search

binhex / arch-privoxyvpn

Docker build script for Arch Linux base with Privoxy and OpenVPN
GNU General Public License v3.0
105 stars 25 forks source link

PrivoxyVPN not forwarding port 8118 as expected #26

Open n1nj4888 opened 1 year ago

n1nj4888 commented 1 year ago

Hi There,

Until recently privoxyVPN worked great on my Ubuntu 20.04 swarm setup. I recently upgraded to Ubuntu 22.04 and I'm not sure whether that is a factor in this but now I can't seem to contact the privoxy server on port 8118 from outside the container.

Whilst netstat reports port 8118 as listening on the node, it is not contactable outside of the container, either directly on the host node or from across the network.

(1) Running the following on the node itself (outside the container) returns results instantly with the correct (non-VPN) info:

curl http://ipinfo.io
{
  "ip": "x.x.x.x",
  "city": "XYZ",
  "region": "XYZ",
  "country": "XYZ",
  "loc": "XYZ,XYZ",
  "org": "XYZ",
  "postal": "XYZ",
  "timezone": "XYZ",
  "readme": "https://ipinfo.io/missingauth"
}

(2) If I try to curl the same address via the privoxyvpn container, it just hangs and nothing is returned until I CTRL+C to exit the command:

curl http://ipinfo.io -x http://localhost:8118

(3) If I run the same commands (1) and (2) above but from within the privoxy container, they both return instantly with the IP details of the VPN connection/location.

Any ideas what might be going wrong here?

n1nj4888 commented 1 year ago

I've done some more investigation into this, and it seems to be because when launched in a docker swarm network, the container only binds port 8118 to IPV6 and not IPv4?

For example, when deploying the container as a docker swarm service, I see the following:

docker container inspect privoxyvpn_privoxyvpn.1.o2fwlr43yqvm9bu3ny6fbnpyq
[
...
            "ExposedPorts": {
                "8118/tcp": {}
            },
...
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "8850324505f29210aa4b68464e271844f3254284c0920074bb9766db427b5dfa",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "8118/tcp": null
            },
...
]

And netstat only shows the container listening on IPV6:

netstat -a | grep 8118
tcp6       0      0 [::]:8118               [::]:*                  LISTEN

But if I run the same commands on the container started with docker-compose I see:

docker container inspect swarm-services_privoxyvpn_1
[
    {
...
        "Config": {
            "Hostname": "d8de4e8d03b0",
            "Domainname": "",
            "User": "",
            "AttachStdin": false,
            "AttachStdout": false,
            "AttachStderr": false,
            "ExposedPorts": {
                "8118/tcp": {},
                "9118/tcp": {}
            },
...
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "d9bca3b7e91c323275f3127c98ede9f884d7050295fcb6d19a84c24f8da512f6",
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "Ports": {
                "8118/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "8118"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "8118"
                    }
                ],
                "9118/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "9118"
                    },
                    {
                        "HostIp": "::",
                        "HostPort": "9118"
                    }
                ]
            },
...
]

And netstat shows that the container started under docker-compose is listening on BOTH IPv4 and IPv6?

netstat -a | grep 8118
tcp        0      0 0.0.0.0:8118            0.0.0.0:*               LISTEN
tcp6       0      0 [::]:8118               [::]:*                  LISTEN
n1nj4888 commented 1 year ago

Some more information using curl -v from the host shows that the host does connect to the privoxyvpn container proxy on ipv6 port 8118, but then just hangs?

curl -v http://ipinfo.io -x http://localhost:8118
*   Trying 127.0.0.1:8118...
*   Trying ::1:8118...
* Connected to (nil) (::1) port 8118 (#0)
> GET http://ipinfo.io/ HTTP/1.1
> Host: ipinfo.io
> User-Agent: curl/7.81.0
> Accept: */*
> Proxy-Connection: Keep-Alive
>