NAT iptables and AlmaLinux 9

[Poueck]

NAT functionnality doesn't work on AlmaLinux 9 (kernel 5.14.0-162.12.1.el9_1.x86_64):

openvpn      | iptables v1.8.4 (legacy): can't initialize iptables table 'nat': Table does not exist (do you need to insmod?)
openvpn      | Perhaps iptables or your kernel needs to be upgraded.

On the host, iptables v1.8.8

# iptables -V
iptables v1.8.8 (nf_tables)
# rpm -qa iptables*
iptables-libs-1.8.8-4.el9.x86_64
iptables-nft-1.8.8-4.el9.x86_64

[Poueck]

It appears that iptables links are set to legacy instead of nft.

I updated the ovpn_run script with "iptables-nft" instead of "iptables" and it is working.

[Traxof63]

Hello, I've the same issue, but when I set "iptables-nft" instead of "iptables"
This error occurs :
iptables: Failed to initialize nft: Protocol not supported

[Poueck]

Hello, I've the same issue, but when I set "iptables-nft" instead of "iptables" This error occurs : iptables: Failed to initialize nft: Protocol not supported

Does iptables installed on the host ?

[Traxof63]

yes

[Poueck]

yes

And the container have the --cap-add=NET_ADMIN ?

[Traxof63]

Yes, I use the recommended docker-compose file, and on the host, iptables is in nft mode....

[GunoH]

Had the same issue, when using the public kylemanna/openvpn image in my compose file (as instructed in docs/docker-compose.md).

However, when building the image myself from the master branch (1228577), the issue is gone. Maybe some fixes did not go into the public image yet.

[igor-iiplabs]

Same issue as well, and also resolved by rebuilding the image from Dockerfile

services:
openvpn:
build:
context: ./
dockerfile: Dockerfile
image: local/openvpn

Then just run "docker compose build openvpn"