search

haugene / vpn-configs-contrib

A collection of configs for various VPN providers
GNU General Public License v3.0
176 stars 739 forks source link

[Hotspotshield] Connection reset, impossible to start container #152

Closed Fgabz closed 8 months ago

Fgabz commented 1 year ago

Is there a pinned issue for this?

Is there an existing or similar issue for this?

Is there any comment in the documentation for this?

Is this related to the container/transmission?

Are you using the latest release?

Have you tried using the dev branch latest?

Config used

Container inside k3s

apiVersion: apps/v1
kind: Deployment
metadata:
  name: transmission-openvpn-deployment
Wed Oct 19 12:43:04 2022 Connection reset command was pushed by server ('')
apiVersion: apps/v1
kind: Deployment
metadata:
  name: transmission-openvpn-deployment
  labels:
    app: transmission-openvpn
spec:
  replicas: 1
  selector:
    matchLabels:
      app: transmission-openvpn
  template:
    metadata:
      labels:
        app: transmission-openvpn
    spec:
      dnsConfig:
        nameservers:
          - 8.8.8.8
          - 8.8.4.4
      volumes:
      - name: "media-ssd"
        persistentVolumeClaim:
          claimName: "media-ssd" # PersistentVolumeClaim created earlier
      - name: "dev-tun" # Needed for VPN
        hostPath:
          path: "/dev/net/tun"
      containers:
        - name: transmission-openvpn
          image: "haugene/transmission-openvpn"
          imagePullPolicy: IfNotPresent
          env:
            - name: OPENVPN_PROVIDER
              value: "HOTSPOTSHIELD"
            - name: OPENVPN_USERNAME
              valueFrom: # Reference to the secret | openvpn.username
                secretKeyRef:
                  name: "openvpn"
                  key: "username"
            - name: OPENVPN_PASSWORD
              valueFrom: # Reference to the secret | openvpn.password
                secretKeyRef:
                  name: "openvpn"
                  key: "password"
            - name: OPENVPN_CONFIG
              value: "HotspotShield_PT_v4"
            - name: LOCAL_NETWORK
              value: "192.168.1.0/24"
            - name: TRANSMISSION_DOWNLOAD_DIR
              value: "/downloads/transmission"
            - name: PUID
              value: "1000"
            - name: PGID
              value: "1000"
          ports:
            - name: http
              containerPort: 9091
              protocol: TCP
          securityContext:
            #readOnlyRootFilesystem: false
            capabilities:
              add: ["NET_ADMIN"]
          volumeMounts:
          - name: "media-ssd"
            mountPath: "/data"
            subPath: "configs/transmission-data" # Path /mnt/ssd/media/configs/transmission-data where transmission writes the configuration
          - name: "media-ssd"
            mountPath: "/downloads/transmission"
            subPath: "downloads/transmission" # Path /mnt/ssd/media/downloads/transmission where transmission downloads Torrents
          - name: dev-tun
            mountPath: "/dev/net/tun" # Needed for VPN

Current Behavior

Starting container with revision: 84941a9ea4663d8b2e1af3db1d50fe4f7fa8736e
Creating TUN device /dev/net/tun
mknod: /dev/net/tun: File exists
Using OpenVPN provider: HOTSPOTSHIELD
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for HOTSPOTSHIELD. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.VOMFp3RLuP
Extracting configs to /tmp/tmp.49c5HTg5kx
Found configs for HOTSPOTSHIELD in /tmp/tmp.49c5HTg5kx/vpn-configs-contrib-main/openvpn/hotspotshield, will replace current content in /etc/openvpn/hotspotshield
Cleanup: deleting /tmp/tmp.VOMFp3RLuP and /tmp/tmp.49c5HTg5kx
Starting OpenVPN using config HotspotShield_PT_v4.ovpn
Modifying /etc/openvpn/hotspotshield/HotspotShield_PT_v4.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 10.42.1.1 dev eth0
Wed Oct 19 12:48:22 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Oct 19 12:48:22 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Wed Oct 19 12:48:22 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Oct 19 12:48:27 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Oct 19 12:48:27 2022 UDP link local: (not bound)
Wed Oct 19 12:48:27 2022 UDP link remote: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 TLS: Initial packet from [AF_INET]185.187.215.105:8041, sid=62a03e7a 63378d42
Wed Oct 19 12:48:27 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
Wed Oct 19 12:48:27 2022 VERIFY KU OK
Wed Oct 19 12:48:27 2022 Validating certificate extended key usage
Wed Oct 19 12:48:27 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Oct 19 12:48:27 2022 VERIFY EKU OK
Wed Oct 19 12:48:27 2022 VERIFY X509NAME OK: CN=blushingpink.us
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=0, CN=blushingpink.us
Wed Oct 19 12:48:27 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1569'
Wed Oct 19 12:48:27 2022 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Wed Oct 19 12:48:27 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Wed Oct 19 12:48:27 2022 [blushingpink.us] Peer Connection Initiated with [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Connection reset command was pushed by server ('')
Wed Oct 19 12:48:27 2022 SIGTERM[soft,server-pushed-connection-reset] received, process exiting

Expected Behavior

container shoud work

How have you tried to solve the problem?

1) Tried different VPN configuration, same output

Log output

Starting container with revision: 84941a9ea4663d8b2e1af3db1d50fe4f7fa8736e
Creating TUN device /dev/net/tun
mknod: /dev/net/tun: File exists
Using OpenVPN provider: HOTSPOTSHIELD
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for HOTSPOTSHIELD. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.VOMFp3RLuP
Extracting configs to /tmp/tmp.49c5HTg5kx
Found configs for HOTSPOTSHIELD in /tmp/tmp.49c5HTg5kx/vpn-configs-contrib-main/openvpn/hotspotshield, will replace current content in /etc/openvpn/hotspotshield
Cleanup: deleting /tmp/tmp.VOMFp3RLuP and /tmp/tmp.49c5HTg5kx
Starting OpenVPN using config HotspotShield_PT_v4.ovpn
Modifying /etc/openvpn/hotspotshield/HotspotShield_PT_v4.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 10.42.1.1 dev eth0
Wed Oct 19 12:48:22 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Oct 19 12:48:22 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Wed Oct 19 12:48:22 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Oct 19 12:48:27 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Oct 19 12:48:27 2022 UDP link local: (not bound)
Wed Oct 19 12:48:27 2022 UDP link remote: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 TLS: Initial packet from [AF_INET]185.187.215.105:8041, sid=62a03e7a 63378d42
Wed Oct 19 12:48:27 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
Wed Oct 19 12:48:27 2022 VERIFY KU OK
Wed Oct 19 12:48:27 2022 Validating certificate extended key usage
Wed Oct 19 12:48:27 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Oct 19 12:48:27 2022 VERIFY EKU OK
Wed Oct 19 12:48:27 2022 VERIFY X509NAME OK: CN=blushingpink.us
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=0, CN=blushingpink.us
Wed Oct 19 12:48:27 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1569'
Wed Oct 19 12:48:27 2022 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Wed Oct 19 12:48:27 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Wed Oct 19 12:48:27 2022 [blushingpink.us] Peer Connection Initiated with [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Connection reset command was pushed by server ('')
Wed Oct 19 12:48:27 2022 SIGTERM[soft,server-pushed-connection-reset] received, process exiting

Environment

- OS:Ubuntu server
- K3s: v1.24.6+k3s1

Anything else?

No response

pkishino commented 1 year ago

vpn server triggers the connection reset, probably needs updated ovpn files..

Fgabz commented 1 year ago

I suppose, I've manually used the file provided by Hotspot and it worked

pkishino commented 1 year ago

You mean you tried with a newer profile and it worked? this means the current ones in this repo are outdated,right?

asavage7 commented 11 months ago

I've had this issue as well, it seems that HotspotShield generates a new ovpn file each time you link a new device. The file will only work for the device and location you set up, so anyone using HotspotShield needs to add a custom config file :/