ProtonVPN migration from node-us-XXX

[retrodaredevil]

Is there a pinned issue for this?

• [X] I have read the pinned issues

Is there an existing or similar issue for this?

• [X] I have searched the existing issues

Is there any comment in the documentation for this?

• [X] I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• [X] I have checked the container repo for issues

Are you using the latest release?

• [X] I am using the latest release

Have you tried using the dev branch latest?

• [X] I have tried using dev branch

Config used

services:
    transmission-openvpn:
        cap_add:
            - NET_ADMIN
        volumes:
            - './transmission-data:/data'
        environment:
            - OPENVPN_PROVIDER=PROTONVPN
            #- OPENVPN_CONFIG=node-us-129.protonvpn.com.udp
            - OPENVPN_CONFIG=us.protonvpn.net.udp
            - OPENVPN_USERNAME=***
            - OPENVPN_PASSWORD=***
            - LOCAL_NETWORK=192.168.0.0/16
            - TZ=America/Chicago
        logging:
            driver: json-file
            options:
                max-size: 10m
#        ports:
#            - '9091:9091'
        image: haugene/transmission-openvpn
        restart: unless-stopped

Current Behavior

I was using proton VPN for a while, then it stopped working with transmission. I believe this is not a transmission-openvpn issue because I see that there were breaking changes for ProtonVPN recently.

Expected Behavior

I would like some info on how to migrate from node-us-129.protonvpn.com.udp. I took a peek at #157 but it doesn't look like anyone had any migration tips.

How have you tried to solve the problem?

I tried us.protonvpn.com.udp, but obviously that isn't a valid server. I notice that the log output tells me what servers I can use, but I have no idea how these servers relate to what I was previously using.

Log output

transmission-openvpn-transmission-openvpn-1  | Supplied config us.protonvpn.net.udp.ovpn could not be found.
transmission-openvpn-transmission-openvpn-1  | Your options for this provider are:
transmission-openvpn-transmission-openvpn-1  | ch.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | ch.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | cz.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | cz.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | es.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | es.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | hk.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | hk.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | hu.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | hu.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | is.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | is.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | ng.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | ng.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | nl.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | nl.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | pl.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | pl.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | ro.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | ro.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | se.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | se.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | sg.protonvpn.net.tcp.ovpn
transmission-openvpn-transmission-openvpn-1  | sg.protonvpn.net.udp.ovpn
transmission-openvpn-transmission-openvpn-1  | NB: Remember to not specify .ovpn as part of the config name.

Environment

sudo docker version
Client: Docker Engine - Community
 Version:           20.10.21
 API version:       1.41
 Go version:        go1.18.7
 Git commit:        baeda1f
 Built:             Tue Oct 25 18:02:28 2022
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server: Docker Engine - Community
 Engine:
  Version:          20.10.21
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.18.7
  Git commit:       3056208
  Built:            Tue Oct 25 18:00:19 2022
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.6.9
  GitCommit:        1c90a442489720eec95342e1789ee8a5e1b9536f
 runc:
  Version:          1.1.4
  GitCommit:        v1.1.4-0-g5fd4c4d
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

Anything else?

I'm really just asking for support here as I'm a little annoyed that an update in this repository caused a problem in my docker container that I had left running for a while, but upon restart (and probably an update) it started acting up. I want to use a ProtonVPN server in Chicago and I'm really not sure which one to choose now.

Also, filling out this issue form was a little tedious. As someone submitting a bug report it was annoying, but if it helps you read the issue, then I guess it's helping someone out.

[cfslpower]

I also noticed this when a container restarted and my VPN config (silently) broke with no explanation as to why. It seems as though the specific servers were deliberately removed in #157, but no reason was given for this change in that issue. It can't be very uncommon to use paid ProtonVPN and want to target to a P2P server that's in a country that's not totally P2P-enabled. ProtonVPN still provides OVPN configs for these servers, as well. Why was this (breaking) change implemented?

[Forage]

The migration tip is an easy one, as indicated in your log: pick a server from the list provided, of the country of your preference. The main reason in the end for no longer having server specific profiles is twofold:

1. It's better to only include P2P servers
2. That means server specific profiles need to be hand-picked and updated regularly, which is a maintenance burden.

There isn't a way to determine if a profile is P2P enabled by looking at it's contents, as far as I know. Creating a semi-automated download/selection script could maybe be done, but that would add yet another script to maintain for dealing with the regular website changes.

[retrodaredevil]

Which of these servers correspond to the United States? us.protonvpn.net is not valid. I'm sure one of the two letter codes makes sense, I just can't tell for certain which one is US.

Also, I'm more angry at the fact that I had a working, running docker container, and a change here broke it. Yes, I will do the migration, but if I have a working docker container and it breaks because of this repository, then that's really not good. Maybe some sort of warning for deprecated configs next time? I will probably just use one of proton's provided openvpn configs from now on as I really want to be sure that it won't break randomly in the future.

[Forage]

As you can see in the log, there are no longer US profiles included, since Proton VPN does not provide country-wide P2P profiles for that country. If you do insist on using a specific US server, you can use a profile externally and no longer depend on automatically provided profiles from this repository.

Don't get me wrong, I prefer providing the server specific profiles as well to give people a choice, but it has to be maintained at the same time, which takes time and dedication until a way to avoid handpicking had been found.

[cfslpower]

Why is handpicking necessary? I understand the desire to not want to include profiles that aren't P2P-enabled, but we're all consenting adults here and it's our personal credentials that are being used to log in to these servers. It's on us if we misuse them regardless. If you're worried about people being confused as to why P2P is not working, that sounds more like a documentation issue than a reason to make a breaking change.

[pkishino]

as mentioned above, it is a maintenance issue.. we, the maintainers of this project, are trying to outsource provider maintenance as 1) we don't use most of the provider ourselves 2) to keep checking and updating these profiles is a hassle when providers change parameters and servers etc.. the result is that the above PR results in far far less maintenance, provides much better usability for (most) users, and those who still want to do their own thing are always welcome to use the CUSTOM provider path as documented in our documentation and mount whatever profile they wish.

As such, sorry, but I will close this as the resolution is to either 1) revert back to an older version 2) pick one of the available profiles or 3) configure your own.

[mark-monteiro]

I also ran into this issue and ended up using my own config file. Using one of the available profiles in this repo was not an option for me since the countries where this is available are nowhere near where I am located. Here is a quick guide for anyone who stumbles across this issue who wants to do the same:

1. Download the config file(s) for your desired server(s) from the ProtonVPN website. When doing this I noticed that most cities only have one or two distinct config files even though many server are listed. For example, Montreal has 12 servers listed, but there are actually only two distinct files that you need to download that covers all all of them (node-ca-06.protonvpn.net.udp.ovpn and node-ca-07.protonvpn.net.udp.ovpn)

2. This step is optional, but if you want to load balance between all the servers that you downloaded config files for, you will need to combine their config files. This was easier than I thought it would be, the schema for .ovpn files can be found in the OpenVPN repository in an example config file. To combine the files, choose one file to edit as a base and then copy the remote xxx.xxx.xxx.xxx xxxx entries from the other files into that file.

3. Mount a directory containing your custom config file(s) into the container at /etc/openvpn/custom/. The way to do this is explained on the documentation site, but beware that you should mount the entire folder and not follow the instructions to mount a single file as I found it does not work. Also, if you've changed the PUID of PGID options, make sure that the mounted folder has the correct permissions in the container.

4. Update the environment variable OPENVPN_PROVIDER=custom. If you only have a single config file named default.ovpn then you can also omit the OPENVPN_CONFIG variable to automatically select this file, otherwise you will need to set OPENVPN_CONFIG to match the name of the config file you want to use

[jsloan117]

@mark-monteiro - nice & good work on the docs.

I know you linked to #2274 saying it doesn't work, and that is true if you're mounting a .ovpn file directly. If you mount the folder itself you won't have issues.

At any rate, I've opened PR #2426 to fix this behavior.