Comments (4)
bubuntux
commented on August 23, 2024
1
Add network_mode: bridge
…On Mon, Feb 10, 2020, 3:36 AM Sandro Trianni ***@***.***> wrote:
I just found out that docker-compose is the problem here.
docker-compose.yml:
version: '3.4'
services:
vpn:
image: bubuntux/nordvpn
container_name: vpn
cap_add:
- net_admin
devices:
- /dev/net/tun
environment:
- USER=user
- PASS=pass
- TECHNOLOGY=NordLynx
- CONNECT=Germany
- DEBUG=on
restart: unless-stopped
Debug Log run by docker-compose:
vpn | + [[ -n '' ]]
vpn | + [[ '' =~ ^[0-9]+$ ]]
vpn | + NET_IFACE=eth0
vpn | ++ awk '$3 == "inet" {print $4}'
vpn | ++ ip -o addr show dev eth0
vpn | + DOCKER_NET=172.26.0.2/16
vpn | ++ awk '$3 == "inet6" {print $4; exit}'
vpn | ++ ip -o addr show dev eth0
vpn | + DOCKER_6NET=
vpn | + kill_switch
vpn | + iptables -F OUTPUT
vpn | + ip6tables -F OUTPUT
vpn | + iptables -P OUTPUT DROP
vpn | + ip6tables -P OUTPUT DROP
vpn | + iptables -A OUTPUT -o lo -j ACCEPT
vpn | + ip6tables -A OUTPUT -o lo -j ACCEPT
vpn | + [[ -n 172.26.0.2/16 ]]
vpn | + iptables -A OUTPUT -d 172.26.0.2/16 -j ACCEPT
vpn | + [[ -n '' ]]
vpn | + iptables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
vpn | + ip6tables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
vpn | + ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
vpn | + ip6tables -A OUTPUT -p udp -m udp --dport 51820 -j ACCEPT
vpn | + ip6tables -A OUTPUT -p tcp -m tcp --dport 1194 -j ACCEPT
vpn | + ip6tables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT
vpn | + ip6tables -A OUTPUT -o eth0 -d api.nordvpn.com -j ACCEPT
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + pkill nordvpnd
vpn | + rm -f /run/nordvpnd.sock
vpn | + sleep 0.5
vpn | + sg vpn -c nordvpnd
vpn | + nordvpn login -u user -p pass
+ setup_nordvpn
vpn | + [[ -n NordLynx ]]
vpn | + nordvpn set technology NordLynx
Technology is successfully set to 'NordLynx'.
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n 172.26.0.2/16 ]]
vpn | + nordvpn whitelist add subnet 172.26.0.2/16
Subnet 172.26.0.0/16 is whitelisted successfully.
vpn | + [[ -n '' ]]
vpn | + [[ -n on ]]
vpn | + nordvpn settings
Technology: NordLynx
vpn | Kill Switch: disabled
vpn | CyberSec: disabled
vpn | Notify: disabled
vpn | Auto-connect: disabled
vpn | DNS: disabled
vpn | Whitelisted subnets:
vpn | 172.26.0.0/16
vpn | + nordvpn connect Germany
Please enter your login details.
vpn | Stdin/Stdout should be terminal
vpn | + exit 1
It works flawlessly if i run:
docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name vpntest \
-e USER=user -e PASS=pass \
-e CONNECT=Germany -e TECHNOLOGY=NordLynx -e DEBUG=on -d bubuntux/nordvpn
Debug log with docker run:
+ [[ -n '' ]]
+ [[ '' =~ ^[0-9]+$ ]]
+ NET_IFACE=eth0
++ awk '$3 == "inet" {print $4}'
++ ip -o addr show dev eth0
+ DOCKER_NET=172.17.0.2/16
++ awk '$3 == "inet6" {print $4; exit}'
++ ip -o addr show dev eth0
+ DOCKER_6NET=
+ kill_switch
+ iptables -F OUTPUT
+ ip6tables -F OUTPUT
+ iptables -P OUTPUT DROP
+ ip6tables -P OUTPUT DROP
+ iptables -A OUTPUT -o lo -j ACCEPT
+ ip6tables -A OUTPUT -o lo -j ACCEPT
+ [[ -n 172.17.0.2/16 ]]
+ iptables -A OUTPUT -d 172.17.0.2/16 -j ACCEPT
+ [[ -n '' ]]
+ iptables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
+ ip6tables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m udp --dport 51820 -j ACCEPT
+ ip6tables -A OUTPUT -p tcp -m tcp --dport 1194 -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT
+ ip6tables -A OUTPUT -o eth0 -d api.nordvpn.com -j ACCEPT
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ pkill nordvpnd
+ rm -f /run/nordvpnd.sock
+ sleep 0.5
+ sg vpn -c nordvpnd
+ nordvpn login -u user -p pass
Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.
...
System Info:
docker --version
Docker version 19.03.5, build 633a0ea838
docker-compose --version
docker-compose version 1.25.4, build 8d51620a
uname -a
Linux v22019058359789001 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux
What i found out so far:
- user & pass is parsed correctly
- i bashed into the service and manually called nordvpn with correct
credentials, but it just doesn't have internet access
- i even tried sg vpn -c "nordvpn login -u user -p pass"
- nordvpn has internet access when i run iptables -A OUTPUT -m owner
--gid-owner root -j ACCEPT
- as you can see in my initial post the nordvpnd service is running as
the vpn group
- iptables-nft are not working either
- technology nordlynx or openvpn doesn't matter
Can you confirm this issue with docker-compose on your system?
Thanks for your help
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#57?email_source=notifications&email_token=AADE5EWKK52RJ7NQDIQMFGLRCEU3NA5CNFSM4KRSVI7KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELIAOFA#issuecomment-584058644>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADE5ESE76XJCLR2223EKZ3RCEU3NANCNFSM4KRSVI7A>
.
from nordvpn.
bubuntux
commented on August 23, 2024
you need to provide the docker cli command used, include DEBUG=on and also provide full logs
also please pull and try again, i just pushed bin into latest tag
from nordvpn.
5andr0
commented on August 23, 2024
I just found out that docker-compose is the problem here.
docker-compose.yml:
version: '3.4' services: vpn: image: bubuntux/nordvpn container_name: vpn cap_add: - net_admin devices: - /dev/net/tun environment: - USER=user - PASS=pass - TECHNOLOGY=NordLynx - CONNECT=Germany - DEBUG=on restart: unless-stopped
Debug Log run by docker-compose:
vpn | + [[ -n '' ]]
vpn | + [[ '' =~ ^[0-9]+$ ]]
vpn | + NET_IFACE=eth0
vpn | ++ awk '$3 == "inet" {print $4}'
vpn | ++ ip -o addr show dev eth0
vpn | + DOCKER_NET=172.26.0.2/16
vpn | ++ awk '$3 == "inet6" {print $4; exit}'
vpn | ++ ip -o addr show dev eth0
vpn | + DOCKER_6NET=
vpn | + kill_switch
vpn | + iptables -F OUTPUT
vpn | + ip6tables -F OUTPUT
vpn | + iptables -P OUTPUT DROP
vpn | + ip6tables -P OUTPUT DROP
vpn | + iptables -A OUTPUT -o lo -j ACCEPT
vpn | + ip6tables -A OUTPUT -o lo -j ACCEPT
vpn | + [[ -n 172.26.0.2/16 ]]
vpn | + iptables -A OUTPUT -d 172.26.0.2/16 -j ACCEPT
vpn | + [[ -n '' ]]
vpn | + iptables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
vpn | + ip6tables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
vpn | + ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
vpn | + ip6tables -A OUTPUT -p udp -m udp --dport 51820 -j ACCEPT
vpn | + ip6tables -A OUTPUT -p tcp -m tcp --dport 1194 -j ACCEPT
vpn | + ip6tables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT
vpn | + ip6tables -A OUTPUT -o eth0 -d api.nordvpn.com -j ACCEPT
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + pkill nordvpnd
vpn | + rm -f /run/nordvpnd.sock
vpn | + sleep 0.5
vpn | + sg vpn -c nordvpnd
vpn | + nordvpn login -u user -p pass
+ setup_nordvpn
vpn | + [[ -n NordLynx ]]
vpn | + nordvpn set technology NordLynx
Technology is successfully set to 'NordLynx'.
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n '' ]]
vpn | + [[ -n 172.26.0.2/16 ]]
vpn | + nordvpn whitelist add subnet 172.26.0.2/16
Subnet 172.26.0.0/16 is whitelisted successfully.
vpn | + [[ -n '' ]]
vpn | + [[ -n on ]]
vpn | + nordvpn settings
Technology: NordLynx
vpn | Kill Switch: disabled
vpn | CyberSec: disabled
vpn | Notify: disabled
vpn | Auto-connect: disabled
vpn | DNS: disabled
vpn | Whitelisted subnets:
vpn | 172.26.0.0/16
vpn | + nordvpn connect Germany
Please enter your login details.
vpn | Stdin/Stdout should be terminal
vpn | + exit 1
It works flawlessly if i run:
docker run -ti --cap-add=NET_ADMIN --device /dev/net/tun --name vpntest \
-e USER=user -e PASS=pass \
-e CONNECT=Germany -e TECHNOLOGY=NordLynx -e DEBUG=on -d bubuntux/nordvpn
Debug log with docker run:
+ [[ -n '' ]]
+ [[ '' =~ ^[0-9]+$ ]]
+ NET_IFACE=eth0
++ awk '$3 == "inet" {print $4}'
++ ip -o addr show dev eth0
+ DOCKER_NET=172.17.0.2/16
++ awk '$3 == "inet6" {print $4; exit}'
++ ip -o addr show dev eth0
+ DOCKER_6NET=
+ kill_switch
+ iptables -F OUTPUT
+ ip6tables -F OUTPUT
+ iptables -P OUTPUT DROP
+ ip6tables -P OUTPUT DROP
+ iptables -A OUTPUT -o lo -j ACCEPT
+ ip6tables -A OUTPUT -o lo -j ACCEPT
+ [[ -n 172.17.0.2/16 ]]
+ iptables -A OUTPUT -d 172.17.0.2/16 -j ACCEPT
+ [[ -n '' ]]
+ iptables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
+ ip6tables -A OUTPUT -m owner --gid-owner vpn -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m udp --dport 51820 -j ACCEPT
+ ip6tables -A OUTPUT -p tcp -m tcp --dport 1194 -j ACCEPT
+ ip6tables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT
+ ip6tables -A OUTPUT -o eth0 -d api.nordvpn.com -j ACCEPT
+ [[ -n '' ]]
+ [[ -n '' ]]
+ [[ -n '' ]]
+ pkill nordvpnd
+ rm -f /run/nordvpnd.sock
+ sleep 0.5
+ sg vpn -c nordvpnd
+ nordvpn login -u user -p pass
Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.
...
System Info:
docker --version
Docker version 19.03.5, build 633a0ea838
docker-compose --version
docker-compose version 1.25.4, build 8d51620a
uname -a
Linux v22019058359789001 4.19.0-6-amd64 #1 SMP Debian 4.19.67-2+deb10u2 (2019-11-11) x86_64 GNU/Linux
What i found out so far:
- user & pass is parsed correctly
- i bashed into the service and manually called nordvpn with correct credentials, but it just doesn't have internet access
- i even tried sg vpn -c "nordvpn login -u user -p pass"
- nordvpn has internet access when i run
iptables -A OUTPUT -m owner --gid-owner root -j ACCEPT - as you can see in my initial post the nordvpnd service is running as the vpn group
- iptables-nft are not working either
- technology nordlynx or openvpn doesn't matter
Can you confirm this issue with docker-compose on your system?
Thanks for your help
from nordvpn.
5andr0
commented on August 23, 2024
No idea why, but seems to work.
Thanks!
from nordvpn.
Related Issues (20)
- Whoops! Cannot reach System Daemon. Invalid token. ¯\_(ツ)_/¯ HOT 18
- Error pulling latest tag HOT 1
- Update NordVPN HOT 6
- NordVPN Connects but no containers have internet access HOT 13
- Container does not connect when MFA is enabled HOT 1
- Container is failing on nord_login after upgrading tot he latest version HOT 3
- Qbittorrent not working through container HOT 1
- I only want to use Meshnet HOT 4
- Unable to pull latest NordVPN image? HOT 11
- Can it be used as proxy server?
- Invalid Token error even with fresh token - Synology NAS HOT 20
- iptables error on synology 1621 when trying to connect HOT 1
- how will it have to work to watch netflix ? HOT 1
- Problem with connection HOT 2
- How to block all traffic, as soon as VPN tunnel is down HOT 1
- Nord Keeps connecting to ' HOT 2
- Unable to ping or use network HOT 1
- Connect to US city
- Bandwith throttled in docker vs running nordvpn natively
- permission denied? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nordvpn.