Bug: fastestVPN container stays unhealthy with different server hostnames

[rkbest13]

Is this urgent?

No

Host OS

ubuntu 22.04 LTS server

CPU arch

x86_64

VPN service provider

FastestVPN

What are you using to run the container

Portainer

What is the version of Gluetun

latest

What's the problem 🤔

After the container is spun it stays unhealthy and keeps starting ad stopping with bunch of warnings and messeges. I tried with multiple server location from your wiki page as well as directly the hostnames from fastestvpn server page. Sweden, switzerland, romania and many i tried had same problem. For German server It returned code 111 and refused connection. The below log is for sweden server : se2.jumptoserver.com

Share your logs

2022-06-19T21:40:51Z INFO [firewall] allowing VPN connection...
2022-06-19T21:40:51Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:40:51Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:40:51Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:40:51Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:40:51Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:40:51Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:40:51Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-19T21:41:22Z INFO [healthcheck] program has been unhealthy for 31s: restarting VPN
2022-06-19T21:41:22Z INFO [vpn] stopping
2022-06-19T21:41:22Z INFO [vpn] starting
2022-06-19T21:41:22Z INFO [firewall] allowing VPN connection...
2022-06-19T21:41:22Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:41:22Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:41:22Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:41:22Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:41:22Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:41:22Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:41:22Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-19T21:41:58Z INFO [healthcheck] program has been unhealthy for 36s: restarting VPN
2022-06-19T21:41:58Z INFO [vpn] stopping
2022-06-19T21:41:58Z INFO [vpn] starting
2022-06-19T21:41:58Z INFO [firewall] allowing VPN connection...
2022-06-19T21:41:58Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:41:58Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:41:58Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:41:58Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:41:58Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:41:58Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:41:58Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-19T21:42:39Z INFO [healthcheck] program has been unhealthy for 41s: restarting VPN
2022-06-19T21:42:39Z INFO [vpn] stopping
2022-06-19T21:42:39Z INFO [vpn] starting
2022-06-19T21:42:39Z INFO [firewall] allowing VPN connection...
2022-06-19T21:42:39Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:42:39Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:42:39Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:42:39Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:42:39Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:42:39Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:42:39Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-19T21:43:25Z INFO [healthcheck] program has been unhealthy for 46s: restarting VPN
2022-06-19T21:43:25Z INFO [vpn] stopping
2022-06-19T21:43:25Z INFO [vpn] starting
2022-06-19T21:43:25Z INFO [firewall] allowing VPN connection...
2022-06-19T21:43:25Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:43:25Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:43:25Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:43:25Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:43:25Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:43:25Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:43:25Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-19T21:44:16Z INFO [healthcheck] program has been unhealthy for 51s: restarting VPN
2022-06-19T21:44:16Z INFO [vpn] stopping
2022-06-19T21:44:16Z INFO [vpn] starting
2022-06-19T21:44:16Z INFO [firewall] allowing VPN connection...
2022-06-19T21:44:16Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:44:16Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:44:16Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:44:16Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:44:16Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:44:16Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:44:16Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-19T21:45:13Z INFO [healthcheck] program has been unhealthy for 56s: restarting VPN
2022-06-19T21:45:13Z INFO [vpn] stopping
2022-06-19T21:45:13Z INFO [vpn] starting
2022-06-19T21:45:13Z INFO [firewall] allowing VPN connection...
2022-06-19T21:45:13Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:45:13Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:45:13Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:45:13Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:45:13Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:45:13Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:45:13Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-19T21:46:13Z WARN [openvpn] TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
🚒🚒🚒🚒🚒🚨🚨🚨🚨🚨🚨🚒🚒🚒🚒🚒
That error usually happens because either:

1. The VPN server IP address you are trying to connect to is no longer valid 🔌
   Update your server information using https://github.com/qdm12/gluetun/wiki/Updating-Servers

2. The VPN server crashed 💥, try changing your VPN servers filtering options such as SERVER_REGIONS

3. Your Internet connection is not working 🤯, ensure it works

4. Something else ➡️ https://github.com/qdm12/gluetun/issues/new/choose

2022-06-19T21:46:13Z INFO [openvpn] TLS Error: TLS handshake failed
2022-06-19T21:46:13Z INFO [openvpn] SIGTERM received, sending exit notification to peer
2022-06-19T21:46:13Z INFO [openvpn] SIGTERM[soft,tls-error] received, process exiting
2022-06-19T21:46:13Z INFO [vpn] retrying in 15s
2022-06-19T21:46:14Z INFO [healthcheck] program has been unhealthy for 1m1s: restarting VPN
2022-06-19T21:46:28Z INFO [firewall] allowing VPN connection...
2022-06-19T21:46:28Z WARN [openvpn] Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-19T21:46:28Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-19T21:46:28Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-19T21:46:28Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-19T21:46:28Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-19T21:46:28Z INFO [openvpn] UDP link local: (not bound)
2022-06-19T21:46:28Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    network_mode: bridge
    environment:
      - VPN_SERVICE_PROVIDER=fastestvpn
      - OPENVPN_USER=${VPN_USERNAME}
      - OPENVPN_PASSWORD=${VPN_PASSWORD}
      - SERVER_COUNTRIES=Sweden
      - SERVER_HOSTNAMES=se2.jumptoserver.com
#    ports:
#      - 6881:6881 #qBitTorrent
#      - 6881:6881/udp #qBitTorrent
#      - 8080:8080 #qBitTorrent
#      - 9117:9117 #jacket
#      - 8989:8989 #sonarr
#      - 7878:7878 #radarr
#      - 5055:5055 #overseerr
    restart: unless-stopped

[qdm12]

No server certificate verification method has been enabled. is likely the problem I'll have a look tomorrow!

[rkbest13]

@qdm12 any plan for this issue?

[qdm12]

Does it work with v3.29.0? 🤔

[rkbest13]

how to use that specific image?

[snorkrat]

how to use that specific image?

use qmcgaw/gluetun:v3.29.0 as your image

Does it work with v3.29.0? 🤔

Having a look on docker hub 3.29.0 is the same as the v3 tag right? If so then yes it works fine as this issue happened to me about 1-2 weeks ago so I used the v3 tag and it worked. Didn't have time then to log an issue...

[rkbest13]

Seems like that worked. Havent tested it thought, but hte log says healthy.

|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2022-06-25T13:06:29Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.7
2022-06-25T13:06:29Z INFO [routing] adding route for 0.0.0.0/0
2022-06-25T13:06:29Z INFO [firewall] setting allowed subnets...
2022-06-25T13:06:29Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.7
2022-06-25T13:06:29Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-06-25T13:06:29Z INFO [pprof] http server listening on [::]:6060
2022-06-25T13:06:29Z INFO [http server] http server listening on [::]:8000
2022-06-25T13:06:29Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-06-25T13:06:29Z INFO [healthcheck] listening on 127.0.0.1:9999
2022-06-25T13:06:29Z INFO [firewall] allowing VPN connection...
2022-06-25T13:06:29Z INFO [openvpn] 2022-06-25 13:06:29 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-25T13:06:29Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022
2022-06-25T13:06:29Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-25T13:06:29Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2022-06-25T13:06:29Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]79.142.76.142:4443
2022-06-25T13:06:29Z INFO [openvpn] UDP link local: (not bound)
2022-06-25T13:06:29Z INFO [openvpn] UDP link remote: [AF_INET]79.142.76.142:4443
2022-06-25T13:06:29Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
2022-06-25T13:06:29Z WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2022-06-25T13:06:29Z INFO [openvpn] [FastestVPN] Peer Connection Initiated with [AF_INET]79.142.76.142:4443
2022-06-25T13:06:31Z ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: block-outside-dns (2.5.6)
2022-06-25T13:06:31Z INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2022-06-25T13:06:31Z INFO [openvpn] TUN/TAP device tun0 opened
2022-06-25T13:06:31Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-06-25T13:06:31Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-06-25T13:06:31Z INFO [openvpn] /sbin/ip addr add dev tun0 10.16.0.47/16
2022-06-25T13:06:31Z INFO [openvpn] UID set to nonrootuser
2022-06-25T13:06:31Z INFO [openvpn] Initialization Sequence Completed
2022-06-25T13:06:31Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-06-25T13:06:31Z INFO [healthcheck] healthy!
2022-06-25T13:06:33Z INFO [dns over tls] downloading hostnames and IP block lists
2022-06-25T13:06:38Z INFO [dns over tls] init module 0: validator
2022-06-25T13:06:38Z INFO [dns over tls] init module 1: iterator
2022-06-25T13:06:38Z INFO [dns over tls] start of service (unbound 1.13.2).
2022-06-25T13:06:38Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-06-25T13:06:39Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-25T13:06:39Z INFO [dns over tls] ready
2022-06-25T13:06:40Z INFO [healthcheck] healthy!
2022-06-25T13:06:41Z INFO [vpn] You are running the latest release v3.29.0
2022-06-25T13:06:43Z INFO [ip getter] Public IP address is 79.142.76.142 (Sweden, Stockholm, Stockholm)

[rkbest13]

wow that one worked.

[qdm12]

Hello everyone,

The problem is fixed on the latest image with 2805c3388a2987cb0096ae4e993bebffb56538a1 it was remote-cert-tls server option missing when I did some code refactoring.

A few notes for the sake of knowledge:

• You can pass in Openvpn options as flags with the environment variable OPENVPN_FLAGS. In this case, OPENVPN_FLAGS="--remote-cert-tls server" would had fixed it :wink:
• qmcgaw/gluetun:v3 points to the latest qmcgaw/gluetun:v3.x.x release.
• :pray: please use qmcgaw/gluetun / qmcgaw/gluetun:latest if you can and it works for you, and report the issue like here so the next release will be stable, otherwise it will just delay the unstability to the next release. You can of course fallback on :v3 if latest becomes unstable for you! :wink:

[snorkrat]

That’s awesome, thanks so much! Appreciate the notes, knowledge is power 😃.

I usually use :latest but just fell back to v3 whenever I noticed it wasn’t working & didn’t have time to troubleshoot/post an issue.

Thanks again!

[qdm12]

87dbae574512768b8820bcb3c316816c889626f6 should fix it for good. The remote-cert-tls server option was the wrong one to add, the one missing was actually auth sha256.

[rkbest13]

@qdm12 Just tested with latest and that worked as well. Thanks a ton!