wfg
commented
2 years ago Please post your docker run command or Compose YAML as well as your OpenVPN config.
Also, the formatting is difficult to follow. Try wrapping entire log sections in ```.
Closed siavashfazli closed 2 years ago
wfg
commented
2 years ago Please post your docker run command or Compose YAML as well as your OpenVPN config.
Also, the formatting is difficult to follow. Try wrapping entire log sections in ```.
siavashfazli
commented
2 years ago Hi again. this is the docker-compose file:
# Use this file as an example if you need help writing your Compose files.
# The commented-out parts may or may not be relevant to your setup.
services:
vpn:
image: ghcr.io/wfg/openvpn-client
#build: .
container_name: openvpn-client
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
environment:
# - SUBNETS=1.1.1.1/32
# - KILL_SWITCH=off
- HTTP_PROXY=on
- SOCKS_PROXY=on
- OPENVPN_AUTH_SECRET=ovpn_auth
# - PROXY_USERNAME_SECRET=username # <-- If used, these must match the name of a
# - PROXY_PASSWORD_SECRET=password # <-- secret (NOT the file used by the secret)
volumes:
- ./vpn:/data/vpn
ports:
- 1080:1080
- 8080:8080
secrets:
- ovpn_auth
secrets:
ovpn_auth: { file: ./secrets/auth.txt }
# username:
# file: ~/local/secrets/username
# password:
# file: ~/local/secrets/password
and this is my OpenVPN.conf:
client
dev tun
proto udp
#remote domain.com 1194
remote my.ip.*.* 1194
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun
ping 15
ping-restart 0
ping-timer-rem
reneg-sec 0
remote-cert-tls server
auth-user-pass
#comp-lzo
verb 3
pull
fast-io
cipher AES-256-CBC
auth SHA512
<ca>
-----BEGIN CERTIFICATE-----
************
*********
***********
-----END CERTIFICATE-----
</ca>
key-direction 1
<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
********
******
****
-----END OpenVPN Static key V1-----
</tls-auth>I implemented this configuration as same as you see here, on my VPS. this is my local machine log that works fine:
openvpn-client |
openvpn-client | ---- Running with the following variables ----
openvpn-client | Kill switch: on
openvpn-client | HTTP proxy: on
openvpn-client | SOCKS proxy: on
openvpn-client | Proxy username secret: none
openvpn-client | Proxy password secret: none
openvpn-client | Allowing subnets: none
openvpn-client | Using OpenVPN log level: 3
openvpn-client | Using configuration file: /data/vpn/OpenVpn.conf
openvpn-client | Creating /data/vpn/OpenVpn.conf.modified and making required changes to that file.
openvpn-client | Changes made.
openvpn-client |
openvpn-client | Creating VPN kill switch and local routes.
openvpn-client | Allowing established and related connections...
openvpn-client | Allowing loopback connections...
openvpn-client | Allowing Docker network connections...
openvpn-client | Allowing specified subnets...
openvpn-client | Allowing remote servers in configuration file...
openvpn-client | Using:
openvpn-client | domain.com (IP: **.**.***.** PORT: 1194 PROTO: udp)
openvpn-client | domain.com (IP: **.**.***.** PORT: 1194 PROTO: udp)
openvpn-client | IP: **.**.***.** PORT: 1194 PROTO: udp
openvpn-client | Allowing connections over VPN interface...
openvpn-client | Preventing anything else...
openvpn-client | iptables rules created and routes configured.container reached my VPN IPs successfully. but in my VPS, when I ran this configuration, the log file changed to this: it freezed on
openvpn-client | Using:openvpn-client |
openvpn-client | ---- Running with the following variables ----
openvpn-client | Kill switch: on
openvpn-client | HTTP proxy: on
openvpn-client | SOCKS proxy: on
openvpn-client | Proxy username secret: none
openvpn-client | Proxy password secret: none
openvpn-client | Allowing subnets: none
openvpn-client | Using OpenVPN log level: 3
openvpn-client | Using configuration file: /data/vpn/OpenVpn.conf
openvpn-client | Creating /data/vpn/OpenVpn.conf.modified and making required changes to that file.
openvpn-client | Changes made.
openvpn-client |
openvpn-client | Creating VPN kill switch and local routes.
openvpn-client | Allowing established and related connections...
openvpn-client | Allowing loopback connections...
openvpn-client | Allowing Docker network connections...
openvpn-client | Allowing specified subnets...
openvpn-client | Allowing remote servers in configuration file...
openvpn-client | Using:
openvpn-client | domain.com (IP: ;; PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `;;' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: connection PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `connection' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: timed PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `timed' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: out; PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `out;' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: no PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `no' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: servers PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `servers' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: could PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `could' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: be PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `be' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | domain.com (IP: reached PORT: 1194 PROTO: udp)
openvpn-client | iptables v1.8.7 (legacy): host/network `reached' not found
openvpn-client | Try `iptables -h' or 'iptables --help' for more information.
openvpn-client | IP: **.**.***.** PORT: 1194 PROTO: udp
openvpn-client | Allowing connections over VPN interface...
openvpn-client | Preventing anything else...
openvpn-client | iptables rules created and routes configured.
openvpn-client | I connect with IP instead of domain. If you put the words together after iptables v1.8.7 (legacy): host/network, the sentence that makes is connection timed out no servers could be reached It's happen while I connected successfully with my local machine. After the above lines, log like everything is ok but I can't reach my VPS IP.
2022-01-02 11:03:44 WARNING: file '/run/secrets/ovpn_auth' is group or others accessible
openvpn-client | 2022-01-02 11:03:44 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
openvpn-client | 2022-01-02 11:03:44 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
openvpn-client | 2022-01-02 11:03:44 WARNING: --ping should normally be used with --ping-restart or --ping-exit
openvpn-client | 2022-01-02 11:03:44 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
openvpn-client | 2022-01-02 11:03:44 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
openvpn-client | 2022-01-02 11:03:44 TCP/UDP: Preserving recently used remote address: [AF_INET]**.**.***.**:1194
openvpn-client | 2022-01-02 11:03:44 Socket Buffers: R=[212992->212992] S=[212992->212992]
openvpn-client | 2022-01-02 11:03:44 UDPv4 link local: (not bound)
openvpn-client | 2022-01-02 11:03:44 UDPv4 link remote: [AF_INET]**.**.***.**:1194
openvpn-client | 2022-01-02 11:03:45 TLS: Initial packet from [AF_INET]**.**.***.**:1194, sid=**.**.***.**
openvpn-client | 2022-01-02 11:03:45 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
openvpn-client | 2022-01-02 11:03:45 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
openvpn-client | 2022-01-02 11:03:45 VERIFY KU OK
openvpn-client | 2022-01-02 11:03:45 Validating certificate extended key usage
openvpn-client | 2022-01-02 11:03:45 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
openvpn-client | 2022-01-02 11:03:45 VERIFY EKU OK
openvpn-client | 2022-01-02 11:03:45 VERIFY OK: depth=0, CN=domain.com
openvpn-client | 2022-01-02 11:03:45 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
openvpn-client | 2022-01-02 11:03:45 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
openvpn-client | 2022-01-02 11:03:45 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
openvpn-client | 2022-01-02 11:03:45 [domain.com] Peer Connection Initiated with [AF_INET]37.19.211.117:1194
openvpn-client | 2022-01-02 11:03:46 SENT CONTROL [domain.com]: 'PUSH_REQUEST' (status=1)
openvpn-client | 2022-01-02 11:03:46 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS **.**.***.**,dhcp-option DNS **.**.***.**,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway **.**.***.**,topology subnet,ping 60,ping-restart 180,ifconfig **.**.***.** 255.255.255.0,peer-id 6,cipher AES-256-GCM'
openvpn-client | 2022-01-02 11:03:46 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.2)
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: timers and/or timeouts modified
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: explicit notify parm(s) modified
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
openvpn-client | 2022-01-02 11:03:46 Socket Buffers: R=[212992->425984] S=[212992->425984]
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: --ifconfig/up options modified
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: route options modified
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: route-related options modified
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: peer-id set
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: adjusting link_mtu to 1656
openvpn-client | 2022-01-02 11:03:46 OPTIONS IMPORT: data channel crypto options modified
openvpn-client | 2022-01-02 11:03:46 Data Channel: using negotiated cipher 'AES-256-GCM'
openvpn-client | 2022-01-02 11:03:46 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2022-01-02 11:03:46 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
openvpn-client | 2022-01-02 11:03:46 ROUTE_GATEWAY 172.28.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:1c:00:02
openvpn-client | 2022-01-02 11:03:46 TUN/TAP device tun0 opened
openvpn-client | 2022-01-02 11:03:46 /sbin/ip link set dev tun0 up mtu 1500
openvpn-client | 2022-01-02 11:03:46 /sbin/ip link set dev tun0 up
openvpn-client | 2022-01-02 11:03:46 /sbin/ip addr add dev tun0 10.8.8.8/24
openvpn-client | 2022-01-02 11:03:46 /sbin/ip route add **.**.***.**/32 via 172.28.0.1
openvpn-client | 2022-01-02 11:03:46 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
openvpn-client | 2022-01-02 11:03:46 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
openvpn-client | 2022-01-02 11:03:46 Initialization Sequence Completed
openvpn-client | WARNING: obsolete config item on line 17
openvpn-client | WARNING: obsolete config item on line 18
openvpn-client | WARNING: obsolete config item on line 19I can ping ip & domain in my local but on VPS just can ping ip. also iptables didn''t set completely on VPS
wfg
commented
2 years ago @siavashfazli I'm not sure if it was the actual problem here, but I fixed a problem with processing commented-out remotes. Try again with v2.0.0.
siavashfazli
commented
2 years ago @wfg Thanks alot, i'll try it
siavashfazli
commented
2 years ago @wfg Imagine this project runs fine on a local machine, now you want use this project on a VPS(Linux). Do you try this?
wfg
commented
2 years ago A VPS is just a local machine in a datacenter that you SSH to. :)
If it works for you locally but not on your VPS, there's something different about the VPS's configuration that is causing issues.
siavashfazli
commented
2 years ago Yes, I know :). I solved it, it's because of sanctions, that VPS can't reach IPs. Docker-compose opens the ports, but clients can't reach VPS IP via port1080 & 8080. How can I solve it?
wfg
commented
2 years ago I'm not sure. That is a question for your VPS provider.
Hi !! I have a problem with my VPS container !! I could run this container on my local machine successfully. But when I ran this container on my VPS, I compared my local log and VPS log. there are some differences :
It can't find my OpenVPN ip, this is my local log:
on my VPS, the container tries to find and return this message (every word with one line ):
If i can reach my ip , I'll can solve my problem. Thanks.