Closed rkbest13 closed 2 years ago
No server certificate verification method has been enabled.
is likely the problem I'll have a look tomorrow!
@qdm12 any plan for this issue?
Does it work with v3.29.0? π€
how to use that specific image?
how to use that specific image?
use qmcgaw/gluetun:v3.29.0
as your image
Does it work with v3.29.0? π€
Having a look on docker hub 3.29.0 is the same as the v3 tag right? If so then yes it works fine as this issue happened to me about 1-2 weeks ago so I used the v3 tag and it worked. Didn't have time then to log an issue...
Seems like that worked. Havent tested it thought, but hte log says healthy.
| βββ DNS server address to use: 127.0.0.1
| βββ Keep existing nameserver(s): no
| βββ DNS over TLS settings:
| βββ Enabled: yes
| βββ Update period: every 24h0m0s
| βββ Unbound settings:
| | βββ Authoritative servers:
| | | βββ cloudflare
| | βββ Caching: yes
| | βββ IPv6: no
| | βββ Verbosity level: 1
| | βββ Verbosity details level: 0
| | βββ Validation log level: 0
| | βββ System user: root
| | βββ Allowed networks:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ DNS filtering settings:
| βββ Block malicious: yes
| βββ Block ads: no
| βββ Block surveillance: no
| βββ Blocked IP networks:
| βββ 127.0.0.1/8
| βββ 10.0.0.0/8
| βββ 172.16.0.0/12
| βββ 192.168.0.0/16
| βββ 169.254.0.0/16
| βββ ::1/128
| βββ fc00::/7
| βββ fe80::/10
| βββ ::ffff:7f00:1/104
| βββ ::ffff:a00:0/104
| βββ ::ffff:a9fe:0/112
| βββ ::ffff:ac10:0/108
| βββ ::ffff:c0a8:0/112
βββ Firewall settings:
| βββ Enabled: yes
βββ Log settings:
| βββ Log level: INFO
βββ Health settings:
| βββ Server listening address: 127.0.0.1:9999
| βββ Target address: cloudflare.com:443
| βββ VPN wait durations:
| βββ Initial duration: 6s
| βββ Additional duration: 5s
βββ Shadowsocks server settings:
| βββ Enabled: no
βββ HTTP proxy settings:
| βββ Enabled: no
βββ Control server settings:
| βββ Listening address: :8000
| βββ Logging: yes
βββ OS Alpine settings:
| βββ Process UID: 1000
| βββ Process GID: 1000
βββ Public IP settings:
| βββ Fetching: every 12h0m0s
| βββ IP file path: /tmp/gluetun/ip
βββ Version settings:
βββ Enabled: yes
2022-06-25T13:06:29Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.7
2022-06-25T13:06:29Z INFO [routing] adding route for 0.0.0.0/0
2022-06-25T13:06:29Z INFO [firewall] setting allowed subnets...
2022-06-25T13:06:29Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.7
2022-06-25T13:06:29Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-06-25T13:06:29Z INFO [pprof] http server listening on [::]:6060
2022-06-25T13:06:29Z INFO [http server] http server listening on [::]:8000
2022-06-25T13:06:29Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-06-25T13:06:29Z INFO [healthcheck] listening on 127.0.0.1:9999
2022-06-25T13:06:29Z INFO [firewall] allowing VPN connection...
2022-06-25T13:06:29Z INFO [openvpn] 2022-06-25 13:06:29 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-25T13:06:29Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022
2022-06-25T13:06:29Z INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
2022-06-25T13:06:29Z WARN [openvpn] No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2022-06-25T13:06:29Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-25T13:06:29Z INFO [openvpn] UDP link local: (not bound)
2022-06-25T13:06:29Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-25T13:06:29Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
2022-06-25T13:06:29Z WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2022-06-25T13:06:29Z INFO [openvpn] [FastestVPN] Peer Connection Initiated with [AF_INET]79.142.76.142:4443
2022-06-25T13:06:31Z ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: block-outside-dns (2.5.6)
2022-06-25T13:06:31Z INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2022-06-25T13:06:31Z INFO [openvpn] TUN/TAP device tun0 opened
2022-06-25T13:06:31Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-06-25T13:06:31Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-06-25T13:06:31Z INFO [openvpn] /sbin/ip addr add dev tun0 10.16.0.47/16
2022-06-25T13:06:31Z INFO [openvpn] UID set to nonrootuser
2022-06-25T13:06:31Z INFO [openvpn] Initialization Sequence Completed
2022-06-25T13:06:31Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-06-25T13:06:31Z INFO [healthcheck] healthy!
2022-06-25T13:06:33Z INFO [dns over tls] downloading hostnames and IP block lists
2022-06-25T13:06:38Z INFO [dns over tls] init module 0: validator
2022-06-25T13:06:38Z INFO [dns over tls] init module 1: iterator
2022-06-25T13:06:38Z INFO [dns over tls] start of service (unbound 1.13.2).
2022-06-25T13:06:38Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-06-25T13:06:39Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-25T13:06:39Z INFO [dns over tls] ready
2022-06-25T13:06:40Z INFO [healthcheck] healthy!
2022-06-25T13:06:41Z INFO [vpn] You are running the latest release v3.29.0
2022-06-25T13:06:43Z INFO [ip getter] Public IP address is 79.142.76.142 (Sweden, Stockholm, Stockholm)
wow that one worked.
Hello everyone,
The problem is fixed on the latest image with 2805c3388a2987cb0096ae4e993bebffb56538a1 it was remote-cert-tls server
option missing when I did some code refactoring.
A few notes for the sake of knowledge:
OPENVPN_FLAGS
. In this case, OPENVPN_FLAGS="--remote-cert-tls server"
would had fixed it :wink: qmcgaw/gluetun:v3
points to the latest qmcgaw/gluetun:v3.x.x
release.qmcgaw/gluetun
/ qmcgaw/gluetun:latest
if you can and it works for you, and report the issue like here so the next release will be stable, otherwise it will just delay the unstability to the next release. You can of course fallback on :v3
if latest becomes unstable for you! :wink: Thatβs awesome, thanks so much! Appreciate the notes, knowledge is power π.
I usually use :latest but just fell back to v3 whenever I noticed it wasnβt working & didnβt have time to troubleshoot/post an issue.
Thanks again!
87dbae574512768b8820bcb3c316816c889626f6 should fix it for good. The remote-cert-tls server
option was the wrong one to add, the one missing was actually auth sha256
.
@qdm12 Just tested with latest and that worked as well. Thanks a ton!
Is this urgent?
No
Host OS
ubuntu 22.04 LTS server
CPU arch
x86_64
VPN service provider
FastestVPN
What are you using to run the container
Portainer
What is the version of Gluetun
latest
What's the problem π€
After the container is spun it stays unhealthy and keeps starting ad stopping with bunch of warnings and messeges. I tried with multiple server location from your wiki page as well as directly the hostnames from fastestvpn server page. Sweden, switzerland, romania and many i tried had same problem. For German server It returned code 111 and refused connection. The below log is for sweden server : se2.jumptoserver.com
Share your logs
Share your configuration