search

amnezia-vpn / amnezia-client

Amnezia VPN Client (Desktop+Mobile)
https://amnezia.org
GNU General Public License v3.0
4.47k stars 291 forks source link

The alpine image version update caused Openvpn to fail to forward packets correctly #74

Closed unlimited996 closed 2 years ago

unlimited996 commented 2 years ago

Due to the removal of the built-in iptables after the base image was updated to alpine:3.16, the openvpn container that pulled the latest version of the image could not forward the packet correctly.

unlimited996 commented 2 years ago

X7N7TJCZ CMIZTG720J}2}3

pokamest commented 2 years ago

Thank you for reporting! Can you propose solution for that?

40OIL commented 2 years ago

maybe instead of "FROM alpine:latest" specify a specific previous version and rebuild EXE?

unlimited996 commented 2 years ago

maybe instead of "FROM alpine:latest" specify a specific previous version and rebuild EXE?

Yes, using "FROM alpine:3.15" can generate the correct image, but I recommend that the image be pulled from your own image repository to avoid such problems caused by major changes to the official image version

40OIL commented 2 years ago

Can you rebuild the "temporary release" of amnesia with these changes? Well, so that you can put a working server now? And then neither Travis Ci nor Qt Creator does not work for me, and the google does not help ... Or somewhere you can correct these scripts immediately on the server?

unlimited996 commented 2 years ago

Can you rebuild the "temporary release" of amnesia with these changes? Well, so that you can put a working server now? And then neither Travis Ci nor Qt Creator does not work for me, and the google does not help ... Or somewhere you can correct these scripts immediately on the server?

I don't understand how to fix that ,now I use kylemanna/openvpn:2.4 image to use openVpn before fixed 1.docker pull kylemanna/openvpn:2.4 2.mkdir -p /data/openvpn 3.docker run -v /data/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_genconfig -u udp://39.104.162.245 【server IP】 4.docker run -v /data/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 ovpn_initpki
Enter PEM pass phrase:12345678【need remember private key,multiple inputs are required later】 Common Name (eg: your user, host, or server name) [Easy-RSA CA]: 【or Enter to skip】 5.docker run -v /data/openvpn:/etc/openvpn --rm -it kylemanna/openvpn:2.4 easyrsa build-client-full whsir nopass 6.mkdir -p /data/openvpn/conf 7.docker run -v /data/openvpn:/etc/openvpn --rm kylemanna/openvpn:2.4 ovpn_getclient whsir > /data/openvpn/conf/whsir.ovpn 8.docker run --name openvpn -v /data/openvpn:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn:2.4 9.iptables-save > /etc/sysconfig/iptables 10.systemctl stop firewalld.service 11.systemctl disable firewalld.service 12.yum -y install iptables-services net-tools 13.systemctl enable iptables.service 14.vi /etc/sysconfig/iptables 【add at the bottom before COMMIT】 -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited 15.systemctl restart iptables 16.download /data/openvpn/conf/whsir.ovpn

then you can use whsir.ovpn to connect to openvpn

pokamest commented 2 years ago

Fixed in 2.0.10 https://github.com/amnezia-vpn/desktop-client/releases/edit/2.0.10