search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.62k stars 2.37k forks source link

Migrating docker volume to a different server #675

Closed JosephCW closed 2 years ago

JosephCW commented 2 years ago

Hello, I've setup and had running a kylemanna/docker-openvpn container for a while now. I migrated the docker volume ovpn-data by copying all of the contens from /var/lib/docker/volumes/ovpn-data/_data while the container was down to the to the new machine under the same directory after creating the volume in docker via docker volume create.. The container spins up fine but it appears that I get error when trying to authenticate.

Fri Sep 24 00:26:38 2021 Authenticate/Decrypt packet error: packet HMAC authentication failed
Fri Sep 24 00:26:38 2021 TLS Error: incoming packet authentication failed from [AF_INET]<external ip>:11478

Startup logs don't appear any different than they did prior to the migration.

Running 'openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem '
Fri Sep 24 00:00:04 2021 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Fri Sep 24 00:00:04 2021 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Fri Sep 24 00:00:04 2021 Diffie-Hellman initialized with 2048 bit key
Fri Sep 24 00:00:04 2021 CRL: loaded 1 CRLs from file /etc/openvpn/crl.pem
Fri Sep 24 00:00:04 2021 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 24 00:00:04 2021 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 24 00:00:04 2021 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=<>
Fri Sep 24 00:00:04 2021 TUN/TAP device tun0 opened
Fri Sep 24 00:00:04 2021 TUN/TAP TX queue length set to 100
Fri Sep 24 00:00:04 2021 /sbin/ip link set dev tun0 up mtu 1500
Fri Sep 24 00:00:04 2021 /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
Fri Sep 24 00:00:04 2021 /sbin/ip route add 192.168.254.0/24 via 192.168.255.2
Fri Sep 24 00:00:04 2021 /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
Fri Sep 24 00:00:04 2021 Could not determine IPv4/IPv6 protocol. Using AF_INET
Fri Sep 24 00:00:04 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Sep 24 00:00:04 2021 UDPv4 link local (bound): [AF_INET][undef]:1194
Fri Sep 24 00:00:04 2021 UDPv4 link remote: [AF_UNSPEC]
Fri Sep 24 00:00:04 2021 GID set to nogroup
Fri Sep 24 00:00:04 2021 UID set to nobody
Fri Sep 24 00:00:04 2021 MULTI: multi_init called, r=256 v=256
Fri Sep 24 00:00:04 2021 IFCONFIG POOL: base=192.168.255.4 size=62, ipv6=0
Fri Sep 24 00:00:04 2021 Initialization Sequence Completed
JosephCW commented 2 years ago

I was sorting by the wrong direction when restoring my backups.. Restored one that was much, much older and using a different CA. Carry on :innocent: