I'm running gitlab runner via docker desktop window. In my gitlab-ci job, I've tried to connect to openvpn, but failed. But when I do the same thing in container which uses same image as gitlab runner job uses, connection succeeds. I don't know why, I gave runner privileged = true and also allow them to use device /dev/net/tun in config.toml.(Also run docker image in privileged mode)
I tried to connect to vpn using this cli.
sudo openvpn --dev tun0 --config myconfig.ovpn
These are two logs that have different output
gitlab-runner log
Wed Nov 15 07:44:54 2023 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Wed Nov 15 07:44:54 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Nov 15 07:44:54 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Nov 15 07:44:54 2023 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!
Wed Nov 15 07:44:54 2023 TUN/TAP device tun0 opened
Wed Nov 15 07:44:54 2023 Could not determine IPv4/IPv6 protocol. Using AF_INET
Wed Nov 15 07:44:54 2023 UDPv4 link local (bound): [AF_INET][undef]:1194
Wed Nov 15 07:44:54 2023 UDPv4 link remote: [AF_UNSPEC]
- stops here.. pending forever
Wed Nov 15 07:39:59 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Nov 15 07:39:59 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Nov 15 07:39:59 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]SOMEIPADDRESS:1194
Wed Nov 15 07:39:59 2023 UDP link local: (not bound)
Wed Nov 15 07:39:59 2023 UDP link remote: [AF_INET]SOMEIPADDRESS:1194
Wed Nov 15 07:39:59 2023 [SOMEIPADDRESS] Peer Connection Initiated with [AF_INET]SOMEIPADDRESS:1194
Wed Nov 15 07:40:00 2023 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:1: block-outside-dns (2.4.7)
Wed Nov 15 07:40:00 2023 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: allow-compression (2.4.7)
Wed Nov 15 07:40:00 2023 TUN/TAP device tun0 opened
Wed Nov 15 07:40:00 2023 /sbin/ip link set dev tun0 up mtu 1500
Wed Nov 15 07:40:00 2023 /sbin/ip addr add dev tun0 local 9BITIPPART.246 peer 9BITIPPART.245
Wed Nov 15 07:40:00 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
What can be the reason that i cannot connect to vpn in gitlab ci job?? i think connection to vpn via dind(docker in docker) can be problem... but not sure.