search

hwdsl2 / docker-ipsec-vpn-server

Docker image to run an IPsec VPN server, with IPsec/L2TP, Cisco IPsec and IKEv2
https://hub.docker.com/r/hwdsl2/ipsec-vpn-server
Other
6.35k stars 1.38k forks source link

open /proc/sys/net/ipv4/conf/eth0/send_redirects: no such file or directory: unknown #422

Closed henri98 closed 5 months ago

henri98 commented 5 months ago

Hey,

I have been using the image for at least 10 months with great pleasure.

After an update (docker engine and the image) I am no longer able to start the container. I'm running the non privileged mode as suggested within the advanced docs, deployed with ansible:

--- 

- name: Run IPsec VPN Server Container
  tags: ipsec-vpn
  become: true
  community.docker.docker_container:
    name: ipsec-vpn-server
    image: hwdsl2/ipsec-vpn-server:debian
    pull: true
    restart_policy: always
    volumes:
      - /srv/docker/ipsec-vpn/ipsec.d:/etc/ipsec.d
      - /lib/modules:/lib/modules:ro
    ports:
      - "{{ ip }}:500:500/udp"
      - "{{ ip }}:4500:4500/udp"
    env:
      VPN_ENABLE_MODP1024=yes
    capabilities:
        - NET_ADMIN
    devices:
      - "/dev/ppp:/dev/ppp"
    sysctls:
      net.ipv4.ip_forward: 1
      net.ipv4.conf.all.accept_redirects: 0
      net.ipv4.conf.all.send_redirects: 0
      net.ipv4.conf.all.rp_filter: 0
      net.ipv4.conf.default.accept_redirects: 0
      net.ipv4.conf.default.send_redirects: 0
      net.ipv4.conf.default.rp_filter: 0
      net.ipv4.conf.eth0.send_redirects: 0
      net.ipv4.conf.eth0.rp_filter: 0

Resulting into:

Error starting container 451a58781dbad02ac0813748a2bce30660383f7dfb3174d6836ff00ce98b010d: 400 Client Error for http+docker://localhost/v1.45/containers/451a58781dbad02ac0813748a2bce30660383f7dfb3174d6836ff00ce98b010d/start: Bad Request ("failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/ipv4/conf/eth0/send_redirects: no such file or directory: unknown")

or

Error starting container e8a6e86d3f2331fa73de2912ebdcec122cbbfd3df2cf544379167928a5cb9c0d: 400 Client Error for http+docker://localhost/v1.45/containers/e8a6e86d3f2331fa73de2912ebdcec122cbbfd3df2cf544379167928a5cb9c0d/start: Bad Request ("failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: open /proc/sys/net/ipv4/conf/eth0/rp_filter: no such file or directory: unknown")

Anyone else with a similar experience? Does anyone have a suggestion for me?

hwdsl2 commented 5 months ago

@henri98 Hello! This error is due to a recent bug in Docker. See https://github.com/moby/moby/issues/47619. A fix for that bug has recently been merged, which hopefully should reach Docker 26.0 soon. After this fix is included in your Linux distribution's Docker package, you can upgrade the Docker engine again to fix.

In the meantime, you have a few options:

Option 1: Remove the net.ipv4.conf.eth0.send_redirects and net.ipv4.conf.eth0.rp_filter options (part of --sysctl) from the docker run command (or your configuration file, if applicable), then re-create the Docker container. These options are not critical for the VPN to work, but if you encounter any issues you can add them back.

Option 2: Temporarily revert the Docker engine (e.g. docker-ce, docker-ce-cli and docker-ce-rootless-extras packages) to the previous version, such as 5:25.0.4-1 on Ubuntu 22.04.

Option 3: Run the Docker image using privileged mode. See Start the IPsec VPN server.