Assistant Engineer
Assistant Engineer
  • UID621
  • Fans1
  • Follows0
  • Posts55

Connect to container service intranet using VPN container

More Posted time:Dec 15, 2016 13:30 PM
We know that the container network of the container service is an overlay network on the ECS network. Every container has an independently accessible IP address in the cluster, and you can access the container service with this independent IP address in the cluster. But this overlay network is isolated from the internet and servers not in the container in the cluster cannot be connected. So how should I connect to the container for testing? You can use the VPN container to quickly set up a VPN service in the cluster network for connecting external servers, and this VPN can serve as the gateway for accessing the other container addresses in the cluster.
In this example, we will create the VPN connection through the PPTP method. The project addresses of the image and template in this example are as follows:
One-click creation of VPN services
Create an application in the cluster you want to connect to through the container service console. The application template is as follows:
        - USERNAME=xxx
        - PASSWORD=xxx
        - "1723:1723"
    privileged: true
    restart: always

In the template, the VPN user name and password are passed in as the environment variables and the container's PPTP port is mapped to the host machine.
After the application is created, wait till the application is ready and you will be able to see the container list of the service.

Connect to the VPN service and test the connection to the container network
The mapped address of the container can be viewed on the pptp-server service container list page ( as shown in the figure above).
Connect to the VPN service through PPTP Client, such as in the Ubuntu:
pptpsetup --create myvpn --server xx.xx.xx.xx --username xxx --password xxx --encrypt --start
Using interface ppp0
Connect: ppp0 <--> /dev/pts/3
CHAP authentication succeeded
MPPE 128-bit stateless compression enabled
local  IP address
remote IP address

Add the route table of the container network segment of to the ppp0 network interface of PPTP.
route add -net dev ppp0

Then test a nginx service address by connecting to the container IP address directly:
<!DOCTYPE html>
<title>Welcome to nginx!</title>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href=""></a>.

Commercial support is available at
<a href=""></a>.</p>

<p><em>Thank you for using nginx.</em></p>

It indicates the connection from the local network to the cluster container has been established, and you can access and test applications on the container service through this VPN.