search

dperson / openvpn-client

GNU Affero General Public License v3.0
1.06k stars 588 forks source link

UDP link local: (not bound) #97

Closed YoannMa closed 6 years ago

YoannMa commented 6 years ago

Hi,

I've got an issue, I can't make the docker work. I tried the method of the readme with the certificate and providing -v with no success

I found the issue #47 so i tried the same idea using my VPN (Windscribe)

I ran sudo docker run -it --rm --cap-add=NET_ADMIN --device /dev/net/tun --name vpn -v $(pwd):/vpn dperson/openvpn-client bash

And added set -x to show where the command failed :

+ dir=/vpn
+ auth=/vpn/vpn.cert_auth
+ conf=/vpn/vpn.conf
+ cert=/vpn/vpn-ca.crt
+ route=/vpn/.firewall
+ route6=/vpn/.firewall6
+ [[ -f /vpn/vpn.conf ]]
+ [[ -f /vpn/vpn-ca.crt ]]
++ egrep '\.ce?rt$'
++ wc ++ -w
ls /vpn/ca.crt /vpn/ta.key /vpn/vpn.cert_auth /vpn/vpn.conf
+ [[ 1 -eq 1 ]]
++ egrep '\.ce?rt$'
++ ls /vpn/ca.crt /vpn/ta.key /vpn/vpn.cert_auth /vpn/vpn.conf
+ cert=/vpn/ca.crt
+ getopts :hc:df:p:R:r:v: opt
+ case "$opt" in
+ firewall -d
++ ip -o addr show dev eth0
++ awk '$3 == "inet" {print $4}'
++ ip -o addr show dev eth0
++ awk '$3 == "inet6" {print $4; exit}'
+ local port=-d docker_network=172.17.0.6/16 network docker6_network=
+ [[ -z -d ]]
+ ip6tables -F OUTPUT
+ ip6tables -P OUTPUT DROP
+ ip6tables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ ip6tables -A OUTPUT -o lo -j ACCEPT
+ ip6tables -A OUTPUT -o tap0 -j ACCEPT
+ ip6tables -A OUTPUT -o tun0 -j ACCEPT
+ ip6tables -A OUTPUT -d -j ACCEPT
Bad argument `ACCEPT'
Try `ip6tables -h' or 'ip6tables --help' for more information.
+ ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+ ip6tables -A OUTPUT -p tcp -m owner --gid-owner vpn -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m owner --gid-owner vpn -j ACCEPT
+ iptables -F OUTPUT
+ iptables -P OUTPUT DROP
+ iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ iptables -A OUTPUT -o lo -j ACCEPT
+ iptables -A OUTPUT -o tap0 -j ACCEPT
+ iptables -A OUTPUT -o tun0 -j ACCEPT
+ iptables -A OUTPUT -d 172.17.0.6/16 -j ACCEPT
+ iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+ iptables -A OUTPUT -p tcp -m owner --gid-owner vpn -j ACCEPT
+ iptables -A OUTPUT -p udp -m owner --gid-owner vpn -j ACCEPT
+ [[ -s /vpn/.firewall6 ]]
+ [[ -s /vpn/.firewall ]]
+ touch /vpn/.firewall /vpn/.firewall6
+ getopts :hc:df:p:R:r:v: opt
+ shift 2
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -e /vpn/.firewall ]]
+ firewall ''
++ ip -o addr show dev eth0
++ awk '$3 == "inet" {print $4}'
++ ip -o addr show dev eth0
++ awk '$3 == "inet6" {print $4; exit}'
+ local port=1194 docker_network=172.17.0.6/16 network docker6_network=
+ [[ -z '' ]]
+ [[ -r /vpn/vpn.conf ]]
++ awk ++ '/^remote / && NF ~ /^[0-9]*$/ {print $NF}' /vpn/vpn.confgrep
'^'
+ port=53
+ ip6tables -F OUTPUT
+ ip6tables -P OUTPUT DROP
+ ip6tables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ ip6tables -A OUTPUT -o lo -j ACCEPT
+ ip6tables -A OUTPUT -o tap0 -j ACCEPT
+ ip6tables -A OUTPUT -o tun0 -j ACCEPT
+ ip6tables -A OUTPUT -d -j ACCEPT
Bad argument `ACCEPT'
Try `ip6tables -h' or 'ip6tables --help' for more information.
+ ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+ ip6tables -A OUTPUT -p tcp -m owner --gid-owner vpn -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m owner --gid-owner vpn -j ACCEPT
+ iptables -F OUTPUT
+ iptables -P OUTPUT DROP
+ iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+ iptables -A OUTPUT -o lo -j ACCEPT
+ iptables -A OUTPUT -o tap0 -j ACCEPT
+ iptables -A OUTPUT -o tun0 -j ACCEPT
+ iptables -A OUTPUT -d 172.17.0.6/16 -j ACCEPT
+ iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+ iptables -A OUTPUT -p tcp -m owner --gid-owner vpn -j ACCEPT
+ iptables -A OUTPUT -p udp -m owner --gid-owner vpn -j ACCEPT
+ [[ -s /vpn/.firewall6 ]]
+ [[ -s /vpn/.firewall ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ '' =~ ^[0-9]+$ ]]
+ [[ 0 -ge 1 ]]
+ [[ 0 -ge 1 ]]
+ ps -ef
+ egrep -v 'grep|openvpn.sh'
+ grep -q openvpn
+ mkdir -p /dev/net
+ [[ -c /dev/net/tun ]]
+ [[ -e /vpn/vpn.conf ]]
+ [[ -e /vpn/ca.crt ]]
+ exec sg vpn -c 'openvpn --config /vpn/vpn.conf'
Thu Nov 23 20:22:17 2017 WARNING: file '/vpn/vpn.cert_auth' is group or others accessible
Thu Nov 23 20:22:17 2017 OpenVPN 2.4.3 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017
Thu Nov 23 20:22:17 2017 library versions: LibreSSL 2.5.5, LZO 2.10
Thu Nov 23 20:22:17 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.X:53
Thu Nov 23 20:22:17 2017 UDP link local: (not bound)
Thu Nov 23 20:22:17 2017 UDP link remote: [AF_INET]X.X.X.X:53
^CThu Nov 23 20:22:19 2017 event_wait : Interrupted system call (code=4)
Thu Nov 23 20:22:19 2017 SIGINT[hard,] received, process exiting

uname -a :

Linux server 4.10.0-19-generic #21-Ubuntu SMP Thu Apr 6 17:04:57 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

Docker version :

Client:
 Version:      17.05.0-ce
 API version:  1.29
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64

Server:
 Version:      17.05.0-ce
 API version:  1.29 (minimum version 1.12)
 Go version:   go1.7.5
 Git commit:   89658be
 Built:        Thu May  4 22:10:54 2017
 OS/Arch:      linux/amd64
 Experimental: false
YoannMa commented 6 years ago

My bad, it was a mistake.

When i ran the first command with -v host;user;pass;port it overrided the vpn.conf that I used for the second command.

Now it's working just fine.