search

jamesmcm / vopono

Run applications through VPN tunnels with temporary network namespaces
GNU General Public License v3.0
827 stars 44 forks source link

ProtonVPN Wireguard and OpenVPN Portforwarding Does Not Work #247

Open Ilirski opened 8 months ago

Ilirski commented 8 months ago

I'm using the vopono-gitAUR package, with a ProtonVPN Pro account. Version is 0.10.8.

To replicate WireGuard

  1. Go to https://account.proton.me > Wireguard
  2. Tick Linux, NAT-PMP (Port Forwarding), VPN Accelerator
  3. Download any Standard Server Config with P2P support
  4. Run vopono -v exec --provider custom --custom wg-XX-XX.conf --protocol wireguard --port-forwarding qbittorrent
  5. Result: Error: Port forwarding not supported for the selected provider

To replicate OpenVPN

  1. Follow instructions in User Guide to sync with ProtonVPN Server
  2. https://account.proton.me > OpenVPN
  3. Tick Linux, UDP
  4. Download any Standard Server Config with P2P support
  5. Run vopono -v exec --provider ProtonVPN --custom XX-XX.protonvpn.udp.ovpn --port-forwarding qbitorrent
  6. Result: Hangs on ip netns exec vo_c_HTCzRwv openvpn --config /home/user/Documents/XX-XX.protonvpn.udp.ovpn --machine-readable-output --log /home/user/.config/vopono/logs/vo_c_HTCzRwv_openvpn.log --connect-retry-max 1 --pull-filter ignore block-outside-dns. Ctrl + Cdoes not cancel the operation.

Note

This is a regression, rolling back to 0.10.7 makes ProtonVPN port-forwarding work as expected.

jamesmcm commented 8 months ago

Thanks, could you post the OpenVPN log please? I.e. in the above try to cat /home/user/.config/vopono/logs/vo_c_HTCzRwv_openvpn.log

The first one is a regression from #245 but now we have multiple providers with different port forwarding conventions we'll need a way to specify which one to use when using a custom Wireguard config.

Ilirski commented 8 months ago

I ran vopono -v exec --provider ProtonVPN --custom XX-XX.protonvpn.udp.ovpn --port-forwarding qbitorrent, but nothing appears in the logs during execution and after killing the process. with pkill vopono.

jamesmcm commented 7 months ago

Wireguard part should be fixed on master now, I'll try to check OpenVPN tomorrow!

Ilirski commented 7 months ago

I've checked master and I can confirm protonvpn port forwarding with wireguard works :+1:

jamesmcm commented 7 months ago

For OpenVPN the issue is you need to remove the DNS update scripts from their generated config:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

Remove those two lines and it should work - remember you need to append +pmp to the OpenVPN username for ProtonVPN port forwarding too.

Then you can run:

$ vopono -v exec --provider custom --custom ~/Downloads/xx-yy-01.protonvpn.udp.ovpn --protocol openvpn --custom-port-forwarding protonvpn  firefox-developer-edition

Also btw for OpenVPN you can generate the configs with vopono sync for easier usage:

$ vopono sync
$ vopono -v exec --provider protonvpn --protocol openvpn --port-forwarding --server romania firefox-developer-edition

(remember to append +pmp to the OpenVPN username to use port forwarding with ProtonVPN)