Error linux route delete command failed external program exited with error status 2

ошибки в маршрутизации openvpn

Здравствуйте. Поднимаю openvpn. Клиент подключается по впн к серверу, видит локальную сеть за сервером. А сервер в свою очередь сеть за клиентом не видит (а очень хочется чтоб видел). Преследуемая цель — пользователи обоих сетей видят сети друг друга. конфиг сервера.

выхлоп с сервера*

на чём сидит клиент?

оба сервера на убунту сервер 16.04

А на клиента перенаправление трафика разрешено?

форвардинг в /etc/sysctl.conf раскоментирован.

мля, опять клиент не является маршрутом по умолчанию для своей сети и очередной идиот ноет, что у него не работает.

ну спасибо на добром слове, сам то ты все сразу умел?

Начнём с того, что иптаблесы никакие не нужны. Нужно, чтобы умели оба маршрутизовать (net.ipv4.ip_forward) и чтобы были прописаны маршруты. Причём на клиент маршруты до сети сервака пушатся через конфиг у тебя, а на сервере маршрута до сети клиента нет. Не знаю, можно ли это через конфиги сделать, но можешь создать статический маршрут до сети клиента через VPN адрес клиента.

Хорошо, а что говорит ip r на сервере? Если там маршрут есть, то поставь на клиенте tcpdump и посмотри, доходят ли пакеты. Если доходят — посмотри на физическом интерфейсе, уходят ли, может быть так, что они уходят, но не возвращаются. Дальше уже в зависимости от того, что увидишь

на клиенте ничего не дропается, ufw пока отключил. маршрутизация у обоих включена. При добавление маршрута

Хочу поправится, клиент действительно не является шлюзом в своей сети, поэтому цель пока чтобы и клиент и сервер видели именно по тунелю не только тунельные ip друг друга (10.8.0.1,10.8.0.2), но и физические (10.27.1.5,10.2.1.5). На данный момент это может пока только клиент.

В логе openvpn что-нибудь есть? У тебя, насколько я помню документацию, сейчас подключение идёт не как нормальная подсеть, а как peer-to-peer. Соответственно, 10.8.0.2 — это адрес пира, которому сервер посылает данные, а у клиента должен быть .3 (там у них где-то таблица разрешённых адресов была, лень гуглить). Попробуй перенастроить клиент на другой адрес

помоему в логах ничего криминального. Да, ifconfig мне подсказывает что peer-to-peer

Ты, кстати, можешь сделать нормальную подсеть, сделав dev tap, а не tun

Ты на клиенте добавляешь? 10.8.0.2 — это что, ип сервера? Вроде он с .1 начинает.

Чтобы видеть сеть за клиентом, этот клиент должен являться маршрутизатором в своей сети. Хотя бы для сети той, что за сервером.

Лучше начни с того, что расскажие какие ипы по впн и в локалке у клиента и сервера. И какая таблица маршрутизации на каждом.

к сожалению не заработало. Попробовал в конфигах серва и клиента поменять tun на tap соединение вообще перестало происходить (правильно я понял ? только это менять в конфигах, остальное остается без изменений?)

тунельный ip 10.8.0.1

тунельный ip 10.8.0.4 (теперь уже, до момента когда мне XMs посоветовал его поменять был 10.8.0.2)

если речь о том когда я пытался добавить

Чтобы видеть сеть за клиентом, этот клиент должен являться маршрутизатором в своей сети. Хотя бы для сети той, что за сервером.

это отдельная песня как я буду заворачивать приходящий трафик на клиента в сеть, ее я буду реализовывать сам. Пока моя задача видеть пинговать с обоих серверов друг друга как по ip тунельным так и по физическим реальным адресам

Источник

Linux route add command failed #329

Comments

sim500 commented Aug 9, 2017

After a correct installation I tried to connect to the VPN with a client on another network and I got the error:
ERROR: Linux route add command failed: external program exited with error status: 2
So, with a quickly research on internet, I found out there were wrong lines in the configuration file, link of the problem and the solution:
https://serverfault.com/questions/757751/vpn-error-linux-route-add-command-failed

The text was updated successfully, but these errors were encountered:

4s3ti commented Aug 13, 2017

@sim500 Please provide the information we request in the Issue template so we can properly check what happened.

nlamirault commented Aug 30, 2017

Same issue here.

With new configuration which works :

4s3ti commented Oct 30, 2017

ip route add will fail if you are trying to connect from a a network that has the same subnet as your local network.

So if you are in an 192.168.1.0/24 network . and your local network is 192.168.1.0/24 . ip route add will fail as it has already those routes for the network where it is sitting on!
However the tunnel should work anyway except you wont be able to access devices inside your local network. the only thing that will be working is the internet access.

As this issue is too old .. I Will be closing it .. if you need further help with this just ask I will reopen and gladly help you out!

Источник

Проблемы с роутами openvpn?

Wed Jan 11 11:45:36 2017 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Feb 2 2016
Wed Jan 11 11:45:36 2017 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Jan 11 11:45:36 2017 WARNING: file ‘tac.key’ is group or others accessible
Wed Jan 11 11:45:36 2017 Control Channel Authentication: using ‘tac.key’ as a OpenVPN static key file
Wed Jan 11 11:45:36 2017 UDPv4 link local: [undef]
Wed Jan 11 11:45:36 2017 UDPv4 link remote: [AF_INET]xx.xx.xxx.6:55xxx
Wed Jan 11 11:45:36 2017 [cerberus] Peer Connection Initiated with [AF_INET]xx.xx.xxx.6:55xxx
Wed Jan 11 11:45:38 2017 TUN/TAP device tun1 opened
Wed Jan 11 11:45:38 2017 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jan 11 11:45:38 2017 /sbin/ip link set dev tun1 up mtu 1500
Wed Jan 11 11:45:38 2017 /sbin/ip addr add dev tun1 10.13.0.3/20 broadcast 10.13.15.255
RTNETLINK answers: File exists
Wed Jan 11 11:45:38 2017 ERROR: Linux route add command failed: external program exited with error status: 2
RTNETLINK answers: File exists
Wed Jan 11 11:45:38 2017 Initialization Sequence Completed

0.0.0.0 10.10.1.254 0.0.0.0 UG 100 0 0 enp5s0
10.10.1.0 0.0.0.0 255.255.255.0 U 100 0 0 enp5s0
10.13.0.0 0.0.0.0 255.255.240.0 U 0 0 0 tun0
10.20.22.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
10.20.24.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
10.20.25.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
10.20.30.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
10.40.0.0 10.13.0.1 255.248.0.0 UG 0 0 0 tun0
10.45.0.0 10.13.0.1 255.255.0.0 UG 0 0 0 tun0
10.49.0.0 10.13.0.1 255.255.0.0 UG 0 0 0 tun0
10.50.0.0 10.13.0.1 255.255.0.0 UG 0 0 0 tun0
10.200.201.0 10.13.0.1 255.255.255.0 UG 20 0 0 tun0
10.200.202.0 10.13.0.1 255.255.255.0 UG 20 0 0 tun0
10.200.203.0 10.13.0.1 255.255.255.0 UG 20 0 0 tun0
10.200.204.0 10.13.0.1 255.255.255.0 UG 20 0 0 tun0
169.254.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 enp5s0
192.168.1.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.37.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.38.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.39.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.40.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.41.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.42.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.43.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.44.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.45.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.46.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.47.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.48.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.49.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.50.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.51.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.52.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.53.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.54.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.55.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.101.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.102.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0
192.168.103.0 10.13.0.1 255.255.255.0 UG 0 0 0 tun0

traceroute до нужной мне сети

traceroute to 10.49.1.254 (10.49.1.254), 30 hops max, 60 byte packets
1 10.13.0.1 (10.13.0.1) 8.063 ms 8.530 ms 8.514 ms
2 * * *
3 * * *
Делает 30 хопов и заканчивается

Источник

Не запускается OpenVPN

Добрый день! Пытаюсь настроить OpenVPN на удаленном сервере. После всех настроек, при запуске сервиса выдает сбой. В логе видны некоторые ошибки, но их природа не вполне понятна, ровно как и способ их устранения. Если кто сталкивался с таким, буду очень благодарен за помощь. Версия openvpn 2.3.2, дистр CentOS 6.5. Лог прилагается

Tue Oct 7 22:58:24 2014 event_wait : Interrupted system call (code=4) Tue Oct 7 22:58:24 2014 /sbin/ip route del 10.84.84.0/24 RTNETLINK answers: Operation not permitted Tue Oct 7 22:58:24 2014 ERROR: Linux route delete command failed: external program exited with error status: 2 Tue Oct 7 22:58:24 2014 Closing TUN/TAP interface Tue Oct 7 22:58:24 2014 /sbin/ip addr del dev tun0 local 10.84.84.1 peer 10.84.84.2 RTNETLINK answers: Operation not permitted Tue Oct 7 22:58:24 2014 Linux ip addr del failed: external program exited with error status: 2 Tue Oct 7 22:58:25 2014 SIGTERM[hard,] received, process exiting Tue Oct 7 22:58:26 2014 OpenVPN 2.3.2 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Sep 12 2013 Tue Oct 7 22:58:26 2014 Diffie-Hellman initialized with 2048 bit key Tue Oct 7 22:58:26 2014 Socket Buffers: R=[124928->131072] S=[124928->131072] Tue Oct 7 22:58:26 2014 ROUTE_GATEWAY 37.1.216.211 Tue Oct 7 22:58:26 2014 TUN/TAP device tun0 opened Tue Oct 7 22:58:26 2014 TUN/TAP TX queue length set to 100 Tue Oct 7 22:58:26 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0 Tue Oct 7 22:58:26 2014 /sbin/ip link set dev tun0 up mtu 1500 Tue Oct 7 22:58:26 2014 /sbin/ip addr add dev tun0 local 10.84.84.1 peer 10.84.84.2 Tue Oct 7 22:58:26 2014 /sbin/ip route add 10.84.84.0/24 via 10.84.84.2 Tue Oct 7 22:58:26 2014 GID set to openvpn Tue Oct 7 22:58:26 2014 UID set to openvpn Tue Oct 7 22:58:26 2014 UDPv4 link local (bound): [undef] Tue Oct 7 22:58:26 2014 UDPv4 link remote: [undef] Tue Oct 7 22:58:26 2014 MULTI: multi_init called, r=256 v=256 Tue Oct 7 22:58:26 2014 IFCONFIG POOL: base=10.84.84.4 size=62, ipv6=0 Tue Oct 7 22:58:26 2014 IFCONFIG POOL LIST Tue Oct 7 22:58:26 2014 Initialization Sequence Completed

Источник

Route add command failed #135

Comments

paranoiid commented Sep 29, 2016

It seems that the program tries to add a route that already exists every time I start the container. I don’t know if there are more routes to be added afterwards but it seems that it simply fails with error status 2;

Generating transmission settings.json from env variables
STARTING TRANSMISSION
NO PORT UPDATER FOR THIS PROVIDER
Transmission startup script complete.
Thu Sep 29 12:54:25 2016 /sbin/ip route add 176.10.248.194/32 via 172.17.42.1
Thu Sep 29 12:54:25 2016 /sbin/ip route add 0.0.0.0/1 via 10.251.5.1
Thu Sep 29 12:54:25 2016 /sbin/ip route add 128.0.0.0/1 via 10.251.5.1
Thu Sep 29 12:54:25 2016 /sbin/ip route add 176.10.248.194/32 via 172.17.42.1
RTNETLINK answers: File exists
Thu Sep 29 12:54:25 2016 ERROR: Linux route add command failed: external program exited with error status: 2
Thu Sep 29 12:54:25 2016 Initialization Sequence Completed

This was tried on Ubuntu 14.04.3, Docker version 1.12.1, build 23cf638

The text was updated successfully, but these errors were encountered:

haugene commented Oct 5, 2016

What is your setting for the LOCAL_NETWORK environment variable? And please provide the complete log, mask your usr/pass.

fdecourt commented Oct 12, 2016

Hi Haugene,
Same here with a Synology. Here are the full log :
2016-10-12 12:06:13 stdout Using OpenVPN provider: PUREVPN
2016-10-12 12:06:13 stdout Starting OpenVPN using config NETHERLANDS-TCP.ovpn
2016-10-12 12:06:13 stdout Setting OPENVPN credentials.
2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 NOTE: the current —script-security setting may allow this configuration to call user-defined scripts
2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 WARNING: file ‘/etc/openvpn/purevpn/Wdc.key’ is group or others accessible
2016-10-12 12:06:13 stdout Wed Oct 12 12:06:13 2016 Control Channel Authentication: using ‘/etc/openvpn/purevpn/Wdc.key’ as a OpenVPN static key file
2016-10-12 12:06:14 stdout Wed Oct 12 12:06:14 2016 Attempting to establish TCP connection with [AF_INET]213.5.64.37:80 [nonblock]
2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 TCP connection established with [AF_INET]213.5.64.37:80
2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 TCPv4_CLIENT link local: [undef]
2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 TCPv4_CLIENT link remote: [AF_INET]213.5.64.37:80
2016-10-12 12:06:15 stdout Wed Oct 12 12:06:15 2016 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
2016-10-12 12:06:17 stdout Wed Oct 12 12:06:17 2016 [PureVPN] Peer Connection Initiated with [AF_INET]213.5.64.37:80
2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 TUN/TAP device tun0 opened
2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 /sbin/ip link set dev tun0 up mtu 1500
2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 /sbin/ip addr add dev tun0 37.46.122.106/27 broadcast 37.46.122.127
2016-10-12 12:06:20 stdout Wed Oct 12 12:06:20 2016 /etc/transmission/start.sh tun0 1500 1560 37.46.122.106 255.255.255.224 init
2016-10-12 12:06:20 stdout Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 37.46.122.106
2016-10-12 12:06:20 stdout Generating transmission settings.json from env variables
2016-10-12 12:06:20 stdout STARTING TRANSMISSION
2016-10-12 12:06:20 stdout NO PORT UPDATER FOR THIS PROVIDER
2016-10-12 12:06:20 stdout Transmission startup script complete.
2016-10-12 12:06:22 stdout RTNETLINK answers: File exists
2016-10-12 12:06:23 stdout Wed Oct 12 12:06:22 2016 ERROR: Linux route add command failed: external program exited with error status: 2
2016-10-12 12:06:23 stdout Wed Oct 12 12:06:22 2016 Initialization Sequence Completed

Thanks for your support

haugene commented Oct 12, 2016

Weird. And you aren’t running with network=host or anything like that?

fdecourt commented Oct 12, 2016

Thanks for your quick answer. I tried with and without LOCAL_NETWORK=192.168.1.0/24.

If I run a «IP ROUTE» command from the terminal of the docker (without LOCAL_NETWORK)

fdecourt commented Oct 12, 2016

This is more clear :

haugene commented Oct 13, 2016

Ok. So there’s a duplicate entry for the default gateway. Openvpn wants to ship everything through tun0 while there’s already a route to send it all through the docker interface.

Question is, why is this happening now. Is it a new OS release for the nas or is it a newer version of openvpn that bugs. We can’t delete the other default route before connecting, because then it would be able to access the Internet.

Could you give me some info on the underlying OS of the nas? Distro and version, cat /etc/os-release , uname — a etc. Then I can try to reproduce it.

Also, try fetching and running one of the earlier tags of the container. If one of the older ones work that might be a good indication on when the bug was introduced.

fdecourt commented Oct 13, 2016 •

Hi Haugene,
Thanks for your answer and taking care of this problem. It’s running XPenology DSM 5.2.5644.
On your docker, it is Ubuntu 14.04.4
I will try other version of your Docker :
1.5 and 1.6, PureVPN is not configured
from 1.7 to 1.10, I have the same error
So It won’t help you to find when the bug was introduced.

haugene commented Oct 13, 2016

Ok. But if you ssh into your nas, which linux distro and version is it running? Would be interesting to know if this could be provider specific as I would expect more people would have an issue if it’s for all providers on the Synology NAS.

Are you also running PureVPN @paranoiid? If you have the chance to get a months subscription with one of the other providers just to test, that could rule that out. Even though this sounds more OS related.

fdecourt commented Oct 17, 2016

Hi Haugene,
Soory for the late reply.
The OS is :
Linux DiskStation 3.10.35 #1 SMP Sat Dec 12 17:01:14 MSK 2015 x86_64 GNU/Linux synology_bromolow_3615xs

I’ll try to subscribe other providers this week.

fdecourt commented Oct 17, 2016

Haugene,
I subscribe to PIA, and the probleme is different. Still no connection to any tracker.
Here are the logs :
date,stream,content
2016-10-17 11:50:13,stdout,Error: portTested: http error 0: No Response
2016-10-17 11:49:43,stdout,Checking port.
2016-10-17 11:49:43,stdout,localhost:9091/transmission/rpc/ responded: «success»
2016-10-17 11:49:42,stdout,transmission auth not required
2016-10-17 11:49:42,stdout,Got new port from pia
2016-10-17 11:49:42,stdout,
0 0 0 0 0 0 0 0 —:—:— —:—:— —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:01 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:02 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:03 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:04 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:05 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:06 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:07 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:08 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:09 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:10 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:11 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:12 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:13 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:14 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:15 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:16 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:17 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:18 —:—:— 0
0 0 0 0 0 0 0 0 —:—:— 0:00:19 —:—:— 0curl: (6) Could not resolve host: www.privateinternetaccess.com
2016-10-17 11:49:22,stdout, Dload Upload Total Spent Left Speed
2016-10-17 11:49:22,stdout, % Total % Received % Xferd Average Speed Time Time Time Current
2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 Initialization Sequence Completed
2016-10-17 11:48:21,stdout,Transmission startup script complete.
2016-10-17 11:48:21,stdout,STARTING PORT UPDATER
2016-10-17 11:48:21,stdout,STARTING TRANSMISSION
2016-10-17 11:48:21,stdout,Generating transmission settings.json from env variables
2016-10-17 11:48:21,stdout,Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.20.10.6
2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 /etc/transmission/start.sh tun0 1500 1542 10.20.10.6 10.20.10.5 init
2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 /sbin/ip addr add dev tun0 local 10.20.10.6 peer 10.20.10.5
2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 /sbin/ip link set dev tun0 up mtu 1500
2016-10-17 11:48:21,stdout,»Mon Oct 17 11:48:21 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0″
2016-10-17 11:48:21,stdout,Mon Oct 17 11:48:21 2016 TUN/TAP device tun0 opened
2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 [e74d3ca8b512011f9c6a17cd33226de2] Peer Connection Initiated with [AF_INET]46.166.190.181:1194
2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 WARNING: this configuration may cache passwords in memory — use the auth-nocache option to prevent this
2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 UDPv4 link remote: [AF_INET]46.166.190.181:1194
2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 UDPv4 link local: [undef]
2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 NOTE: the current —script-security setting may allow this configuration to call user-defined scripts
2016-10-17 11:48:19,stdout,Mon Oct 17 11:48:19 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec 1 2014
2016-10-17 11:48:19,stdout,Setting OPENVPN credentials.
2016-10-17 11:48:19,stdout,Starting OpenVPN using config Netherlands.ovpn
2016-10-17 11:48:19,stdout,Using OpenVPN provider: PIA
2016-10-17 11:48:18,stdout,»Mon Oct 17 11:48:18 2016 SIGTERM[hard,] received, process exiting»
2016-10-17 11:48:18,stdout,Mon Oct 17 11:48:18 2016 /etc/transmission/stop.sh tun0 1500 1542 10.12.10.6 10.12.10.5 init
2016-10-17 11:48:18,stdout,Mon Oct 17 11:48:18 2016 /sbin/ip addr del dev tun0 local 10.12.10.6 peer 10.12.10.5
2016-10-17 11:48:18,stdout,Mon Oct 17 11:48:18 2016 event_wait : Interrupted system call (code=4)

haugene commented Oct 17, 2016 •

This looks like a DNS issue. Could not resolve host: www.privateinternetaccess.com . See this section of the readme and try setting your dns servers for the container.

fdecourt commented Oct 18, 2016

I used a resolve.conf link, with the google DNS (not the —dns command, as it does not work on DSM)
With or without it, it won’t work, same error «Could not resolve host: www.privateinternetaccess.com». But if I ping from the docker terminal www.google.fr, it won’t work. But if I ping the IP adresse of google, it works.
This URL is reachable directly from the Synology, but not from the docker package.all my network uses the same DNS (they are implemented directly on my router).
There is a DNS problem somewhere !

fdecourt commented Oct 18, 2016

From the docker Terminal :
Direct IP

Using www.google.fr

From the diskstation terminal :

fdecourt commented Oct 20, 2016

It seems that the /etc/resolv.conf is not replace by /docker/resolv.conf created.
For Data it works, not for this file, so the DNS are wrong.
So I manually edit the docker file /etc/resolv.conf from nameserver 192.168.1.1 to the OpenDNS IP.
Let’s see what happen !

fdecourt commented Oct 20, 2016

With that modification, all ping are working :

So I probably to find a way to :

• Make the /docker/resolv.conf really replace /etc/resolv.conf
• Create a script launched with the Docker package, to rewrite the /etc/resolv.conf

fdecourt commented Oct 20, 2016

With that it seems it works, with a Netherlands IP adress from Netherlands (I am not there)

fdecourt commented Oct 20, 2016

Also, on DSM 5.2 for Synology, on mys NAS, adding /volume1/ makes the path wrong.

fdecourt commented Nov 16, 2016

After many testing, it works with PIA, adding the LOCAL_NETWORK parameter to 192.168.1.0/24, doing the right port forwarding of the Transmission port on my router (not the 9091 port, the one in the Transmission app itself) and changing the default DNS of my router.

For PureVPN, it won’t start, with the error logged above. Even it it is the PureVPN openvpn file, maybe something wrong in it for Synology.
On the PIA openvpn there is a «dev tun» line, which is «dev tun0» for PureVPN. The 0 should not be there !

Источник