search

binhex / arch-delugevpn

Docker build script for Arch Linux base with Deluge, Privoxy and OpenVPN
GNU General Public License v3.0
696 stars 112 forks source link

Can't get wireguard PIA json when using podman #375

Open n-hass opened 1 year ago

n-hass commented 1 year ago

Problem

start-script hangs trying to get the JSON config from PIA when using podman

Details

I am trying to move from docker to podman. I have this compose file which works in Docker:

  deluge-vpn:
    image: binhex/arch-delugevpn:latest
    container_name: deluge-vpn
    restart: unless-stopped
    privileged: true
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      - 8112:8112
      - 8118:8118
      - 58846:58846
      - 58946:58946
    volumes:
      - ${ROOT}/deluge/data:/data
      - ${ROOT}/deluge/config:/config
      - ${STAGING}:/downloads
      - /etc/localtime:/etc/localtime:ro
    environment:
      - VPN_ENABLED=yes
      - VPN_USER=${PIA_USER}
      - VPN_PASS=${PIA_PASS}
      - VPN_PROV=pia
      - VPN_CLIENT=wireguard
      - STRICT_PORT_FORWARD=yes
      - ENABLE_PRIVOXY=yes
      - LAN_NETWORK=10.1.26.0/24,10.0.25.0/24
      - NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1
      - DELUGE_ENABLE_WEBUI_PASSWORD=yes
      - VPN_INPUT_PORTS=1234
      - VPN_OUTPUT_PORTS=5678
      - DEBUG=FALSE
      - UMASK=000
      - PUID=${PUID}
      - PGID=${PGID}
    networks:
      - caddy_routing
      - media_net

And I am trying to use the same thing + CAP_ADD net_admin and net_raw and I'm unable to get it working. These are the logs: 

2023-07-27 00:09:17.905063 [info] System information Linux 0da7b1c57a0c 6.2.0-26-generic #26-Ubuntu SMP PREEMPT_DYNAMIC Mon Jul 10 23:39:54 UTC 2023 x86_64 GNU/Linux
2023-07-27 00:09:17.916496 [info] OS_ARCH defined as 'x86-64'
2023-07-27 00:09:17.927779 [info] PUID defined as '1004'
2023-07-27 00:09:17.994391 [info] PGID defined as '1005'
2023-07-27 00:09:18.037218 [info] UMASK defined as '000'
2023-07-27 00:09:18.049487 [info] Permissions already set for '/config'
2023-07-27 00:09:18.061108 [info] Deleting files in /tmp (non recursive)...
2023-07-27 00:09:18.075727 [info] VPN_ENABLED defined as 'yes'
2023-07-27 00:09:18.087829 [info] VPN_CLIENT defined as 'wireguard'
2023-07-27 00:09:18.099226 [info] VPN_PROV defined as 'pia'
2023-07-27 00:09:18.113316 [info] WireGuard config file (conf extension) is located at /config/wireguard/wg0.conf
2023-07-27 00:09:18.135065 [info] VPN_REMOTE_SERVER defined as 'france.privacy.network'
2023-07-27 00:09:18.146517 [info] VPN_REMOTE_PORT defined as '1337'
2023-07-27 00:09:18.156203 [info] VPN_DEVICE_TYPE defined as 'wg0'
2023-07-27 00:09:18.166013 [info] VPN_REMOTE_PROTOCOL defined as 'udp'
modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/6.2.0-26-generic
ip6tables v1.8.9 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
2023-07-27 00:09:18.234114 [warn] ip6tables default policies not available, skipping ip6tables drops
2023-07-27 00:09:18.274746 [info] LAN_NETWORK defined as '10.1.26.0/24,10.0.25.0/24'
2023-07-27 00:09:18.286137 [info] NAME_SERVERS defined as '84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
2023-07-27 00:09:18.297479 [info] VPN_USER defined as 'p1585277'
2023-07-27 00:09:18.308594 [info] VPN_PASS defined as ''
2023-07-27 00:09:18.319690 [info] STRICT_PORT_FORWARD defined as 'no'
2023-07-27 00:09:18.330755 [info] ENABLE_PRIVOXY defined as 'yes'
2023-07-27 00:09:18.343463 [info] VPN_INPUT_PORTS defined as '1234'
2023-07-27 00:09:18.354656 [info] VPN_OUTPUT_PORTS defined as '5678'
2023-07-27 00:09:18.365912 [info] DELUGE_DAEMON_LOG_LEVEL not defined,(via -e DELUGE_DAEMON_LOG_LEVEL), defaulting to 'info'
2023-07-27 00:09:18.377281 [info] DELUGE_WEB_LOG_LEVEL not defined,(via -e DELUGE_WEB_LOG_LEVEL), defaulting to 'info'
2023-07-27 00:09:18.388610 [info] DELUGE_ENABLE_WEBUI_PASSWORD defined as 'yes'
2023-07-27 00:09:18.404781 [info] Starting Supervisor...
2023-07-27 00:09:18,476 INFO Included extra file "/etc/supervisor/conf.d/delugevpn.conf" during parsing
2023-07-27 00:09:18,476 INFO Set uid to user 0 succeeded
2023-07-27 00:09:18,477 INFO supervisord started with pid 2
2023-07-27 00:09:19,479 INFO spawned: 'start-script' with pid 282
2023-07-27 00:09:19,480 INFO spawned: 'watchdog-script' with pid 283
2023-07-27 00:09:19,480 INFO reaped unknown pid 3 (exit status 0)
2023-07-27 00:09:19,481 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2023-07-27 00:09:19,482 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2023-07-27 00:09:19,482 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2023-07-27 00:09:19,483 DEBG 'start-script' stdout output:
[info] Adding 84.200.69.80 to /etc/resolv.conf

2023-07-27 00:09:19,485 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2023-07-27 00:09:19,486 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2023-07-27 00:09:19,488 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2023-07-27 00:09:19,489 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2023-07-27 00:09:19,490 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2023-07-27 00:11:30,501 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 12 retries left
[info] Retrying in 10 secs..

Let me know what more I can provide to assist.

n-hass commented 1 year ago

I've discovered a more granular cause:

Adding the container to multiple networks in a run command or using compose (for my case, eg --net caddy_routing,media_net) will mean the start-script hangs after the line Adding 1.0.0.1 to /etc/resolv.conf. Defining either none or only ONE network will mean the container starts normally. Adding the container to two networks causes the failstate.

I would think maybe this is a subnet overlap issue, but those two networks have subnet 192.168.98.0/24 and 192.168.99.0/24 and both are defined in LAN_NETWORK, which is now: LAN_NETWORK=10.0.0.0/15,192.168.98.0/24,192.168.99.0/24

Skylinar commented 4 months ago

I'm having the same issue but I use Portainer on a VPS. Interesting thing is, that I am using the exact same setup on my Unraid Server at home with PIA and Wireguard and it is working for many years without any problem. Can somebody guide what is the issue here? I am struggling around since 2 days from states of nothing is working to fully working but after reboot again "Unable to successfully download PIA json to generate token for wireguard from URL []" and really can't figure out if this is a DNS resolution issue or a PIA issue etc..