Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Success with desktop LXD containers! Woot!

  1. #21
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    19,264
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Success with desktop LXD containers! Woot!

    Have you tried setting a VPN inside a container? Any tips?

  2. #22
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Success with desktop LXD containers! Woot!

    Quote Originally Posted by TheFu View Post
    Have you tried setting a VPN inside a container? Any tips?
    Not yet. I haven't even gotten around to trying things out on that old laptop with the nVidia GPU yet. I promised that first, but the craziness of life has rather sidetracked me (it's scary out there).

    It's a worthwhile project, I'm curious too, so will try an implementation and report back. Full disclosure: networking is not my strength. I may have to lean on forum members for help.

    At least I managed to install resolvconf and direct the DNS to adguard.com's servers, so browsers no longer show ads. If that's any indication, then VPN shouldn't be too hard, but with the NAT layers and other network complexities, I'm not holding my breath either.

  3. #23
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Success with desktop LXD containers! Woot!

    Quote Originally Posted by TheFu View Post
    Have you tried setting a VPN inside a container? Any tips?
    I've now set up a VPN that mostly works. But though it works, it throws an irritating error that I haven't been able to solve. Note that my VPN needs are less demanding than yours—I only need to connect to my provider whereas you've mentioned in the past that you connect to your own server. At any rate, my steps:

    1. Install vpn client:
      Code:
      sudo apt install openvpn
    2. Download .ovpn stack from provider:
      Code:
      sudo wget https://www.privateinternetaccess.com/openvpn/openvpn.zip
    3. Unzip to /etc/openvpn/

    So far, so good. These simple steps were all that was necessary for complete success on my host machine. But invoking openvpn within the container only completed partially:
    Code:
    ubuntu@xubuntu:~$ sudo openvpn /etc/openvpn/'US California.ovpn'
    Sat Apr  4 00:00:34 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019
    Sat Apr  4 00:00:34 2020 library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.10
    Enter Auth Username: **********
    Enter Auth Password: **********
    Sat Apr  4 00:01:25 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xxx.xxx:1198
    Sat Apr  4 00:01:25 2020 UDP link local: (not bound)
    Sat Apr  4 00:01:25 2020 UDP link remote: [AF_INET]xxx.xxx.xxx.xxx:1198
    Sat Apr  4 00:01:25 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
    Sat Apr  4 00:01:26 2020 [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] Peer Connection Initiated with [AF_INET]xxx.xxx.xxx.xxx:1198
    Sat Apr  4 00:01:27 2020 TUN/TAP device tun0 opened
    Sat Apr  4 00:01:27 2020 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
    Sat Apr  4 00:01:27 2020 /sbin/ip link set dev tun0 up mtu 1500
    Sat Apr  4 00:01:27 2020 /sbin/ip addr add dev tun0 local 10.30.10.6 peer 10.30.10.5
    Sat Apr  4 00:01:27 2020 Initialization Sequence Completed
    *Personally identifiable info has been redacted.

    I have bolded the error.

    The process then stalls after "Initialization Sequence Completed". Fortunately, because the stall occurs only after initialization has completed, the VPN tunnel actually gets created. An IP address query confirms that it's the VPN provider's. The problem is that I must <Ctrl> + <c> to get back to the shell and this collapses the tunnel:
    Code:
    ^C
    Sat Apr  4 00:10:38 2020 event_wait : Interrupted system call (code=4)
    Sat Apr  4 00:10:38 2020 /sbin/ip addr del dev tun0 local 10.30.10.6 peer 10.30.10.5
    Sat Apr  4 00:10:38 2020 SIGINT[hard,] received, process exiting
    Moreover, because the VPN setup process never completes, the credentials are not recorded and systemd never registers the service, so the tunnel does not survive a reboot. My workaround is to create the tunnel in screen and then detach it. This gives me back my shell and allows me to logout of the session, but it's an ugly, incomplete kludge and there surely has to be a better way.

    You asked for hints and I found this link with a possible solution:
    https://forum.proxmox.com/threads/op...0/#post-262140
    …but I'm barely technically proficient enough to play with it, so I haven't experimented with it—much less implemented it.

  4. #24
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    19,264
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Success with desktop LXD containers! Woot!

    VPN clients are pretty easy.
    It is the VPN server that needs some funky networking, kernel modules, and internal routing that would be the challenges with any container deployment.

  5. #25
    Join Date
    Mar 2011
    Location
    19th Hole
    Beans
    Hidden!
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: Success with desktop LXD containers! Woot!

    Quote Originally Posted by TheFu View Post
    …It is the VPN server that needs some funky networking, kernel modules, and internal routing that would be the challenges with any container deployment.
    Way beyond my pay grade. A bit like Yoda asking Luke for guidance.

  6. #26
    Join Date
    Mar 2010
    Location
    Squidbilly-Land
    Beans
    19,264
    Distro
    Ubuntu Mate 16.04 Xenial Xerus

    Re: Success with desktop LXD containers! Woot!

    Quote Originally Posted by DuckHook View Post
    Way beyond my pay grade. A bit like Yoda asking Luke for guidance.
    Beyond my pay grade too, it seems.

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •