I'm having an issue getting this container configured correctly. It runs fine when I disable the VPN option, but I cannot seem to get it to start up correctly with VPN enabled.
I'm using a custom VPN provider and have followed the instructions in Q3 here (http://lime-technology.com/forum/index.php?topic=45811.msg437674#msg437674). The container seems to start, because when tailing the supervisord.log file, I can see where the OpenVPN process is starting is the last thing in the log. However, I'm unable to browse to the WebUI as Chrome keeps saying "ERR_CONNECTION_REFUSED".
I have the ca.crt file and Wdc.key files referenced in the OVPN config file copied to the /config/openvpn folder alongside the OVPN config file, but I wasn't sure if these were needed or not with the STRONG_CERTS environment variable set to "no".
I've attached my OVPN config file as well as the output captured in the supervisord.log file.
Any help would be appreciated. I'm switching ISPs next week and would like to have this in place before getting on the new ISP.
Thanks,
Dan
client
# Disabled, as we pass this value via env var
;dev tun
# Disabled, as we pass this value via env var
;proto udp
# Disabled, as we pass this value via env var
;remote ge1-ovpn-udp.pointtoserver.com 53
persist-key
ca ca.crt
tls-auth Wdc.key 1
cipher AES-256-CBC
comp-lzo
verb 1
mute 20
route-method exe
route-delay 2
route 0.0.0.0 0.0.0.0
auth-user-pass credentials.conf
auth-retry interact
explicit-exit-notify 2
ifconfig-nowarn
auth-nocache
2017-01-29 21:47:24.985655 [info] Host is running unRAID
2017-01-29 21:47:25.062146 [info] System information Linux dc4ef101b35c 4.4.30-unRAID #2 SMP PREEMPT Sat Nov 5 12:09:05 PDT 2016 x86_64 GNU/Linux
2017-01-29 21:47:25.147296 [info] PUID defined as '99'
2017-01-29 21:47:25.235500 [info] PGID defined as '100'
2017-01-29 21:47:25.508916 [info] Permissions already set for volume mappings
2017-01-29 21:47:25.602171 [info] VPN_ENABLED defined as 'yes'
2017-01-29 21:47:25.687990 [info] VPN_PROV defined as 'custom'
2017-01-29 21:47:25.773275 [info] VPN_REMOTE defined as 'ge1-ovpn-udp.pointtoserver.com'
2017-01-29 21:47:25.857282 [info] VPN_PORT defined as '53'
2017-01-29 21:47:25.941624 [info] VPN_PROTOCOL defined as 'udp'
2017-01-29 21:47:26.026166 [info] LAN_NETWORK defined as '172.16.125.0/24'
2017-01-29 21:47:26.111106 [info] ADDITIONAL_PORTS defined as '8581'
2017-01-29 21:47:26.196295 [info] NAME_SERVERS defined as '8.8.8.8,37.235.1.174,8.8.4.4,37.235.1.177'
2017-01-29 21:47:26.280197 [info] VPN_USER defined as '<snip>'
2017-01-29 21:47:26.364340 [info] VPN_PASS defined as '<snip>'
2017-01-29 22:04:53.226430 [info] VPN_DEVICE_TYPE defined as 'tun'
2017-01-29 22:04:53.310577 [info] STRONG_CERTS defined as 'no'
2017-01-29 22:04:53.394274 [info] ENABLE_PRIVOXY defined as 'yes'
2017-01-29 22:04:54,189 CRIT Set uid to user 0
2017-01-29 22:04:54,190 INFO Included extra file "/etc/supervisor/conf.d/sabnzbdvpn.conf" during parsing
2017-01-29 22:04:54,194 INFO supervisord started with pid 12
2017-01-29 22:04:55,197 INFO spawned: 'checkproc-script' with pid 110
2017-01-29 22:04:55,201 INFO spawned: 'start-script' with pid 111
2017-01-29 22:04:55,204 INFO spawned: 'sabnzbd-script' with pid 112
2017-01-29 22:04:55,206 INFO spawned: 'privoxy-script' with pid 113
2017-01-29 22:04:55,219 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN
2017-01-29 22:04:55,219 INFO success: checkproc-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-01-29 22:04:55,219 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-01-29 22:04:55,220 INFO success: sabnzbd-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-01-29 22:04:55,220 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2017-01-29 22:04:55,221 DEBG 'sabnzbd-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid
2017-01-29 22:04:55,235 DEBG 'start-script' stdout output:
[info] VPN config file (ovpn extension) is located at /config/openvpn/Georgia-udp.ovpn
2017-01-29 22:04:55,357 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1
2017-01-29 22:04:55,365 DEBG 'start-script' stdout output:
[info] Adding 8.8.8.8 to /etc/resolv.conf
2017-01-29 22:04:55,372 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf
2017-01-29 22:04:55,379 DEBG 'start-script' stdout output:
[info] Adding 8.8.4.4 to /etc/resolv.conf
2017-01-29 22:04:55,386 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf
2017-01-29 22:04:55,401 DEBG 'start-script' stdout output:
[info] Adding 172.16.125.0/24 as route via docker eth0
2017-01-29 22:04:55,402 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------
2017-01-29 22:04:55,404 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.16.125.0/24 via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.6
2017-01-29 22:04:55,404 DEBG 'start-script' stdout output:
--------------------
2017-01-29 22:04:55,411 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables
2017-01-29 22:04:55,442 DEBG 'start-script' stdout output:
[info] Adding additional incoming port 8581 for eth0
2017-01-29 22:04:55,501 DEBG 'start-script' stdout output:
[info] Adding additional outgoing port 8581 for eth0
2017-01-29 22:04:55,522 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------
2017-01-29 22:04:55,524 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8581 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8581 -j ACCEPT
-A INPUT -s 172.16.125.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8581 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8581 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.16.125.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
2017-01-29 22:04:55,525 DEBG 'start-script' stdout output:
--------------------
[info] Starting OpenVPN...
2017-01-29 22:04:55,540 DEBG 'start-script' stdout output:
[info] OpenVPN started