act28 / pia-openvpn-proxy

An Alpine Linux docker container running Privoxy and OpenVPN via Private Internet Access
19 stars 9 forks source link

Missing US East Profile, and Connection Issues #6

Closed phillipsmn closed 3 years ago

phillipsmn commented 3 years ago

Hello,

I am trying to run this on my Synology DS418play, and I was able to pull/set up the docker container without problems. But, nothing was running through the proxy. I checked the logs and got an error that it was failing to read the /config/pia/US East.ovpn file. I looked in the directory and of all the .ovpn profiles, US East was not in the folder.

I switched to US Washington DC.ovpn in my environment variables and get the following error:

Fri Nov 20 12:36:33 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020 Fri Nov 20 12:36:33 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Fri Nov 20 12:36:33 2020 CRL: loaded 1 CRLs from file [[INLINE]]
Fri Nov 20 12:36:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]38.70.11.221:501 Fri Nov 20 12:36:33 2020 Attempting to establish TCP connection with [AF_INET]38.70.11.221:501 [nonblock]
Fri Nov 20 12:36:34 2020 TCP connection established with [AF_INET]38.70.11.221:501
Fri Nov 20 12:36:34 2020 TCP_CLIENT link local: (not bound)
Fri Nov 20 12:36:34 2020 TCP_CLIENT link remote: [AF_INET]38.70.11.221:501
Fri Nov 20 12:36:35 2020 [washington446] Peer Connection Initiated with [AF_INET]38.70.11.221:501
Fri Nov 20 12:36:36 2020 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Fri Nov 20 12:36:36 2020 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Fri Nov 20 12:36:36 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Fri Nov 20 12:36:36 2020 Exiting due to fatal error

act28 commented 3 years ago

Hmmm. Looks like PIA has dropped "US East" from their packaged configs. Thanks for bringing this to my attention. I'll fix up the default example in a PR.

I think there's some additional tinkering required with Synology to get the TUN setup. See if any of these help:

  1. https://memoryleak.dev/post/fix-tun-tap-not-available-on-a-synology-nas/ (backlinked from https://www.synoforum.com/threads/device-dev-net-tun-not-working-anymore-after-docker-update-18-09-0-0513.3074/)
  2. https://github.com/haugene/docker-transmission-openvpn/issues/41
phillipsmn commented 3 years ago

I followed the directions above (also at https://petestechblog.com/2020/10/04/how-to-run-transmission-using-openvpn-in-docker-on-a-synology-nas-dsm-6-0/).

Things are moving forward, but I have IPv6 issues. Is there a way to keep it at IPv4, or is IPv6 necessary?

Sat Nov 21 19:17:29 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020 Sat Nov 21 19:17:29 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10 Sat Nov 21 19:17:29 2020 CRL: loaded 1 CRLs from file [[INLINE]] Sat Nov 21 19:17:29 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]70.32.6.151:501 Sat Nov 21 19:17:29 2020 Attempting to establish TCP connection with [AF_INET]70.32.6.151:501 [nonblock] Sat Nov 21 19:17:30 2020 TCP connection established with [AF_INET]70.32.6.151:501 Sat Nov 21 19:17:30 2020 TCP_CLIENT link local: (not bound) Sat Nov 21 19:17:30 2020 TCP_CLIENT link remote: [AF_INET]70.32.6.151:501 Sat Nov 21 19:17:30 2020 [washington430] Peer Connection Initiated with [AF_INET]70.32.6.151:501 Sat Nov 21 19:17:31 2020 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options Sat Nov 21 19:17:31 2020 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3 Sat Nov 21 19:17:31 2020 TUN/TAP device tun0 opened Sat Nov 21 19:17:31 2020 /sbin/ip link set dev tun0 up mtu 1500 Sat Nov 21 19:17:31 2020 /sbin/ip addr add dev tun0 10.4.19.4/24 broadcast 10.4.19.255 Sat Nov 21 19:17:31 2020 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected. Sat Nov 21 19:17:31 2020 Initialization Sequence Completed 2020-11-21 19:17:39.098 7fc84eac2d48 Info: Privoxy version 3.0.28 2020-11-21 19:17:39.098 7fc84eac2d48 Info: Program name: privoxy 2020-11-21 19:17:39.098 7fc84eac2d48 Info: Loading filter file: /config/privoxy/default.filter 2020-11-21 19:17:39.101 7fc84eac2d48 Info: Loading filter file: /config/privoxy/user.filter 2020-11-21 19:17:39.102 7fc84eac2d48 Info: Loading actions file: /config/privoxy/match-all.action 2020-11-21 19:17:39.102 7fc84eac2d48 Info: Loading actions file: /config/privoxy/default.action 2020-11-21 19:17:39.106 7fc84eac2d48 Info: Loading actions file: /config/privoxy/user.action 2020-11-21 19:17:39.106 7fc84eac2d48 Info: Listening on port 8118 on IP address 0.0.0.0

act28 commented 3 years ago

It's safe to ignore. Note, IPv6 is not supported and blocked by default for PIA. https://www.privateinternetaccess.com/helpdesk/kb/articles/why-do-you-block-ipv6-2