search

qdm12 / gluetun-wiki

Home to the Markdown Wiki page for Gluetun
MIT License
346 stars 40 forks source link

FastestVPN Wireguard Instructions #76

Open sclinton13 opened 4 months ago

sclinton13 commented 4 months ago

URL to the Wiki page

https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/fastestvpn.md

What's missing?

Missing instructions for FastestVPN using Wireguard (e.g. Private / Shared Key ) This is new to FastestVPN, launched in March 2024

Zerauskire commented 4 months ago

+1 for this

They do now support WireGuard but they just don't make it super convenient to get your keys to do so. Currently you have to reach out to support through their app and request your keys. Just tell them you need the WireGuard config for your router.

The servers listed on this page https://support.fastestvpn.com/vpn-servers/ under "IKEv2", "TCP", "UDP" are the ones enabled for WireGuard per their support team.

Zerauskire commented 4 months ago

FastestVPN Servers for Gluetun.txt I spent this whole time putting this together only to realize that they use the same Public Key for every server rofl... ohh well. At least maybe this can still help and with the format, if they ever change to use a different public key per server, at least it will be an easy change.

jvanderzande commented 3 months ago

Just a quick question on this: Tried to use this updated Gluetun.txt but still get "VPN provider name is not valid for Wireguard" when using : 

environment:
  - VPN_SERVICE_PROVIDER=fastestvpn
  - VPN_TYPE=wireguard
  - SERVER_COUNTRIES=Belgium
  - WIREGUARD_PRIVATE_KEY=4thequickbrownfoxjumpsQ=

.. so guess I need to wait until provider.go is updated to include fastestvpn as valid WireGuard provider or is there another way? It works fine when using a conf file with a target IP address, but not with the DNS hostname.

jvanderzande commented 3 months ago

Just to answer my own question: There are changes required, so made my own fork and added the changes. It also contains an updated servers.json containing all current fastestvpn servers, which is generated from an XML file which is generated/updated by the Windows Fastestvpn Client. This is done by a php script also available in this branch. [Changes made]--- removed as it's now implemented in the master ---

Zerauskire commented 3 months ago

Cool. Nice work. Now if it could just get implemented in to the main branch... Yeah that XML file is exactly where I got my list from. Also to answer your question that you answered yourself lol, yeah other stuff needs to be changed. I wasn't able to just put these servers in and make it work. Nice to see you were able to just fork this and make those changes though.

jvanderzande commented 3 months ago

All you have to do now is get those changes from the link and build the docker image yourself, and things are working fine. ;)

qdm12 commented 2 months ago

Do you all have the same server public key 658QxufMbjOTmB61Z7f+c7Rjg7oqWLnepTalqBERjF0=?

jvanderzande commented 2 months ago

I have, but guess you knew that already. :) ... and @Zerauskire has the same in that version of servers.json posted file:

FastestVPN Servers for Gluetun.txt

qdm12 commented 2 months ago

Ok great. What I am currently working on is get the servers data from the fastestvpn website. I sort-of reversed engineered where their table data is coming from:

curl -X POST https://support.fastestvpn.com/wp-admin/admin-ajax.php --data "action=vpn_servers&protocol=tcp"
curl -X POST https://support.fastestvpn.com/wp-admin/admin-ajax.php --data "action=vpn_servers&protocol=udp"
curl -X POST https://support.fastestvpn.com/wp-admin/admin-ajax.php --data "action=vpn_servers&protocol=ikev2"

So I'll use that and then deduplicate servers (for both openvpn and Wireguard) etc. to match Gluetun server model. That will be quite a better than the existing update mechanism using the openvpn configuration files zip file from https://support.fastestvpn.com/download/fastestvpn_ovpn since I doubt this file changes much at all...

Stay tuned!

jvanderzande commented 2 months ago

That should work nicely .... tnx

qdm12 commented 1 month ago

First step done: update the servers data using the API (openvpn TCP+UDP only for now): https://github.com/qdm12/gluetun/commit/ab08a5e666ee0e2237b2da0428cefd8960466930

Now I'm adding Wireguard.

jvanderzande commented 1 month ago

Just an FYI: I've done a quick compare with a modified version of the posted php script, to compare the results from the local xml file with the Web Urls you posted. 


===  Servers missing in the Weblist ======
0 Argentina ->  => ar-vr.jumptoserver.com
1 Belgium -> Brussel => bel-02.jumptoserver.com
2 Bulgaria -> Sofia => bg-02.jumptoserver.com
3 Colombia -> Streaming => clmb-pro.jumptoserver.com
4 Cyprus ->  => cy-nc.jumptoserver.com
5 Czech Republic -> Prague => cz-pro.jumptoserver.com
6 Denmark ->  => dk-pro.jumptoserver.com
7 Egypt -> Cairo => eg-cai.jumptoserver.com
8 France -> Streaming => fr2.jumptoserver.com
9 Georgia -> Tbilisi => ge-tb.jumptoserver.com
10 Germany -> Frankfurt => de-02.jumptoserver.com
11 Greece -> Athina => grc-pro.jumptoserver.com
12 Hong Kong -> Streaming => hk-stream.jumptoserver.com
13 Hungary -> Budapest => hng-pro.jumptoserver.com
14 Indonesia -> Jakarta => id-jk.jumptoserver.com
15 Ireland -> Dublin => ir-pro.jumptoserver.com
16 Netherlands -> D-VPN => us-dl-dbl.jumptoserver.com
17 Norway -> Oslo => nr-pro.jumptoserver.com
18 Poland -> Gdansk => pl-02.jumptoserver.com
19 Romania -> Bucharest => ro-02.jumptoserver.com
20 Serbia -> Belgrade => rs-pro.jumptoserver.com
21 Singapore -> Streaming => sg-pro.jumptoserver.com
22 Slovakia -> Bratislava => svk-pro.jumptoserver.com
23 Spain -> Streaming => es-stream.jumptoserver.com
24 Sweden -> Stockholm => se-02.jumptoserver.com
25 Switzerland -> Zurich => ch-02.jumptoserver.com
26 Turkey -> Istanbul => tr-ist.jumptoserver.com
27 USA ->  => us-wt-pro.jumptoserver.com
28 USA ->  => us-pl-pro.jumptoserver.com
29 USA ->  => us-tpa.jumptoserver.com
30 USA -> Buffalo => us-buf.jumptoserver.com
31 USA -> Chicago => us-ch-pro.jumptoserver.com
32 USA -> Florida => us-mia-pro.jumptoserver.com
33 USA -> Kansas City => us-kan.jumptoserver.com
34 USA -> Los Angeles => us-la-pro.jumptoserver.com
35 USA -> New York => us-ny2.jumptoserver.com
36 Vietnam -> Ha noi => vn-hn.jumptoserver.com

===  Servers missing in the XML Windows App list ======
-none-
qdm12 commented 1 month ago

Nice πŸ‘ I would suggest emailing fastestvpn so they add these servers on their website. It's also for their own good. Because using their app to generate an xml file is really clumsy to do, everytime you want to update servers data, so I would avoid that. In the worst case scenario, I guess I could hardcode these few additional servers, but I would really ideally avoid that since it defeats the purpose of the automated update mechanism.

jvanderzande commented 1 month ago

I wouldn't worry about making it perfect. Just wanted to check if your approach would be close ... and I think it should be fine this way.

qdm12 commented 1 month ago

https://github.com/qdm12/gluetun/pull/2383 has code to support (hopefully) wireguard with FastestVPN. Quite a bit similar to @jvanderzande with more "guard rails" (aka foolproof settings) and an updated updating mechanism πŸ˜‰ Can someone try it with image qmcgaw/gluetun:pr-2383? Feel free to comment on the PR directly as well!

bijfy commented 1 month ago

Feedback. Fastestvpn wuth wireguard is working awesome in gluetun. Thanks

ksurl commented 1 month ago

I tried the "contact support through the app" and it opened a link to a live chat. the support person told me to request config files by emailing support@fastestvpn.com

jvanderzande commented 1 month ago

The app uses an API call to API.fastestvpn.com, but they do not seem to be publicly available as I can't find any documentation. Requestion a file doesn't sound the right approach to me. :-) One other thing: does anybody know another approach for getting the private key? I initially found it by running the old windows client, which would create a temp wireguard config file during the active session, but since the last windows update, the wireguard config file only exists for a few seconds and is deleted after the wireguard client is started. I have a batch file to monitor for the file and copy it, but maybe there is a simpler way of retrieving it?

ksurl commented 1 month ago

Would you mind sharing it? Havent heard back from support yet

jvanderzande commented 1 month ago

Sure... Download and Open the linked file and look at the top for a description of what the batch file does. Short description: Rename the file back to .bat, run it and do the steps as described in the opened CMD window.

=========================================================================================
Manual Steps before this script can copy your Wireguard settings for FastestVPN:
=========================================================================================
 - First you need to start the FastestVPN Windows client
 - Ensure the protocol is set to wireguard in: Settings/VPN Protocol/Disable Auto and Select Wireguard
 - Press "any key" in this window so the batchfile will start monitoring for: C:\Program Files\FastestVPN\Resources\data\FastestVPNWireGuard.conf
 - Start a vpn connection in the FastestVPN program
 - The batchscript should detect the creation of C:\Program Files\FastestVPN\Resources\data\FastestVPNWireGuard.conf and copy it to this script directory
Press any key to continue . . .

Updated batchfile: FastestVPN_Get_wireguard_config.bat.txt

jvanderzande commented 1 month ago

@ksurl, did the script work for you? I haven't found another way yet to obtain my private key. The other thing that is still required is to update the wiki page for FastestVPN to include the WireGuard support, which probably needs some info about obtaining this privatekey.

ksurl commented 1 month ago

@ksurl, did the script work for you? I haven't found another way yet to obtain my private key.

The other thing that is still required is to update the wiki page for FastestVPN to include the WireGuard support, which probably needs some info about obtaining this privatekey.

It did grab the config but it did not work. It shouldn't matter what server I connect to if it is different from the one I connected with the official client right? I did get an official config from support and that works. But obviously can't use more than once simultaneously with the same client ip.

jvanderzande commented 1 month ago

So what exactly was wrong/different using the batch file, just so I understand?

ksurl commented 1 month ago

The config was retrieved. When I tried to use it with gluetun it failed to connect. I will have to grab the error when I retry.

jvanderzande commented 1 month ago

The grabbed config will not work as that contains a hostname and gluetun works with IP adresses. The batch file output gives you the environment variables to use and you simply don't use any config file. Something like this is shown:

-----------------------------------------------------------------------------------------
Use this data for your docker gluetun settings:
-----------------------------------------------------------------------------------------
    environment:
      - VPN_SERVICE_PROVIDER=fastestvpn
      - VPN_TYPE=wireguard
      - SERVER_COUNTRIES=##YourCountryOfChoice##
      - WIREGUARD_PRIVATE_KEY=0m-----------------------o
      - WIREGUARD_ADDRESSES=172.16.33.166/32
-- END --
ksurl commented 1 month ago

Yes, I only used the client ip address and private key. The other fields I used env as the wiki said

ksurl commented 1 month ago

here's the log after container startup:

2024-08-14T20:07:38-07:00 DEBUG [wireguard] Wireguard server public key: PUBLIC
2024-08-14T20:07:38-07:00 DEBUG [wireguard] Wireguard client private key: PRIVATE
2024-08-14T20:07:38-07:00 DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-08-14T20:07:38-07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-08-14T20:07:38-07:00 INFO [firewall] allowing VPN connection...
2024-08-14T20:07:38-07:00 DEBUG [firewall] iptables --append OUTPUT -d IP -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2024-08-14T20:07:38-07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-08-14T20:07:38-07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-08-14T20:07:38-07:00 INFO [wireguard] Using available kernelspace implementation
2024-08-14T20:07:38-07:00 INFO [wireguard] Connecting to IP:51820
2024-08-14T20:07:38-07:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-08-14T20:07:38-07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-08-14T20:07:48-07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-08-14T20:07:48-07:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-14T20:07:48-07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-14T20:07:48-07:00 INFO [vpn] stopping
2024-08-14T20:07:48-07:00 DEBUG [wireguard] closing controller client...
2024-08-14T20:07:48-07:00 ERROR [vpn] getting public IP address information: context canceled
2024-08-14T20:07:48-07:00 DEBUG [wireguard] removing IPv4 rule...
2024-08-14T20:07:48-07:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled
2024-08-14T20:07:48-07:00 DEBUG [wireguard] shutting down link...
2024-08-14T20:07:48-07:00 DEBUG [wireguard] deleting link...
2024-08-14T20:07:48-07:00 INFO [vpn] starting
jvanderzande commented 1 month ago

2024-08-14T20:07:38-07:00 INFO [wireguard] Connecting to IP:51820

There is no IP address of the target VPN server in that line, but states "IP:"! No idea why that is, but should contain a proper ip address. Also found an issue with retrieving the "PrivateKey = " in the batch file that I need to look at so you need to copy that manually from the "FastestVPNWireGuard.conf" for now.

This is my working Fastestvpn with gluetun yaml:

version: "3"
services:
  wireguard:
    container_name: wireguard
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=fastestvpn
      - VPN_TYPE=wireguard
      - SERVER_COUNTRIES=Belgium,France
      - WIREGUARD_ADDRESSES=172.16.33.166/32
      - WIREGUARD_PRIVATE_KEY=0m-----------------------o
    ports:
      - 8020:8000

    restart: unless-stopped

which gives this log:

└── Version settings:
    └── Enabled: yes
2024-08-15T07:46:16Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-08-15T07:46:16Z INFO [routing] adding route for 0.0.0.0/0
2024-08-15T07:46:16Z INFO [firewall] setting allowed subnets...
2024-08-15T07:46:16Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-08-15T07:46:16Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-08-15T07:46:16Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-08-15T07:46:16Z INFO [http server] http server listening on [::]:8000
2024-08-15T07:46:16Z INFO [firewall] allowing VPN connection...
2024-08-15T07:46:16Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-08-15T07:46:16Z INFO [wireguard] Using available kernelspace implementation
2024-08-15T07:46:16Z INFO [wireguard] Connecting to 146.70.40.99:51820
2024-08-15T07:46:16Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-08-15T07:46:16Z INFO [healthcheck] healthy!
2024-08-15T07:46:16Z INFO [dns] downloading DNS over TLS cryptographic files
2024-08-15T07:46:17Z INFO [dns] downloading hostnames and IP block lists
2024-08-15T07:46:22Z INFO [dns] init module 0: validator
2024-08-15T07:46:22Z INFO [dns] init module 1: iterator
2024-08-15T07:46:22Z INFO [dns] start of service (unbound 1.20.0).
2024-08-15T07:46:22Z INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-15T07:46:22Z INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-15T07:46:23Z INFO [dns] ready
2024-08-15T07:46:23Z INFO [ip getter] Public IP address is 146.70.40.99 (France, Île-de-France, Saint-Denis)
2024-08-15T07:46:24Z INFO [vpn] You are running on the bleeding edge of latest!
ksurl commented 1 month ago

I redacted the ip and key. I did copy from conf file. I will double check settings and retry.

jvanderzande commented 1 month ago

The IP is retrieved from the servers.json, so the whole idea is that you only specify Country and/or City name and gluetun will do the rest. Of course you also need the othe env variables as I have shown, which I believe are all the required fields.

jvanderzande commented 1 month ago

I've updated the batch file to show the proper full PrivateKey. Let me know if this works or still needs changes. FastestVPN_Get_wireguard_config.bat.txt

ksurl commented 1 month ago

I just retried after it grabbed a new key and ip and it works now.

qdm12 commented 1 month ago

Whoops I skipped this.

This was implemented and added to the wiki 2 weeks ago πŸ˜„ in commit 62a2951ba5fa45a821ac08955c4827c7012fe7d2

github-actions[bot] commented 1 month ago

Closed issues are NOT monitored, so commenting here will NOT be seen by the maintainer. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because qdm12 is the sole maintainer of this project which became too popular to monitor closed issues for additional comments.

qdm12 commented 1 month ago

Whoops 2, I guess I closed this too quickly. I've documented in the wiki fastestvpn page to ask support@fastestvpn.com for your wireguard settings. That way it indirectly forces them to automate obtaining it for future users πŸ‘Ό 😈

@ksurl did you get any feedback?

@jvanderzande I appreciate the bat script πŸ‘ πŸŽ–οΈ But that requires a windows machine, the fastestvpn app as well, so not super portable, I feel like sending an email is easier πŸ˜„ Perhaps worth mentioning if fastestvpn doesn't want to let us automate the obtention of the config file though.

ksurl commented 1 month ago

Whoops 2, I guess I closed this too quickly. I've documented in the wiki fastestvpn page to ask support@fastestvpn.com for your wireguard settings. That way it indirectly forces them to automate obtaining it for future users πŸ‘Ό 😈

@ksurl did you get any feedback?

@jvanderzande I appreciate the bat script πŸ‘ πŸŽ–οΈ But that requires a windows machine, the fastestvpn app as well, so not super portable, I feel like sending an email is easier πŸ˜„ Perhaps worth mentioning if fastestvpn doesn't want to let us automate the obtention of the config file though.

What feedback did you mean? From support? They did send me a file. As for the script, it wouldn't be hard to write a bash script for linux and mac clients, but yes it seems it's the only way to get a config without support currently. It just checks for the file existing and copies it before deletion. Pretty straightforward.

qdm12 commented 1 month ago

What feedback did you mean? From support?

Oh my bad, I thought you asked about api.fastestvpn.com. It's 4:40AM here, that's probably why πŸ˜† I'll send them an email; about this, what auth do you use to log in on the fastestvpn app? Just email+password?

As for the script, it wouldn't be hard to write a bash script for linux and mac clients, but yes it seems it's the only way to get a config without support currently. It just checks for the file existing and copies it before deletion. Pretty straightforward.

Call me lazy πŸ˜„ But I would rather send them an email and wait for a reply the next day!

ksurl commented 1 month ago

yes email and password. it's unclear if you ask for a new one if you use more than 1 instance of gluetun it would invalidate the previous config.

qdm12 commented 1 month ago

Sent the email πŸ˜‰

jvanderzande commented 1 month ago

@jvanderzande I appreciate the bat script πŸ‘ πŸŽ–οΈ But that requires a windows machine, the fastestvpn app as well, so not super portable, I feel like sending an email is easier πŸ˜„ Perhaps worth mentioning if fastestvpn doesn't want to let us automate the obtention of the config file though.

Agree, and I actually was making a pull-req proposal to indicates the 2 options in that sequence. I simply shared what I had done for myself, as it wasn't clear at the time that their support would share the required info.

qdm12 commented 1 month ago

their support would share the required info.

Well indeed, they replied:

Thanks for reaching out, At the moment the feature is not available and may added in the future, moreover, the private key and address are unique for each user.

🀷

jvanderzande commented 1 month ago

Thanks for reaching out, At the moment the feature is not available and may added in the future, moreover, the private key and address are unique for each user.

Is his answer about multiple connections? I can make multiple connections with the same userkey, from multi devices and/or different client applications, but need to use different VPN Countries/Locations, which could be due to the fact that the assigned IP address is linked to this key and assume you can have only one in a VPN concentrator.

ksurl commented 4 weeks ago

it seems after several reconnections (due to host or container reboot), the key is invalidated. I lose network connection and no matter how many restarts it never connects. I confirmed getting a new key with the script still works. I think this also happens on vpn unlimited but on a much stricter limit.