Adapting this project for use with the AirVPN Eddie client

[bnhf]

Hey James! I'm considering forking this project to adapt it for use with the AirVPN Eddie client. Just curious how realistic you think that would be?

In case you're not familiar with it:

Eddie is an open source GUI, which was developed for AirVPN (works with other providers too), but uses the standard OpenVPN executable as a backend:

https://airvpn.org/linux/eddie/

I've been using it for years on a dedicated PC, but would like to dockerize the whole setup. The containers I want to connect to the VPN are readily available with Web UIs, but finding a Docker-based OpenVPN client I can manage from a browser has proved elusive.

I'm impressed with the dorowu/ubuntu-desktop-lxde-vnc container, and the OpenVPN work you've done -- and am hoping it would make a good starting point for what I have in mind.

Here's an example of a similar project (which was originally forked from a no longer maintained repo), where I adapted a Docker-based Web UI to manage a host-based OpenVPN TAP server:

https://github.com/bnhf/pivpn-tap-web-ui

Scott

[jamesfreeman959]

Hi Scott

Thanks for reaching out - it's great to know that my development of dorowu's container image can help someone else!

I've no direct experience with the AirVPN client, but looking at the installation process it looks fairly easy. I'd probably test this by simply adding the installation lines from the AirVPN web site for Debian (probably to be the best match) and then seeing if it runs in the built container image. Most APT based packages seem easy enough to install in the container image itself and work well.

I'm not sure about the autostart of the VPN on container start - though that might be possible with the CLI option - or indeed perhaps the GUI stores persistent autostart settings? As long as it stores them in $HOME, they will persist between container runs if you put the home directory data on an external volume.

I can probably give this a go but can't promise exactly when as I have a few busy weeks coming up - however if you want to give editing the code a go and want my support to review or assist I can certainly do that sooner.

Look forward to hearing from you!

James

[bnhf]

I've been doing some preliminary work on this today, and here's what I know so far:

No joy getting your pre-built container to start on either of my Docker host setups (Debian 11 and Windows 11). It deploys OK, but the status in Portainer never changes from "Starting", until it eventually changes to "Unhealthy". I was able grab a snippet of the Docker log while it was booting up:

sysctl: setting key "net.ipv6.conf.default.accept_redirects", ignoring: Read-only file system
sysctl: setting key "net.ipv4.icmp_echo_ignore_broadcasts", ignoring: Read-only file system
sysctl: setting key "net.ipv4.icmp_ignore_bogus_error_responses", ignoring: Read-only file system
sysctl: setting key "net.ipv4.icmp_echo_ignore_all", ignoring: Read-only file system
sysctl: setting key "net.ipv4.conf.all.log_martians", ignoring: Read-only file system
sysctl: setting key "net.ipv4.conf.default.log_martians", ignoring: Read-only file system

Problem running '/etc/ufw/before.rules'
Problem running '/etc/ufw/after.rules'
Problem running '/etc/ufw/user.rules'

Default outgoing policy changed to 'reject'
(be sure to update your rules accordingly)
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
WARN: initcaps
[Errno 2] iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.

Rules updated
tput: No value for $TERM and no -T specified
tput: No value for $TERM and no -T specified
sed: can't read /etc/openvpn//*.ovpn: No such file or directory
sed: can't read /etc/openvpn//*.ovpn: No such file or directory
sed: can't read /etc/openvpn//*.ovpn: No such file or directory
Updated all .ovpn files in folder /etc/openvpn/
Using OpenVPN provider: 
No VPN configuration provided. Using default.
Setting OPENVPN credentials...
2022-08-29 20:11:18,851 CRIT Supervisor is running as root.  Privileges were not dropped because no user is specified in the config file.  If you intend to run as root, you can set user=root in the config file to avoid this message.
2022-08-29 20:11:18,851 INFO Included extra file "/etc/supervisor/conf.d/supervisord.conf" during parsing
2022-08-29 20:11:18,854 INFO RPC interface 'supervisor' initialized
2022-08-29 20:11:18,854 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2022-08-29 20:11:18,854 INFO supervisord started with pid 90
2022-08-29 20:11:19,859 INFO spawned: 'nginx' with pid 92
2022-08-29 20:11:19,862 INFO spawned: 'web' with pid 93
2022-08-29 20:11:19,863 INFO spawned: 'openvpn' with pid 94
2022-08-29 20:11:19,864 INFO spawned: 'transmission-daemon' with pid 95
2022-08-29 20:11:19,865 INFO spawned: 'xvfb' with pid 96
2022-08-29 20:11:19,866 INFO spawned: 'wm' with pid 97
2022-08-29 20:11:19,868 INFO spawned: 'lxpanel' with pid 98
2022-08-29 20:11:19,869 INFO spawned: 'pcmanfm' with pid 99
2022-08-29 20:11:19,871 INFO spawned: 'x11vnc' with pid 101
2022-08-29 20:11:19,872 INFO spawned: 'novnc' with pid 104
2022-08-29 20:11:19,873 INFO exited: openvpn (exit status 1; not expected)
2022-08-29 20:11:19,999 INFO  Listening on http://localhost:6079 (run.py:87)
2022-08-29 20:11:20,878 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,878 INFO success: web entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,882 INFO spawned: 'openvpn' with pid 151
2022-08-29 20:11:20,883 INFO success: transmission-daemon entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,883 INFO success: xvfb entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,883 INFO success: wm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,883 INFO success: lxpanel entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,883 INFO success: pcmanfm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,883 INFO success: x11vnc entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,883 INFO success: novnc entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2022-08-29 20:11:20,887 INFO exited: openvpn (exit status 1; not expected)
2022-08-29 20:11:23,129 INFO spawned: 'openvpn' with pid 155
2022-08-29 20:11:23,136 INFO exited: openvpn (exit status 1; not expected)
2022-08-29 20:11:26,142 INFO spawned: 'openvpn' with pid 156
2022-08-29 20:11:26,148 INFO exited: openvpn (exit status 1; not expected)
2022-08-29 20:11:27,149 INFO gave up: openvpn entered FATAL state, too many start retries too quickly

The dorowu container will start, but I can only get an older version of Eddie to run (2.16.3). Newer versions all give an error regarding not being able to obtain elevated privileges. On the older version, I need to launch Eddie from a Terminal window using sudo. The issue with the newer versions may be something as simple as a directory that doesn't exist.

That's it so far. It might be this weekend before I can tinker around a bit more.

[jamesfreeman959]

Hmmm - I'll have a look at my container image tomorrow if I get a gap - I'm running it on Ubuntu Server 20.04 - I would have hoped Debian would work but can't comment on Windows - haven't tested anything on Windows as yet. Are you able to share how you're running the container please? Command line or Docker Compose file - as there's a couple of key directives that ensure the container gets off the ground. I'm sure some of my scripting could be improved - it works for me but may not be sufficiently robust to handle all eventualities.

[bnhf]

I'm using Portainer (Docker Compose):

version: '3.3'
services:
    docker-ubuntu-transmission-openvpn-vnc-desktop:
        ports:
            - '6080:80'
        volumes:
            - '/dev/shm:/dev/shm'
        image: jamesfreeman959/docker-ubuntu-transmission-openvpn-vnc-desktop

Pretty much the same as how I'm starting the dorowu container:

version: '3.3'
services:
    ubuntu-desktop-lxde-vnc:
        container_name: ubuntu_desktop
        environment:
            - USER=[redacted]
            - PASSWORD=[redacted]
        volumes:
            - '/dev/shm:/dev/shm'
        ports:
            - '6080:80'
        image: dorowu/ubuntu-desktop-lxde-vnc