search

DyonR / docker-Jackettvpn

Docker container which runs a headless Jackett Server with an optional WireGuard or OpenVPN connection
https://hub.docker.com/r/dyonr/jackettvpn/
GNU General Public License v3.0
68 stars 32 forks source link

Container loses connectivity #65

Open silverbullettruck2001 opened 2 years ago

silverbullettruck2001 commented 2 years ago

When I start a container the pod starts, but after it connects to the VPN it can no longer be accessible from the LAN. I have tried setting the VPN_ENABLED to false and then it works fine. Any suggestions on what to tweak to make this work correctly?

I have the following setup for the container config:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: jackett-vpn
  namespace: default
  labels:
    app: jackett-vpn
spec:
  replicas: 1
  selector:
    matchLabels:
      app: jackett-vpn
  template:
    metadata:
      labels:
        app: jackett-vpn
    spec:
      volumes:
        - name: jackett-vpn-pv-storage
          persistentVolumeClaim:
            claimName: media-nfs-pv-claim
        - name: tz-config
          hostPath:
            path: /etc/localtime
            type: File
      containers:
        - name: jackett
          image: 'docker-jackett-openvpn-new:local'
          env:
            - name: VPN_ENABLED
              value: "yes"
            - name: PGID
              value: "1000"
            - name: PUID
              value: "1000"
            - name: VPN_CONFIG
              value: "/config"
            - name: LAN_NETWORK
              value: 192.168.0.1/24
            - name: HEALTH_CHECK_SILENT
              value: "0"
            - name: HEALTH_CHECK_INTERVAL
              value: "120"
          ports:
            - containerPort: 9117
          volumeMounts:
            - name: jackett-vpn-pv-storage
              mountPath: /config
              subPath: jackett-config
            - name: tz-config
              mountPath: /etc/localtime
          securityContext:
            allowPrivilegeEscalation: true
            capabilities:
              add:
                - NET_ADMIN
            privileged: true
          imagePullPolicy: IfNotPresent
      restartPolicy: Always
      hostNetwork: true
      dnsPolicy: ClusterFirstWithHostNet
      nodeSelector:
        dataNetworkEnabled: 'true'

here's the logs that I can capture before the pod is inaccessible:


2022-03-09 21:11:27.480436 [INFO] VPN_ENABLED defined as 'yes'
2022-03-09 21:11:27.568609 [INFO] DISABLE_IPV6 is set to ''
2022-03-09 21:11:27.649393 [INFO] Disabling IPv6 in sysctl
2022-03-09 21:11:27.757490 [WARNING] VPN_TYPE not set, defaulting to OpenVPN.
2022-03-09 21:11:27.978328 [INFO] OpenVPN config file is found at /config/openvpn/CAOpenVPN.ovpn
dos2unix: converting file /config/openvpn/CAOpenVPN.ovpn to Unix format...
2022-03-09 21:11:28.235862 [INFO] VPN remote line defined as 'ca-montreal.privacy.network 501'
2022-03-09 21:11:28.327202 [INFO] VPN_REMOTE defined as 'ca-montreal.privacy.network'
2022-03-09 21:11:28.416041 [INFO] VPN_PORT defined as '501'
2022-03-09 21:11:28.514643 [INFO] VPN_PROTOCOL defined as 'tcp'
2022-03-09 21:11:28.613683 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2022-03-09 21:11:28.703296 [INFO] LAN_NETWORK defined as '192.168.0.1/24'
2022-03-09 21:11:28.792828 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
2022-03-09 21:11:28.882776 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2022-03-09 21:11:28.976471 [INFO] Adding 1.1.1.1 to resolv.conf
2022-03-09 21:11:29.067480 [INFO] Adding 8.8.8.8 to resolv.conf
2022-03-09 21:11:29.156572 [INFO] Adding 1.0.0.1 to resolv.conf
2022-03-09 21:11:29.245519 [INFO] Adding 8.8.4.4 to resolv.conf
2022-03-09 21:11:29.326266 [INFO] Starting OpenVPN...
Wed Mar 9 21:11:29 2022 WARNING: file 'pass.txt' is group or others accessible
Wed Mar 9 21:11:29 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Wed Mar 9 21:11:29 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Mar 9 21:11:29 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.71.109:501
Wed Mar 9 21:11:29 2022 Attempting to establish TCP connection with [AF_INET]172.98.71.109:501 [nonblock]
Wed Mar 9 21:11:30 2022 TCP connection established with [AF_INET]172.98.71.109:501
Wed Mar 9 21:11:30 2022 TCP_CLIENT link local: (not bound)
Wed Mar 9 21:11:30 2022 TCP_CLIENT link remote: [AF_INET]172.98.71.109:501
Wed Mar 9 21:11:30 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Mar 9 21:11:31 2022 [montreal402] Peer Connection Initiated with [AF_INET]172.98.71.109:501
Wed Mar 9 21:11:32 2022 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Wed Mar 9 21:11:32 2022 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Wed Mar 9 21:11:32 2022 TUN/TAP device tun0 opened
Wed Mar 9 21:11:32 2022 /sbin/ip link set dev tun0 up mtu 1500
Wed Mar 9 21:11:32 2022 /sbin/ip addr add dev tun0 10.43.19.3/24 broadcast 10.43.19.255
Wed Mar 9 21:11:32 2022 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Wed Mar 9 21:11:32 2022 Initialization Sequence Completed