Container status unhealthy, curl can't resolve host

[trohnjavolta]

Hello, from my understanding this issue section on github is rather for submitting bugs than asking for help with the setup. But I read other issues where you helped people so maybe you can also help me.

I'm pretty new to docker, also I'm no linux expert. I use dockstarter.com which is a script to install and setup docker+ containers and certain variables, as far as I understood. So maybe my setup is a bit different to others.

I have the following in my docker-compose.override.yml file:

vpn:
    container_name: vpn
    image: dperson/openvpn-client:armhf
    cap_add:
      - net_admin
    environment:
      - PGID=${PGID}
      - PUID=${PUID}
      - TZ:'EST5EDT'
      - DNS:'8.8.4.4'
    networks:
      - default
    read_only: true
    tmpfs:
      - /run
      - /tmp
    restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    volumes:
      - /dev/net:/dev/net:z
      - /home/dluser/.docker/config/vpn:/vpn

In /vpn dir I have my .ovpn file. I set up a ovpn client before so I made sure to add a line for logfile dir. Looking into log file I can confirm that the ovpn client connection is successful. So far so good.

For testing I try hydra2 container. docker-compose.override file part for hydra looks like this:

hydra2:
    depends_on:
    - vpn
    stdin_open: true
    tty: true

At first I also added network_mode: "service:vpn" but compose fails because a port is already specified in the .env file. So I changed .env file, this is hydra2 part:

### HYDRA2
HYDRA2_ENABLED=true
HYDRA2_NETWORK_MODE=service:vpn
HYDRA2_PORT_5076=5076

Now in hydra2 container console I issue: curl ifconfig.io to check IP but I get: curl: (6) Could not resolve host: ifconfig.io Same inside vpn container. And in portainer I can see that vpn container has status unhealthy. I don't know how to troubleshoot this. Can you help me? Maybe I missed sth. crucial.

[dperson]

I'm not really familiar with hydra, and have a few questions:

1. Can you include the docker logs <container_name> output for both containers, please?

2. If you removed the network_mode: "service:vpn" from hydra, how are the 2 containers connected? IE how do you have you configured the network traffic from hydra to go to the openvpn container?

[dperson]

My current understanding from what you've sent is that the networking between the 2 containers is not connected, and that the reason they are both having issues is that dockstarter.com has configured the default network to not have access to the outside world.

Setting up docker networking is past the overall scope of what I'd like to support, but the site should have documentation on how to setup a docker network that can access the internet. If not, I'd recommend the main docker compose networking documentation.

[trohnjavolta]

1. Can you include the docker logs <container_name> output for both containers, please?

   
   [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
   ,[s6-init] ensuring user provided files have correct perms...exited 0.
   ,[fix-attrs.d] applying ownership & permissions fixes...
   ,[fix-attrs.d] done.
   ,[cont-init.d] executing container initialization scripts...
   ,[cont-init.d] 10-adduser: executing... 
   ,
   ,-------------------------------------
   ,          _         ()
   ,         | |  ___   _    __
   ,         | | / __| | |  /  \ 
   ,         | | \__ \ | | | () |
   ,         |_| |___/ |_|  \__/
   ,
   ,
   ,Brought to you by linuxserver.io
   ,We gratefully accept donations at:
   ,https://www.linuxserver.io/donate/
   ,-------------------------------------
   ,GID/UID
   ,-------------------------------------
   ,
   ,User uid:    1000
   ,User gid:    1003
   ,-------------------------------------
   ,
   ,[cont-init.d] 10-adduser: exited 0.
   ,[cont-init.d] 30-config: executing... 
   ,[cont-init.d] 30-config: exited 0.
   ,[cont-init.d] done.
   ,[services.d] starting services
   ,[services.d] done.
   ,Logging wrapper output to /config/logs/wrapper.log
   ,2018-12-15 11:13:39,631  INFO - Determined java version as '10' from version string 'openjdk version "10.0.2" 2018-07-17'
   ,2018-12-15 11:13:39,633  INFO - Starting NZBHydra main process with command line: java -Xmx256M -DfromWrapper -XX:TieredStopAtLevel=1 -noverify -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/config/logs -Xlog:gc*:file=../../config/logs/gclog-2018-12-15_11-13-39.log::filecount=10,filesize=5000 -Dspring.output.ansi.enabled=ALWAYS -jar /app/hydra2/lib/core-2.0.24-exec.jar --nobrowser --datafolder /config in folder /app/hydra2
   ,11:13:44.876 [main] DEBUG org.springframework.core.env.StandardEnvironment - Adding PropertySource 'systemProperties' with lowest search precedence
   ,11:13:44.908 [main] DEBUG org.springframework.core.env.StandardEnvironment - Adding PropertySource 'systemEnvironment' with lowest search precedence
   ,11:13:44.913 [main] DEBUG org.springframework.core.env.StandardEnvironment - Initialized StandardEnvironment with PropertySources [MapPropertySource@17764625 {name='systemProperties', properties={awt.toolkit=sun.awt.X11.XToolkit, java.specification.version=10, file.encoding.pkg=sun.io, sun.cpu.isalist=, sun.jnu.encoding=UTF-8, java.class.path=/app/hydra2/lib/core-2.0.24-exec.jar, java.vm.vendor=Oracle Corporation, sun.arch.data.model=32, java.vendor.url=http://java.oracle.com/, user.timezone=Europe/Vienna, nzbhydra.dataFolder=/config, os.name=Linux, java.vm.specification.version=10, sun.java.launcher=SUN_STANDARD, user.country=US, sun.boot.library.path=/usr/lib/jvm/java-11-openjdk-armhf/lib, sun.java.command=/app/hydra2/lib/core-2.0.24-exec.jar --nobrowser --datafolder /config, jdk.debug=release, sun.cpu.endian=little, user.home=/config, user.language=en, java.specification.vendor=Oracle Corporation, java.version.date=2018-07-17, java.home=/usr/lib/jvm/java-11-openjdk-armhf, file.separator=/, spring.output.ansi.enabled=ALWAYS, line.separator=
   ,, java.specification.name=Java Platform API Specification, java.vm.specification.vendor=Oracle Corporation, java.awt.graphicsenv=sun.awt.X11GraphicsEnvironment, fromWrapper=, java.protocol.handler.pkgs=org.springframework.boot.loader, sun.management.compiler=HotSpot Tiered Compilers, java.runtime.version=10.0.2+13-Ubuntu-1ubuntu0.18.04.4, user.name=abc, path.separator=:, os.version=4.14.78-odroidxu4, java.runtime.name=OpenJDK Runtime Environment, file.encoding=UTF-8, java.vm.name=OpenJDK Server VM, java.vendor.url.bug=http://bugreport.java.com/bugreport/, java.io.tmpdir=/tmp, java.version=10.0.2, user.dir=/app/hydra2, os.arch=arm, java.vm.specification.name=Java Virtual Machine Specification, java.awt.printerjob=sun.print.PSPrinterJob, sun.os.patch.level=unknown, java.library.path=/usr/java/packages/lib:/usr/lib/arm-linux-gnueabihf/jni:/lib/arm-linux-gnueabihf:/usr/lib/arm-linux-gnueabihf:/usr/lib/jni:/lib:/usr/lib, java.vendor=Oracle Corporation, java.vm.info=mixed mode, java.vm.version=10.0.2+13-Ubuntu-1ubuntu0.18.04.4, sun.io.unicode.encoding=UnicodeLittle, java.class.version=54.0}}, SystemEnvironmentPropertySource@29591240 {name='systemEnvironment', properties={PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin, LANGUAGE=en_US.UTF-8, PUID=1000, TZ=Europe/Vienna, TERM=xterm, OLDPWD=/run/s6/services/nzbhydra2, LANG=en_US.UTF-8, CWD=/, HOSTNAME=8f42a6a8d167, PGID=1003, PWD=/app/hydra2, SHLVL=0, HOME=/root}}]
   ,11:13:45.010 [main] DEBUG org.springframework.core.io.support.PathMatchingResourcePatternResolver - Resolved classpath location [org/nzbhydra/config/migration/] to resources [URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/]]
   ,11:13:45.014 [main] DEBUG org.springframework.core.io.support.PathMatchingResourcePatternResolver - Looking for matching resources in jar file [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes]
   ,11:13:45.101 [main] DEBUG org.springframework.core.io.support.PathMatchingResourcePatternResolver - Resolved location pattern [classpath*:org/nzbhydra/config/migration/**/*.class] to resources [URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigrationStep004to005.class], URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigration$1.class], URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigration.class], URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigrationStep.class], URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigrationStep003to004.class]]
   ,11:13:45.213 [main] DEBUG org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider - Identified candidate component class: URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigrationStep004to005.class]
   ,11:13:45.231 [main] DEBUG org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider - Ignored because not a concrete top-level class: URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigrationStep.class]
   ,11:13:45.233 [main] DEBUG org.springframework.context.annotation.ClassPathScanningCandidateComponentProvider - Identified candidate component class: URL [jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/classes!/org/nzbhydra/config/migration/ConfigMigrationStep003to004.class]
   ,11:13:45.946 [main] DEBUG org.nzbhydra.NzbHydra - Setting property browser.disabled to value true
   ,.__   __.  ________  .______   __    __  ____    ____  _______  .______          ___          ___

,| \ | | | / | \ | | | | \ \ / / | \ | \ / \ |__ \

,| | | `---/ / | |_) || |_| | \ \/ / | .--. || |) | / ^ \ ) |

,| . ` | / / | _ < | _ | _ / | | | || / / /_\ \ / /

,| |\ | / /----.| |) || | | | | | | '--' || |\ ----./ ____ \ / /_

,|| _| /____||__/ || || || |__/ | | `.____// \\ |____|

, ,2018-12-15 11:13:49.207 INFO --- [ main] org.nzbhydra.NzbHydra : Starting NzbHydra on 8f42a6a8d167 with PID 259 (/app/hydra2/lib/core-2.0.24-exec.jar started by abc in /app/hydra2) ,2018-12-15 11:13:49.238 INFO --- [ main] org.nzbhydra.NzbHydra : The following profiles are active: default ,WARNING: An illegal reflective access operation has occurred ,WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (jar:file:/app/hydra2/lib/core-2.0.24-exec.jar!/BOOT-INF/lib/spring-core-5.0.8.RELEASE.jar!/) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) ,WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1 ,WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations ,WARNING: All illegal access operations will be denied in a future release ,2018-12-15 11:14:03.412 INFO --- [ main] org.nzbhydra.config.BaseConfig : Using data folder /config ,2018-12-15 11:14:09.300 INFO --- [ost-startStop-1] o.n.a.HydraAnonymousAuthenticationFilter : Granting basic user rights to anonymous users ,2018-12-15 11:14:09.306 INFO --- [ost-startStop-1] o.n.a.HydraAnonymousAuthenticationFilter : Granting stats rights to anonymous users ,2018-12-15 11:14:09.308 INFO --- [ost-startStop-1] o.n.a.HydraAnonymousAuthenticationFilter : Granting admin rights to anonymous users ,2018-12-15 11:14:11.807 WARN --- [ main] org.flywaydb.core.Flyway : Flyway.setCallbacks(FlywayCallback) has been deprecated and will be removed in Flyway 6.0. Use Flyway.setCallbacks(Callback) instead. ,2018-12-15 11:14:12.116 INFO --- [ main] o.f.core.internal.util.VersionPrinter : Flyway Community Edition 5.1.4 by Boxfuse ,2018-12-15 11:14:12.132 INFO --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting... ,2018-12-15 11:14:12.928 INFO --- [ main] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed. ,2018-12-15 11:14:12.951 INFO --- [ main] o.f.c.internal.database.DatabaseFactory : Database: jdbc:h2:file:/config/database/nzbhydra (H2 1.4) ,2018-12-15 11:14:13.656 INFO --- [ main] o.f.core.internal.command.DbValidate : Successfully validated 15 migrations (execution time 00:00.284s) ,2018-12-15 11:14:13.839 INFO --- [ main] o.f.core.internal.command.DbMigrate : Current version of schema "PUBLIC": 1.14 ,2018-12-15 11:14:13.848 INFO --- [ main] o.f.core.internal.command.DbMigrate : Schema "PUBLIC" is up to date. No migration necessary. ,2018-12-15 11:14:26.460 WARN --- [ main] org.nzbhydra.NzbHydra : Overwritten settings will be displayed with their original value in the config section of the GUI ,2018-12-15 11:14:36.761 INFO --- [ main] o.n.searching.SearchModuleProvider : Loading indexers ,2018-12-15 11:14:36.763 INFO --- [ main] o.n.searching.SearchModuleProvider : Finished initializing active indexers ,2018-12-15 11:14:36.897 WARN --- [ main] o.n.searching.SearchModuleProvider : No indexers configured ,2018-12-15 11:14:37.202 INFO --- [ main] o.n.d.downloaders.DownloaderProvider : Loading downloaders ,2018-12-15 11:14:37.205 INFO --- [ main] o.n.d.downloaders.DownloaderProvider : Finished initializing active downloaders ,2018-12-15 11:14:37.207 INFO --- [ main] o.n.d.downloaders.DownloaderProvider : No downloaders configured ,2018-12-15 11:14:41.554 INFO --- [ main] org.nzbhydra.web.WebConfiguration : Found folder /static. Will load UI resources from there ,2018-12-15 11:14:46.586 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Check for and install updates" to be run every 1 hour ,2018-12-15 11:14:46.612 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Delete short term storage results" to be run every 12 hours ,2018-12-15 11:14:46.615 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Delete old history entries" to be run every 1 hour ,2018-12-15 11:14:46.617 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Download queue check" to be run every 10 seconds ,2018-12-15 11:14:46.621 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Backup" to be run every 1 hour ,2018-12-15 11:14:46.624 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Clean up indexer statuses" to be run every 1 minute ,2018-12-15 11:14:46.626 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Download history check" to be run every 10 minutes ,2018-12-15 11:14:46.628 INFO --- [ main] org.nzbhydra.tasks.HydraTaskScheduler : Scheduling task "Delete old search results" to be run every 1 hour ,2018-12-15 11:14:47.151 INFO --- [ main] org.nzbhydra.NzbHydra : Started NzbHydra in 60.886 seconds (JVM running for 67.496) ,2018-12-15 11:14:47.352 INFO --- [ main] org.nzbhydra.NzbHydra : You seem to be running NZBHydra 2 in docker. You can access Hydra using your local address and the IP you provided ,

Vpn container shows no logs at all.
> 2. If you removed the `network_mode: "service:vpn"` from hydra, how are the 2 containers connected? 
IE how do you have you configured the network traffic from hydra to go to the openvpn container?

Like I wrote, I put that in the .env file. Do you think I need to put it also in docker-compose.override file?

[nemchik]

Just chiming in here (I'm the DockSTARTer dev):

DockSTARTer by default does not include network_mode in the compose files generated, but does include ports so the apps run in bridge mode. Compose creates a user defined bridge network automatically if none are defined, and joins all containers in your compose file to that network unless otherwise specified. That network will be allowed to access the internet. The network name is based on the name of the parent folder where docker-compose.yml exists, so in the case of DockSTARTer you end up with compose_default as the network name.

If you set a network_mode in DockSTARTer's .env it excludes the ports and includes the network_mode which would mean the container would not be connected to the compose_default network. If it needs to be reconnected by using docker compose networks I can accommodate this, but my understanding is that when using another service or container as net mode you can't also be connected to a bridged network. I may not be fully informed on that topic and maybe it's as simple as adding it to the compose_default network, or maybe rather than network_mode the VPN service should be set as one of the networks.

[dperson]

@nemchik Thanks for the clarification on the behavior of dockstarter networking, I'm not familiar with it at all.

@trohnjavolta I'm not familiar with dockstarter, so have no idea what's appropriate in .env vs docker-compose.override. I can tell you that the network_mode: "service:vpn" has to be set for hydra to use the openvpn network. You actually did say that you redirected the log for the VPN to a file, can you provide the contents of that file, please?

[trohnjavolta]

@nemchik Thanks for the clarification on the behavior of dockstarter networking, I'm not familiar with it at all.

@trohnjavolta I'm not familiar with dockstarter, so have no idea what's appropriate in .env vs docker-compose.override. I can tell you that the network_mode: "service:vpn" has to be set for hydra to use the openvpn network. You actually did say that you redirected the log for the VPN to a file, can you provide the contents of that file, please?

Sure:

Sat Dec 15 10:13:31 2018 WARNING: file '/vpn/userpass.txt' is group or others accessible
Sat Dec 15 10:13:31 2018 OpenVPN 2.4.6 armv6-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul  8 2018
Sat Dec 15 10:13:31 2018 library versions: LibreSSL 2.7.4, LZO 2.10
Sat Dec 15 10:13:31 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]------------------:80
Sat Dec 15 10:13:31 2018 Socket Buffers: R=[163840->327680] S=[163840->327680]
Sat Dec 15 10:13:31 2018 UDP link local: (not bound)
Sat Dec 15 10:13:31 2018 UDP link remote: [AF_INET]------------------:80
Sat Dec 15 10:13:31 2018 TLS: Initial packet from [AF_INET]------------------:80, sid=b30e2dda 5581258b
Sat Dec 15 10:13:31 2018 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 10:13:31 2018 VERIFY KU OK
Sat Dec 15 10:13:31 2018 Validating certificate extended key usage
Sat Dec 15 10:13:31 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 15 10:13:31 2018 VERIFY EKU OK
Sat Dec 15 10:13:31 2018 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 10:13:32 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Sat Dec 15 10:13:32 2018 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sat Dec 15 10:13:32 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 15 10:13:32 2018 [TG-OVPN-CA] Peer Connection Initiated with [AF_INET]------------------:80
Sat Dec 15 10:13:33 2018 SENT CONTROL [TG-OVPN-CA]: 'PUSH_REQUEST' (status=1)
Sat Dec 15 10:13:33 2018 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 1.1.1.1,dhcp-option DNS 1.0.0.1,route ------------------1,topology net30,ping 5,ping-restart 30,compress,ifconfig ------------------6 ------------------5,peer-id 0'
Sat Dec 15 10:13:33 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Dec 15 10:13:33 2018 OPTIONS IMPORT: compression parms modified
Sat Dec 15 10:13:33 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Dec 15 10:13:33 2018 OPTIONS IMPORT: route options modified
Sat Dec 15 10:13:33 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Dec 15 10:13:33 2018 OPTIONS IMPORT: peer-id set
Sat Dec 15 10:13:33 2018 OPTIONS IMPORT: adjusting link_mtu to 1625
Sat Dec 15 10:13:33 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 10:13:33 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 10:13:33 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 10:13:33 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 10:13:33 2018 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=------------------
Sat Dec 15 10:13:33 2018 TUN/TAP device tun0 opened
Sat Dec 15 10:13:33 2018 TUN/TAP TX queue length set to 100
Sat Dec 15 10:13:33 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Dec 15 10:13:33 2018 /sbin/ip link set dev tun0 up mtu 1500
Sat Dec 15 10:13:33 2018 /sbin/ip addr add dev tun0 local ------------------6 peer ------------------5
Sat Dec 15 10:13:33 2018 /sbin/ip route add ------------------/32 via 172.18.0.1
Sat Dec 15 10:13:33 2018 /sbin/ip route add 0.0.0.0/1 via ------------------5
Sat Dec 15 10:13:33 2018 /sbin/ip route add 128.0.0.0/1 via ------------------5
Sat Dec 15 10:13:33 2018 /sbin/ip route add ------------------1/32 via ------------------5
Sat Dec 15 10:13:33 2018 Initialization Sequence Completed
Sat Dec 15 11:13:32 2018 TLS: soft reset sec=0 bytes=124324/-1 pkts=1596/0
Sat Dec 15 11:13:32 2018 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 11:13:32 2018 VERIFY KU OK
Sat Dec 15 11:13:32 2018 Validating certificate extended key usage
Sat Dec 15 11:13:32 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 15 11:13:32 2018 VERIFY EKU OK
Sat Dec 15 11:13:32 2018 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 11:13:32 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Sat Dec 15 11:13:32 2018 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sat Dec 15 11:13:32 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 11:13:32 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 11:13:32 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 11:13:32 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 11:13:32 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 15 12:13:32 2018 TLS: soft reset sec=0 bytes=120520/-1 pkts=1566/0
Sat Dec 15 12:13:32 2018 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 12:13:32 2018 VERIFY KU OK
Sat Dec 15 12:13:32 2018 Validating certificate extended key usage
Sat Dec 15 12:13:32 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 15 12:13:32 2018 VERIFY EKU OK
Sat Dec 15 12:13:32 2018 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 12:13:32 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Sat Dec 15 12:13:32 2018 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sat Dec 15 12:13:32 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 12:13:32 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 12:13:32 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 12:13:32 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 12:13:32 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 15 13:13:32 2018 TLS: soft reset sec=0 bytes=120208/-1 pkts=1563/0
Sat Dec 15 13:13:32 2018 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 13:13:32 2018 VERIFY KU OK
Sat Dec 15 13:13:32 2018 Validating certificate extended key usage
Sat Dec 15 13:13:32 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 15 13:13:32 2018 VERIFY EKU OK
Sat Dec 15 13:13:32 2018 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 13:13:32 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Sat Dec 15 13:13:32 2018 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sat Dec 15 13:13:32 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 13:13:32 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 13:13:32 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 13:13:32 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 13:13:32 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 15 14:13:32 2018 TLS: soft reset sec=0 bytes=120040/-1 pkts=1562/0
Sat Dec 15 14:13:32 2018 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 14:13:32 2018 VERIFY KU OK
Sat Dec 15 14:13:32 2018 Validating certificate extended key usage
Sat Dec 15 14:13:32 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 15 14:13:32 2018 VERIFY EKU OK
Sat Dec 15 14:13:32 2018 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 14:13:32 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Sat Dec 15 14:13:32 2018 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sat Dec 15 14:13:32 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 14:13:32 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 14:13:32 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 14:13:32 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 14:13:32 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 15 15:13:32 2018 TLS: soft reset sec=0 bytes=120204/-1 pkts=1563/0
Sat Dec 15 15:13:32 2018 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 15:13:32 2018 VERIFY KU OK
Sat Dec 15 15:13:32 2018 Validating certificate extended key usage
Sat Dec 15 15:13:32 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 15 15:13:32 2018 VERIFY EKU OK
Sat Dec 15 15:13:32 2018 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 15:13:32 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Sat Dec 15 15:13:32 2018 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sat Dec 15 15:13:32 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 15:13:32 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 15:13:32 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 15:13:32 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 15:13:32 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Dec 15 16:13:32 2018 TLS: soft reset sec=0 bytes=120140/-1 pkts=1562/0
Sat Dec 15 16:13:32 2018 VERIFY OK: depth=1, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 16:13:32 2018 VERIFY KU OK
Sat Dec 15 16:13:32 2018 Validating certificate extended key usage
Sat Dec 15 16:13:32 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Dec 15 16:13:32 2018 VERIFY EKU OK
Sat Dec 15 16:13:32 2018 VERIFY OK: depth=0, C=US, ST=FL, L=Orlando, O=TorGuard, OU=VPN, CN=TG-OVPN-CA, name=TorGuard, emailAddress=sysadmin@torguard.net
Sat Dec 15 16:13:32 2018 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1557'
Sat Dec 15 16:13:32 2018 WARNING: 'comp-lzo' is present in local config but missing in remote config, local='comp-lzo'
Sat Dec 15 16:13:32 2018 Outgoing Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 16:13:32 2018 Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 16:13:32 2018 Incoming Data Channel: Cipher 'AES-128-CBC' initialized with 128 bit key
Sat Dec 15 16:13:32 2018 Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Sat Dec 15 16:13:32 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA

[dperson]

I'm seeing at least 6 connections to your VPN provider in one second... I don't see errors, but don't think that the VPN is functioning correctly either.

[dperson]

Oops, the hour is incrementing between connections. Every hour to the second it reconnects, and it's not passing traffic in the mean time if you can't resolve host names.

[trohnjavolta]

K...yeah, I cannot contribute much to this, but if anyone has a suggestion on how I could make the network part work, I'd happily try it.

[nemchik]

Take this out of you override and it should have the VPN container join the compose_default network I described above

    networks:
      - default

Then post your new logs and hopefully we'll be getting somewhere.

[trohnjavolta]

Did that, unfortunatly curl still gives cant resolve host message. Also container status is unhealthy. Ovpn client seems to run without a problem. openvpnclient.log Same in hydra2 container. wrapper.log nzbhydra2.log

Can I get logs from vpn container somehow? Maybe that would help to see where the issue is.

[nemchik]

docker logs <container>

[trohnjavolta]

docker logs <container>

Tried that, gives no output at all. It's the same as log button in portainer, right?

[nemchik]

Yes it would be. I've never seen a container not have at least something in the logs. Which container(s) again?

[dperson]

I think that @trohnjavolta has in his openvpn config file to log to a file (it normally will log to standard out).

[trohnjavolta]

right, commenting out the log line in .ovpn file gives me same ovpn client log after docker logs vpn. But still not able to get it to work.

[jmctune]

I see the "Initialization Sequence Completed" message, which indicates a successful connection.

Can you curl google.com from within the ovpn container after it has connected?