OpenVPN worked 1 week, rebooted server, not working anymore

stevedawg85 · 20. Januar 2022

I pretty much followed this guide:

https://dbtechreviews.com/2020…-openmediavault-5-docker/

It worked great week first week of install
Performed a weekly restart
Failed to connect, noticed the container was not started, so I started OpenVPN Container
Still failed to connect
Collected logs below

Couple notes:

IP of my server is 192.168.85.200 (yes, 1194 correctly FWD'ed on Router, I have not touched network settings)

Using DuckDNS, My IP didn't change, still valid

I can't even connect on same wifi using OpenVPN from phone (no wifi)

Including screenshot of a couple Docker/Portainer containers including OVPN if that is helpful (the IP assignment in Portainer sill confuses me, does it look normal?)

Code

Thu Jan 20 02:49:31 2022 MULTI: multi_init called, r=256 v=256
Thu Jan 20 02:49:31 2022 IFCONFIG POOL: base=192.168.255.4 size=62, ipv6=0
Thu Jan 20 02:49:31 2022 Initialization Sequence Completed
Thu Jan 20 03:15:28 2022 event_wait : Interrupted system call (code=4)
Thu Jan 20 03:15:28 2022 /sbin/ip route del 192.168.254.0/24
RTNETLINK answers: Operation not permitted
Thu Jan 20 03:15:28 2022 ERROR: Linux route delete command failed: external program exited with error status: 2
Thu Jan 20 03:15:28 2022 /sbin/ip route del 192.168.255.0/24
RTNETLINK answers: Operation not permitted
Thu Jan 20 03:15:28 2022 ERROR: Linux route delete command failed: external program exited with error status: 2
Thu Jan 20 03:15:28 2022 Closing TUN/TAP interface
Thu Jan 20 03:15:28 2022 /sbin/ip addr del dev tun0 local 192.168.255.1 peer 192.168.255.2
Thu Jan 20 03:15:28 2022 Linux ip addr del failed: external program exited with error status: 2
RTNETLINK answers: Operation not permitted
Thu Jan 20 03:15:28 2022 SIGTERM[hard,] received, process exiting

---REBOOT MACHINE----

Checking IPv6 Forwarding
Sysctl error for disable_ipv6, please run docker with '--sysctl net.ipv6.conf.all.disable_ipv6=0'
Sysctl error for default forwarding, please run docker with '--sysctl net.ipv6.conf.default.forwarding=1'
Sysctl error for all forwarding, please run docker with '--sysctl net.ipv6.conf.all.forwarding=1'
Running 'openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem '
Thu Jan 20 03:41:56 2022 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Thu Jan 20 03:41:56 2022 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu Jan 20 03:41:56 2022 Diffie-Hellman initialized with 2048 bit key
Thu Jan 20 03:41:56 2022 CRL: loaded 1 CRLs from file /etc/openvpn/crl.pem
Thu Jan 20 03:41:56 2022 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 20 03:41:56 2022 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jan 20 03:41:56 2022 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
Thu Jan 20 03:41:56 2022 TUN/TAP device tun0 opened
Thu Jan 20 03:41:56 2022 TUN/TAP TX queue length set to 100
Thu Jan 20 03:41:56 2022 /sbin/ip link set dev tun0 up mtu 1500
Thu Jan 20 03:41:56 2022 /sbin/ip addr add dev tun0 local 192.168.255.1 peer 192.168.255.2
Thu Jan 20 03:41:56 2022 /sbin/ip route add 192.168.254.0/24 via 192.168.255.2
Thu Jan 20 03:41:56 2022 /sbin/ip route add 192.168.255.0/24 via 192.168.255.2
Thu Jan 20 03:41:56 2022 Could not determine IPv4/IPv6 protocol. Using AF_INET
Thu Jan 20 03:41:56 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Jan 20 03:41:56 2022 UDPv4 link local (bound): [AF_INET][undef]:1194
Thu Jan 20 03:41:56 2022 UDPv4 link remote: [AF_UNSPEC]
Thu Jan 20 03:41:56 2022 GID set to nogroup
Thu Jan 20 03:41:56 2022 UID set to nobody
Thu Jan 20 03:41:56 2022 MULTI: multi_init called, r=256 v=256
Thu Jan 20 03:41:56 2022 IFCONFIG POOL: base=192.168.255.4 size=62, ipv6=0
Thu Jan 20 03:41:56 2022 Initialization Sequence Completed

Alles anzeigen

Zoki · 20. Januar 2022

Does it still have the NET_ADMIN Capability?

Code

Thu Jan 20 03:15:28 2022 /sbin/ip route del 192.168.254.0/24

RTNETLINK answers: Operation not permitted
Thu Jan 20 03:15:28 2022 ERROR: Linux route delete command failed: external program exited with error status: 2
Thu Jan 20 03:15:28 2022 /sbin/ip route del 192.168.255.0/24
RTNETLINK answers: Operation not permitted

docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn

A reboot will not recreate the copntainer, but only start it. If in doubt, remove the container and rereate it.

stevedawg85 · 20. Januar 2022

Sure, I can recreate it, just trying to save myself 10-15 mins, but spending more time troubleshooting. I'll have to do that later.

I was able to run the suggested command FYI:

BTW - Only OPENVPN is using port 1194. idk why it says already allocated

Code

root@deathstar:~# docker run -v $OVPN_DATA:/etc/openvpn -d -p 1194:1194/udp --cap-add=NET_ADMIN kylemanna/openvpn
8cd700a66ff48e08f3e0ddd38ab3d46f4876485ed1f58fcc07136ea20faebe48
docker: Error response from daemon: driver failed programming external connectivity on endpoint dazzling_wilson (53fcf28e0b7c6965d6442de0c6f784ae61cd818c443ac1eacf2bee10562a5261): Bind for 0.0.0.0:1194 failed: port is already allocated.

Zoki · 20. Januar 2022

There is a container running. You have to top / rm it first.

gderf · 20. Januar 2022

Zitat von stevedawg85

I (the IP assignment in Portainer sill confuses me, does it look normal?)

172.* IP addresses belong to the container networking and are normal.

stevedawg85 · 20. Januar 2022

aww jeez, I'm an idiot. I had 2 OpenVPN's installed. forgot I installed first version during initial testing. Thanks for pointing me in right direction. i'll have to sort this out after work.

chente · 20. Januar 2022

Not directly related to your query, but you might want to take a look here

[How-To] Install Wireguard (VPN) in docker, server mode

Jetzt mitmachen!