search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.65k stars 358 forks source link

Bug: Perfect Privacy "Your Certificate has expired" #1527

Closed 15ky3 closed 1 year ago

15ky3 commented 1 year ago

Is this urgent?

Yes

Host OS

Debian Bullseye (OpenMediaVault)

CPU arch

x86_64

VPN service provider

Custom

What are you using to run the container

Portainer

What is the version of Gluetun

2023-04-12T12:34:51.538Z (commit d4f8eea)

What's the problem 🤔

No VPN Connection

Share your logs

2023-04-17T20:22:42+02:00 INFO [openvpn] library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-04-17T20:22:42+02:00 WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-04-17T20:22:42+02:00 WARN [openvpn] Your certificate has expired!
2023-04-17T20:22:42+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.*.*:443
2023-04-17T20:22:42+02:00 INFO [openvpn] UDP link local: (not bound)
2023-04-17T20:22:42+02:00 INFO [openvpn] UDP link remote: [AF_INET]*.*.*.*:443
2023-04-17T20:22:48+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun/wiki/Healthcheck)
2023-04-17T20:22:48+02:00 INFO [vpn] stopping
2023-04-17T20:22:48+02:00 INFO [vpn] starting

Share your configuration

gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8080:8080
    volumes:
      - /root/glue:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=perfect privacy
      - VPN_TYPE=openvpn
      - OPENVPN_USER=USERNAME
      - OPENVPN_PASSWORD=PASSWORD
      - SERVER_CITIES=CITY
      - TZ=TZ
    restart: unless-stopped
Rikj000 commented 1 year ago

I'm also using Perfect Privacy, and started seeing similar logs as in #1528 today.
After a friend, who also uses Perfect Privacy + Gluetun, reported similar issues to me.

🚒🚒🚒🚒🚒🚨🚨🚨🚨🚨🚨🚒🚒🚒🚒🚒
That error usually happens because either:
1. The VPN server IP address you are trying to connect to is no longer valid 🔌
Update your server information using https://github.com/qdm12/gluetun/wiki/Updating-Servers
2. The VPN server crashed 💥, try changing your VPN servers filtering options such as SERVER_REGIONS
3. Your Internet connection is not working 🤯, ensure it works
4. Something else ➡️ https://github.com/qdm12/gluetun/issues/new/choose

2023-04-17T21:48:07+02:00 INFO [openvpn] TLS Error: TLS handshake failed
2023-04-17T21:48:07+02:00 INFO [openvpn] SIGTERM received, sending exit notification to peer
2023-04-17T21:48:07+02:00 INFO [openvpn] SIGTERM[soft,tls-error] received, process exiting
2023-04-17T21:48:07+02:00 INFO [vpn] retrying in 15s
2023-04-17T21:48:22+02:00 INFO [firewall] allowing VPN connection...
2023-04-17T21:48:22+02:00 INFO [openvpn] OpenVPN 2.5.8 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
2023-04-17T21:48:22+02:00 INFO [openvpn] library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-04-17T21:48:22+02:00 WARN [openvpn] No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-04-17T21:48:22+02:00 WARN [openvpn] Your certificate has expired!
2023-04-17T21:48:22+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]149.202.77.77:443
2023-04-17T21:48:22+02:00 INFO [openvpn] UDP link local: (not bound)
2023-04-17T21:48:22+02:00 INFO [openvpn] UDP link remote: [AF_INET]149.202.77.77:443
2023-04-17T21:49:22+02:00 WARN [openvpn] TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

FYI:

15ky3 commented 1 year ago

It's since today to me, yesterday I had no problems. Didn't update the docker container the last few days only made an apt update && apt upgrade on my Debian host today.

n02m4n commented 1 year ago

Me too, yesterday it worked. I walked back to v3.32.0, but same problem. Certs?

mondoduke commented 1 year ago

Same problem here, PP user.

mondoduke commented 1 year ago

This seems to be happening to all Perfect Privacy locations (that I have tried), and also happens when I use a custom .ovpn configuration.

Problem began at 2:20am 17/04/23 for me.

I have other active connections to Perfect Privacy servers from other devices, and they are not affected.

mondoduke commented 1 year ago

Has anyone had any success with this?

doofit commented 1 year ago

Experiencing the same, couldn't fix it so far. I did not change any configuration, it just stopped working out of a sudden. Subscribing to the issue. Please let us know if any input/logs etc. are needed to resolve.

15ky3 commented 1 year ago

Still not working.. maybe the problem is on the pp side? Have no problems with there client

olvier commented 1 year ago

Would share my credentials to @qdm12, again, if needed.

n02m4n commented 1 year ago

After run my docker-compose with Update command:

command: update -enduser -providers "perfect privacy"

I get this error:

2023-04-20T18:18:41Z INFO merging by most recent 13064 hardcoded servers and 13048 servers read from /gluetun/servers.json

2023-04-20T18:18:41Z INFO Using mullvad servers from file which are 28 days more recent

2023-04-20T18:18:41Z INFO updating Perfect Privacy servers...

2023-04-20T18:18:42Z ERROR updating server information: server {"vpn":"openvpn","city":"Amsterdam","tcp":true,"udp":true,"ips":["85.17.64.131","85.17.64.131","85.17.64.131","95.211.95.233","95.211.95.244","37.48.94.1","95.168.167.236","85.17.28.145"]} has not enough information: hostname field is empty

"has not enough information: hostname field is empty"

Happens to others too?

doofit commented 1 year ago

After run my docker-compose with Update command:

command: update -enduser -providers "perfect privacy"

I get this error:

2023-04-20T18:18:41Z INFO merging by most recent 13064 hardcoded servers and 13048 servers read from /gluetun/servers.json

2023-04-20T18:18:41Z INFO Using mullvad servers from file which are 28 days more recent

2023-04-20T18:18:41Z INFO updating Perfect Privacy servers...

2023-04-20T18:18:42Z ERROR updating server information: server {"vpn":"openvpn","city":"Amsterdam","tcp":true,"udp":true,"ips":["85.17.64.131","85.17.64.131","85.17.64.131","95.211.95.233","95.211.95.244","37.48.94.1","95.168.167.236","85.17.28.145"]} has not enough information: hostname field is empty

"has not enough information: hostname field is empty"

Happens to others too?

Yes, I confirm this is also what I see when trying to trigger a manual update.

qdm12 commented 1 year ago

Hello all, perfect privacy servers got updated (3294b8df604fee2f1fae699aafbed2ead8cb803f) in the latest image and the updater got fixed (d77ec7a6cb2d393c0a3ccaa7877669bd3214d1a6) as well.

Now:

2023-04-17T21:48:22+02:00 WARN [openvpn] No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2023-04-17T21:48:22+02:00 WARN [openvpn] Your certificate has expired!

Can someone fish out the new certificate they have? For now Gluetun has the following values:

https://github.com/qdm12/gluetun/blob/3294b8df604fee2f1fae699aafbed2ead8cb803f/internal/provider/perfectprivacy/openvpnconf.go#L22-L25

15ky3 commented 1 year ago

Can someone fish out the new certificate they have? For now Gluetun has the following values:

https://github.com/qdm12/gluetun/blob/3294b8df604fee2f1fae699aafbed2ead8cb803f/internal/provider/perfectprivacy/openvpnconf.go#L22-L25

How to do this?

Thamos88 commented 1 year ago

Updated and tested new cerificate. See #1539

qdm12 commented 1 year ago

Thanks @Thamos88 ! 👍

I'll do a v3.33.1 bugfix release soon-ish with those new values.

olvier commented 1 year ago

Can sb please tell me what to do now?

Re-created container in Portainer with pulled ":latest", but still no change in the logs Your certificate has expired!

15ky3 commented 1 year ago

You can build in the meantime the container from my forked repo until the pr got merged. Work fine for me.

Or use my container 15ky3/gluetun:latest

Rikj000 commented 1 year ago

Linking to PR #1549

olvier commented 1 year ago

Or use my container 15ky3/gluetun:latest

works like a charm... big thx!

Rikj000 commented 1 year ago

Or use my container 15ky3/gluetun:latest

Thank you @15ky3, the friend of mine, who also uses Perfect Privacy + Gluetun on an x86_64 CPU,
reported that it resolved his issues! :tada:

I'd like to test as well, however I can't, as there are no ARM containers available of your fork.

qdm12 commented 1 year ago

Sorry, not sure what happened, I might had forced push the master branch erasing the commit from @Thamos88 😢 Re-merged @Rikj000 PR (citing both for credits to the fix), so the latest image should now work again (on arm too)