search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.62k stars 2.37k forks source link

NAT iptables and AlmaLinux 9 #735

Open Poueck opened 1 year ago

Poueck commented 1 year ago

NAT functionnality doesn't work on AlmaLinux 9 (kernel 5.14.0-162.12.1.el9_1.x86_64):

openvpn      | iptables v1.8.4 (legacy): can't initialize iptables table 'nat': Table does not exist (do you need to insmod?)
openvpn      | Perhaps iptables or your kernel needs to be upgraded.

On the host, iptables v1.8.8

# iptables -V
iptables v1.8.8 (nf_tables)
# rpm -qa iptables*
iptables-libs-1.8.8-4.el9.x86_64
iptables-nft-1.8.8-4.el9.x86_64
Poueck commented 1 year ago

It appears that iptables links are set to legacy instead of nft.

I updated the ovpn_run script with "iptables-nft" instead of "iptables" and it is working.

Traxof63 commented 1 year ago

Hello, I've the same issue, but when I set "iptables-nft" instead of "iptables" This error occurs : iptables: Failed to initialize nft: Protocol not supported

Poueck commented 1 year ago

Hello, I've the same issue, but when I set "iptables-nft" instead of "iptables" This error occurs : iptables: Failed to initialize nft: Protocol not supported

Does iptables installed on the host ?

Traxof63 commented 1 year ago

yes

Poueck commented 1 year ago

yes

And the container have the --cap-add=NET_ADMIN ?

Traxof63 commented 1 year ago

Yes, I use the recommended docker-compose file, and on the host, iptables is in nft mode....

GunoH commented 1 week ago

Had the same issue, when using the public kylemanna/openvpn image in my compose file (as instructed in docs/docker-compose.md).

However, when building the image myself from the master branch (1228577), the issue is gone. Maybe some fixes did not go into the public image yet.