Skip to content
This repository has been archived by the owner on Nov 25, 2022. It is now read-only.

write UDP: Operation not permitted (code=1) - Synology and custom VPN provider #125

Open
jonk999 opened this issue Apr 17, 2022 · 4 comments
Open

write UDP: Operation not permitted (code=1) - Synology and custom VPN provider #125

jonk999 opened this issue Apr 17, 2022 · 4 comments
Assignees
@guillaumedsde
Labels
bug Something isn't working

Comments

@jonk999
Copy link

jonk999 commented Apr 17, 2022
edited

Information

The container has been running fine in Docker on my Synology for some time, however, my provider has just updated their VPN and I needed to update the VPN config file.
I downloaded the latest one and replaced the old one and amended the username and password in the config as that had also updated. Now when starting the container, I get a write UDP: Operation not permitted (code=1) error.
If I use the openvpn client on my PC, the new file from my VPN provider works without issue.

From log:
[s6-finish] sending all processes the KILL signal and exiting.
[s6-finish] sending all processes the TERM signal.
[s6-finish] waiting for services.
[cont-finish.d] done.
[cont-finish.d] executing container finish scripts...
2022-04-17 01:02:02 SIGTERM[hard,] received, process exiting
2022-04-17 01:02:02 event_wait : Interrupted system call (code=4)
2022-04-17 01:01:52 write UDP: Operation not permitted (code=1)
2022-04-17 01:01:44 write UDP: Operation not permitted (code=1)
2022-04-17 01:01:40 write UDP: Operation not permitted (code=1)
2022-04-17 01:01:38 write UDP: Operation not permitted (code=1)
2022-04-17 01:01:38 UDP link remote: [AF_INET]23.106.33.27:1195
2022-04-17 01:01:38 UDP link local: (not bound)
2022-04-17 01:01:38 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-04-17 01:01:38 TCP/UDP: Preserving recently used remote address: [AF_INET]23.106.33.27:1195
2022-04-17 01:01:38 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-04-17 01:01:38 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2022-04-17 01:01:38 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
[services.d] done.
[services.d] starting services
[cont-init.d] done.
[cont-init.d] 03-setup-iptables: exited 0.
INFO: Configuring Docker networks: 172.17.0.2/16
[cont-init.d] 03-setup-iptables: executing...
[cont-init.d] 02-setup-openvpn: exited 0.
OpenVPN provider not set. Using configuration at /config/openvpn/config.ovpn
2022-04-17 01:01:38 Persist state set to: ON
2022-04-17 01:01:38 TUN/TAP device tun0 opened
[cont-init.d] 02-setup-openvpn: executing...
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 01-setup-permissions: executing...
[cont-init.d] executing container initialization scripts...
[fix-attrs.d] done.
[fix-attrs.d] applying ownership & permissions fixes...
[s6-init] ensuring user provided files have correct perms...exited 0.
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

Current setup

guillaumedsde/alpine-qbittorrent-openvpn:latest
Running on Synology Docker using 'Execute Container using high privilege' as it's been the only way I can access the webui when it was working.

docker-compose.yml file or docker run command

The below I assume would be the equivalent is the docker compose file. I used the Synology GUI to do all configuration

version: "3.3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/docker/alpine-qbittorrent-openvpn/downloads/:/downloads"
      - "/docker/alpine-qbittorrent-openvpn/config/directory:/config"
    environment:
      - OPENVPN_CONFIG_FILE=/config/openvpn/config.ovpn
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - PUID=1054
      - PGID=101
      - LAN=192.168.10.0/24
      - QBT_WEBUI_PORT=8484
    ports:
      - "8484:8484"
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

New openvpn config file

remote address
port 1195
verify-x509-name CN=address as per remote above
auth-user-pass
client
dev tun
proto udp
cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings

-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----

verb 3
reneg-sec 0

Attempted Fix(es)

Made sure running latest version.
Re-setup from scratch under new container.
Other than entering paramaters via the Synology Docker GUI, my knowledge is extremely limited
@jonk999 jonk999 added the bug Something isn't working label Apr 17, 2022
@jonk999
Copy link
Author

jonk999 commented Apr 18, 2022

I also have a NUC running docker and a few other containers. Tried setting it up on that and received the same error...

@robarmstrong96
Copy link

Having the same issue here.

@noah-frank
Copy link

Push

@mortiis
Copy link

mortiis commented Jul 19, 2022

Try putting the port number after the server instead of in a separate port attribute in your .ovpn config:
remote my.vpn.server 1195

The rule making script 03-setup-iptables gets its info like this:
CONFIG_VPN_HOSTS_AND_PORTS="$(awk '/remote / { print $2 " " $3 }' "${OPENVPN_CONFIG_FILE}")"

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@guillaumedsde guillaumedsde

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@mortiis @noah-frank @robarmstrong96 @jonk999 @guillaumedsde