search

jamesmcm / vopono

Run applications through VPN tunnels with temporary network namespaces
GNU General Public License v3.0
819 stars 44 forks source link

Stuck on launching openvpn in newest release and some time on the previous one #200

Open fkiifdjo opened 1 year ago

fkiifdjo commented 1 year ago

Currently I'm on nobara/fedora 37 but this has also happened on a ubuntu based distro I tried. I tried the netherlands connection earlier and it didn't work either so the multiple connections isn't related.

2023-01-18T09:04:59.723Z DEBUG vopono_core::util > Using config dir from $HOME config: /home/user/.config 2023-01-18T09:04:59.733Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native 2023-01-18T09:04:59.733Z INFO vopono_core::util > Calling sudo for elevated privileges, current user will be used as default user 2023-01-18T09:04:59.733Z DEBUG vopono_core::util > Args: ["vopono", "-v", "exec", "--provider", "ProtonVPN", "--server", "japan", "librewolf"] [sudo] password for user: 2023-01-18T09:05:06.972Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:06.972Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:06.978Z DEBUG vopono_core::util::pulseaudio > Setting PULSE_SERVER to /run/user/1000/pulse/native 2023-01-18T09:05:06.978Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:06.978Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:06.979Z DEBUG vopono_core::util > Existing namespaces: ["vopono_proton_netherlands"] 2023-01-18T09:05:06.982Z DEBUG vopono_core::util > PIDs active in vopono_proton_netherlands: [] 2023-01-18T09:05:06.982Z DEBUG vopono_core::util > Removing dead namespace: vopono_proton_netherlands 2023-01-18T09:05:06.982Z DEBUG vopono_core::util > ip netns delete vopono_proton_netherlands 2023-01-18T09:05:06.986Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:06.987Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:06.987Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:06.987Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "firewall" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "custom_config" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "custom_netns_name" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "open_hosts" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "allow_host_access" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "postup" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "predown" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "user" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "group" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "working-directory" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "dns" not found 2023-01-18T09:05:06.987Z DEBUG vopono::exec > vopono config.toml: configuration property "protocol" not found 2023-01-18T09:05:06.987Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:06.987Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:06.988Z DEBUG vopono::exec > vopono config.toml: configuration property "interface" not found 2023-01-18T09:05:06.988Z DEBUG vopono_core::network::network_interface > ip addr 2023-01-18T09:05:06.992Z WARN vopono::exec > Multiple network interfaces are active: [ "enp0s31f6", "n_netherlands_d@if5", ], consider specifying the interface with the -i argument. Using enp0s31f6 2023-01-18T09:05:06.992Z DEBUG vopono::exec > Interface: enp0s31f6 2023-01-18T09:05:06.992Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:06.992Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:06.992Z INFO vopono_core::util > Chosen config: /home/user/.config/vopono/proton/openvpn/japan-jp-free.ovpn 2023-01-18T09:05:06.999Z DEBUG vopono_core::util > Existing namespaces: [] 2023-01-18T09:05:06.999Z DEBUG vopono_core::util > ip netns add vopono_proton_japan 2023-01-18T09:05:07.006Z INFO vopono_core::network::netns > Created new network namespace: vopono_proton_japan 2023-01-18T09:05:07.008Z DEBUG vopono_core::util > Existing interfaces: 2023-01-18T09:05:07.010Z DEBUG vopono_core::util > Assigned IPs: [] 2023-01-18T09:05:07.010Z DEBUG vopono_core::network::netns > ip netns exec vopono_proton_japan ip addr add 127.0.0.1/8 dev lo 2023-01-18T09:05:07.015Z DEBUG vopono_core::network::netns > ip netns exec vopono_proton_japan ip link set lo up STATE CONNECTIVITY WIFI-HW WIFI WWAN-HW WWAN
connected full missing enabled missing enabled 2023-01-18T09:05:07.031Z DEBUG vopono_core::network::veth_pair > Detected NetworkManager running 2023-01-18T09:05:07.031Z DEBUG vopono_core::network::veth_pair > NetworkManager detected, adding _proton_japan_d to unmanaged devices 2023-01-18T09:05:07.031Z DEBUG vopono_core::network::veth_pair > Appending to existing NetworkManager config file: /etc/NetworkManager/conf.d/unmanaged.conf 2023-01-18T09:05:07.031Z DEBUG vopono_core::util > nmcli connection reload running 2023-01-18T09:05:07.215Z DEBUG vopono_core::network::veth_pair > Detected firewalld running 2023-01-18T09:05:07.215Z DEBUG vopono_core::network::veth_pair > Detected firewalld running, adding _proton_japan_d veth device to trusted zone success 2023-01-18T09:05:07.405Z DEBUG vopono_core::util > ip link add _proton_japan_d type veth peer name _proton_japan_s 2023-01-18T09:05:07.407Z DEBUG vopono_core::util > ip link set _proton_japan_d up 2023-01-18T09:05:07.416Z DEBUG vopono_core::util > ip link set _proton_japan_s netns vopono_proton_japan up 2023-01-18T09:05:07.432Z DEBUG vopono_core::util > ip addr add 10.200.1.1/24 dev _proton_japan_d 2023-01-18T09:05:07.437Z DEBUG vopono_core::network::netns > ip netns exec vopono_proton_japan ip addr add 10.200.1.2/24 dev _proton_japan_s 2023-01-18T09:05:07.440Z DEBUG vopono_core::network::netns > ip netns exec vopono_proton_japan ip route add default via 10.200.1.1 dev _proton_japan_s 2023-01-18T09:05:07.443Z INFO vopono_core::network::netns > IP address of namespace as seen from host: 10.200.1.2 2023-01-18T09:05:07.443Z INFO vopono_core::network::netns > IP address of host as seen from namespace: 10.200.1.1 2023-01-18T09:05:07.443Z DEBUG vopono_core::util > nft add table inet vopono_nat 2023-01-18T09:05:07.447Z DEBUG vopono_core::util > nft add chain inet vopono_nat postrouting { type nat hook postrouting priority 100 ; } 2023-01-18T09:05:07.452Z DEBUG vopono_core::util > nft add rule inet vopono_nat postrouting oifname enp0s31f6 ip saddr 10.200.1.0/24 counter masquerade 2023-01-18T09:05:07.459Z DEBUG vopono_core::util > nft add table inet vopono_bridge 2023-01-18T09:05:07.461Z DEBUG vopono_core::util > nft add chain inet vopono_bridge forward { type filter hook forward priority -10 ; } 2023-01-18T09:05:07.466Z DEBUG vopono_core::util > nft add rule inet vopono_bridge forward iifname _proton_japan_d oifname enp0s31f6 counter accept 2023-01-18T09:05:07.473Z DEBUG vopono_core::util > nft add rule inet vopono_bridge forward oifname _proton_japan_d iifname enp0s31f6 counter accept 2023-01-18T09:05:07.479Z DEBUG vopono_core::util > sysctl -q net.ipv4.ip_forward=1 2023-01-18T09:05:07.480Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:07.480Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:07.480Z DEBUG vopono_core::config::vpn > Read auth file: /home/user/.config/vopono/proton/openvpn/auth.txt 2023-01-18T09:05:07.480Z DEBUG vopono_core::network::dns_config > Setting namespace vopono_proton_japan DNS server to 8.8.8.8 2023-01-18T09:05:07.480Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:07.480Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:07.480Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:07.480Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:07.481Z DEBUG vopono_core::util > Using config dir from $HOME config: /root/.config 2023-01-18T09:05:07.481Z DEBUG vopono_core::util > Using config dir from $SUDO_USER config: /home/user/.config 2023-01-18T09:05:07.481Z INFO vopono_core::network::openvpn > Launching OpenVPN... 2023-01-18T09:05:07.481Z DEBUG vopono_core::network::openvpn > Detected IPv6 enabled in /sys/module/ipv6/parameters/disable 2023-01-18T09:05:07.481Z DEBUG vopono_core::network::openvpn > Found remotes: [Remote { host: Hostname("jp-free-news.protonvpn.net"), port: 5060, protocol: UDP }, Remote { host: Hostname("jp-free-news.protonvpn.net"), port: 4569, protocol: UDP }, Remote { host: Hostname("jp-free-news.protonvpn.net"), port: 1194, protocol: UDP }, Remote { host: Hostname("jp-free-news.protonvpn.net"), port: 51820, protocol: UDP }, Remote { host: Hostname("jp-free-news.protonvpn.net"), port: 80, protocol: UDP }] 2023-01-18T09:05:07.481Z DEBUG vopono_core::network::netns > ip netns exec vopono_proton_japan openvpn --config /home/user/.config/vopono/proton/openvpn/japan-jp-free.ovpn --machine-readable-output --log /home/user/.config/vopono/logs/vopono_proton_japan_openvpn.log --auth-user-pass /home/user/.config/vopono/proton/openvpn/auth.txt --connect-retry-max 1 --pull-filter ignore block-outside-dns 2023-01-18T09:05:07.486Z DEBUG vopono_core::network::openvpn > 1674032707.486967 40 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2023-01-18T09:05:07.487Z DEBUG vopono_core::network::openvpn > 1674032707.487779 40 WARNING: file '/home/user/.config/vopono/proton/openvpn/auth.txt' is group or others accessible 2023-01-18T09:05:07.487Z DEBUG vopono_core::network::openvpn > 1674032707.487799 1 OpenVPN 2.5.8 x86_64-redhat-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 1 2022 2023-01-18T09:05:07.487Z DEBUG vopono_core::network::openvpn > 1674032707.487810 1 library versions: OpenSSL 3.0.5 5 Jul 2022, LZO 2.10 2023-01-18T09:05:07.488Z DEBUG vopono_core::network::openvpn > 1674032707.488860 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:07.488Z DEBUG vopono_core::network::openvpn > 1674032707.488877 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:07.648Z DEBUG vopono_core::network::openvpn > 1674032707.648771 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:80 (No address associated with hostname) 2023-01-18T09:05:07.711Z DEBUG vopono_core::network::openvpn > 1674032707.711540 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:80 (No address associated with hostname) 2023-01-18T09:05:07.711Z DEBUG vopono_core::network::openvpn > 1674032707.711560 40 Could not determine IPv4/IPv6 protocol 2023-01-18T09:05:07.711Z DEBUG vopono_core::network::openvpn > 1674032707.711596 1 SIGUSR1[soft,init_instance] received, process restarting 2023-01-18T09:05:07.711Z DEBUG vopono_core::network::openvpn > 1674032707.711611 21000003 Restart pause, 5 second(s) 2023-01-18T09:05:12.712Z DEBUG vopono_core::network::openvpn > 1674032712.712320 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:12.712Z DEBUG vopono_core::network::openvpn > 1674032712.712342 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:12.750Z DEBUG vopono_core::network::openvpn > 1674032712.750728 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:4569 (No address associated with hostname) 2023-01-18T09:05:12.801Z DEBUG vopono_core::network::openvpn > 1674032712.801927 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:4569 (No address associated with hostname) 2023-01-18T09:05:12.801Z DEBUG vopono_core::network::openvpn > 1674032712.801947 40 Could not determine IPv4/IPv6 protocol 2023-01-18T09:05:12.802Z DEBUG vopono_core::network::openvpn > 1674032712.802037 1 SIGUSR1[soft,init_instance] received, process restarting 2023-01-18T09:05:12.802Z DEBUG vopono_core::network::openvpn > 1674032712.802082 21000003 Restart pause, 5 second(s) 2023-01-18T09:05:17.802Z DEBUG vopono_core::network::openvpn > 1674032717.802252 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:17.802Z DEBUG vopono_core::network::openvpn > 1674032717.802280 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:17.839Z DEBUG vopono_core::network::openvpn > 1674032717.839024 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:1194 (No address associated with hostname) 2023-01-18T09:05:17.915Z DEBUG vopono_core::network::openvpn > 1674032717.915456 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:1194 (No address associated with hostname) 2023-01-18T09:05:17.915Z DEBUG vopono_core::network::openvpn > 1674032717.915480 40 Could not determine IPv4/IPv6 protocol 2023-01-18T09:05:17.915Z DEBUG vopono_core::network::openvpn > 1674032717.915517 1 SIGUSR1[soft,init_instance] received, process restarting 2023-01-18T09:05:17.915Z DEBUG vopono_core::network::openvpn > 1674032717.915533 21000003 Restart pause, 5 second(s) 2023-01-18T09:05:22.915Z DEBUG vopono_core::network::openvpn > 1674032722.915638 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:22.915Z DEBUG vopono_core::network::openvpn > 1674032722.915663 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:22.955Z DEBUG vopono_core::network::openvpn > 1674032722.955779 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:51820 (No address associated with hostname) 2023-01-18T09:05:23.031Z DEBUG vopono_core::network::openvpn > 1674032723.031807 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:51820 (No address associated with hostname) 2023-01-18T09:05:23.031Z DEBUG vopono_core::network::openvpn > 1674032723.031829 40 Could not determine IPv4/IPv6 protocol 2023-01-18T09:05:23.031Z DEBUG vopono_core::network::openvpn > 1674032723.031866 1 SIGUSR1[soft,init_instance] received, process restarting 2023-01-18T09:05:23.031Z DEBUG vopono_core::network::openvpn > 1674032723.031950 21000003 Restart pause, 5 second(s) 2023-01-18T09:05:28.032Z DEBUG vopono_core::network::openvpn > 1674032728.032088 14000002 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:28.032Z DEBUG vopono_core::network::openvpn > 1674032728.032115 14000002 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2023-01-18T09:05:28.069Z DEBUG vopono_core::network::openvpn > 1674032728.069660 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:5060 (No address associated with hostname) 2023-01-18T09:05:28.121Z DEBUG vopono_core::network::openvpn > 1674032728.121743 4000021 RESOLVE: Cannot resolve host address: jp-free-news.protonvpn.net:5060 (No address associated with hostname) 2023-01-18T09:05:28.121Z DEBUG vopono_core::network::openvpn > 1674032728.121764 40 Could not determine IPv4/IPv6 protocol 2023-01-18T09:05:28.121Z DEBUG vopono_core::network::openvpn > 1674032728.121810 1 SIGUSR1[soft,init_instance] received, process restarting 2023-01-18T09:05:28.121Z DEBUG vopono_core::network::openvpn > 1674032728.121825 21000003 Restart pause, 5 second(s) 2023-01-18T09:05:33.121Z DEBUG vopono_core::network::openvpn > 1674032733.121922 10 All connections have been connect-retry-max (1) times unsuccessful, exiting 2023-01-18T09:05:33.121Z DEBUG vopono_core::network::openvpn > 1674032733.121941 1 Exiting due to fatal error

jamesmcm commented 1 year ago

Could you try with --firewall iptables?

And if you replace the hostname in the config file with the IP address? (i.e. ping the hostname normally, outside vopono to get it)

And does OpenVPN work outside of vopono with that config file? i.e. if you run:

$ sudo openvpn --config /home/user/.config/vopono/proton/openvpn/japan-jp-free.ovpn --machine-readable-output --log /home/user/.config/vopono/logs/vopono_proton_japan_openvpn.log --auth-user-pass /home/user/.config/vopono/proton/openvpn/auth.txt --connect-retry-max 1 --pull-filter ignore block-outside-dns

directly, does it connect?

fkiifdjo commented 1 year ago

Could you try with --firewall iptables?

Doesn't work and seems like it has the same output.

And if you replace the hostname in the config file with the IP address? (i.e. ping the hostname normally, outside vopono to get it)

The config file is empty but it worked fine before but honestly not sure how to do this. Where did I put the ip address in the config file? I don't really see a listing for that and as far as I know how to do it pinging the vpn's hostname receives "Name or service not known"

And does OpenVPN work outside of vopono with that config file? i.e. if you run:

It just hangs for a while and then returns to normal like nothing was entered.

jamesmcm commented 1 year ago

I meant in the openvpn config file, like in /home/user/.config/vopono/proton/openvpn/japan-jp-free.ovpn

Replace:

remote jp-free-news.protonvpn.net 8443
remote jp-free-news.protonvpn.net 443
remote jp-free-news.protonvpn.net 7770

with:

remote {ip_address} 8443
remote {ip_address}  443
remote {ip_address}  7770

I couldn't find the IP addresses for the hosts though, I'm not sure how the DNS lookup here works normally, I will try to take a look at their CLI app when I get some time as it seems something has changed regarding that since this used to work.

Note that it doesn't even work with OpenVPN normally now, the issue is how to do the DNS lookup for ProtonVPN's OpenVPN server in order to connect, rather than anything vopono-specific. Unfortunately most of their documentation is just for their official clients rather than using OpenVPN directly.

fkiifdjo commented 1 year ago

Alright thanks. Hopefully this gets fixed one way or another.