Bug: PIA port forwarding no longer works

[jathek]

Is this urgent?

Kind of?

Host OS

5.15.46-Unraid/Slackware 15.0

CPU arch

x86_64

VPN service provider

Private Internet Access

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version v3.31.1 built on 2022-09-11T20:25:49.370Z (commit 8f04a05)

What's the problem 🤔

Port forwarding no longer works with PIA. When I load the link from the error in my browser, I get this in response:

{
    "status": "ERROR",
    "message": "no auth data"
}

Share your logs

========================================
========================================
========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version v3.31.1 built on 2022-09-11T20:25:49.370Z (commit 8f04a05)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2022-10-29T14:13:20-05:00 INFO [routing] default route found: interface eth0, gateway 192.168.84.1 and assigned IP 192.168.84.12
2022-10-29T14:13:20-05:00 INFO [routing] local ethernet link found: gretap0
2022-10-29T14:13:20-05:00 INFO [routing] local ethernet link found: erspan0
2022-10-29T14:13:20-05:00 INFO [routing] local ethernet link found: eth0
2022-10-29T14:13:20-05:00 INFO [routing] local ipnet found: 192.168.84.0/24
2022-10-29T14:13:20-05:00 INFO [firewall] enabling...
2022-10-29T14:13:20-05:00 INFO [firewall] enabled successfully
2022-10-29T14:13:20-05:00 INFO [storage] merging by most recent 11434 hardcoded servers and 11458 servers read from /gluetun/servers.json
2022-10-29T14:13:20-05:00 INFO [storage] Using private internet access servers from file which are 145 days more recent
2022-10-29T14:13:20-05:00 INFO [storage] Using windscribe servers from file which are 188 days more recent
2022-10-29T14:13:20-05:00 INFO Alpine version: 3.16.2
2022-10-29T14:13:20-05:00 INFO OpenVPN 2.4 version: 2.4.12
2022-10-29T14:13:20-05:00 INFO OpenVPN 2.5 version: 2.5.6
2022-10-29T14:13:20-05:00 INFO Unbound version: 1.15.0
2022-10-29T14:13:20-05:00 INFO IPtables version: v1.8.8
2022-10-29T14:13:20-05:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: private internet access
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Regions: ca toronto
|   |   |   └── OpenVPN server selection settings:
|   |   |       ├── Protocol: UDP
|   |   |       └── Private Internet Access encryption preset: strong
|   |   └── Automatic port forwarding settings:
|   |       ├── Enabled: yes
|   |       └── Forwarded port file path: /gluetun/forwarded_port.dat
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Private Internet Access encryption preset: strong
|       ├── Tunnel IPv6: no
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: disabled
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: 1.1.1.1
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :1080
|   ├── User: dt
|   ├── Password: [set]
|   ├── Stealth mode: no
|   ├── Log: no
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 100
|   └── Timezone: America/Chicago
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /gluetun/ip
├── Server data updater settings:
|   ├── Update period: 24h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: private internet access, windscribe
└── Version settings:
    └── Enabled: no
2022-10-29T14:13:20-05:00 INFO [routing] default route found: interface eth0, gateway 192.168.84.1 and assigned IP 192.168.84.12
2022-10-29T14:13:20-05:00 INFO [routing] adding route for 0.0.0.0/0
2022-10-29T14:13:20-05:00 INFO [firewall] setting allowed subnets...
2022-10-29T14:13:20-05:00 INFO [routing] default route found: interface eth0, gateway 192.168.84.1 and assigned IP 192.168.84.12
2022-10-29T14:13:20-05:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-10-29T14:13:20-05:00 INFO [pprof] http server listening on [::]:6060
2022-10-29T14:13:20-05:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-10-29T14:13:20-05:00 INFO [http server] http server listening on [::]:8000
2022-10-29T14:13:20-05:00 INFO [http proxy] listening on :1080
2022-10-29T14:13:20-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2022-10-29T14:13:20-05:00 INFO [firewall] allowing VPN connection...
2022-10-29T14:13:20-05:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-10-29T14:13:20-05:00 INFO [openvpn] library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
2022-10-29T14:13:20-05:00 INFO [openvpn] CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
2022-10-29T14:13:20-05:00 INFO [openvpn] CERTIFICATE
2022-10-29T14:13:20-05:00 INFO [openvpn] -----END X509 CRL-----
2022-10-29T14:13:20-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]154.3.40.183:1197
2022-10-29T14:13:20-05:00 INFO [openvpn] UDP link local: (not bound)
2022-10-29T14:13:20-05:00 INFO [openvpn] UDP link remote: [AF_INET]154.3.40.183:1197
2022-10-29T14:13:20-05:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1554'
2022-10-29T14:13:20-05:00 WARN [openvpn] 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2022-10-29T14:13:20-05:00 WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2022-10-29T14:13:20-05:00 INFO [openvpn] [toronto419] Peer Connection Initiated with [AF_INET]154.3.40.183:1197
2022-10-29T14:13:20-05:00 INFO [openvpn] TUN/TAP device tun0 opened
2022-10-29T14:13:20-05:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-10-29T14:13:20-05:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2022-10-29T14:13:20-05:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.29.110.20/24
2022-10-29T14:13:20-05:00 INFO [openvpn] UID set to nonrootuser
2022-10-29T14:13:20-05:00 INFO [openvpn] Initialization Sequence Completed
2022-10-29T14:13:20-05:00 INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-10-29T14:13:22-05:00 INFO [dns over tls] downloading hostnames and IP block lists
2022-10-29T14:13:24-05:00 INFO [healthcheck] healthy!
2022-10-29T14:13:25-05:00 INFO [dns over tls] init module 0: validator
2022-10-29T14:13:25-05:00 INFO [dns over tls] init module 1: iterator
2022-10-29T14:13:25-05:00 INFO [dns over tls] start of service (unbound 1.15.0).
2022-10-29T14:13:26-05:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-10-29T14:13:26-05:00 INFO [dns over tls] ready
2022-10-29T14:13:26-05:00 INFO [vpn] VPN gateway IP address: 10.29.110.1
2022-10-29T14:13:26-05:00 INFO [port forwarding] Found saved forwarded port data for port 42912
2022-10-29T14:13:26-05:00 WARN [port forwarding] Forwarded port data expired on Mon, 10 Oct 2022 05:23:42 UTC, getting another one
2022-10-29T14:13:27-05:00 INFO [ip getter] Public IP address is 154.3.40.183 (Canada, Ontario, Toronto)
2022-10-29T14:13:27-05:00 ERROR [port forwarding] cannot refresh port forward data: cannot fetch token: HTTP status code is not OK: https://USERNAME:PASSWORD@privateinternetaccess.com/gtoken/generateToken: 403 403 Forbidden: response received: error code: 1020
2022-10-29T14:13:27-05:00 INFO [port forwarding] retrying in 5s
2022-10-29T14:13:32-05:00 INFO [port forwarding] Found saved forwarded port data for port 42912
2022-10-29T14:13:32-05:00 WARN [port forwarding] Forwarded port data expired on Mon, 10 Oct 2022 05:23:42 UTC, getting another one
2022-10-29T14:13:32-05:00 ERROR [port forwarding] cannot refresh port forward data: cannot fetch token: HTTP status code is not OK: https://USERNAME:PASSWORD@privateinternetaccess.com/gtoken/generateToken: 403 403 Forbidden: response received: error code: 1020
2022-10-29T14:13:32-05:00 INFO [port forwarding] retrying in 5s
2022-10-29T14:13:37-05:00 INFO [port forwarding] Found saved forwarded port data for port 42912
2022-10-29T14:13:37-05:00 WARN [port forwarding] Forwarded port data expired on Mon, 10 Oct 2022 05:23:42 UTC, getting another one
2022-10-29T14:13:37-05:00 ERROR [port forwarding] cannot refresh port forward data: cannot fetch token: HTTP status code is not OK: https://USERNAME:PASSWORD@privateinternetaccess.com/gtoken/generateToken: 403 403 Forbidden: response received: error code: 1020
2022-10-29T14:13:37-05:00 INFO [port forwarding] retrying in 5s
2022-10-29T14:13:42-05:00 INFO [port forwarding] Found saved forwarded port data for port 42912
2022-10-29T14:13:42-05:00 WARN [port forwarding] Forwarded port data expired on Mon, 10 Oct 2022 05:23:42 UTC, getting another one
2022-10-29T14:13:43-05:00 ERROR [port forwarding] cannot refresh port forward data: cannot fetch token: HTTP status code is not OK: https://USERNAME:PASSWORD@privateinternetaccess.com/gtoken/generateToken: 403 403 Forbidden: response received: error code: 1020
2022-10-29T14:13:43-05:00 INFO [port forwarding] retrying in 5s
2022-10-29T14:13:48-05:00 INFO [port forwarding] Found saved forwarded port data for port 42912
2022-10-29T14:13:48-05:00 WARN [port forwarding] Forwarded port data expired on Mon, 10 Oct 2022 05:23:42 UTC, getting another one
2022-10-29T14:13:48-05:00 ERROR [port forwarding] cannot refresh port forward data: cannot fetch token: HTTP status code is not OK: https://USERNAME:PASSWORD@privateinternetaccess.com/gtoken/generateToken: 403 403 Forbidden: response received: error code: 1020
2022-10-29T14:13:48-05:00 INFO [port forwarding] retrying in 5s
2022-10-29T14:13:53-05:00 INFO [port forwarding] Found saved forwarded port data for port 42912
2022-10-29T14:13:53-05:00 WARN [port forwarding] Forwarded port data expired on Mon, 10 Oct 2022 05:23:42 UTC, getting another one
2022-10-29T14:13:53-05:00 ERROR [port forwarding] cannot refresh port forward data: cannot fetch token: HTTP status code is not OK: https://USERNAME:PASSWORD@privateinternetaccess.com/gtoken/generateToken: 403 403 Forbidden: response received: error code: 1020
2022-10-29T14:13:53-05:00 INFO [port forwarding] retrying in 5s

Share your configuration

vpia0:
  cap_add:
    - NET_ADMIN
  container_name: vpia0
  environment:
    BLOCK_ADS: "off"
    BLOCK_MALICIOUS: "on"
    BLOCK_SURVEILLANCE: "off"
    DNS_UPDATE_PERIOD: "0"
    DOT: "on"
    HEALTH_TARGET_ADDRESS: 1.1.1.1
    HTTP_CONTROL_SERVER_ADDRESS: :8000
    HTTP_CONTROL_SERVER_LOG: "on"
    HTTPPROXY: "on"
    HTTPPROXY_LISTENING_ADDRESS: :1080
    HTTPPROXY_LOG: "off"
    HTTPPROXY_PASSWORD_SECRETFILE: /run/secrets/vpn_proxy_password
    HTTPPROXY_STEALTH: "off"
    HTTPPROXY_USER_SECRETFILE: /run/secrets/vpn_proxy_username
    OPENVPN_PASSWORD_SECRETFILE: /run/secrets/vpn_pia_password
    OPENVPN_USER_SECRETFILE: /run/secrets/vpn_pia_username
    PGID: "100"
    PRIVATE_INTERNET_ACCESS_VPN_PORT_FORWARDING: "on"
    PRIVATE_INTERNET_ACCESS_VPN_PORT_FORWARDING_STATUS_FILE: /gluetun/forwarded_port.dat
    PUBLICIP_FILE: /gluetun/ip
    PUBLICIP_PERIOD: 12h
    PUID: "1000"
    SERVER_REGIONS: CA Toronto
    TZ: America/Chicago
    UPDATER_PERIOD: 24h
    UPDATER_VPN_SERVICE_PROVIDERS: private internet access,windscribe
    VERSION_INFORMATION: "off"
    VPN_SERVICE_PROVIDER: private internet access
  image: qmcgaw/gluetun:v3
  networks:
    t2_proxy:
      aliases:
        - qbittorrent
        - qbt
  ports:
    - $DOCKERHOSTIP:${VPN_PORT}50:1080
  restart: unless-stopped
  secrets:
    - source: vpn_proxy_username
    - source: vpn_proxy_password
    - source: vpn_pia_username
    - source: vpn_pia_password
  tmpfs:
    - /tmp
  volumes:
    - $CONTDIR/gluetun/vpia0:/gluetun
    - $CONTDIR/gluetun/servers.json:/gluetun/servers.json

[qdm12]

Already fixed in the latest image with https://github.com/qdm12/gluetun/commit/532df9f8d46f7762b6b3fbfd23f6f4061d91a817

I'll make a release v3.32.0 shortly as well.

[qdm12]

v3.32.0 released at https://github.com/qdm12/gluetun/releases/tag/v3.32.0 :wink: