search

cenk1cenk2 / docker-softether-vpnsrv

SoftEther VPN Server with DNSMASQ DHCP Server or bridge mode connection for VPN-to-site setup.
29 stars 15 forks source link

[F] [health:ping] socket: permission denied #27

Closed zhfish closed 1 year ago

zhfish commented 1 year ago

docker-compose.yaml

version: '3.7'
services:
  softether-vpnsrv:
    image: cenk1cenk2/softether-vpnsrv:latest
    env_file: ./env
    devices:
      - /dev/net/tun
    ports:
      - 5555:5555/tcp
    network_mode: bridge
    user: "0:0"
    privileged: true
    restart: always
    volumes:
      - ./conf:/conf
      - ./logs/server:/etc/softether/server_log
      - ./logs/security:/etc/softether/security_log
      - ./logs/packet:/etc/softether/packet_log
    cap_add:
      - SETGID
      - SETUID
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE

env

TZ=Asia/Shanghai
LOG_LEVEL=INFO
SERVER_MODE=dhcp

log

Creating vpn_softether-vpnsrv_1 ... done
Attaching to vpn_softether-vpnsrv_1
softether-vpnsrv_1  | docker-softether-vpnsrv - BUILD.20220921Z1407
softether-vpnsrv_1  | ---------------------------------------------
softether-vpnsrv_1  | [W] [conf:softether] SoftEtherVPN server configuration file generated: /conf/vpn_server.config
softether-vpnsrv_1  | [I] [conf:dnsmasq] DHCP server configuration file generated: /conf/dnsmasq.conf
softether-vpnsrv_1  | [I] [postrouting] Created postrouting rules for: 10.0.0.0/24
softether-vpnsrv_1  | [I] [interface:tap] Created tap adapter: tap_soft
softether-vpnsrv_1  | [I] [dnsmasq] Started DNSMASQ DHCP server.
softether-vpnsrv_1  | [I] [softether] Started SoftEtherVPN server.
softether-vpnsrv_1  | [F] [health:ping] socket: permission denied
softether-vpnsrv_1  | [W] Running termination tasks...
softether-vpnsrv_1  | panic: interface conversion: interface {} is *os.SyscallError, not string
softether-vpnsrv_1  |
softether-vpnsrv_1  | goroutine 19 [running]:
softether-vpnsrv_1  | gitlab.kilic.dev/libraries/plumber/v3.(*TaskList[...]).handleFloc(0xc0003b3230?, 0x774760?, {0x6bb9e0?, 0xc0003d9100?})
softether-vpnsrv_1  |   /go/pkg/mod/gitlab.kilic.dev/libraries/plumber/v3@v3.20.1/task-list.go:179 +0xb3
softether-vpnsrv_1  | gitlab.kilic.dev/libraries/plumber/v3.(*TaskList[...]).RunJobs(0x964100, 0xc000319bc0)
softether-vpnsrv_1  |   /go/pkg/mod/gitlab.kilic.dev/libraries/plumber/v3@v3.20.1/task-list.go:169 +0x85
softether-vpnsrv_1  | gitlab.kilic.dev/libraries/plumber/v3.(*Task[...]).RunSubtasks(0xc000319bc0)
softether-vpnsrv_1  |   /go/pkg/mod/gitlab.kilic.dev/libraries/plumber/v3@v3.20.1/task.go:192 +0x32
softether-vpnsrv_1  | github.com/cenk1cenk2/docker-softether-vpnsrv/pipe.Terminate.func3(0xc000319bc0)
softether-vpnsrv_1  |   /builds/docker/softether-vpnsrv/pipe/terminate.go:41 +0x2c
softether-vpnsrv_1  | gitlab.kilic.dev/libraries/plumber/v3.(*Task[...]).Run(0xc000319bc0?)
softether-vpnsrv_1  |   /go/pkg/mod/gitlab.kilic.dev/libraries/plumber/v3@v3.20.1/task.go:338 +0x163
softether-vpnsrv_1  | gitlab.kilic.dev/libraries/plumber/v3.(*Task[...]).Job.func2.2({0xc000054060?, 0xc000080d18?})
softether-vpnsrv_1  |   /go/pkg/mod/gitlab.kilic.dev/libraries/plumber/v3@v3.20.1/floc.go:76 +0x1b
softether-vpnsrv_1  | github.com/workanator/go-floc/v3/guard.Resume.func2({0x774718, 0xc0003b3230}, {0x774760, 0xc00037f600})
softether-vpnsrv_1  |   /go/pkg/mod/github.com/workanator/go-floc/v3@v3.0.1/guard/resume.go:56 +0x216
softether-vpnsrv_1  | github.com/workanator/go-floc/v3/run.If.func1({0x774718, 0xc0003b3230}, {0x774760, 0xc00037f600?})
softether-vpnsrv_1  |   /go/pkg/mod/github.com/workanator/go-floc/v3@v3.0.1/run/if.go:47 +0xb3
softether-vpnsrv_1  | github.com/workanator/go-floc/v3/run.Background.func1.1(0x0?)
softether-vpnsrv_1  |   /go/pkg/mod/github.com/workanator/go-floc/v3@v3.0.1/run/background.go:43 +0x3a
softether-vpnsrv_1  | created by github.com/workanator/go-floc/v3/run.Background.func1
softether-vpnsrv_1  |   /go/pkg/mod/github.com/workanator/go-floc/v3@v3.0.1/run/background.go:42 +0x110
cenk1cenk2 commented 1 year ago

Hey @zhfish ,

This seems to be coming from the operating system itself not allowing the socket binding even though there is netraw.

I suppose you can remove the privileged container since it is enough to add the capabilities. For the user part you do also not need it since it already runs as root.

If you can not find a solution, I can add a flag to disable ping health check.

zhfish commented 1 year ago

i run it on centos7 in openstack, in my other docker container, ping is ok. please do,i want to temporary disable ping health check

cenk1cenk2 commented 1 year ago

Hey @zhfish ,

I have just added the related flag.

After the build finishes it should be good to go.

zhfish commented 1 year ago

thx a lot~

cenk1cenk2 commented 1 year ago

No problem. Glad it resolved the issue.