Jump to content
MarkusMcNugen

[Support] MarkusMcNugens Docker Repository

54 posts in this topic Last Reply

Recommended Posts

Hey, So I am running into an odd issue. I have the docker setup and I have changed the WEBUI ports to 6010 and changed it in the config file and the lan network to 192.168.0.0/24. When I try to connect to the webui it fails, if I turn the vpn off and try it works fine. Any thoughts?

 

2018-12-30 19:54:15.085103 [info] VPN_ENABLED defined as 'yes'
2018-12-30 19:54:15.108729 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/US_Las_Vegas.ovpn
dos2unix: converting file /config/openvpn/US_Las_Vegas.ovpn to Unix format...
2018-12-30 19:54:15.139019 [info] VPN remote line defined as 'us-lasvegas.privateinternetaccess.com 1198'
2018-12-30 19:54:15.159417 [info] VPN_REMOTE defined as 'us-lasvegas.privateinternetaccess.com'
2018-12-30 19:54:15.179087 [info] VPN_PORT defined as '1198'
2018-12-30 19:54:15.199322 [info] VPN_PROTOCOL defined as 'udp'
2018-12-30 19:54:15.218725 [info] VPN_DEVICE_TYPE defined as 'tun0'
2018-12-30 19:54:15.237422 [info] LAN_NETWORK defined as '192.168.0.0/24'
2018-12-30 19:54:15.257325 [info] NAME_SERVERS defined as '8.8.8.8,8.8.4.4'
2018-12-30 19:54:15.276949 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2018-12-30 19:54:15.298100 [info] Adding 8.8.8.8 to resolv.conf
2018-12-30 19:54:15.316610 [info] Adding 8.8.4.4 to resolv.conf
2018-12-30 19:54:15.334796 [info] Starting OpenVPN...
Sun Dec 30 19:54:15 2018 WARNING: file 'credentials.conf' is group or others accessible
Sun Dec 30 19:54:15 2018 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 5 2018
Sun Dec 30 19:54:15 2018 library versions: OpenSSL 1.1.0g 2 Nov 2017, LZO 2.08
Sun Dec 30 19:54:15 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]199.127.56.115:1198
Sun Dec 30 19:54:15 2018 UDP link local: (not bound)
Sun Dec 30 19:54:15 2018 UDP link remote: [AF_INET]199.127.56.115:1198
Sun Dec 30 19:54:15 2018 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Dec 30 19:54:18 2018 [d2c3cc3a096826d7413d1c3a2cf62c6f] Peer Connection Initiated with [AF_INET]199.127.56.115:1198
Sun Dec 30 19:54:19 2018 TUN/TAP device tun0 opened
Sun Dec 30 19:54:19 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Dec 30 19:54:19 2018 /sbin/ip link set dev tun0 up mtu 1500
Sun Dec 30 19:54:19 2018 /sbin/ip addr add dev tun0 local 10.6.10.6 peer 10.6.10.5
Sun Dec 30 19:54:19 2018 Initialization Sequence Completed
2018-12-30 19:54:19.366890 [info] WebUI port defined as 6010
2018-12-30 19:54:19.387864 [info] Adding 192.168.0.0/24 as route via docker eth0
RTNETLINK answers: File exists
2018-12-30 19:54:19.407133 [info] ip route defined as follows...
--------------------
0.0.0.0/1 via 10.6.10.5 dev tun0
default via 192.168.0.1 dev eth0
10.6.10.1 via 10.6.10.5 dev tun0
10.6.10.5 dev tun0 proto kernel scope link src 10.6.10.6
128.0.0.0/1 via 10.6.10.5 dev tun0
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.152
199.127.56.115 via 192.168.0.1 dev eth0
--------------------
iptable_mangle 16384 2
ip_tables 24576 5 iptable_filter,iptable_nat,iptable_mangle
2018-12-30 19:54:19.429013 [info] iptable_mangle support detected, adding fwmark for tables
2018-12-30 19:54:19.460735 [info] Docker network defined as 192.168.0.0/24
2018-12-30 19:54:19.500971 [info] Incoming connections port defined as 8999
2018-12-30 19:54:19.522651 [info] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 6010 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 6010 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 8999 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.0.0/24 -d 192.168.0.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 6010 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 6010 -j ACCEPT
-A OUTPUT -d 192.168.0.0/24 -o eth0 -p tcp -m tcp --sport 8999 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
Adding 100 group
groupadd: GID '100' already exists
Adding 99 user
useradd: UID 99 is not unique
2018-12-30 19:54:19.560569 [info] UMASK defined as '002'
2018-12-30 19:54:19.583026 [info] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log.
2018-12-30 19:54:20.609145 [info] qBittorrent PID: 209
2018-12-30 19:54:20.610596 [info] Started qBittorrent daemon successfully...

Share this post


Link to post

Hi @MarkusMcNugen

 

I don't suppose you'd be able to help with this issue I'm facing with your OpenConnect/ocserv image?

 

Any and every connection I have disconnects after 240 seconds (which, coincidentally, is the auth-timeout period). I've tried connecting to my VPN server via OpenConnect on Android and via CLI on a Ubuntu machine but they both disconnect after 240 seconds and then reconnect all over again.

 

To rule out any errant config issues on my part, I tried setting up a "clean/default config" version of your image without any changes to the ocserv.conf file (i.e literally just running this:)

docker run --privileged  -d -p 4443:4443 -p 4443:4443/udp markusmcnugen/openconnect

And yet despite this, my client devices will still disconnect after 240 seconds only to reconnect all over again.

 

On my Ubuntu box, this is the output when the 240 seconds lapse:

.....stuff beforehand elided for brevity
DTLS option X-DTLS-Content-Encoding : oc-lz4
DTLS initialised. DPD 90, Keepalive 32400
Connected as 192.168.1.182, using SSL + lz4
Established DTLS connection (using GnuTLS). Ciphersuite (DTLS1.2)-(PSK)-(AES-256-GCM).
DTLS connection compression using LZ4.
Initiating IPv4 MTU detection (min=717, max=1434)
No change in MTU after detection (was 1434)
Connect Banner:
| Welcome to {{$SERVER_NAME}}

Error: Invalid prefix for given prefix length.
SSL read error: The TLS connection was non-properly terminated.; reconnecting.
SSL negotiation with mydomain.tld
Server certificate verify failed: signer not found
Connected to HTTPS on mydomain.tld
TCP_INFO rcv mss 1428, snd mss 1448, adv mss 1448, pmtu 1500
Got CONNECT response: HTTP/1.1 200 CONNECTED

 

In particular, it's the line that says "SSL read error: The TLS connection was non-properly terminated.; reconnecting." which seems to be causing all of this I think?

 

Any thoughts would be appreciated.

 

And of course, happy new year :)

Share this post


Link to post
Posted (edited)

Trying to get the SFTP docker working but I'm having some trouble. I've read the github page but it isn't exactly clear.

 

So far I have created the users.conf file and added a single user as mentioned on the github page. The container now starts, but I am unsure whether or not I am supposed to run it in 'host' or 'bridge' or something else. It's just running on port 22. As follows:

 

kha6twBM.png

 

 

I haven't set a directory yet to share, but I want to share the main storage directory. In this case it's "/tank"

 

The problem is, that I cannot even log in yet with Filezilla on my Windows PC. The connection just keeps timing out. I don't understand why.

 

Can I get some help?

Edited by plantsandbinary

Share this post


Link to post

Hi MarkusMcNugens,

 

I've installed the sftp docker, configured users with users.conf, and added user keys. I can see that the docker created the users appropriately and copied the user keys to their respective authorized_keys files as well as copied the userkey files to their respective folders correctly. The problem I'm having is that when I connect to the SFTP server, I'm able to log in without using my userkey in my client (only the password is required). I've restarted the docker, but the issue persists. 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now