jsloan117 / docker-openvpn-client Goto Github PK

It appears although I've copied over the related information from upstream the tun device isn't being created.

[root@linda058 15:04 ~]$ docker logs -f openvpn_client
Using OpenVPN provider: VYPRVPN
Starting OpenVPN using config USA - Austin-256.ovpn
Setting OPENVPN credentials...
adding route to local network 192.168.1.0/24 via 172.18.0.1 dev eth0
Sun Apr 14 15:04:58 2019 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Sun Apr 14 15:04:58 2019 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Sun Apr 14 15:04:58 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.99.61.18:443
Sun Apr 14 15:04:58 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Apr 14 15:04:58 2019 UDP link local: (not bound)
Sun Apr 14 15:04:58 2019 UDP link remote: [AF_INET]209.99.61.18:443
Sun Apr 14 15:04:58 2019 TLS: Initial packet from [AF_INET]209.99.61.18:443, sid=0e96e19b 5d758345
Sun Apr 14 15:04:58 2019 VERIFY OK: depth=1, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, emailAddress=[email protected]
Sun Apr 14 15:04:58 2019 VERIFY X509NAME OK: C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=us3.vyprvpn.com, emailAddress=[email protected]
Sun Apr 14 15:04:58 2019 VERIFY OK: depth=0, C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=us3.vyprvpn.com, emailAddress=[email protected]
Sun Apr 14 15:04:59 2019 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Apr 14 15:04:59 2019 [us3.vyprvpn.com] Peer Connection Initiated with [AF_INET]209.99.61.18:443
Sun Apr 14 15:05:00 2019 SENT CONTROL [us3.vyprvpn.com]: 'PUSH_REQUEST' (status=1)
Sun Apr 14 15:05:00 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.2.14.1,explicit-exit-notify 5,rcvbuf 524288,route-gateway 10.2.14.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.2.14.124 255.255.255.0,peer-id 7,cipher AES-256-GCM'
Sun Apr 14 15:05:00 2019 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:3 is ignored by previous blocks
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: timers and/or timeouts modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: explicit notify parm(s) modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sun Apr 14 15:05:00 2019 Socket Buffers: R=[212992->1048576] S=[212992->212992]
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: --ifconfig/up options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: route options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: route-related options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: peer-id set
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Sun Apr 14 15:05:00 2019 OPTIONS IMPORT: data channel crypto options modified
Sun Apr 14 15:05:00 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Sun Apr 14 15:05:00 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 14 15:05:00 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sun Apr 14 15:05:00 2019 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
Sun Apr 14 15:05:00 2019 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Sun Apr 14 15:05:00 2019 Exiting due to fatal error

With the latest release v3.1 the health check started to fail.

docker inspect --format='{{json .State.Health}}' openvpn_client | jq
{
  "Status": "unhealthy",
  "FailingStreak": 113,
  "Log": [
    {
      "Start": "2022-04-03T09:00:38.393441776-05:00",
      "End": "2022-04-03T09:00:38.551673445-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:05:38.56310201-05:00",
      "End": "2022-04-03T09:05:38.692561528-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:10:38.701093847-05:00",
      "End": "2022-04-03T09:10:38.864890136-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:15:38.87715995-05:00",
      "End": "2022-04-03T09:15:39.036997733-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    },
    {
      "Start": "2022-04-03T09:20:39.043616715-05:00",
      "End": "2022-04-03T09:20:39.19752921-05:00",
      "ExitCode": 127,
      "Output": "execlineb: fatal: unable to exec ifelse: No such file or directory\n"
    }
  ]
}

I have a ovpn-file from my provider. With this file I can connect using your docker container with the tag v3.1.
But when I'm using the latest container or the tag v4.0 cannot connect and get the following error.

2023-11-03T22:39:41.012916076Z allowing outbound to fr.vpnunlimitedapp.com: on device eth0

2023-11-03T22:39:42.779244635Z ERROR: Bad destination address

2023-11-03T22:39:42.804232798Z s6-rc: warning: unable to start service init-openvpn: command exited 1

Config v3.1

docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\
  -e CREATE_TUN_DEVICE=true \
  -v /volume1/docker/OpenVPN/fr_openvpn.ovpn:/etc/openvpn/custom/default.ovpn \
  -e OPENVPN_USERNAME=... \
  -e OPENVPN_PASSWORD=... \
  -e OPENVPN_OPTS="--auth-nocache --inactive 3600 --ping 10 --ping-exit 60 --mute-replay-warnings --data-ciphers-fallback 'AES-256-CBC'  \
  -e LOCAL_NETWORK=192.168.1.0/24 \
  -e S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
  -p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
  jsloan117/docker-openvpn-client:v3.1

Config 4.0

  docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\
  -e CREATE_TUN_DEVICE=true \
  -v /volume1/docker/OpenVPN/:/etc/openvpn/custom \
  -e OPENVPN_CONFIG='fr_openvpn' \
  -e OPENVPN_USERNAME=... \
  -e OPENVPN_PASSWORD=... \
  -e LOCAL_NETWORK=192.168.1.0/24 \
  -e UFW_KILLSWITCH=true \
  -p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
  jsloan117/docker-openvpn-client:v4.0

I checked the included OpenVPN Client version and in v3.1 OpenVPN 2.6.5 is used and in v4.0 it is OpenVPN 2.5.5. Is this intended?

Since the update to v3.1.8 of your client, I cannot connect to VPN Unlimited.

I'm running this in Docker on a Synology

docker command

docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\
  -e CREATE_TUN_DEVICE=true \
  -e OPENVPN_PROVIDER=VPNUNLIMITED \
  -e OPENVPN_CONFIG=fr \
  -e OPENVPN_USERNAME= <username>\
  -e OPENVPN_PASSWORD= <password>\
  -e OPENVPN_OPTS="--auth-nocache --inactive 3600 --ping 10 --ping-exit 60 --mute-replay-warnings" \
  -e LOCAL_NETWORK=192.168.1.0/24 \
  -e S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 \
  -p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
  -p 8080:8080 \
  -p 3000:3000 \
  -p 16882:16882/udp \
  -p 16882:16882 \
  jsloan117/docker-openvpn-client

log putput

2022-12-06 13:37:11 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-12-06 13:37:11 OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2022-12-06 13:37:11 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-12-06 13:37:11 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-12-06 13:37:11 Cannot load inline certificate file
2022-12-06 13:37:11 Exiting due to fatal error

With the update to v3.1 of your client I get the error:
s6-sudoc: fatal: unable to get exit status from server: Operation timed out

When I switch back to v3.0 I can connect normally without problems.

OpenVPN_log.zip

docker run --cap-add=NET_ADMIN -d --name OpenVPN --restart always\  
-v /var/run/docker.sock:/var/run/docker.sock \  
-e CREATE_TUN_DEVICE=true \  
-e OPENVPN_PROVIDER=VPNUNLIMITED \  
-e OPENVPN_CONFIG=fr \  
-e OPENVPN_USERNAME=xxxxxxxxxxxxxxxxx \  
-e OPENVPN_PASSWORD=xxxxxxxxxxxxxxxxx \
-e OPENVPN_OPTS="--auth-nocache --inactive 3600 --ping 10 --ping-exit 60" \
-e LOCAL_NETWORK=192.168.1.0/24 \
-p 1195:1194 --dns 1.1.1.1 --dns 1.0.0.1 \
-p 8080:8080 \
-p 16882:16882/udp \
-p 16882:16882 \
jsloan117/docker-openvpn-client:latest

Hey mate,
been looking for a decent openvpn client with surfshark configs, is it possible to have all other docker containers use this container as their internet gateway, if so how would i lay that out in a docker-compose ?