Accessing a new installation remotely from a 172.17.0.x address

127 views
Skip to first unread message

Sean Carte

unread,
Jun 1, 2021, 8:15:36 AM6/1/21
to archipelago commons
I've had Archipelago installed for a couple of weeks, but am unable to use it because the VPN I use assigns me an address on the 172.17.0.0 network, but Archipelago uses 172.17.0.1 for ... something:

  IPv4 address for br-28d6bf7752d9: 172.18.0.1
  IPv4 address for br-c309c0241a2d: 172.17.0.1
  IPv4 address for docker0:         192.168.1.1
  IPv4 address for ens3:            10.4.36.48

At least, I think that's the problem. I can SSH into the VM from another machine on the network, but I can't access anything from my computer.

Everything seems to be running, but I need to access it on 10.4.36.48 instead of localhost:8001:

$ telnet localhost 8001
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

root@ubuntu:~# netstat -atupvn | grep LISTEN
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      772/systemd-resolve
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      846/sshd: /usr/sbin
tcp        0      0 0.0.0.0:8183            0.0.0.0:*               LISTEN      4770/docker-proxy   
tcp        0      0 0.0.0.0:8983            0.0.0.0:*               LISTEN      4483/docker-proxy   
tcp        0      0 0.0.0.0:6400            0.0.0.0:*               LISTEN      4442/docker-proxy   
tcp        0      0 0.0.0.0:8001            0.0.0.0:*               LISTEN      4688/docker-proxy   
tcp        0      0 0.0.0.0:9000            0.0.0.0:*               LISTEN      4558/docker-proxy   
tcp6       0      0 :::22                   :::*                    LISTEN      846/sshd: /usr/sbin
tcp6       0      0 :::8183                 :::*                    LISTEN      4775/docker-proxy   
tcp6       0      0 :::8983                 :::*                    LISTEN      4500/docker-proxy   
tcp6       0      0 :::6400                 :::*                    LISTEN      4449/docker-proxy   
tcp6       0      0 :::8001                 :::*                    LISTEN      4703/docker-proxy   
tcp6       0      0 :::9000                 :::*                    LISTEN      4573/docker-proxy  

I followed the installation guide at: https://github.com/esmero/archipelago-deployment/blob/1.0.0-RC1/docs/ubuntu.md and am using Ubuntu 20.04.

Any ideas?

Sean

dp...@metro.org

unread,
Jun 2, 2021, 12:59:21 PM6/2/21
to archipelago commons
Hi Sean, thanks for writing us, yes I have some ideas.

Docker will take some available IP ranges (like a proxy, the so named "bridge") to communicate to the outside/inside and in this cases its clashing with your VPN.
Here is a tut (long but good) on how to deal with this, basically forcing Docker to use a different address so VPN/Docker networks do not clash.


For others that do not have the time to read the article. You can check 

If you do a 

$ docker network list

you will see something like this

2548adde1f62   bridge                  bridge    local

0c7cf2e84fae   ec2-docker_esmero-net   bridge    local

9ed8106b22d9   ec2-docker_host-net     bridge    local

cb69b005c7ef   host                    host      local

4300556a0879   none                    null      local

Then you can inspect each bridge and see which IP's its using (you can also do a "ip addr" to see which interfaces are using which IPs)

e.g $ docker network inspect 0c7cf2e84fae

 {

        "Name": "ec2-docker_esmero-net",

        "Id": "0c7cf2e84fae87ee3d9d0f81db5b27aaee5cfae722302cda37d052d8cb6cbca1",

        "Created": "2021-06-01T20:20:08.796617637Z",

        "Scope": "local",

        "Driver": "bridge",

        "EnableIPv6": false,

        "IPAM": {

            "Driver": "default",

            "Options": null,

            "Config": [

                {

                    "Subnet": "172.19.0.0/16",

                    "Gateway": "172.19.0.1"

                }

            ]

        },

        "Internal": true,

        "Attachable": true,

        "Ingress": false,

        "ConfigFrom": {

            "Network": ""

        }....

So, the definitive solution (since the subnet/gateway may clash with your VPN) to this is  to let the Docker Service know those address ranges are not be used (passing other)

$ nano /etc/docker/daemon.json { "default-address-pools" : [ { "base" : "172.240.0.0/16", "size" : 24 } ] }

Being 172.240.0.0/16 the other in this case. (or anything that is not a "REAL" range.. but that number is good)

Then do a docker-compose down/ docker-compose up -d (docker-compose restart "I think" will not restart the network so better down/up)

Please let us know if this helps and thanks for reporting

Hugs

Diego Pino

dp...@metro.org

unread,
Jun 8, 2021, 9:45:12 PM6/8/21
to archipelago commons
Public Update: Got internal message this worked out, so in case someone hits VPN issues , this is the working solution,

Good night!

Reply all
Reply to author
Forward
0 new messages