MacOS
csgt opened this issue · 10 comments
I am having trouble building the docker image using the "device" ./dev/ppp .
Any idea what interface should be used on a Mac?
Thanks.
I had an error message saying "ERROR: pppd: The kernel does not support PPP, for example, the PPP kernel driver is not included or cannot be loaded."
I encountered it again in a alpine VM and solved it with running mknod /dev/ppp c 108 0
Then i got back to docker and added ls /dev/ppp || su-exec root mknod /dev/ppp c 108 0 to the docker-entrypoint.sh file
Thanks for your solution!
If I find time this evening or next week I will test creating /dev/ppp inside the container instead of pulling it in from the docker host - just as you seem to have done.
Hi @emiriel, I am not getting a successful connection using your pull request on MacOS.
$ docker run --rm -it \
--cap-add=NET_ADMIN \
-p "1111:1111" \
-e REMOTE_ADDR="10.0.0.1:3389" \
-v "$(pwd)/config:/etc/openfortivpn/config" \
jeffre/openfortivpn-haproxy
ls: /dev/ppp: No such file or directory
INFO: Connected to gateway.
Two-factor authentication token:
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Couldn't open the /dev/ppp device: Operation not permitted
/usr/sbin/pppd: You need to create the /dev/ppp device node by
executing the following command as root:
mknod /dev/ppp c 108 0
ERROR: read: I/O error
INFO: Cancelling threads...
INFO: Cleanup, joining threads...
ERROR: pppd: The kernel does not support PPP, for example, the PPP kernel driver is not included or cannot be loaded.
INFO: Terminated pppd.
INFO: Closed connection to gateway.
INFO: Logged out.What does your docker run command look like?
Hi @jeffre ,
for this to work I had to add --privileged \ but I guess it's not a good practice to give privileges to a container
Thanks for the tip off @emiriel.
Instead of going to the extreme of --privileged which exposes all host devices and allows all capabilities, I found that the combination of --cap-add=NET_ADMIN and --cap-add=MAC_ADMIN gets the job done for me.
Would you mind testing it as well? Please use my repo and not your pull request, as in my testing creating /dev/ppp inside the container didnt help (please correct me if I'm wrong, or if it's necessary in the case of Alpine Linux as host OS and I will get a VM going to test that separately).
Hi @jeffre ,
Here is the log i get when using your repo with NET_ADMIN and CAP_ADMIN :
INFO: Connected to gateway.
INFO: Authenticated.
INFO: Remote gateway has allocated a VPN.
Couldn't open the /dev/ppp device: No such file or directory
/usr/sbin/pppd: You need to create the /dev/ppp device node by
executing the following command as root:
mknod /dev/ppp c 108 0
ERROR: read: I/O error
INFO: Cancelling threads...
INFO: Cleanup, joining threads...
ERROR: pppd: The kernel does not support PPP, for example, the PPP kernel driver is not included or cannot be loaded.
INFO: Terminated pppd.
INFO: Closed connection to gateway.
INFO: Logged out.
Using my repo, instead of Couldn't open the /dev/ppp device: No such file or directory, i get Couldn't open the /dev/ppp device: Operation not permitted
I'm using Docker Desktop on MacOS Catalina 10.15.3
Perhaps with Big Sur's new virtualization framework i could get a better result. Unfortunately, i can't update for now.
It looks like you may have typoed the second capability flag. It should be MAC_ADMIN and not CAP_ADMIN
Disregard that, however, as it appears even doing --cap-add=ALL is insufficient. However --privileged does work. It seems my tests today align with what you were getting earlier. I will test a bit more
@emiriel I just pushed a new change that incorporates the creation of the ppp device inside the container when necessary (very similar to your pull request). I've also added a section to the README specific to MacOS (https://github.com/jeffre/openfortivpn-haproxy#running-on-macos ). Would you mind testing it, again?
Thank you in advance
Glad to hear that! Thank you for the immense help