AirVPN issue inside an unprivileged LXC (Proxmox)

[MerkleDamgard 0]

Hi,

 

I have a Proxmox 5.3-6 running an unprivileged LXC container with Ubuntu 18.04, fully upgraded, running OpenVPN 2.4.4.  It'd like to initiate an OpenVPN connection from this container, however, it's not fully working.

 

I've followed the following steps to make tun0 available in the unprivileged container: https://forum.proxmox.com/threads/openvpn-in-unprivileged-container.38670/#post-222147

I can (sort of) initiate a VPN connection, but after the last line (route 0.0.0.0/1 via 10.24.56.1):

Wed Jan  2 08:02:36 2019 TUN/TAP device tun0 opened
Wed Jan  2 08:02:36 2019 Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
Wed Jan  2 08:02:36 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Wed Jan  2 08:02:36 2019 /sbin/ip link set dev tun0 up mtu 1500
Wed Jan  2 08:02:36 2019 /sbin/ip addr add dev tun0 10.24.56.13/24 broadcast 10.24.56.255
Wed Jan  2 08:02:41 2019 /sbin/ip route add 213.152.162.68/32 via 10.0.42.1
Wed Jan  2 08:02:41 2019 /sbin/ip route add 0.0.0.0/1 via 10.24.56.1

my SSH connection drops and I cannot SSH into the container anymore. I can see that AirVPN (website) has received a incoming client, so the connection itself appears to be successful. Connecting via the Proxmox console, I can see:

root@tm:~# ip route
0.0.0.0/1 via 10.24.56.1 dev tun0
default via 10.0.42.1 dev eth0 proto static
10.0.42.1 dev eth0 proto static scope link
10.24.56.0/24 dev tun0 proto kernel scope link src 10.24.56.13
128.0.0.0/1 via 10.24.56.1 dev tun0
213.152.162.68 via 10.0.42.1 dev eth0


root@tm:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 10.24.56.13/24 brd 10.24.56.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::1067:6fe8:fd60:ee86/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 8a:e4:3d:25:9b:a7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.42.46/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::88e4:3dff:fe25:9ba7/64 scope link
       valid_lft forever preferred_lft forever

root@tm:~# curl ipinfo.io/ip
curl: (6) Could not resolve host: ipinfo.io

root@tm:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=61 time=13.9 ms
64 bytes from 1.1.1.1: icmp_seq=2 ttl=61 time=13.0 ms
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 13.055/13.482/13.909/0.427 ms

I have tried to do this https://airvpn.org/topic/26013-airvpn-with-openvpn-on-ubuntu-vps-ssh-and-vpn-help/?p=70591 but without success either.

Also, my /etc/resolv.conf still points to my local DNS (on my local network), so that  is also probably why the curl doesn't work.

 

I think I need to add a route to ensure that local connections to my internal container IP are not routed through the VPN. Mind you: if I do the exact same configuration on the Proxmox host.

 

Any help is greatly appreciated!