qdm12
commented
1 year ago Would you please download an openvpn configuration from protonvpn and check what they have for the ciphers or data-ciphers line?
Closed Lagicrus closed 1 year ago
qdm12
commented
1 year ago Would you please download an openvpn configuration from protonvpn and check what they have for the ciphers or data-ciphers line?
qdm12
commented
1 year ago I pushed f8a41b2133274bf4b5e6d6c2d0cd10f036870ec5 which adds aes-256-gcm on top of the previous aes-256-cbc. Maybe they now no longer support cbc in favor of gcm, it's worth a try. I would still be interested in that ciphers line in their config, in case they allow more ciphers.
Note you can also use OPENVPN_CIPHERS=aes-256-gcm to specify one or more custom ciphers to use, which might help debug your issue too 😉
Lagicrus
commented
1 year ago Hey, sorry for the delay, I currently see
# The following setting is only needed for old OpenVPN clients compatibility. New clients
# automatically negotiate the optimal cipher.
cipher AES-256-CBCWithin the ovpn file
Lagicrus
commented
1 year ago So I added the OPENVPN_CIPHERS=aes-256-cbc as you suggested and it works, on a whim I restarted another gluetun instance with no changes, and that one also worked straight away?
Best I can guess is it was a fluke on Protons side but honestly unsure about the behaviour
2023-07-01 12:55:54.978627+00:002023-07-01T12:55:54.978627890Z
2023-07-01 12:55:54.978649+00:00Running version v3.34.3 built on 2023-05-31T14:57:40.709Z (commit 42caa64)
2023-07-01 12:55:54.978677+00:002023-07-01T12:55:54.978677283Z
2023-07-01 12:55:54.978692+00:00🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
2023-07-01 12:55:54.978707+00:00🐛 Bug? https://github.com/qdm12/gluetun/issues/new
2023-07-01 12:55:54.978727+00:00✨ New feature? https://github.com/qdm12/gluetun/issues/new
2023-07-01 12:55:54.978755+00:00☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
2023-07-01 12:55:54.978770+00:00💻 Email? quentin.mcgaw@gmail.com
2023-07-01 12:55:54.978785+00:00💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-07-01 12:55:54.978811+00:002023-07-01T13:55:54+01:00 WARN You are using the old environment variable UID, please consider changing it to PUID
2023-07-01 12:55:54.978839+00:002023-07-01T13:55:54+01:00 WARN You are using the old environment variable GID, please consider changing it to PGID
2023-07-01 12:55:54.979093+00:002023-07-01T13:55:54+01:00 INFO [routing] default route found: interface eth0, gateway 172.16.0.1, assigned IP 172.16.3.95 and family v4
2023-07-01 12:55:54.979161+00:002023-07-01T13:55:54+01:00 INFO [routing] local ethernet link found: eth0
2023-07-01 12:55:54.979205+00:002023-07-01T13:55:54+01:00 INFO [routing] local ipnet found: 172.16.0.0/16
2023-07-01 12:55:55.026781+00:002023-07-01T13:55:55+01:00 INFO [firewall] enabling...
2023-07-01 12:55:55.153284+00:002023-07-01T13:55:55+01:00 INFO [firewall] enabled successfully
2023-07-01 12:55:55.414525+00:002023-07-01T13:55:55+01:00 INFO [storage] creating /gluetun/servers.json with 13056 hardcoded servers
2023-07-01 12:55:55.491747+00:002023-07-01T13:55:55+01:00 INFO Alpine version: 3.17.3
2023-07-01 12:55:55.492925+00:002023-07-01T13:55:55+01:00 INFO OpenVPN 2.4 version: 2.4.12
2023-07-01 12:55:55.495758+00:002023-07-01T13:55:55+01:00 INFO OpenVPN 2.5 version: 2.5.8
2023-07-01 12:55:55.497023+00:002023-07-01T13:55:55+01:00 INFO Unbound version: 1.17.1
2023-07-01 12:55:55.497590+00:002023-07-01T13:55:55+01:00 INFO IPtables version: v1.8.8
2023-07-01 12:55:55.497712+00:002023-07-01T13:55:55+01:00 INFO Settings summary:
2023-07-01 12:55:55.497731+00:00├── VPN settings:
2023-07-01 12:55:55.497742+00:00| ├── VPN provider settings:
2023-07-01 12:55:55.497761+00:00| | ├── Name: protonvpn
2023-07-01 12:55:55.497770+00:00| | └── Server selection settings:
2023-07-01 12:55:55.497779+00:00| | ├── VPN type: openvpn
2023-07-01 12:55:55.497788+00:00| | ├── Countries: united kingdom
2023-07-01 12:55:55.497802+00:00| | ├── Cities: manchester
2023-07-01 12:55:55.497811+00:00| | └── OpenVPN server selection settings:
2023-07-01 12:55:55.497820+00:00| | └── Protocol: UDP
2023-07-01 12:55:55.497829+00:00| └── OpenVPN settings:
2023-07-01 12:55:55.497838+00:00| ├── OpenVPN version: 2.5
2023-07-01 12:55:55.497855+00:00| ├── User: [set]
2023-07-01 12:55:55.497865+00:00| ├── Password: [set]
2023-07-01 12:55:55.497874+00:00| ├── Ciphers: [aes-256-cbc]
2023-07-01 12:55:55.497883+00:00| ├── Network interface: tun0
2023-07-01 12:55:55.497892+00:00| ├── Run OpenVPN as: root
2023-07-01 12:55:55.497908+00:00| └── Verbosity level: 1
2023-07-01 12:55:55.497918+00:00├── DNS settings:
2023-07-01 12:55:55.497928+00:00| ├── DNS server address to use: 127.0.0.1
2023-07-01 12:55:55.497937+00:00| ├── Keep existing nameserver(s): yes
2023-07-01 12:55:55.497952+00:00| └── DNS over TLS settings:
2023-07-01 12:55:55.497962+00:00| └── Enabled: no
2023-07-01 12:55:55.497971+00:00├── Firewall settings:
2023-07-01 12:55:55.497981+00:00| ├── Enabled: yes
2023-07-01 12:55:55.497989+00:00| └── Outbound subnets:
2023-07-01 12:55:55.498004+00:00| ├── 172.16.0.0/16
2023-07-01 12:55:55.498014+00:00| ├── 172.17.0.0/16
2023-07-01 12:55:55.498023+00:00| └── 192.168.0.0/24
2023-07-01 12:55:55.498032+00:00├── Log settings:
2023-07-01 12:55:55.498040+00:00| └── Log level: INFO
2023-07-01 12:55:55.498056+00:00├── Health settings:
2023-07-01 12:55:55.498064+00:00| ├── Server listening address: 127.0.0.1:9999
2023-07-01 12:55:55.498073+00:00| ├── Target address: google.com:443
2023-07-01 12:55:55.498081+00:00| ├── Duration to wait after success: 5s
2023-07-01 12:55:55.498090+00:00| ├── Read header timeout: 100ms
2023-07-01 12:55:55.498105+00:00| ├── Read timeout: 500ms
2023-07-01 12:55:55.498114+00:00| └── VPN wait durations:
2023-07-01 12:55:55.498123+00:00| ├── Initial duration: 6s
2023-07-01 12:55:55.498132+00:00| └── Additional duration: 5s
2023-07-01 12:55:55.498140+00:00├── Shadowsocks server settings:
2023-07-01 12:55:55.498155+00:00| └── Enabled: no
2023-07-01 12:55:55.498164+00:00├── HTTP proxy settings:
2023-07-01 12:55:55.498173+00:00| └── Enabled: no
2023-07-01 12:55:55.498182+00:00├── Control server settings:
2023-07-01 12:55:55.498194+00:00| ├── Listening address: :8000
2023-07-01 12:55:55.498209+00:00| └── Logging: yes
2023-07-01 12:55:55.498219+00:00├── OS Alpine settings:
2023-07-01 12:55:55.498227+00:00| ├── Process UID: 568
2023-07-01 12:55:55.498236+00:00| ├── Process GID: 568
2023-07-01 12:55:55.498244+00:00| └── Timezone: Europe/London
2023-07-01 12:55:55.498260+00:00├── Public IP settings:
2023-07-01 12:55:55.498270+00:00| ├── Fetching: every 12h0m0s
2023-07-01 12:55:55.498279+00:00| └── IP file path: /tmp/gluetun/ip
2023-07-01 12:55:55.498288+00:00├── Server data updater settings:
2023-07-01 12:55:55.498296+00:00| ├── Update period: 24h0m0s
2023-07-01 12:55:55.498313+00:00| ├── DNS address: 1.1.1.1:53
2023-07-01 12:55:55.498323+00:00| ├── Minimum ratio: 0.8
2023-07-01 12:55:55.498332+00:00| └── Providers to update: protonvpn
2023-07-01 12:55:55.498341+00:00└── Version settings:
2023-07-01 12:55:55.498354+00:00└── Enabled: yes
2023-07-01 12:55:55.522751+00:002023-07-01T13:55:55+01:00 INFO [routing] default route found: interface eth0, gateway 172.16.0.1, assigned IP 172.16.3.95 and family v4
2023-07-01 12:55:55.522800+00:002023-07-01T13:55:55+01:00 INFO [routing] adding route for 0.0.0.0/0
2023-07-01 12:55:55.522864+00:002023-07-01T13:55:55+01:00 INFO [firewall] setting allowed subnets...
2023-07-01 12:55:55.525886+00:002023-07-01T13:55:55+01:00 INFO [routing] default route found: interface eth0, gateway 172.16.0.1, assigned IP 172.16.3.95 and family v4
2023-07-01 12:55:55.525918+00:002023-07-01T13:55:55+01:00 INFO [routing] adding route for 172.16.0.0/16
2023-07-01 12:55:55.525994+00:002023-07-01T13:55:55+01:00 INFO [routing] adding route for 172.17.0.0/16
2023-07-01 12:55:55.526102+00:002023-07-01T13:55:55+01:00 INFO [routing] adding route for 192.168.0.0/24
2023-07-01 12:55:55.526258+00:002023-07-01T13:55:55+01:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-07-01 12:55:55.526357+00:002023-07-01T13:55:55+01:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2023-07-01 12:55:55.526576+00:002023-07-01T13:55:55+01:00 INFO [http server] http server listening on [::]:8000
2023-07-01 12:55:55.526684+00:002023-07-01T13:55:55+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2023-07-01 12:55:55.527213+00:002023-07-01T13:55:55+01:00 INFO [firewall] allowing VPN connection...
2023-07-01 12:55:55.532835+00:002023-07-01T13:55:55+01:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
2023-07-01 12:55:55.532867+00:002023-07-01T13:55:55+01:00 INFO [openvpn] library versions: OpenSSL 3.0.9 30 May 2023, LZO 2.10
2023-07-01 12:55:55.534652+00:002023-07-01T13:55:55+01:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.133.130:1194
2023-07-01 12:55:55.534679+00:002023-07-01T13:55:55+01:00 INFO [openvpn] UDP link local: (not bound)
2023-07-01 12:55:55.534687+00:002023-07-01T13:55:55+01:00 INFO [openvpn] UDP link remote: [AF_INET]146.70.133.130:1194
2023-07-01 12:55:55.666704+00:002023-07-01T13:55:55+01:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
2023-07-01 12:55:55.666774+00:002023-07-01T13:55:55+01:00 WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2023-07-01 12:55:55.666786+00:002023-07-01T13:55:55+01:00 INFO [openvpn] [node-uk-14.protonvpn.net] Peer Connection Initiated with [AF_INET]146.70.133.130:1194
2023-07-01 12:55:56.858885+00:002023-07-01T13:55:56+01:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2023-07-01 12:55:56.859262+00:002023-07-01T13:55:56+01:00 INFO [openvpn] TUN/TAP device tun0 opened
2023-07-01 12:55:56.859304+00:002023-07-01T13:55:56+01:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2023-07-01 12:55:56.860299+00:002023-07-01T13:55:56+01:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2023-07-01 12:55:56.861141+00:002023-07-01T13:55:56+01:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.23.0.5/16
2023-07-01 12:55:56.863729+00:002023-07-01T13:55:56+01:00 INFO [openvpn] UID set to nonrootuser
2023-07-01 12:55:56.863757+00:002023-07-01T13:55:56+01:00 INFO [openvpn] Initialization Sequence Completed
2023-07-01 12:55:59.576434+00:002023-07-01T13:55:59+01:00 INFO [healthcheck] healthy!
2023-07-01 12:56:02.129271+00:002023-07-01T13:56:02+01:00 INFO [ip getter] Public IP address is 146.70.133.137 (United Kingdom, England, Manchester)
2023-07-01 12:56:02.460377+00:002023-07-01T13:56:02+01:00 INFO [vpn] There is a new release v3.35.0 (v3.35.0) created 2 days ago
2023-07-01 12:58:03.802643+00:002023-07-01T13:58:03+01:00 INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup google.com: i/o timeout
2023-07-01 12:58:11.806733+00:002023-07-01T13:58:11+01:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun/wiki/Healthcheck)
2023-07-01 12:58:11.806807+00:002023-07-01T13:58:11+01:00 INFO [vpn] stoppingDoesn't seem have to have logs after it "stopped" but still have network going through it so a bit confused 🤷
qdm12
commented
1 year ago Oh ok might had been a fluke on their side indeed. Anyway the gcm version is added too, so in case they no longer want cbc it'll still work. And yes I could remove the client ciphers list especially since openvpn 2.4 is no longer supported, but not a priority as long as it's working fine 😉
Doesn't seem have to have logs after it "stopped" but still have network going through it so a bit confused
Might be hanging somewhere with the restart, weird, but also I need to refactor all my "run loops" (vpn, dns, proxy etc.) since they are utterly complicated and prone to error, so this should be resolved at some point in the future 😉
crestAT
commented
10 months ago Sorry guys for step in on an already closed issue but I just want to drop a note that from the beginning of December I've got the same "no shared cipher" error and the solution was to add "OPENVPN_CIPHERS = aes-256-gcm" (which was not set before!). I tried at first "OPENVPN_CIPHERS = aes-256-cbc" but this was not working.
m4heshd
commented
8 months ago @crestAT Same issue started happening to me in December. Thank you so much. Setting it manually worked.
Is this urgent?
Yes
Host OS
No response
CPU arch
x86_64
VPN service provider
ProtonVPN
What are you using to run the container
Kubernetes
What is the version of Gluetun
Running version v3.34.3 built on 2023-05-31T14:57:40.709Z (commit 42caa64)
What's the problem 🤔
Cannot use gluetun since I believe yesterday when after updating containers, it refuses to talk to the VPN because no shared cipher. Note I think it is Kubernetes as this is ran within TrueCharts?
Share your logs
Share your configuration
No response