Jumbolaya

Wow. I feel dumb. It was the firewall. I temporarily cleared iptables and it connects. I thought I already tried that but I guess there was something else wrong when I tried. Ugh. Hopefully this can be a cautionary tale for anyone who falls down the same rabbit hole

Bingo. On case #3 where I have the docker using --net=container:vpn and try to connect via STATICIP:2456.... I attached the following command to the process root@BuenoServer:~# nsenter -t 13945 -n strace -p 21228 -e trace=network strace: Process 21228 attached ^Cstrace: Process 21228 detached I saw nothing from strace, but a parallel tcpdump saw the UDP packets coming in on 2456. I do the same for case #2 (Valheim docker using bridge network and connect UNRAIDSERVERIP:2456), I see the packets come into the process. So we've got the process showing it is listening to the port via netstat, we've got tcpdump showing the packets are coming in for that port, but the process is definitely not seeing them.... I have no clue why. Thoughts?

Continuing to narrow in on the issue... Viewing the Valheim server logs on case #1 or #2 (the 'working' cases), I see 01/14/2022 22:21:34: New connection But on the none working cases where it is using the --net=container:vpn, I never see this. As mentioned above, I see the port listening in the VPN container: root@BuenoServer:/mnt/user/appdata# nsenter -t 13243 -n netstat -nap | grep val udp 0 0 0.0.0.0:2457 0.0.0.0:* 13551/valheim_serve udp6 0 0 :::2456 :::* 13551/valheim_serve And tcpdump shows packets going into UDP port 2456... so the networking stack is at least receiving the packets on that UDP port. Could something possibly be blocking the Valheim service from actually receiving the packets (i.e. either the stack or something between stack and process is dropping it)? I've already tried disabling firewall but that doesn't help. Is it some weird IPV6 thing (not sure why it would be if it works fine in cases #1 / #2 using udp6)?

OK, troubleshooting further: 1) I setup my Windows Valheim server again through the Windscribe application and connected from another computer to STATICIP:2456. Taking a tcpdump (using Winshark + npcap) I see traffic going both TO and FROM udp port 2456. 2) I setup the Valheim docker on UNRAID using the bridge network and from my local computer I connect to UNRAIDIP:2456. Taking a tcpdump on br0, I see traffic going both TO and FROM udp port 2456 again. 3) Here is where I get an issue. I startup a Valheim docker on UNRAID using the --net=container:vpn and connect from another computer to STATICIP:2456. Taking a tcpdump on tun0 of the vpn container, I see traffic coming INTO udp port 2456, but I never see it get sent back out. 4) The case I describe originally in this thread has the same behavior as #3. I startup a Valheim docker on UNRAID using the --net=container:vpn, make a nginx proxy for 2456:2456/UDP + 2457:2457/UDP, and connect from another computer to UNRAIDIP:2456. Taking a tcpdump on tun0 or br0, I see traffic coming into udp port 2456 but never returned. Does anyone have an idea why the data might not be getting sent back out when looped through the container like this? The docker image itself works fine if using the bridge network... but when routed through the --net=container:vpn, the process never sends data back out whether it be the VPN's STATICIP or the nginx proxies.

While I did forward the ports in the Windscribe webUI (2456-2457) as mentioned in that guide, it was not working using STATICIP:2456 either. Interesting to note that I WAS able to get this working if I host the dedicated server on my Windows PC which is connected to the VPN static IP. With that setup, I was able to connect to STATICIP:2456 from another PC in the house. But it is not ideal to have my main gaming PC running the game server, would be much preferred to use the UNRAID server docker. I decided to try and get this working via a local connection first as a troubleshooting step to better understand why the VPN static IP may not be working. In theory, me running the Valheim docker using the VPN container network and forwarding the ports to the host should work in a similar fashion as Windscribe forwarding the ports at their static IP end. I'd be happy getting either to work honestly.

Hello! I've been hitting my head against my desk for weeks trying to figure this out and I'm hoping someone here might be able to point me in the right direction. I've currently got one container (named vpn) using dperson/openvpn-client connecting to Windscribe with a static IP. I have several other containers (qbittorrent, sonarr, radarr, etc) routed through this using --net=container:vpn and it can access the internet just fine. I also have numerous proxies (I believe dperson uses nginx in his -p argument) so that I can access these containers webUI's locally and that works just fine. I have recently been trying to host a few game servers, most recently a Valheim server using the ich777 container images (https://hub.docker.com/r/ich777/steamcmd/). I would like to run these containers via the VPN as well so I can provide my VPN static IP to people instead of my networks public IP, but I cannot get it to work for the life of me. This particular game requires ports 2456 - 2457 to be open. First in my troubleshooting, I am able to confirm that if I run the Valheim container on the bridge network and I connect to UNRAIDSERVERIP:2456, I'm able to connect and everything is working fine. Now, I try to add --net=container:vpn to the valheim container, then add a proxy rule in the VPN container to expose 2456 - 2457 locally but I'm not able to connect via Steam server list or Valheim - it always times out. I've confirm that netstat in the docker container shows the game listening to the ports: root@BuenoServer:/mnt/user/appdata# docker inspect valheim | grep Pid "Pid": 13243, "PidMode": "", "PidsLimit": null, root@BuenoServer:/mnt/user/appdata# nsenter -t 13243 -n netstat -nap | grep val udp 0 0 0.0.0.0:2457 0.0.0.0:* 13551/valheim_serve udp6 0 0 :::2456 :::* 13551/valheim_serve And that I've proxied these through to the host: root@BuenoServer:/mnt/user/appdata# netstat -nap | grep 245[67] udp 0 0 0.0.0.0:2456 0.0.0.0:* 3265/docker-proxy udp 0 0 0.0.0.0:2457 0.0.0.0:* 3252/docker-proxy I've also verified if I tcpdump br0 that I see traffic being received on from my local PC to UDP port 2456 and that it is being sent to the docker container IP. root@BuenoServer:/mnt/user/appdata# nsenter -t 13243 -n ifconfig eth0 eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255 tcpdump -i br0 host 172.17.0.3 and udp port 2456 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes 21:40:11.451279 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:11.951442 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:12.451907 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:12.952347 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:13.452903 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:13.953273 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:14.453759 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:14.954243 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:15.454651 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:15.955134 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:16.455567 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:16.956023 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:17.456453 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 21:40:17.956908 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512 I've read here that steam can sometimes require additional ports (https://help.steampowered.com/en/faqs/view/2EA8-4D75-DA21-31EB), so I tried adding ports 27000 - 27100 as proxies in my VPN container but that does not help either. I've not spotted anything in the valheim docker container logs either (at least no different than when I was running it on the bridge network). I'm truly at a loss. Has anyone setup something similar? Or have any ideas what might be getting lost in translation? I would have thought just passing the ports from the VPN container back to the host would have been enough (similar to how the webUI's work for the other containers) and the fact that the UDP packets are getting to the server but it still times out is just really weird. Thanks for your time! Mike