Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

network issue with last docker package (Docker version 27.4.0, build bde2b89) #295

Closed
olih10200 opened this issue Dec 10, 2024 · 4 comments
Closed

network issue with last docker package (Docker version 27.4.0, build bde2b89) #295

olih10200 opened this issue Dec 10, 2024 · 4 comments

Comments

@olih10200
Copy link

Hi Folks,

The last update of docker.io broke openvpn service :(

Installed packages on host:
ii docker-buildx-plugin 0.19.2-1~debian.12~bookworm amd64 Docker Buildx cli plugin. ii docker-ce 5:27.4.0-1~debian.12~bookworm amd64 Docker: the open-source application container engine ii docker-ce-cli 5:27.4.0-1~debian.12~bookworm amd64 Docker CLI: the open-source application container engine ii docker-ce-rootless-extras 5:27.4.0-1~debian.12~bookworm amd64 Rootless support for Docker. ii docker-compose-plugin 2.31.0-1~debian.12~bookworm amd64 Docker Compose (V2) plugin for the Docker CLI.

the .yaml file (almost the default):
`
#version: '3'

services:
openvpn:
build:
context: .
dockerfile: Dockerfile.openvpn
image: openvpn:local
command: /etc/openvpn/setup/configure.sh
environment:
OVPN_SERVER_NET: "192.168.100.0"
OVPN_SERVER_MASK: "255.255.255.0"
OVPN_PASSWD_AUTH: "true"
cap_add:
- NET_ADMIN
ports:
- 7777:1194 # for openvpn
- 8090:8080 # for ovpn-admin because of network_mode
volumes:
- ./easyrsa_master:/etc/openvpn/easyrsa
- ./ccd_master:/etc/openvpn/ccd
ovpn-admin:
build:
context: .
image: ovpn-admin:local
command: /app/ovpn-admin
environment:
OVPN_DEBUG: "true"
OVPN_VERBOSE: "true"
OVPN_NETWORK: "192.168.100.0/24"
OVPN_CCD: "true"
OVPN_CCD_PATH: "/mnt/ccd"
EASYRSA_PATH: "/mnt/easyrsa"
OVPN_SERVER: "#####.#####.###:7777:tcp"
OVPN_INDEX_PATH: "/mnt/easyrsa/pki/index.txt"
OVPN_AUTH: "true"
OVPN_AUTH_DB_PATH: "/mnt/easyrsa/pki/users.db"
LOG_LEVEL: "debug"
network_mode: service:openvpn
volumes:
- ./easyrsa_master:/mnt/easyrsa
- ./ccd_master:/mnt/ccd
`

The output of last "start.sh":
ovpn-admin-err.txt

Need to downgrade docker.io, or there's a new option to make openvpn work again?

Thx: Olivér
@hacksysteam
Copy link

hacksysteam commented Dec 13, 2024
edited
Loading

this is due to recent changes in runc (containerd/containerd#11078)

Relevant discussions:

containerd/containerd#11078
opencontainers/runc#3468

Suggested fix:

add these to docker-compose.yml in openvpn service

devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
      - NET_RAW

@olih10200
Copy link
Author

thank you very much @hacksysteam, it works perfectly

also ask the team to apply the changes above in docker-compose.yaml

@olih10200
Copy link
Author

... closin'

@shurup
Copy link
Member

shurup commented Dec 17, 2024

@hacksysteam, thank you for providing this fix.
@olih10200, thank you for confirming it works for you.

@EvgeniiAl FYI

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shurup @hacksysteam @olih10200