-
Notifications
You must be signed in to change notification settings - Fork 880
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to create docker0 if VPN is active #779
Comments
A colleague of mine reported the same behavior on Ubuntu, also while connected to VPN ( Their
Their
Their
|
Experiencing the same problem. docker-client
uname -r
service docker status
What's confusing me the most is, that it works if I wait a bit, stop the service and restart it. It still takes longer than it should, but it doesn't time out. Also, it works instantly and without any problems on the openstack instance (same linux distro, same docker version), just not on aws. |
the same problem |
I think it is because of the default static route installed by the VPN: When docker daemon comes up with no Given |
Ok I could solve the problem for me. It wasn't caused by VPN after all. I'll just leave the lines I changed here: Did not work with:
Worked fine with:
Note that in latter version the docker-engine-selinux dependency is handled automatically whereas, previously I had to install it manually otherwise docker-engine wouldn't install. |
Same here.
But Docker starts flawlessly when openvpn is stopped. So this is a workaround:
|
Same workaround using systemd drop-ins:
|
I encountered a similar error. When running docker on a Host with an active OpenVPN connection, I could not use |
Same issue here |
hi, everyone. |
I was able to resolve this problem on my systems by setting |
Same issue on Ubuntu 16.04 LTS and Docker 1.11.1 |
Same issue here with Docker 1.11.1 + OpenVPN. Cropped up when upgrading to docker-compose 1.7.1 where 'up' now creates a new custom defined network. Not sure what the long-term solution is but for the moment I am using docker-compose overrides for a CI environment and manually specifying the service network_mode: "bridge". This just avoids the creation of a network (not really ideal...) but at least gets around the: "could not find an available predefined network" |
Same issue if I'm using |
Same problem here on gentoo with docker 1.11.0 - i always have to stop openvpn when a network needs to be created :( 😠 |
I had the same problem with docker and openvpn. It seems the networks 0.0.0.0/1 and 128.0.0.0/1 routes are created by openvpn if the "redirect-gateway def1" flag is provided from the server. As explained above, docker cannot find any free network range as those two /1 ranges cover all possible addresses. What I did to solve it (apart from bugging the guy responsible for the openvpn service to remove the def1 flag :D) was giving openvpn a command to drop those two routes and set a true default route:
And the fix-routes.sh script:
With a default /0 route docker would no longer have problems finding a valid subnet |
I can confirm the comment from @netsuso - when disabling the /1 partitioning of the networks docker networking stuff works well even with enabled openvpn. |
@netsuso what would be $gw and $route_vpn_gateway in op's case? |
Sorry about the $gw, I pasted a simplified version of my script and forgot to change this one (I've just edited my comment) The only variable that is used is $route_vpn_gateway, and it's set by openvpn when executing the --route-up script (in the op's case it would be 10.8.0.5) |
had similar issue because I'm using TorGuard VPN client (which is using openvpn), when I disconnected from it suddenly docker compose start working |
People without vpn, using multiple network cards, check this post: moby/moby#18113 (comment) This one fixed for me. the magic option is --bip=(machine main ip)/(ip netmask) I only had to execute |
Same issue here. The worst part is that I can't disable the vpn to create the network interface, because I'm working on servers behind NAT in different locations. |
@clvx Same thing if you need to create other networks, specify If you cannot change the init config file, then manually create a
then restart the docker service. The above should all work because libnetwork does not run an overlap check when the address pool is explicitly passed. |
+1 / ubuntu 16.04 Client: |
Same issue on ubuntu 16.04 xenial when trying to |
I locked this issue because it become a bucket where to drop "I have this issue too" comments, while the root cause of the issue has been explained long ago and workarounds have been provided. |
@Manouchehri It has been detected that this issue has not received any activity in over 6 months. Can you please let us know if it is still relevant:
Thank you! |
If I stop my VPN, then I'm able to create the interface.
After the interface is created, then there's no issues with starting the daemon while my VPN is active.
The text was updated successfully, but these errors were encountered: