search

binhex / arch-delugevpn

Docker build script for Arch Linux base with Deluge, Privoxy and OpenVPN
GNU General Public License v3.0
695 stars 112 forks source link

Fatal error trying to load ip6_tables kernel module #353

Closed dismantl closed 1 year ago

dismantl commented 1 year ago

I've been successfully using this Docker image for years without issue (thanks for your work!), but this morning the container died and went into a reboot cycle, each time crashing just seconds after it starts up. I set the log levels to debug, but there's wasn't any indication what was killing it. When I tried creating the container and running the init script manually, I noticed it hits a fatal error complaining about not being able to load the ip6_tables kernel module. Strangely, if I then run the script a second time within the same container, it doesn't complain about a missing kernel module but all of a sudden DNS resolution stops working.

$ docker run -it --env-file debug.env --cap-add NET_ADMIN -v /srv/media/downloads:/data -v /srv/media/delugevpn:/config -v ./openvpn:/config/openvpn -v /etc/localtime:/etc/localtime:ro binhex/arch-delugevpn bash
[root@94daa1148042 /]# /usr/local/bin/init.sh
Created by...
___.   .__       .__
\_ |__ |__| ____ |  |__   ____ ___  ___
 | __ \|  |/    \|  |  \_/ __ \\  \/  /
 | \_\ \  |   |  \   Y  \  ___/ >    <
 |___  /__|___|  /___|  /\___  >__/\_ \
     \/        \/     \/     \/      \/
   https://hub.docker.com/u/binhex/

2023-02-14 11:45:03.726387 [info] System information Linux 94daa1148042 4.19.0-19-amd64 #1 SMP Debian 4.19.232-1 (2022-03-07) x86_64 GNU/Linux
2023-02-14 11:45:03.769089 [info] OS_ARCH defined as 'x86-64'
2023-02-14 11:45:03.831606 [info] PUID defined as '1000'
2023-02-14 11:45:03.926798 [info] PGID defined as '1000'
2023-02-14 11:45:03.994032 [info] UMASK defined as '000'
2023-02-14 11:45:04.034505 [info] Permissions already set for '/config'
2023-02-14 11:45:04.079248 [info] Deleting files in /tmp (non recursive)...
2023-02-14 11:45:04.155733 [info] VPN_ENABLED defined as 'yes'
2023-02-14 11:45:04.221282 [warn] VPN_CLIENT not defined (via -e VPN_CLIENT), defaulting to 'openvpn'
2023-02-14 11:45:04.285991 [info] VPN_PROV defined as 'pia'
2023-02-14 11:45:04.358115 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/CA Toronto.ovpn
2023-02-14 11:45:04.475400 [info] VPN remote server(s) defined as 'ca-toronto.privacy.network,'
2023-02-14 11:45:04.534306 [info] VPN remote port(s) defined as '1198,'
2023-02-14 11:45:04.594277 [info] VPN remote protcol(s) defined as 'udp,'
2023-02-14 11:45:04.660736 [info] VPN_DEVICE_TYPE defined as 'tun0'
2023-02-14 11:45:04.725634 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2023-02-14 11:45:04.803909 [debug] DNS operational, we can resolve name 'ca-toronto.privacy.network' to address '149.36.49.185 179.61.197.231 179.61.197.254'
2023-02-14 11:45:04.882766 [debug] DNS operational, we can resolve name 'www.privateinternetaccess.com' to address '104.16.41.63 104.16.42.63'
2023-02-14 11:45:04.965142 [debug] DNS operational, we can resolve name 'serverlist.piaservers.net' to address '104.17.108.63 104.17.107.63'
modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/4.19.0-19-amd64

[root@94daa1148042 /]# ls /lib/modules
ls: cannot access '/lib/modules': No such file or directory
[root@94daa1148042 /]# /usr/local/bin/init.sh
Created by...
___.   .__       .__
\_ |__ |__| ____ |  |__   ____ ___  ___
 | __ \|  |/    \|  |  \_/ __ \\  \/  /
 | \_\ \  |   |  \   Y  \  ___/ >    <
 |___  /__|___|  /___|  /\___  >__/\_ \
     \/        \/     \/     \/      \/
   https://hub.docker.com/u/binhex/

2023-02-14 11:45:23.007580 [info] System information Linux 94daa1148042 4.19.0-19-amd64 #1 SMP Debian 4.19.232-1 (2022-03-07) x86_64 GNU/Linux
2023-02-14 11:45:23.074198 [info] OS_ARCH defined as 'x86-64'
2023-02-14 11:45:23.139371 [info] PUID defined as '1000'
2023-02-14 11:45:23.207062 [info] PGID defined as '1000'
2023-02-14 11:45:23.255622 [info] UMASK defined as '000'
2023-02-14 11:45:23.316592 [info] Permissions already set for '/config'
2023-02-14 11:45:23.381558 [info] Deleting files in /tmp (non recursive)...
2023-02-14 11:45:23.457239 [info] VPN_ENABLED defined as 'yes'
2023-02-14 11:45:23.519799 [warn] VPN_CLIENT not defined (via -e VPN_CLIENT), defaulting to 'openvpn'
2023-02-14 11:45:23.584927 [info] VPN_PROV defined as 'pia'
2023-02-14 11:45:23.651799 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/CA Toronto.ovpn
2023-02-14 11:45:23.737503 [info] VPN remote server(s) defined as 'ca-toronto.privacy.network,'
2023-02-14 11:45:23.772834 [info] VPN remote port(s) defined as '1198,'
2023-02-14 11:45:23.832061 [info] VPN remote protcol(s) defined as 'udp,'
2023-02-14 11:45:23.899457 [info] VPN_DEVICE_TYPE defined as 'tun0'
2023-02-14 11:45:23.964500 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
Error: error sending query: Could not send or receive, because of network error
2023-02-14 11:45:39.032169 [debug] Having issues resolving name 'ca-toronto.privacy.network', sleeping before retry...
Error: error sending query: Could not send or receive, because of network error
2023-02-14 11:45:59.110246 [debug] Having issues resolving name 'ca-toronto.privacy.network', sleeping before retry...
Error: error sending query: Could not send or receive, because of network error
2023-02-14 11:46:19.191689 [debug] Having issues resolving name 'ca-toronto.privacy.network', sleeping before retry...
Error: error sending query: Could not send or receive, because of network error
2023-02-14 11:46:39.272384 [debug] Having issues resolving name 'ca-toronto.privacy.network', sleeping before retry...
Error: error sending query: Could not send or receive, because of network error
2023-02-14 11:46:59.335865 [debug] Having issues resolving name 'ca-toronto.privacy.network', sleeping before retry...
Error: error sending query: Could not send or receive, because of network error
2023-02-14 11:47:19.420266 [debug] Having issues resolving name 'ca-toronto.privacy.network', sleeping before retry...
Error: error sending query: Could not send or receive, because of network error
2023-02-14 11:47:39.504243 [debug] Having issues resolving name 'ca-toronto.privacy.network', sleeping before retry...
^C
[root@94daa1148042 /]# ls /lib/modules
ls: cannot access '/lib/modules': No such file or directory
[root@94daa1148042 /]# lsmod | grep ip
iptable_filter         16384  0
ipt_MASQUERADE         16384  38
nft_chain_nat_ipv4     16384  136
nf_nat_ipv4            16384  2 ipt_MASQUERADE,nft_chain_nat_ipv4
nf_nat                 36864  2 nf_nat_ipv4,xt_nat
nf_conntrack          172032  6 xt_conntrack,nf_nat,ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_conntrack_netlink
nf_defrag_ipv6         20480  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
nf_tables             143360  1976 nft_compat,nft_chain_nat_ipv4,nft_counter
ipmi_ssif              32768  0
ipmi_si                65536  0
ipmi_devintf           20480  0
ipmi_msghandler        65536  3 ipmi_devintf,ipmi_si,ipmi_ssif
iptable_mangle         16384  0
ip_tables              28672  2 iptable_filter,iptable_mangle
x_tables               45056  10 xt_conntrack,iptable_filter,nft_compat,xt_tcpudp,ipt_MASQUERADE,xt_addrtype,xt_nat,ip_tables,iptable_mangle,xt_mark
algif_skcipher         16384  0
af_alg                 28672  1 algif_skcipher

All the other containers I'm running on my server aren't having network problems, it seems localized to this. Here's the environment variables I set for the container:

VPN_ENABLED=yes
VPN_USER=<redacted>
VPN_PASS=<redacted>
VPN_PROV=pia
ENABLE_PRIVOXY=yes
LAN_NETWORK=192.168.2.2
DEBUG=false
PUID=1000
PGID=1000
UMASK=000
STRICT_PORT_FORWARD=no
DELUGE_DAEMON_LOG_LEVEL=debug
DELUGE_WEB_LOG_LEVEL=debug
DEBUG=true
nsc80 commented 1 year ago

All of a sudden log hangs at 2023-02-15 10:41:15.165171 [debug] ip6tables kernel module available, setting policy to drop... If I disable VPN, I can access deluge Webui. I think it might be related with your problem. Tried several diferent servers in wg0.conf with no success.

binhex commented 1 year ago

@dismantl see this issue:- https://github.com/binhex/arch-delugevpn/issues/352 it looks to be resolved.

@nsc80 please raise a new issue for this, full log please minus credentials

nsc80 commented 1 year ago

Seems #352 solution also solved my issue. Pulled latest and it's running. Thanks

binhex commented 1 year ago

Ah wonderful! Should fix you up as well @dismantl

dismantl commented 1 year ago

Pulled the latest image and all is working again. Thanks!