Lack of ARM64 Build above version 1.30.3292.22

[saandre15]

I was installing the latest version of Pritunl to a Raspberry PI using the Pritunl Install From Source guide. And when I tried to create a Private Network on Pritunl, but I received the following error in the log file.

[snowy-plains-5952][2023-01-10 01:36:46,749][ERROR] Server error occurred while running
Traceback (most recent call last):
  File "/usr/lib/pritunl/lib/python3.9/site-packages/pritunl-1.30.3388.46-py3.9.egg/pritunl/server/instance.py", line 1582, in _run_thread
    self.iptables.upsert_rules()
  File "/usr/lib/pritunl/lib/python3.9/site-packages/pritunl-1.30.3388.46-py3.9.egg/pritunl/iptables.py", line 1411, in upsert_rules
    self._insert_iptables_rule(rule, tables=tables)
  File "/usr/lib/pritunl/lib/python3.9/site-packages/pritunl-1.30.3388.46-py3.9.egg/pritunl/iptables.py", line 1229, in _insert_iptables_rule
    return self._insert_iptables_rule_cmd(rule, ipv6)
  File "/usr/lib/pritunl/lib/python3.9/site-packages/pritunl-1.30.3388.46-py3.9.egg/pritunl/iptables.py", line 1211, in _insert_iptables_rule_cmd
    utils.Process(
  File "/usr/lib/pritunl/lib/python3.9/site-packages/pritunl-1.30.3388.46-py3.9.egg/pritunl/utils/proc.py", line 88, in run
    raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['iptables', '-I', 'INPUT', '-i', 'tun4', '-m', 'set', '--match-set', '63bcc12c5eb9da02e3aaa815_or', 'dst', '-j', 'ACCEPT', '-m', 'comment', '--comment', 'pritunl-63bcbb5d5eb9da02e3aaa3d7']' returned non-zero exit status 2.
  server_id   = "21bcbb5d5eb9da02e3aaa3d7"
  instance_id = "63bcc12c5eb34a02e3aaa815"
[snowy-plains-5952][2023-01-10 01:36:46,750][ERROR] Popen returned error exit code
  cmd         = ["iptables", "-I", "INPUT", "-i", "tun4", "-m", "set", "--match-set", "63bcc12c5eb9da02e3aaa815_or", "dst", "-j", "ACCEPT", "-m", "comment", "--comment", "pritunl-63bcbb5d5eb9da02e3aaa3d7"]
  timeout     = 15
  return_code = 2

It looks like this project was able to successfully build Pritunl for ARM64 devices using Docker. But recently there were no ARM64 build provided for the past 4 versions of Pritunl. Was this issue preventing the developers from building the latest version of Pritunl for ARM devices?

More information

https://forum.pritunl.com/t/unable-to-create-iptables-when-starting-a-private-network/675

[arthursimas1]

hi, i'm also interested on the arm64 build.

as far as i found, there's a problem to build the cryptography library (ERROR: Failed building wheel for cryptography, see). it doesn't seem to be related with your problem (iptables, if i understand well).

[arthursimas1]

looking further on this problem, i found that cryptography==3.4.7 is required and 3.4.x version requires Rust to compile (see). the most strange part is that Rust dependencies are already being installed.

to fix this problem, i would try two paths:

• CRYPTOGRAPHY_DONT_BUILD_RUST=1 (short term solution)
• bumping Alpine version to 3.17 (alpine 3.17 changelog) that includes Rust support (most recommended solution)

i haven't tested any of these solutions yet and any of the side-effects

[saandre15]

I was successfully able to figure out what the issue was. The kernel used did not support iptables hooking into ipset. Enabling the xt_set module should solve the issue.

[imperia777]

@dretechtips Error on my Oracle Linux aarch64 is about ipset exactly. Tried enabling xt_set on host. Didn't worked. ip_set is enabled too.

[snowy-waterfall-7512][2023-01-17 11:09:35,810][ERROR] Server error occurred while running
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 1560, in _run_thread
self.generate_iptables_rules()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 654, in generate_iptables_rules
self.iptables.generate()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1119, in generate
self._generate_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 194, in _generate_sets
self._create_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1342, in _create_sets
utils.check_output_logged(
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/utils/misc.py", line 220, in check_output_logged
raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['ipset', 'create', '63c681efd34a19fb9857e2b7_or', 'hash:net', 'family', 'inet']' returned non-zero exit status 1.
server_id = "5d2587bc4df95623a5c181ff"
instance_id = "63c681efd34a19fb9857e2b7"
[snowy-waterfall-7512][2023-01-17 11:09:35,811][ERROR] Popen returned error exit code
cmd = ["ipset", "create", "63c681efd34a19fb9857e2b7_or", "hash:net", "family", "inet"]
return_code = 1
Process stderr:
ipset v7.15: Kernel error received: Operation not permitted
Traceback (most recent call last):
File "/usr/lib/python3.10/threading.py", line 973, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
self.run()
File "/usr/lib/python3.10/threading.py", line 953, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 1560, in _run_thread
self.generate_iptables_rules()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 654, in generate_iptables_rules
self.iptables.generate()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1119, in generate
self._generate_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 194, in _generate_sets
self._create_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1342, in _create_sets
utils.check_output_logged(
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/utils/misc.py", line 213, in check_output_logged
logger.error('Popen returned error exit code', 'utils',
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/logger/init.py", line 55, in error
kwargs['traceback'] = traceback.format_stack()
[snowy-waterfall-7512][2023-01-17 11:10:04,753][ERROR] Exception on /server/5d2587bc4df95623a5c181ff/operation/start [PUT]
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1518, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/auth/app.py", line 10, in _wrapped
return call(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/handlers/server.py", line 1323, in server_operation_put
svr.start()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/server.py", line 1636, in start
raise ServerStartError('Server start timed out', {
pritunl.exceptions.ServerStartError: Server start timed out. {'server_id': ObjectId('5d2587bc4df95623a5c181ff')}
[snowy-waterfall-7512][2023-01-17 11:10:04,753][ERROR] Exception on /server/5d2587bc4df95623a5c181ff/operation/start [PUT]
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1518, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/auth/app.py", line 10, in _wrapped
return call(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/handlers/server.py", line 1323, in server_operation_put
svr.start()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/server.py", line 1636, in start
raise ServerStartError('Server start timed out', {
pritunl.exceptions.ServerStartError: Server start timed out. {'server_id': ObjectId('5d2587bc4df95623a5c181ff')}

[saandre15]

@dretechtips Error on my Oracle Linux aarch64 is about ipset exactly. Tried enabling xt_set on host. Didn't worked. ip_set is enabled too.

[snowy-waterfall-7512][2023-01-17 11:09:35,810][ERROR] Server error occurred while running
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 1560, in _run_thread
self.generate_iptables_rules()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 654, in generate_iptables_rules
self.iptables.generate()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1119, in generate
self._generate_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 194, in _generate_sets
self._create_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1342, in _create_sets
utils.check_output_logged(
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/utils/misc.py", line 220, in check_output_logged
raise subprocess.CalledProcessError(
subprocess.CalledProcessError: Command '['ipset', 'create', '63c681efd34a19fb9857e2b7_or', 'hash:net', 'family', 'inet']' returned non-zero exit status 1.
server_id = "5d2587bc4df95623a5c181ff"
instance_id = "63c681efd34a19fb9857e2b7"
[snowy-waterfall-7512][2023-01-17 11:09:35,811][ERROR] Popen returned error exit code
cmd = ["ipset", "create", "63c681efd34a19fb9857e2b7_or", "hash:net", "family", "inet"]
return_code = 1
Process stderr:
ipset v7.15: Kernel error received: Operation not permitted
Traceback (most recent call last):
File "/usr/lib/python3.10/threading.py", line 973, in _bootstrap
self._bootstrap_inner()
File "/usr/lib/python3.10/threading.py", line 1016, in _bootstrap_inner
self.run()
File "/usr/lib/python3.10/threading.py", line 953, in run
self._target(*self._args, **self._kwargs)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 1560, in _run_thread
self.generate_iptables_rules()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/instance.py", line 654, in generate_iptables_rules
self.iptables.generate()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1119, in generate
self._generate_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 194, in _generate_sets
self._create_sets()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/iptables.py", line 1342, in _create_sets
utils.check_output_logged(
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/utils/misc.py", line 213, in check_output_logged
logger.error('Popen returned error exit code', 'utils',
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/logger/init.py", line 55, in error
kwargs['traceback'] = traceback.format_stack()
[snowy-waterfall-7512][2023-01-17 11:10:04,753][ERROR] Exception on /server/5d2587bc4df95623a5c181ff/operation/start [PUT]
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1518, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/auth/app.py", line 10, in _wrapped
return call(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/handlers/server.py", line 1323, in server_operation_put
svr.start()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/server.py", line 1636, in start
raise ServerStartError('Server start timed out', {
pritunl.exceptions.ServerStartError: Server start timed out. {'server_id': ObjectId('5d2587bc4df95623a5c181ff')}
[snowy-waterfall-7512][2023-01-17 11:10:04,753][ERROR] Exception on /server/5d2587bc4df95623a5c181ff/operation/start [PUT]
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/flask/app.py", line 2073, in wsgi_app
response = self.full_dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1518, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1516, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/lib/python3.10/site-packages/flask/app.py", line 1502, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**req.view_args)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/auth/app.py", line 10, in _wrapped
return call(*args, **kwargs)
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/handlers/server.py", line 1323, in server_operation_put
svr.start()
File "/usr/lib/python3.10/site-packages/pritunl-1.30.3292.22-py3.10.egg/pritunl/server/server.py", line 1636, in start
raise ServerStartError('Server start timed out', {
pritunl.exceptions.ServerStartError: Server start timed out. {'server_id': ObjectId('5d2587bc4df95623a5c181ff')}

Did u install ipset binaries on the machine?

[imperia777]

@dretechtips
on host version ipset 7.11 is installed.
on container ipset version 7.15 is installed in /usr/sbin.
but gives error on every command, like is not available. dmesg is throwing same error.

bash-5.1# ipset create something hash:net
ipset v7.15: Kernel error received: Operation not permitted
bash-5.1# ipset save
ipset v7.15: Kernel error received: Operation not permitted
bash-5.1# dmesg
dmesg: klogctl: Operation not permitted
bash-5.1# dmesg
dmesg: klogctl: Operation not permitted
bash-5.1# ls /usr/sbin/ipset -al
-rwxr-xr-x 1 root root 180792 Nov 25 2021 /usr/sbin/ipset
bash-5.1#

[master2sid2]

I solved the problem by adding the volume to the container.
-v /lib/modules:/lib/modules

[github-actions]

This issue has had no activity for the last 90 days.
Do you still see this issue with the latest release?
Please add a reply within 14 days or this issue will be automatically closed.
To keep a confirmed issue open we can also add a "bug confirmed" tag.

Disclaimer: This is an open community project with limited resources.
Any skilled member of the community may jump in at any time to fix this issue.
That can take a while depending on our busy lives so please be patient,
and take advantage of other resources to help solve the issue.