netmask 255.0.0.0 gw 192.168.4.2

When running the container should add the following parameters to the docker run. The resolve.conf is always reloaded at startup...dang.. so the dns must be passed as parameters

--dns 8.8.8.8 --dns 10.1.49.21 --dns 10.4.8.21 --dns-search test.dns.it \
--cap-add=NET_ADMIN --cap-add=SYS_MODULE

To give an example

docker run \
    --dns 8.8.8.8 --dns 10.1.49.21 --dns 10.4.8.21 --dns-search test.dns.it \
    --cap-add=NET_ADMIN --cap-add=SYS_MODULE \
    -it alpine /bin/sh

Windows client machine

First should assign a static ip to the machine on the "Internal Network"

Open a command prompt as adminstrator

Should then add the route ( p for persistent )

route -P ADD 10.0.0.0 MASK 255.0.0.0  192.168.4.2

List the names of the interfaces and get THE NAME of the interface

netsh interface show interface

Then should add the dns servers, using instead of "Internal Network" the name of YOUR interface

netsh interface ipv4 add dnsserver "Internal Network" address=8.8.8.8 index=1
netsh interface ipv4 add dnsserver "Internal Network" address=10.1.49.21 index=2
netsh interface ipv4 add dnsserver "Internal Network" address=10.4.8.21 index=3

Last modified on: February 23, 2021