Closed DavidBertet closed 3 months ago
What platform/OS do you run the OpenVPN container on so that I can replicate this?
Could you please restart your container and send me its full log please? Thanks.
I'm on a Synology NAS
DSM 7.1.1-42962 Update 6 Docker version 20.10.3, build 55f0773
I don't have much more logs than that
david:~$ docker run --volume openvpn-data:/etc/openvpn --rm -it --entrypoint sh --cap-add=NET_ADMIN lisenet/openvpn
/ # ovpn_run
Warning: Extension MASQUERADE revision 0 not supported, missing kernel module?
iptables v1.8.9 (nf_tables): Could not fetch rule set generation id: Invalid argument
Using this image works
FROM lisenet/openvpn
RUN apk add iptables-legacy && \
rm /sbin/iptables && \
ln -s /sbin/iptables-legacy /sbin/iptables
CMD ["ovpn_run"]
From https://gitlab.com/postmarketOS/pmaports/-/issues/2122#note_1418204524
Does Synology NAS use an old version of iptables
(legacy) and not nftables
? If so, that might explain the problem that you are having.
This is a tricky one to be honest with you because the world (Red Hat, Canonical) is moving to nftables
. It's been the default backend for the firewall since RHEL 8 and Ubuntu 21.10.
I'm getting the same error. Would be great to support an environment variable allowing the usage of legacy iptables for use cases such as Synology NAS where the kernel version is not user-upgradable.
Where would you expect to have an environment variable defined? Inside a Dockerfile so that it builds an image with iptables-legacy
if say "env legacy" is set to true
? Or would you build the image with iptables-legacy
installed by default, and then use some clever logic to invoke it based on some environment variable?
My preference would be to build the image with iptables-legacy
and conditionally use the binary iptables
or nftables
based on the environment variable.
I've been getting this error with the latest image (haven't tried previous ones)
Using legacy version of iptables by running
Fixed the issue
Could you take a look to fix the image itself? Thanks!