Container not starting with ProtonVPN

[nWacher]

Describe the problem

I haven't been able to start my container for the past few days, I think it might have something to do with outdated config files, since is-03.protonvpn.com.upd.ovpn shows different IP addresses and headers when comparing the configuration file I can get from my account, and the configuration provided by this repo. One uses

185.159.158.50 80
185.159.158.50 443
185.159.158.50 4569
185.159.158.50 1194
185.159.158.50 5060

and the other one

213.167.139.99 80
213.167.139.99 443
213.167.139.99 4569
213.167.139.99 1194
213.167.139.99 5060

I also compared both versions of is-04.protonvpn.com.upd.ovpn and got similar results. I haven't tried the method for custom configuration files yet, but my guess would be that it works and the config files have to be updated Add your docker run command

version: "3.4"
services:
    transmission-openvpnn:
        volumes:
            - '/home/user/Desktop/testingV2/data:/data'
            - '/etc/localtime:/etc/localtime:ro'
        environment:
        - CREATE_TUN_DEVICE=true
        - OPENVPN_PROVIDER=PROTONVPN
        - OPENVPN_CONFIG=is-03.protonvpn.com.upd
        - OPENVPN_USERNAME=xxx
        - OPENVPN_PASSWORD=xxx
        - WEBPROXY_ENABLED=false
        - LOCAL_NETWORK=192.168.1.0/24
    cap_add:
        - NET_ADMIN
    logging:
        driver: json-file
        options:
            max-size: 10m
    ports:
        - '9092:9091'
    dns:
        - 1.1.1.1
        - 1.0.0.1
    image: haugene/transmission-openvpn

Logs

When using udp I get

Using OpenVPN provider: PROTONVPN,
Starting OpenVPN using config is-03.protonvpn.com.udp.ovpn,
Setting OPENVPN credentials...,
adding route to local network 192.168.1.0/24 via 172.20.0.1 dev eth0,
Sun Jun  7 15:45:23 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] 
[EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019,
Sun Jun  7 15:45:23 2020 library versions: OpenSSL 1.1.1c  28 May 2019, LZO 2.10,
Sun Jun  7 15:45:23 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts,
Sun Jun  7 15:45:23 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 
'SHA512' for HMAC authentication,
Sun Jun  7 15:45:23 2020 Incoming Control Channel Authentication: Using 512 bit message hash 
'SHA512' for HMAC authentication,
Sun Jun  7 15:45:23 2020 TCP/UDP: Preserving recently used remote address: 
[AF_INET]185.159.158.50:80,
Sun Jun  7 15:45:23 2020 Socket Buffers: R=[212992->212992] S=[212992->212992],
Sun Jun  7 15:45:23 2020 UDP link local: (not bound),
Sun Jun  7 15:45:23 2020 UDP link remote: [AF_INET]185.159.158.50:80,
Sun Jun  7 15:46:23 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity),
Sun Jun  7 15:46:23 2020 TLS Error: TLS handshake failed,
Sun Jun  7 15:46:23 2020 SIGUSR1[soft,tls-error] received, process restarting,
Sun Jun  7 15:46:23 2020 Restart pause, 5 second(s),
Sun Jun  7 15:46:28 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts,
Sun Jun  7 15:46:28 2020 TCP/UDP: Preserving recently used remote address: 
[AF_INET]185.159.158.50:443,
Sun Jun  7 15:46:28 2020 Socket Buffers: R=[212992->212992] S=[212992->212992],
Sun Jun  7 15:46:28 2020 UDP link local: (not bound),
Sun Jun  7 15:46:28 2020 UDP link remote: [AF_INET]185.159.158.50:443,
Sun Jun  7 15:47:28 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity),
Sun Jun  7 15:47:28 2020 TLS Error: TLS handshake failed,
Sun Jun  7 15:47:28 2020 SIGUSR1[soft,tls-error] received, process restarting,
Sun Jun  7 15:47:28 2020 Restart pause, 5 second(s),
Sun Jun  7 15:47:33 2020 NOTE: the current --script-security setting may allow this configuration to 
call user-defined scripts,
Sun Jun  7 15:47:33 2020 TCP/UDP: Preserving recently used remote address: 
[AF_INET]185.159.158.50:4569,

When I change udp for tcp I get something like this

Sun Jun  7 15:34:19 2020 Restart pause, 40 second(s)
Sun Jun  7 15:34:59 2020 NOTE: the current --script-security setting may allow this configuration 
to call user-defined scripts
Sun Jun  7 15:34:59 2020 NOTE: --fast-io is disabled since we are not using UDP
Sun Jun  7 15:34:59 2020 TCP/UDP: Preserving recently used remote address: 
[AF_INET]185.159.158.50:8443
Sun Jun  7 15:34:59 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]
Sun Jun  7 15:34:59 2020 Attempting to establish TCP connection with 
[AF_INET]185.159.158.50:8443 [nonblock]
Sun Jun  7 15:36:59 2020 TCP: connect to [AF_INET]185.159.158.50:8443 failed: Connection 
timed out
Sun Jun  7 15:36:59 2020 SIGUSR1[connection failed(soft),init_instance] received, process 
restarting
Sun Jun  7 15:36:59 2020 Restart pause, 80 second(s)

Host system:

I have tried both Ubuntu 18.04 with version 19.03.11, build 42e35e61f3 and RPi 4 (adding latest-armhf to the image), both give the same problem.

[pkishino]

well, try it with custom first, if it works, then yes, it seems the configs need updating. Please submit a PR with the updated configs

[nWacher]

I managed to get it working using the ovpn configs I get from my account both on Ubuntu and RPi, however, as far as my tests went it suffices to take the existing config files in this repo and replace the old IP addresses with the new ones (which is what previous commits have done but I just managed to know about). I'm going to update Iceland's configs by hand starting with TCP, I guess it could be done programatically with python and regex, or maybe piping the output from diff, but I'm a bit pressed for time right know. Should I just branch, commit, push and pull request? (I usually just work on my own repos, or with few people who never implemented checks/pull requests)

[pkishino]

fork this repo, commit and then if you click pull-request tab it should auto suggest to create a PR here . add a line such as "fix #1244" into the PR message to link it here :) I'll merge it once you add

[nWacher]

Thanks. Already updated and built a local image, just checking that all the servers work. Will PR in a few min.