pieterlange / kube-openvpn

:closed_lock_with_key: Kubernetes native OpenVPN
MIT License
383 stars 57 forks source link

container logs Cannot create TCP socket #48

Closed fatg1988 closed 6 years ago

fatg1988 commented 7 years ago

what should i do ~~

iptables: Chain already exists. Fri Oct 27 03:00:19 2017 Running 'openvpn --config /etc/openvpn/openvpn.conf --push route 10.254.0.0 255.255.0.0 --push route 172.254.0.0 255.255.0.0 --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl/crl.pem ' Fri Oct 27 03:00:19 2017 Routing 172.254.100.4:20080 to 10.140.0.5:80 (example) Fri Oct 27 03:00:19 2017 WARNING: file '/etc/openvpn/pki/private.key' is group or others accessible Fri Oct 27 03:00:19 2017 WARNING: file '/etc/openvpn/pki/ta.key' is group or others accessible Fri Oct 27 03:00:19 2017 OpenVPN 2.4.3 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 23 2017 Fri Oct 27 03:00:19 2017 library versions: LibreSSL 2.5.4, LZO 2.10 Fri Oct 27 03:00:19 2017 Diffie-Hellman initialized with 2048 bit key Fri Oct 27 03:00:19 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Oct 27 03:00:19 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Fri Oct 27 03:00:19 2017 TUN/TAP device tun0 opened Fri Oct 27 03:00:19 2017 TUN/TAP TX queue length set to 100 Fri Oct 27 03:00:19 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Fri Oct 27 03:00:19 2017 /sbin/ip link set dev tun0 up mtu 1500 Fri Oct 27 03:00:19 2017 /sbin/ip addr add dev tun0 10.140.0.1/24 broadcast 10.140.0.255 Fri Oct 27 03:00:19 2017 Could not determine IPv4/IPv6 protocol. Using AF_INET6 Fri Oct 27 03:00:19 2017 Cannot create TCP socket: Address family not supported by protocol (errno=97) Fri Oct 27 03:00:19 2017 Exiting due to fatal error Fri Oct 27 03:00:19 2017 Closing TUN/TAP interface Fri Oct 27 03:00:19 2017 /sbin/ip addr del dev tun0 10.140.0.1/24

pieterlange commented 7 years ago

Sounds like your systems don't support IPv6. Try setting OVPN_PROTO to tcp4.

-edit: on master you can now also set tcp4 explicitly on the server URL without having to override it with the OVPN_PROTO environment variable.

fatg1988 commented 7 years ago

1.change to tcp4 openvpn-settings serverurl: tcp4://10.232.98.20:1194 then logs Need to pass in OVPN_SERVER_URL in 'proto://fqdn:port' format

  1. Then modified environment variable is also invalid deployment.yaml env: name: OVPN_PROTO value: tcp4
pieterlange commented 7 years ago

The latest was rebuilt yesterday with the new regex for the server URL. Make sure you're pulling a recent image with imagePullPolicy on your deployment (Always).

If that doesn't work try ONLY setting the OVPN_PROTO to tcp4.

fatg1988 commented 7 years ago

not works~~

default

ptlange/openvpn latest ee3a6f3f554b 9 hours ago 15.7MB

pieterlange commented 7 years ago

Please run the container with DEBUG set and provide the logs (https://github.com/pieterlange/kube-openvpn/blob/master/docs/FAQ.md#the-pod-keeps-crashing)