Closed ThickPeep closed 2 years ago
I'm having the same issues. I recently downgraded to 3.29 because latest
wouldn't connect. Now 3.29 no longer connects either.
Can someone share one of their current openvpn config file here, so I can check if any option in gluetun has changed?
Here's the relevant section of my 3.29 config.
---
version: "3"
services:
gluetun:
image: qmcgaw/gluetun:v3.29
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPNSP=expressvpn
- OPENVPN_USER=[user]
- OPENVPN_PASSWORD=[password]
- COUNTRY=USA
- TZ=America/Chicago #optional
- PUID=1000 #optional
- PGID=1000 #optional
Sorry was pretty busy, I did not try another country yet, but what file are you looking for? In my container mapped file I only see the servers json and I have an old .ovpn file I put in there from when I first set up connecting to New York. Are you looking for that file?
@ThickPeep no worry. I'm looking for one of their openvpn configuration file, since there isn't a public facing access to their config files. See https://www.expressvpn.com/support/vpn-setup/freebox-openvpn/ I think.
Here's a config for their 'USA - New York' server less the certs and keys. This what you are looking for, @qdm12?
dev tun
fast-io
persist-key
persist-tun
nobind
remote usa-newyork-ca-version-2.expressnetw.com 1195
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass
From running
docker run -it --rm -e VPNSP=expressvpn -e OPENVPN_USER=a -e OPENVPN_PASSWORD=b qmcgaw/gluetun openvpnconfig
I get
client
nobind
tls-exit
auth-nocache
mute-replay-warnings
auth-retry nointeract
suppress-timestamps
dev tun0
verb 1
auth-user-pass /etc/openvpn/auth.conf
proto udp
remote 194.5.49.197 1195
pull-filter ignore "auth-token"
key-direction 1
remote-cert-tls server
verify-x509-name Server name-prefix
fast-io
data-ciphers-fallback aes-256-gcm
data-ciphers aes-256-gcm:aes-256-cbc:aes-128-gcm
auth sha512
mssfix 1200
fragment 1300
sndbuf 524288
rcvbuf 524288
explicit-exit-notify
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
<ca>
-----BEGIN CERTIFICATE-----
MIIF+DCCA+CgAwIBAgIBATANBgkqhkiG9w0BAQ0FADCBhDELMAkGA1UEBhMCVkcxDDAKBgNVBAgMA0JWSTETMBEGA1UECgwKRXhwcmVzc1ZQTjETMBEGA1UECwwKRXhwcmVzc1ZQTjEWMBQGA1UEAwwNRXhwcmVzc1ZQTiBDQTElMCMGCSqGSIb3DQEJARYWc3VwcG9ydEBleHByZXNzdnBuLmNvbTAeFw0xNTEwMjEwMDAwMDBaFw0yNjA0MDEyMTEyMDBaMIGEMQswCQYDVQQGEwJWRzEMMAoGA1UECAwDQlZJMRMwEQYDVQQKDApFeHByZXNzVlBOMRMwEQYDVQQLDApFeHByZXNzVlBOMRYwFAYDVQQDDA1FeHByZXNzVlBOIENBMSUwIwYJKoZIhvcNAQkBFhZzdXBwb3J0QGV4cHJlc3N2cG4uY29tMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxzXvHZ25OsESKRMQFINHJNqE9kVRLWJS50oVB2jxobudPhCsWvJSApvar8CB2RrqkVMhXu2HT3FBtDL91INg070qAyjjRpzEbDPWqQ1+G0tk0sjiJt2mXPJK2IlNFnhe6rTs09Pkpcp8qRhfZay/dIlmagohQAr4JvYL1Ajg9A3sLb8JkY03H6GhOF8EKYTqhrEppCcg4sQKQhNSytRoQAm8Ta+tnTYIedwWpqjUXP9YXFOvljPaixfYug24eAkpTjeuWTcELSyfnuiBeK+z9+5OYunhqFt2QZMq33kLFZGMN2gHRCzngxxphurypsPRo7jiFgQI1yLt8uZsEZ+otGEK91jjKfOC+g9TBy2RUtxk1neWcQ6syXDuc3rBNrGA8iM0ZoEqQ1BC8xWr3NYlSjqN+1mgpTAX3/Dxze4GzHd7AmYaYJV8xnKBVNphlMlg1giCAu5QXjMxPbfCgZiEFq/uq0SOKQJeT3AI/uVPSvwCMWByjyMbDpKKAK8Hy3UT5m4bCNu8J7bxj+vdnq0A2HPwtF0FwBl/TIM3zNsyFrZZ0j6jLRT50mFsgDBKcD4L/J5rjdCsKPu5rodhxe38rCx2GknP1Zkov4yoVCcR48+CQwg3oBkq0/EflvWUvcYApzs9SomUM/g+8Q/V0WOfJmFWuxN9YntZlnzHRSRjrvMCAwEAAaNzMHEwHQYDVR0OBBYEFIzmQGj8xS+0LLklwqHD45VVOZRJMB8GA1UdIwQYMBaAFIzmQGj8xS+0LLklwqHD45VVOZRJMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIBFjANBgkqhkiG9w0BAQ0FAAOCAgEAbHfuMKtojm1NgX7qSU2Rm2B5L8G0FuFP0L40dj8O5WHt45j2z8coMK90vrUnQEZNQmRzot7v3XjVzVlxBWYSsCEApTsSDNi/4BNFP8H/BUUtJuy2GFTO4wDVJnqNkZOHBmyVD75s1Y+W8a+zB4jkMeDEhOHZdwQ0l1fJDDgXal5f1UT5F5WH6/RwHmWTwX4GxuCiIVtx70CjkXqhM8yZtTp1UtHLRNYcNSIes0vrAPHPgoA5z9B8UvsOjuP+mfcjzi0LGGrY+2pJu0BKO2dRnarIZZABETIisI3FokoTszx5jpRPyxyUTuRDKWHrvi0PPtOmC8nFahfugWFUi6uBsqCaSeuex+ahnTPCq0b1l0Ozpg0YeE8CW1TL9Y92b01up2c+PP6wZOIm3JyTH+L5smDFbh80V42dKyGNdPXMg5IcJhj3YfAy4k8h/qbWY57KFcIzKx40bFsoI7PeydbGtT/dIoFLSZRLW5bleXNgG9mXZp270UeEC6CpATCS6uVl8LVT1I02uulHUpFaRmTEOrmMxsXGt6UAwYTY55K/B8uuID341xKbeC0kzhuN2gsL5UJaocBHyWK/AqwbeBttdhOCLwoaj7+nSViPxICObKrg3qavGNCvtwy/fEegK9X/wlp2e2CFlIhFbadeXOBr9Fn8ypYPP17mTqe98OJYM04=
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
MIIDTjCCAregAwIBAgIDKzZvMA0GCSqGSIb3DQEBCwUAMIGFMQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFTATBgNVBAcTDFNhbkZyYW5jaXNjbzEVMBMGA1UEChMMRm9ydC1GdW5zdG9uMRgwFgYDVQQDEw9Gb3J0LUZ1bnN0b24gQ0ExITAfBgkqhkiG9w0BCQEWEm1lQG15aG9zdC5teWRvbWFpbjAgFw0xNjExMDMwMzA2MThaGA8yMDY2MTEwMzAzMDYxOFowgYoxCzAJBgNVBAYTAlZHMQwwCgYDVQQIDANCVkkxEzARBgNVBAoMCkV4cHJlc3NWUE4xEzARBgNVBAsMCkV4cHJlc3NWUE4xHDAaBgNVBAMME2V4cHJlc3N2cG5fY3VzdG9tZXIxJTAjBgkqhkiG9w0BCQEWFnN1cHBvcnRAZXhwcmVzc3Zwbi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrOYt/KOi2uMDGev3pXg8j1SO4J/4EVWDF7vJcKr2jrZlqD/zuAFx2W1YWvwumPO6PKH4PU9621aNdiumaUkv/RplCfznnnxqobhJuTE2oA+rS1bOq+9OhHwF9jgNXNVk+XX4d0toST5uGE6Z3OdmPBur8o5AlCf78PDSAwpFOw5HrgLqOEU4hTweC1/czX2VsvsHv22HRI6JMZgP8gGQii/p9iukqfaJvGdPciL5p1QRBUQIi8P8pNvEp1pVIpxYj7/LOUqb2DxFvgmp2v1IQ0Yu88SWsFk84+xAYHzfkLyS31Sqj5uLRBnJqx3fIlOihQ50GI72fwPMwo+OippvVAgMBAAGjPzA9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgSwMB0GA1UdDgQWBBSkBM1TCX9kBgFsv2RmOzudMXa9njANBgkqhkiG9w0BAQsFAAOBgQA+2e4b+33zFmA+1ZQ46kWkfiB+fEeDyMwMLeYYyDS2d8mZhNZKdOw7dy4Ifz9Vqzp4aKuQ6j61c6k1UaQQL0tskqWVzslSFvs9NZyUAJLLdGUc5TT2MiLwiXQwd4UvH6bGeePdhvB4+ZbW7VMD7TE8hZhjhAL4F6yAP1EQvg3LDA==
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAqzmLfyjotrjAxnr96V4PI9UjuCf+BFVgxe7yXCq9o62Zag/87gBcdltWFr8Lpjzujyh+D1PettWjXYrpmlJL/0aZQn85558aqG4SbkxNqAPq0tWzqvvToR8BfY4DVzVZPl1+HdLaEk+bhhOmdznZjwbq/KOQJQn+/Dw0gMKRTsOR64C6jhFOIU8Hgtf3M19lbL7B79th0SOiTGYD/IBkIov6fYrpKn2ibxnT3Ii+adUEQVECIvD/KTbxKdaVSKcWI+/yzlKm9g8Rb4Jqdr9SENGLvPElrBZPOPsQGB835C8kt9Uqo+bi0QZyasd3yJTooUOdBiO9n8DzMKPjoqab1QIDAQABAoIBAHgsekC0SKi+AOcNOZqJ3pxqophE0V7fQX2KWGXhxZnUZMFxGTc936deMYzjZ1y0lUa6x8cgOUcfqHol3hDmw9oWBckLHGv5Wi9umdb6DOLoZO62+FQATSdfaJ9jheq2Ub2YxsRN0apaXzB6KDKz0oM0+sZ4Udn9Kw6DfuIELRIWwEx4w0v3gKW7YLC4Jkc4AwLkPK03xEA/qImfkCmaMPLhrgVQt+IFfP8bXzL7CCC04rNU/IS8pyjex+iUolnQZlbXntF7Bm4V2mz0827ZVqrgAb/hEQRlsTW3rRkVh+rrdoUE7BCZRTFmRCbLoShjN6XuSf4sAus8ch4UEN12gN0CgYEA4o/tSvij1iPaXLmt4KOEuxqmSGB8MLKhFde8lBbNdrDgxiIH9bH7khKx15XRTX0qLDbs8b2/UJygZG0Aa1kIBqZTXTgeMAuxPRTesALJPdqQ/ROnbJcdFkI7gllrAG8VB0fH4wTRsRd0vWEB6YlCdE107u6LEsLAHxOj9Q5819cCgYEAwXjx9RkQ2qITBx5Ewib8YsltA0n3cmRomPicLlsnKV5DfvyCLpFIsZ1h3f9dUpfxRLwzp8wcoLiq9cCoOGdu1udw/yBTqmhaXWhUK/g77f9Ze2ZB1OEhuyKLYJ1vW/h/Z/a1aPCMxZqsDTPCePsuO8Cez5gqs8LjM3W7EyzRxDMCgYEAvhHrDFt975fSiLoJgo0MPIAGAnBXn+8sLwv3m/FpW+rWF8LTFK/Fku12H5wDpNOdvswxijkauIE+GiJMGMLvdcyx4WHECaC1h73reJRNykOEIZ0Md5BrCZJ1JEzp9Mo8RQhWTEFtvfkkqgApP4g0pSeaMx0StaGG1kt+4IbP+68CgYBrZdQKlquAck/Vt7u7eyDHRcE5/ilaWtqlb/xizz7h++3D5C/v4b5UumTFcyg+3RGVclPKZcfOgDSGzzeSd/hTW46iUTOgeOUQzQVMkzPRXdoyYgVRQtgSpY5xR3O1vjAbahwx8LZ0SvQPMBhYSDbV/Isr+fBacWjl/AipEEwxeQKBgQDdrAEnVlOFoCLw4sUjsPoxkLjhTAgI7CYk5NNxX67Rnj0tp+Y49+sGUhl5sCGfMKkLShiON5P2oxZa+B0aPtQjsdnsFPa1uaZkK4c++SS6AetzYRpVDLmLp7/1CulE0z3O0sBekpwiuaqLJ9ZccC81g4+2j8j6c50rIAct3hxIxw==
-----END RSA PRIVATE KEY-----
</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
48d9999bd71095b10649c7cb471c1051b1afdece597cea06909b99303a18c67401597b12c04a787e98cdb619ee960d90a0165529dc650f3a5c6fbe77c91c137dcf55d863fcbe314df5f0b45dbe974d9bde33ef5b4803c3985531c6c23ca6906d6cd028efc8585d1b9e71003566bd7891b9cc9212bcba510109922eed87f5c8e66d8e59cbd82575261f02777372b2cd4ca5214c4a6513ff26dd568f574fd40d6cd450fc788160ff68434ce2bf6afb00e710a3198538f14c4d45d84ab42637872e778a6b35a124e700920879f1d003ba93dccdb953cdf32bea03f365760b0ed8002098d4ce20d045b45a83a8432cc737677aed27125592a7148d25c87fdbe0a3f6
-----END OpenVPN Static key V1-----
</tls-auth>
Differences you can spot:
keysize
is deprecated so it's not in the gluetun generated configroute-method
is for Windows, so it's not theretun-mtu 1500
, fragment 1300
, comp-lzo no
are missing optionsCan you therefore try running Gluetun using your existing config but adding two things:
OPENVPN_FLAGS="--tun-mtu 1500 --fragment 1300 --comp-lzo no"
OPENVPN_CIPHERS=AES-256-CBC
If this works, try removing that OPENVPN_FLAGS
env variable and see if the cipher variable is enough to make it work? Thanks!
I tried both 3.29 and latest. Both had the same error. Let me know what you need to troubleshoot, @qdm12.
Logs
2022-07-18T06:23:32-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1 and assigned IP 172.23.0.9
2022-07-18T06:23:32-05:00 INFO [routing] adding route for 0.0.0.0/0
2022-07-18T06:23:32-05:00 INFO [firewall] setting allowed subnets...
2022-07-18T06:23:32-05:00 INFO [routing] default route found: interface eth0, gateway 172.23.0.1 and assigned IP 172.23.0.9
2022-07-18T06:23:32-05:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-07-18T06:23:32-05:00 INFO [pprof] http server listening on [::]:6060
2022-07-18T06:23:32-05:00 INFO [http server] http server listening on [::]:8000
2022-07-18T06:23:32-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2022-07-18T06:23:32-05:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-07-18T06:23:32-05:00 INFO [firewall] allowing VPN connection...
2022-07-18T06:23:32-05:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: config (2.5.6)
2022-07-18T06:23:32-05:00 INFO [openvpn] Use --help for more information.
2022-07-18T06:23:32-05:00 ERROR [vpn] exit status 1
2022-07-18T06:23:32-05:00 INFO [vpn] retrying in 15s
2022-07-18T06:23:38-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
docker-compose.yaml
---
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=expressvpn
- OPENVPN_USER=[user]
- OPENVPN_PASSWORD=[password]
- OPENVPN_FLAGS="--tun-mtu 1500 --fragment 1300 --comp-lzo no"
- OPENVPN_CIPHERS=AES-256-CBC
- SERVER_COUNTRIES=USA
- TZ=America/Chicago #optional
- PUID=1000 #optional
- PGID=1000 #optional
/etc/openvpn/target.ovpn
client
nobind
tls-exit
auth-nocache
mute-replay-warnings
auth-retry nointeract
suppress-timestamps
dev tun0
verb 1
auth-user-pass /etc/openvpn/auth.conf
proto udp
remote 45.38.57.63 1195
pull-filter ignore "auth-token"
key-direction 1
remote-cert-tls server
verify-x509-name Server name-prefix
fast-io
data-ciphers-fallback aes-256-cbc
data-ciphers aes-256-cbc
auth sha512
mssfix 1200
fragment 1300
sndbuf 524288
rcvbuf 524288
explicit-exit-notify
user nonrootuser
persist-tun
persist-key
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
Interestingly enough, I was able to get latest
working. I went back to the config below, and added a specific city. I noticed @ThickPeep was using just USA like myself. Maybe the issue is an outdated ExpressVPN server list.
---
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=expressvpn
- OPENVPN_USER=[user]
- OPENVPN_PASSWORD=[password]
- SERVER_COUNTRIES=USA
- SERVER_CITIES=Atlanta
- TZ=America/Chicago #optional
- PUID=1000 #optional
- PGID=1000 #optional
I updated the expressvpn servers list in 2800588ef73d2e2ebdebd3e254a5b3f7348a6354
Notably interesting logs I got:
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving india-mumbai-1-ca-version-2.expressnetw.com: lookup india-mumbai-1-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving india-chennai-ca-version-2.expressnetw.com: lookup india-chennai-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving us-new-york-2-ca-version-2.expressnetw.com: lookup us-new-york-2-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving canada-vancouver-ca-version-2.expressnetw.com: lookup canada-vancouver-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving netherlands-amsterdam-2-ca-version-2.expressnetw.com: lookup netherlands-amsterdam-2-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving usa-losangeles-1-ca-version-2.expressnetw.com: lookup usa-losangeles-1-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving germany-frankfurt-2-ca-version-2.expressnetw.com: lookup germany-frankfurt-2-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
2022-07-18T18:00:37Z WARN reached the maximum number of consecutive failures: 2 failed attempts resolving hongkong4-ca-version-2.expressnetw.com: lookup hongkong4-ca-version-2.expressnetw.com on 127.0.0.11:53: no such host
So definitely some servers such as us-new-york-2-ca-version-2.expressnetw.com
are just plain gone. Maybe reach out to ExpressVPN as to why these no longer resolve to anything. I don't think they would work with simple openvpn outside gluetun either.
On a side note, you can try updating servers yourself: https://github.com/qdm12/gluetun/wiki/Updating-servers#cli-operation
I'll close the issue for now, but feel free to comment back.
Is this urgent?
No
Host OS
No response
CPU arch
x86_64
VPN service provider
ExpressVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2022-07-04T00:42:53.696Z (commit a4c80b3)
What's the problem 🤔
I cannot connect to expressVPN when the container was previously running fine in the past. I have tried using versions 3.28.0, 3.29.0, 3.30.0, and also just pulling the latest image. I think I got it to work for a few seconds on 3.29.0, but it broke again once I added the label for watchtower to not look at this container and redeployed. I used to be specifically connected to New York with the old City variable, but have tried redeploying with the new docker compose format and still cannot connect.
Regarding the logs, it just continues to repeat the ending part until it shuts itself down
Share your logs
Share your configuration