search

haugene / vpn-configs-contrib

A collection of configs for various VPN providers
GNU General Public License v3.0
191 stars 757 forks source link

Updated Mullvad openvpn profiles #305

Closed wickedyoda closed 3 months ago

wickedyoda commented 3 months ago

Updated Mullvad profiles as of 8.8.24, some had changes and other did not. They had not been updated recently. Not sure if the problems with Mullvad is related to some outdated profiles or something else. But currently getting random Auth errors and working to correct them.

Breaking change

<placeholder>

Proposed change

<placeholder>

Type of change

Additional information

Checklist

If user exposed functionality or configuration variables are added/changed:

sntyj commented 3 months ago

@pkishino This change broke my pod, I had to revert back to the previous revision of the us_all config in order for it to start again. Here was the logs from that:

Starting container with revision: 07f5a2b9aea5028c9bb75438c1552708e91dde71
TRANSMISSION_HOME is currently set to: /config/transmission-home
Creating TUN device /dev/net/tun
Using OpenVPN provider: MULLVAD
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for MULLVAD. Defaulting to external config
Will get configs from https://github.com/haugene/vpn-configs-contrib.git
Repository is already cloned, checking for update
Already up to date.
Already on 'main'
M       openvpn/mullvad/us_all.ovpn
Your branch is up to date with 'origin/main'.
Found configs for MULLVAD in /config/vpn-configs-contrib/openvpn/mullvad, will replace current content in /etc/openvpn/mullvad
Starting OpenVPN using config us_all.ovpn
Modifying /etc/openvpn/mullvad/us_all.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Modification: Updating status for config failure detection
Setting OpenVPN credentials...
adding route to local network X.X.X.0/24 via X.X.X.X dev eth0
Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/mullvad/us_all.ovpn:16: service (2.5.9)
Use --help for more information.

I went ahead and removed this:

service mullvadopenvpn
block-outside-dns

And added back this:

script-security 2
fast-io

On service mullvadopenvpn:

As far as I can tell, the service option was maybe just a Windows thing? I don't see any references to what that option would be used for: https://community.openvpn.net/openvpn/wiki/DeprecatedOptions#Windows:openvpn-legacy-serviceStatus:Removed

Hope that is helpful.

penyuan commented 3 months ago

Confirming that pull #305 also broke my Mullvad set up, and I get almost the exact error that @sntyj reported.

@sntyj: Can you explain how you reverted to an older config file? When I create and start my container, it automatically fetches config files from https://github.com/haugene/vpn-configs-contrib.git. What are the steps you took?

ktetzlaff commented 3 months ago

I have created #311 for the breakage on Linux.

@penyuan: What I did is set environment variable GITHUB_CONFIG_SOURCE_REVISION to aac0f2ae088b0e6d2219400c95422def08225d41 (which is the commit before the change from this PR) and comment out a line in fetch-external-configs.sh:

diff --git a/openvpn/fetch-external-configs.sh b/openvpn/fetch-external-configs.sh
index 486d597b8..1f2f374c0 100755
--- a/openvpn/fetch-external-configs.sh
+++ b/openvpn/fetch-external-configs.sh
@@ -60,7 +60,7 @@ elif [[ "${VPN_CONFIG_SOURCE_TYPE}" == "github_clone" ]]; then
     GITHUB_CONFIG_SOURCE_LOCAL=$(git -C "${config_repo}" remote -v | head -1 | awk '{print $2}' | sed -e 's/https:\/\/github.com\///' -e 's/.git//')
     if [ "$GITHUB_CONFIG_SOURCE_LOCAL" == "$GITHUB_CONFIG_SOURCE_REPO" ]; then
       echo "Repository is already cloned, checking for update"
-      git -C "${config_repo}" pull
+      #git -C "${config_repo}" pull
       git -C "${config_repo}" checkout "${GITHUB_CONFIG_SOURCE_REVISION}"
     else
       echo "Cloning ${GITHUB_CONFIG_REPO_URL} into ${config_repo}"

The latter requires rebuilding the image/container. However, it is only necessary when you restart the container with an existing clone of this repository (alternatively, you can just delete the cloned working copy before the (re-)start).

penyuan commented 3 months ago

Thank you @ktetzlaff for the feedback and pull request #311. FWIW, I downloaded the Mullvad files from the previous commit: https://github.com/haugene/vpn-configs-contrib/tree/a189d8f552ff48db16e85e114b743b2fc8b2d06d/openvpn/mullvad

Then, followed the official docs to use it as a custom provider: https://haugene.github.io/docker-transmission-openvpn/supported-providers/#using_a_local_single_ovpn_file_from_a_provider

And for now it works. But this is a stopgap measure, and I hope that the problem will be fixed through an upcoming merge/commit.

sntyj commented 3 months ago

Confirming that pull #305 also broke my Mullvad set up, and I get almost the exact error that @sntyj reported.

@sntyj: Can you explain how you reverted to an older config file? When I create and start my container, it automatically fetches config files from https://github.com/haugene/vpn-configs-contrib.git. What are the steps you took?

Sorry for the late reply, it looks like you got a nice work around already.

My setup is on a k3s cluster, with the hostPath persistent volume claim pointing to the local filesystem on my node. So I was able to update the config directly without having to specify a custom provider.

divadsn commented 3 months ago

I've forked this repo and reverted the commit so that you only need to set GITHUB_CONFIG_SOURCE_REPO to divadsn/vpn-configs-contrib-mullvad and it will fetch from the forked repo instead.