Hello!
I've been hitting my head against my desk for weeks trying to figure this out and I'm hoping someone here might be able to point me in the right direction. I've currently got one container (named vpn) using dperson/openvpn-client connecting to Windscribe with a static IP. I have several other containers (qbittorrent, sonarr, radarr, etc) routed through this using --net=container:vpn and it can access the internet just fine. I also have numerous proxies (I believe dperson uses nginx in his -p argument) so that I can access these containers webUI's locally and that works just fine.
I have recently been trying to host a few game servers, most recently a Valheim server using the ich777 container images (https://hub.docker.com/r/ich777/steamcmd/). I would like to run these containers via the VPN as well so I can provide my VPN static IP to people instead of my networks public IP, but I cannot get it to work for the life of me.
This particular game requires ports 2456 - 2457 to be open. First in my troubleshooting, I am able to confirm that if I run the Valheim container on the bridge network and I connect to UNRAIDSERVERIP:2456, I'm able to connect and everything is working fine. Now, I try to add --net=container:vpn to the valheim container, then add a proxy rule in the VPN container to expose 2456 - 2457 locally but I'm not able to connect via Steam server list or Valheim - it always times out.
I've confirm that netstat in the docker container shows the game listening to the ports:
root@BuenoServer:/mnt/user/appdata# docker inspect valheim | grep Pid
"Pid": 13243,
"PidMode": "",
"PidsLimit": null,
root@BuenoServer:/mnt/user/appdata# nsenter -t 13243 -n netstat -nap | grep val
udp 0 0 0.0.0.0:2457 0.0.0.0:* 13551/valheim_serve
udp6 0 0 :::2456 :::* 13551/valheim_serve
And that I've proxied these through to the host:
root@BuenoServer:/mnt/user/appdata# netstat -nap | grep 245[67]
udp 0 0 0.0.0.0:2456 0.0.0.0:* 3265/docker-proxy
udp 0 0 0.0.0.0:2457 0.0.0.0:* 3252/docker-proxy
I've also verified if I tcpdump br0 that I see traffic being received on from my local PC to UDP port 2456 and that it is being sent to the docker container IP.
root@BuenoServer:/mnt/user/appdata# nsenter -t 13243 -n ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 172.17.0.3 netmask 255.255.0.0 broadcast 172.17.255.255
tcpdump -i br0 host 172.17.0.3 and udp port 2456
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
21:40:11.451279 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:11.951442 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:12.451907 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:12.952347 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:13.452903 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:13.953273 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:14.453759 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:14.954243 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:15.454651 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:15.955134 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:16.455567 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:16.956023 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:17.456453 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
21:40:17.956908 IP Mikes-Brain.local.65093 > 172.17.0.3.2456: UDP, length 512
I've read here that steam can sometimes require additional ports (https://help.steampowered.com/en/faqs/view/2EA8-4D75-DA21-31EB), so I tried adding ports 27000 - 27100 as proxies in my VPN container but that does not help either.
I've not spotted anything in the valheim docker container logs either (at least no different than when I was running it on the bridge network).
I'm truly at a loss. Has anyone setup something similar? Or have any ideas what might be getting lost in translation? I would have thought just passing the ports from the VPN container back to the host would have been enough (similar to how the webUI's work for the other containers) and the fact that the UDP packets are getting to the server but it still times out is just really weird.
Thanks for your time!
Mike