search

haugene / docker-transmission-openvpn

Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel
GNU General Public License v3.0
4.11k stars 1.21k forks source link

purevpn changes... #252

Closed nicomarti83 closed 7 years ago

nicomarti83 commented 7 years ago

hi, I'm going crazy since one month with this error message with some vpn destination Wed May 24 23:07:16 2017 RESOLVE: Cannot resolve host address: be1-ovpn-udp.pointtoserver.com: Name or service not known

actually it seem that purevpn change some servers urls.

for exemple the belgium udp server in docker is:

be1-ovpn-udp.pointtoserver.com

and in the purevpn website this is:

vleu-be1-ovpn-udp.pointtoserver.com

can you please update the ovpn files ???

thanks in advance ;)

haugene commented 7 years ago

I'll try getting around to it ;) Can you provide a link to the config files, typically a .zip or something?

nicomarti83 commented 7 years ago

hum... ok it seem that the zip file is not up to date... when I will have time I will try to modify the ovpn file by myself to test the news url and I'll make a report.

nicomarti83 commented 7 years ago

I'm trying to make a compilation of working ovpn files but this is a big mess... lots of files are not up to date with the news servers urls and few fresh urls does not work... ( I take urls here https://support.purevpn.com/vpn-servers). Is there a simply way to let us manage which ovpn file we want to include in the docker, like a command line or something???

nicomarti83 commented 7 years ago

hi, I just finish to test and compile the ovpn file from European servers who allow P2P file sharing. (you can find the world list here : https://support.purevpn.com/p2p-file-sharing)

everything works fine except the Monaco-udp who give me this error:

2017-05-27 18:58:22 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity) 2017-05-27 18:58:22 TLS Error: TLS handshake failed

I connected myself to each servers with Tunnelblick 3.7.1a (build 4812) on OS X 10.12.5 and I had verifying each ip on http://whatismyipaddress.com/.

PureVpn-europe-P2P.zip

haugene commented 7 years ago

Thanks for your effort compiling a working list of configs!

I've now replaced all the purevpn configs with the ones you provided, and modified them to work inside the container. I've done some testing and it seems to be working, I'm getting a AUTH_FAILED message but that's to be expected as I don't have an account. Can you test that this works, both with the default config and some of the others? You need to pull the dev tag to get the latest changes.

Also I see the following message in the logs when connecting to the default server (Netherlands1-udp.ovpn):

TCP/UDP: Incoming packet rejected from [AF_INET]213.5.64.38:53[2], expected peer address: [AF_INET]213.5.64.37:53 (allow this incoming source address/port by removing --remote or adding --float)

And there seems to be different configurations for the different locations. The Netherlands udp configs does not include float while the ones for Germany does. Do you know why this is?

nicomarti83 commented 7 years ago

so I tested some config files (monaco tcp, germany-nu udp, netherlands1-udp and default). Everything work fine except the default.ovpn which is strange because if I understand well, it is a shortcut to netherlands1-udp.ovpn ...

this is what I've got on the terminal:

Using OpenVPN provider: PUREVPN Starting OpenVPN using config default.ovpn Setting OPENVPN credentials... adding route to local network 192.168.1.0/24 via 10.0.3.1 dev eth0 Thu Jun  1 21:26:24 2017 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Dec  1 2014 Thu Jun  1 21:26:24 2017 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info. Thu Jun  1 21:26:24 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Thu Jun  1 21:26:24 2017 WARNING: file '/etc/openvpn/purevpn/Wdc.key' is group or others accessible Thu Jun  1 21:26:24 2017 Control Channel Authentication: using '/etc/openvpn/purevpn/Wdc.key' as a OpenVPN static key file Thu Jun  1 21:26:24 2017 Attempting to establish TCP connection with [AF_INET]192.186.132.58:80 [nonblock] Thu Jun  1 21:26:25 2017 TCP connection established with [AF_INET]192.186.132.58:80 Thu Jun  1 21:26:25 2017 TCPv4_CLIENT link local: [undef] Thu Jun  1 21:26:25 2017 TCPv4_CLIENT link remote: [AF_INET]192.186.132.58:80 Thu Jun  1 21:26:25 2017 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1560 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link --[Attempting restart... Thu Jun  1 21:26:25 2017 Connection reset, restarting [0] Thu Jun  1 21:26:25 2017 SIGUSR1[soft,connection-reset] received, process restarting

About the The Netherlands udp configs, I made it from an other config file (I don't remember what file).

edit: I'll give you more information about default.ovpn soon

haugene commented 7 years ago

I've changed the default to one of the configs for Germany. Hopefully that will be more stable, and someone else could do a new update of these configs if they have improvements.

Closing this for now. Thanks for contributing and getting purevpn provider back into working state :)

nicomarti83 commented 7 years ago

hi, I was still testing the configs files. I've got few random errors time to time, but generally it work fine... If I'll notice much more annoying error I'll open a new issue ticket. ;)

bkmartin commented 6 years ago

I'm finding the UDP configs do not work if you do not include float. I added float to the Netherlands1-udp file and things work fine with it added.

I'm concerned that without the float in the config, transmission still starts up, but the VPN connection is not established (there is no IPV4 bind address for transmission) and running curl ipconfig.co inside the container reveals my real client address instead of the VPN address. But with float, the VPN is established and curl ifconfig.co works as expected

nicomarti83 commented 6 years ago

hum, I'm using the germany UDP and the last time I test my bittorent ip I had no problems... I'll make some other tests in the afternoon.

bkmartin commented 6 years ago

Only the Germany (and default) udp files have float and I agree those work. The others do not unless you add float

$ grep float *udp*
Germany.He-udp.ovpn:float
Germany.Nu-udp.ovpn:float
bkmartin commented 6 years ago

@haugene Any comments on my observed behavior that the container (and transmission) is active, but the VPN tunnel is not established?

nicomarti83 commented 6 years ago

ok, there is no float because original files from purevpn site don't have float...

bkmartin commented 6 years ago

@nicomarti83 I agree they are not in the files from PureVPN, but they also do not work without float. Did you try Netherlands as an example?

nicomarti83 commented 6 years ago

I had tried germany and netherland at the beginning and in my memory it worked fine. I'll try again when I'll have some time and I'll post the results.

bkmartin commented 6 years ago

Created a PR to address the situation where the up script is created but the tunnel was not actually up. Testing continues on the float vs no-float, but with the changes in the start script, it will restart until the tunnel is established.

https://github.com/haugene/docker-transmission-openvpn/pull/363