[BUG] - Unable to get other containers to use protonvpn using Podman

[Greyfus]

Version of protonvpn-docker

5.2.1

Credential & Plan

• [X] I have verified that my VPN credentials are valid
• [X] I am using OpenVPN credentials and not my proton account credentials.
• [X] I have verified that the servers I am trying to connect to are available under my plan.

System Architecture

x86_64

Running on a NAS?

No

Container Runtime

Podman with defaults

Version of Kubernetes

NA

Version of docker/podman runtime

host: arch: amd64 buildahVersion: 1.24.1 cgroupControllers:

• memory
• pids cgroupManager: systemd cgroupVersion: v2 conmon: package: conmon-2.1.0-1.el9.x86_64 path: /usr/bin/conmon version: 'conmon version 2.1.0, commit: 8ef5de138efb6f0aad657082cdea22cf037792cb' cpus: 4 distribution: distribution: '"centos"' version: "9" eventLogger: journald hostname: Pups-Brick idMappings: gidmap:
  • container_id: 0 host_id: 1000 size: 1
  • container_id: 1 host_id: 100000 size: 65536 uidmap:
  • container_id: 0 host_id: 1000 size: 1
  • container_id: 1 host_id: 100000 size: 65536 kernel: 5.14.0-71.el9.x86_64 linkmode: dynamic logDriver: journald memFree: 348405760 memTotal: 7851782144 networkBackend: cni ociRuntime: name: crun package: crun-1.4.3-1.el9.x86_64 path: /usr/bin/crun version: |- crun version 1.4.3 commit: 61c9600d1335127eba65632731e2d72bc3f0b9e8 spec: 1.0.0 +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL os: linux remoteSocket: exists: true path: /run/user/1000/podman/podman.sock security: apparmorEnabled: false capabilities: CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT rootless: true seccompEnabled: true seccompProfilePath: /usr/share/containers/seccomp.json selinuxEnabled: true serviceIsRemote: false slirp4netns: executable: /usr/bin/slirp4netns package: slirp4netns-1.1.12-4.el9.x86_64 version: |- slirp4netns version 1.1.12 commit: 7a104a101aa3278a2152351a082a6df71f57c9a3 libslirp: 4.4.0 SLIRP_CONFIG_VERSION_MAX: 3 libseccomp: 2.5.2 swapFree: 8574201856 swapTotal: 8589930496 uptime: 190h 44m 21.45s (Approximately 7.92 days) plugins: log:
• k8s-file
• none
• passthrough
• journald network:
• bridge
• macvlan
• ipvlan volume:
• local registries: search:
• registry.fedoraproject.org
• registry.access.redhat.com
• registry.centos.org
• quay.io
• docker.io store: configFile: /home/pups/.config/containers/storage.conf containerStore: number: 0 paused: 0 running: 0 stopped: 0 graphDriverName: overlay graphOptions: {} graphRoot: /home/pups/.local/share/containers/storage graphStatus: Backing Filesystem: xfs Native Overlay Diff: "true" Supports d_type: "true" Using metacopy: "false" imageCopyTmpDir: /var/tmp imageStore: number: 9 runRoot: /run/user/1000/containers volumePath: /home/pups/.local/share/containers/storage/volumes version: APIVersion: 4.0.2 Built: 1647270789 BuiltTime: Mon Mar 14 11:13:09 2022 GitCommit: "" GoVersion: go1.17.5 OsArch: linux/amd64 Version: 4.0.2

Troubleshooting

• [X] I have tried steps mentioned in TROUBLESHOOTING
• [X] I am using latest version of the docker image

Relevant log output

Error: invalid option for network service: unknown bridge network option: protonvpn

Any additional info

version: '3.4' services: protonvpn: container_name: protonvpn environment: PROTONVPN_SERVER: XXX PROTONVPN_USERNAME: XXX PROTONVPN_PASSWORD: XXX PROTONVPN_TIER: X image: ghcr.io/tprasadtp/protonvpn:latest restart: unless-stopped networks: - internet cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun expose: - 8000 pyload: depends_on: - protonvpn container_name: pyload environment: TZ: "America/New_York" PGID: "1000" PUID: "1000" image: linuxserver/pyload:latest restart: unless-stopped userns_mode: host network_mode: "service:protonvpn" volumes: - config:/config - ./downloads/:/downloads/:rw volumes: config: networks: internet:

I tried to follow, but I do not seem to know how to convert to podman network wise. All the other parts work but I cannot specifiy other containers to use the protonvpn.

Code of Conduct & PII Redaction

• [X] I agree to follow this project's Code of Conduct
• [X] I have removed any sensitive personally identifying information(PII) and secrets from in this issue report.

[vadyochik]

You can try running it all podman-way in pods and via systemd services. Here is just a quick example of commands running containers through the network of protonvpn container:

# create env vars config for protonvpn
$ cat /etc/protonvpn.env 
PROTONVPN_USERNAME=XXXXXXXXXXXXXXX
PROTONVPN_PASSWORD=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
PROTONVPN_TIER=2
PROTONVPN_SERVER=RANDOM

# create pod
$ podman pod create --name test-vpn

# create protonvpn container inside the created above pod
$ podman create --pod test-vpn --name protonvpn --device=/dev/net/tun --privileged --env-file=/etc/protonvpn.env ghcr.io/tprasadtp/protonvpn 

# create container with your app that needs to go through the vpn (here as an example, i'm just using alpine running interactive shell)
$ podman create --pod test-vpn --name alpine -it --network=container:protonvpn docker.io/library/alpine

# now, once all the needed pod and containers are created, start the pod
$ podman pod start test-vpn

# to test the outgoing ip of your app (in our case alpine container) exec interactive shell inside it:
$ podman exec -it alpine /bin/sh

# then inside the container check the IP with wget something like:
wget -qO - https://icanhazip.com
wget -qO - https://ipinfo.io

NOTE: once you created your pod and containers you can generate systemd services by runing the command: podman generate systemd --restart-policy=always --new --files --name test-vpn

check man pages of podman, there are plenty of useful info and examples.

man podman-generate-systemd