Comments (5)
It probably wants more permissions to run (on 16.10's kernel) now?
https://unix.stackexchange.com/questions/390184/dmesg-read-kernel-buffer-failed-permission-denied
Can you try --privileged
instead of --cap-add NET_ADMIN
?
from softethervpn.
I am having a similar issue where afer the key and user setup it fails when running this off the alpine dockerfile. Here is the error I got
`# Creating user(s): user8071
[initial setup OK]
dmesg: klogctl: Operation not permitted`
from softethervpn.
I digged more. Ran sudo /usr/lib/NetworkManager/nm-l2tp-service --debug
. Here is what I get
nm-l2tp[15142] <debug> nm-l2tp-service (version 1.2.8) starting...
nm-l2tp[15142] <debug> uses default --bus-name "org.freedesktop.NetworkManager.l2tp"
nm-l2tp[15142] <info> ipsec enable flag: yes
** Message: Check port 1701
connection
id : "Raf Server" (s)
uuid : "60c04ee3-c9d9-4a34-9404-de26661cb366" (s)
interface-name : NULL (sd)
type : "vpn" (s)
permissions : ["user:expert:"] (s)
autoconnect : FALSE (s)
autoconnect-priority : 0 (sd)
timestamp : 0 (sd)
read-only : FALSE (sd)
zone : NULL (sd)
master : NULL (sd)
slave-type : NULL (sd)
autoconnect-slaves : ((NMSettingConnectionAutoconnectSlaves) NM_SETTING_CONNECTION_AUTOCONNECT_SLAVES_DEFAULT) (sd)
secondaries : [] (s)
gateway-ping-timeout : 0 (sd)
metered : ((NMMetered) NM_METERED_UNKNOWN) (sd)
lldp : -1 (sd)
ipv6
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x2509280) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x2519a60) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
ip6-privacy : ((NMSettingIP6ConfigPrivacy) NM_SETTING_IP6_CONFIG_PRIVACY_DISABLED) (s)
addr-gen-mode : 1 (sd)
ipv4
method : "auto" (s)
dns : [] (s)
dns-search : [] (s)
dns-options : NULL (sd)
dns-priority : 0 (sd)
addresses : ((GPtrArray*) 0x2519940) (s)
gateway : NULL (sd)
routes : ((GPtrArray*) 0x2519920) (s)
route-metric : -1 (sd)
ignore-auto-routes : FALSE (sd)
ignore-auto-dns : FALSE (sd)
dhcp-hostname : NULL (sd)
dhcp-send-hostname : TRUE (sd)
never-default : FALSE (sd)
may-fail : TRUE (sd)
dad-timeout : -1 (sd)
dhcp-timeout : 0 (sd)
dhcp-client-id : NULL (sd)
dhcp-fqdn : NULL (sd)
vpn
service-type : "org.freedesktop.NetworkManager.l2tp" (s)
user-name : "expert" (s)
persistent : FALSE (sd)
data : ((GHashTable*) 0x251ad80) (s)
secrets : ((GHashTable*) 0x251ade0) (s)
timeout : 0 (sd)
nm-l2tp[15142] <info> starting ipsec
Stopping strongSwan IPsec failed: starter is not running
Starting strongSwan 5.3.5 IPsec [starter]...
Loading config setup
Loading conn '60c04ee3-c9d9-4a34-9404-de26661cb366'
found netkey IPsec stack
nm-l2tp[15142] <info> Spawned ipsec up script with PID 15225.
initiating Main Mode IKE_SA 60c04ee3-c9d9-4a34-9404-de26661cb366[1] to 5.79.121.6
generating ID_PROT request 0 [ SA V V V V ]
sending packet: from 192.168.1.5[500] to 5.79.121.6[500] (148 bytes)
sending retransmit 1 of request message ID 0, seq 1
sending packet: from 192.168.1.5[500] to 5.79.121.6[500] (148 bytes)
nm-l2tp[15142] <warn> Timeout trying to establish IPsec connection
nm-l2tp[15142] <info> Terminating ipsec script with PID 15225.
Stopping strongSwan IPsec...
destroying IKE_SA in state CONNECTING without notification
establishing connection '60c04ee3-c9d9-4a34-9404-de26661cb366' failed
nm-l2tp[15142] <warn> Could not establish IPsec tunnel.
(nm-l2tp-service:15142): GLib-GIO-CRITICAL **: g_dbus_method_invocation_take_error: assertion 'error != NULL' failed
from softethervpn.
Note that Ubuntu (MATE) 16.10 had reached its EOL on July 2017.
If it's working for your Android devices I believe it has something to do with IPsec client on Ubuntu side.
Can you try OpenVPN instead (you just save the docker log as .ovpn file for import)?
Also, can you try the SoftEtherVPN official binary for server and check if your problem is indeed caused by this image? (This image actually tests IPsec connectivity.)
As for port 1701: "Port 1701 is used by the L2TP Server, but connections should not be allowed inbound to it from outside" but I had a problem with old iOS if 1701/tcp (not /udp) was closed.
from softethervpn.
@siomiz Unfortunately I still can't make it work. What's worse is that behaviour is unpredictable. On fresh Ubuntu 10.04 it worked. I was able to connect to 1701 via localhost and via one of IP4 addressed. After cleaning up IPTABLES rules and reinstalling this container I lost ability to connect via external IP address, but still could connect via localhost. After fighting with it more (removing and adding docker container) it stopped working completely. Could you suggest what to do to ever make it work ?
Here is how I install it:
docker run -d --name vpn --restart always --cap-add NET_ADMIN -p 500:500/udp -p 4500:4500/udp -p 1701:1701/tcp -e USERS="username:password" -e PSK="something" siomiz/softethervpn
on start I see following message in the log of the container:
dmesg: read kernel buffer failed: Operation not permitted
My iptables rules
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Chain FORWARD (policy DROP)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
3 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
4 ACCEPT all -- 192.168.42.0/24 192.168.42.0/24
5 ACCEPT all -- 0.0.0.0/0 192.168.43.0/24 ctstate RELATED,ESTABLISHED
6 ACCEPT all -- 192.168.43.0/24 0.0.0.0/0
7 DOCKER-USER all -- 0.0.0.0/0 0.0.0.0/0
8 DOCKER-ISOLATION-STAGE-1 all -- 0.0.0.0/0 0.0.0.0/0
9 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
10 DOCKER all -- 0.0.0.0/0 0.0.0.0/0
11 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
12 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
13 DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
Chain DOCKER (1 references)
num target prot opt source destination
1 ACCEPT tcp -- 0.0.0.0/0 172.17.0.2 tcp dpt:6379
2 ACCEPT tcp -- 0.0.0.0/0 172.17.0.3 tcp dpt:15672
3 ACCEPT tcp -- 0.0.0.0/0 172.17.0.3 tcp dpt:5672
4 ACCEPT tcp -- 0.0.0.0/0 172.17.0.4 tcp dpt:5432
5 ACCEPT tcp -- 0.0.0.0/0 172.17.0.5 tcp dpt:5432
6 ACCEPT tcp -- 0.0.0.0/0 172.17.0.6 tcp dpt:5555
7 ACCEPT udp -- 0.0.0.0/0 172.17.0.6 udp dpt:4500
8 ACCEPT tcp -- 0.0.0.0/0 172.17.0.6 tcp dpt:1701
9 ACCEPT udp -- 0.0.0.0/0 172.17.0.6 udp dpt:1194
10 ACCEPT udp -- 0.0.0.0/0 172.17.0.6 udp dpt:500
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
num target prot opt source destination
1 DOCKER-ISOLATION-STAGE-2 all -- 0.0.0.0/0 0.0.0.0/0
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-ISOLATION-STAGE-2 (1 references)
num target prot opt source destination
1 DROP all -- 0.0.0.0/0 0.0.0.0/0
2 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Chain DOCKER-USER (1 references)
num target prot opt source destination
1 RETURN all -- 0.0.0.0/0 0.0.0.0/0
Help!
from softethervpn.
Related Issues (20)
- DDNS key overwritten at startup in Kubernetes
- iptables-legacy warning polluting the logs HOT 2
- Shouldn't port 1701 be exposed as udp? HOT 1
- can't use Windows manager GUI to configure docker server
- how to do run this image with docker-compose? HOT 2
- DNS Key not persistent HOT 2
- question: bridge mode
- Is this project dead? HOT 1
- Need to downgrade
- Update to SoftEther VPN 4.41 Build 9782 Beta?
- how can config vpn gate free proxy in this container
- Upgrade to SoftEther VPN 4.42 Build 9798 RTM
- Can't connect between clients
- SSTP support HOT 1
- docker-compose environment "USERS" does not work HOT 1
- softether vpn server manager密码如何设置 HOT 1
- linux/arm/v8 platform not supported HOT 8
- What is the Default admin passwords HOT 1
- Compose Issues HOT 3
- Support for ARM -V7 32? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from softethervpn.