libnetwork: Unable to create docker0 if VPN is active

~ > ip route
0.0.0.0/1 via 10.8.0.5 dev tun0 
default via 192.168.1.1 dev wlp3s0  proto dhcp  src 192.168.1.191  metric 10 
default via 192.168.1.1 dev enp2s0  proto dhcp  src 192.168.1.181  metric 20 
10.8.0.1 via 10.8.0.5 dev tun0 
10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6 
23.196.166.175 via 192.168.1.1 dev wlp3s0 
128.0.0.0/1 via 10.8.0.5 dev tun0 
192.168.1.0/24 dev enp2s0  proto kernel  scope link  src 192.168.1.181 
192.168.1.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.1.191 
192.168.1.1 dev wlp3s0  proto dhcp  scope link  src 192.168.1.191  metric 10 
192.168.1.1 dev enp2s0  proto dhcp  scope link  src 192.168.1.181  metric 20 
~ > sudo docker -d
Warning: '-d' is deprecated, it will be removed soon. See usage.
WARN[0000] please use 'docker daemon' instead.          
INFO[0000] API listen on /var/run/docker.sock           
INFO[0000] [graphdriver] using prior storage driver "btrfs" 
INFO[0000] Firewalld running: false                     
FATA[0000] Error starting daemon: Error initializing network controller: Error creating default "bridge" network: failed to parse pool request for address space "LocalDefault" pool "" subpool "": could not find an available predefined network

If I stop my VPN, then I’m able to create the interface.

~ > sudo systemctl stop openvpn@primary.service
~ > ip route
default via 192.168.1.1 dev wlp3s0  proto dhcp  src 192.168.1.191  metric 10 
default via 192.168.1.1 dev enp2s0  proto dhcp  src 192.168.1.181  metric 20 
23.196.166.175 via 192.168.1.1 dev wlp3s0 
192.168.1.0/24 dev enp2s0  proto kernel  scope link  src 192.168.1.181 
192.168.1.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.1.191 
192.168.1.1 dev wlp3s0  proto dhcp  scope link  src 192.168.1.191  metric 10 
192.168.1.1 dev enp2s0  proto dhcp  scope link  src 192.168.1.181  metric 20 
~ > sudo docker -d
Warning: '-d' is deprecated, it will be removed soon. See usage.
WARN[0000] please use 'docker daemon' instead.          
INFO[0000] API listen on /var/run/docker.sock           
INFO[0000] [graphdriver] using prior storage driver "btrfs" 
INFO[0000] Firewalld running: false                     
INFO[0000] Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address 
INFO[0000] Loading containers: start.                   

INFO[0000] Loading containers: done.                    
INFO[0000] Daemon has completed initialization          
INFO[0000] Docker daemon                                 commit=a34a1d5-dirty execdriver=native-0.2 graphdriver=btrfs version=1.9.1
^CINFO[0003] Processing signal 'interrupt'

After the interface is created, then there’s no issues with starting the daemon while my VPN is active.

~ > sudo systemctl start openvpn@primary.service
~ > ip route
0.0.0.0/1 via 10.8.0.5 dev tun0 
default via 192.168.1.1 dev wlp3s0  proto dhcp  src 192.168.1.191  metric 10 
default via 192.168.1.1 dev enp2s0  proto dhcp  src 192.168.1.181  metric 20 
10.8.0.1 via 10.8.0.5 dev tun0 
10.8.0.5 dev tun0  proto kernel  scope link  src 10.8.0.6 
23.196.166.175 via 192.168.1.1 dev wlp3s0 
128.0.0.0/1 via 10.8.0.5 dev tun0 
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1 
192.168.1.0/24 dev enp2s0  proto kernel  scope link  src 192.168.1.181 
192.168.1.0/24 dev wlp3s0  proto kernel  scope link  src 192.168.1.191 
192.168.1.1 dev wlp3s0  proto dhcp  scope link  src 192.168.1.191  metric 10 
192.168.1.1 dev enp2s0  proto dhcp  scope link  src 192.168.1.181  metric 20 
~ > sudo docker -d
Warning: '-d' is deprecated, it will be removed soon. See usage.
WARN[0000] please use 'docker daemon' instead.          
INFO[0000] API listen on /var/run/docker.sock           
INFO[0000] [graphdriver] using prior storage driver "btrfs" 
INFO[0000] Firewalld running: false                     
INFO[0000] Default bridge (docker0) is assigned with an IP address 172.17.0.1/16. Daemon option --bip can be used to set a preferred IP address 
INFO[0000] Loading containers: start.                   

INFO[0000] Loading containers: done.                    
INFO[0000] Daemon has completed initialization          
INFO[0000] Docker daemon                                 commit=a34a1d5-dirty execdriver=native-0.2 graphdriver=btrfs

About this issue

  • Original URL
  • State: closed
  • Created 9 years ago
  • Reactions: 9
  • Comments: 27 (3 by maintainers)

Most upvoted comments

I had the same problem with docker and openvpn. It seems the networks 0.0.0.0/1 and 128.0.0.0/1 routes are created by openvpn if the “redirect-gateway def1” flag is provided from the server. As explained above, docker cannot find any free network range as those two /1 ranges cover all possible addresses.

What I did to solve it (apart from bugging the guy responsible for the openvpn service to remove the def1 flag 😄) was giving openvpn a command to drop those two routes and set a true default route:

$ openvpn --config vpn_config_file --route-up fix-routes.sh

And the fix-routes.sh script:

#!/bin/sh

echo "Adding default route to $route_vpn_gateway with /0 mask..."
ip route add default via $route_vpn_gateway

echo "Removing /1 routes..."
ip route del 0.0.0.0/1 via $route_vpn_gateway
ip route del 128.0.0.0/1 via $route_vpn_gateway

With a default /0 route docker would no longer have problems finding a valid subnet

+2
netsuso on Jul 28, 2016

I was able to resolve this problem on my systems by setting --bip in /etc/default/docker, as described by @DominicBoettger in https://github.com/docker/docker/issues/18113#issuecomment-208436349

+1
codekoala on Apr 23, 2016
Read more comments on GitHub
← libnetwork: Ubuntu 18.04 + Docker 17.12.1-ce break DNS resolution
libnetwork: Unable to create more than 4 networks. →