Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] VPN setup fails on Ubuntu 22 #724

Closed
bartvanb opened this issue Jun 20, 2023 · 4 comments · Fixed by #725
Closed

[Bug] VPN setup fails on Ubuntu 22 #724

bartvanb opened this issue Jun 20, 2023 · 4 comments · Fixed by #725
Assignees
@bartvanb @frankcorneliusmartin
Labels
bug Something isn't working

Comments

@bartvanb
Copy link
Member

bartvanb commented Jun 20, 2023
edited

Describe the bug
On Ubuntu 22, setting up host network rules for VPN fails:

Exception: Command 'sh -c "iptables -I DOCKER-USER 1 -d 10.76.0.0/16 -i br-62d8457ae01e -j ACCEPT; 
iptables -I DOCKER-USER 1 -s 10.76.0.0/16 -o br-62d8457ae01e -j ACCEPT; "' in image 
'harbor2.vantage6.ai/infrastructure/vpn-configurator' returned non-zero exit status 1: b'iptables: No 
chain/target/match by that name.\niptables: No chain/target/match by that name.\n'

This happens when running commands from the vpn-configurator image to set up host networking rules.

Probably something changed in the OS to not allow this. We know it works in Windows and Ubuntu 18 (not sure about Ubuntu 20).

To Reproduce

Start node on Ubuntu 22 with VPN. Error is shown in logs

Expected behavior
VPN works on Ubuntu 22
@bartvanb bartvanb added the bug Something isn't working label Jun 20, 2023
@github-actions github-actions bot added the New label Jun 20, 2023
@bartvanb bartvanb removed the New label Jun 20, 2023
@bartvanb
Copy link
Member Author

It appears to be the case that docker images that are not based on ubuntu 22 cannot access the iptables in ubuntu 22 (see e.g. this stackoverflow).

A solution would therefore be to base the vpn-configurator image on ubuntu 22 instead of alpine. I tested this and it works with both Ubuntu 22 and Windows WSL2.

I also made a temp image harbor2.vantage6.ai/infrastructure/vpn-configuration:ubuntu22 that should work on Ubuntu22, and will link a PR soon

@bartvanb bartvanb mentioned this issue Jun 20, 2023
Merged
@frankcorneliusmartin
Copy link
Contributor

frankcorneliusmartin commented Sep 13, 2023
edited

@dsmits reported a broken VPN with the same error as above. I found/did a few things:

  1. Why does this exist? https://harbor2.vantage6.ai/harbor/projects/3/repositories/vpn-configuration (instead of vpn-configurator), should we move/remove this?
  2. I found in the release notes that with 3.10.4 we made some changes to the VPN stuff. Als in harbor i found a big difference in image size between 3.10.3 and 3.10.4 for the vpn-configurator https://docs.vantage6.ai/en/main/release_notes.html#id3
  3. I replaced harbor2.vantage6.ai/infrastructure/vpn-configurator:latest with harbor2.vantage6.ai/infrastructure/vpn-configurator:3.10.3 then it worked again.
  4. I also think we should match versions of the support images with the node version image. This should help us avoid these problems and make is easier to debug.

@bartvanb
Copy link
Member Author

bartvanb commented Sep 25, 2023
edited

  • Remove vpn-configuration images (point 1 above)
  • vpn-configurator images appear to be pushed twice for each version, check pipeline
  • image should work on Ubuntu 22 and something with iptables-legacy (Windows/wsl2/ubuntu20)
  • match versions of support images to node version image

@bartvanb
Copy link
Member Author

bartvanb commented Feb 9, 2024

I'm not entirely sure if the last remaining issue here is fixed by #802.
After releasing the next beta, we should test this

@bartvanb bartvanb mentioned this issue Feb 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bartvanb bartvanb

@frankcorneliusmartin frankcorneliusmartin

Labels
bug Something isn't working
Projects
Sprints
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use ubuntu 22 as base for VPN config file because otherwise configuri… vantage6/vantage6
2 participants
@bartvanb @frankcorneliusmartin