Sidecar VPN Not Working with 1.15 Ubuntu Images

[jrparks]

Hello,

The sidecar VPN is no longer working with the 1.15 Ubuntu images, the images just hang. If I remove the Docker Exec Config it will start however the network is not going over the VPN network.

{ "first_launch": { "user": "root", "privileged": true, "cmd": "bash -c 'ip route delete default && ip route add default via 172.20.0.2'" } }

I still have the 1.14-Rolling images and they work fine still even on the new version of Kasm.

Would someone have a look at this please?

Thank you

[j-travis]

If the container is failing to start (or remain started), you can use this process to see if you can find any errors

https://github.com/kasmtech/workspaces-issues/issues/444#issuecomment-1736460285

Its possible you may need to add the following to your docker run config for the workspaces

{
  "extra_hosts": {
    "proxy": "<your kasm server's ip>"
  }
}

[jrparks]

Well adding in the extra_hosts configuration allowed me to load up the container however its not using the tunnel to go out to the internet as the external IP address is not correct. I can verify that by running a curl ipinfo.io/json in a terminal within the container. I also confirmed the DNS's are not using the VPN provider DNS and they are exposed.

[jrparks]

Also to ensure everything was pristine as possible I built a fresh install of Kasm 1.15. I loaded in my custom VPN container and tried a default workplace image using the 1.15 images and they have the same problem, they are not using the VPN. When I tried with an old 1.14 image it worked. The problem is within the new image build for sure.

[jrparks]

I enabled root on the container image, logged in and from a terminal and ran: bash -c 'ip route delete default && ip route add default via 172.20.0.2'. That allowed me to change the default route manually from the terminal and I could go through the tunnel. For some reason the Docker Exec config is not running the cmd on first launch. Obviously doing that manually is not going to work so I need to figure out what is causing the command not to run during first_launch.

[jrparks]

Well I just downloaded the core 1.15 git repo and tried to build it and got the following error:

=> [base_layer 46/74] COPY ./src/ubuntu/install/squid/install/ /dockerstartup/install/ 0.1s => ERROR [base_layer 47/74] RUN bash /dockerstartup/install/squid_install/install_squi 5.1s [base_layer 47/74] RUN bash /dockerstartup/install/squid_install/install_squid.sh && rm -rf /dockerstartup/install/squid_install/: 0.228 ++ sed s/x86_64/amd64/g 0.230 ++ arch 0.231 ++ sed s/aarch64/arm64/g 0.231 + ARCH=amd64 0.232 + [[ amd64 == \a\r\m\6\4 ]] 0.232 + LIBSSLURL=http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.21_amd64.deb 0.232 + SQUID_COMMIT=1149fc830c7edcb383eec390cce2beba16befde5 0.232 ++ grep -q Jammy /etc/os-release 0.233 + wget -qO- https://kasmweb-build-artifacts.s3.amazonaws.com/kasm-squid-builder/1149fc830c7edcb383eec390cce2beba16befde5/output/kasm-squid-builder_amd64.tar.gz 0.233 + tar -xzf - -C / 2.026 + wget http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.21_amd64.deb -O libssl1.1.amd64.deb 2.029 --2024-02-28 18:42:51-- http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.21_amd64.deb 2.029 Resolving archive.ubuntu.com (archive.ubuntu.com)... 91.189.91.81, 185.125.190.36, 185.125.190.39, ... 2.073 Connecting to archive.ubuntu.com (archive.ubuntu.com)|91.189.91.81|:80... connected. 2.142 HTTP request sent, awaiting response... 404 Not Found 2.210 2024-02-28 18:42:52 ERROR 404: Not Found. 2.210

dockerfile-kasm-core:105 103 | ### Install Squid 104 | COPY ./src/ubuntu/install/squid/install/ $INST_SCRIPTS/squid_install/ 105 | >>> RUN bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/ 106 | COPY ./src/ubuntu/install/squid/resources/*.conf /etc/squid/ 107 | COPY ./src/ubuntu/install/squid/resources/start_squid.sh /etc/squid/start_squid.sh ERROR: failed to solve: process "/bin/sh -c bash $INST_SCRIPTS/squid_install/install_squid.sh && rm -rf $INST_SCRIPTS/squid_install/" did not complete successfully: exit code: 8

#######***####### I made a change to install_squid.sh to resolve this on my copy below:

if [[ "${ARCH}" == "arm64" ]]; then LIBSSLURL="http://ports.ubuntu.com/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.22_arm64.deb" else LIBSSLURL="http://archive.ubuntu.com/ubuntu/pool/main/o/openssl/libssl1.1_1.1.1f-1ubuntu2.22_amd64.deb" fi

I will continue looking further when I get a few minutes.

[j-travis]

Thank you. The libssl issue is unrelated to the VPN sidecar issue. We are tracking both and working on a fix.

They should be out in a day or so

[j-travis]

I believe we have a fix in the develop tags. Can you please try ?

e.g kasmweb/brave:develop

[jrparks]

I just tested and it is working. Nice work!

[jrparks]

There are other errors I see in the log of the container you are going to want to investigate as well unrelated to the VPN issue. I could post them here but they don't appear related to the VPN issue.