nickkjolsing / dockermullvadvpn Goto Github PK

View Code? Open in Web Editor NEW

81.0 1.0 9.0 48 KB

Mullvad VPN container tutorial for docker

License: GNU General Public License v3.0

Dockerfile 100.00%

docker mullvad vpn tutorial container

dockermullvadvpn's People

Stargazers

Watchers

Forkers

theahmadchand abdul-21 jrhoads20 aruneshmathur metaljerk meltingloots sym0nd0 slordh subi3wr3x

dockermullvadvpn's Issues

Error - Configuration File Missing

Greetings.

Getting the following error and the container keeps restarting

ERROR: No configuration file found. Please check your mount and file permissions. Exiting.

I think I don't have the correct format of the files of the config

Can you please specify which platform/OS and config files you have used for that setup?

Choose your platform (Windows - MacOS - Linux .....?)

I tried the following:

Setup:
Synology NAS - Docker - Portainer

Example when you select Linux

Windows

Despite successful VPN connection, cannot connect to internet in container (wget and ping)

I have setup the container on my QNAP NAS and I managed to configure it correctly so that it:
Will not be killed instantly by the QNAP non-native OpenVPN instance Kill Daemon
Use the correct .ovpn config files and .crt to connect to mullvad correctly

After editing the compose file and starting up the container, I can see in the console that OpenVPN connects.

According to the tutorial I now have to

/bin/sh

into the container and use

wget -qO- http://ipecho.net/plain | xargs echo

to check the containers public IP to make sure the traffic is really routed through the vpn tunnel.

But I noticed that, despite the successful OpenVPN connection the container does not seem to be able to connect to the internet.

I get a bad address in response.

I then tried

curl

but unfortunately, it is not installed. Neither is

apt-get

I've read, that maybe it is because of bad DNS configuration so I tried

ping 0
ping 192.168.178.1 (Local Internet Router)

sucessfully. But...

ping 8.8.8.8

returns nothing. I tried switching

network_mode: bridge/host

but the errors remain the same. What else can I try? Or is it correct, that I can't access the Internet inside the container anymore? Maybe the default interface in the container shell does not use the established vpn tunnel?

I created this container in order to route another containers traffic through the vpn. But I was not able to try yet.

I am not an IT expert and don't know much about docker networking. I rely on QNAPs Container Station automatic setup of virtual switches and interfaces and it worked so far.

I have two other containers running (HomeBridge and pi-hole) who don't have any connectivity issues.

The HomeBridge container runs in NAT mode and the pi-hole got his own IP adress on my network. So general routing seems to work on my QNAP.

My compose file

version: "3"
services:
  openvpn-client:
    image: yacht7/openvpn-client
    container_name: openvpn-client
    network_mode: bridge
    cap_add:
        - NET_ADMIN                         
    environment: 
        - KILL_SWITCH=on                        
        - FORWARDED_PORTS=54975                  
        - SUBNETS=192.168.178.0/24,192.168.178.0/24  
    devices:
        - /dev/net/tun                      
    volumes:
        - /share/Container/mullvad:/data/vpn    
    ports:
    - 5800:5800
    - 5900:5900
    - 80:80
    - 443:443
    - 3129:3129                         
    restart: unless-stopped

Container Console

---- Running with the following variables ----
Kill switch: on
Tinyproxy: off
Shadowsocks: off
Whitelisting subnets: 192.168.178.0/24,192.168.178.0/24
Using configuration file: /data/vpn/mullvad_md_kiv.conf
Using OpenVPN log level: 3

Creating /data/vpn/mullvad_md_kiv.conf.modified and making required changes to that file.
Changes made.

Creating VPN kill switch and local routes.
Allowing established and related connections...
Allowing loopback connections...
Allowing Docker network connections...
Allowing specified subnets...
RTNETLINK answers: File exists
Allowing remote servers in configuration file...
  Using:
    md-kiv-001.mullvad.net (IP:178.175.142.194 PORT:53)
Allowing connections over VPN interface...
Allowing connections over VPN interface to forwarded ports...
Preventing anything else...
iptables rules created and routes configured.

Running OpenVPN client.

Wed Dec 22 07:22:20 2021 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Wed Dec 22 07:22:20 2021 WARNING: file 'mullvad_userpass.txt' is group or others accessible
Wed Dec 22 07:22:20 2021 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Wed Dec 22 07:22:20 2021 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Wed Dec 22 07:22:20 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Dec 22 07:22:20 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]178.175.142.194:53
Wed Dec 22 07:22:20 2021 Socket Buffers: R=[819200->1048576] S=[819200->1048576]
Wed Dec 22 07:22:20 2021 UDPv4 link local: (not bound)
Wed Dec 22 07:22:20 2021 UDPv4 link remote: [AF_INET]178.175.142.194:53
Wed Dec 22 07:22:20 2021 TLS: Initial packet from [AF_INET]178.175.142.194:53, sid=3de8a366 b49ace25
Wed Dec 22 07:22:20 2021 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, [email protected]
Wed Dec 22 07:22:20 2021 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v4, [email protected]
Wed Dec 22 07:22:20 2021 VERIFY KU OK
Wed Dec 22 07:22:20 2021 Validating certificate extended key usage
Wed Dec 22 07:22:20 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Dec 22 07:22:20 2021 VERIFY EKU OK
Wed Dec 22 07:22:20 2021 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=md-kiv-001.mullvad.net, [email protected]
Wed Dec 22 07:22:20 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Wed Dec 22 07:22:20 2021 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
Wed Dec 22 07:22:20 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
Wed Dec 22 07:22:20 2021 [md-kiv-001.mullvad.net] Peer Connection Initiated with [AF_INET]178.175.142.194:53
Wed Dec 22 07:22:21 2021 SENT CONTROL [md-kiv-001.mullvad.net]: 'PUSH_REQUEST' (status=1)
Wed Dec 22 07:22:26 2021 SENT CONTROL [md-kiv-001.mullvad.net]: 'PUSH_REQUEST' (status=1)
Wed Dec 22 07:22:26 2021 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.7.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.7.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:53::1001/64 fdda:d0d0:cafe:53::,ifconfig 10.7.0.3 255.255.0.0,peer-id 1,cipher AES-256-GCM'
Wed Dec 22 07:22:26 2021 Pushed option removed by filter: 'route-ipv6 0000::/2'
Wed Dec 22 07:22:26 2021 Pushed option removed by filter: 'route-ipv6 4000::/2'
Wed Dec 22 07:22:26 2021 Pushed option removed by filter: 'route-ipv6 8000::/2'
Wed Dec 22 07:22:26 2021 Pushed option removed by filter: 'route-ipv6 C000::/2'
Wed Dec 22 07:22:26 2021 Pushed option removed by filter: 'ifconfig-ipv6 fdda:d0d0:cafe:53::1001/64 fdda:d0d0:cafe:53::'
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: compression parms modified
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: --socket-flags option modified
Wed Dec 22 07:22:26 2021 NOTE: setsockopt TCP_NODELAY=1 failed
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: --ifconfig/up options modified
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: route options modified
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: route-related options modified
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: peer-id set
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: adjusting link_mtu to 1624
Wed Dec 22 07:22:26 2021 OPTIONS IMPORT: data channel crypto options modified
Wed Dec 22 07:22:26 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Dec 22 07:22:26 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Dec 22 07:22:26 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Dec 22 07:22:26 2021 ROUTE_GATEWAY 10.0.3.1/255.255.255.0 IFACE=eth0 HWADDR=02:42:0a:00:03:02
Wed Dec 22 07:22:26 2021 TUN/TAP device tun0 opened
Wed Dec 22 07:22:26 2021 TUN/TAP TX queue length set to 100
Wed Dec 22 07:22:26 2021 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 22 07:22:26 2021 /sbin/ip addr add dev tun0 10.7.0.3/16 broadcast 10.7.255.255
Wed Dec 22 07:22:26 2021 /etc/openvpn/up.sh tun0 1500 1552 10.7.0.3 255.255.0.0 init
Wed Dec 22 07:22:26 2021 /sbin/ip route add 178.175.142.194/32 via 10.0.3.1
Wed Dec 22 07:22:26 2021 /sbin/ip route add 0.0.0.0/1 via 10.7.0.1
Wed Dec 22 07:22:26 2021 /sbin/ip route add 128.0.0.0/1 via 10.7.0.1
Wed Dec 22 07:22:26 2021 Initialization Sequence Completed

`KILL_SWITCH=` value is incorrect

According to the documentation for the docker image that this repo uses, the correct value for KILL_SWITCH= should be on/off, not a boolean true/false.

Cannot resolve host address

I'm unable to set it up, keep getting some warnings and then Cannot resolve host address and Could not determine IPv4/IPv6 protocol errors. The logs below go on like this forever. I'm trying to run this using WSL, although I'm not sure if that's what it's about.

Running OpenVPN client.

Sat Nov 13 17:32:27 2021 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sat Nov 13 17:32:27 2021 WARNING: file 'mullvad_userpass.txt' is group or others accessible
Sat Nov 13 17:32:27 2021 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Sat Nov 13 17:32:27 2021 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Sat Nov 13 17:32:27 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 13 17:32:32 2021 RESOLVE: Cannot resolve host address: de-fra-203.mullvad.net:53 (Try again)
Sat Nov 13 17:32:37 2021 RESOLVE: Cannot resolve host address: de-fra-203.mullvad.net:53 (Try again)
Sat Nov 13 17:32:37 2021 Could not determine IPv4/IPv6 protocol
Sat Nov 13 17:32:37 2021 SIGUSR1[soft,init_instance] received, process restarting
Sat Nov 13 17:32:37 2021 Restart pause, 5 second(s)
Sat Nov 13 17:32:42 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Nov 13 17:32:47 2021 RESOLVE: Cannot resolve host address: de-fra-007.mullvad.net:53 (Try again)
Sat Nov 13 17:32:52 2021 RESOLVE: Cannot resolve host address: de-fra-007.mullvad.net:53 (Try again)
Sat Nov 13 17:32:52 2021 Could not determine IPv4/IPv6 protocol
Sat Nov 13 17:32:52 2021 SIGUSR1[soft,init_instance] received, process restarting
Sat Nov 13 17:32:52 2021 Restart pause, 5 second(s)

I think there is a mistake in your description

Like you have shown with transmission, I have a docker container running mysql ... port 3306
I want to be able to access it - but it is behind the openvnc-client mullvad "gateway"

Si how should I need to configure the ports to access it from the Mullvad-network - assuming that my opened port by mullvad is 54949?

Regards,
Martin

[Q] Connecting from multiple machines

This is not an issue, but rather, a question. I found your tutorial VERY helpful for my use case and was able to reproduce it successfully. But I want to know if it's possible to connect docker containers running on other machines to one OpenVPN container running on one device.

That is, I have an active OpenVPN connection container in Device a, and I want to connect to that same connection in containers running on Device b, Device c, etc. Any thoughts?

Thank you very much!

Web UI ip and port for hypothetical transmission setup

Could you add the right ip and port for people to connect to the web ui if they follow your hypothetical Transmission setup? Using the local ip and port 5665 does not seem to work. Asking for a friend who cannot find the web ui...

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble