Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

VPN provider support: Ovpn.com #495

Open
qdm12 opened this issue Jun 17, 2021 · 38 comments · May be fixed by #2537
Open

VPN provider support: Ovpn.com #495

qdm12 opened this issue Jun 17, 2021 · 38 comments · May be fixed by #2537
Labels
Category: Motivated! 🙌 Your pumpness makes me pumped! The issue or PR shows great motivation! Category: New provider 🆕 Status: 🟡 Nearly resolved This might be resolved or is about to be resolved Status: 🗯️ Waiting for feedback

Comments

@qdm12
Copy link
Owner

qdm12 commented Jun 17, 2021

  1. Download all files from https://www.ovpn.com/en/configurations
  2. Set up code for supporting it, and use the hostname to extract location information dk.copenhagen.ovpn.com (countrycode.city.ovpn.com)
  3. Configure updating mechanism to resolve existing hostnames only. This is limited and will not detect new servers added.
  4. Message u/tamenqt
@Magic-Deceiver
Copy link

Magic-Deceiver commented Oct 15, 2021

I will be waiting for this update patiently. Would love to see this become a reality! Had OVPN and am extremely satisfied. The only thing is I cannot get the OVPN wireguard to work with custom provider instruction no matter how I tweaked it. Either DNS could not resolve, or some other issues (may have something to do with multihop from OVPN).

Anyway! I really enjoy using gluetun! Thanks a lot!

@qdm12
Copy link
Owner Author

qdm12 commented Oct 15, 2021

@Magic-Deceiver I'll try to get to it soon (can't promise though I'm flooded 😄). Feel free to create a Github discussion on this repo I can help you setup Wireguard if you want.

@Magic-Deceiver
Copy link

No problem! I truly appreciate your help! I Will create a discussion once I get my logs captured so its faster to see whats the problem :)

P.S.: That's gotta be the fastest response I have ever received on GitHub lol.

@qdm12
Copy link
Owner Author

qdm12 commented Oct 15, 2021

For Wireguard, see discussion #677 where someone using ovpn managed to set it up 😉

@Magic-Deceiver
Copy link

Echo #677

  1. Do each server config have the same interface address?
    As far as I know, the interface config remains the same

  2. Do each server config have the same endpoint port?
    All peer endpoint ports are the same

  3. Do they have IP addresses for their endpoint or only hostnames?
    They use the hostname in the form of [VPN server#].[prd].[servers city location].[ovpn.com]:[port]
    e.g. vpn71.prd.newyork.ovpn.com:9929
    e.g. vpn06.prd.malmo.ovpn.com:9929
    e.g. vpn72.prd.zurich.ovpn.com:9929
    prd remains the same for all

  4. Is your interface private key the same for all server configs?
    If I download multiple configs using the same public key generated by OVPN, then all the interface private key remains the same

  5. Do they have maybe an API to get all of their server information (such as IP address, Wireguard public key)?
    That I have no idea. The only option I have seen is to manual download

Hopefully, someone smarter than me will be able to figure out how to access their server info other than downloading it manually from the website.

I hope this helps!

@qdm12
Copy link
Owner Author

qdm12 commented Oct 22, 2021

@Magic-Deceiver nice thanks!! It does definitely helps. Wireguard support will be nice given what you said. Another two questions:

  1. Is the PublicKey field value the same for all servers? It should be different but who knows 😄
  2. Since it seems all their configs are hidden behind a login wall (😢), can you please:
    1. Download all their configs for each server. If it's not an easy process to download all the configs at once, then feel free to give up too (I would 😄)
    2. Remove your PrivateKey value for all of them. You could do that e.g. with VSCode by opening the directory where all your files are, then press CTRL+SHIFT+H (replace in all files), then ALT+R (use regular expression), then type ^PrivateKey.+$ in the Search field and write PrivateKey = in the Replace field. Finally press CTRL+ALT+Enter to replace all.
    3. Zip the resulting files
    4. Send the zip file to me at [email protected]

@qdm12
Copy link
Owner Author

qdm12 commented Oct 26, 2021

@Magic-Deceiver perfect I received your email. I now have both OpenVPN and Wireguard configuration files, perfect. I sent a message to ovpn.com's support to ask them where their API is and how to use it, if I can obtain some server information programmatically that would be better to automatically update server information. I'll get to it soon.

@qdm12
Copy link
Owner Author

qdm12 commented Oct 27, 2021

From their support email (notes to my future self):

  • HTTP API: https://www.ovpn.com/v2/api/client/entry which contains all sort of server information as well as IP addresses (preferred) and WG public keys
  • Wireguard port for each server can be found from the API
  • OpenVPN TCP is on port 443
  • OpenVPN UDP is on port 1194 and 1195
  • OpenVPN optional addons - just allow to use OPENVPN_CUSTOM_PORT with these values
    • Public IPv4 on port UDP 1196, 1197
    • Multihop on 1201 and 1202
    • More add-ons ports may come later
  • All servers run Openvpn 2.5.x and support CHACHA20-POLY1305, AES-256-GCM, AES-256-CBC and AES-128-GCM
  • Singapore servers, we use tls-crypt instead of tls-auth

With all this, it should be a top tier integration 💯 (at the top with Mullvad and Ivpn).

I'm re-working the entire configuration setup right now, it might take me a few days, and then this is next on my list. I'll comment here once I have something ready to test, thanks for your patience!

@Magic-Deceiver
Copy link

Can't wait! I'm glad I was able to facilitate the process.

So far, no complaints with OVPN - on par with Mullvad, if not better.

@Magic-Deceiver
Copy link

Magic-Deceiver commented Oct 27, 2021

Also, are you planning on integrating their public DNS server when connecting to OVPN? I believe they have four in total (perhaps you will find them helpful):

IPv4 addresses:
46.227.67.134
192.165.9.158

IPv6 addresses:
2a07:a880:4601:10f0:cd45::1
2001:67c:750:1:cafe:cd45::1

@qdm12
Copy link
Owner Author

qdm12 commented Jul 2, 2022

Since I have a rather long backlog of providers to add support for, I spent a good amount of time refactoring the code and writing guides on adding a VPN provider. You need a bit of programming experience but you could also learn as you go. The relevant pages are:

  • the development page describes how to get setup step-by-step to make changes to Gluetun
  • the add a provider page is a step-by-step guide on how to add VPN provider to Gluetun

I'll comment here again if I start implementing the provider to avoid any potential duplicate work, but it should not be anytime soon I think. Please also comment here if you decide to start working on it

@stonedemoman
Copy link

Forgive me if I'm being presumptuous by asking, but did plans to implement this particular provider support get cancelled?

@ichbinder
Copy link

Yes would be cool if the VPN provider would be included.

@derekcentrico
Copy link

I'm happy to assist with this if given some background. I ported ovpn options into a openvpn project previously.

Only issue will be if this project can resolve domain names prior to VPN up because the use of addresses in the configs prevents end-users from having to edit their environments when IPs change.

@nFec
Copy link

nFec commented Jul 13, 2024

@qdm12 could you point me to an example for steps 2 and 3?
I could be giving it a go at least.

@qdm12
Copy link
Owner Author

qdm12 commented Oct 23, 2024

Hello everyone, first of all my apologies for the 3 years of delay (❗❗❗), but I finally got to implement something.

See #2537 which contains instructions on how to run it for both wireguard and openvpn.

Wireguard should work fine, but OpenVPN is likely missing configuration options....
To which I am asking you: can you share an openvpn configuration file here (without your username+password). And also share one for Singapore which apparently has (at least had 3 years ago) a different openvpn configuration than other servers.

Thank you for the help and for the extreme patience 💪

@qdm12 qdm12 linked a pull request Oct 23, 2024 that will close this issue
5 tasks
@derekcentrico
Copy link

You can see a lot of the OVPN options here: https://github.com/haugene/vpn-configs-contrib/tree/main/openvpn/ovpn where I contributed to another project.

@qdm12
Copy link
Owner Author

qdm12 commented Oct 27, 2024

Please pull that image :pr-2537 again to see if it works for openvpn and wireguard, I've added a few options for openvpn. Thanks!

@qdm12 qdm12 added Status: 🗯️ Waiting for feedback Category: New provider 🆕 Status: 🟡 Nearly resolved This might be resolved or is about to be resolved Category: Motivated! 🙌 Your pumpness makes me pumped! The issue or PR shows great motivation! labels Oct 27, 2024
@derekcentrico
Copy link

:pr-2537

Setup a VM to test with, but I don't see notes in re environmental vars for wireguard or openvpn for OVPN.COM. Will test, but want to be sure I know the specifics to add to ensure I test properly?

@c1em3ntchua
Copy link

c1em3ntchua commented Oct 29, 2024

@derekcentrico there are some examples in this page.

I have tried SERVER_CITIES=amsterdam and SERVER_CITIES=singapore, and both seem to work as intended.
As for WIREGUARD_ADDRESSES, reference the .conf file that is downloadable from OVPN.com. In my case it was 172.18.90.172/32.

@derekcentrico
Copy link

@derekcentrico there are some examples in this page.

I have tried SERVER_CITIES=amsterdam and SERVER_CITIES=singapore, and both seem to work as intended. As for WIREGUARD_ADDRESSES, reference the .conf file that is downloadable from OVPN.com. In my case it was 172.18.90.172/32.

Doh! Didn't see that above earlier.

@qdm12
Copy link
Owner Author

qdm12 commented Nov 7, 2024

As for WIREGUARD_ADDRESSES, reference the .conf file that is downloadable from OVPN.com.

Note you can also plug in the Wireguard config file directly (search the Wiki I forgot the exact file path 😄)

Anyone had time to try out OpenVPN, so I can merge all this? Thanks 🙏 !

@stonedemoman
Copy link

stonedemoman commented Nov 8, 2024

@qdm12 Wireguard has been working perfectly. I tried switching over to OpenVPN to verify for you and it failed. These two errors kept repeating:
ERROR [openvpn] --tls-auth and --tls-crypt are mutually exclusive
dial tcp4: lookup cloudflare.com on 1.1.1.1:53: write udp [redacted]->1.1.1.1:53: write: operation not permitted)

Hope this helps!

@qdm12
Copy link
Owner Author

qdm12 commented Nov 8, 2024

Please re-pull 😉 I changed it to use tls-crypt only for the singapore servers, and tls-auth only for all other servers. Not too sure why that's the case 🤷

@stonedemoman
Copy link

Please re-pull 😉 I changed it to use tls-crypt only for the singapore servers, and tls-auth only for all other servers. Not too sure why that's the case 🤷

Okay I renewed image and now this error is repeating:
[openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=3,code=111)

@qdm12
Copy link
Owner Author

qdm12 commented Nov 8, 2024

This usually happens when trying to reach the wrong ip address or port. What VPN server are you trying to connect to: hostname/ip, port and tcp-or-udp? Perhaps try changing OPENVPN_ENDPOINT_PORT for example to 1195? 🤔

@stonedemoman
Copy link

@qdm12 I was using configs downloaded from the website and pointed to with OPENVPN_CUSTOM_CONFIG. I've tried for a couple hours to get it working now, no success. Attempted to connect to the Miami and Atlanta servers with the IP and port from the ovpn website used with respective OPENVPN_ENDPOINT_IP and OPENVPN_ENDPOINT_PORT variables and with both TCP and UDP plugged into OPENVPN_PROTOCOL variable.

The connection refused errors got replaced with some new errors when I plugged in ip, port, and one protocol variable (two separate times):
[openvpn] UDPv4 link local: (not bound)
[openvpn] TCPv4_CLIENT link local: (not bound)

If there's a specific config set you want me to test out I'd be happy to, in case I'm doing anything wrong.

@stonedemoman
Copy link

@qdm12 I sent you an email with more information

@derekcentrico
Copy link

@qdm12 Just getting back to this, apologies.

Wireguard failed. Haven't tried OpenVPN.

[Interface]
PrivateKey = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Address = 172.29.96.107/32, fd00:0000:1337:cafe:1111:1111:206d:aa4d/128
DNS = 46.227.67.134,192.165.9.158,2a07:a880:4601:10f0:cd45::1,2001:67c:750:1:cafe:cd45::1

[Peer]
PublicKey = DxlR+Lj9f9I/zz7Ubhu6YODWe4UokZHsA/XlrHyD+zI=
AllowedIPs = 0.0.0.0/0, ::/0
Endpoint = vpn66.prd.gothenburg.ovpn.com:9929
2024-11-16T08:53:05-05:00 INFO Alpine version: 3.20.3
2024-11-16T08:53:05-05:00 INFO OpenVPN 2.5 version: 2.5.10
2024-11-16T08:53:05-05:00 INFO OpenVPN 2.6 version: 2.6.11
2024-11-16T08:53:05-05:00 INFO IPtables version: v1.8.10
2024-11-16T08:53:05-05:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: ovpn
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Target IP address: 5.181.234.131
|   |       └── Wireguard selection settings:
|   |           ├── Endpoint IP address: 5.181.234.131
|   |           ├── Endpoint port: 9929
|   |           └── Server public key: DxlR+Lj9f9I/zz7Ubhu6YODWe4UokZHsA/XlrHyD+zI=
|   └── Wireguard settings:
|       ├── Private key: XXXXXXXXXXXXXXXXXXXXXXXXXX
|       ├── Interface addresses:
|       |   └── 172.29.96.107/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1320
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 192.165.9.158
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   └── cloudflare
|       ├── Caching: yes
|       ├── IPv6: no
|       └── DNS filtering settings:
|           ├── Block malicious: no
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── VPN input ports:
|   |   ├── 60894
|   |   └── 60895
|   └── Outbound subnets:
|       ├── 172.23.0.0/16
|       └── 192.168.1.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 996
|   └── Timezone: america/new_york
├── Public IP settings:
|   ├── IP file path: /tmp/gluetun/ip
|   ├── Public IP data base API: ipinfo
|   └── Public IP data backup APIs:
|       ├── ifconfigco
|       ├── ip2location
|       └── cloudflare
└── Version settings:
    └── Enabled: yes
2024-11-16T08:53:05-05:00 WARN DNS address is set to 192.165.9.158 so the DNS over TLS (DoT) server will not be used. The default value changed to 127.0.0.1 so it uses the internal DoT serves. If the DoT server fails to start, the IPv4 address of the first plaintext DNS server corresponding to the first DoT provider chosen is used.
2024-11-16T08:53:05-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4
2024-11-16T08:53:05-05:00 INFO [routing] adding route for 0.0.0.0/0
2024-11-16T08:53:05-05:00 INFO [firewall] setting allowed subnets...
2024-11-16T08:53:05-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4
2024-11-16T08:53:05-05:00 INFO [routing] adding route for 172.23.0.0/16
2024-11-16T08:53:05-05:00 INFO [routing] adding route for 192.168.1.0/24
2024-11-16T08:53:05-05:00 INFO [dns] using plaintext DNS at address 192.165.9.158
2024-11-16T08:53:05-05:00 INFO [http server] http server listening on [::]:8000
2024-11-16T08:53:05-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T08:53:05-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-11-16T08:53:05-05:00 INFO [wireguard] Using available kernelspace implementation
2024-11-16T08:53:05-05:00 INFO [wireguard] Connecting to 5.181.234.131:9929
2024-11-16T08:53:05-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-16T08:53:05-05:00 INFO [firewall] setting allowed input port 60894 through interface tun0...
2024-11-16T08:53:05-05:00 INFO [firewall] setting allowed input port 60895 through interface tun0...
2024-11-16T08:53:05-05:00 INFO [dns] downloading hostnames and IP block lists
2024-11-16T08:53:05-05:00 INFO [dns] DNS server listening on [::]:53
2024-11-16T08:53:11-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4 104.16.133.229:443: i/o timeout)
2024-11-16T08:53:11-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T08:53:11-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T08:53:11-05:00 INFO [vpn] stopping
2024-11-16T08:53:11-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T08:53:11-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T08:53:11-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024-11-16T08:53:11-05:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled
2024-11-16T08:53:11-05:00 INFO [vpn] starting
2024-11-16T08:53:11-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T08:53:11-05:00 INFO [wireguard] Using available kernelspace implementation
2024-11-16T08:53:11-05:00 INFO [wireguard] Connecting to 5.181.234.131:9929
2024-11-16T08:53:11-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-16T08:53:11-05:00 INFO [firewall] setting allowed input port 60894 through interface tun0...
2024-11-16T08:53:11-05:00 INFO [firewall] setting allowed input port 60895 through interface tun0...
2024-11-16T08:53:23-05:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024-11-16T08:53:23-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T08:53:23-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T08:53:23-05:00 INFO [vpn] stopping
2024-11-16T08:53:23-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T08:53:23-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T08:53:23-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024-11-16T08:53:23-05:00 INFO [vpn] starting
2024-11-16T08:53:23-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T08:53:23-05:00 INFO [wireguard] Using available kernelspace implementation
2024-11-16T08:53:23-05:00 INFO [wireguard] Connecting to 5.181.234.131:9929
2024-11-16T08:53:23-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-16T08:53:24-05:00 INFO [firewall] setting allowed input port 60894 through interface tun0...
2024-11-16T08:53:24-05:00 INFO [firewall] setting allowed input port 60895 through interface tun0...
2024-11-16T08:53:39-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-11-16T08:53:44-05:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024-11-16T08:53:44-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T08:53:44-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T08:53:44-05:00 INFO [vpn] stopping
2024-11-16T08:53:44-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T08:53:44-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T08:53:44-05:00 INFO [vpn] starting
2024-11-16T08:53:44-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T08:53:44-05:00 INFO [wireguard] Using available kernelspace implementation
2024-11-16T08:53:44-05:00 INFO [wireguard] Connecting to 5.181.234.131:9929
2024-11-16T08:53:44-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-16T08:53:44-05:00 INFO [firewall] setting allowed input port 60894 through interface tun0...
2024-11-16T08:53:44-05:00 INFO [firewall] setting allowed input port 60895 through interface tun0...
2024-11-16T08:53:59-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-11-16T08:54:14-05:00 INFO [healthcheck] program has been unhealthy for 21s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024-11-16T08:54:14-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T08:54:14-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T08:54:14-05:00 INFO [vpn] stopping
2024-11-16T08:54:14-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T08:54:14-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T08:54:14-05:00 INFO [vpn] starting
2024-11-16T08:54:14-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T08:54:14-05:00 INFO [wireguard] Using available kernelspace implementation
2024-11-16T08:54:14-05:00 INFO [wireguard] Connecting to 5.181.234.131:9929
2024-11-16T08:54:14-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-16T08:54:14-05:00 INFO [firewall] setting allowed input port 60894 through interface tun0...
2024-11-16T08:54:14-05:00 INFO [firewall] setting allowed input port 60895 through interface tun0...
2024-11-16T08:54:29-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-11-16T08:54:44-05:00 INFO [healthcheck] program has been unhealthy for 26s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024-11-16T08:54:44-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T08:54:44-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T08:54:44-05:00 INFO [vpn] stopping
2024-11-16T08:54:44-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T08:54:44-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T08:54:45-05:00 INFO [vpn] starting
2024-11-16T08:54:45-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T08:54:45-05:00 INFO [wireguard] Using available kernelspace implementation
2024-11-16T08:54:45-05:00 INFO [wireguard] Connecting to 5.181.234.131:9929
2024-11-16T08:54:45-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-16T08:54:45-05:00 INFO [firewall] setting allowed input port 60894 through interface tun0...
2024-11-16T08:54:45-05:00 INFO [firewall] setting allowed input port 60895 through interface tun0...
2024-11-16T08:55:00-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
derek@ubuntu:~/docker$ 

@derekcentrico
Copy link

@qdm12 Apparently, a reboot solved it?? Nice.


|       ├── Private key: XXXXXXXXXXXXXXXXXXXXXXXXXX

|       ├── Interface addresses:

|       |   └── 172.29.96.107/32

|       ├── Allowed IPs:

|       |   ├── 0.0.0.0/0

|       |   └── ::/0

|       └── Network interface: tun0

|           └── MTU: 1320

├── DNS settings:

|   ├── Keep existing nameserver(s): no

|   ├── DNS server address to use: 192.165.9.158

|   └── DNS over TLS settings:

|       ├── Enabled: yes

|       ├── Update period: every 24h0m0s

|       ├── Upstream resolvers:

|       |   └── cloudflare

|       ├── Caching: yes

|       ├── IPv6: no

|       └── DNS filtering settings:

|           ├── Block malicious: no

|           ├── Block ads: no

|           ├── Block surveillance: no

|           └── Blocked IP networks:

|               ├── 127.0.0.1/8

|               ├── 10.0.0.0/8

|               ├── 172.16.0.0/12

|               ├── 192.168.0.0/16

|               ├── 169.254.0.0/16

|               ├── ::1/128

|               ├── fc00::/7

|               ├── fe80::/10

|               ├── ::ffff:127.0.0.1/104

|               ├── ::ffff:10.0.0.0/104

|               ├── ::ffff:169.254.0.0/112

|               ├── ::ffff:172.16.0.0/108

|               └── ::ffff:192.168.0.0/112

├── Firewall settings:

|   ├── Enabled: yes

|   ├── VPN input ports:

|   |   ├── 60894

|   |   └── 60895

|   └── Outbound subnets:

|       ├── 172.23.0.0/16

|       └── 192.168.1.0/24

├── Log settings:

|   └── Log level: info

├── Health settings:

|   ├── Server listening address: 127.0.0.1:9999

|   ├── Target address: cloudflare.com:443

|   ├── Duration to wait after success: 5s

|   ├── Read header timeout: 100ms

|   ├── Read timeout: 500ms

|   └── VPN wait durations:

|       ├── Initial duration: 6s

|       └── Additional duration: 5s

├── Shadowsocks server settings:

|   └── Enabled: no

├── HTTP proxy settings:

|   └── Enabled: no

├── Control server settings:

|   ├── Listening address: :8000

|   ├── Logging: yes

|   └── Authentication file path: /gluetun/auth/config.toml

├── Storage settings:

|   └── Filepath: /gluetun/servers.json

├── OS Alpine settings:

|   ├── Process UID: 1000

|   ├── Process GID: 996

|   └── Timezone: america/new_york

├── Public IP settings:

|   ├── IP file path: /tmp/gluetun/ip

|   ├── Public IP data base API: ipinfo

|   └── Public IP data backup APIs:

|       ├── ifconfigco

|       ├── ip2location

|       └── cloudflare

└── Version settings:

    └── Enabled: yes

2024-11-16T08:57:07-05:00 WARN DNS address is set to 192.165.9.158 so the DNS over TLS (DoT) server will not be used. The default value changed to 127.0.0.1 so it uses the internal DoT serves. If the DoT server fails to start, the IPv4 address of the first plaintext DNS server corresponding to the first DoT provider chosen is used.

2024-11-16T08:57:07-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4

2024-11-16T08:57:07-05:00 INFO [routing] adding route for 0.0.0.0/0

2024-11-16T08:57:07-05:00 INFO [firewall] setting allowed subnets...

2024-11-16T08:57:07-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4

2024-11-16T08:57:07-05:00 INFO [routing] adding route for 172.23.0.0/16

2024-11-16T08:57:07-05:00 INFO [routing] adding route for 192.168.1.0/24

2024-11-16T08:57:07-05:00 INFO [dns] using plaintext DNS at address 192.165.9.158

2024-11-16T08:57:07-05:00 INFO [http server] http server listening on [::]:8000

2024-11-16T08:57:07-05:00 INFO [healthcheck] listening on 127.0.0.1:9999

2024-11-16T08:57:07-05:00 INFO [firewall] allowing VPN connection...

2024-11-16T08:57:07-05:00 INFO [wireguard] Using available kernelspace implementation

2024-11-16T08:57:07-05:00 INFO [wireguard] Connecting to 5.181.234.131:9929

2024-11-16T08:57:07-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.

2024-11-16T08:57:07-05:00 INFO [healthcheck] healthy!

2024-11-16T08:57:07-05:00 INFO [firewall] setting allowed input port 60894 through interface tun0...

2024-11-16T08:57:07-05:00 INFO [firewall] setting allowed input port 60895 through interface tun0...

2024-11-16T08:57:07-05:00 INFO [dns] downloading hostnames and IP block lists

2024-11-16T08:57:07-05:00 INFO [dns] DNS server listening on [::]:53

2024-11-16T08:57:08-05:00 INFO [dns] ready

2024-11-16T08:57:08-05:00 INFO [ip getter] Public IP address is 5.181.234.133 (United States, New York, New York City - source: ipinfo)

2024-11-16T08:57:08-05:00 INFO [vpn] There is a new release v3.39.1 (v3.39.1) created 47 days ago

Will test OpenVPN next.

@derekcentrico
Copy link

@qdm12 last one for now. OpenVPN failed using settings from #2537 using amsterdam and madrid as test cities.

Also, it would be nice to not require an IP on Wireguard because both Wireguard and OpenVPN files use a OVPN domain.

2024-11-16T09:22:31-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4
2024-11-16T09:22:31-05:00 INFO [routing] local ethernet link found: eth0
2024-11-16T09:22:31-05:00 INFO [routing] local ipnet found: 172.23.0.0/16
2024-11-16T09:22:31-05:00 INFO [firewall] enabling...
2024-11-16T09:22:31-05:00 INFO [firewall] enabled successfully
2024-11-16T09:22:32-05:00 INFO [storage] merging by most recent 21160 hardcoded servers and 21160 servers read from /gluetun/servers.json
2024-11-16T09:22:32-05:00 INFO Alpine version: 3.20.3
2024-11-16T09:22:32-05:00 INFO OpenVPN 2.5 version: 2.5.10
2024-11-16T09:22:32-05:00 INFO OpenVPN 2.6 version: 2.6.11
2024-11-16T09:22:32-05:00 INFO IPtables version: v1.8.10
2024-11-16T09:22:32-05:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: ovpn
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Cities: madrid
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 192.165.9.158
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   └── cloudflare
|       ├── Caching: yes
|       ├── IPv6: no
|       └── DNS filtering settings:
|           ├── Block malicious: no
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── VPN input ports:
|   |   ├── 60894
|   |   └── 60895
|   └── Outbound subnets:
|       ├── 172.23.0.0/16
|       └── 192.168.1.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 996
|   └── Timezone: america/new_york
├── Public IP settings:
|   ├── IP file path: /tmp/gluetun/ip
|   ├── Public IP data base API: ipinfo
|   └── Public IP data backup APIs:
|       ├── ifconfigco
|       ├── ip2location
|       └── cloudflare
└── Version settings:
    └── Enabled: yes
2024-11-16T09:22:32-05:00 WARN DNS address is set to 192.165.9.158 so the DNS over TLS (DoT) server will not be used. The default value changed to 127.0.0.1 so it uses the internal DoT serves. If the DoT server fails to start, the IPv4 address of the first plaintext DNS server corresponding to the first DoT provider chosen is used.
2024-11-16T09:22:32-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4
2024-11-16T09:22:32-05:00 INFO [routing] adding route for 0.0.0.0/0
2024-11-16T09:22:32-05:00 INFO [firewall] setting allowed subnets...
2024-11-16T09:22:32-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4
2024-11-16T09:22:32-05:00 INFO [routing] adding route for 172.23.0.0/16
2024-11-16T09:22:32-05:00 INFO [routing] adding route for 192.168.1.0/24
2024-11-16T09:22:32-05:00 INFO [dns] using plaintext DNS at address 192.165.9.158
2024-11-16T09:22:32-05:00 INFO [http server] http server listening on [::]:8000
2024-11-16T09:22:32-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-11-16T09:22:32-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T09:22:32-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-11-16T09:22:32-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-11-16T09:22:32-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.145.124.3:1194
2024-11-16T09:22:32-05:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-11-16T09:22:32-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]192.145.124.3:1194
2024-11-16T09:22:38-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 192.165.9.158:53: write udp 172.23.0.100:56091->192.165.9.158:53: write: operation not permitted)
2024-11-16T09:22:38-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T09:22:38-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T09:22:38-05:00 INFO [vpn] stopping
2024-11-16T09:22:38-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T09:22:38-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T09:22:38-05:00 INFO [vpn] starting
2024-11-16T09:22:38-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T09:22:38-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-11-16T09:22:38-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-11-16T09:22:38-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.145.124.3:1194
2024-11-16T09:22:38-05:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-11-16T09:22:38-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]192.145.124.3:1194
2024-11-16T09:22:49-05:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 192.165.9.158:53: write udp 172.23.0.100:37387->192.165.9.158:53: write: operation not permitted)
2024-11-16T09:22:49-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T09:22:49-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T09:22:49-05:00 INFO [vpn] stopping
2024-11-16T09:22:49-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T09:22:49-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T09:22:49-05:00 INFO [vpn] starting
2024-11-16T09:22:49-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T09:22:49-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-11-16T09:22:49-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-11-16T09:22:49-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.145.124.3:1194
2024-11-16T09:22:49-05:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-11-16T09:22:49-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]192.145.124.3:1194
2024-11-16T09:23:05-05:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 192.165.9.158:53: write udp 172.23.0.100:48297->192.165.9.158:53: write: operation not permitted)
2024-11-16T09:23:05-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T09:23:05-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T09:23:05-05:00 INFO [vpn] stopping
2024-11-16T09:23:05-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T09:23:05-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T09:23:05-05:00 INFO [vpn] starting
2024-11-16T09:23:05-05:00 INFO [firewall] allowing VPN connection...
2024-11-16T09:23:05-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-11-16T09:23:05-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-11-16T09:23:05-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.145.124.3:20070
2024-11-16T09:23:05-05:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-11-16T09:23:05-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]192.145.124.3:20070
2024-11-16T09:23:26-05:00 INFO [healthcheck] program has been unhealthy for 21s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 192.165.9.158:53: write udp 172.23.0.100:48921->192.165.9.158:53: write: operation not permitted)
2024-11-16T09:23:26-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-16T09:23:26-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-16T09:23:26-05:00 INFO [vpn] stopping
2024-11-16T09:23:26-05:00 INFO [firewall] removing allowed port 60894...
2024-11-16T09:23:26-05:00 INFO [firewall] removing allowed port 60895...
2024-11-16T09:23:26-05:00 INFO [vpn] starting
2024-11-16T09:23:26-05:00 INFO [firewall] allowing VPN connection...

@qdm12
Copy link
Owner Author

qdm12 commented Nov 25, 2024

@derekcentrico

Also, it would be nice to not require an IP on Wireguard because both Wireguard and OpenVPN files use a OVPN domain.

I would recommend using environment variables described in #2537 (it's the same across servers, so it's just a set once and forget) and choose your server with server filters such as SERVER_COUNTRIES. The wireguard config file is really useful for the custom provider, but here we're trying to have it natively supported so it shouldn't be used really - the hostname <-> IP addresses mapping is stored within the program already.

OpenVPN failed using settings from #2537 using amsterdam and madrid as test cities.

Could you share any OpenVPN configuration file from ovpn? It's probably missing some options I would guess 🤔 Just remove your username+password but leave the <ca>, <tls-auth>, <tls-crypt>, <cert> values since these are common to all users 😉 Thanks!

@stonedemoman
Copy link

@qdm12 Here's all of the ovpn files downloaded from the site
ovpn.zip

@derekcentrico
Copy link

@derekcentrico

Also, it would be nice to not require an IP on Wireguard because both Wireguard and OpenVPN files use a OVPN domain.

I would recommend using environment variables described in #2537 (it's the same across servers, so it's just a set once and forget) and choose your server with server filters such as SERVER_COUNTRIES. The wireguard config file is really useful for the custom provider, but here we're trying to have it natively supported so it shouldn't be used really - the hostname <-> IP addresses mapping is stored within the program already.

@qdm12 I used those settings and still errs.

2024-12-03T11:17:18-05:00 WARN DNS address is set to 1.1.1.1 so the DNS over TLS (DoT) server will not be used. The default value changed to 127.0.0.1 so it uses the internal DoT serves. If the DoT server fails to start, the IPv4 address of the first plaintext DNS server corresponding to the first DoT provider chosen is used.
2024-12-03T11:17:18-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4
2024-12-03T11:17:18-05:00 INFO [routing] adding route for 0.0.0.0/0
2024-12-03T11:17:18-05:00 INFO [firewall] setting allowed subnets...
2024-12-03T11:17:18-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1, assigned IP 172.23.0.100 and family v4
2024-12-03T11:17:18-05:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-12-03T11:17:18-05:00 INFO [http server] http server listening on [::]:8000
2024-12-03T11:17:18-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-12-03T11:17:18-05:00 INFO [firewall] allowing VPN connection...
2024-12-03T11:17:18-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-12-03T11:17:18-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-12-03T11:17:18-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.157.162.8:20030
2024-12-03T11:17:18-05:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-12-03T11:17:18-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.157.162.8:20030
2024-12-03T11:17:24-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 1.1.1.1:53: write udp 172.23.0.100:50667->1.1.1.1:53: write: operation not permitted)
2024-12-03T11:17:24-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-12-03T11:17:24-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-12-03T11:17:24-05:00 INFO [vpn] stopping
2024-12-03T11:17:24-05:00 INFO [vpn] starting
2024-12-03T11:17:24-05:00 INFO [firewall] allowing VPN connection...
2024-12-03T11:17:24-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-12-03T11:17:24-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-12-03T11:17:24-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.157.162.7:20029
2024-12-03T11:17:24-05:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-12-03T11:17:24-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.157.162.7:20029
2024-12-03T11:17:35-05:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 1.1.1.1:53: write udp 172.23.0.100:35309->1.1.1.1:53: write: operation not permitted)
2024-12-03T11:17:35-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-12-03T11:17:35-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-12-03T11:17:35-05:00 INFO [vpn] stopping
2024-12-03T11:17:35-05:00 INFO [vpn] starting
2024-12-03T11:17:35-05:00 INFO [firewall] allowing VPN connection...
2024-12-03T11:17:35-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-12-03T11:17:35-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-12-03T11:17:35-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.157.162.6:20028
2024-12-03T11:17:35-05:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-12-03T11:17:35-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.157.162.6:20028

OpenVPN failed using settings from #2537 using amsterdam and madrid as test cities.

Could you share any OpenVPN configuration file from ovpn? It's probably missing some options I would guess 🤔 Just remove your username+password but leave the <ca>, <tls-auth>, <tls-crypt>, <cert> values since these are common to all users 😉 Thanks!

@qdm12 it appears that @stonedemoman provided a ZIP with such files so let me know if there's more you need. Happy to dive in now that I'm back from holiday travel.

@qdm12
Copy link
Owner Author

qdm12 commented Dec 25, 2024

🤔 Can you try with OPENVPN_ENDPOINT_PORT=1194? (or 1195?) It might just be a wrong port

Also sorry for the long delay answering back

@derekcentrico
Copy link

@qdm12 I tried with both ports using that env. No go.

Here's what my docker compose looks like that I'm using:

  gluetun:
    container_name: gluetun
    image: ghcr.io/qdm12/gluetun:pr-2537
    restart: unless-stopped 
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    volumes:
      - /lib/modules:/lib/modules:ro
      - /home/derek/docker/gluetun:/gluetun
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
#      - 8888:8888/tcp # HTTP proxy
#      - 8388:8388/tcp # Shadowsocks
#      - 8388:8388/udp # Shadowsocks
      - 8102:8112 # port for deluge
    security_opt:
      - no-new-privileges:true
    environment:
      - DNS_ADDRESS=1.1.1.1
      - BLOCK_MALICIOUS=off
      - PUID=1000
      - PGID=996
      - TZ=America/New_York
      - VPN_SERVICE_PROVIDER=ovpn
      - VPN_TYPE=openvpn
#      - FIREWALL_OUTBOUND_SUBNETS=172.23.0.0/16,192.168.1.0/24
#      - FIREWALL_VPN_INPUT_PORTS=60894,60895 
      - OPENVPN_USER=USER
      - OPENVPN_PASSWORD=PASSWORD
      - SERVER_CITIES=amsterdam
      - HTTPPROXY=off 
      - SHADOWSOCKS=off 
      - OPENVPN_ENDPOINT_PORT=1195
    networks: 
      wireguard: 
        ipv4_address: '172.23.0.100'

Both tests end up the same, but here's all the output (trying not to further flood this so using pastebin): https://pastebin.com/xnkRy4ZG

@qdm12
Copy link
Owner Author

qdm12 commented Dec 27, 2024

Ok not a port issue I guess. I'm really scratching my head over this one. For example for hostname vpn28.prd.amsterdam.ovpn.com, corresponding to ip 185.157.162.6 found also by resolving pool-1.prd.nl.ovpn.com found in the file nl.ovpn.com.ovpn, the Gluetun generated config is:

client
nobind
tls-exit
auth-nocache
mute-replay-warnings
auth-retry nointeract
suppress-timestamps
dev tun0
verb 1
proto udp
remote 185.157.162.6 1194
auth-user-pass
pull-filter ignore "auth-token"
key-direction 1
remote-cert-tls server
data-ciphers-fallback chacha20-poly1305
data-ciphers chacha20-poly1305:aes-256-gcm:aes-256-cbc:aes-128-gcm
explicit-exit-notify
pull-filter ignore "tun-ipv6"
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
<ca>
-----BEGIN CERTIFICATE-----
MIIEfTCCA2WgAwIBAgIJAK2aIWqpLj1/MA0GCSqGSIb3DQEBBQUAMIGFMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xHDAaBgNVBAsTE0Zpcm1hIERhdmlkIFdpYmVyZ2gxEzARBgNVBAMTCm92cG4uc2UgY2ExGzAZBgkqhkiG9w0BCQEWDGluZm9Ab3Zwbi5zZTAeFw0xNDA4MTcxODIxMjlaFw0zNDA4MTIxODIxMjlaMIGFMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xHDAaBgNVBAsTE0Zpcm1hIERhdmlkIFdpYmVyZ2gxEzARBgNVBAMTCm92cG4uc2UgY2ExGzAZBgkqhkiG9w0BCQEWDGluZm9Ab3Zwbi5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMR+aP4GTuZwurZuOA2NYzMfqKyZi/TJcLEPlGTB/b4CWA9bTd8f0pHPrDAZsXIEayxxB58BIFNDNiybnbO15JN/QwlsqmA+aZX6mCSkScs/rRwasM6LDo8iGx+KmYEqAgzziONGbCMnlO+OaarXte7LhZ9X6Z/bryu4xq/i1v3raak13kXsrogtu4iDzxqJE/QhbNOi0yhCdlm5RYQjmlKGdPB9pNTgcakVI4HcngRYMzBlrGin0YkvWCdpx5FrDNeld7BSWrJMNYyvd+buaid0Fu1T9/P/Srj/8AiabKoaDyiGFbZdTnGfK+04lWRvwAmvazpqbUt5Omw634jJDuMCAwEAAaOB7TCB6jAdBgNVHQ4EFgQUEvJcHHcTiDtu7bAyZw+xaqg+xdIwgboGA1UdIwSBsjCBr4AUEvJcHHcTiDtu7bAyZw+xaqg+xdKhgYukgYgwgYUxCzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xEjAQBgNVBAcTCVN0b2NraG9sbTEcMBoGA1UECxMTRmlybWEgRGF2aWQgV2liZXJnaDETMBEGA1UEAxMKb3Zwbi5zZSBjYTEbMBkGCSqGSIb3DQEJARYMaW5mb0BvdnBuLnNlggkArZohaqkuPX8wDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAJmID6OyBJbV7ayPPgquojF+FICuDdOfGVKP828cyISxcbVA04VpD0QLYVb0k9pFUx0NbgX2SvRTiFhP7LcyS1HV9s+XLCb2WItPPsrdRTwtqU2n3TlCEzWA3WOcOCtT6JSkv1eelmx1JnP0gYJrDvDvRYBFctwWhtE0bineSQkZwN6980zkknADLAiHpeZSu/AMx7CGTwA6SmoFvpNBmHXDcfe/9ZqbbYfUfyPNe+0JbMrcv1elKi+6wlEkHFaEBphiZwGEbOX1CjUMcQFgW/cIp3n50Eiyx6ktuqimhyb59P4Nw8gqH452tTtE4MM/brA5y0Q0WFBRBojfZIbGWWQ==
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
81782767e4d59c4464cc5d1896f1cf6015017d53ac62e2e3b94b889e00b2c69ddc01944fe1c6d895b4d80540502eb71910b8d785c9efa9e3182343532adffe1cfbb7bb6eae39c502da2748edf0fb89b8a20b0a1085cc1f06135037881bc0c4ad8f2c0f4f72d2ab466fb54af3d8264c5fddeb0f21aa0ca41863678f5fc4c44de4ca0926b36dfddc42c6f2fabd1694bdc8215b2d223b9c21dc6734c2c778093187afb8c33403b228b9af68b540c284f6d183bcc88bd41d47bd717996e499ce1cbbfa768a9723c19c58314c4d19cfed82e543ee92e73d38ad26d4fbec231c0f9f3b30773a5c87792e9bc7c34e8d7611002ebedd044e48a0f1f96527bfdcc940aa09
-----END OpenVPN Static key V1-----
</tls-auth>
allow-compression asym
replay-window 256

Note: auth-user-pass /etc/openvpn/auth.conf is generated and replaced with auth-user-pass for my point below:

Would someone mind trying with this config and openvpn directly to find out what's not working??
A few things to try:

  • Change port from 1194 to 1195?
  • Change proto udp to proto tcp?
  • Add pull option?

Alternatively, for the trusting-lazy, feel free to email me your ovpn credentials, as long as you can change them, to [email protected]

For reference here's the content of `nl.ovpn.com.ovpn`:
client
dev tun
remote-cert-tls server
cipher CHACHA20-POLY1305
pull
nobind
reneg-sec 0
resolv-retry infinite
verb 3
persist-key
persist-tun
remote-random
remote pool-1.prd.nl.ovpn.com 1194
remote pool-1.prd.nl.ovpn.com 1195
proto udp
mute-replay-warnings
replay-window 256

auth-user-pass

key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIEfTCCA2WgAwIBAgIJAK2aIWqpLj1/MA0GCSqGSIb3DQEBBQUAMIGFMQswCQYD
VQQGEwJTRTESMBAGA1UECBMJU3RvY2tob2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0x
HDAaBgNVBAsTE0Zpcm1hIERhdmlkIFdpYmVyZ2gxEzARBgNVBAMTCm92cG4uc2Ug
Y2ExGzAZBgkqhkiG9w0BCQEWDGluZm9Ab3Zwbi5zZTAeFw0xNDA4MTcxODIxMjla
Fw0zNDA4MTIxODIxMjlaMIGFMQswCQYDVQQGEwJTRTESMBAGA1UECBMJU3RvY2to
b2xtMRIwEAYDVQQHEwlTdG9ja2hvbG0xHDAaBgNVBAsTE0Zpcm1hIERhdmlkIFdp
YmVyZ2gxEzARBgNVBAMTCm92cG4uc2UgY2ExGzAZBgkqhkiG9w0BCQEWDGluZm9A
b3Zwbi5zZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMR+aP4GTuZw
urZuOA2NYzMfqKyZi/TJcLEPlGTB/b4CWA9bTd8f0pHPrDAZsXIEayxxB58BIFND
NiybnbO15JN/QwlsqmA+aZX6mCSkScs/rRwasM6LDo8iGx+KmYEqAgzziONGbCMn
lO+OaarXte7LhZ9X6Z/bryu4xq/i1v3raak13kXsrogtu4iDzxqJE/QhbNOi0yhC
dlm5RYQjmlKGdPB9pNTgcakVI4HcngRYMzBlrGin0YkvWCdpx5FrDNeld7BSWrJM
NYyvd+buaid0Fu1T9/P/Srj/8AiabKoaDyiGFbZdTnGfK+04lWRvwAmvazpqbUt5
Omw634jJDuMCAwEAAaOB7TCB6jAdBgNVHQ4EFgQUEvJcHHcTiDtu7bAyZw+xaqg+
xdIwgboGA1UdIwSBsjCBr4AUEvJcHHcTiDtu7bAyZw+xaqg+xdKhgYukgYgwgYUx
CzAJBgNVBAYTAlNFMRIwEAYDVQQIEwlTdG9ja2hvbG0xEjAQBgNVBAcTCVN0b2Nr
aG9sbTEcMBoGA1UECxMTRmlybWEgRGF2aWQgV2liZXJnaDETMBEGA1UEAxMKb3Zw
bi5zZSBjYTEbMBkGCSqGSIb3DQEJARYMaW5mb0BvdnBuLnNlggkArZohaqkuPX8w
DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAJmID6OyBJbV7ayPPgquo
jF+FICuDdOfGVKP828cyISxcbVA04VpD0QLYVb0k9pFUx0NbgX2SvRTiFhP7LcyS
1HV9s+XLCb2WItPPsrdRTwtqU2n3TlCEzWA3WOcOCtT6JSkv1eelmx1JnP0gYJrD
vDvRYBFctwWhtE0bineSQkZwN6980zkknADLAiHpeZSu/AMx7CGTwA6SmoFvpNBm
HXDcfe/9ZqbbYfUfyPNe+0JbMrcv1elKi+6wlEkHFaEBphiZwGEbOX1CjUMcQFgW
/cIp3n50Eiyx6ktuqimhyb59P4Nw8gqH452tTtE4MM/brA5y0Q0WFBRBojfZIbGW
WQ==
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
81782767e4d59c4464cc5d1896f1cf60
15017d53ac62e2e3b94b889e00b2c69d
dc01944fe1c6d895b4d80540502eb719
10b8d785c9efa9e3182343532adffe1c
fbb7bb6eae39c502da2748edf0fb89b8
a20b0a1085cc1f06135037881bc0c4ad
8f2c0f4f72d2ab466fb54af3d8264c5f
ddeb0f21aa0ca41863678f5fc4c44de4
ca0926b36dfddc42c6f2fabd1694bdc8
215b2d223b9c21dc6734c2c778093187
afb8c33403b228b9af68b540c284f6d1
83bcc88bd41d47bd717996e499ce1cbb
fa768a9723c19c58314c4d19cfed82e5
43ee92e73d38ad26d4fbec231c0f9f3b
30773a5c87792e9bc7c34e8d7611002e
bedd044e48a0f1f96527bfdcc940aa09
-----END OpenVPN Static key V1-----
</tls-auth>


data-ciphers CHACHA20-POLY1305:AES-256-GCM:AES-256-CBC:AES-128-GCM
allow-compression asym

@derekcentrico
Copy link

@qdm12

Installed latest openvpn from the openvpn repo using Ubuntu 22.04.

Using config-import:
** ERROR ** ERR_PROFILE_LINE_TOO_LONG: line too long

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Category: Motivated! 🙌 Your pumpness makes me pumped! The issue or PR shows great motivation! Category: New provider 🆕 Status: 🟡 Nearly resolved This might be resolved or is about to be resolved Status: 🗯️ Waiting for feedback
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants
@ichbinder @derekcentrico @nFec @c1em3ntchua @qdm12 @Magic-Deceiver @stonedemoman and others