Best way with the powerfull new RBPi 4 : Freedombox in a LXC container !
Attempting to run Freedombox on a RBPi4 4Go. I installed Freedombox in a LXC container. I like to explore the idea to have a base FreedomBox container that I can personnalize for different usages (xmpp server, jitisi server reachable through openVPN for communication by exemple, or fileserver & backup) . The Plinth interface seems to work inside the container. As my LXC is configured this way :
lxc profile device add default eth0 nic nictype=macvlan parent=eth0 name=eth0
I can access to the container’s IP adress on my local network and browse Freedom box web interface or control it with SSH.
But making some apps such as OpenVPN needs an effort…(not so easy)
Currently I’m struggling to run openVPN.
After some efforts I attempt to run OpenVPN manually using the following,
sudo openvpn /etc/openvpn/server/freedombox.conf
with
sudo ifconfig -a
I see the tun0 interface.
but It seems to have some problem while running it properly and automatically at the startup.
sudo journalctl -xe
I get some error messages :
"-- Logs begin at Thu 2021-02-18 11:28:19 UTC, end at Thu 2021-02-18 12:24:04 UTC. –
févr. 18 12:19:44 Sonet systemd[1]: openvpn-server(a)freedombox.service: Service RestartSec=5s expired, scheduling restart.
févr. 18 12:19:44 Sonet systemd[1]: openvpn-server(a)freedombox.service: Scheduled restart job, restart counter is at 587.
– Subject: Automatic restarting of a unit has been scheduled
– Defined-By: systemd
– Support: .debian.org/support
– Automatic restarting of the unit openvpn-server(a)freedombox.service has been scheduled, as the result for
– the configured Restart= setting for the unit.
févr. 18 12:19:44 Sonet systemd[1]: Stopped OpenVPN service for freedombox.
– Subject: A stop job for unit openvpn-server(a)freedombox.service has finished
– Defined-By: systemd
– Support: .debian.org/support
– A stop job for unit openvpn-server(a)freedombox.service has finished.
– The job identifier is 30058 and the job result is done.
févr. 18 12:19:44 Sonet systemd[1]: Starting OpenVPN service for freedombox…
– Subject: A start job for unit openvpn-server(a)freedombox.service has begun execution
– Defined-By: systemd
– Support: .debian.org/support
– A start job for unit openvpn-server(a)freedombox.service has begun execution.
– The job identifier is 30058.
févr. 18 12:19:44 Sonet openvpn[9575]: OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKT
INFO] [AEAD] built on Feb 20 2019
févr. 18 12:19:44 Sonet openvpn[9575]: library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
févr. 18 12:19:44 Sonet openvpn[9575]: NOTE: your local LAN uses the extremely common subnet address XXX.XXX.XXX.XXX or XXX.XXX.XXX.XXX. B
e aware that this might create routing conflicts if you connect to the VPN server from public locations such as internet cafes that us
e the same subnet.
févr. 18 12:19:44 Sonet systemd[1]: Started OpenVPN service for freedombox.
– Subject: A start job for unit openvpn-server(a)freedombox.service has finished successfully
– Defined-By: systemd
– Support: .debian.org/support
– A start job for unit openvpn-server(a)freedombox.service has finished successfully.
– The job identifier is 30058.
févr. 18 12:19:44 Sonet openvpn[9575]: ROUTE_GATEWAY XXX.XXX.XXX.XXX/255.255.255.0 IFACE=eth0 HWADDR=YY:YY:YY:YY:YY:YY
févr. 18 12:19:44 Sonet openvpn[9575]: TUN/TAP device tun0 opened
févr. 18 12:19:44 Sonet openvpn[9575]: Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)
févr. 18 12:19:44 Sonet openvpn[9575]: /sbin/ip link set dev tun0 up mtu 1500
févr. 18 12:19:44 Sonet openvpn[9575]: openvpn_execve: unable to fork: Resource temporarily unavailable (errno=11)
févr. 18 12:19:44 Sonet openvpn[9575]: Exiting due to fatal error
févr. 18 12:19:44 Sonet NetworkManager[139]: [1613650784.6154] manager: (tun0): new Tun device (/org/freedesktop/NetworkMan
ager/Devices/590)
févr. 18 12:19:44 Sonet systemd-udevd[9576]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writabl
e.
févr. 18 12:19:44 Sonet systemd-udevd[9576]: link_config: could not get ethtool features for tun0
févr. 18 12:19:44 Sonet systemd-udevd[9576]: Could not set offload features of tun0: No such device
févr. 18 12:19:44 Sonet systemd[1]: openvpn-server(a)freedombox.service: Main process exited, code=exited, st
atus=1/FAILURE
"
**Do somebody has a recipe to make it work ? **
Moreover I have some similar trouble with fail2ban which is dedicated to avoid attacks on SSH and OpenVPN. (Currently it is not a problem for me since I’m only working on my local network, but when I’ll want to make the server being reachable from a distant terminal through internet, it will be)
“-- The unit openvpn-server(a)freedombox.service has entered the ‘failed’ state with result ‘exit-code’.
févr. 18 11:28:24 Sonet nscd[110]: 110 monitoring file /etc/passwd
(1)
févr. 18 11:28:24 Sonet nscd[110]: 110 monitoring directory /etc
(2)
févr. 18 11:28:24 Sonet nscd[110]: 110 monitoring file /etc/group
(3)
févr. 18 11:28:24 Sonet nscd[110]: 110 monitoring directory /etc
(2)”