Cannot Connect to OpenVPN in Gitlab CI JOB

108 views Asked by At

I'm running gitlab runner via docker desktop window. In my gitlab-ci job, I've tried to connect to openvpn, but failed. But when I do the same thing in container which uses same image as gitlab runner job uses, connection succeeds. I don't know why, I gave runner privileged = true and also allow them to use device /dev/net/tun in config.toml.(Also run docker image in privileged mode)

I tried to connect to vpn using this cli.

sudo openvpn --dev tun0 --config myconfig.ovpn

These are two logs that have different output

  1. gitlab-runner log

    Wed Nov 15 07:44:54 2023 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode

    Wed Nov 15 07:44:54 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022

    Wed Nov 15 07:44:54 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10

    Wed Nov 15 07:44:54 2023 ******* WARNING *******: All encryption and authentication features disabled -- All data will be tunnelled as clear text and will not be protected against man-in-the-middle changes. PLEASE DO RECONSIDER THIS CONFIGURATION!

    Wed Nov 15 07:44:54 2023 TUN/TAP device tun0 opened

    Wed Nov 15 07:44:54 2023 Could not determine IPv4/IPv6 protocol. Using AF_INET

    Wed Nov 15 07:44:54 2023 UDPv4 link local (bound): [AF_INET][undef]:1194

    Wed Nov 15 07:44:54 2023 UDPv4 link remote: [AF_UNSPEC]

  • stops here.. pending forever
  1. Wed Nov 15 07:39:59 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022

    Wed Nov 15 07:39:59 2023 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10

    Wed Nov 15 07:39:59 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]SOMEIPADDRESS:1194

    Wed Nov 15 07:39:59 2023 UDP link local: (not bound)

    Wed Nov 15 07:39:59 2023 UDP link remote: [AF_INET]SOMEIPADDRESS:1194

    Wed Nov 15 07:39:59 2023 [SOMEIPADDRESS] Peer Connection Initiated with [AF_INET]SOMEIPADDRESS:1194

    Wed Nov 15 07:40:00 2023 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:1: block-outside-dns (2.4.7)

    Wed Nov 15 07:40:00 2023 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: allow-compression (2.4.7)

    Wed Nov 15 07:40:00 2023 TUN/TAP device tun0 opened

    Wed Nov 15 07:40:00 2023 /sbin/ip link set dev tun0 up mtu 1500

    Wed Nov 15 07:40:00 2023 /sbin/ip addr add dev tun0 local 9BITIPPART.246 peer 9BITIPPART.245

    Wed Nov 15 07:40:00 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

What can be the reason that i cannot connect to vpn in gitlab ci job?? i think connection to vpn via dind(docker in docker) can be problem... but not sure.

0

There are 0 answers