22

For some reason my VPN (NordVPN) is interfering with Docker:

make start
docker-compose -f docker-compose/docker-compose.base.yml -f docker-compose/docker-compose.dev.yml up -d
doCreating network "docker-compose_default" with the default driver
ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network
cmake: *** [Makefile:59: up_dev] Error 1

The issue seems to be to do with networking. I'm not sure how to troubleshoot it or fix it, though. After disabling my VPN and running sudo systemctl restart docker, Docker works fine.

Environment

  • Ubuntu 20.04 LTS
  • Docker version 19.03.8, build afacb8b7f0
  • NordVPN Version 3.7.4
Daniel
  • 3,115
  • 5
  • 28
  • 39
  • 1
    You may be at the maximum of created networks for docker. Try `docker network prune` and try again. And if it really is an issue with the VPN, try [this](https://stackoverflow.com/questions/45692255/how-make-openvpn-work-with-docker). – Parth Shah Aug 05 '20 at 07:17
  • In my case `docker network prune` solved the network issue for macOS 10.15.2 and ProtonVPN 1.9.0. Docker would break on build with `ERROR [internal] load metadata` more precisely it `failed to solve with frontend dockerfile.v0` as the request failed due to `Service Unavailable` – Ava Barbilla Jan 05 '21 at 19:36

3 Answers3

22

TL;DR

The issue here is that docker/docker-compose is unable to find a suitable address range to assign a subnet to the a new internal network since the VPN adds routes for all IP addresses.

Solutions:

  1. manually define the network and its address range in docker-compose.yml or use an existing one => requires changes in all your docker-compose.yml files which also may become hardly portable due to the hard coded addresses.
  2. start docker/all your services before the VPN => probably not practicable in all cases
  3. reconfigure the routing configuration of your VPN to exclude ranges to be used by docker => will add complexity to your VPN configuration and may leak traffic intended for VPN if done wrong

Explanation

By default docker-compose sets up a dedicated docker network for each project i.e. a virtual bridge device on the docker host.

To assign a subnet range and gateway address to the network docker tries to select a range from a pool of possible ranges. It checks that the selected range does not overlap with a range/route already bound to a connected network device to prevent issues with colliding address ranges in use by the host.

The VPN on the other hand may add its own routes in order to redirect all traffic through the VPN tunnel. Because of this docker will not be able to find a "unused" address range to assign to the new network.

For more on this see the answers to this question and the respective issue on GitHub

acran
  • 7,070
  • 1
  • 18
  • 35
12

This worked for me. Stop the running container and try with

docker network prune

Note: use with caution

Piero
  • 1,583
  • 10
  • 12
  • It's working form me !! Thank you – Yassine ECHCHARAFI Oct 03 '21 at 12:56
  • not for me, I could connect to internet, not anymore :| – Jorge Freitas Jan 27 '23 at 13:32
  • I'm not sure why this has anything to do with a local docker build x.Dockerfile but when I did this, my network resolution started working again. I had a gitlab repository within a VPN network and even on the VPN, it wasn't working. I copied and pasted the gitlab clone url on my local machine (where I was running the docker build) and it worked fine. I did a network prune and then the docker build started working. I'm lost but now I'm found :) thanks! – Matthew Zackschewski Mar 09 '23 at 21:05
  • you just saved my day ! thanks – sdzt9 Aug 04 '23 at 13:49
0

You could try

docker-compose down

That will accomplish the following cleanup for you:

Stop and remove containers, networks, images, and volumes

Jack Senechal
  • 1,600
  • 2
  • 17
  • 20