Open tapir opened 7 years ago
Here is some logs from the container
Fri Feb 17 13:38:47 2017 OpenVPN 2.3.14 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 18 2016
Fri Feb 17 13:38:47 2017 library versions: LibreSSL 2.4.4, LZO 2.09
Fri Feb 17 13:38:47 2017 Diffie-Hellman initialized with 2048 bit key
Fri Feb 17 13:38:47 2017 Control Channel Authentication: using '/etc/openvpn/pki/ta.key' as a OpenVPN static key file
Fri Feb 17 13:38:47 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 17 13:38:47 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 17 13:38:47 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Feb 17 13:38:47 2017 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
Fri Feb 17 13:38:47 2017 TUN/TAP device tun0 opened
Fri Feb 17 13:38:47 2017 TUN/TAP TX queue length set to 100
Fri Feb 17 13:38:47 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Fri Feb 17 13:38:47 2017 /sbin/ip link set dev tun0 up mtu 1500
Fri Feb 17 13:38:47 2017 /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
Fri Feb 17 13:38:47 2017 /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
Fri Feb 17 13:38:47 2017 GID set to nogroup
Fri Feb 17 13:38:47 2017 UID set to nobody
Fri Feb 17 13:38:47 2017 UDPv4 link local (bound): [undef]
Fri Feb 17 13:38:47 2017 UDPv4 link remote: [undef]
Fri Feb 17 13:38:47 2017 MULTI: multi_init called, r=256 v=256
Fri Feb 17 13:38:47 2017 IFCONFIG POOL: base=192.168.255.4 size=62, ipv6=0
Fri Feb 17 13:38:47 2017 Initialization Sequence Completed
Fri Feb 17 13:39:15 2017 195.46.137.11:44317 TLS: Initial packet from [AF_INET]195.46.137.11:44317, sid=156bc728 e0bea982
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 VERIFY OK: depth=1, CN=cosku
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 VERIFY OK: depth=0, CN=coskuclient
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 WARNING: INSECURE cipher with block size less than 128 bit (64 bit). This allows attacks like SWEET32. Mitigate by using a --cipher with a larger block size (e.g. AES-256-CBC).
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 WARNING: cipher with small block size in use, reducing reneg-bytes to 64MB to mitigate SWEET32 attacks.
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Fri Feb 17 13:39:16 2017 195.46.137.11:44317 [coskuclient] Peer Connection Initiated with [AF_INET]195.46.137.11:44317
Fri Feb 17 13:39:16 2017 coskuclient/195.46.137.11:44317 MULTI_sva: pool returned IPv4=192.168.255.6, IPv6=(Not enabled)
Fri Feb 17 13:39:16 2017 coskuclient/195.46.137.11:44317 MULTI: Learn: 192.168.255.6 -> coskuclient/195.46.137.11:44317
Fri Feb 17 13:39:16 2017 coskuclient/195.46.137.11:44317 MULTI: primary virtual IP for coskuclient/195.46.137.11:44317: 192.168.255.6
Fri Feb 17 13:39:18 2017 coskuclient/195.46.137.11:44317 PUSH: Received control message: 'PUSH_REQUEST'
Fri Feb 17 13:39:18 2017 coskuclient/195.46.137.11:44317 send_push_reply(): safe_cap=940
Fri Feb 17 13:39:18 2017 coskuclient/195.46.137.11:44317 SENT CONTROL [coskuclient]: 'PUSH_REPLY,block-outside-dns,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,route 192.168.255.1,topology net30,ping 10,ping-restart 60,ifconfig 192.168.255.6 192.168.255.5' (status=1)
and here is some logs form the host
$ docker ps
2902dd926e28 kylemanna/openvpn "ovpn_run" 3 seconds ago Up 2 seconds 178.63.128.3:1194->1194/udp confident_wright
$ ifconfig
docker0 Link encap:Ethernet HWaddr 02:42:a3:04:bc:7c
inet addr:172.17.0.1 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::42:a3ff:fe04:bc7c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5870 errors:0 dropped:0 overruns:0 frame:0
TX packets:5961 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6149189 (6.1 MB) TX bytes:832911 (832.9 KB)
eth0 Link encap:Ethernet HWaddr 00:1e:67:c4:74:7e
inet addr:178.63.128.3 Bcast:178.63.101.63 Mask:255.255.255.192
inet6 addr: fe80::21e:67ff:fec4:747e/64 Scope:Link
inet6 addr: 2a01:4f8:121:50a4::2/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:55659 errors:0 dropped:0 overruns:0 frame:0
TX packets:37002 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:50036458 (50.0 MB) TX bytes:10117283 (10.1 MB)
Memory:b1100000-b117ffff
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:107 errors:0 dropped:0 overruns:0 frame:0
TX packets:107 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:9294 (9.2 KB) TX bytes:9294 (9.2 KB)
veth49812b6 Link encap:Ethernet HWaddr 62:17:58:3d:30:1c
inet6 addr: fe80::6017:58ff:fe3d:301c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:418 (418.0 B) TX bytes:360 (360.0 B)
I had this problem until I changed 1 of the docker commands
look for
udp://VPN.SERVERNAME.COM
and change to your ip/host
udp://
that fixed it for me
I have the same problem, I already changed the server name in udp://VPN.SERVERNAME.COM
to my public ip address but I still can't ping 8.8.8.8
. I did everything according to the instructions in README.md
(without any additional configuration options), I'm using an ArchLinux based system on an ovh.com
VPS. The strange thing is that it worked the first time I tested it, then it stopped working so I reinstalled the VPS and I pulled the docker image on a clean system but without any effect.
EDIT: you can find the logs here
EDIT: I added the options -Nd
to the openvpn config according to this note, regenerated the ovpn config files for clients and now it's working.
Is it fixed for someone except @pwl? Same issue for me, but @pwl' solution doesn't work.
@dannywillems Since I wrote the above I actually managed to set up a few different docker images using the -Ndcu
options and they are all working fine. The only issue with this setup is that I'm actually connecting to the Internet through the original interface instead of through the VPN (my goal was to connect two computers which are both behind a NAT), so that won't work if you are trying to setup a VPN as an encrypted tunnel to the outside world.
I've followed the instructions here. I can successfully connect to OpenVPN but there is no internet connection afterwards.
Any ideas?