Skip to content

ENABLE_SOCKS_SERVER not working on ubuntu 24.10 #101

New issue
New issue
Open
Open
ENABLE_SOCKS_SERVER not working on ubuntu 24.10#101
@Krylanc3lo

Description

@Krylanc3lo
Krylanc3lo
opened on Mar 30, 2025

Hello,

I hope you are doing well.

I am trying to install the image on ubuntu 24.10 and the container does not start if ENABLE_SOCKS_SERVER is set to true.
It is working on 2 other servers but they are running on 22.04.

Here are the options I use:

sudo docker run --privileged -d --cap-add=NET_ADMIN --device /dev/net/tun -p 1080:1080 -e SURFSHARK_USER=XXX -e SURFSHARK_PASSWORD=XXX -e ENABLE_SOCKS_SERVER=true -e CONNECTION_TYPE=udp  ilteoood/docker-surfshark

and the log:

2025-03-30 06:34:52 WARNING: file 'vpn-auth.txt' is group or others accessible
2025-03-30 06:34:52 OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2025-03-30 06:34:52 library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2025-03-30 06:34:52 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2025-03-30 06:34:52 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-03-30 06:34:52 TCP/UDP: Preserving recently used remote address: [AF_INET]124.150.139.59:1194
2025-03-30 06:34:52 Socket Buffers: R=[212992->212992] S=[212992->212992]
2025-03-30 06:34:52 UDPv4 link local: (not bound)
2025-03-30 06:34:52 UDPv4 link remote: [AF_INET]124.150.139.59:1194
2025-03-30 06:34:53 TLS: Initial packet from [AF_INET]124.150.139.59:1194, sid=21960b31 002f02cf
2025-03-30 06:34:53 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2025-03-30 06:34:53 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2025-03-30 06:34:53 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2025-03-30 06:34:53 VERIFY KU OK
2025-03-30 06:34:53 Validating certificate extended key usage
2025-03-30 06:34:53 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-03-30 06:34:53 VERIFY EKU OK
2025-03-30 06:34:53 VERIFY OK: depth=0, CN=au-per-v019.prod.surfshark.com
2025-03-30 06:34:53 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-03-30 06:34:53 [au-per-v019.prod.surfshark.com] Peer Connection Initiated with [AF_INET]124.150.139.59:1194
2025-03-30 06:34:53 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2025-03-30 06:34:53 TLS: tls_multi_process: initial untrusted session promoted to trusted
2025-03-30 06:34:54 SENT CONTROL [au-per-v019.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2025-03-30 06:34:54 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.5 255.255.255.0,peer-id 2,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2025-03-30 06:34:54 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.11)
2025-03-30 06:34:54 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2025-03-30 06:34:54 Socket Buffers: R=[212992->425984] S=[212992->425984]
2025-03-30 06:34:54 OPTIONS IMPORT: --ifconfig/up options modified
2025-03-30 06:34:54 OPTIONS IMPORT: route options modified
2025-03-30 06:34:54 OPTIONS IMPORT: route-related options modified
2025-03-30 06:34:54 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2025-03-30 06:34:54 OPTIONS IMPORT: tun-mtu set to 1500
2025-03-30 06:34:54 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=ae:56:48:be:5d:79
2025-03-30 06:34:54 TUN/TAP device tun0 opened
2025-03-30 06:34:54 /sbin/ip link set dev tun0 up mtu 1500
2025-03-30 06:34:54 /sbin/ip link set dev tun0 up
2025-03-30 06:34:54 /sbin/ip addr add dev tun0 10.8.8.5/24
2025-03-30 06:34:54 /vpn/sockd.sh tun0 1500 0 10.8.8.5 255.255.255.0 init
2025-03-30 06:39:03 /sbin/ip route add 124.150.139.59/32 via 172.17.0.1
2025-03-30 06:39:03 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
2025-03-30 06:39:03 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
2025-03-30 06:39:03 Initialization Sequence Completed
2025-03-30 06:39:03 Data Channel: cipher 'AES-256-GCM', peer-id: 2
2025-03-30 06:39:03 Timers: ping 60, ping-restart 180
2025-03-30 06:39:03 Protocol options: explicit-exit-notify 1, protocol-flags cc-exit tls-ekm dyn-tls-crypt
2025-03-30 06:39:03 [au-per-v019.prod.surfshark.com] Inactivity timeout (--ping-restart), restarting
2025-03-30 06:39:03 /sbin/ip route del 124.150.139.59/32
2025-03-30 06:39:03 /sbin/ip route del 0.0.0.0/1
2025-03-30 06:39:03 /sbin/ip route del 128.0.0.0/1
2025-03-30 06:39:03 Closing TUN/TAP interface
2025-03-30 06:39:03 /sbin/ip addr del dev tun0 10.8.8.5/24
2025-03-30 06:39:03 SIGUSR1[soft,ping-restart] received, process restarting
2025-03-30 06:39:03 Restart pause, 1 second(s)
2025-03-30 06:39:04 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2025-03-30 06:39:04 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2025-03-30 06:39:04 TCP/UDP: Preserving recently used remote address: [AF_INET]124.150.139.59:1194
2025-03-30 06:39:04 Socket Buffers: R=[212992->425984] S=[212992->425984]
2025-03-30 06:39:04 UDPv4 link local: (not bound)
2025-03-30 06:39:04 UDPv4 link remote: [AF_INET]124.150.139.59:1194
2025-03-30 06:39:05 TLS: Initial packet from [AF_INET]124.150.139.59:1194, sid=0e89e0bf ca098337
2025-03-30 06:39:05 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2025-03-30 06:39:05 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2025-03-30 06:39:05 VERIFY KU OK
2025-03-30 06:39:05 Validating certificate extended key usage
2025-03-30 06:39:05 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2025-03-30 06:39:05 VERIFY EKU OK
2025-03-30 06:39:05 VERIFY OK: depth=0, CN=au-per-v019.prod.surfshark.com
2025-03-30 06:39:05 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2025-03-30 06:39:05 [au-per-v019.prod.surfshark.com] Peer Connection Initiated with [AF_INET]124.150.139.59:1194
2025-03-30 06:39:05 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2025-03-30 06:39:05 TLS: tls_multi_process: initial untrusted session promoted to trusted
2025-03-30 06:39:06 SENT CONTROL [au-per-v019.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2025-03-30 06:39:07 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.3 255.255.255.0,peer-id 1,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2025-03-30 06:39:07 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.11)
2025-03-30 06:39:07 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2025-03-30 06:39:07 Socket Buffers: R=[425984->425984] S=[425984->425984]
2025-03-30 06:39:07 OPTIONS IMPORT: --ifconfig/up options modified
2025-03-30 06:39:07 OPTIONS IMPORT: route options modified
2025-03-30 06:39:07 OPTIONS IMPORT: route-related options modified
2025-03-30 06:39:07 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2025-03-30 06:39:07 OPTIONS IMPORT: tun-mtu set to 1500
2025-03-30 06:39:07 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=ae:56:48:be:5d:79
2025-03-30 06:39:07 TUN/TAP device tun0 opened
2025-03-30 06:39:07 /sbin/ip link set dev tun0 up mtu 1500
2025-03-30 06:39:07 /sbin/ip link set dev tun0 up
2025-03-30 06:39:07 /sbin/ip addr add dev tun0 10.8.8.3/24
2025-03-30 06:39:07 /vpn/sockd.sh tun0 1500 0 10.8.8.3 255.255.255.0 init
Mar 30 06:39:07 (1743316747.241926) sockd[112]: warning: bindinternal(): bind of address 172.17.0.4.1080 (address #1/1) for server to listen on failed: Address in use
Mar 30 06:39:07 (1743316747.242039) sockd[112]: error: serverinit(): failed to bind internal addresses: Address in use
Mar 30 06:39:07 (1743316747.242141) sockd[112]: alert: mother[1/1]: shutting down
2025-03-30 06:39:07 WARNING: Failed running command (--up/--down): external program exited with error status: 1
2025-03-30 06:39:07 Exiting due to fatal error
Resetting all rules to installed defaults. Proceed with operation (y|n)? Aborted
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Default outgoing policy changed to 'deny'
(be sure to update your rules accordingly)
Rules updated
Rules updated (v6)
Firewall is active and enabled on system startup

Do you know how I could fix it?

Thanks a lot for your help

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions