write UDP: Operation not permitted (code=1) when KILLSWITCH=on

[yazeed44]

Thank you for the great work on this repo.

The container works perfectly when KILLSWITCH is "off", but when it's off I get these errors in the logs

This is my docker-compose:

services:
  openvpn-client:
    image: ghcr.io/wfg/openvpn-client
    container_name: openvpn-client
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    environment:
      - KILL_SWITCH=on
      - SUBNETS=192.168.2.0/24, 192.168.1.0/24
      - HTTP_PROXY=on
      - SOCKS_PROXY=on
      - VPN_LOG_LEVEL=7
    volumes:
      - ./vpn_configs:/data/vpn
    ports:
      - 18080:8080
      - 11080:1080
    dns:
      - 192.168.2.237
    restart: unless-stopped

Is this a firewall issue?

[peterisr]

Hello @yazeed44,

I recently encountered the same problem. When $KILL_SWITCH is set to on, the container attempts to find the protocol used to communicate with the server in the OpenVPN's .conf file. The protocol is used to produce correct iptables rules. However, if default protocol is used (udp), it can be omitted from the .conf file. Such .conf files cause entry.sh to use an empty string as protocol. Understandably, iptables does not like that, hence the unknown protocol "" specified error message on lines 22 and 25 of your logs. Without the firewall rule, openvpn gets "write: UDP: Operation not permitted" error from OS when it attempts to communicate with the server.

A workaround is to explicitly set the protocol in your .conf file. In your case, replace

remote southafrica-ca-version-2.expressnetw.com 1195

with

remote southafrica-ca-version-2.expressnetw.com 1195 udp

A better solution would be to set correct defaults for defaults for port and proto in entry.sh. I might open a PR with these improvements later.