Truenas Scale + JDownloader App cannot start with openVPN config

[impestrator]

Hello community,

I have the following problem with the "JDownloader App" (truecharts stable). As soon as I activate the OpenVPN option in the configuration, I am in the deployment loop and accordingly the web frontend is not accessible.

Code:

In the events I then see the following:
Back-off restarting failed container
Created container openvpn
Container image "tccr.io/truecharts/openvpn-client:latest@sha256:1f83decdf614cbf48e2429921b6f0efa0e825f447f5c510b65bc90f660227688" already present
Started container openvpn
Started container jdownloader2
Created container jdownloader2

If I disable the OpenVPN option, the container starts and I can log in to the webfront normally.

Basically I change the following:

All other settings are by default.

Do you have any idea what I am doing wrong? Does the container start normal if the OpenVPN config file is corrupt?
Regards

 

[impestrator]

No one?

 

[ASiC]

Same here.
With OpenVPN switched on the container fails to deploy.

Still investigating what the issue might be.
Unfortunatelly so far, nothing...

It seems like an additional container is trying to launch (openvpn) and this is the one that fails:
2022-09-14 11:14:10
Back-off restarting failed container
2022-09-14 11:14:08
Started container openvpn
2022-09-14 11:14:08
Created container openvpn


Tried some things like to assign a static IP on the container but it didn't help.
I have the same issue with all the containers I'm trying to enable the openvpn on.

Cheers

 

[ASiC]

Actually, I've just fixed it

My VPN provider's (privado) ovpn file, has a setting that it fails on the openvpn pod: data-ciphers
I have replaced the above with cipher and now the pod is deploying no problem

Cheers

 

[impestrator]

Awesome that you´re able to fix it by yourself. With that info I double checked my ovpn file and I found a line

Code:

cipher AES-256-CBC

. In my desperation I changed that to data-ciphers, but the container still fails to deploy. I also create a new file with different settings...without luck.

Any suggestions?

 

[ASiC]

Awesome that you´re able to fix it by yourself. With that info I double checked my ovpn file and I found a line

Code:

cipher AES-256-CBC

. In my desperation I changed that to data-ciphers, but the container still fails to deploy. I also create a new file with different settings...without luck.

Any suggestions?

Get the logs from the openvpn container to try and see where it fails:
Click on your container options \ logs \ change the dropdown "container" to openvpn and click "choose".

Download the log and paste the output here.
I don't believe that there's going to be any private stuff on it but check to make sure before pasting!

 

[impestrator]

Thanks for that advice. I was not aware that you´re able to see logs from the openvpn container.

I checked the log and indeed there isn´t any private stuff it, so there it is:

Code:

2022-09-15T16:39:09.687029502Z + exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.conf --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth                 '
2022-09-15T16:39:09.693570684Z Options error: --ca fails with 'ca.crt': No such file or directory (errno=2)
2022-09-15T16:39:09.693615174Z Options error: --cert fails with 'client.crt': No such file or directory (errno=2)
2022-09-15T16:39:09.693637967Z Thu Sep 15 16:39:09 2022 us=693443 WARNING: cannot stat file 'client.key': No such file or directory (errno=2)
2022-09-15T16:39:09.693648114Z Options error: --key fails with 'client.key': No such file or directory (errno=2)
2022-09-15T16:39:09.693657900Z Options error: Please correct these errors.
2022-09-15T16:39:09.693667448Z Use --help for more information.

It seems that the cert files cannot be found. That´s really strange because they are in the same folder that the ovpn file is located which I added in the

Code:

VPN Config File Location

within the container config. Do you define the files seperately?

 

[ASiC]

Thanks for that advice. I was not aware that you´re able to see logs from the openvpn container.

I checked the log and indeed there isn´t any private stuff it, so there it is:

Code:

2022-09-15T16:39:09.687029502Z + exec sg vpn -c 'openvpn --cd /vpn --config /vpn/vpn.conf --script-security 2 --redirect-gateway def1 --auth-user-pass /vpn/vpn.auth                 '
2022-09-15T16:39:09.693570684Z Options error: --ca fails with 'ca.crt': No such file or directory (errno=2)
2022-09-15T16:39:09.693615174Z Options error: --cert fails with 'client.crt': No such file or directory (errno=2)
2022-09-15T16:39:09.693637967Z Thu Sep 15 16:39:09 2022 us=693443 WARNING: cannot stat file 'client.key': No such file or directory (errno=2)
2022-09-15T16:39:09.693648114Z Options error: --key fails with 'client.key': No such file or directory (errno=2)
2022-09-15T16:39:09.693657900Z Options error: Please correct these errors.
2022-09-15T16:39:09.693667448Z Use --help for more information.

It seems that the cert files cannot be found. That´s really strange because they are in the same folder that the ovpn file is located which I added in the

Code:

VPN Config File Location

within the container config. Do you define the files seperately?

It seems like the k3s is not parsing additional files.
But you can embedd the cert and keys in the .ovpn file:

Code:

client
proto tcp-client
remote xxxxxx
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
remote-cert-tls server
auth SHA256
auth-nocache
cipher AES-128-GCM
verb 3
<ca>
-----BEGIN CERTIFICATE-----
contents of the ca.crt file
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
contents of the cert.crt file
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN PRIVATE KEY-----
contents of the client.key file
-----END PRIVATE KEY-----
</key>

Give it a go...

 

[impestrator]

ASIC, you saved the day! It works!

Thank you very much for your assistance.