Docksal: Not able to resolve on Corporate VPN "502 Bad Gateway"

Created on 3 Aug 2020  ยท  18Comments  ยท  Source: docksal/docksal

Description

I having issues with the DNS inside corporate VPN when I visit my local project I got 502 Bad Gateway error, I have followed the instructions on the troubleshooting sections for DNS RESOLVER.

cat ~/.docksal/docksal.env
DOCKSAL_UUID=7191f153-3c2f-3f9e-ae06-cc245233259f
DOCKSAL_DNS_UPSTREAM="10.134.18.43"
DOCKSAL_NO_DNS_RESOLVER="1"

nslookup google.com
Server: 10.134.18.43
Address: 10.134.18.43#53

Non-authoritative answer:
Name: google.com
Address: 173.194.219.101

Steps to reproduce the issue:

  1. Connect to Cisco AnyConnect VPN
  2. Visit localhost http://baxter.docksal.site/

Describe the results you received:

502 Bad Gateway.

Describe the results you expected:

Be able to connect to the localhost, that only works when I'm disconnected from VPN

Output of fin config:


fin config output

COMPOSE_PROJECT_NAME_SAFE: corvette
COMPOSE_FILE:
/home/gutierm18/.docksal/stacks/volumes-bind.yml
/home/gutierm18/.docksal/stacks/stack-acquia.yml
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal.yml
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal-local.yml
ENV_FILE:
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal.env
/home/gutierm18/Documents/Drupal/Corvette/.docksal/docksal-local.env

PROJECT_ROOT: /home/gutierm18/Documents/Drupal/Corvette
DOCROOT: docroot
VIRTUAL_HOST: baxter.docksal.site
VIRTUAL_HOST_ALIASES: *.baxter.docksal.site
IP: 192.168.64.100
MYSQL: 192.168.64.100:32769

Docker Compose configuration
---------------------
services:
  cli:
    build:
      context: /home/gutierm18/Documents/Drupal/Corvette/.docksal/services/cli
    dns:
    - 192.168.64.100
    - 10.134.18.43
    environment:
      BLACKFIRE_CLIENT_ID: null
      BLACKFIRE_CLIENT_TOKEN: null
      COMPOSER_ALLOW_XDEBUG: '0'
      COMPOSER_DISABLE_XDEBUG_WARN: '0'
      DEFAULT_BUILD_THEME_PROFILE: bax_base
      DOCKSAL_ENV: "true"
      DOCROOT: docroot
      DRUSH_ALLOW_XDEBUG: '0'
      DRUSH_OPTIONS_URI: baxter.docksal.site
      GIT_USER_EMAIL: [email protected]
      GIT_USER_NAME: gutierm18
      HOST_GID: '1000'
      HOST_UID: '1000'
      MYSQL_DATABASE: default
      MYSQL_HOST: db
      MYSQL_PASSWORD: user
      MYSQL_ROOT_PASSWORD: root
      MYSQL_USER: user
      PHP_IDE_CONFIG: serverName=baxter.docksal.site
      PUPPETEER_EXECUTABLE_PATH: /usr/bin/google-chrome
      PUPPETEER_SKIP_CHROMIUM_DOWNLOAD: "true"
      SECRET_ACAPI_EMAIL: null
      SECRET_ACAPI_KEY: null
      SECRET_ACQUIACLI_KEY: null
      SECRET_ACQUIACLI_SECRET: null
      SECRET_ACSF_API_KEY: 702d7*****63e29
      SECRET_ACSF_USER: mangu*****gutie
      SECRET_PLATFORMSH_CLI_TOKEN: null
      SECRET_SSH_PRIVATE_KEY: null
      SECRET_TERMINUS_TOKEN: null
      SSH_AUTH_SOCK: /.ssh-agent/proxy-socket
      VIRTUAL_HOST: baxter.docksal.site
      XDEBUG_CONFIG: idekey=PHPSTORM remote_host=192.168.64.1
      XDEBUG_ENABLED: '0'
    hostname: cli
    image: corvette_cli
    labels:
      io.docksal.shell: bash
      io.docksal.user: docker
    logging:
      options:
        max-file: '10'
        max-size: 1m
    volumes:
    - docksal_ssh_agent:/.ssh-agent:ro
    - cli_home:/home/docker:rw
    - /home/gutierm18/.docksal/tmp/corvette:/home/gutierm18/.docksal/tmp/corvette:ro
    - project_root:/var/www:rw,nocopy,cached
  db:
    dns:
    - 192.168.64.100
    - 10.134.18.43
    environment:
      MYSQL_ALLOW_EMPTY_PASSWORD: null
      MYSQL_DATABASE: default
      MYSQL_INITDB_SKIP_TZINFO: null
      MYSQL_ONETIME_PASSWORD: null
      MYSQL_PASSWORD: user
      MYSQL_RANDOM_ROOT_PASSWORD: null
      MYSQL_ROOT_PASSWORD: root
      MYSQL_USER: user
    hostname: db
    image: docksal/mysql:5.6-1.5
    logging:
      options:
        max-file: '10'
        max-size: 1m
    ports:
    - 3306/tcp
    volumes:
    - db_data:/var/lib/mysql:rw
    - project_root:/var/www:ro,nocopy,cached
  mail:
    dns:
    - 192.168.64.100
    - 10.134.18.43
    hostname: mail
    image: mailhog/mailhog
    labels:
      io.docksal.cert-name: none
      io.docksal.virtual-host: mail.baxter.docksal.site,mail.baxter.docksal.site.*
      io.docksal.virtual-port: '8025'
    logging:
      options:
        max-file: '10'
        max-size: 1m
    volumes:
    - project_root:/var/www:ro,nocopy,cached
  memcached:
    command:
    - -m
    - '128'
    dns:
    - 192.168.64.100
    - 10.134.18.43
    hostname: memcached
    image: memcached:1.4-alpine
    logging:
      options:
        max-file: '10'
        max-size: 1m
  solr:
    dns:
    - 192.168.64.100
    - 10.134.18.43
    hostname: solr
    image: docksal/solr:1.0-solr4
    labels:
      io.docksal.cert-name: none
      io.docksal.virtual-host: solr.baxter.docksal.site,solr.baxter.docksal.site.*
      io.docksal.virtual-port: '8983'
    logging:
      options:
        max-file: '10'
        max-size: 1m
    volumes:
    - project_root:/var/www:ro,nocopy,cached
  varnish:
    depends_on:
      web:
        condition: service_started
    dns:
    - 192.168.64.100
    - 10.134.18.43
    environment:
      VARNISH_BACKEND_HOST: web
    hostname: varnish
    image: docksal/varnish:1.1-varnish4
    labels:
      io.docksal.cert-name: none
      io.docksal.virtual-host: varnish.renaldtpmy20201802.baxter.docksal.site,varnish.renaldtpmy20201903.baxter.docksal.site,varnish.canadapro20200427.baxter.docksal.site,varnish.evoiqbr.baxter.docksal.site,varnish.pdempowersv2.baxter.docksal.site,varnish.renalpoland05142020.baxter.docksal.site,varnish.apacevents.baxter.docksal.site,varnish.renaldtptr.baxter.docksal.site,varnish.starling.baxter.docksal.site,varnish.becpoland.baxter.docksal.site
    logging:
      options:
        max-file: '10'
        max-size: 1m
    volumes:
    - project_root:/var/www:ro,nocopy,cached
  web:
    depends_on:
      cli:
        condition: service_started
    dns:
    - 192.168.64.100
    - 10.134.18.43
    environment:
      APACHE_BASIC_AUTH_PASS: null
      APACHE_BASIC_AUTH_USER: null
      APACHE_DOCUMENTROOT: /var/www/docroot
      APACHE_FCGI_HOST_PORT: cli:9000
      VIRTUAL_HOST: baxter.docksal.site
    hostname: web
    image: docksal/apache:2.4-2.3
    labels:
      io.docksal.cert-name: none
      io.docksal.permanent: "false"
      io.docksal.project-root: /home/gutierm18/Documents/Drupal/Corvette
      io.docksal.virtual-host: baxter.docksal.site,*.baxter.docksal.site,baxter.docksal.site.*
    logging:
      options:
        max-file: '10'
        max-size: 1m
    volumes:
    - project_root:/var/www:ro,nocopy,cached
version: '2.1'
volumes:
  cli_home: {}
  db_data: {}
  docksal_ssh_agent:
    external: true
    name: docksal_ssh_agent
  project_root:
    driver: local
    driver_opts:
      device: /home/gutierm18/Documents/Drupal/Corvette
      o: bind
      type: none


Output of fin sysinfo:


fin sysinfo output

```
โ–ˆโ–ˆโ–ˆ OS
Linux Debian GNU/Linux 10
Linux debian 4.19.0-9-amd64 #1 SMP Debian 4.19.118-2+deb10u1 (2020-06-07) x86_64 GNU/Linux

โ–ˆโ–ˆโ–ˆ ENVIRONMENT
MODE : Linux Kernel
DOCKER_HOST :

โ–ˆโ–ˆโ–ˆ FIN
fin version: 1.99.0

โ–ˆโ–ˆโ–ˆ DOCKER COMPOSE
EXPECTED VERSION: 1.26.0
docker-compose version 1.26.0, build d4451659
docker-py version: 4.2.1
CPython version: 3.7.7
OpenSSL version: OpenSSL 1.1.0l 10 Sep 2019

โ–ˆโ–ˆโ–ˆ DOCKER
EXPECTED CLIENT VERSION: 19.03.9
EXPECTED SERVER VERSION: 19.03.9

Client: Docker Engine - Community
Version: 19.03.12
API version: 1.40
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:45:50 2020
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.12
API version: 1.40 (minimum version 1.12)
Go version: go1.13.10
Git commit: 48a66213fe
Built: Mon Jun 22 15:44:21 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683

โ–ˆโ–ˆโ–ˆ DOCKSAL: PROJECTS
project STATUS virtual host project root
corvette Up 3 minutes (healthy) baxter.docksal.site,.baxter.docksal.site,baxter.docksal.site. /home/gutierm18/Documents/Drupal/Corvette

โ–ˆโ–ˆโ–ˆ DOCKSAL: VIRTUAL HOSTS
.baxter.docksal.site
baxter.docksal.site.

baxter.docksal.site
mail.baxter.docksal.site.*
mail.baxter.docksal.site
solr.baxter.docksal.site.*
solr.baxter.docksal.site
varnish.apacevents.baxter.docksal.site
varnish.becpoland.baxter.docksal.site
varnish.canadapro20200427.baxter.docksal.site
varnish.evoiqbr.baxter.docksal.site
varnish.pdempowersv2.baxter.docksal.site
varnish.renaldtpmy20201802.baxter.docksal.site
varnish.renaldtpmy20201903.baxter.docksal.site
varnish.renaldtptr.baxter.docksal.site
varnish.renalpoland05142020.baxter.docksal.site
varnish.starling.baxter.docksal.site

โ–ˆโ–ˆโ–ˆ DOCKSAL: NETWORKING

DOCKSAL_IP: 192.168.64.100
DOCKSAL_VHOST_PROXY_IP:
DOCKSAL_DNS_IP:
DOCKSAL_DNS_DISABLED: 0
DOCKSAL_NO_DNS_RESOLVER: 1
DOCKSAL_DNS_UPSTREAM: 10.134.18.43
DOCKSAL_DNS_DOMAIN: docksal

Checking connectivity to http://dns-test.docksal...
Host: FAIL
Containers: FAIL

โ–ˆโ–ˆโ–ˆ DOCKER: RUNNING CONTAINERS
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
234953a3c73b docksal/varnish:1.1-varnish4 "/opt/startup.sh" 3 minutes ago Up 3 minutes 80/tcp, 6082/tcp corvette_varnish_1
da516bb4ad06 docksal/apache:2.4-2.3 "httpd-foreground" 3 minutes ago Up 3 minutes (healthy) 80/tcp, 443/tcp corvette_web_1
d8c8aebb366f memcached:1.4-alpine "docker-entrypoint.sโ€ฆ" 3 minutes ago Up 3 minutes 11211/tcp corvette_memcached_1
3237223d913e docksal/mysql:5.6-1.5 "docker-entrypoint.sโ€ฆ" 3 minutes ago Up 3 minutes (healthy) 0.0.0.0:32769->3306/tcp corvette_db_1
a55316a587c8 docksal/solr:1.0-solr4 "/opt/solr/bin/solr โ€ฆ" 3 minutes ago Up 3 minutes 8983/tcp corvette_solr_1
f91077413f03 mailhog/mailhog "MailHog" 3 minutes ago Up 3 minutes 1025/tcp, 8025/tcp corvette_mail_1
3e28c5b978ba corvette_cli "/opt/startup.sh supโ€ฆ" 3 minutes ago Up 3 minutes (healthy) 22/tcp, 3000/tcp, 9000/tcp corvette_cli_1
7a5b88fdaa3c docksal/ssh-agent:1.3 "docker-entrypoint.sโ€ฆ" 3 minutes ago Up 3 minutes (healthy) docksal-ssh-agent
a2817f6ee41e docksal/dns:1.1 "docker-entrypoint.sโ€ฆ" 3 minutes ago Up 3 minutes (healthy) 192.168.64.100:53->53/udp docksal-dns
fb9b7f949699 docksal/vhost-proxy:1.6 "docker-entrypoint.sโ€ฆ" 3 minutes ago Up 3 minutes (healthy) 192.168.64.100:80->80/tcp, 192.168.64.100:443->443/tcp docksal-vhost-proxy

โ–ˆโ–ˆโ–ˆ DOCKER: NETWORKS
NETWORK ID NAME DRIVER SCOPE
5e82b24b2e66 _default bridge local
d594c0f8181b bridge bridge local
384e85bef220 corvette_default bridge local
7178d868eb7a ctfd_default bridge local
3018586cdb7a ctfd_internal bridge local
51edf210b7f8 ddev_default bridge local
011acff5c2b2 host host local
feaa37f104df none null local
d194d8ff7317 test-site-vpn-off_default bridge local
a33b40bdff7a test-site_default bridge local

โ–ˆโ–ˆโ–ˆ VIRTUALBOX
EXPECTED VERSION: 6.1.10
WARNING: The vboxdrv kernel module is not loaded. Either there is no module
available for the current kernel (4.19.0-9-amd64) or it failed to
load. Please recompile the kernel module and install it by

       sudo /sbin/vboxconfig

     You will not be able to start VMs until this problem is fixed.

6.1.10r138449

โ–ˆโ–ˆโ–ˆ HDD Usage
Filesystem Size Used Avail Use% Mounted on
udev 7.8G 0 7.8G 0% /dev
tmpfs 1.6G 27M 1.6G 2% /run
/dev/mapper/debian--vg-root 453G 94G 337G 22% /
tmpfs 7.8G 324M 7.5G 5% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 7.8G 0 7.8G 0% /sys/fs/cgroup
/dev/loop1 145M 145M 0 100% /snap/zoom-client/90
/dev/loop2 55M 55M 0 100% /snap/core18/1754
/dev/loop3 159M 159M 0 100% /snap/gitkraken/157
/dev/loop5 256K 256K 0 100% /snap/gtk2-common-themes/9
/dev/loop4 273M 273M 0 100% /snap/freecad/8
/dev/loop0 62M 62M 0 100% /snap/authy/4
/dev/loop7 55M 55M 0 100% /snap/core18/1880
/dev/loop8 162M 162M 0 100% /snap/gnome-3-28-1804/128
/dev/loop6 97M 97M 0 100% /snap/core/9665
/dev/loop11 55M 55M 0 100% /snap/gtk-common-themes/1502
/dev/loop9 63M 63M 0 100% /snap/gtk-common-themes/1506
/dev/loop10 164M 164M 0 100% /snap/spotify/41
/dev/loop12 545M 545M 0 100% /snap/freecad/16
/dev/loop13 11M 11M 0 100% /snap/kubectl/1559
/dev/loop14 161M 161M 0 100% /snap/gnome-3-28-1804/116
/dev/loop15 62M 62M 0 100% /snap/authy/3
/dev/loop16 145M 145M 0 100% /snap/zoom-client/92
/dev/loop17 11M 11M 0 100% /snap/kubectl/1580
/dev/loop18 30M 30M 0 100% /snap/snapd/8542
/dev/loop19 30M 30M 0 100% /snap/snapd/8140
/dev/nvme0n1p2 237M 109M 117M 49% /boot
/dev/nvme0n1p1 511M 5.1M 506M 1% /boot/efi
/dev/loop20 156M 156M 0 100% /snap/gitkraken/159
/dev/loop22 97M 97M 0 100% /snap/core/9436
/dev/loop23 256K 256K 0 100% /snap/gtk2-common-themes/13
/dev/loop24 178M 178M 0 100% /snap/skype/139
/dev/loop25 178M 178M 0 100% /snap/skype/143
tmpfs 1.6G 24K 1.6G 1% /run/user/1000

```

All 18 comments

@mangutie if you disable DNS resolver you have to manage your DNS records manually or use docksal.site TLD by setting fin config set --global DOCKSAL_DNS_DOMAIN=docksal.site, restarting your project and accessing them accordingly yourproject.docksal.site

I managed to worked partially for a single site I have a local multisite setup if this still applicable ?

fin hosts
127.0.0.1   localhost
127.0.1.1   debian.global.baxter.com    debian
127.0.0.1   baxter.docksal.site
127.0.0.1   special.baxter.docksal.site
127.0.0.1   com.baxter.docksal.site
127.0.0.1   edu.baxter.docksal.site
127.0.0.1   gov.baxter.docksal.site

I managed to worked partially for a single site I have a local multisite setup if this still applicable ?

@mangutie Not sure what you mean here. It does not matter whether you have a single site or a Drupal multisite. As long as you have all need host records pointed to 127.0.0.1, it should work.

Where the VPN troubleshooting docs helpful?

Hi @lmakarov I'm still having the 502 bad Getaway, error when I tried to visit my local projects http://com.baxter.docksal.site/ http://baxter.docksal.site, http://special.baxter.docksal.site/
The documentation it's pretty clear I'm able to test with ping all the previous URLs.
I'll attached the output of docksal-dns logs.

fin docker logs docksal-dns 2020-08-05 16:16:42 | Generating configuration in /etc/dnsmasq.d/docksal.conf 2020-08-05 16:16:42 | Passing execution to: dnsmasq dnsmasq: started, version 2.80 cachesize 150 dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect inotify dumpfile dnsmasq: reading /etc/resolv.conf dnsmasq: using nameserver 10.134.18.43#53 dnsmasq: using nameserver 9.9.9.9#53 dnsmasq: read /etc/hosts - 7 addresses

It sounds like vhost-proxy is not able to connect to your project's web container.

Check the vhost-proxy logs - fin docker logs -f docksal-vhost-proxy.

What do you get when you load http://127.0.0.1 and http://192.168.64.100/ in the browser (with and without VPN connected)?

I get project missing connected and disconnected from VPN.
This is the output of the logs

sudo: setrlimit(RLIMIT_CORE): Operation not permitted
2020-08-05 21:13:41 [proxyctl] [lookup] 
2020-08-05 21:13:41 [proxyctl] [lookup] ERROR: No matching projects or containers found for virtual host '192.168.64.100'.
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
2020-08-05 21:13:41 [proxyctl] [start] 
2020-08-05 21:13:41 [proxyctl] [start] ERROR: Empty type.


sudo: setrlimit(RLIMIT_CORE): Operation not permitted
2020-08-05 21:13:48 [proxyctl] [lookup] 
2020-08-05 21:13:49 [proxyctl] [lookup] ERROR: No matching projects or containers found for virtual host '127.0.0.1'.
sudo: setrlimit(RLIMIT_CORE): Operation not permitted
2020-08-05 21:13:49 [proxyctl] [start] 
2020-08-05 21:13:49 [proxyctl] [start] ERROR: Empty type.

k, so the issue is not with you not being able to access the vhost-proxy, but with vhost-proxy not being able to access the project's web container.

Assuming this only happens when you are connected to VPN, then either:

  • There is an overlap of the docker internal network IP range with the VPN IP range
  • The VPN workaround in docs does not work on Linux... (only works with Docker Desktop for Mac/Win)

Check the project's network settings and compare those with the IP you get from the VPN connection:

fin debug --load-configuration 'docker network inspect ${COMPOSE_PROJECT_NAME_SAFE}_default'

Hi @lmakarov this is the output from the debug command and the external IP I get from VPN it's 165.225.57.46

[
    {
        "Name": "corvette_default",
        "Id": "4fed6c4ff52119519b385ab20f5689d56836e6328c566077a97ef1fc8f750680",
        "Created": "2020-08-05T16:11:33.529628375-05:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.23.0.0/16",
                    "Gateway": "172.23.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "1a32693f43d3942f695918133165c7623ea6a90789f014afe5750cb830a32eab": {
                "Name": "corvette_cli_1",
                "EndpointID": "f50e889603ae5d0444a575d0c23cf20490267ac354e84f8f0d205f7fd55e0881",
                "MacAddress": "02:42:ac:17:00:06",
                "IPv4Address": "172.23.0.6/16",
                "IPv6Address": ""
            },
            "2ff76614dd8625bdadf0bfd2d3df4e2e8a8b668745c94834b41f5a5df879ac1b": {
                "Name": "corvette_mail_1",
                "EndpointID": "b175ba7a57c4f16b0f9406584020a35dbe94022608956259e724f8089a1d2054",
                "MacAddress": "02:42:ac:17:00:05",
                "IPv4Address": "172.23.0.5/16",
                "IPv6Address": ""
            },
            "321a405e5c459e522dcec38a9722dc2473f385d9b84d2edd3d03595a6cce8b26": {
                "Name": "corvette_web_1",
                "EndpointID": "de8348d39ba66d24039544c07a75dc8685484e3778d589f6efeff151282ccd5d",
                "MacAddress": "02:42:ac:17:00:07",
                "IPv4Address": "172.23.0.7/16",
                "IPv6Address": ""
            },
            "6545fd1902e645ea1250f1d035efe063440a3b2f0fe3fec3e48f8642888b0429": {
                "Name": "corvette_db_1",
                "EndpointID": "14df7f38157bcfe808346a52982c97063bb9b77a03e2b3f2626633bdb4b12435",
                "MacAddress": "02:42:ac:17:00:02",
                "IPv4Address": "172.23.0.2/16",
                "IPv6Address": ""
            },
            "9a41f969e19c82fe04fd6d79d8120583c705ce174ddd8f4fdeca0f17d040fd6c": {
                "Name": "corvette_memcached_1",
                "EndpointID": "84a39db14560d646f4973a3e61e2fdd077425c35738fec0577962421b81a719d",
                "MacAddress": "02:42:ac:17:00:03",
                "IPv4Address": "172.23.0.3/16",
                "IPv6Address": ""
            },
            "9b3014344c014e1efba2600646ff188e7b925c4e7490a67721d1c3f02191dfc7": {
                "Name": "docksal-vhost-proxy",
                "EndpointID": "4ff925f9eeb1ca102ec3e66dc5c2371f65aafab001e77bb49e389485bb62aa0c",
                "MacAddress": "02:42:ac:17:00:09",
                "IPv4Address": "172.23.0.9/16",
                "IPv6Address": ""
            },
            "b3fd9cd7b2d65454733d0d7945636138d760ffaa05cb542d3670ce76619c6bfc": {
                "Name": "corvette_varnish_1",
                "EndpointID": "441a9f6a2407c8dfb7232c5d70bad55e98b975e17b4c01d1bbb8cb379df24b5b",
                "MacAddress": "02:42:ac:17:00:08",
                "IPv4Address": "172.23.0.8/16",
                "IPv6Address": ""
            },
            "c02041c0771b4fbd2e8bff0ec5167b7134e2aeaba3a7e98c4894f3864574ff6d": {
                "Name": "corvette_solr_1",
                "EndpointID": "efe62f9e35ea5d4c3dc6fb5846b8a2bbc7dfe1a997fe5545f992a7a0609f2aaf",
                "MacAddress": "02:42:ac:17:00:04",
                "IPv4Address": "172.23.0.4/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "default",
            "com.docker.compose.project": "corvette",
            "com.docker.compose.version": "1.26.0"
        }
    }
]

@mangutie what's the internal IP you get on the VPN connection?

@lmakarov this is the output from the VPN

27: cscotun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1300 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none 
    inet 172.17.136.0/20 brd 172.17.143.255 scope global cscotun0
       valid_lft forever preferred_lft forever


This article looks somewhat worthy of investigation https://www.lullabot.com/articles/fixing-docker-and-vpn-ip-address-conflicts.

If you follow the steps in that, does it resolve your issue?

Specifically, I think the part that needs to happen is:

$ vi /etc/docker/daemon.json
{
  "default-address-pools" : [
    {
      "base" : "172.240.0.0/16",
      "size" : 24
    }
  ]
}

Then:

  1. Restart Docker.
  2. Then, for each project, run fin stop && fin start.
  3. Try to access the project site(s).

@mangutie what's the output from route -n with and without the VPN connection (with the project stack running)?

@lmakarov I have tried add the daemon to change the default subnet for docker, as @lpeabody recommended. Still the same issue.
I would like to document the results of following https://docs.docksal.io/troubleshooting/vpn/
After adding the hosts and override the upstream DNS server settings.
I'm able to see the site partially
Screenshot_2020-08-07_17-22-41
Screenshot_2020-08-07_17-32-54

When I looked at the browsers console tab I see the following errors:
Failed to load resource: the server responded with a status of 502 (Bad Gateway)

Screenshot_2020-08-07_17-33-18

@mangutie that's weird. Can you access the website with curl on command line as well?

curl -I http://com.baxter.docksal.site

@lmakarov nope I get the following output

 curl -I http://com.baxter.docksal.site
HTTP/1.1 502 Bad Gateway
Server: openresty/1.17.8.1
Date: Mon, 10 Aug 2020 18:00:09 GMT
Content-Type: text/html
Content-Length: 163
Connection: keep-alive

nope I get the following output

ok, that's what I'd expect. The page you saw in the browser was likely just a cache.

We discussed this issue last week with @lpeabody in the maintainers Slack and it looks like there may be no way around strict VPNs on Linux. The VPN workaround in the docs (https://docs.docksal.io/troubleshooting/vpn/) only works with Docker Desktop for Mac/Win and we should update the docs to mention that.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

loopy3025 picture loopy3025  ยท  30Comments

lmakarov picture lmakarov  ยท  49Comments

ygerasimov picture ygerasimov  ยท  33Comments

tbtmuse picture tbtmuse  ยท  22Comments

mike-potter picture mike-potter  ยท  18Comments