RTNETLINK answers: Permission denied ERROR: Linux route -6 add command failed: external program exited with error status: 2

Question

RTNETLINK answers: Permission denied ERROR: Linux route -6 add command failed: external program exited with error status: 2

qu4542 opened this issue 3 years ago · 3 comments

Information

##Problem: See Log at the Bottom

Current setup

OMV + ARM64 + Docker

| docker image tag guillaumedsde/alpine-qbittorrent-openvpn:latest
| -------------------------------------------------------- | --- |
| docker image hash (ex: 603b78e07727) | |

`docker-compose.yml` file or `docker run` command

just started the stack

version: "3,3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/srv/dev-disk-by-uuid-xyz:/downloads"
      - "/srv/dev-disk-by-uuid-xyz/appdata/QBittorrentVPN:/config"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=PRIVADO
      - OPENVPN_CONFIG=arn-001
      - OPENVPN_USERNAME=USERXYZ
      - OPENVPN_PASSWORD=PASSWORDXYZ
      - PUID=1000
      - PGID=100
      - LAN=192.168.178.0/16
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

reseting permissions for the concerning folders

#####Log:

A privado/waw-015.ovpn
A privado/waw-016.ovpn
A privado/waw-017.ovpn
A privado/waw-018.ovpn
A privado/waw-019.ovpn
A privado/waw-020.ovpn
A privado/waw-021.ovpn
A privado/waw-022.ovpn
A privado/waw-023.ovpn
A privado/waw-024.ovpn
A privado/waw-025.ovpn
A privado/waw-026.ovpn
A privado/waw-027.ovpn
A privado/waw-028.ovpn
A privado/waw-029.ovpn
A privado/waw-030.ovpn
A privado/waw-031.ovpn
A privado/waw-032.ovpn
A privado/yul-001.ovpn
A privado/yul-002.ovpn
A privado/yul-003.ovpn
A privado/yul-004.ovpn
A privado/yvr-001.ovpn
A privado/yvr-002.ovpn
A privado/yyz-003.ovpn
A privado/zrh-001.ovpn
A privado/zrh-002.ovpn
A privado/zrh-003.ovpn
A privado/zrh-004.ovpn
Exported revision 1276.
INFO: Found OpenVPN configuration: "arn-001" for provider "PRIVADO" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing...
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2022-02-04 00:48:01 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-02-04 00:48:01 OpenVPN 2.5.2 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2022-02-04 00:48:01 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-02-04 00:48:01 TCP/UDP: Preserving recently used remote address: [AF_INET]86.106.103.67:1194
2022-02-04 00:48:01 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-02-04 00:48:01 UDP link local: (not bound)
2022-02-04 00:48:01 UDP link remote: [AF_INET]86.106.103.67:1194
2022-02-04 00:48:03 TLS: Initial packet from [AF_INET]86.106.103.67:1194, sid=8d858e32 2d0835c8
2022-02-04 00:48:03 VERIFY OK: depth=1, CN=Privado
2022-02-04 00:48:03 VERIFY KU OK
2022-02-04 00:48:03 Validating certificate extended key usage
2022-02-04 00:48:03 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-02-04 00:48:03 VERIFY EKU OK
2022-02-04 00:48:03 VERIFY X509NAME OK: CN=arn-001.vpn.privado.io
2022-02-04 00:48:03 VERIFY OK: depth=0, CN=arn-001.vpn.privado.io
2022-02-04 00:48:03 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2022-02-04 00:48:03 [arn-001.vpn.privado.io] Peer Connection Initiated with [AF_INET]86.106.103.67:1194
2022-02-04 00:48:05 SENT CONTROL [arn-001.vpn.privado.io]: 'PUSH_REQUEST' (status=1)
2022-02-04 00:48:05 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 198.18.0.1,dhcp-option DNS 198.18.0.2,rcvbuf 493216,sndbuf 493216,explicit-exit-notify 5,route-gateway 172.21.22.1,topology subnet,ping 20,ping-restart 40,ifconfig 172.21.22.26 255.255.254.0,peer-id 0,cipher AES-256-GCM'
2022-02-04 00:48:05 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2022-02-04 00:48:05 Pushed option removed by filter: 'dhcp-option DNS 198.18.0.1'
2022-02-04 00:48:05 Pushed option removed by filter: 'dhcp-option DNS 198.18.0.2'
2022-02-04 00:48:05 OPTIONS IMPORT: timers and/or timeouts modified
2022-02-04 00:48:05 OPTIONS IMPORT: explicit notify parm(s) modified
2022-02-04 00:48:05 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-02-04 00:48:05 Socket Buffers: R=[212992->425984] S=[212992->425984]
2022-02-04 00:48:05 OPTIONS IMPORT: --ifconfig/up options modified
2022-02-04 00:48:05 OPTIONS IMPORT: route options modified
2022-02-04 00:48:05 OPTIONS IMPORT: route-related options modified
2022-02-04 00:48:05 OPTIONS IMPORT: peer-id set
2022-02-04 00:48:05 OPTIONS IMPORT: adjusting link_mtu to 1624
2022-02-04 00:48:05 OPTIONS IMPORT: data channel crypto options modified
2022-02-04 00:48:05 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-02-04 00:48:05 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-02-04 00:48:05 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-02-04 00:48:05 ROUTE_GATEWAY 172.28.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:1c:00:02
2022-02-04 00:48:05 GDG6: remote_host_ipv6=n/a
2022-02-04 00:48:05 net_route_v6_best_gw query: dst ::
2022-02-04 00:48:05 sitnl_send: rtnl: generic error (-101): Network unreachable
2022-02-04 00:48:05 ROUTE6: default_gateway=UNDEF
2022-02-04 00:48:05 TUN/TAP device tun1 opened
2022-02-04 00:48:05 /usr/sbin/ip-su link set dev tun1 up mtu 1500
2022-02-04 00:48:05 /usr/sbin/ip-su link set dev tun1 up
2022-02-04 00:48:05 /usr/sbin/ip-su addr add dev tun1 172.21.22.26/23
INFO: no port updater for provider PRIVADO
******** Information ********
To control qBittorrent, access the Web UI at http://localhost:8080
2022-02-04 00:48:08 /usr/sbin/ip-su route add 86.106.103.67/32 via 172.28.0.1
2022-02-04 00:48:08 /usr/sbin/ip-su route add 0.0.0.0/1 via 172.21.22.1
2022-02-04 00:48:08 /usr/sbin/ip-su route add 128.0.0.0/1 via 172.21.22.1
2022-02-04 00:48:08 /usr/sbin/ip-su route add 0.0.0.0/0 via 172.21.22.1
RTNETLINK answers: File exists
2022-02-04 00:48:08 ERROR: Linux route add command failed: external program exited with error status: 2
2022-02-04 00:48:08 /usr/sbin/ip-su route add 192.168.178.0/16 via 172.28.0.1
RTNETLINK answers: Invalid argument
2022-02-04 00:48:08 ERROR: Linux route add command failed: external program exited with error status: 2
2022-02-04 00:48:08 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun1, therefore the route installation may fail or may not work as expected.
2022-02-04 00:48:08 add_route_ipv6(::/0 -> :: metric -1) dev tun1
2022-02-04 00:48:08 /usr/sbin/ip-su -6 route add ::/0 dev tun1
RTNETLINK answers: Permission denied
2022-02-04 00:48:08 ERROR: Linux route -6 add command failed: external program exited with error status: 2
2022-02-04 00:48:08 Initialization Sequence Completed

Answer 1 · 2022-02-14T15:56:59.000Z

i still didnt get rid of this error, am i doing something wrong?

Answer 2 · 2022-02-15T13:32:01.000Z

qu4542 commented 3 years ago

Answer 3 · 2022-08-14T01:47:03.000Z

I ran into this issue as well. Adding this to my docker compose fixed it:

sysctls:
  - net.ipv6.conf.all.disable_ipv6=0

See haugene/docker-transmission-openvpn#960 (comment)

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

`docker-compose.yml` file or `docker run` command