Docker-transmission-openvpn: Mullvad IPv6 issue with Docker-Compose
This is my first time using Ubuntu and docker, so I apologise if this request isn't the right place, or I'm just totally way off and no idea what I'm talking about! But any help would be appreciated.
I'm using Mullvad for my VPN, and had issues with IPv6. Was fixed using the previous issue replies by adding '--sysctl net.ipv6.conf.all.disable_ipv6=0' to the run command, The workaround is in the readme under Synology.
I'm currently using docker-compose with a YAML file for all my other containers, but because the --sysctl command cannot be passed during build, I have to use the run command.
I was wondering if there is any possible way to run the container from docker-compose? Can I turn off the IPv6 settings from the YAML file? Or, is there any other workaround to the configuration files to fix this issue? I'd like to use docker-compose instead of using the run command essentially.
EDIT: Solved
As per @haugene last reply, you need to edit the .ovpn file you are using, remove the tun-ipv6 line, and add the 3 pull-filter lines but adding a space before the final quote.
Edit the ovpn file you're using:
# vim mullvad_au-per_udp.ovpnRemove (or comment with #) the tun-ipv6 line. Then save and exit with :wq ... ...add lines to filter out IPv6 config that might be pushed on connect. Examples: https://forum.manjaro.org/t/openvpn-and-ipv6-with-systemd-networkd/46415/7
pull-filter ignore "dhcp-option DNS6 "_(trailing space added)_
pull-filter ignore "tun-ipv6 "_(trailing space added)_
pull-filter ignore "ifconfig-ipv6 "_(trailing space added)_
I had to create the container in docker-compose, let it run and crash, and then kill the container.
I then replaced the config inside the container with the following command from the host:
docker cp mullvad_au-per_udp.ovpn transmission-openvpn:/etc/openvpn/mullvad/
Restarted the container and it worked perfectly, thanks again @haugene
ghost
All 5 comments
Hey. You can definitely set the same sysctl option with the yaml file:
https://docs.docker.com/compose/compose-file/#sysctls
Support came in version 2.1 of the file format. You have to upgrade if you're not on the versions described here: https://docs.docker.com/compose/compose-file/compose-versioning/#version-21
haugene
on 5 Jul 2019
Thank you so much for the reply!
I'm using v3.7, and docker-compose v1.24.1
I've tried adding the following to the YAML file:
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
But it seems to have no affect on the container.
Looked a bit deeper and it seems --ipv6 is a daemon-wide flag that I can't override.
So it seems it looks like it's a problem with docker-compose, so I'm exploring alternative solutions and will post back if I find one.
ghost
on 5 Jul 2019
Also, instead of trying to enable IPv6 - would it be worth a shot to try to disable it from Mullvad?
I see that the configs specify tun-ipv6. It's either that, or they push more configs to the client when the connection is set up.
I realise that you're new to docker. But still, could you try modifying your config inside the container and then restarting it?
Basically exec into the container:
docker exec -it transmission-openvpn bash
Then install text editor (here vim):
apt update && apt install -y vim
Edit the ovpn file you're using:
# cd /etc/openvpn/mullvad/
# vim mullvad_au-per_udp.ovpn
Remove (or comment with #) the tun-ipv6 line. Then save and exit with :wq. Now restart the container and see if it works any better. If it still fails, you can try to add lines to filter out IPv6 config that might be pushed on connect. Examples: https://forum.manjaro.org/t/openvpn-and-ipv6-with-systemd-networkd/46415/7
pull-filter ignore "dhcp-option DNS6"
pull-filter ignore "tun-ipv6"
pull-filter ignore "ifconfig-ipv6"
If your container is in a restart-loop you might not be able to exec in and do this, as you'll be thrown out for each reboot. Another option is to create a copy of the .ovpn file locally and mount it in over the existing config, then you can modify it on the host.
haugene
on 5 Jul 2019
Thank you so much!!!
So my container was stuck in a restart-loop because of a fatal error, and I learnt I can't migrate/move the container I made with the run command to my YAML file.
But, your second solution worked!
I created the container with docker-compose, let it crash and then killed it, took a copy of the current .ovpn config I was using, commented out tun-ipv6 line, tried again and it crashed. Then added the pull-filtercommands, and boom! Working!!!!
Can't thank you enough, I had a gist of what was going on from lots of github and stackoverflow google results, but your filters in the ovpn were what finally worked for me, so thank you again, I appreciate the time you took!
ghost
on 5 Jul 2019
You're welcome! Glad you got it working.
Maybe this should be added to the documentation as the preferred solution to all this ipv6 stuff
haugene
on 5 Jul 2019
Related issues
kyxap
路
3Comments
pejotll
路
4Comments
holger8080
路
4Comments
Esteidinger
路
3Comments
coulterj
路
4Comments
Most helpful comment
Thank you so much!!!
So my container was stuck in a restart-loop because of a fatal error, and I learnt I can't migrate/move the container I made with the run command to my YAML file.
But, your second solution worked!
I created the container with docker-compose, let it crash and then killed it, took a copy of the current .ovpn config I was using, commented out
tun-ipv6line, tried again and it crashed. Then added thepull-filtercommands, and boom! Working!!!!Can't thank you enough, I had a gist of what was going on from lots of github and stackoverflow google results, but your filters in the ovpn were what finally worked for me, so thank you again, I appreciate the time you took!