Closed JFox762 closed 3 years ago
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
Potential duplicates:
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
Potential duplicates:
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
Potential duplicates:
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
Potential duplicates:
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
Potential duplicates:
@JFox762: hello! :wave:
This issue is being automatically closed because it does not follow the issue template. If you edit and follow the template properly by filling it in completely the issue will be re-opened
sigh.. I see you created another post..which also wasn't formatted correctly.. please use preview and you would see the problem with the tickboxes not done correctly.. it clearly states in the description how to do this.. apart from the dns problem you are also having the problem of running on an rpi4 and time not working..see other issues on this
Potential duplicates:
Closing this issue, as it appears to be related to the issue pkishino referenced.
Thank you for your patience, I'm a real newb to docker AND github.
I'm getting the same thing as of today (prior few months been working fine).
The prior solutions seem unrelated.
Starting container with revision: d7e7a24fbb384df866c2e9ae0e31104895dd26ea
Creating TUN device /dev/net/tun
Using OpenVPN provider: NORDVPN
Provider NORDVPN has a custom setup script, executing it
2021-07-02 16:25:10 Checking curl installation
2021-07-02 16:25:10 Removing existing configs
2021-07-02 16:25:10 Selecting the best server...
2021-07-02 16:25:10 Searching for technology: openvpn_udp
2021-07-02 16:25:10 Unable to find a server with the specified parameters, using any recommended server
2021-07-02 16:25:10 Best server :
2021-07-02 16:25:10 Downloading config: default.ovpn
2021-07-02 16:25:10 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn
Starting OpenVPN using config default.ovpn
Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container
Setting OpenVPN credentials...
adding route to local network 192.168.0.0/16 via 172.17.0.1 dev eth0
Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/nordvpn/default.ovpn:1: html (2.5.2)
Use --help for more information.
Unrelated, as it seems that URL is down - here is me fetching it on a different computer - same result via web browser
> curl 'https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn'
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
Config script is as follows:
I've followed up with Nord VPN technical support, and they reported that they do not own downloads.nordcdn.com
Me: Hi Coby, the seedbox project https://github.com/haugene/docker-transmission-openvpn uses https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn to configure its vpn service, however that URL is 404'ing likely because downloads.nordcdn.com is giving a Gateway Timeout error. It seems downloads.nordcdn.com is down, and perhaps the fix is on NordVPN's side?
Coby: Let me check on that. So as I have checked we do not have this domain downloads.nordcdn.com.
Me: weird I'll let the project maintainers know
Hi @balupton ,
According to nordvpn support page: https://support.nordvpn.com/Connectivity/Linux/1061938702/How-to-connect-to-NordVPN-using-Linux-Network-Manager.htm , there is a link to nordcdn within nordvpn support pages: OpenVPN Configuration File Package As of 21.07.03 22:36, https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/de903.nordvpn.com.udp.ovpn was downloaded without any problem. I would rather think that the 404 is a protection for incorrect requests.
This page: https://haugene.github.io/docker-transmission-openvpn/provider-specific/ gives clear indications of what is expected (protocol, country, category ). the page gives some tips to requests the nordvpn api as the script does.
According to your logs, I can't see country, nor category. I would say protocol and category are required. I set the three and never had a problem.
Maybe, however I get the same result with:
sudo docker run --cap-add=NET_ADMIN -d -v redacted:/data -e OPENVPN_PROVIDER=NORDVPN -e OPENVPN_USERNAME=redacted -e OPENVPN_PASSWORD=redacted -e 'OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60' -e NORDVPN_CATEGORY=P2P -e NORDVPN_COUNTRY=AU -e NORDVPN_PROTOCOL=udp -e LOCAL_NETWORK=192.168.0.0/16 --restart=always --log-driver json-file --log-opt max-size=10m -p 9091:9091 haugene/transmission-openvpn
> sudo docker logs 81797de80177
Starting container with revision: d7e7a24fbb384df866c2e9ae0e31104895dd26ea
Creating TUN device /dev/net/tun
Using OpenVPN provider: NORDVPN
Provider NORDVPN has a custom setup script, executing it
2021-07-03 21:16:55 Checking curl installation
2021-07-03 21:16:55 Removing existing configs
2021-07-03 21:16:55 Selecting the best server...
2021-07-03 21:16:55 Searching for technology: openvpn_udp
2021-07-03 21:16:55 Unable to find a server with the specified parameters, using any recommended server
2021-07-03 21:16:55 Best server :
2021-07-03 21:16:55 Downloading config: default.ovpn
2021-07-03 21:16:55 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn
2021-07-03 21:16:55 Selecting the best server...
2021-07-03 21:16:55 Searching for technology: openvpn_udp
2021-07-03 21:16:55 Unable to find a server with the specified parameters, using any recommended server
2021-07-03 21:16:55 Best server :
2021-07-03 21:16:55 Downloading config: .ovpn
2021-07-03 21:16:55 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn
No VPN configuration provided. Using default.
Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container
Setting OpenVPN credentials...
adding route to local network 192.168.0.0/16 via 172.17.0.1 dev eth0
Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/nordvpn/default.ovpn:1: html (2.5.2)
Use --help for more information.
Adding the flags --dns 1.1.1.1 --dns 1.0.0.1 --dns 8.8.8.8 --dns 8.8.4.4
had no effect.
Going inside the container and running:
curl 'https://api.nordvpn.com/v1/servers/recommendations?filters\[country_id\]=2&filters\[servers_technologies\]\[identifier\]=openvpn_tcp&filters\[servers_group\]\[identifier\]=legacy_group_category&limit=1'
Failed with:
curl: (6) Could not resolve host: api.nordvpn.com
Despite it working on my local machine. Will explore further.
Been debugging ever since, and still haven't been able to figure it out. It seems it is indeed an issue with my docker setup on my Raspberry Pi 4 running Ubuntu Server on Arm64.
docker run --rm --cap-add=NET_ADMIN alpine sh -c 'apk add curl bind-tools; printf "\nRESOLV.conf\n"; cat /etc/resolv.conf; printf "\nDIG:\n"; dig api.nordvpn.com; printf "\nNSLOOKUP:\n"; nslookup api.nordvpn.com; printf "\nCURL:\n"; curl api.nordvpn.com; printf "\nPING:\n"; ping api.nordvpn.com; printf "\nWHOIS:\n"; whois api.nordvpn.com'
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/aarch64/APKINDEX.tar.gz
(1/18) Installing fstrm (0.6.1-r0)
(2/18) Installing krb5-conf (1.0-r2)
(3/18) Installing libcom_err (1.46.2-r0)
(4/18) Installing keyutils-libs (1.6.3-r0)
(5/18) Installing libverto (0.3.2-r0)
(6/18) Installing krb5-libs (1.18.3-r1)
(7/18) Installing json-c (0.15-r1)
(8/18) Installing protobuf-c (1.3.3-r6)
(9/18) Installing libuv (1.41.0-r0)
(10/18) Installing xz-libs (5.2.5-r0)
(11/18) Installing libxml2 (2.9.12-r1)
(12/18) Installing bind-libs (9.16.16-r2)
(13/18) Installing bind-tools (9.16.16-r2)
(14/18) Installing ca-certificates (20191127-r5)
(15/18) Installing brotli-libs (1.0.9-r5)
(16/18) Installing nghttp2-libs (1.43.0-r0)
(17/18) Installing libcurl (7.77.0-r1)
(18/18) Installing curl (7.77.0-r1)
Executing busybox-1.33.1-r2.trigger
Executing ca-certificates-20191127-r5.trigger
OK: 15 MiB in 32 packages
RESOLV.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients directly to
# all known uplink DNS servers. This file lists all configured search domains.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 8.8.8.8
# Too many DNS servers configured, the following entries may be ignored.
nameserver 8.8.4.4
nameserver 208.67.222.222
nameserver 208.67.220.220
nameserver 9.9.9.9
nameserver 149.112.112.112
nameserver 192.168.4.1
DIG:
; <<>> DiG 9.16.16 <<>> api.nordvpn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52263
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;api.nordvpn.com. IN A
;; ANSWER SECTION:
api.nordvpn.com. 66 IN A 104.17.49.74
api.nordvpn.com. 66 IN A 104.17.50.74
;; Query time: 51 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sun Jul 04 01:59:05 UTC 2021
;; MSG SIZE rcvd: 106
NSLOOKUP:
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: api.nordvpn.com
Address: 104.17.50.74
Name: api.nordvpn.com
Address: 104.17.49.74
;; Got SERVFAIL reply from 1.1.1.1, trying next server
;; Got SERVFAIL reply from 1.0.0.1, trying next server
** server can't find api.nordvpn.com: SERVFAIL
CURL:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:04 --:--:-- 0curl: (6) Could not resolve host: api.nordvpn.com
PING:
ping: bad address 'api.nordvpn.com'
WHOIS:
[Querying whois.iana.org:43 'api.nordvpn.com']
[Redirected to whois.verisign-grs.com]
[Querying whois.verisign-grs.com:43 'api.nordvpn.com']
[Querying whois.verisign-grs.com:43 'domain api.nordvpn.com']
[whois.verisign-grs.com]
No match for domain "API.NORDVPN.COM".
>>> Last update of whois database: 2021-07-04T02:01:08Z <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
What is strange is dig
works fine, however nslookup
, curl
, and ping
all fail. Despite nslookup
getting the IP address, it still fails.
Adding --net=bridge --dns 9.9.9.9
has no effect.
Everything works fine on the host machine.
I've also attempted the libseccomp
install and restart, but to no avail. As well as completely remove docker and reinstall docker, to no avail.
Using --net=host
appears to work:
docker run --rm --net=host alpine sh -c 'apk add curl bind-tools; printf "\nRESOLV.conf\n"; cat /etc/resolv.conf; printf "\nDIG:\n"; dig api.nordvpn.com; printf "\nNSLOOKUP:\n"; nslookup api.nordvpn.com; printf "\nCURL:\n"; curl api.nordvpn.com; printf "\nPING:\n"; ping -c 5 api.nordvpn.com; printf "\nWHOIS:\n"; whois api.nordvpn.com'
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/aarch64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/aarch64/APKINDEX.tar.gz
(1/18) Installing fstrm (0.6.1-r0)
(2/18) Installing krb5-conf (1.0-r2)
(3/18) Installing libcom_err (1.46.2-r0)
(4/18) Installing keyutils-libs (1.6.3-r0)
(5/18) Installing libverto (0.3.2-r0)
(6/18) Installing krb5-libs (1.18.3-r1)
(7/18) Installing json-c (0.15-r1)
(8/18) Installing protobuf-c (1.3.3-r6)
(9/18) Installing libuv (1.41.0-r0)
(10/18) Installing xz-libs (5.2.5-r0)
(11/18) Installing libxml2 (2.9.12-r1)
(12/18) Installing bind-libs (9.16.16-r2)
(13/18) Installing bind-tools (9.16.16-r2)
(14/18) Installing ca-certificates (20191127-r5)
(15/18) Installing brotli-libs (1.0.9-r5)
(16/18) Installing nghttp2-libs (1.43.0-r0)
(17/18) Installing libcurl (7.77.0-r1)
(18/18) Installing curl (7.77.0-r1)
Executing busybox-1.33.1-r2.trigger
Executing ca-certificates-20191127-r5.trigger
OK: 15 MiB in 32 packages
RESOLV.conf
# This file is managed by man:systemd-resolved(8). Do not edit.
#
# This is a dynamic resolv.conf file for connecting local clients to the
# internal DNS stub resolver of systemd-resolved. This file lists all
# configured search domains.
#
# Run "resolvectl status" to see details about the uplink DNS servers
# currently in use.
#
# Third party programs should typically not access this file directly, but only
# through the symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a
# different way, replace this symlink by a static file or a different symlink.
#
# See man:systemd-resolved.service(8) for details about the supported modes of
# operation for /etc/resolv.conf.
nameserver 127.0.0.53
options edns0 trust-ad
DIG:
; <<>> DiG 9.16.16 <<>> api.nordvpn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16649
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;api.nordvpn.com. IN A
;; ANSWER SECTION:
api.nordvpn.com. 103 IN A 104.17.49.74
api.nordvpn.com. 103 IN A 104.17.50.74
;; Query time: 0 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sun Jul 04 02:22:38 UTC 2021
;; MSG SIZE rcvd: 76
NSLOOKUP:
Server: 127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: api.nordvpn.com
Address: 104.17.49.74
Name: api.nordvpn.com
Address: 104.17.50.74
CURL:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
PING:
PING api.nordvpn.com (104.17.49.74): 56 data bytes
64 bytes from 104.17.49.74: seq=0 ttl=59 time=2.256 ms
64 bytes from 104.17.49.74: seq=1 ttl=59 time=2.263 ms
64 bytes from 104.17.49.74: seq=2 ttl=59 time=2.561 ms
64 bytes from 104.17.49.74: seq=3 ttl=59 time=2.307 ms
64 bytes from 104.17.49.74: seq=4 ttl=59 time=2.940 ms
--- api.nordvpn.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 2.256/2.465/2.940 ms
WHOIS:
[Querying whois.iana.org:43 'api.nordvpn.com']
[Redirected to whois.verisign-grs.com]
[Querying whois.verisign-grs.com:43 'api.nordvpn.com']
[Querying whois.verisign-grs.com:43 'domain api.nordvpn.com']
[whois.verisign-grs.com]
No match for domain "API.NORDVPN.COM".
>>> Last update of whois database: 2021-07-04T02:22:26Z <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
I've also tried this with bridge, however it didn't work.
Trying --net=host
now with this container.
So --net=host
works fine - however it also connects the host to the vpn.
I have the same result on RPI4. However, setting alpine version to 3.12 fix the problem. 3.12 and prior are ok. 3.13 and onwards are failing.
docker run --rm alpine:3.12 sh -c 'apk add curl bind-tools; printf "\nRESOLV.conf\n"; cat /etc/resolv.conf; printf "\nDIG:\n"; dig api.nordvpn.com; printf "\nNSLOOKUP:\n"; nslookup api.nordvpn.com; printf "\nCURL:\n"; curl api.nordvpn.com; printf "\nPING:\n"; ping -c 5 api.nordvpn.com; printf "\nWHOIS:\n"; whois api.nordvpn.com'
Something different with your setting, my system is still on the 32 bit kernel. I switched to a 64 bit kernel following this blog. I don't know if you are on raspbian lite with a 64 bit enabled kernel or a full raspi os 64 bit. the latter is still in beta as far as I know.
Sticking with 3.12 alpine version fixes the issue. I guess your issue might be related to https://github.com/haugene/docker-transmission-openvpn/issues/1726 , breaking changes were introduced: https://wiki.alpinelinux.org/wiki/Release_Notes_for_Alpine_3.13.0#time64_requirements
Applying alpine workaround, fixes the issue for 3.13+ versions:
docker run --rm --security-opt=seccomp=/root/containers_conf/default.json alpine:3.14 sh -c 'cat /etc/os-release;apk add curl bind-tools; printf "\nRESOLV.conf\n"; cat /etc/resolv.conf; printf "\nDIG:\n"; dig api.nordvpn.com; printf "\nNSLOOKUP:\n"; nslookup api.nordvpn.com; printf "\nCURL:\n"; curl api.nordvpn.com; printf "\nPING:\n"; ping -c 5 api.nordvpn.com; printf "\nWHOIS:\n"; whois api.nordvpn.com'
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.14.0
PRETTY_NAME="Alpine Linux v3.14"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/main/armv7/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.14/community/armv7/APKINDEX.tar.gz
(1/18) Installing fstrm (0.6.1-r0)
(2/18) Installing krb5-conf (1.0-r2)
.....
Same deal for me with 3.12:
> sudo docker run --rm --cap-add=NET_ADMIN --net=bridge --dns 9.9.9.9 alpine:3.12 sh -c "apk add curl bind-tools; $(cat "$DOROTHY/user/commands/debug-network")"
Unable to find image 'alpine:3.12' locally
3.12: Pulling from library/alpine
d2f70382dc9a: Pull complete
Digest: sha256:87703314048c40236c6d674424159ee862e2b96ce1c37c62d877e21ed27a387e
Status: Downloaded newer image for alpine:3.12
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/aarch64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/aarch64/APKINDEX.tar.gz
(1/21) Installing fstrm (0.6.0-r1)
(2/21) Installing libgcc (9.3.0-r2)
(3/21) Installing krb5-conf (1.0-r2)
(4/21) Installing libcom_err (1.45.6-r0)
(5/21) Installing keyutils-libs (1.6.1-r1)
(6/21) Installing libverto (0.3.1-r1)
(7/21) Installing krb5-libs (1.18.3-r0)
(8/21) Installing json-c (0.14-r1)
(9/21) Installing libstdc++ (9.3.0-r2)
(10/21) Installing libprotobuf (3.12.2-r0)
(11/21) Installing libprotoc (3.12.2-r0)
(12/21) Installing protobuf-c (1.3.3-r1)
(13/21) Installing libuv (1.38.1-r0)
(14/21) Installing xz-libs (5.2.5-r0)
(15/21) Installing libxml2 (2.9.10-r6)
(16/21) Installing bind-libs (9.16.15-r0)
(17/21) Installing bind-tools (9.16.15-r0)
(18/21) Installing ca-certificates (20191127-r4)
(19/21) Installing nghttp2-libs (1.41.0-r0)
(20/21) Installing libcurl (7.77.0-r0)
(21/21) Installing curl (7.77.0-r0)
Executing busybox-1.31.1-r20.trigger
Executing ca-certificates-20191127-r4.trigger
OK: 20 MiB in 35 packages
DATE:
Sun Jul 4 18:34:35 UTC 2021
DNS LISTENERS:
RESOLV.conf
sh: sudo: not found
nameserver 9.9.9.9
DIG:
; <<>> DiG 9.16.15 <<>> api.nordvpn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59341
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;api.nordvpn.com. IN A
;; ANSWER SECTION:
api.nordvpn.com. 159 IN A 104.17.50.74
api.nordvpn.com. 159 IN A 104.17.49.74
;; Query time: 239 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Sun Jul 04 18:34:35 UTC 2021
;; MSG SIZE rcvd: 106
TRACE:
Invalid option: +traceapi.nordvpn.com
Usage: dig [@global-server] [domain] [q-type] [q-class] {q-opt}
{global-d-opt} host [@local-server] {local-d-opt}
[ host [@local-server] {local-d-opt} [...]]
Use "dig -h" (or "dig -h | more") for complete list of options
TRACEROUTE:
traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 46 byte packets
1 172.17.0.1 (172.17.0.1) 0.046 ms 0.092 ms 0.082 ms
2 192.168.4.1 (192.168.4.1) 0.540 ms 0.535 ms 0.605 ms
3 192.168.1.254 (192.168.1.254) 1.183 ms 1.379 ms 1.171 ms
4 10.20.26.6 (10.20.26.6) 3.171 ms 3.286 ms 2.083 ms
5 203.29.134-254.tpgi.com.au (203.29.134.254) 5.408 ms 3.977 ms 3.753 ms
6 au-wa-2481-ipe-01-eth1-20020001.tpgi.com.au (203.221.245.10) 3.422 ms 6.822 ms 2.961 ms
7 14-203-189-126.tpgi.com.au (14.203.189.126) 2.916 ms 3.545 ms 2.498 ms
8 per.gslnetworks.com.au (103.137.13.251) 2.977 ms 2.876 ms 2.625 ms
9 103.107.196.9 (103.107.196.9) 2.867 ms 3.893 ms 3.722 ms
10 dns9.quad9.net (9.9.9.9) 3.335 ms !C 3.644 ms !C 3.046 ms !C
TRACEROUTE -r:
traceroute to 9.9.9.9 (9.9.9.9), 30 hops max, 46 byte packets
1traceroute: sendto: Network unreachable
DIG @192.0.2.1:
; <<>> DiG 9.16.15 <<>> @192.0.2.1 api.nordvpn.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42368
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;api.nordvpn.com. IN A
;; ANSWER SECTION:
api.nordvpn.com. 134 IN A 104.17.49.74
api.nordvpn.com. 134 IN A 104.17.50.74
;; Query time: 43 msec
;; SERVER: 192.0.2.1#53(192.0.2.1)
;; WHEN: Sun Jul 04 18:35:00 UTC 2021
;; MSG SIZE rcvd: 106
DIG @9.9.9.9:
; <<>> DiG 9.16.15 <<>> @9.9.9.9 hostname.bind chaos txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32501
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;hostname.bind. CH TXT
;; Query time: 43 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Sun Jul 04 18:35:00 UTC 2021
;; MSG SIZE rcvd: 31
; <<>> DiG 9.16.15 <<>> @9.9.9.9 id.server chaos txt
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 35876
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;id.server. CH TXT
;; Query time: 43 msec
;; SERVER: 9.9.9.9#53(9.9.9.9)
;; WHEN: Sun Jul 04 18:35:00 UTC 2021
;; MSG SIZE rcvd: 27
HOST:
Trying "api.nordvpn.com"
Host api.nordvpn.com not found: 2(SERVFAIL)
Received 33 bytes from 9.9.9.9#53 in 43 ms
NSLOOKUP:
Server: 9.9.9.9
Address: 9.9.9.9#53
------------
QUESTIONS:
api.nordvpn.com, type = A, class = IN
ANSWERS:
-> api.nordvpn.com
internet address = 104.17.49.74
ttl = 133
-> api.nordvpn.com
internet address = 104.17.50.74
ttl = 133
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
Non-authoritative answer:
Name: api.nordvpn.com
Address: 104.17.49.74
Name: api.nordvpn.com
Address: 104.17.50.74
------------
QUESTIONS:
api.nordvpn.com, type = AAAA, class = IN
ANSWERS:
AUTHORITY RECORDS:
ADDITIONAL RECORDS:
------------
** server can't find api.nordvpn.com: SERVFAIL
CURL:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:05 --:--:-- 0
PING:
PING api.nordvpn.com (104.17.49.74): 56 data bytes
64 bytes from 104.17.49.74: seq=0 ttl=58 time=2.303 ms
64 bytes from 104.17.49.74: seq=1 ttl=58 time=2.954 ms
64 bytes from 104.17.49.74: seq=2 ttl=58 time=2.169 ms
64 bytes from 104.17.49.74: seq=3 ttl=58 time=2.855 ms
64 bytes from 104.17.49.74: seq=4 ttl=58 time=2.357 ms
--- api.nordvpn.com ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 2.169/2.527/2.954 ms
WHOIS:
[Querying whois.iana.org:43 'api.nordvpn.com']
[Redirected to whois.verisign-grs.com]
[Querying whois.verisign-grs.com:43 'api.nordvpn.com']
[Querying whois.verisign-grs.com:43 'domain api.nordvpn.com']
[whois.verisign-grs.com]
No match for domain "API.NORDVPN.COM".
>>> Last update of whois database: 2021-07-04T18:35:05Z <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
RESOLVE:
sh: systemd-resolve: not found
I asked about my issue on Stack Exchange, and apparently my DNS is being intercepted, and that is what is causing things to fail:
https://superuser.com/a/1660609/32418
I'm testing now if using an encrypted dns service on the host machine will resolve this.
Debugging scripts for others: https://gist.github.com/balupton/9a1bd98cc9de175f407dd4e543ee80ac
Re the Alpine 3.13 change (which is what others have suffered from, but not myself), I found this:
This only affect 32 bit installs of distros based on Debian Buster.
Was able to get my setup going. I'll post the solution once I've cleaned everything up tomorrow.
To solve the issue of intercepted DNS, I was able to get it going by using AdGuard Home as my encrypted DNS service, which listens on 0.0.0.0
, and then instructing my docker containers to listen to my host's local IP address accordingly.
I've automated this within the Dorothy dotfile ecosystem via:
setup-docker
: optional if you already have docker installed and workingsetup-dns aghome
: in AdGuard's installation GUI, make sure you click the fix
button if promptedseedbox create
: this will create and start the seedboxseedbox status
: this will query the status of the seedbox and make sure the VPN is workingYou can setup the Dorothy dotfile ecosystem for your shell and user by running:
# this is what I use
bash -ilc "$(curl -fsSL https://raw.githubusercontent.com/bevry/dorothy/master/commands/setup-dorothy)"
Or you can try and run these commands in the Dorothy trial environment:
# this may or may not work for you, as it is intended for much simpler use cases
bash --rcfile <(curl -fsSL https://dorothy.bevry.workers.dev)
Or you can use the links in the steps to just pull out the code you need.
You can use these commands to debug your setup:
If you have any issue or suggestion for these commands, please post it on the Dorothy issue tracker.
The other DNS services that setup-dns
supports (such as Cloudflared and DNSCrypt-Proxy) could probably work too, providing configuration is added so that they listen on 0.0.0.0
instead of their default 127.0.0.1
— I only determined that this could have been caused by their failures after AdGuard Home was determined to be successful, in which its listening of 0.0.0.0
by default could be the cause of its success and the failures of others — however, it could just be that AdGuard Home works and the others fail for an unrelated cause. I will evaluate this over the coming days.
Before creating this issue I have:
REQUIRED
Container version & last working release
Required, problem occurs in :
Current *If possible, last working version:* ``` Unknown ``` ### Describe the problemREQUIRED
Describe the steps you have tried to solve the problem
REQUIRED
Add your docker run command or docker-compose file or env details
REQUIRED
Logs
REQUIRED
Host system
REQUIRED