QNAP - Unable to connect issues.

[rosschurchill]

Hey there i hope you well.

I am getting this odd issues i see was reported before but there wasn't a resolution to it. i have attached the log anything else that might help?

Regards Ross

Restarting ExpressVPN service: expressvpnd. spawn expressvpn activate Want extra privacy? Try Threat Manager. While your VPN is connected, Threat Manager adds an extra layer of privacy by blocking apps and websites from sharing your activity with third-party trackers or communicating with other malicious sites.

To enable Threat Manager, type 'expressvpn preferences set block_trackers true'.

Enter activation code: Activating... Activated. Help improve ExpressVPN: Share crash reports, speed tests, usability diagnostics, and whether VPN connection attempts succeed. These reports never contain personally identifiable information. (Y/n) Preferred Protocol is lightway_tcp. LightwayCipher is chacha20. Send Diagnostics is disabled. Threat Manager is enabled. Network Lock Mode is default. Auto Connect is enabled. If your VPN connection unexpectedly drops, internet traffic will now be blocked by Network Lock to protect your privacy.

Connecting to Netherlands - Amsterdam... Unable to connect to Netherlands - Amsterdam

• Check your internet connection or try a different location.
• Internet traffic is blocked to protect your privacy.
• To retry the connection, type 'expressvpn connect'
• To disconnect from the VPN and unblock internet traffic, type 'expressvpn disconnect' Warning: Extension udp revision 0 not supported, missing kernel module? iptables v1.8.9 (nf_tables): Could not fetch rule set generation id: Invalid argument allowing dns server traffic in iptables: 192.168.1.1 Warning: Extension udp revision 0 not supported, missing kernel module? iptables v1.8.9 (nf_tables): Could not fetch rule set generation id: Invalid argument allowing dns server traffic in iptables: 1.1.1.1 Warning: Extension udp revision 0 not supported, missing kernel module? iptables v1.8.9 (nf_tables): Could not fetch rule set generation id: Invalid argument allowing dns server traffic in iptables: 8.8.8.8

[Misioslav]

I suspect something is off with your kernel. Please, try to restart your host machine and try again. If that won’t work you may want to consider removing dns whitelist configuration from your docket and try again.

[rosschurchill]

Thanks for the reply.

Sadly tried all of your suggestions and nothing has worked yep. I used to use the polkaned/expressvpn version of evpn and this still work fine to give more context but this project is not getting maintained so i switched to yours?

Is there any logs that could help us get to the route course of this do you think?

Thanks for all your help thus far Regards R

[Misioslav]

Can you try to perform the following https://github.com/P0cL4bs/wifipumpkin3/issues/140#issuecomment-1294201623 in the container?

Unfortunately, I don’t have access to my PC and I won’t have access for next couple of weeks so I can’t try to reproduce it nor test it on my own.

[Misioslav]

Also, maybe this https://serverfault.com/a/1028685

[rosschurchill]

Thank for the replay. I have tied both with no luck.

This second one has this error tho

root@d71e6b89d9e2:/# expressvpn disconnect Your internet traffic is now unblocked Disconnected. root@d71e6b89d9e2:/# apt-get install --reinstall linux-modules-5.4.0-42-generic Reading package lists... Done Building dependency tree... Done Reading state information... Done E: Unable to locate package linux-modules-5.4.0-42-generic E: Couldn't find any package by glob 'linux-modules-5.4.0-42-generic' E: Couldn't find any package by regex 'linux-modules-5.4.0-42-generic'

[Misioslav]

Try apt-get update before install command as by default I delete the apt list while building the image.

[Perseco]

I'm having similar issues with my Synology NAS. Synology devices still use older Linux kernels (<4.9), so a workaround is needed to get this working on popular NAS devices it seems.

[Misioslav]

I'm having similar issues with my Synology NAS. Synology devices still use older Linux kernels (<4.9), so a workaround is needed to work on popular NAS devices.

Are you also unable to connect? How does an older Linux kernel correlates to this issue? I have Synology NAS myself and it works perfectly on it. I may be missing something.

Warning: Extension udp revision 0 not supported, missing kernel module?

From googling around most answers say to restart the host when such an error occurs, cause the kernel might have been updated which requires the host machine to be restarted.

[Perseco]

Yes, I've restarted the NAS multiple times and am unable to get it to connect. It was working fine until a recent update of the docker image. I even tried reverting to previous versions, and it still won't connect. I've tested the same docker image on other machines with newer docker versions and Linux kernels and it connects fine, but for whatever reason the NAS won't connect anymore. All of my other docker containers work without issue and I've verified they can still access the internet.

The process activates fine on startup then hangs at 15% when trying to connect to a VPN server. It then returns the unable to connect error. I've even tried different DNS settings on the host to rule out the possibility of AdGuard blocking issues. 🤔

On Tue, Apr 18, 2023, 11:41 PM Misioslav @.***> wrote:

I'm having similar issues with my Synology NAS. Synology devices still use older Linux kernels (<4.9), so a workaround is needed to work on popular NAS devices.

Are you also unable to connect? How older Linux kernel correlates to this issue? I have Synology NAS myself and it works perfectly on it. Maybe Im missing something.

From googling around most answers say to restart the host cause the kernel might have been updated which requires the host machine to be restarted.

— Reply to this email directly, view it on GitHub https://github.com/Misioslav/expressvpn/issues/24#issuecomment-1514121088, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAVXOKSZAESNEW4EXNPHR2LXB5UGLANCNFSM6AAAAAAWFOHR2I . You are receiving this because you commented.Message ID: @.***>

[Misioslav]

Yes, I've restarted the NAS multiple times and am unable to get it to connect. It was working fine until a recent update of the docker image. I even tried reverting to previous versions, and it still won't connect. I've tested the same docker image on other machines with newer docker versions and Linux kernels and it connects fine, but for whatever reason the NAS won't connect anymore. All of my other docker containers work without issue and I've verified they can still access the internet. The process activates fine on startup then hangs at 15% when trying to connect to a VPN server. It then returns the unable to connect error. I've even tried different DNS settings on the host to rule out the possibility of AdGuard blocking issues. 🤔 …

Hm, the last version update included mostly a change of the image base (downgrade) from bookworm to bullseye but bookworm version is still available tho.

Could you also post when possible logs and your current setup? Will check it against my config and try to reproduce it.

[Perseco]

Hm, the last version update included mostly a change of the image base (downgrade) from bookworm to bullseye but bookworm version is still available tho.

Could you also post when possible logs and your current setup? Will check it against my config and try to reproduce it.

I tried using the latest-bookworm tag and it appears work. Upon trying the bullseye release again, it appears to be working again. Yesterday it was not connecting, even after restarting my NAS and router. My logs matched @rosschurchill's logs, the main difference being that network lock couldn't be enabled due to the kernel version used by Synology. Not sure what would have changed since then.

Specs: Synology DS1621+ 4x Seagate IronWolf Pro 12TB (btrfs volume, SHR) 8GB memory Docker w/Portainer (portainer-ee:latest)

docker-compose: https://pastebin.com/h3UaTjp4

bookworm logs: https://pastebin.com/wGAXtPsj

Note: Upon fresh deployment after pulling the image, the service does not activate on the first try and the container must be restarted.

[Misioslav]

Ive released a set of changes based on other forks it may help with not activating at the first try. Feel free to test

[rosschurchill]

Thanks mate I will give it a try tomorrow

On Tue, 27 Jun 2023, 14:43 Misioslav, @.***> wrote:

Ive released a set of changes based on other forks it may help with not activating at the first try. Feel free to test

— Reply to this email directly, view it on GitHub https://github.com/Misioslav/expressvpn/issues/24#issuecomment-1609534215, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWM5Y7QD25ZBFVX4T6JYX3DXNLPPFANCNFSM6AAAAAAWFOHR2I . You are receiving this because you were mentioned.Message ID: @.***>

[rosschurchill]

Hey,

I changed to the latest version of container and it and got a new error

Preferred Protocol is lightway_udp. LightwayCipher is auto. Send Diagnostics is disabled. Threat Manager is enabled. Network Lock Mode is default. Auto Connect is enabled. If your VPN connection unexpectedly drops, internet traffic will now be blocked by Network Lock to protect your privacy.

Connecting to Netherlands - Amsterdam... Unable to connect to Netherlands - Amsterdam

• Check your internet connection or try a different location.
• Internet traffic is blocked to protect your privacy.
• To retry the connection, type 'expressvpn connect'
• To disconnect from the VPN and unblock internet traffic, type 'expressvpn disconnect' iptables v1.8.7 (nf_tables): Couldn't load match `udp':No such file or directory

Try iptables -h' or 'iptables --help' for more information. allowing dns server traffic in iptables: 192.168.1.1 iptables v1.8.7 (nf_tables): Couldn't load matchudp':No such file or directory

Try iptables -h' or 'iptables --help' for more information. allowing dns server traffic in iptables: 1.1.1.1 iptables v1.8.7 (nf_tables): Couldn't load matchudp':No such file or directory

Try `iptables -h' or 'iptables --help' for more information. allowing dns server traffic in iptables: 8.8.8.8

Thank you very much for all your efforts with this

Regards R

[Misioslav]

iptables error aside (I need to I think google a bit more as Im puzzled by it), have you tried to connect to a different server? Also, whats your setup/config?

[rosschurchill]

Thanks for the replay

I have been using the Dam server on my other container using the polkaned/expressvpn:3.45.0.2-1.6418bed0 image for a while without issues

Here is the configs i am using

expressvpn: image: misioslav/expressvpn:3.49.0.28 container_name: expressvpn restart: unless-stopped ports:

• 8182:8080
• 3579:3579
• 7878:7878
• 8989:8989 environment:
• WHITELIST_DNS=192.168.1.1,1.1.1.1,8.8.8.8
• CODE=XYZ
• SERVER=nlam
• PROTOCOL=lightway_udp
• CIPHER=auto cap_add:
• NET_ADMIN devices:
• /dev/net/tun stdin_open: true tty: true command: /bin/bash privileged: true

Regards R

[Misioslav]

Could you try to use it without whitelist set?

On 4 Jul 2023 at 17:32 +0200, rosschurchill @.***>, wrote:

Thanks for the replay I have been using the Dam server on my other container using the polkaned/expressvpn:3.45.0.2-1.6418bed0 image for a while without issues Here is the configs i am using expressvpn: image: misioslav/expressvpn:3.49.0.28 container_name: expressvpn restart: unless-stopped ports:

• 8182:8080
• 3579:3579
• 7878:7878
• 8989:8989 environment:
• WHITELIST_DNS=192.168.1.1,1.1.1.1,8.8.8.8
• CODE=XYZ
• SERVER=nlam
• PROTOCOL=lightway_udp
• CIPHER=auto cap_add:
• NET_ADMIN devices:
• /dev/net/tun stdin_open: true tty: true command: /bin/bash privileged: true Regards R — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you commented.Message ID: @.***>

[alex-jhnsn]

Hi I think I'm running into a similar issue.

My configuration is as follows:

  expressvpn:
    container_name: expressvpn
    image: misioslav/expressvpn:latest
    restart: unless-stopped
    ports:
      # QBT UI Port
      - 8090:8090
      # Bittorrent port
      - 6882:6881
      - 6882:6881/udp
      # Prowlarr port
      - 9696:9696
    environment:
      - CODE=SECRET
      - SERVER=US
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    stdin_open: true
    tty: true
    command: /bin/bash
    privileged: true

and this is what I'm seeing

...
Preferred Protocol is lightway_udp.
LightwayCipher is chacha20.
Send Diagnostics is disabled.
Threat Manager is enabled.
Network Lock Mode is default.
Auto Connect is enabled.
If your VPN connection unexpectedly drops, internet traffic will now be
blocked by Network Lock to protect your privacy.

Selecting a location in United States for you...
Connecting to United States...
Unable to connect to United States

   - Check your internet connection or try a different location.
   - Internet traffic is blocked to protect your privacy.
   - To retry the connection, type 'expressvpn connect'
   - To disconnect from the VPN and unblock internet traffic, type 'expressvpn disconnect'

I've also tried using the specific version 3.49.0.28 and not had any dice with that either

[Perseco]

I continue to have issues activating on the first start, but restarting the container connects just fine.

For those having unable to connect issues on Synology NAS devices, I ran into this again with the recent DSM update on my Synology. It seems the tunnel device does not initialize on reboot by default, so I had to set up a script in DSM's task scheduler to run on boot (running as root) to initialize it:

insmod /lib/modules/tun.ko

This solved my connection issues other than the activation on first start of a fresh container.

[Misioslav]

I continue to have issues activating on the first start, but restarting the container connects just fine.

For those having unable to connect issues on Synology NAS devices, I ran into this again with the recent DSM update on my Synology. It seems the tunnel device does not initialize on reboot by default, so I had to set up a script in DSM's task scheduler to run on boot (running as root) to initialize it:

insmod /lib/modules/tun.ko

This solved my connection issues other than the activation on first start of a fresh container.

This sounds promising. I already have also a startup script which “fixes” tun (for other reasons) so I might have missed that.

I hope others can confirm it as working.