I have set-up a port forwarding at my VPN provider like:
VPN_EXT_IP:60000 --> VPN_INT_CLIENT_IP:60000
I have a docker-compose which looks something like:
version: "3.5"
networks:
ext:
name: ext
services:
openvpn-client:
image: ghcr.io/wfg/openvpn-client
container_name: openvpn-client
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
volumes:
...
networks:
- ext
rutorrent:
image: crazymax/rtorrent-rutorrent:3.10-0.9.8-0.13.8
container_name: rutorrent
restart: "unless-stopped"
stop_grace_period: 10m
environment:
- TZ=Europe/Berlin
- PUID=1000
- PGID=1000
- RT_INC_PORT=60000
- RT_DHT_PORT=60001
depends_on:
- openvpn-client
network_mode: "service:openvpn-client"
volumes:
...
The incoming port 60000 seems to be closed.
I suspected my OpenWrt router (docker containers run behind NAT) and installed kmod-nf-nathelper-extra, but it did not help.
VPN connection itself works, but incoming connections (which are not ESTABLISHED) do not work.
I am a bit lost and at the limit of my network knowledge.
I expect everything to work, since the VPN client establishes a connection to VPN server on OPENWRT_PUB_IP:NAT_PORT (NAT, thus NAT_PORT is random);
Openwrt tracks connection to VPN_SERVER:VPN_SERVER_PORT and everything via this tracked connection is allowed to pass firewall.
But, this seems only to be valid for a connection established from VPN_CLIENT (in tunnel), not the other way around.
