search

schmas / docker-openvpn-client

Docker OpenVPN Client
GNU General Public License v3.0
41 stars 32 forks source link

Does this still work? #23

Open konsumer opened 4 years ago

konsumer commented 4 years ago

I think I am using it right. I have this in my docker-compose:

  openvpn:
    image: dceschmidt/openvpn-client
    restart: always
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    dns:
      - 8.8.8.8
      - 8.8.4.4
    environment:
      - OPENVPN_PROVIDER=PRIVATEVPN
      - OPENVPN_USERNAME=${VPN_USER}
      - OPENVPN_PASSWORD=${VPN_PASSWORD}
      - OPENVPN_CONFIG=/etc/openvpn/conf/privatevpn/los-angeles-usa.ovpn
      - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
      - LOCAL_NETWORK=172.19.0.0/24
    ports:
      - 8112:8112 # port for deluge

My plan was to use it like this to share the networking with the openvn container:

  deluge:
    image: linuxserver/deluge
    network_mode: service:openvpn

To make sure everything is working, I am starting with openvpn. When it starts, I get no errors, and it seems to be connecting:

docker-compose up openvpn

openvpn_1   | *** Running /etc/my_init.d/00_regen_ssh_host_keys.sh...
openvpn_1   | No SSH host key available. Generating one...
openvpn_1   | Creating SSH2 RSA key; this may take some time ...
openvpn_1   | 2048 SHA256:3HCX8/ncdktLzemHcoCb6x5UDRKH4PQfyc7gsey65cw root@f9d3cd527bfe (RSA)
openvpn_1   | Creating SSH2 DSA key; this may take some time ...
openvpn_1   | 1024 SHA256:tJbstN226OJfsLzpCTmiWIByXUpg5OqCl5oW/PGWiv0 root@f9d3cd527bfe (DSA)
openvpn_1   | Creating SSH2 ECDSA key; this may take some time ...
openvpn_1   | 256 SHA256:jhuwr69NJuPNc0p1iKETWn8p0RyWsImceWb2YBSpQkY root@f9d3cd527bfe (ECDSA)
openvpn_1   | Creating SSH2 ED25519 key; this may take some time ...
openvpn_1   | 256 SHA256:dt8g3GmyOvyMi2di0eaMce2pUuyyt4cgRpfZCQ7ktqc root@f9d3cd527bfe (ED25519)
openvpn_1   | invoke-rc.d: could not determine current runlevel
openvpn_1   | invoke-rc.d: policy-rc.d denied execution of restart.
openvpn_1   | *** Running /etc/my_init.d/10_syslog-ng.init...
openvpn_1   | Jan 22 20:23:33 f9d3cd527bfe syslog-ng[80]: syslog-ng starting up; version='3.5.6'
openvpn_1   | Jan 22 20:23:34 f9d3cd527bfe syslog-ng[80]: EOF on control channel, closing connection;
openvpn_1   | *** Running /etc/my_init.d/openvpn-setup.sh...
openvpn_1   | Using OpenVPN provider: PRIVATEVPN
openvpn_1   | Supplied config /etc/openvpn/conf/privatevpn/los-angeles-usa.ovpn.ovpn could not be found.
openvpn_1   | Using default OpenVPN gateway for provider privatevpn
openvpn_1   | Setting OPENVPN credentials...
openvpn_1   | adding route to local network 172.19.0.0/24 via 172.19.0.1 dev eth0
openvpn_1   | *** Running /etc/rc.local...
openvpn_1   | *** Booting runit daemon...
openvpn_1   | *** Runit started as PID 96
openvpn_1   | OpenVPN OPTS: --inactive 3600 --ping 10 --ping-exit 60
openvpn_1   | OpenVPN config: /etc/openvpn/conf/privatevpn/default.ovpn
openvpn_1   | Jan 22 20:23:34 f9d3cd527bfe cron[102]: (CRON) INFO (pidfile fd = 3)
openvpn_1   | Jan 22 20:23:34 f9d3cd527bfe cron[102]: (CRON) INFO (Running @reboot jobs)
openvpn_1   | Wed Jan 22 20:23:34 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan  9 2019
openvpn_1   | Wed Jan 22 20:23:34 2020 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
openvpn_1   | Wed Jan 22 20:23:34 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn_1   | Wed Jan 22 20:23:34 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
openvpn_1   | Wed Jan 22 20:23:34 2020 UDPv4 link local: [undef]
openvpn_1   | Wed Jan 22 20:23:34 2020 UDPv4 link remote: [AF_INET]91.240.64.20:21003
openvpn_1   | Wed Jan 22 20:24:34 2020 [UNDEF] Inactivity timeout (--ping-exit), exiting
openvpn_1   | Wed Jan 22 20:24:34 2020 SIGTERM[soft,ping-exit] received, process exiting
openvpn_1   | OpenVPN OPTS: --inactive 3600 --ping 10 --ping-exit 60
openvpn_1   | OpenVPN config: /etc/openvpn/conf/privatevpn/default.ovpn
openvpn_1   | Wed Jan 22 20:24:34 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan  9 2019
openvpn_1   | Wed Jan 22 20:24:34 2020 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
openvpn_1   | Wed Jan 22 20:24:34 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn_1   | Wed Jan 22 20:24:34 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
openvpn_1   | Wed Jan 22 20:24:34 2020 UDPv4 link local: [undef]
openvpn_1   | Wed Jan 22 20:24:34 2020 UDPv4 link remote: [AF_INET]91.240.64.18:21003
openvpn_1   | Wed Jan 22 20:25:34 2020 [UNDEF] Inactivity timeout (--ping-exit), exiting
openvpn_1   | Wed Jan 22 20:25:34 2020 SIGTERM[soft,ping-exit] received, process exiting
openvpn_1   | OpenVPN OPTS: --inactive 3600 --ping 10 --ping-exit 60
openvpn_1   | OpenVPN config: /etc/openvpn/conf/privatevpn/default.ovpn
openvpn_1   | Wed Jan 22 20:25:34 2020 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jan  9 2019
openvpn_1   | Wed Jan 22 20:25:34 2020 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
openvpn_1   | Wed Jan 22 20:25:34 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
openvpn_1   | Wed Jan 22 20:25:34 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
openvpn_1   | Wed Jan 22 20:25:34 2020 UDPv4 link local: [undef]
openvpn_1   | Wed Jan 22 20:25:34 2020 UDPv4 link remote: [AF_INET]91.240.64.20:21003

When I check my remote connection inside the openvpn docker-container I get my real external IP, not the VPN:

docker-compose exec openvpn curl https://vpncheck.now.sh/

What do I need to do to route all traffic in openvpn through the VPN?

Related to #11

konsumer commented 4 years ago

I am using LOCAL_NETWORK=172.19.0.0/24 so I can route docker containers through it, but it should work local to openvpn too, right?

docker-compose exec openvpn ip addr|grep "scope global"
inet 172.19.0.2/16 brd 172.19.255.255 scope global eth0
konsumer commented 4 years ago

I also tried with LOCAL_NETWORK=192.168.86.0/24 (my LAN range) with same prob, but I think it's unrelated (as it gives wrong external IP, directly from openvpn)

timdonovanuk commented 4 years ago

It certainly no longer works for NordVPN.

Mon Jun 29 15:15:11 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Jun 29 15:15:11 2020 TLS Error: TLS handshake failed
guice commented 3 years ago

Check out your logs:

openvpn_1   | Supplied config /etc/openvpn/conf/privatevpn/los-angeles-usa.ovpn.ovpn could not be found.

That doesn't exist. I just looked in the image. It used the default: 

openvpn_1   | OpenVPN config: /etc/openvpn/conf/privatevpn/default.ovpn

However, with that said, I'm having issues with Windscribe as well: 

Fri Jul 23 22:01:43 2021 VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Fri Jul 23 22:01:43 2021 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Fri Jul 23 22:01:43 2021 TLS Error: TLS object -> incoming plaintext read error
Fri Jul 23 22:01:43 2021 TLS Error: TLS handshake failed
Fri Jul 23 22:01:43 2021 SIGUSR1[soft,tls-error] received, process restarting

I just resolved this by overloading the default VPN configuration. I mounted my VPN config to the default location from the logs:

   [...]
    volumes:
        - /volume1/docker/windscribe/windscribe-sf_openvpn.ovpn:/etc/openvpn/conf/windscribe/default.ovpn
   [....]

Windscribe made an update to their OpenVPN configuration which doesn't appear to have been implemented within this image. However, overloading the default configuration with your ovpn file seems to allow things to function again.