Privado and Windscribe auth_failed

Is there a pinned issue for this?

[X] I have read the pinned issues

Is there an existing or similar issue for this?

[X] I have searched the existing issues

Is there any comment in the documentation for this?

[X] I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

[X] I have checked the container repo for issues

Are you using the latest release?

[X] I am using the latest release

Have you tried using the dev branch latest?

[ ] I have tried using dev branch

Config used

version: '3.3'
services:
   transmission-openvpn:
    container_name: trasmission-vpn
    cap_add:
      - NET_ADMIN
    volumes:
      - /trasmission/:/data
      - /trasmission/config:/config
    environment:
      - OPENVPN_PROVIDER=WINDSCRIBE        #PRIVADO
      - OPENVPN_CONFIG=Milan-Duomo-tcp,Milan-Galleria-tcp,Rome-Colosseum-tcp,Rome-Colosseum-udp                #mxp-001,mxp-002
      - OPENVPN_USERNAME=xxxxxx        #xxxxxxxx
      - OPENVPN_PASSWORD=xxxxxxxxxx
      - LOCAL_NETWORK=192.168.1.0/24

    logging:
      driver: json-file
      options:
        max-size: 10m
    ports:
       - 9091:9091
    image: haugene/transmission-openvpn

Current Behavior

I have tried using transmission with both Privado and Windscribe, everything seems to be fine until authentication. I get the same error in both cases:

Starting container with revision: 8cc1870cc039201e0e2f8b7684a9f4e96ae03ab9
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.WWcSv1CRXO
Extracting configs to /tmp/tmp.rS0D2P1pif
Found configs for WINDSCRIBE in /tmp/tmp.rS0D2P1pif/vpn-configs-contrib-main/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Cleanup: deleting /tmp/tmp.WWcSv1CRXO and /tmp/tmp.rS0D2P1pif
4 servers found in OPENVPN_CONFIG, Milan-Duomo-tcp chosen randomly
Starting OpenVPN using config Milan-Duomo-tcp.ovpn
Modifying /etc/openvpn/windscribe/Milan-Duomo-tcp.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 172.27.0.1 dev eth0
Sun Apr 10 13:33:03 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Sun Apr 10 13:33:03 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Sun Apr 10 13:33:03 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 10 13:33:03 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:03 2022 Socket Buffers: R=[131072->131072] S=[16384->16384]
Sun Apr 10 13:33:03 2022 Attempting to establish TCP connection with [AF_INET]84.17.59.66:1194 [nonblock]
Sun Apr 10 13:33:04 2022 TCP connection established with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TCP_CLIENT link local: (not bound)
Sun Apr 10 13:33:04 2022 TCP_CLIENT link remote: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TLS: Initial packet from [AF_INET]84.17.59.66:1194, sid=7fcf2166 789df229
Sun Apr 10 13:33:04 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Sun Apr 10 13:33:04 2022 VERIFY KU OK
Sun Apr 10 13:33:04 2022 Validating certificate extended key usage
Sun Apr 10 13:33:04 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Apr 10 13:33:04 2022 VERIFY EKU OK
Sun Apr 10 13:33:04 2022 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:05 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Sun Apr 10 13:33:05 2022 [mxp-318.windscribe.com] Peer Connection Initiated with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:06 2022 SENT CONTROL [mxp-318.windscribe.com]: 'PUSH_REQUEST' (status=1)
Sun Apr 10 13:33:06 2022 AUTH: Received control message: AUTH_FAILED
Sun Apr 10 13:33:06 2022 SIGTERM[soft,auth-failure] received, process exiting

Expected Behavior

To connect to the VPN

How have you tried to solve the problem?

I tried to give root permissions
I checked if it changed the credentials in the config file, and it did.
tried different .opvn from the two VPN providers
changed account passwords (with or without special characters)
test the credential on the VPN providers portal

Log output

Starting container with revision: 8cc1870cc039201e0e2f8b7684a9f4e96ae03ab9
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.WWcSv1CRXO
Extracting configs to /tmp/tmp.rS0D2P1pif
Found configs for WINDSCRIBE in /tmp/tmp.rS0D2P1pif/vpn-configs-contrib-main/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Cleanup: deleting /tmp/tmp.WWcSv1CRXO and /tmp/tmp.rS0D2P1pif
4 servers found in OPENVPN_CONFIG, Milan-Duomo-tcp chosen randomly
Starting OpenVPN using config Milan-Duomo-tcp.ovpn
Modifying /etc/openvpn/windscribe/Milan-Duomo-tcp.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 172.27.0.1 dev eth0
Sun Apr 10 13:33:03 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Sun Apr 10 13:33:03 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Sun Apr 10 13:33:03 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 10 13:33:03 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:03 2022 Socket Buffers: R=[131072->131072] S=[16384->16384]
Sun Apr 10 13:33:03 2022 Attempting to establish TCP connection with [AF_INET]84.17.59.66:1194 [nonblock]
Sun Apr 10 13:33:04 2022 TCP connection established with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TCP_CLIENT link local: (not bound)
Sun Apr 10 13:33:04 2022 TCP_CLIENT link remote: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TLS: Initial packet from [AF_INET]84.17.59.66:1194, sid=7fcf2166 789df229
Sun Apr 10 13:33:04 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Sun Apr 10 13:33:04 2022 VERIFY KU OK
Sun Apr 10 13:33:04 2022 Validating certificate extended key usage
Sun Apr 10 13:33:04 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Apr 10 13:33:04 2022 VERIFY EKU OK
Sun Apr 10 13:33:04 2022 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:05 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Sun Apr 10 13:33:05 2022 [mxp-318.windscribe.com] Peer Connection Initiated with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:06 2022 SENT CONTROL [mxp-318.windscribe.com]: 'PUSH_REQUEST' (status=1)
Sun Apr 10 13:33:06 2022 AUTH: Received control message: AUTH_FAILED
Sun Apr 10 13:33:06 2022 SIGTERM[soft,auth-failure] received, process exiting

Environment

- OS: Ubuntu Server 20.04
- Docker: Docker 20.10.12

Anything else?

No response

I don't think this is a problem with the configs - Windscribe works just fine for me, even with those exact servers. I would double-check your openvpn details - you haven't mixed them up by accident? And you're definitely using your openvpn credentials, not your normal Windscribe login, right? You can find them here if you're a pro subscriber.

One thing though: you've misspelt 'transmission' several times. Unsure if this is intentional or not, but you may be encountering issues with directories if not.

I have the same problem, I don't have a Pro account, how do I get my OPENVPN CREDS at Windsribe without a Pro user???

have this provider 61gb per month free to use

Starting container with revision: 07f5a2b9aea5028c9bb75438c1552708e91dde71
TRANSMISSION_HOME is currently set to: /config/transmission-home
WARNING: Deprecated. Found old default transmission-home folder at /data/transmission-home, setting this as TRANSMISSION_HOME. This might break in future versions.
We will fallback to this directory as long as the folder exists. Please consider moving it to /config/transmission-home
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Will get configs from https://github.com/haugene/vpn-configs-contrib.git
Repository is already cloned, checking for update
Already up to date.
Already on 'main'
Your branch is up to date with 'origin/main'.
Found configs for WINDSCRIBE in /config/vpn-configs-contrib/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
No VPN configuration provided. Using default.
Modifying /etc/openvpn/windscribe/default.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Modification: Updating status for config failure detection
Setting OpenVPN credentials...
adding route to local network 192.168.0.0/24 via 172.18.0.1 dev eth0
2024-06-30 10:51:45 Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
2024-06-30 10:51:45 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-06-30 10:51:45 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-06-30 10:51:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-06-30 10:51:45 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-06-30 10:51:45 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-06-30 10:51:45 TCP/UDP: Preserving recently used remote address: [AF_INET]103.108.92.83:1194
2024-06-30 10:51:45 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-06-30 10:51:45 UDP link local: (not bound)
2024-06-30 10:51:45 UDP link remote: [AF_INET]103.108.92.83:1194
2024-06-30 10:51:45 TLS: Initial packet from [AF_INET]103.108.92.83:1194, sid=76f96464 0a1dec28
2024-06-30 10:51:45 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-06-30 10:51:46 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
2024-06-30 10:51:46 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
2024-06-30 10:51:46 VERIFY KU OK
2024-06-30 10:51:46 Validating certificate extended key usage
2024-06-30 10:51:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-06-30 10:51:46 VERIFY EKU OK
2024-06-30 10:51:46 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=adl-354.windscribe.com
2024-06-30 10:51:46 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=adl-354.windscribe.com
2024-06-30 10:51:46 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2024-06-30 10:51:46 [adl-354.windscribe.com] Peer Connection Initiated with [AF_INET]103.108.92.83:1194
2024-06-30 10:51:47 SENT CONTROL [adl-354.windscribe.com]: 'PUSH_REQUEST' (status=1)
2024-06-30 10:51:48 AUTH: Received control message: AUTH_FAILED
2024-06-30 10:51:48 SIGTERM[soft,auth-failure] received, process exiting

haugene / vpn-configs-contrib

Privado and Windscribe auth_failed #102