Pepsko's questions

I have Docker Swarm stack with nginx as reverse proxy set up on OVH vps. I was trying to make use of allow/deny directives in location, but if I set deny all; it wouldn't work even for the ip's added with allow directive. After looking at access logs I found out, that all requests allegedly come from IP 10.0.0.2. Now I tried to get the actual IP first to at least be shown in logs, but with no luck. There is my nginx.conf:

events{}

http {

  map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
  }
  error_log /dev/stdout info;
  log_format json_combined escape=json
    '{'
      '"time":"$time_local",'
      '"httpRequest":{'
        '"requestMethod":"$request_method",'
        '"requestUrl":"$scheme://$host$request_uri",'
        '"requestSize":$request_length,'
        '"status":"$status",'
        '"responseSize":$bytes_sent,'
        '"userAgent":"$http_user_agent",'
        '"remoteIp":"$remote_addr",'
        '"serverIp":"$server_addr",'
        '"referer":"$http_referer",'
        '"latency":"${request_time}s",'
        '"protocol":"$server_protocol"'
      '}'
    '}';

  resolver 127.0.0.11 valid=30s;

  include /etc/nginx/mime.types;
  include /etc/nginx/sites-enabled/*.*;
}

proxy.conf:

set_real_ip_from        10.0.0.0/8;
real_ip_header          X-Forwarded-For;
real_ip_recursive       on;
proxy_set_header        X-Real-IP           $remote_addr;
proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
proxy_set_header        Host                $http_host;
proxy_set_header        X-Forwarded-Host    $http_host;
proxy_set_header        X-Forwarded-Proto   $scheme;
proxy_set_header        X-Forwarded-Port    $server_port;
proxy_set_header        Upgrade             $http_upgrade;
proxy_set_header        Connection          $connection_upgrade;
proxy_set_header        X-NginX-Proxy       true;
proxy_cache_bypass      $http_upgrade;
proxy_http_version      1.1;
proxy_read_timeout      20d;
proxy_buffering         off;
proxy_request_buffering off;
proxy_intercept_errors  on;
http2_push_preload      on;

and my location:

  location /api/ {
     allow XXX.XX.XX.X;
     deny  all;
     include /etc/nginx/proxy-options/proxy.conf;
     set $ocelot ocelot-service;
     proxy_pass http://$ocelot$uri$is_args$args;
     proxy_ssl_session_reuse off;
     proxy_redirect off;
     client_max_body_size 5M;
  }

What can I do so nginx logs actual IP of requester and if it's possible, to use the IP to compare with allow directive?

I have setup Softether VPN server on my OVH VPS with this tutorial. When I'm connecting from my windows machine everything works fine and the internet sees me by my VPN servers IP instead of mine. Now when I do the same in ubuntu, even though softether client shows that it's connected to the server, curl ifconfig.me returns the IP address of my machine instead of VPN. I've found info that on Linux I have to setup routing manually - and here problem arises. When I try to sudo dhclient myadapter, it just hangs there. Sometimes it will freeze forcing me to reboot, and sometimes I can kill it. What I've seen in journalctl is:

can't create /var/lib/dhcp/dhclient.leases: Permission denied
Open a socket for LPF: Operation not permitted

Is there something wrong with my dhclient? Or maybe there is any other way to configure the routing for it? Any suggestions will be appreciated!

I need my CI/CD on github actions to log into VPN in order to access ssh on server and deploy stuff. VPN server itself works fine, as I tried to do the same sequence on my linux machine and it worked like a charm. But when I try to do it in automated way, it provides the password and it ends there. It doesn't even ask for standard. It happens both on github actions, as well as when I try to pass the last command from my github action on my linux machine.

There is my yml code:

  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Install softether
        run: |
          sudo apt-get update
          sudo apt-get install build-essential -y
          wget https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases/download/v4.38-9760-rtm/softether-vpnclient-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
          tar xzvf softether-vpnclient-v4.38-9760-rtm-2021.08.17-linux-x64-64bit.tar.gz
          cd vpnclient
          make
      - name: Setup connection and connect
        run: |
          cd vpnclient
          sudo ./vpnclient start
          (
          echo "2"
          echo ""
          echo "NicCreate myadapter"
          echo "AccountCreate ${{ secrets.VPN_USER }}"
          echo "${{ secrets.PROD_VPN_ADDRESS }}"
          echo "${{ secrets.VPN_HUB }}"
          echo "${{ secrets.VPN_USER }}"
          echo "myadapter"
          echo "AccountPasswordSet myconnection"
          echo "${{ secrets.VPN_PASSWORD }}"
          echo "${{ secrets.VPN_PASSWORD }}"
          echo ""
          echo "standard"
          echo "AccountConnect ${{ secrets.VPN_USER }}"
          ) | ./vpncmd

And this is the output in GitHub actions:

By using vpncmd program, the following can be achieved. 

1. Management of VPN Server or VPN Bridge 
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)


Specify the host name or IP address of the computer that the destination VPN Client is operating on. 
If nothing is input and Enter is pressed, connection will be made to localhost (this computer).

Connected to VPN Client "localhost".

NicCreate command - Create New Virtual Network Adapter
The command completed successfully.

AccountCreate command - Create New VPN Connection Setting




The command completed successfully.

AccountPasswordSet command - Set User Authentication Type of VPN Connection Setting to Password Authentication
Please enter the password. To cancel press the Ctrl+D key.

Password: *********
Confirm input: *********




Error: Process completed with exit code 38.

Any help will be appreciated.