search

kylemanna / docker-openvpn

🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA
https://hub.docker.com/r/kylemanna/openvpn/
MIT License
8.62k stars 2.37k forks source link

Issues with Compression Settings #767

Open Karman40 opened 4 months ago

Karman40 commented 4 months ago

CONF:

ovpn_env.sh

declare -x OVPN_AUTH=
declare -x OVPN_CIPHER=
declare -x OVPN_CLIENT_TO_CLIENT=
declare -x OVPN_CN=88.151.101.116
declare -x OVPN_COMP_LZO=0
declare -x OVPN_DEFROUTE=1
declare -x OVPN_DEVICE=tun
declare -x OVPN_DEVICEN=0
declare -x OVPN_DISABLE_PUSH_BLOCK_DNS=0
declare -x OVPN_DNS=1
declare -x OVPN_DNS_SERVERS=([0]="1.1.1.1" [1]="1.0.0.1")
declare -x OVPN_ENV=/etc/openvpn/ovpn_env.sh
declare -x OVPN_EXTRA_CLIENT_CONFIG=()
declare -x OVPN_EXTRA_SERVER_CONFIG=()
declare -x OVPN_FRAGMENT=
declare -x OVPN_KEEPALIVE='10 60'
declare -x OVPN_MTU=
declare -x OVPN_NAT=0
declare -x OVPN_PORT=1195
declare -x OVPN_PROTO=udp
declare -x OVPN_PUSH=()
declare -x OVPN_ROUTES=([0]="192.168.254.0/24")
declare -x OVPN_SERVER=192.168.255.0/24
declare -x OVPN_SERVER_URL=udp://88.151.101.116:1195
declare -x OVPN_TLS_CIPHER=

openvpn.conf

server 192.168.255.0 255.255.255.0
verb 3
key /etc/openvpn/pki/private/88.151.101.116.key
ca /etc/openvpn/pki/ca.crt
cert /etc/openvpn/pki/issued/88.151.101.116.crt
dh /etc/openvpn/pki/dh.pem
tls-auth /etc/openvpn/pki/ta.key
key-direction 0
keepalive 10 60
persist-key
persist-tun

proto udp
# Rely on Docker to do port mapping, internally always 1194
port 1194
dev tun0
status /tmp/openvpn-status.log

user nobody
group nogroup
comp-lzo no

### Route Configurations Below
route 192.168.254.0 255.255.255.0

### Push Configurations Below
push "block-outside-dns"
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
push "comp-lzo no"

docker-compose.yml

version: '2'

services:
  openvpn:
    container_name: openvpn
    image: kylemanna/openvpn
    cap_add:
     - NET_ADMIN
    ports:
     - "1195:1194/udp"
    restart: always
    volumes:
     - ./openvpn/conf:/etc/openvpn

ERROR LOG:

2024-02-13 23:10:16 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2024-02-13 23:10:16 OpenVPN 2.6.9 [git:v2.6.9/6640a10bf6d84eee] Windows [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] [DCO] built on Feb 12 2024
2024-02-13 23:10:16 Windows version 10.0 (Windows 10 or greater), amd64 executable
2024-02-13 23:10:16 library versions: OpenSSL 3.2.0 23 Nov 2023, LZO 2.10
2024-02-13 23:10:16 DCO version: 1.0.0
2024-02-13 23:10:16 TCP/UDP: Preserving recently used remote address: [AF_INET]88.151.101.116:1195
2024-02-13 23:10:16 ovpn-dco device [OpenVPN Data Channel Offload] opened
2024-02-13 23:10:16 UDP link local: (not bound)
2024-02-13 23:10:16 UDP link remote: [AF_INET]88.151.101.116:1195
2024-02-13 23:10:16 [88.151.101.116] Peer Connection Initiated with [AF_INET]88.151.101.116:1195
2024-02-13 23:10:18 Compression or compression stub framing is not allowed since data-channel offloading is enabled.
2024-02-13 23:10:18 OPTIONS ERROR: server pushed compression settings that are not allowed and will result in a non-working connection. See also allow-compression in the manual.
2024-02-13 23:10:18 ERROR: Failed to apply push options
2024-02-13 23:10:18 Failed to open tun/tap interface
2024-02-13 23:10:18 SIGUSR1[soft,process-push-msg-failed] received, process restarting
bleak183 commented 2 months ago

Same issue. Solution is here https://github.com/kylemanna/docker-openvpn/issues/381#issuecomment-417062516