docker4dayz

Hi, I am wondering if there might be a way to get email or some other notification from the container when the OpenVPN connection repeatedly fails? I do have an SMTP server available to me to route email through.

Ok, so my username belies my actual experience. I'm using this project to teach myself docker, bash scripting, and general linux server setup. But lemme see if I can respond to your above thoughts with what you need. So, here's the output of sudo iptables -L. Comparing this to what Ubuntu's Iptables How-To says is the default after a clean install, it does seem that I am running rules that are beyond what you get with a clean Ubuntu server install. I don't know what made that happen. Not really sure how disable these rules. Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy DROP) target prot opt source destination DOCKER-USER all -- anywhere anywhere DOCKER-ISOLATION all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED DOCKER all -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain DOCKER (1 references) target prot opt source destination ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8989 ACCEPT tcp -- anywhere 172.17.0.3 tcp dpt:5075 ACCEPT tcp -- anywhere 172.17.0.4 tcp dpt:7878 ACCEPT tcp -- anywhere 172.17.0.6 tcp dpt:8181 ACCEPT tcp -- anywhere 172.17.0.8 tcp dpt:9090 ACCEPT tcp -- anywhere 172.17.0.8 tcp dpt:http-alt ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:32469 ACCEPT udp -- anywhere 172.17.0.5 udp dpt:32414 ACCEPT udp -- anywhere 172.17.0.5 udp dpt:32413 ACCEPT udp -- anywhere 172.17.0.5 udp dpt:32412 ACCEPT udp -- anywhere 172.17.0.5 udp dpt:32410 ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:32400 ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:8324 ACCEPT tcp -- anywhere 172.17.0.5 tcp dpt:3005 ACCEPT udp -- anywhere 172.17.0.5 udp dpt:1900 Chain DOCKER-ISOLATION (1 references) target prot opt source destination RETURN all -- anywhere anywhere Chain DOCKER-USER (1 references) target prot opt source destination RETURN all -- anywhere anywhere Pretty sure this is not the case. I was able to use the SlickVPN Windows client on my laptop on my network without issue. EDIT: Well, I seem to have resolved the issue. It was the SlickVPN server I was connecting to. Turns out that the .ovpn file they tell you to download for Linux usage points to their Miami servers. I bet they were knocked out by the hurricane, hence the connection issues. I switched to another server from the list in the Windows client, and it connected with zero issues. And I verified it working using the "Check my torrent IP" torrent that TorGuard provides. Thanks for your help though. It's much appreciated!

I feel like I'm so close to getting this container set up using SlickVPN. But the container has managed to come up completely only once, and it still didn't really work. Currently, this is where I'm at. The supervisord.log seems to indicate a good start, but always ends up in some sort of loop with messages like these: 2017-09-17 22:43:11,828 DEBG 'start-script' stdout output: Sun Sep 17 22:43:11 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) Sun Sep 17 22:43:11 2017 TLS Error: TLS handshake failed My host can hit the internet just fine, and so can my other docker containers so I don't think network connectivity is the issue. I use the following script to create my container. Just so it's clear - check_root.sh checks that the script is executing under root privileges check_service_user.sh makes sure that the user in USERNAME exists, and parses out USERID and GROUPID for use later in the script create_shared_directory.sh makes sure DIRECTORY exists, and if it doesn't, creates it, chowns it to the deluge user and the media group (a group all my service accounts share) Also, ifconfig reports that my IP address is 192.168.1.230 and my netmask as 255.255.255.0, so I think I have my value for LAN_NETWORK right. #!/bin/bash . ~/check_root.sh USERNAME=deluge VPNUSER=$1 VPNPASS=$2 . ~/check_service_user.sh CONFIGDIR=/srv/delugevpn OPENVPNDIR=$CONFIGDIR/openvpn DOWNLOADSDIR=/srv/downloads/delugevpn INCOMPLETEDIR=$DOWNLOADSDIR/incomplete TVDIR=$DOWNLOADSDIR/tv MOVIESDIR=$DOWNLOADSDIR/movies DIRECTORY=$CONFIGDIR . ~/create_shared_directory.sh DIRECTORY=$OPENVPNDIR . ~/create_shared_directory.sh DIRECTORY=$DOWNLOADSDIR . ~/create_shared_directory.sh DIRECTORY=$INCOMPLETEDIR . ~/create_shared_directory.sh DIRECTORY=$TVDIR . ~/create_shared_directory.sh DIRECTORY=$MOVIESDIR . ~/create_shared_directory.sh chmod -R g+x $DOWNLOADSDIR echo Downloading SlickVPN config to $OPENVPNDIR curl https://files-slickvpn.netdna-ssl.com/config_files/SlickVPN.ovpn > $OPENVPNDIR/SlickVPN.ovpn chown $USERNAME:media $OPENVPNDIR/SlickVPN.ovpn echo Creating Deluge+OpenVPN+Privoxy Docker container with user: $USERNAME[uid=$USERID,gid=$GROUPID] docker run --restart=always \ -d \ --cap-add=NET_ADMIN \ --name=delugevpn \ -p 9905:8112 \ -p 9906:8118 \ -p 58846:58846 \ -p 58946:58946 \ -v $DOWNLOADSDIR:/data \ -v $CONFIGDIR:/config \ -v /etc/localtime:/etc/localtime:ro \ -e VPN_ENABLED=yes \ -e VPN_USER=$VPNUSER \ -e VPN_PASS=$VPNPASS \ -e VPN_PROV=custom \ -e ENABLE_PRIVOXY=yes \ -e LAN_NETWORK=192.168.1.0/24 \ -e NAME_SERVERS=208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4 \ -e DEBUG=true \ -e PGID=$GROUPID \ -e PUID=$USERID \ binhex/arch-delugevpn Anyone have an idea of what I'm doing wrong? supervisord.log SlickVPN.ovpn