search

ilteoood / docker-surfshark

Docker container with OpenVPN client preconfigured for SurfShark
MIT License
132 stars 34 forks source link

Docker image constantly rebooting for few days #86

Closed Whisper40 closed 7 months ago

Whisper40 commented 7 months ago

Hello, i use your docker image for few months, and it seems that it is now broken, container is restarting each time.

 inflating: ovpn_configs/uz-tas.prod.surfshark.com_udp.ovpn  
  inflating: ovpn_configs/ve-car.prod.surfshark.com_tcp.ovpn  
  inflating: ovpn_configs/ve-car.prod.surfshark.com_udp.ovpn  
  inflating: ovpn_configs/vn-hcm.prod.surfshark.com_tcp.ovpn  
  inflating: ovpn_configs/vn-hcm.prod.surfshark.com_udp.ovpn  
Chose: sk-bts.prod.surfshark.com_udp.ovpn
Do not forget to expose the ports for attached container web ui access
2024-02-16 12:09:29 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-02-16 12:09:29 WARNING: file 'vpn-auth.txt' is group or others accessible
2024-02-16 12:09:29 OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-02-16 12:09:29 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-02-16 12:09:29 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2024-02-16 12:09:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-02-16 12:09:29 TCP/UDP: Preserving recently used remote address: [AF_INET]185.76.8.212:1194
2024-02-16 12:09:29 Socket Buffers: R=[212992->212992] S=[212992->212992]
2024-02-16 12:09:29 UDPv4 link local: (not bound)
2024-02-16 12:09:29 UDPv4 link remote: [AF_INET]185.76.8.212:1194
2024-02-16 12:09:29 TLS: Initial packet from [AF_INET]185.76.8.212:1194, sid=6cceb2a2 5eedd730
2024-02-16 12:09:29 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-02-16 12:09:29 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2024-02-16 12:09:29 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2024-02-16 12:09:29 VERIFY KU OK
2024-02-16 12:09:29 Validating certificate extended key usage
2024-02-16 12:09:29 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-02-16 12:09:29 VERIFY EKU OK
2024-02-16 12:09:29 VERIFY OK: depth=0, CN=sk-bts-v008.prod.surfshark.com
2024-02-16 12:09:29 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2024-02-16 12:09:29 [sk-bts-v008.prod.surfshark.com] Peer Connection Initiated with [AF_INET]185.76.8.212:1194
2024-02-16 12:09:29 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2024-02-16 12:09:29 TLS: tls_multi_process: initial untrusted session promoted to trusted
2024-02-16 12:09:30 SENT CONTROL [sk-bts-v008.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2024-02-16 12:09:35 SENT CONTROL [sk-bts-v008.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2024-02-16 12:09:35 AUTH: Received control message: AUTH_FAILED
2024-02-16 12:09:35 SIGTERM[soft,auth-failure] received, process exiting
Resetting all rules to installed defaults. Proceed with operation (y|n)? Aborted
Default incoming policy changed to 'deny'
(be sure to update your rules accordingly)
Default outgoing policy changed to 'deny'
(be sure to update your rules accordingly)
Skipping adding existing rule
Skipping adding existing rule (v6)
Firewall is active and enabled on system startup
ilteoood commented 7 months ago

Hi, can you share also the way in which you have configured it?

Whisper40 commented 7 months ago 
services:
  # start services
  # start surfshark
  surfshark_00050:
    image: ilteoood/docker-surfshark:latest
    container_name: surfshark_00050
    restart: always
    environment:
      - SURFSHARK_USER=${USER_SURFSHARK}
      - SURFSHARK_PASSWORD=${PASSWORD_SURFSHARK}
      #- SURFSHARK_COUNTRY=fr
      #- SURFSHARK_CITY=par
      - CONNECTION_TYPE=udp
    labels:
      - "com.centurylinklabs.watchtower.enable=false"
    #      - LAN_NETWORK=
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    ports:
      - ${RUTORRENT_PORT}:${RUTORRENT_PORT}
    dns: 1.1.1.1
    networks:
      - proxy

Actually rutorrent that is attached to this container cannot start because surfshark is down

ilteoood commented 7 months ago

The problem is here:

2024-02-16 12:09:35 AUTH: Received control message: AUTH_FAILED

Seems that you are using wrong configurations, remember that for the VPN you need dedicated credentials. Are you sure that haven't been reset?

Whisper40 commented 7 months ago

Oh yes sorry you are right, it seems that the account has not been renewed... I was focus on "Resetting all rules.."

Thanks for your time