iptables error!! #25
Comments
|
I am not familiar with the Docker enige on Q-NAP devices. |
|
Yes, "docker run --privileged". And also used "docker exec -it container bash" to login this container. |
|
This problem was solved after change iptables to legacy ones. But this docker is not stable, the docker will be halt after kill switch triggered. |
|
I guess QNAP uses an old kernel that doesn't support the new iptables version, no idea why that would be exactly. Any changes you make to a Docker will stay. It will only 'break' if you update it or reinstall it. |
|
Was this implemented? I'm on QNAP and seeing the same sort of errors, and it looks like my non-VPN IP is appearing in some of the torrents. |
|
I can't remember for sure, but I think I did implement it as a test but did
not really work how I wanted it to. Something had problems, but can't
recall what it was. I can create a separate branch, later today, called
'legacy-iptables' with the changes I made back then and see how that goes.
|
|
Cool, let me know if I can supply any logs etc that might help. The main thing I see that suggests a problem is this: |
|
@countstex I've added a new tag which has the following environment variable: |
|
Not seeing anything that looks like an error to me now, though not really sure what I am looking for! ;) |
|
Log.txt also looks good to me 😄 Does your VPN Provider also provider WireGuard configurations? If so, could you perhaps test to see if WireGuard also works without problems? |
|
Hmm, just had a look, seem VYPR does support wireguard, but only via their app. No .conf files available at this time :( |
|
Hmm, might not be totally out of the woods. I've noticed the client stops working after various periods of time, looks like the tun interface just disappears (can no longer see it as an option in the settings menu) and I have to restart the container. Not seeing anything showing up in the logs mentioning any problems though. |
|
It is possible that the container loses connection with your VPN connection, or coincidentally 1 |
|
I have that set, however the container itself is fine, so it has not 'stopped' as far as docker is concerned, so it just sits there without the tun interface. |
|
@Dynor just FYI, I had to resort to Is it your intention to add |
I am unsure, but I think the legacy might had some issues regarding ip leaks, but it was a long time ago I played around with it, so don't know. |
|
@DyonR no rush! I'll try and see if I can work out why nftables isn't working on DSM 7. |
|
Looking at it, the original code of LEGACY_IPTABLES still exists in the latest/master, but it is commented out. No idea why I did that😂 |
As requested in issue #25. Note that this is an experimental workaround, I guess
|
@DyonR thanks! I did look into why nftables on DSM 7 isn't working, and it turns out the executable is crashing on a null pointer exception. Perhaps there's a mismatch between the executable in the container and the kernel, not sure. |
|
It's still odd to me how this problems exist. I also found a way easier way to revert back to iptables (legacy), just by running |
|
@DyonR DSM's kernels are typically quite old (the new DSM 7 release uses kernel 4.4), so it might be related to that. |
|
Perhaps yeah, anyhow. The container on Docker Hub is updated with the new changes, with LEGACY_IPTABLES enabled again 😄 |
|
Many thanks! |
I have meet the ipables error when deploy the latest qbittorrentvpn image on Q-NAP container station.
iptables: Operation not supported.
iptables: Invalid argument. Run
dmesg' for more information. iptables v1.8.2 (nf_tables): unknown option "--dport" iptables v1.8.2 (nf_tables): unknown option "--sport" iptables v1.8.2 (nf_tables): unknown option "--icmp-type" Tryiptables -h' or 'iptables --help' for more information.That will expose the real IP to others.
The text was updated successfully, but these errors were encountered: