search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.48k stars 351 forks source link

Bug: Unable to connect to VPN (ExpressVPN) #1063

Closed ThickPeep closed 2 years ago

ThickPeep commented 2 years ago

Is this urgent?

No

Host OS

No response

CPU arch

x86_64

VPN service provider

ExpressVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2022-07-04T00:42:53.696Z (commit a4c80b3)

What's the problem 🤔

I cannot connect to expressVPN when the container was previously running fine in the past. I have tried using versions 3.28.0, 3.29.0, 3.30.0, and also just pulling the latest image. I think I got it to work for a few seconds on 3.29.0, but it broke again once I added the label for watchtower to not look at this container and redeployed. I used to be specifically connected to New York with the old City variable, but have tried redeploying with the new docker compose format and still cannot connect.

Regarding the logs, it just continues to repeat the ending part until it shuts itself down

Share your logs

2022-07-14T16:07:04-04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2
2022-07-14T16:07:04-04:00 INFO [routing] local ethernet link found: eth0
2022-07-14T16:07:04-04:00 INFO [routing] local ipnet found: 172.19.0.0/16
2022-07-14T16:07:04-04:00 INFO [firewall] enabling...
2022-07-14T16:07:04-04:00 INFO [firewall] enabled successfully
2022-07-14T16:07:05-04:00 INFO [storage] merging by most recent 11236 hardcoded servers and 11236 servers read from /gluetun/servers.json
2022-07-14T16:07:05-04:00 INFO Alpine version: 3.16.0
2022-07-14T16:07:05-04:00 INFO OpenVPN 2.4 version: 2.4.12
2022-07-14T16:07:05-04:00 INFO OpenVPN 2.5 version: 2.5.6
2022-07-14T16:07:05-04:00 INFO Unbound version: 1.15.0
2022-07-14T16:07:05-04:00 INFO IPtables version: v1.8.8
2022-07-14T16:07:05-04:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: expressvpn
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Countries: usa
|   |       ├── Cities: new york
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Tunnel IPv6: no
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: America/New_York
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2022-07-14T16:07:05-04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2
2022-07-14T16:07:05-04:00 INFO [routing] adding route for 0.0.0.0/0
2022-07-14T16:07:05-04:00 INFO [firewall] setting allowed subnets...
2022-07-14T16:07:05-04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2
2022-07-14T16:07:05-04:00 INFO [pprof] http server listening on [::]:6060
2022-07-14T16:07:05-04:00 INFO [http server] http server listening on [::]:8000
2022-07-14T16:07:05-04:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-07-14T16:07:05-04:00 INFO [healthcheck] listening on 127.0.0.1:9999
2022-07-14T16:07:05-04:00 INFO [firewall] allowing VPN connection...
2022-07-14T16:07:05-04:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-07-14T16:07:05-04:00 INFO [openvpn] library versions: OpenSSL 1.1.1p  21 Jun 2022, LZO 2.10
2022-07-14T16:07:05-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]191.101.41.2:1195
2022-07-14T16:07:05-04:00 INFO [openvpn] UDP link local: (not bound)
2022-07-14T16:07:05-04:00 INFO [openvpn] UDP link remote: [AF_INET]191.101.41.2:1195
2022-07-14T16:07:11-04:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2022-07-14T16:07:11-04:00 INFO [vpn] stopping
2022-07-14T16:07:11-04:00 INFO [vpn] starting
2022-07-14T16:07:11-04:00 INFO [firewall] allowing VPN connection...
2022-07-14T16:07:11-04:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-07-14T16:07:11-04:00 INFO [openvpn] library versions: OpenSSL 1.1.1p  21 Jun 2022, LZO 2.10
2022-07-14T16:07:11-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]173.239.207.162:1195
2022-07-14T16:07:11-04:00 INFO [openvpn] UDP link local: (not bound)
2022-07-14T16:07:11-04:00 INFO [openvpn] UDP link remote: [AF_INET]173.239.207.162:1195
2022-07-14T16:07:22-04:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2022-07-14T16:07:22-04:00 INFO [vpn] stopping
2022-07-14T16:07:22-04:00 INFO [vpn] starting
2022-07-14T16:07:22-04:00 INFO [firewall] allowing VPN connection...
2022-07-14T16:07:22-04:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-07-14T16:07:22-04:00 INFO [openvpn] library versions: OpenSSL 1.1.1p  21 Jun 2022, LZO 2.10
2022-07-14T16:07:22-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]173.239.207.157:1195
2022-07-14T16:07:22-04:00 INFO [openvpn] UDP link local: (not bound)
2022-07-14T16:07:22-04:00 INFO [openvpn] UDP link remote: [AF_INET]173.239.207.157:1195

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun2
    # line above must be uncommented to allow external containers to connect. See https://github.com/qdm12/gluetun/wiki/Connect-a-container-to-gluetun#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
       volumes:
      - /Path_On_Host/gluetun:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun/wiki
      - VPN_SERVICE_PROVIDER=expressvpn
      - VPN_TYPE=openvpn
      # OpenVPN:
      - OPENVPN_USER=User (got this on their website)
      - OPENVPN_PASSWORD=Pass (got this on their website)
      - TZ=America/New_York
      - SERVER_COUNTRIES=USA
qdm12 commented 2 years ago
  1. Does other server countries fail the same?
  2. Do you remember what version you were running previously? Maybe use docker image history https://docs.docker.com/engine/reference/commandline/image_history/
  3. Did you try both tcp and udp protocols? (if expressvpn supports it I don't recall)
jaredmo commented 2 years ago

I'm having the same issues. I recently downgraded to 3.29 because latest wouldn't connect. Now 3.29 no longer connects either.

qdm12 commented 2 years ago

Can someone share one of their current openvpn config file here, so I can check if any option in gluetun has changed?

jaredmo commented 2 years ago

Here's the relevant section of my 3.29 config.

---
version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun:v3.29
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPNSP=expressvpn
      - OPENVPN_USER=[user]
      - OPENVPN_PASSWORD=[password]
      - COUNTRY=USA
      - TZ=America/Chicago #optional
      - PUID=1000 #optional
      - PGID=1000 #optional
ThickPeep commented 2 years ago

Sorry was pretty busy, I did not try another country yet, but what file are you looking for? In my container mapped file I only see the servers json and I have an old .ovpn file I put in there from when I first set up connecting to New York. Are you looking for that file?

qdm12 commented 2 years ago

@ThickPeep no worry. I'm looking for one of their openvpn configuration file, since there isn't a public facing access to their config files. See https://www.expressvpn.com/support/vpn-setup/freebox-openvpn/ I think.

jaredmo commented 2 years ago

Here's a config for their 'USA - New York' server less the certs and keys. This what you are looking for, @qdm12?

dev tun
fast-io
persist-key
persist-tun
nobind
remote usa-newyork-ca-version-2.expressnetw.com 1195

remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
qdm12 commented 2 years ago

From running

docker run -it --rm -e VPNSP=expressvpn -e OPENVPN_USER=a -e OPENVPN_PASSWORD=b qmcgaw/gluetun openvpnconfig

I get

client
nobind
tls-exit
auth-nocache
mute-replay-warnings
auth-retry nointeract
suppress-timestamps
dev tun0
verb 1
auth-user-pass /etc/openvpn/auth.conf
proto udp
remote 194.5.49.197 1195
pull-filter ignore "auth-token"
key-direction 1
remote-cert-tls server
verify-x509-name Server name-prefix
fast-io
data-ciphers-fallback aes-256-gcm
data-ciphers aes-256-gcm:aes-256-cbc:aes-128-gcm
auth sha512
mssfix 1200
fragment 1300
sndbuf 524288
rcvbuf 524288
explicit-exit-notify
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
<ca>
-----BEGIN CERTIFICATE-----
MIIF+DCCA+CgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBhDELMAkGA1UEBhMCVkcxDDAKBgNVBAgMA0JWSTETMBEGA1UECgwKRXhwcmVzc1ZQTjETMBEGA1UECwwKRXhwcmVzc1ZQTjEWMBQGA1UEAwwNRXhwcmVzc1ZQTiBDQTElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBleHByZXNzdnBuLmNvbTAeFw0xNTEwMjEwMDAwMDBaFw0yNjA0MDEyMTEyMDBaMIGEMQswCQYDVQQGEwJWRzEMMAoGA1UECAwDQlZJMRMwEQYDVQQKDApFeHByZXNzVlBOMRMwEQYDVQQLDApFeHByZXNzVlBOMRYwFAYDVQQDDA1FeHByZXNzVlBOIENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGV4cHJlc3N2cG4uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxzXvHZ25OsESKRMQFINHJNqE9kVRLWJS50oVB2jxobudPhCsWvJSApvar8CB2RrqkVMhXu2HT3FBtDL91INg070qAyjjRpzEbDPWqQ1+G0tk0sjiJt2mXPJK2IlNFnhe6rTs09Pkpcp8qRhfZay/dIlmagohQAr4JvYL1Ajg9A3sLb8JkY03H6GhOF8EKYTqhrEppCcg4sQKQhNSytRoQAm8Ta+tnTYIedwWpqjUXP9YXFOvljPaixfYug24eAkpTjeuWTcELSyfnuiBeK+z9+5OYunhqFt2QZMq33kLFZGMN2gHRCzngxxphurypsPRo7jiFgQI1yLt8uZsEZ+otGEK91jjKfOC+g9TBy2RUtxk1neWcQ6syXDuc3rBNrGA8iM0ZoEqQ1BC8xWr3NYlSjqN+1mgpTAX3/Dxze4GzHd7AmYaYJV8xnKBVNphlMlg1giCAu5QXjMxPbfCgZiEFq/uq0SOKQJeT3AI/uVPSvwCMWByjyMbDpKKAK8Hy3UT5m4bCNu8J7bxj+vdnq0A2HPwtF0FwBl/TIM3zNsyFrZZ0j6jLRT50mFsgDBKcD4L/J5rjdCsKPu5rodhxe38rCx2GknP1Zkov4yoVCcR48+CQwg3oBkq0/EflvWUvcYApzs9SomUM/g+8Q/V0WOfJmFWuxN9YntZlnzHRSRjrvMCAwEAAaNzMHEwHQYDVR0OBBYEFIzmQGj8xS+0LLklwqHD45VVOZRJMB8GA1UdIwQYMBaAFIzmQGj8xS+0LLklwqHD45VVOZRJMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBFjANBgkqhkiG9w0BAQ0FAAOCAgEAbHfuMKtojm1NgX7qSU2Rm2B5L8G0FuFP0L40dj8O5WHt45j2z8coMK90vrUnQEZNQmRzot7v3XjVzVlxBWYSsCEApTsSDNi/4BNFP8H/BUUtJuy2GFTO4wDVJnqNkZOHBmyVD75s1Y+W8a+zB4jkMeDEhOHZdwQ0l1fJDDgXal5f1UT5F5WH6/RwHmWTwX4GxuCiIVtx70CjkXqhM8yZtTp1UtHLRNYcNSIes0vrAPHPgoA5z9B8UvsOjuP+mfcjzi0LGGrY+2pJu0BKO2dRnarIZZABETIisI3FokoTszx5jpRPyxyUTuRDKWHrvi0PPtOmC8nFahfugWFUi6uBsqCaSeuex+ahnTPCq0b1l0Ozpg0YeE8CW1TL9Y92b01up2c+PP6wZOIm3JyTH+L5smDFbh80V42dKyGNdPXMg5IcJhj3YfAy4k8h/qbWY57KFcIzKx40bFsoI7PeydbGtT/dIoFLSZRLW5bleXNgG9mXZp270UeEC6CpATCS6uVl8LVT1I02uulHUpFaRmTEOrmMxsXGt6UAwYTY55K/B8uuID341xKbeC0kzhuN2gsL5UJaocBHyWK/AqwbeBttdhOCLwoaj7+nSViPxICObKrg3qavGNCvtwy/fEegK9X/wlp2e2CFlIhFbadeXOBr9Fn8ypYPP17mTqe98OJYM04=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNVBAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4cHJlc3N2cG5fY3VzdG9tZXIxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZXhwcmVzc3Zwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrOYt/KOi2uMDGev3pXg8j1SO4J/4EVWDF7vJcKr2jrZlqD/zuAFx2W1YWvwumPO6PKH4PU9621aNdiumaUkv/RplCfznnnxqobhJuTE2oA+rS1bOq+9OhHwF9jgNXNVk+XX4d0toST5uGE6Z3OdmPBur8o5AlCf78PDSAwpFOw5HrgLqOEU4hTweC1/czX2VsvsHv22HRI6JMZgP8gGQii/p9iukqfaJvGdPciL5p1QRBUQIi8P8pNvEp1pVIpxYj7/LOUqb2DxFvgmp2v1IQ0Yu88SWsFk84+xAYHzfkLyS31Sqj5uLRBnJqx3fIlOihQ50GI72fwPMwo+OippvVAgMBAAGjPzA9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOBgQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9Vqzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4UvH6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/87gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWzqvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6jhFOIU8Hgtf3M19lbL7B79th0SOiTGYD/IBkIov6fYrpKn2ibxnT3Ii+adUEQVECIvD/KTbxKdaVSKcWI+/yzlKm9g8Rb4Jqdr9SENGLvPElrBZPOPsQGB835C8kt9Uqo+bi0QZyasd3yJTooUOdBiO9n8DzMKPjoqab1QIDAQABAoIBAHgsekC0SKi+AOcNOZqJ3pxqophE0V7fQX2KWGXhxZnUZMFxGTc936deMYzjZ1y0lUa6x8cgOUcfqHol3hDmw9oWBckLHGv5Wi9umdb6DOLoZO62+FQATSdfaJ9jheq2Ub2YxsRN0apaXzB6KDKz0oM0+sZ4Udn9Kw6DfuIELRIWwEx4w0v3gKW7YLC4Jkc4AwLkPK03xEA/qImfkCmaMPLhrgVQt+IFfP8bXzL7CCC04rNU/IS8pyjex+iUolnQZlbXntF7Bm4V2mz0827ZVqrgAb/hEQRlsTW3rRkVh+rrdoUE7BCZRTFmRCbLoShjN6XuSf4sAus8ch4UEN12gN0CgYEA4o/tSvij1iPaXLmt4KOEuxqmSGB8MLKhFde8lBbNdrDgxiIH9bH7khKx15XRTX0qLDbs8b2/UJygZG0Aa1kIBqZTXTgeMAuxPRTesALJPdqQ/ROnbJcdFkI7gllrAG8VB0fH4wTRsRd0vWEB6YlCdE107u6LEsLAHxOj9Q5819cCgYEAwXjx9RkQ2qITBx5Ewib8YsltA0n3cmRomPicLlsnKV5DfvyCLpFIsZ1h3f9dUpfxRLwzp8wcoLiq9cCoOGdu1udw/yBTqmhaXWhUK/g77f9Ze2ZB1OEhuyKLYJ1vW/h/Z/a1aPCMxZqsDTPCePsuO8Cez5gqs8LjM3W7EyzRxDMCgYEAvhHrDFt975fSiLoJgo0MPIAGAnBXn+8sLwv3m/FpW+rWF8LTFK/Fku12H5wDpNOdvswxijkauIE+GiJMGMLvdcyx4WHECaC1h73reJRNykOEIZ0Md5BrCZJ1JEzp9Mo8RQhWTEFtvfkkqgApP4g0pSeaMx0StaGG1kt+4IbP+68CgYBrZdQKlquAck/Vt7u7eyDHRcE5/ilaWtqlb/xizz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVMkzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/AipEEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sGUhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmLp7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
48d9999bd71095b10649c7cb471c1051b1afdece597cea06909b99303a18c67401597b12c04a787e98cdb619ee960d90a0165529dc650f3a5c6fbe77c91c137dcf55d863fcbe314df5f0b45dbe974d9bde33ef5b4803c3985531c6c23ca6906d6cd028efc8585d1b9e71003566bd7891b9cc9212bcba510109922eed87f5c8e66d8e59cbd82575261f02777372b2cd4ca5214c4a6513ff26dd568f574fd40d6cd450fc788160ff68434ce2bf6afb00e710a3198538f14c4d45d84ab42637872e778a6b35a124e700920879f1d003ba93dccdb953cdf32bea03f365760b0ed8002098d4ce20d045b45a83a8432cc737677aed27125592a7148d25c87fdbe0a3f6
-----END OpenVPN Static key V1-----
</tls-auth>

Differences you can spot:

Can you therefore try running Gluetun using your existing config but adding two things:

If this works, try removing that OPENVPN_FLAGS env variable and see if the cipher variable is enough to make it work? Thanks!

jaredmo commented 2 years ago

I tried both 3.29 and latest. Both had the same error. Let me know what you need to troubleshoot, @qdm12.

Logs

2022-07-18T06:23:32-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1 and assigned IP 172.23.0.9
2022-07-18T06:23:32-05:00 INFO [routing] adding route for 0.0.0.0/0
2022-07-18T06:23:32-05:00 INFO [firewall] setting allowed subnets...
2022-07-18T06:23:32-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1 and assigned IP 172.23.0.9
2022-07-18T06:23:32-05:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-07-18T06:23:32-05:00 INFO [pprof] http server listening on [::]:6060
2022-07-18T06:23:32-05:00 INFO [http server] http server listening on [::]:8000
2022-07-18T06:23:32-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2022-07-18T06:23:32-05:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-07-18T06:23:32-05:00 INFO [firewall] allowing VPN connection...
2022-07-18T06:23:32-05:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.5.6)
2022-07-18T06:23:32-05:00 INFO [openvpn] Use --help for more information.
2022-07-18T06:23:32-05:00 ERROR [vpn] exit status 1
2022-07-18T06:23:32-05:00 INFO [vpn] retrying in 15s
2022-07-18T06:23:38-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN

docker-compose.yaml

---
version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun    
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=expressvpn
      - OPENVPN_USER=[user]
      - OPENVPN_PASSWORD=[password]
      - OPENVPN_FLAGS="--tun-mtu 1500 --fragment 1300 --comp-lzo no"
      - OPENVPN_CIPHERS=AES-256-CBC
      - SERVER_COUNTRIES=USA
      - TZ=America/Chicago #optional
      - PUID=1000 #optional
      - PGID=1000 #optional

/etc/openvpn/target.ovpn

client
nobind
tls-exit
auth-nocache
mute-replay-warnings
auth-retry nointeract
suppress-timestamps
dev tun0
verb 1
auth-user-pass /etc/openvpn/auth.conf
proto udp
remote 45.38.57.63 1195
pull-filter ignore "auth-token"
key-direction 1
remote-cert-tls server
verify-x509-name Server name-prefix
fast-io
data-ciphers-fallback aes-256-cbc
data-ciphers aes-256-cbc
auth sha512
mssfix 1200
fragment 1300
sndbuf 524288
rcvbuf 524288
explicit-exit-notify
user nonrootuser
persist-tun
persist-key
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
jaredmo commented 2 years ago

Interestingly enough, I was able to get latest working. I went back to the config below, and added a specific city. I noticed @ThickPeep was using just USA like myself. Maybe the issue is an outdated ExpressVPN server list.

---
version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun    
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=expressvpn
      - OPENVPN_USER=[user]
      - OPENVPN_PASSWORD=[password]
      - SERVER_COUNTRIES=USA
      - SERVER_CITIES=Atlanta
      - TZ=America/Chicago #optional
      - PUID=1000 #optional
      - PGID=1000 #optional
qdm12 commented 2 years ago

I updated the expressvpn servers list in 2800588ef73d2e2ebdebd3e254a5b3f7348a6354

Notably interesting logs I got:

2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving india-mumbai-1-ca-version-2.expressnetw.com: lookup india-mumbai-1-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving india-chennai-ca-version-2.expressnetw.com: lookup india-chennai-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving us-new-york-2-ca-version-2.expressnetw.com: lookup us-new-york-2-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving canada-vancouver-ca-version-2.expressnetw.com: lookup canada-vancouver-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving netherlands-amsterdam-2-ca-version-2.expressnetw.com: lookup netherlands-amsterdam-2-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving usa-losangeles-1-ca-version-2.expressnetw.com: lookup usa-losangeles-1-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving germany-frankfurt-2-ca-version-2.expressnetw.com: lookup germany-frankfurt-2-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving hongkong4-ca-version-2.expressnetw.com: lookup hongkong4-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host

So definitely some servers such as us-new-york-2-ca-version-2.expressnetw.com are just plain gone. Maybe reach out to ExpressVPN as to why these no longer resolve to anything. I don't think they would work with simple openvpn outside gluetun either.

On a side note, you can try updating servers yourself: https://github.com/qdm12/gluetun/wiki/Updating-servers#cli-operation

I'll close the issue for now, but feel free to comment back.