[solved] Vagrant Oracle Linux 8 error: ipset v7.1: Kernel error received: set type not supported

Pritunl Pritunl VPN
1

I hit some obstacles running Pritunl on Oracle Linux 8, maybe this can be useful for others. Maybe this footgun can also be added to the docs, as Oracle Linux 8 is the recommended distro to run Pritunl on.

I use the official Oracle Linux 8 Vagrant VM from https://yum.oracle.com/boxes/ . In other words, the VM is created like this:

$ vagrant init oraclelinux/8 https://oracle.github.io/vagrant-projects/boxes/oraclelinux/8.json
$ vagrant up
$ vagrant ssh

Note that Oracle Linux 8 uses the “UEK / Unbreakable Enterprise Kernel” v5.15 by default as seen here:

[vagrant@localhost ~]$ uname -a
Linux localhost.localdomain 5.15.0-3.60.5.1.el8uek.x86_64 #2 SMP Wed Oct 19 20:04:48 PDT 2022 x86_64 x86_64 x86_64 GNU/Linux

Then I followed the instructions from Installation .

I created an openvpn server in the web UI, but starting the openvpn server fails like this (full logs see my reply)

[lively-refuge-1534][2023-03-18 14:17:13,463][ERROR] Popen returned error exit code
  cmd         = ["ipset", "create", "6415c7e90c98ebdaaeff4373_or", "hash:net", "family", "inet"]
  return_code = 1
Process stderr:
  ipset v7.1: Kernel error received: set type not supported

Switching to the “Red-Hat Compatible Kernel” (see my reply for how to switch) fixed the issue and Pritunl now works:

[root@localhost ~]# uname -a
Linux localhost.localdomain 4.18.0-425.13.1.el8_7.x86_64 #1 SMP Tue Feb 21 15:09:05 PST 2023 x86_64 x86_64 x86_64 GNU/Linux


[lively-refuge-1534][2023-03-18 14:21:13,735][INFO] Starting server
  selinux_context = "system_u:system_r:pritunl_t:s0"
[lively-refuge-1534][2023-03-18 14:22:42,308][INFO] Starting vpn server
  server_id        = "6415c7260c98ebdaaeff42be"
  instance_id      = "6415c9324a6510712a6532db"
  instances        = []
  instances_count  = 0
  route_count      = 1
  network          = "192.168.222.0/24"
  network6         = "fd00:c0a8:de00::/64"
  dynamic_firewall = false
  host_id          = "c8b828dc15da4f9e9d6a7cd23aced905"
  host_address     = "192.168.122.148"
  host_address6    = "fe80::5054:ff:fe14:8483"
  host_networks    = ["192.168.122.0/24"]
  cur_timestamp    = "2023-03-18 14:22:42.307679"
  libipt           = false
2

Additional links that I could not post because only two links are allowed for new users:

Full logs are here: pritunl uek.txt · GitHub

Here’s how to switch to “Red-Hat Compatible Kernel”: https://blogs.oracle.com/linux/post/changing-the-default-kernel-in-oracle-linux-its-as-simple-as-1-2-3

In hindsight, I would not go with Oracle Linux 8 again. Maybe users should rather go with Alma Linux or something?

3

That is likely an issue with that build, I haven’t seen the issue on any other Oracle Linux 8 builds.

4

Interesting. Let me try that again with OracleLinux-R8-U7-x86_64-dvd.iso from https://yum.oracle.com/oracle-linux-isos.html .

5

Lo and behold, installing from the “normal” ISO, pritunl works fine.

Looks like the vagrant image did not have all kernel modules installed. This fixed it my testing:

[root@localhost ~]# dnf install kernel-uek
Last metadata expiration check: 0:03:30 ago on Sun 19 Mar 2023 11:57:25 AM UTC.
Dependencies resolved.
===============================================================================================================
 Package                  Architecture Version                                   Repository               Size
===============================================================================================================
Installing:
 kernel-uek               x86_64       5.15.0-8.91.4.1.el8uek                    ol8_UEKR7               1.2 M
Installing dependencies:
 kernel-uek-modules       x86_64       5.15.0-8.91.4.1.el8uek                    ol8_UEKR7                54 M
 linux-firmware           noarch       999:20220907-999.14.git2f2f0181.el8       ol8_baseos_latest       243 M

Thanks @zach !