search

wfg / docker-openvpn-client

OpenVPN client with killswitch and proxy servers; built on Alpine
MIT License
353 stars 107 forks source link

Can't set subnets for kill switch #88

Open DaveShamon opened 1 year ago

DaveShamon commented 1 year ago

Hi, I need help with setting variable SUBNETS and firewall. I tried different combinations and it doesn't work with kill switch but it's working without kill switch. I have this error (started with kill switch):

docker-1       | --- Running with the following variables ---
docker-1       | VPN configuration file: server.ovpn
docker-1       | Use default resolv.conf: on
docker-1       | Allowing subnets: 192.168.0.0/24,172.30.0.0/16,37.19.199.134/32,0.0.0.0/1,128.0.0.0/1,10.16.0.14/16
docker-1      | Kill switch: iptables
docker-1       | Using OpenVPN log level: 3
docker-1      | ---
docker-1       | 
docker-1       | info: original configuration file: vpn/server.ovpn
docker-1       | info: modified configuration file: vpn/openvpn.eNG5PWKX.conf
docker-1       | info: kill switch is using iptables
docker-1       | iptables v1.8.8 (legacy): host/network `192.168.64.0/20
docker-1      | 192.168.80.0' not found
docker-1      | Try `iptables -h' or 'iptables --help' for more information.
Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: can't get final child's PID from pipe: EOF: unknown

Openvpn logs (working without kill switch):

docker-1      | 2023-01-07 09:49:14 ROUTE_GATEWAY 192.168.160.1/255.255.240.0 IFACE=eth0 HWADDR=02:42:xx:a8:a0:xx
docker-1       | 2023-01-07 09:49:14 TUN/TAP device tun0 opened
docker-1       | 2023-01-07 09:49:14 /sbin/ip link set dev tun0 up mtu 1500
docker-1       | 2023-01-07 09:49:14 /sbin/ip link set dev tun0 up
docker-1       | 2023-01-07 09:49:14 /sbin/ip addr add dev tun0 10.16.0.7/16
docker-1       | 2023-01-07 09:49:14 /etc/openvpn/up.sh tun0 1500 1584 10.16.0.7 255.255.0.0 init
docker-1       | 2023-01-07 09:49:14 /sbin/ip route add 37.19.199.134/32 via 192.168.160.1
docker-1       | 2023-01-07 09:49:14 /sbin/ip route add 0.0.0.0/1 via 10.16.0.1
docker-1       | 2023-01-07 09:49:14 /sbin/ip route add 128.0.0.0/1 via 10.16.0.1

Could you advice sittings for SUBNETS in this case?