I would like to setup a VPN server and route all the clients traffic through the VPN.
In order to do that, I run a VPN server using the OpenVPN docker image kylemanna/openvpn
. My docker runs on Kubernetes and doesn't share the host network. I also added the NET_ADMIN capability and enabled privileged mode.
In order to configure my docker image as a gateway, I configured NAT (inside the docker) using iptables
iptables -I FORWARD -i tun0 -o eth0 -s 192.168.255.0/24 -m conntrack --ctstate NEW -j ACCEPT
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -s 192.168.255.0/24 -j MASQUERADE
Unfortunately something is going wrong. I can perfectly connects to the VPN and ping to any public IP. I can also curl to any HTTP traffic without any problems. If I curl http://ifconfig.co
, I can also see that my IP changed to the IP of my server. So until here everything works as expected.
But it only works on HTTP traffic, if I try to curl google using HTTP, I got a response, but using HTTPS, I do not get any response back. I checked it out with tcpdump, and the packets arrives back on the client side.
When I curl in verbose mode google, that's what happens before it hangs:
curl -v https://www.google.com
* Trying 172.217.20.100:443...
* TCP_NODELAY set
* Connected to www.google.com (172.217.20.100) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
Does someone have an idea how to debug this / why HTTPS is not working while HTTP works ?
Thank you