search

wheelybird / openvpn-server-ldap-otp

A dockerised OpenVPN server using LDAP for authentication, with optional 2FA via Google Authenticator
MIT License
171 stars 72 forks source link

iptables v1.4.21: can't initialize iptables table `nat' #38

Closed fraserkyle closed 3 years ago

fraserkyle commented 4 years ago

I am struggling to get the docker image to run using a CentOS 8 host. I get the below error.

iptables v1.4.21: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

My docker-compose.yaml is a follows:

version: '3.3'

services:

  vpn:
    image: 'wheelybird/openvpn-ldap-otp:v1.4'
    restart: always
    hostname: 'vpn.d1.innoapps.co.uk'
    environment:
      - OVPN_SERVER_CN=vpn.d1.innoapps.co.uk
      - OVPN_ENABLE_COMPRESSION=false
      - ACTIVE_DIRECTORY_COMPAT_MODE=true
      - USE_CLIENT_CERTIFICATE=false
      - LDAP_URI=ldap://192.168.1.101
      - LDAP_BASE_DN=dc=innoapps,dc=co,dc=uk
      - LDAP_BIND_USER_DN=CN=VPNService,OU=ServiceAccounts,DC=innoapps,DC=co,DC=uk
      - LDAP_BIND_USER_PASS=SECRET
      - OVPN_DNS_SERVERS=192.168.1.101,192.168.1.1
      - OVPN_DNS_SEARCH_DOMAIN=innoapps.co.uk
      - OVPN_PROTOCOL=tcp
    cap_add:
      - NET_ADMIN
    ports:
      - 1194:1194
    dns:
      - 192.168.1.101
      - 192.168.1.1
    dns_search:
      - innoapps.co.uk
wheelybird commented 4 years ago

Do you have the iptables modules loaded on the host server? It'd be strange if you didn't as Docker sets up some rules to get its networking stuff to work. Still, give it a go: sudo modprobe ip_tables; sudo echo 'ip_tables' >> /etc/modules Otherwise (and always with CentOS) it could be SELinux issues. Try disabling SELinux to see if that helps: sudo setenforce 0.