Cannot start the server - iptables errors

[ClaymorePT]

After creating the container and starting it, I went to the administration portal, logged in, went to Status -> Status Overview and clicked Start the Server.

---

Expected Behavior

Clicked Start the Server Server should be configured with default values Server should come online.

Current Behavior

Clicked Start the Server The following error occurred

service failed to start due to unresolved dependencies: set(['user'])
service failed to start due to unresolved dependencies: set(['iptables_openvpn'])
Service deferred error: IPTablesServiceBase: failed to run iptables-restore [status=2]: ["Bad argument `[unsupported'", 'Error occurred at line: 109', "Try `iptables-restore -h' or 'iptables-restore --help' for more information."]: internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/daemon:28,util/daemon:69,application/app:384,scripts/_twistd_unix:258,application/app:396,application/app:311,internet/base:1243,internet/base:1255,internet/epollreactor:235,python/log:103,python/log:86,python/context:122,python/context:85,internet/posixbase:627,internet/posixbase:252,internet/abstract:313,internet/process:312,internet/process:973,internet/process:985,internet/process:350,internet/_baseprocess:52,internet/process:987,internet/_baseprocess:64,svc/pp:141,svc/svcnotify:32,internet/defer:459,internet/defer:567,internet/defer:653,sagent/ipts:134,sagent/ipts:51,util/error:67,util/error:48
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['user', 'iptables_live', 'iptables_openvpn'])
service failed to start due to unresolved dependencies: set(['iptables_live', 'iptables_openvpn'])

Steps to Reproduce

1. After accessing the web UI for the first time, went to Status -> Status Overview
2. Clicked Start the Server

Environment

OS: ArchLinux
CPU architecture: x86_64 How docker service was installed: N/A

Command used to create docker container (run/create/compose/screenshot)

docker run -dit -p 943:943 -p 9443:9443 -p 1194:1194/udp --cap-add=NET_ADMIN --ip 192.168.248.3 --dns 192.168.123.1 --name openvpn --network containers_br --hostname openvpn.containers.claymore.no-ip.org  --restart unless-stopped linuxserver/openvpn-a

Docker logs

claymore@guardian ~> docker attach openvpn
Setting up openvpn-as (2.7.5-932a08a3-Ubuntu18) ...

The Access Server has been successfully installed in /usr/local/openvpn_as
Configuration log file has been written to /usr/local/openvpn_as/init.log

Please enter "passwd openvpn" to set the initial
administrative password, then login as "openvpn" to continue
configuration here: https://192.168.248.3:943/admin

To reconfigure manually, use the /usr/local/openvpn_as/bin/ovpn-init tool.

+++++++++++++++++++++++++++++++++++++++++++++++
Access Server Web UIs are available here:
Admin  UI: https://192.168.248.3:943/admin
Client UI: https://192.168.248.3:943/
+++++++++++++++++++++++++++++++++++++++++++++++

Beginning with OpenVPN AS 2.6.0 compression is disabled by default and on upgrades as security patch.
Stopping openvpn-as now; will start again later after configuring
[cont-init.d] 30-config: exited 0.
[cont-init.d] 40-openvpn-init: executing... 
Detected an existing OpenVPN-AS configuration.
Continuing will delete this configuration and restart from scratch.
Please enter 'DELETE' to delete existing configuration: Stopping openvpnas daemon...

          OpenVPN Access Server
          Initial Configuration Tool
------------------------------------------------------
OpenVPN Access Server End User License Agreement (OpenVPN-AS EULA)

    1. Copyright Notice: OpenVPN Access Server License;
       Copyright (c) 2009-2019 OpenVPN Inc. All rights reserved.
       "OpenVPN" is a trademark of OpenVPN Inc.
    2. Redistribution of OpenVPN Access Server binary forms and related documents,
       are permitted provided that redistributions of OpenVPN Access Server binary
       forms and related documents reproduce the above copyright notice as well as
       a complete copy of this EULA.
    3. You agree not to reverse engineer, decompile, disassemble, modify,
       translate, make any attempt to discover the source code of this software,
       or create derivative works from this software.
    4. The OpenVPN Access Server is bundled with other open source software
       components, some of which fall under different licenses. By using OpenVPN
       or any of the bundled components, you agree to be bound by the conditions
       of the license for each respective component. For more information, you can
       find our complete EULA (End-User License Agreement) on our website
       (http://openvpn.net), and a copy of the EULA is also distributed with the
       Access Server in the file /usr/local/openvpn_as/license.txt.
    5. This software is provided "as is" and any expressed or implied warranties,
       including, but not limited to, the implied warranties of merchantability
       and fitness for a particular purpose are disclaimed. In no event shall
       OpenVPN Inc. be liable for any direct, indirect, incidental,
       special, exemplary, or consequential damages (including, but not limited
       to, procurement of substitute goods or services; loss of use, data, or
       profits; or business interruption) however caused and on any theory of
       liability, whether in contract, strict liability, or tort (including
       negligence or otherwise) arising in any way out of the use of this
       software, even if advised of the possibility of such damage.
    6. OpenVPN Inc. is the sole distributor of OpenVPN Access Server
       licenses. This agreement and licenses granted by it may not be assigned,
       sublicensed, or otherwise transferred by licensee without prior written
       consent of OpenVPN Inc. Any licenses violating this provision
       will be subject to revocation and deactivation, and will not be eligible
       for refunds.
    7. A purchased license entitles you to use this software for the duration of
       time denoted on your license key on any one (1) particular device, up to
       the concurrent user limit specified by your license. Multiple license keys
       may be activated to achieve a desired concurrency limit on this given
       device. Unless otherwise prearranged with OpenVPN Inc.,
       concurrency counts on license keys are not to be divided for use amongst
       multiple devices. Upon activation of the first purchased license key in
       this software, you agree to forego any free licenses or keys that were
       given to you for demonstration purposes, and as such, the free licenses
       will not appear after the activation of a purchased key. You are
       responsible for the timely activation of these licenses on your desired
       server of choice. Refunds on purchased license keys are only possible
       within 30 days of purchase of license key, and then only if the license key
       has not already been activated on a system. To request a refund, contact us
       through our support ticket system using the account you have used to
       purchase the license key. Exceptions to this policy may be given for
       machines under failover mode, and when the feature is used as directed in
       the OpenVPN Access Server user manual. In these circumstances, a user is
       granted one (1) license key (per original license key) for use solely on
       failover purposes free of charge. Other failover and/or load balancing use
       cases will not be eligible for this exception, and a separate license key
       would have to be acquired to satisfy the licensing requirements. To request
       a license exception, please file a support ticket in the OpenVPN Access
       Server ticketing system. A staff member will be responsible for determining
       exception eligibility, and we reserve the right to decline any requests not
       meeting our eligibility criteria, or requests which we believe may be
       fraudulent in nature.
    8. Activating a license key ties it to the specific hardware/software
       combination that it was activated on, and activated license keys are
       nontransferable. Substantial software and/or hardware changes may 
       invalidate an activated license. In case of substantial software and/or
       hardware changes, caused by for example, but not limited to failure and
       subsequent repair or alterations of (virtualized) hardware/software, our
       software product will automatically attempt to contact our online licensing
       systems to renegotiate the licensing state. On any given license key, you
       are limited to three (3) automatic renegotiations within the license key
       lifetime. After these renegotiations are exhausted, the license key is
       considered invalid, and the activation state will be locked to the last
       valid system configuration it was activated on. OpenVPN Inc.reserves the
       right to grant exceptions to this policy for license holders under
       extenuating circumstances, and such exceptions can be requested through a
       ticket via the OpenVPN Access Server ticketing system.
    9. Once an activated license key expires or becomes invalid, the concurrency
       limit on our software product will decrease by the amount of concurrent
       connections previously granted by the license key. If all of your purchased
       license key(s) have expired, the product will revert to demonstration mode,
       which allows a maximum of two (2) concurrent users to be connected to your
       server. Prior to your license expiration date(s), OpenVPN Inc. will attempt
       to remind you to renew your license(s) by sending periodic email messages
       to the licensee email address on record. You are solely responsible for
       the timely renewal of your license key(s) prior to their expiration if
       continued operation is expected after the license expiration date(s).
       OpenVPN Inc. will not be responsible for any misdirected and/or undeliverable
       email messages, nor does it have an obligation to contact you regarding
       your expiring license keys.
   10. Any valid license key holder is entitled to use our ticketing system for
       support questions or issues specifically related to the OpenVPN Access
       Server product. To file a ticket, go to our website at http://openvpn.net/
       and sign in using the account that was registered and used to purchase the
       license key(s). You can then access the support ticket system through our
       website and submit a support ticket. Tickets filed in the ticketing system
       are answered on a best-effort basis. OpenVPN Inc. staff
       reserve the right to limit responses to users of our demo / expired
       licenses, as well as requests that substantively deviate from the OpenVPN
       Access Server product line. Tickets related to the open source version of
       OpenVPN will not be handled here.
   11. Purchasing a license key does not entitle you to any special rights or
       privileges, except the ones explicitly outlined in this user agreement.
       Unless otherwise arranged prior to your purchase with OpenVPN,
       Inc., software maintenance costs and terms are subject to change after your
       initial purchase without notice. In case of price decreases or special
       promotions, OpenVPN Inc. will not retrospectively apply
       credits or price adjustments toward any licenses that have already been
       issued. Furthermore, no discounts will be given for license maintenance
       renewals unless this is specified in your contract with OpenVPN Inc.

Please enter 'yes' to indicate your agreement [no]: 
Once you provide a few initial configuration settings,
OpenVPN Access Server can be configured by accessing
its Admin Web UI using your Web browser.

Will this be the primary Access Server node?
(enter 'no' to configure as a backup or standby node)
> Press ENTER for default [yes]: 
Please specify the network interface and IP address to be
used by the Admin Web UI:
(1) all interfaces: 0.0.0.0
(2) eth0: 192.168.248.3
Please enter the option number from the list above (1-2).
> Press Enter for default [1]: 
Please specify the port number for the Admin Web UI.
> Press ENTER for default [943]: 
Please specify the TCP port number for the OpenVPN Daemon
> Press ENTER for default [443]: 
Should client traffic be routed by default through the VPN?
> Press ENTER for default [yes]: 
Should client DNS traffic be routed by default through the VPN?
> Press ENTER for default [yes]: 
Use local authentication via internal DB?
> Press ENTER for default [yes]: 
Private subnets detected: ['192.168.248.0/24']

Should private subnets be accessible to clients by default?
> Press ENTER for default [yes]: 
To initially login to the Admin Web UI, you must use a
username and password that successfully authenticates you
with the host UNIX system (you can later modify the settings
so that RADIUS or LDAP is used for authentication instead).

You can login to the Admin Web UI as "openvpn" or specify
a different user account to use for this purpose.

Do you wish to login to the Admin UI as "openvpn"?
> Press ENTER for default [yes]: 
> Specify the username for an existing user or for the new user account: Note: This user already exists.

> Please specify your OpenVPN-AS license key (or leave blank to specify later): 

Initializing OpenVPN...
Removing Cluster Admin user login...
userdel "admin_c"
Adding new user login...
useradd -s /sbin/nologin "admin"
Writing as configuration file...
Perform sa init...
Wiping any previous userdb...
Creating default profile...
Modifying default profile...
Adding new user to userdb...
Modifying new user as superuser in userdb...
Getting hostname...
Hostname: openvpn.containers.claymore.no-ip.org
Preparing web certificates...
Getting web user account...
Adding web group account...
Adding web group...
Adjusting license directory ownership...
Initializing confdb...
Generating init scripts...
Generating PAM config...
Generating init scripts auto command...
Starting openvpnas...

NOTE: Your system clock must be correct for OpenVPN Access Server
to perform correctly.  Please ensure that your time and date
are correct on this system.

Initial Configuration Complete!

You can now continue configuring OpenVPN Access Server by
directing your Web browser to this URL:

https://192.168.248.3:943/admin
Login as "admin" with the same password used to authenticate
to this UNIX host.

During normal operation, OpenVPN AS can be accessed via these URLs:
Admin  UI: https://192.168.248.3:943/admin
Client UI: https://192.168.248.3:943/

See the Release Notes for this release at:
   https://openvpn.net/vpn-server-resources/release-notes/

Stopping openvpn-as now; will start again later after configuring
[cont-init.d] 40-openvpn-init: exited 0.
[cont-init.d] 50-interface: executing... 
MOD Default {'admin_ui.https.ip_address': None} {'admin_ui.https.ip_address': 'eth0'}
MOD Default {'cs.https.ip_address': None} {'cs.https.ip_address': 'eth0'}
MOD Default {'vpn.daemon.0.listen.ip_address': None} {'vpn.daemon.0.listen.ip_address': 'eth0'}
MOD Default {'vpn.daemon.0.server.ip_address': None} {'vpn.daemon.0.server.ip_address': 'eth0'}
[cont-init.d] 50-interface: exited 0.
[cont-init.d] 99-custom-scripts: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.

[aptalca]

Remove --ip. It needs to use the interface inside the container for bridge to work

[ClaymorePT]

@aptalca the result is the same if I remove --ip 192.168.248.3 I still get the error.

[aptalca]

How did you install docker?

[aptalca]

If you installed docker from the OS package manager, install instead from the official docker repo.

Also make sure that your host has iptables installed and all kernel modules enabled: https://www.lowendtalk.com/discussion/5005/openvpn-as-issue

[ClaymorePT]

@aptalca Yes it was from the package manager. Changing it now will not be trivial. I will see what I can do. I have iptables installed. I'm using it as the main firewall.

Thank you for the link!

[aptalca]

It's just that we have seen many issues with docker installed via snap and via centos package manager. Those were all resolved by installing from the official repo.

Your issue seems to be a host related issue (I can't reproduce it). The other thing you can try is running it with --privileged but technically --cap-add=NET_ADMIN should have covered that.

Good luck and let us know how it works out.

[ClaymorePT]

Your issue seems to be a host related issue (I can't reproduce it). The other thing you can try is running it with --privileged but technically --cap-add=NET_ADMIN should have covered that.

I've tried that before I opened this issue but it did't work. As you said, this is most likely an issue from the docker version of archlinux. Thank you for the assistance.

[ClaymorePT]

I'm unable to resolve the issue from my side. At the moment, I cannot use any other version than the distribution version. For this reason, I'm closing this issue.

[mtsardakas]

I'm having the exact same issue on an Ubuntu host running 19.10. Irrespective of if I pass my conf files or start from scratch, the error is the same. I suspect the problem started after upgrading to 19.10 from 19.04 but am unable to confirm it. Docker has been installed from docker repo.

[aptalca]

I just set up a brand new VM on DO with 19.10, installed docker from the ubuntu repo (side note, we normally only support installs from the official docker repo, but since there is no package there for eoan yet, I tried the distro repo build).

Ran docker run -d --rm --name test -p 943:943 --cap-add=NET_ADMIN linuxserver/openvpn-as and it came right up.

Check your host system for issues, look into firewall, selinux, etc.

[mtsardakas]

Just figured it out - I had been running the container as part of a larger bridge network with about 10 other containers. Being at my wits end, I removed it from the network and run it with just a network_mode: bridge in the docker compose. Worked on first try. No idea why that might be the issue but I'm not complaining! Thanks for testing this out, you guys are amazing :)

[marker5a]

Hate to drag this one out again, but I'm having the same exact issue as the OP and would like to see about re-opening this. Also, running on ArchLinux and configuring the container through the use of the following docker-compose.yml

version: "2.1"

services:
  openvpn-as
    image: linuxserver/openvpn-as:2.7.5-ls22
    container_name: openvpn-as
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=US/Eastern
    volumes:
      - ./data:/config
    ports:
      - 943:943
      - 9443:9443
      - 1190:1190/udp
    restart: unless-stopped
    networks:
        my_net:
            ipv4_address: 172.18.0.3

  gitlab:
    image: 'gitlab/gitlab-ee:latest'
    restart: always
    hostname: 'gitlab.example.com'
    mem_limit: 8000M
    mem_reservation: 4000M

    volumes:
      - '/srv/gitlab/config:/etc/gitlab'
      - '/srv/gitlab/logs:/var/log/gitlab'
      - '/srv/gitlab/data:/var/opt/gitlab'
    networks:
        my_net:
            ipv4_address: 172.18.0.2
networks:
    my_net:
        driver: bridge
        ipam:
            driver: default
            config:
              - subnet: 172.18.0.0/24
                gateway: 172.18.0.1

If I switch it to bridge mode, it works, but the intent is to not have it be in bridged mode so that's not a viable option for me at the moment.

Trying to further understand the issue, but not really aware of what mechanism would prevent this from working, although host OS does seem to be an issue. Below are the loaded modules on the host OS

Module                  Size  Used by
iptable_mangle         16384  1
xt_mark                16384  5
xfs                  1777664  0
nilfs2                266240  0
jfs                   217088  0
btrfs                1499136  0
blake2b_generic        20480  0
xor                    24576  1 btrfs
raid6_pq              122880  1 btrfs
loop                   40960  0
dm_mod                159744  0
hid_mcp2221            16384  0
ext4                  790528  1
mbcache                16384  1 ext4
jbd2                  139264  1 ext4
overlay               135168  0
ppp_deflate            16384  0
bsd_comp               16384  0
ppp_async              20480  0
ppp_generic            49152  3 ppp_deflate,bsd_comp,ppp_async
slhc                   20480  1 ppp_generic
nls_iso8859_1          16384  0
nls_cp437              20480  0
vfat                   20480  0
fat                    86016  1 vfat
uas                    32768  0
usb_storage            77824  2 uas
cdc_acm                45056  0
veth                   32768  0
uinput                 20480  0
ftdi_sio               65536  0
rfcomm                 90112  16
fuse                  143360  3
nf_conntrack_netlink    53248  0
nfnetlink              16384  2 nf_conntrack_netlink
xfrm_user              45056  1
xfrm_algo              16384  1 xfrm_user
xt_addrtype            16384  2
br_netfilter           32768  0
bridge                229376  1 br_netfilter
cfg80211              888832  0
8021q                  40960  0
garp                   16384  1 8021q
mrp                    20480  1 8021q
stp                    16384  2 bridge,garp
llc                    16384  3 bridge,stp,garp
tun                    57344  6
ax25                   77824  0
cmac                   16384  2
algif_hash             16384  1
algif_skcipher         16384  1
af_alg                 32768  6 algif_hash,algif_skcipher
bnep                   28672  2
xt_conntrack           16384  95
iptable_filter         16384  2
xt_MASQUERADE          20480  9
xt_nat                 16384  19
xt_tcpudp              20480  94
iptable_nat            16384  3
nf_nat                 49152  3 xt_nat,iptable_nat,xt_MASQUERADE
nf_conntrack          172032  5 xt_conntrack,nf_nat,xt_nat,nf_conntrack_netlink,xt_MASQUERADE
nf_defrag_ipv6         24576  1 nf_conntrack
nf_defrag_ipv4         16384  1 nf_conntrack
libcrc32c              16384  4 nf_conntrack,nf_nat,btrfs,xfs
crc32c_generic         16384  0
nvidia_drm             53248  4
nvidia_modeset       1118208  10 nvidia_drm
nvidia              20721664  412 nvidia_modeset
btusb                  65536  0
btrtl                  24576  1 btusb
intel_rapl_msr         20480  0
btbcm                  20480  1 btusb
intel_rapl_common      32768  1 intel_rapl_msr
btintel                32768  1 btusb
snd_hda_codec_realtek   135168  1
snd_hda_codec_generic    98304  1 snd_hda_codec_realtek
bluetooth             708608  37 btrtl,btintel,btbcm,bnep,btusb,rfcomm
ledtrig_audio          16384  2 snd_hda_codec_generic,snd_hda_codec_realtek
sb_edac                24576  0
snd_hda_codec_hdmi     73728  1
x86_pkg_temp_thermal    20480  0
snd_hda_intel          53248  3
ecdh_generic           16384  1 bluetooth
ecc                    36864  1 ecdh_generic
snd_intel_dspcfg       28672  1 snd_hda_intel
intel_powerclamp       20480  0
iTCO_wdt               16384  0
iTCO_vendor_support    16384  1 iTCO_wdt
drm_kms_helper        258048  1 nvidia_drm
snd_hda_codec         163840  4 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec_realtek
crc16                  16384  2 bluetooth,ext4
coretemp               20480  0
cec                    69632  1 drm_kms_helper
snd_hda_core          106496  5 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_hda_codec_realtek
rc_core                57344  1 cec
ipmi_devintf           20480  0
snd_hwdep              16384  1 snd_hda_codec
mousedev               24576  0
input_leds             16384  0
ipmi_msghandler        73728  2 ipmi_devintf,nvidia
snd_pcm               147456  4 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec,snd_hda_core
kvm_intel             327680  0
syscopyarea            16384  1 drm_kms_helper
kvm                   823296  1 kvm_intel
sysfillrect            16384  1 drm_kms_helper
snd_timer              40960  1 snd_pcm
irqbypass              16384  1 kvm
sysimgblt              16384  1 drm_kms_helper
snd                   114688  14 snd_hda_codec_generic,snd_hda_codec_hdmi,snd_hwdep,snd_hda_intel,snd_hda_codec,snd_hda_codec_realtek,snd_timer,snd_pcm
hp_wmi                 20480  0
crct10dif_pclmul       16384  1
fb_sys_fops            16384  1 drm_kms_helper
ghash_clmulni_intel    16384  0
sparse_keymap          16384  1 hp_wmi
soundcore              16384  1 snd
e1000e                299008  0
psmouse               180224  0
ioatdma                61440  0
wmi_bmof               16384  0
rfkill                 28672  7 hp_wmi,bluetooth,cfg80211
intel_cstate           16384  0
intel_uncore          159744  0
intel_rapl_perf        16384  0
i2c_i801               36864  0
lpc_ich                28672  0
dca                    16384  1 ioatdma
evdev                  24576  8
mac_hid                16384  0
vboxnetflt             32768  0
vboxnetadp             28672  0
vboxdrv               520192  2 vboxnetadp,vboxnetflt
nfsd                  516096  14
auth_rpcgss           118784  1 nfsd
nfs_acl                16384  1 nfsd
drm                   577536  7 drm_kms_helper,nvidia_drm
usbip_host             40960  0
usbip_core             40960  1 usbip_host
lockd                 122880  1 nfsd
grace                  16384  2 nfsd,lockd
sunrpc                507904  18 nfsd,auth_rpcgss,lockd,nfs_acl
sg                     40960  0
agpgart                53248  1 drm
crypto_user            16384  0
ip_tables              32768  68 iptable_filter,iptable_nat,iptable_mangle
x_tables               53248  9 xt_conntrack,iptable_filter,xt_tcpudp,xt_addrtype,xt_nat,ip_tables,xt_MASQUERADE,iptable_mangle,xt_mark
hid_generic            16384  0
usbhid                 65536  0
hid                   143360  3 usbhid,hid_generic,hid_mcp2221
serio_raw              20480  0
atkbd                  36864  0
libps2                 20480  2 atkbd,psmouse
crc32_pclmul           16384  0
crc32c_intel           24576  2
aesni_intel           368640  3
glue_helper            16384  1 aesni_intel
crypto_simd            16384  1 aesni_intel
cryptd                 24576  3 crypto_simd,ghash_clmulni_intel
isci                  163840  0
xhci_pci               20480  0
mpt3sas               303104  3
firewire_ohci          45056  0
xhci_hcd              286720  1 xhci_pci
sr_mod                 28672  0
libsas                102400  1 isci
firewire_core          81920  1 firewire_ohci
ehci_pci               20480  0
cdrom                  73728  1 sr_mod
raid_class             16384  1 mpt3sas
ehci_hcd               98304  1 ehci_pci
crc_itu_t              16384  1 firewire_core
scsi_transport_sas     49152  3 isci,libsas,mpt3sas
wmi                    36864  2 hp_wmi,wmi_bmof
i8042                  32768  0
serio                  28672  6 serio_raw,atkbd,psmouse,i8042
zfs                  4272128  26
zunicode              335872  1 zfs
zavl                   16384  1 zfs
icp                   323584  1 zfs
zcommon               102400  2 zfs,icp
znvpair               106496  2 zfs,zcommon
spl                   126976  5 zfs,icp,znvpair,zcommon,zavl
zlua                  184320  1 zfs

[marker5a]

Can confirm same issue on VM running Ubuntu 20.04, FYI

[marker5a]

Ditto for installing outside of the package manager.. I downloaded the binaries from docker directly and extracted to root and have the same issue

[saytosid]

Any update on this issue?

[marker5a]

No, I gave up and switched to wireguard... It's a superior vpn anyways

On Sat, Oct 24, 2020, 7:41 PM Siddhant Kumar notifications@github.com wrote:

Any update on this issue?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/linuxserver/docker-openvpn-as/issues/91#issuecomment-716069439, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABSNTYN3QVZTWUAUAUIQ3G3SMNQ3JANCNFSM4JBOJKVQ .