Route add command failed

henrikmathisen commented 7 years ago

Hi,

It seems that the program tries to add a route that already exists every time I start the container. I don't know if there are more routes to be added afterwards but it seems that it simply fails with error status 2;

Logs:

Generating transmission settings.json from env variables STARTING TRANSMISSION NO PORT UPDATER FOR THIS PROVIDER Transmission startup script complete. Thu Sep 29 12:54:25 2016 /sbin/ip route add 176.10.248.194/32 via 172.17.42.1 Thu Sep 29 12:54:25 2016 /sbin/ip route add 0.0.0.0/1 via 10.251.5.1 Thu Sep 29 12:54:25 2016 /sbin/ip route add 128.0.0.0/1 via 10.251.5.1 Thu Sep 29 12:54:25 2016 /sbin/ip route add 176.10.248.194/32 via 172.17.42.1 RTNETLINK answers: File exists Thu Sep 29 12:54:25 2016 ERROR: Linux route add command failed: external program exited with error status: 2 Thu Sep 29 12:54:25 2016 Initialization Sequence Completed

This was tried on Ubuntu 14.04.3, Docker version 1.12.1, build 23cf638

haugene commented 7 years ago

Hmm, have a look at this: http://raspberrypi.stackexchange.com/questions/13895/solving-rtnetlink-answers-file-exists-when-running-ifup

Which links to: https://blog.karssen.org/2013/03/28/solving-rtnetlink-answers-file-exists-when-running-ifup/

What is your setting for the LOCAL_NETWORK environment variable? And please provide the complete log, mask your usr/pass.

fdecourt commented 7 years ago

Hi Haugene, Same here with a Synology. Here are the full log : 2016-10-12 12:06:13 stdout Using OpenVPN provider: PUREVPN 2016-10-12 12:06:13 stdout Starting OpenVPN using config NETHERLANDS-TCP.ovpn 2016-10-12 12:06:13 stdout Setting OPENVPN credentials... 2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014 2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. 2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 WARNING: file '/etc/openvpn/purevpn/Wdc.key' is group or others accessible 2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 Control Channel Authentication: using '/etc/openvpn/purevpn/Wdc.key' as a OpenVPN static key file 2016-10-12 12:06:14 stdout Wed Oct 12 12:06:14 2016 Attempting to establish TCP connection with [AF_INET]213.5.64.37:80 [nonblock] 2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 TCP connection established with [AF_INET]213.5.64.37:80 2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 TCPv4_CLIENT link local: [undef] 2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 TCPv4_CLIENT link remote: [AF_INET]213.5.64.37:80 2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2016-10-12 12:06:17 stdout Wed Oct 12 12:06:17 2016 [PureVPN] Peer Connection Initiated with [AF_INET]213.5.64.37:80 2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 TUN/TAP device tun0 opened 2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 /sbin/ip link set dev tun0 up mtu 1500 2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 /sbin/ip addr add dev tun0 37.46.122.106/27 broadcast 37.46.122.127 2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 /etc/transmission/start.sh tun0 1500 1560 37.46.122.106 255.255.255.224 init 2016-10-12 12:06:20 stdout Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 37.46.122.106 2016-10-12 12:06:20 stdout Generating transmission settings.json from env variables 2016-10-12 12:06:20 stdout STARTING TRANSMISSION 2016-10-12 12:06:20 stdout NO PORT UPDATER FOR THIS PROVIDER 2016-10-12 12:06:20 stdout Transmission startup script complete. 2016-10-12 12:06:22 stdout RTNETLINK answers: File exists 2016-10-12 12:06:23 stdout Wed Oct 12 12:06:22 2016 ERROR: Linux route add command failed: external program exited with error status: 2 2016-10-12 12:06:23 stdout Wed Oct 12 12:06:22 2016 Initialization Sequence Completed

Thanks for your support

haugene commented 7 years ago

Weird... And you aren't running with network=host or anything like that?

fdecourt commented 7 years ago

Thanks for your quick answer. I tried with and without LOCAL_NETWORK=192.168.1.0/24.

If I run a "IP ROUTE" command from the terminal of the docker (without LOCAL_NETWORK)

fdecourt commented 7 years ago

This is more clear :

haugene commented 7 years ago

Ok. So there's a duplicate entry for the default gateway. Openvpn wants to ship everything through tun0 while there's already a route to send it all through the docker interface.

Question is, why is this happening now. Is it a new OS release for the nas or is it a newer version of openvpn that bugs. We can't delete the other default route before connecting, because then it would be able to access the Internet.

Could you give me some info on the underlying OS of the nas? Distro and version, cat /etc/os-release, uname - a etc. Then I can try to reproduce it.

Also, try fetching and running one of the earlier tags of the container. If one of the older ones work that might be a good indication on when the bug was introduced.

fdecourt commented 7 years ago

Hi Haugene, Thanks for your answer and taking care of this problem. It's running XPenology DSM 5.2.5644. On your docker, it is Ubuntu 14.04.4 I will try other version of your Docker : 1.5 and 1.6, PureVPN is not configured from 1.7 to 1.10, I have the same error So It won't help you to find when the bug was introduced.

haugene commented 7 years ago

Ok. But if you ssh into your nas, which linux distro and version is it running? Would be interesting to know if this could be provider specific as I would expect more people would have an issue if it's for all providers on the Synology NAS.

Are you also running PureVPN @paranoiid? If you have the chance to get a months subscription with one of the other providers just to test, that could rule that out. Even though this sounds more OS related.

fdecourt commented 7 years ago

Hi Haugene, Soory for the late reply. The OS is : Linux DiskStation 3.10.35 #1 SMP Sat Dec 12 17:01:14 MSK 2015 x86_64 GNU/Linux synology_bromolow_3615xs

I'll try to subscribe other providers this week.

fdecourt commented 7 years ago

Haugene, I subscribe to PIA, and the probleme is different. Still no connection to any tracker. Here are the logs : date,stream,content 2016-10-17 11:50:13,stdout,Error: portTested: http error 0: No Response 2016-10-17 11:49:43,stdout,Checking port... 2016-10-17 11:49:43,stdout,localhost:9091/transmission/rpc/ responded: "success" 2016-10-17 11:49:42,stdout,transmission auth not required 2016-10-17 11:49:42,stdout,Got new port from pia 2016-10-17 11:49:42,stdout, 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:02 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:03 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:06 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:07 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:08 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:10 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:11 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:12 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:13 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:14 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:15 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:16 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:17 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:18 --:--:-- 0 0 0 0 0 0 0 0 0 --:--:-- 0:00:19 --:--:-- 0curl: (6) Could not resolve host: www.privateinternetaccess.com 2016-10-17 11:49:22,stdout, Dload Upload Total Spent Left Speed 2016-10-17 11:49:22,stdout, % Total % Received % Xferd Average Speed Time Time Time Current 2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 Initialization Sequence Completed 2016-10-17 11:48:21,stdout,Transmission startup script complete. 2016-10-17 11:48:21,stdout,STARTING PORT UPDATER 2016-10-17 11:48:21,stdout,STARTING TRANSMISSION 2016-10-17 11:48:21,stdout,Generating transmission settings.json from env variables 2016-10-17 11:48:21,stdout,Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.20.10.6 2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 /etc/transmission/start.sh tun0 1500 1542 10.20.10.6 10.20.10.5 init 2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 /sbin/ip addr add dev tun0 local 10.20.10.6 peer 10.20.10.5 2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 /sbin/ip link set dev tun0 up mtu 1500 2016-10-17 11:48:21,stdout,"Mon Oct 17 11:48:21 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0" 2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 TUN/TAP device tun0 opened 2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 [e74d3ca8b512011f9c6a17cd33226de2] Peer Connection Initiated with [AF_INET]46.166.190.181:1194 2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 UDPv4 link remote: [AF_INET]46.166.190.181:1194 2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 UDPv4 link local: [undef] 2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014 2016-10-17 11:48:19,stdout,Setting OPENVPN credentials... 2016-10-17 11:48:19,stdout,Starting OpenVPN using config Netherlands.ovpn 2016-10-17 11:48:19,stdout,Using OpenVPN provider: PIA 2016-10-17 11:48:18,stdout,"Mon Oct 17 11:48:18 2016 SIGTERM[hard,] received, process exiting" 2016-10-17 11:48:18,stdout,Mon Oct 17 11:48:18 2016 /etc/transmission/stop.sh tun0 1500 1542 10.12.10.6 10.12.10.5 init 2016-10-17 11:48:18,stdout,Mon Oct 17 11:48:18 2016 /sbin/ip addr del dev tun0 local 10.12.10.6 peer 10.12.10.5 2016-10-17 11:48:18,stdout,Mon Oct 17 11:48:18 2016 event_wait : Interrupted system call (code=4)

haugene commented 7 years ago

This looks like a DNS issue... Could not resolve host: www.privateinternetaccess.com. See this section of the readme and try setting your dns servers for the container.

fdecourt commented 7 years ago

I used a resolve.conf link, with the google DNS (not the --dns command, as it does not work on DSM) With or without it, it won't work, same error "Could not resolve host: www.privateinternetaccess.com". But if I ping from the docker terminal www.google.fr, it won't work. But if I ping the IP adresse of google, it works. This URL is reachable directly from the Synology, but not from the docker package.all my network uses the same DNS (they are implemented directly on my router). There is a DNS problem somewhere !

fdecourt commented 7 years ago

From the docker Terminal : Direct IP Using www.google.fr

From the diskstation terminal :

fdecourt commented 7 years ago

It seems that the /etc/resolv.conf is not replace by /docker/resolv.conf created. For Data it works, not for this file, so the DNS are wrong. So I manually edit the docker file /etc/resolv.conf from nameserver 192.168.1.1 to the OpenDNS IP. Let's see what happen !

fdecourt commented 7 years ago

With that modification, all ping are working : So I probably to find a way to :

Make the /docker/resolv.conf really replace /etc/resolv.conf
Create a script launched with the Docker package, to rewrite the /etc/resolv.conf

fdecourt commented 7 years ago

With that it seems it works, with a Netherlands IP adress from Netherlands (I am not there)

fdecourt commented 7 years ago

Also, on DSM 5.2 for Synology, on mys NAS, adding /volume1/ makes the path wrong.

fdecourt commented 7 years ago

After many testing, it works with PIA, adding the LOCAL_NETWORK parameter to 192.168.1.0/24, doing the right port forwarding of the Transmission port on my router (not the 9091 port, the one in the Transmission app itself) and changing the default DNS of my router.

For PureVPN, it won't start, with the error logged above. Even it it is the PureVPN openvpn file, maybe something wrong in it for Synology. On the PIA openvpn there is a "dev tun" line, which is "dev tun0" for PureVPN. The 0 should not be there !

haugene commented 7 years ago

Hey! Sorry for the late reply.

I've changed "dev tun0" to "dev tun" for all purevpn configs. Do you still have an account with PureVPN and can test it? Use the dev tag of the image.

fdecourt commented 7 years ago

Hi, No problem, right now I am using PIA, which is working well, but I still have a PureVPN account, so I will test it this week. Happy new year

2017-01-01 22:14 GMT+01:00 Kristian Haugene notifications@github.com:

Hey! Sorry for the late reply.

I've changed "dev tun0" to "dev tun" for all purevpn configs. Do you still have an account with PureVPN and can test it? Use the dev tag of the image.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/haugene/docker-transmission-openvpn/issues/135#issuecomment-269919932, or mute the thread https://github.com/notifications/unsubscribe-auth/AD3QIRlG9yYTlD24EWxRUOBSfGUo4Snzks5rOBcygaJpZM4KJ20R .

haugene commented 7 years ago

Great! Happy new year! 😄

fdecourt commented 7 years ago

Hello, So I still have the error :

Mon Jan 2 17:31:45 2017 ERROR: Linux route add command failed: external program exited with error status: 2

But connexion is working.

I just tried to download some stuff, and it seems that it works (very slowly, but connected !!!!!)

Route -n : [image: Images intégrées 1]

Still a problem with the link between resolv.conf in the image (/etc/resolv.conf), and the real one in /docker/resolv.conf. The one used is not the right one, but without problem, as 192.168.1.1 is my router with its specific DNS.

2017-01-01 22:14 GMT+01:00 Kristian Haugene notifications@github.com:

Hey! Sorry for the late reply.

I've changed "dev tun0" to "dev tun" for all purevpn configs. Do you still have an account with PureVPN and can test it? Use the dev tag of the image.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/haugene/docker-transmission-openvpn/issues/135#issuecomment-269919932, or mute the thread https://github.com/notifications/unsubscribe-auth/AD3QIRlG9yYTlD24EWxRUOBSfGUo4Snzks5rOBcygaJpZM4KJ20R .

fdecourt commented 7 years ago

Very very slow.... On the NAS : -PIA : 5 mo/s -PureVPN : 150 ko/s

Testing connexion directly one the computer, and they are quite equal (between 3 and 4 mo/s)

2017-01-02 18:48 GMT+01:00 fdecourt fdecourt@gmail.com:

Hello, So I still have the error :

Mon Jan 2 17:31:45 2017 ERROR: Linux route add command failed: external program exited with error status: 2

But connexion is working.

I just tried to download some stuff, and it seems that it works (very slowly, but connected !!!!!)

Route -n : [image: Images intégrées 1]

Still a problem with the link between resolv.conf in the image (/etc/resolv.conf), and the real one in /docker/resolv.conf. The one used is not the right one, but without problem, as 192.168.1.1 is my router with its specific DNS.

2017-01-01 22:14 GMT+01:00 Kristian Haugene notifications@github.com:

Hey! Sorry for the late reply.

I've changed "dev tun0" to "dev tun" for all purevpn configs. Do you still have an account with PureVPN and can test it? Use the dev tag of the image.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/haugene/docker-transmission-openvpn/issues/135#issuecomment-269919932, or mute the thread https://github.com/notifications/unsubscribe-auth/AD3QIRlG9yYTlD24EWxRUOBSfGUo4Snzks5rOBcygaJpZM4KJ20R .

clowrym commented 7 years ago

I have this issue as well with PureVPN, In my troubleshooting with a different DelugeVPN docker, it was found that PureVPN is using weak certs. Reviewing their site there are a number of complaints with the same weak cert's & openVPN. They have said they are updating their cert's for a couple months now..... hard to say if/when it will happen

haugene commented 6 years ago

Cleaning old issues. Re-open or create a new issue if it's still a problem. Remember logs and steps to reproduce.

rdavey228 commented 6 years ago

Hello -

Id like to reopen this as I am helping someone set this up with a PUREVPN account and I am getting the same issue.

Docker is installed on an old PC running Ubuntu 18.04 as the underlying OS.

I get the following error -

vpn_1  | STARTING TRANSMISSION
vpn_1  | NO PORT UPDATER FOR THIS PROVIDER
vpn_1  | Transmission startup script complete.
vpn_1  | RTNETLINK answers: File exists
vpn_1  | Tue Aug  7 12:11:17 2018 ERROR: Linux route add command failed: external program exited with error status: 2
vpn_1  | Tue Aug  7 12:11:17 2018 Initialization Sequence Completed

Any ideas??

bobsupercow commented 6 years ago

Having the same issue with PUREVPN and Ubuntu 18.04. It was working 3 days ago, no changes on my end or with my PureVPN account.

rdavey228 commented 6 years ago

Anyone.....?

RoccoMathijn commented 6 years ago

Same issue on Ubuntu 18.04 with PureVPN

haugene commented 6 years ago

See #573 for more info, this thread now continues there.

haugene / docker-transmission-openvpn

Route add command failed #135