search

cenk1cenk2 / docker-softether-vpnsrv

SoftEther VPN Server with DNSMASQ DHCP Server or bridge mode connection for VPN-to-site setup.
29 stars 15 forks source link

local bridge #36

Closed elsin16 closed 1 year ago

elsin16 commented 1 year ago

Hi! I'm trying to build a container bridge My system: Ubuntu 22.04 Docker Swarm 20.10.21

My compose file:

version: '3.8'
services:
  softether:
    image: cenk1cenk2/softether-vpnsrv:latest-ubuntu
    devices:
      - /dev/net/tun
    cap_add:
      - SETGID
      - SETUID
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE
    restart: always
    network_mode: bridge
    environment:
      SERVER_MODE: 'bridge'
      SOFTETHER_TAP_INTERFACE: 'soft0'
    ports:
      - 53:53
      - 443:443
      - 992:992
      - 1194:1194/udp
      - 5555:5555
      - 8888:8888
      - 500:500/udp
      - 4500:4500/udp
      - 1701:1701/udp
    volumes:
      - '/etc/localtime:/etc/localtime:ro'
      - '/etc/timezone:/etc/timezone:ro'
      - '/docker_local/softether_test:/conf'
    deploy:
      replicas: 1
      placement:
        constraints: [node.hostname==node02]

but when creating a container, an error appears in the logs:

docker-softether-vpnsrv - BUILD.20221205Z1218
---------------------------------------------
[I] [conf:softether] Persistent configuration file found: /conf/vpn_server.config
[I] [postrouting] Created postrouting rules for: 10.0.0.0/24
[W] [interface:tap] open: No such file or directory
[E] [interface:tap] [FAIL] $ ip tuntap add dev tap_soft0 mode tap > exit status 1
[E] [interface:tap] exit status 1
exit status 1

Tell me what I'm doing wrong. How to launch a container?)

cenk1cenk2 commented 1 year ago

Since is failing on trying to create a tap adapter, can you try to execute that ip tuntap add dev tap_soft0 mode tap command directly on the host to see if it is possible.

https://serverfault.com/questions/1003011/openvpn-error-cannot-open-tun-tap-dev-dev-net-tun-no-such-file-or-directory

It might be that the host system does not have the tun device node.

The steps to enable it can also be seen on the container itself as a reference. https://github.com/cenk1cenk2/docker-softether-vpnsrv/blob/5b809e2dc3129569cdf3248c9dac0d8270a44189/Dockerfile-ubuntu#L50

elsin16 commented 1 year ago

As I understand it, Docker Swarm does not know how to handle the Device section, so I moved '/dev/net/tun' to the Volumes section.

version: '3.8'
services:
  softether:
    image: cenk1cenk2/softether-vpnsrv:latest-ubuntu
    cap_add:
      - SETGID
      - SETUID
      - NET_ADMIN
      - NET_RAW
      - NET_BIND_SERVICE
    restart: always
    network_mode: bridge
    environment:
      SERVER_MODE: 'bridge'
      SOFTETHER_TAP_INTERFACE: 'soft0'
    ports:
      - 53:53
      - 443:443
      - 992:992
      - 1194:1194/udp
      - 5555:5555
      - 8888:8888
      - 500:500/udp
      - 4500:4500/udp
      - 1701:1701/udp
    volumes:
      - '/etc/localtime:/etc/localtime:ro'
      - '/etc/timezone:/etc/timezone:ro'
      - '/docker_local/softether_test:/conf'
      - '/dev/net/tun:/dev/net/tun'
    deploy:
      replicas: 1
      placement:
        constraints: [node.hostname==node02]

The container has created a Tap interface, but a new error has appeared

docker-softether-vpnsrv - BUILD.20221206Z1031
---------------------------------------------
[I] [conf:softether] Persistent configuration file found: /conf/vpn_server.config
[I] [postrouting] Created postrouting rules for: 10.0.0.0/24
[I] [interface:tap] Created tap adapter: tap_soft0
[E] [interface:bridge] [FAIL] $ brctl delbr br100 > exec: "brctl": executable file not found in $PATH
[E] [interface:bridge] exec: "brctl": executable file not found in $PATH
[F] [interface:bridge] exec: "brctl": executable file not found in $PATH
[E] [terminate:interface:tap] exec: "brctl": executable file not found in $PATH
[W] [docker-softether-vpnsrv] [terminate] Forcefully terminated since hooks did not finish in time: 1 of 2

probably there is not enough bridge-utils package in the container

cenk1cenk2 commented 1 year ago

Docker Swarm might do that due to clustered approach possibly so makes sense.

Great that is interesting that it works without the kernel module but also makes a bit sense.

Ubuntu container came as a pull request so i suppose I have not checked it properly in bridge mode. So it would be as easy as adding the missing package hopefully.

elsin16 commented 1 year ago

Thanks for the quick answers! Now the isc-dhcp-client is missing :)

docker-softether-vpnsrv - BUILD.20221206Z1150
---------------------------------------------
[I] [conf:softether] Persistent configuration file found: /conf/vpn_server.config
[I] [postrouting] Created postrouting rules for: 172.23.168.0/23
[I] [interface:tap] Created tap adapter: tap_soft
[I] [interface:bridge] Created bridge adapter: br100 -> tap_soft eth0
[E] [interface:bridge:dhcp] [FAIL] $ dhclient -v br100 > exec: "dhclient": executable file not found in $PATH
[E] [interface:bridge:dhcp] exec: "dhclient": executable file not found in $PATH
[F] [interface:bridge:dhcp] exec: "dhclient": executable file not found in $PATH
[E] [terminate:interface:tap] exec: "dhclient": executable file not found in $PATH
[W] [docker-softether-vpnsrv] [terminate] Forcefully terminated since hooks did not finish in time: 1 of 2
cenk1cenk2 commented 1 year ago

As a quickfix added a new build. Sorry that did not have enough time to properly test everything.

cenk1cenk2 commented 1 year ago

If that resolved the given issue, I can close this for now.