os11k
commented
3 years ago Hi! Check example for docker-compose in this repository. Your docker-compose file seems erroneous, particularly command: --config "/openvpn/client.ovpn"
Closed Whisper40 closed 3 years ago
os11k
commented
3 years ago Hi! Check example for docker-compose in this repository. Your docker-compose file seems erroneous, particularly command: --config "/openvpn/client.ovpn"
Whisper40
commented
3 years ago @os11k Hi, the docker-compose in the repo is for the server mode. Server mode is working, but i'm trying the client side.
In the doc i can see for the client mode this : I think i have respected this in my compose no ?
docker run \
--name VPNCLIENT \
--cap-add NET_ADMIN \
--device /dev/net/tun \
-v "/data/CLIENTNAME.ovpn:/openvpn/client.ovpn" \
tsaikd/openvpn \
openvpn --config /openvpn/client.ovpnHi! You have erroneous docker-compose file. Docker-compose do not care if this is client or server or openvpn or nginx. I would recommend you to take as example provided docker-compose file and adjust it accordingly.
Whisper40
commented
3 years ago My yaml is valid, i can't do more for "accordingly.."
command option in dc exists ..
os11k
commented
3 years ago You can have valid yaml with data what docker-compose do not allows. As I pointed you have an error inside command. Just copy-paste docker-compose from this repository and adjust your openvpn config file accordingly.
Whisper40
commented
3 years ago So if i understand, i should not put the command option. In this case, the container runs with this configuration :
version: '3.9'
services:
openvpn:
image: tsaikd/openvpn
container_name: openvpn
restart: unless-stopped
volumes:
- "/home/whisper40/config/openvpn/openvpn-data/ovpn-deadpool.ovpn:/openvpn/client.ovpn"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun"
ports:
- "45000-45010:45000-45010"This is the log that i have :
Using SSL: openssl OpenSSL 1.1.1k 25 Mar 2021
Generating RSA private key, 2048 bit long modulus (2 primes)
...............+++++
......................................................+++++
e is 65537 (0x010001)
Using SSL: openssl OpenSSL 1.1.1k 25 Mar 2021
Generating DH parameters, 2048 bit long safe prime, generator 2
This is going to take a long time
.....+........................................................+...................................................................................................................+..................+..............................................................+...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................+..................................................................+...................................................................+........................................................................................................................................................................................+...............................+..............................................+.....................................................................+...............+....................................................................................................................................................................................................+............................................................................................+........................+.............................................+...................................................+..............................................................+..........................+.....+....................................................................................+..........................+.....................................................................................................................+...................................................................+..............................................................................................................................................................................................+.............................+...+............................+....................................................................................................................................................................+...........................+................+.................................................................................................................................................................................................................................+.............................................................................................................................................................+............................................................................................+................................................................................+.......................................................................................+...............................................+....................................+.....................................................................................................................................................................+.......................................................................................................................................+.................................+................+.....+..................................................+.....................+............................................................................+...............................................................................+..........................+.......................+..................................................................................................+.......................................................................................................................................................................................................................................................+.................+.............................+................................................................................................................................................................................................................................................................................................................................................................+.....................+..................+..............................................+..............................................................................................................+......................................+...............................................................................................................................................+....................................................................................................................................................+...................................................+...................................................................+.......................................................................................................................................+..................+..................................................+................................................................................................................................................................................................+..................................................................................+............................................................+............................................................................................................................................................................+......+................................................................................................................................................+........................................................................................................................................................................................................................................................................+...................+.................................................................+.....................................+...............................................................................................................................................................................................................................................................+.......................................................................................................................................................................+............................................................................................................................................................................................................................................................................+...............................................................................................................................................................................................................+.............+........................................+................+.................................................................................................................+.............+...........................+............................................................................................................................................................++*++*++*++*
Using SSL: openssl OpenSSL 1.1.1k 25 Mar 2021
Using configuration from /openvpn/pki/easy-rsa-74.PPPINK/tmp.nOKOKc
2021-04-13 15:31:08 WARNING: Using --genkey --secret filename is DEPRECATED. Use --genkey secret filename instead.
Using SSL: openssl OpenSSL 1.1.1k 25 Mar 2021
Generating a RSA private key
......................................................................................................+++++
.....+++++
writing new private key to '/openvpn/pki/easy-rsa-95.Injdcc/tmp.oFKGBf'
-----
Using configuration from /openvpn/pki/easy-rsa-95.Injdcc/tmp.ALakiE
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName :ASN.1 12:'server'
Certificate is to be certified until Jul 17 15:31:08 2023 GMT (825 days)
Write out database with 1 new entries
Data Base Updated
2021-04-13 15:31:08 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-04-13 15:31:08 WARNING: --topology net30 support for server configs with IPv4 pools will be removed in a future release. Please migrate to --topology subnet as soon as possible.
2021-04-13 15:31:08 --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
2021-04-13 15:31:08 OpenVPN 2.5.0 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Dec 26 2020
2021-04-13 15:31:08 library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021-04-13 15:31:08 Diffie-Hellman initialized with 2048 bit key
2021-04-13 15:31:08 CRL: loaded 1 CRLs from file /openvpn/pki/crl.pem
2021-04-13 15:31:08 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-04-13 15:31:08 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2021-04-13 15:31:08 ROUTE_GATEWAY 172.20.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:14:00:02
2021-04-13 15:31:08 TUN/TAP device tun0 opened
2021-04-13 15:31:08 /sbin/ip link set dev tun0 up mtu 1500
2021-04-13 15:31:08 /sbin/ip link set dev tun0 up
2021-04-13 15:31:08 /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
2021-04-13 15:31:08 /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
2021-04-13 15:31:08 Could not determine IPv4/IPv6 protocol. Using AF_INET
2021-04-13 15:31:08 Socket Buffers: R=[131072->131072] S=[16384->16384]
2021-04-13 15:31:08 Listening for incoming TCP connection on [AF_INET][undef]:1194
2021-04-13 15:31:08 TCPv4_SERVER link local (bound): [AF_INET][undef]:1194
2021-04-13 15:31:08 TCPv4_SERVER link remote: [AF_UNSPEC]
2021-04-13 15:31:08 MULTI: multi_init called, r=256 v=256
2021-04-13 15:31:08 IFCONFIG POOL IPv4: base=192.168.255.4 size=62
2021-04-13 15:31:08 MULTI: TCP INIT maxclients=1024 maxevents=1028
2021-04-13 15:31:08 Initialization Sequence Completed
But it does not seems to be connecter to the server side. I see nothing in logs of the server side container.
os11k
commented
3 years ago It do not uses your custom config file client.ovpn. I would recommend to use provided docker-compose file. This setup uses openvpn.conf for configuration. This means that you need to update openvpn.conf file, but not using file named client.ovpn. I hope this works. If not I would advice you to ask help somewhere else like stackoverflow, because you are struggling not with this code but rather configuring docker/docker-compose. Unfortunately I do not have time for providing you solution out of the box.
Whisper40
commented
3 years ago The real problem is that the documentation is showing a mount of .ovpn config.
Next we can see that : ADD openvpn.conf /etc/openvpn/openvpn.conf.
So the file is not in /openvpn but in /etc/openvpn
Then in docker-start.sh we see : openvpn --config "/etc/openvpn/openvpn.conf"
So how the documentation that specifies a mount of volume can works ! You start a command with a fixed conf, so i don't understand.
stackoverflow is not there for specific little github project..
Whisper40
commented
3 years ago As a proof, this works : So i let you understand that yes there is a problem in the code.
version: '3.9'
services:
openvpn:
image: tsaikd/openvpn
container_name: openvpn
restart: unless-stopped
command: >
bash -c "cp /openvpn/ovpn-file.conf /etc/openvpn/openvpn.conf
&& openvpn --config '/etc/openvpn/openvpn.conf'"
volumes:
- "/home/whisper40/config/openvpn/openvpn-data/ovpn-file.conf:/openvpn/ovpn-file.conf"
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Paris
cap_add:
- NET_ADMIN
devices:
- "/dev/net/tun"
ports:
- "45000-45010:45000-45010"
tsaikd
commented
3 years ago TRY
- command: >
- bash -c "cp /openvpn/ovpn-file.conf /etc/openvpn/openvpn.conf
- && openvpn --config '/etc/openvpn/openvpn.conf'"
volumes:
- - "/home/whisper40/config/openvpn/openvpn-data/ovpn-file.conf:/openvpn/ovpn-file.conf"
+ - "/home/whisper40/config/openvpn/openvpn-data/ovpn-file.conf:/etc/openvpn/openvpn.conf"OR
- command: >
- bash -c "cp /openvpn/ovpn-file.conf /etc/openvpn/openvpn.conf
- && openvpn --config '/etc/openvpn/openvpn.conf'"
+ command: "openvpn --config /openvpn/ovpn-file.conf"
volumes:
- "/home/whisper40/config/openvpn/openvpn-data/ovpn-file.conf:/openvpn/ovpn-file.conf"For the try :
sed: can't move '/etc/openvpn/openvpn.confDEdFaM' to '/etc/openvpn/openvpn.conf': Resource busy
(i think it's because openvpn is using the file)
For the OR : It works !
So to summarize, the docker compose I sent in my initial post was correct, we just have to add "openvpn" to the beginning of the command.
Hello, i'm trying the client mode, but it seems to have problems...
This is my docker-compose :
Error :
The file
/home/whisper40/config/openvpn/openvpn-data/ovpn-deadpool.ovpnexists, sure I tried :--config /openvpn/client.ovpnand--config "/openvpn/client.ovpn"I just don't understand what's wrong.. Not a problem of /bin/sh /bin/bash in the container ?