Giter Club home page Giter Club logo

docker-openvpn-client's Introduction

docker-openvpn-client

License images Docker Pulls

The image provides OpenVPN or Wireguard as a VPN client, with OpenVPN having access to multiple providers.

Getting started

Below is a quick way to get up and running with either OpenVPN or Wireguard. For more details, see the complete documentation.

# OpenVPN client
docker run --cap-add=NET_ADMIN -d --name openvpn_client \
-e OPENVPN_PROVIDER='vyprvpn' \
-e OPENVPN_CONFIG='USA - Austin-256' \
-e OPENVPN_USERNAME='user' \
-e OPENVPN_PASSWORD='password' \
-v /etc/localtime:/etc/localtime:ro \
jsloan117/docker-openvpn-client
# Wireguard client
docker run --cap-add=NET_ADMIN -d --name wg_client \
-e "VPN_CLIENT=wireguard" \
--sysctl net.ipv4.conf.all.src_valid_mark=1 \
-v ~/wg0.conf:/etc/wireguard/wg0.conf \
-v /etc/localtime:/etc/localtime:ro \
jsloan117/docker-openvpn-client

Credit

Thank you Haugene and all contributors for making a great image.

I initially based the image on docker-transmission-openvpn. Their documentation may benefit you depending on your environment.

docker-openvpn-client's People

Contributors

dependabot[bot] avatar jsloan117 avatar

Stargazers

avatar avatar avatar avatar avatar

Watchers

avatar

Forkers

redindian livehybrid tgerakitis

docker-openvpn-client's Issues

s6-sudoc: fatal: unable to get exit status from server: Operation timed out

With the update to v3.1 of your client I get the error:
s6-sudoc: fatal: unable to get exit status from server: Operation timed out

When I switch back to v3.0 I can connect normally without problems.

OpenVPN_log.zip

docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\  
-v /var/run/docker.sock:/var/run/docker.sock \  
-e CREATE_TUN_DEVICE=true \  
-e OPENVPN_PROVIDER=VPNUNLIMITED \  
-e OPENVPN_CONFIG=fr \  
-e OPENVPN_USERNAME=xxxxxxxxxxxxxxxxx \  
-e OPENVPN_PASSWORD=xxxxxxxxxxxxxxxxx \
-e OPENVPN_OPTS="--auth-nocache --inactive 3600 --ping 10 --ping-exit 60" \
-e LOCAL_NETWORK=192.168.1.0/24 \
-p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
-p 8080:8080 \
-p 16882:16882/udp \
-p 16882:16882 \
jsloan117/docker-openvpn-client:latest

Failing healthchecks due to execlineb - No such file or directory

With the latest release v3.1 the health check started to fail.

docker inspect --format='{{json .State.Health}}' openvpn_client | jq
{
  "Status": "unhealthy",
  "FailingStreak": 113,
  "Log": [
    {
      "Start": "2022-04-03T09:00:38.393441776-05:00",
      "End": "2022-04-03T09:00:38.551673445-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:05:38.56310201-05:00",
      "End": "2022-04-03T09:05:38.692561528-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:10:38.701093847-05:00",
      "End": "2022-04-03T09:10:38.864890136-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:15:38.87715995-05:00",
      "End": "2022-04-03T09:15:39.036997733-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:20:39.043616715-05:00",
      "End": "2022-04-03T09:20:39.19752921-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    }
  ]
}

Setting up as docker gateway

Hey mate,
been looking for a decent openvpn client with surfshark configs, is it possible to have all other docker containers use this container as their internet gateway, if so how would i lay that out in a docker-compose ?

Cannot load inline certificate file

Since the update to v3.1.8 of your client, I cannot connect to VPN Unlimited.

I'm running this in Docker on a Synology

docker command

docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\
  -e CREATE_TUN_DEVICE=true \
  -e OPENVPN_PROVIDER=VPNUNLIMITED \
  -e OPENVPN_CONFIG=fr \
  -e OPENVPN_USERNAME= <username>\
  -e OPENVPN_PASSWORD= <password>\
  -e OPENVPN_OPTS="--auth-nocache --inactive 3600 --ping 10 --ping-exit 60 --mute-replay-warnings" \
  -e LOCAL_NETWORK=192.168.1.0/24 \
  -e S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
  -p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
  -p 8080:8080 \
  -p 3000:3000 \
  -p 16882:16882/udp \
  -p 16882:16882 \
  jsloan117/docker-openvpn-client

log putput

2022-12-06 13:37:11 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-12-06 13:37:11 OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2022-12-06 13:37:11 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-12-06 13:37:11 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-12-06 13:37:11 Cannot load inline certificate file
2022-12-06 13:37:11 Exiting due to fatal error

Tun Device not being created

It appears although I've copied over the related information from upstream the tun device isn't being created.

[root@linda058 15:04 ~]$ docker logs -f openvpn_client
Using OpenVPN provider: VYPRVPN
Starting OpenVPN using config USA - Austin-256.ovpn
Setting OPENVPN credentials...
adding route to local network 192.168.1.0/24 via 172.18.0.1 dev eth0
Sun Apr 14 15:04:58 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Sun Apr 14 15:04:58 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Sun Apr 14 15:04:58 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.99.61.18:443
Sun Apr 14 15:04:58 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Apr 14 15:04:58 2019 UDP link local: (not bound)
Sun Apr 14 15:04:58 2019 UDP link remote: [AF_INET]209.99.61.18:443
Sun Apr 14 15:04:58 2019 TLS: Initial packet from [AF_INET]209.99.61.18:443, sid=0e96e19b 5d758345
Sun Apr 14 15:04:58 2019 VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=[email protected]
Sun Apr 14 15:04:58 2019 VERIFY X509NAME OK: C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=us3.vyprvpn.com, emailAddress=[email protected]
Sun Apr 14 15:04:58 2019 VERIFY OK: depth=0, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=us3.vyprvpn.com, emailAddress=[email protected]
Sun Apr 14 15:04:59 2019 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Apr 14 15:04:59 2019 [us3.vyprvpn.com] Peer Connection Initiated with [AF_INET]209.99.61.18:443
Sun Apr 14 15:05:00 2019 SENT CONTROL [us3.vyprvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Apr 14 15:05:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.2.14.1,explicit-exit-notify 5,rcvbuf 524288,route-gateway 10.2.14.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.2.14.124 255.255.255.0,peer-id 7,cipher AES-256-GCM'
Sun Apr 14 15:05:00 2019 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:3 is ignored by previous blocks
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: timers and/or timeouts modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Apr 14 15:05:00 2019 Socket Buffers: R=[212992->1048576] S=[212992->212992]
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: --ifconfig/up options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: route options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: route-related options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: peer-id set
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: data channel crypto options modified
Sun Apr 14 15:05:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Apr 14 15:05:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 14 15:05:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 14 15:05:00 2019 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
Sun Apr 14 15:05:00 2019 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Sun Apr 14 15:05:00 2019 Exiting due to fatal error

ERROR: Bad destination address

I have a ovpn-file from my provider. With this file I can connect using your docker container with the tag v3.1.
But when I'm using the latest container or the tag v4.0 cannot connect and get the following error.

2023-11-03T22:39:41.012916076Z allowing outbound to fr.vpnunlimitedapp.com: on device eth0

2023-11-03T22:39:42.779244635Z ERROR: Bad destination address

2023-11-03T22:39:42.804232798Z s6-rc: warning: unable to start service init-openvpn: command exited 1

Config v3.1

docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\
  -e CREATE_TUN_DEVICE=true \
  -v /volume1/docker/OpenVPN/fr_openvpn.ovpn:/etc/openvpn/custom/default.ovpn \
  -e OPENVPN_USERNAME=... \
  -e OPENVPN_PASSWORD=... \
  -e OPENVPN_OPTS="--auth-nocache --inactive 3600 --ping 10 --ping-exit 60 --mute-replay-warnings --data-ciphers-fallback 'AES-256-CBC'  \
  -e LOCAL_NETWORK=192.168.1.0/24 \
  -e S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
  -p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
  jsloan117/docker-openvpn-client:v3.1

Config 4.0

  docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\
  -e CREATE_TUN_DEVICE=true \
  -v /volume1/docker/OpenVPN/:/etc/openvpn/custom \
  -e OPENVPN_CONFIG='fr_openvpn' \
  -e OPENVPN_USERNAME=... \
  -e OPENVPN_PASSWORD=... \
  -e LOCAL_NETWORK=192.168.1.0/24 \
  -e UFW_KILLSWITCH=true \
  -p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
  jsloan117/docker-openvpn-client:v4.0

I checked the included OpenVPN Client version and in v3.1 OpenVPN 2.6.5 is used and in v4.0 it is OpenVPN 2.5.5. Is this intended?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.