Closed MillsyBot closed 3 months ago
Hi there! I am not sure, I was going to say this VPN server probably doesn't support port forwarding... What server hostname/ip are you using, just to double check? If anyone else has the same issue, please chime in as well, thanks!
Hey! Thanks for the response.
SERVER_NAMES=vancouver433
SERVER_HOSTNAMES=ca-vancouver.privacy.network
SERVER_REGIONS=CA Vancouver
I have been using Vancouver to make the attempts, however I have cycled a few different servers in various regions (Venezuela, Mexico, Norway).
Is there a preferred or recommended order of preference on these variables? like only use SERVER_NAMES
or use all three or use only one?
I have been dealing with the same issue for a while and here is the error I get:
gluetun-public | 2024-01-29T12:14:05-08:00 WARN [port forwarding] Forwarded port data expired on Wed, 10 Jan 2024 16:56:07 UTC, getting another one
gluetun-public | 2024-01-29T12:14:06-08:00 ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching port forwarding data: obtaining signature payload: Get "https://10.27.110.1:19999/getSignature?token=<token>": dial tcp 10.27.110.1:19999: connect: connection refused
I assume the token is actually being passed and the token isn't literal. here is my relevant options: (running the latest version)
- VPN_TYPE=openvpn
- OPENVPN_PROCESS_USER=root
- VPN_SERVICE_PROVIDER=private internet access
- SERVER_REGIONS=CA Vancouver
- VPN_PORT_FORWARDING=on
- VPN_PORT_FORWARDING_PROVIDER=private internet access
- PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET=strong
- FIREWALL=on
Hope some of this helps. Thank you for a great application.
+1 with connection refused
. I confirmed I am using a server with port forwarding by manually testing in the PIA UI and receiving a forwarded port.
This could be related @qdm12 :
https://www.reddit.com/r/PrivateInternetAccess/comments/p0n7ge/cant_get_signature_for_port_forwarding_connection/ https://github.com/triffid/pia-wg/blob/master/pia-portforward.sh#L70-L72
Nice find. One thing I noticed is that gluetun is trying to get the signature from the gateway, which makes sense according to PIA's comments here. Although, in the actual request they use PF_HOSTNAME and not PF_GATEWAY here. Even in the scripts you linked to appear to be using the domain name of the region server i.e. ca-vancouver.privacy.network
Hopefully it's not a red herring.
@MillsyBot your error was Client.Timeout exceeded while awaiting headers
so not connection refused
, is this resolved now?
@anorth2 @ZulliB Your issue connection refused
might be different from the original issue. If PIA port forwarding would be broken in Gluetun, I would expect more people to ask about it π€ Plus it was working before.
Since the gateway is 10.27.110.1
, would you be using 10.0.0.0/8
as your local Docker bridge network for example? These can conflict with the gateway.
@ZulliB The curl command they have
curl -s -m 5 \
--connect-to "$PF_HOSTNAME::$PF_GATEWAY:" \
--cacert "ca.rsa.4096.crt" \
-G --data-urlencode "token=${PIA_TOKEN}" \
"https://${PF_HOSTNAME}:19999/getSignature"
Actually connects to PF_GATEWAY (see --connect-to
), PF_HOSTNAME
is just used as an alias and to validate the TLS name.
Anyway, I also changed code so it communicates with the public VPN server IP address instead of the local gateway for PIA, in image qmcgaw/gluetun:pr-2254
can you try it? Thanks!
I pulled the image with the changes and it looks like it is getting "further" than before
2024-05-07T11:21:40-06:00 ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching port forwarding data: obtaining signature payload: Get "https://208.78.42.180:19999/getSignature?token=<token>": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
root@doctor-ddos:/home/amills/htpc# docker exec -it gluetun sh
/ # wget https://208.78.42.180:19999/
--2024-05-07 11:24:29-- https://208.78.42.180:19999/
Connecting to 208.78.42.180:19999... ^C
/ # wget https://ca-vancouver.privacy.network:19999
--2024-05-07 11:24:59-- https://ca-vancouver.privacy.network:19999/
Resolving ca-vancouver.privacy.network (ca-vancouver.privacy.network)... 208.78.42.215, 89.149.52.23, 208.78.42.213
Connecting to ca-vancouver.privacy.network (ca-vancouver.privacy.network)|208.78.42.215|:19999... connected.
HTTP request sent, awaiting response... 404 Not Found
2024-05-07 11:25:00 ERROR 404: Not Found.
/ # wget https://208.78.42.180:19999/
--2024-05-07 11:25:07-- https://208.78.42.180:19999/
Connecting to 208.78.42.180:19999... ^C
/ # wget https://ca-vancouver.privacy.network:19999/getSignature?token=
--2024-05-07 11:25:27-- https://ca-vancouver.privacy.network:19999/getSignature?token=
Resolving ca-vancouver.privacy.network (ca-vancouver.privacy.network)... 208.78.42.213, 208.78.42.215, 89.149.52.23
Connecting to ca-vancouver.privacy.network (ca-vancouver.privacy.network)|208.78.42.213|:19999... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Username/Password Authentication Failed.
/ #
From inside the container I attempted to use the host name and the original IP. Seems like the host name properly resolves the endpoint.
Am I passing the wrong variables as env
settings?
Can you try pulling qmcgaw/gluetun:pr-2254
and check if it works now? It's now using the server hostname to get the signature and bind the port. I'm not sure why resolving ca-vancouver.privacy.network
gives IP addresses different than the ones given by PIA's API https://serverlist.piaservers.net/vpninfo/servers/v5
but using the hostname should fix at least the /getSignature
part I think.
2024-05-23T21:06:15-06:00 INFO [ip getter] Public IP address is 208.78.42.180 (Canada, British Columbia, Coquitlam)
2024-05-23T21:06:15-06:00 INFO [vpn] There is a new release v3.38.0 (v3.38.0) created 59 days ago
2024-05-23T21:06:15-06:00 INFO [port forwarding] starting
2024-05-23T21:06:16-06:00 ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching port forwarding data: HTTP status code is not OK: https://ca-vancouver.privacy.network:19999/getSignature?token=<token>: 401 401 Unauthorized: response received: { "status": "ERROR", "message": "Unauthorized client"}
Almost there. I literally posted the log line, so
Hi, just to jump onto this thread instead of starting a new one. It seems that PIA port forwarding is not supported when using the "custom" service provider to connect to PIA via wireguard.
@MillsyBot thanks for the feedback! Also sorry for the long delay answering this π’
Does the logging agent obfuscate the token?
Yes it does π π
Does it work with curl https://ca-vancouver.privacy.network:19999/getSignature?token=yourtoken
, replacing yourtoken
? You should be able to get your token with the following curl command, replacing yourpass and youruser with your Openvpn credentials.
curl -X POST -H 'Content-Type application/x-www-form-urlencoded' --data 'password=yourpass&username=youruser' https://www.privateinternetaccess.com/api/client/v2/token
Maybe even outside the VPN tunnel. For reference the 'fetchToken' function in Gluetun is at https://github.com/qdm12/gluetun/blob/4218dba177674f4a9e8ac98f98fc5ee0da4f4ccc/internal/provider/privateinternetaccess/portforward.go#L239
Attempted with the new build and i got the following error
2024-06-17T09:30:47-06:00 INFO [ip getter] Public IP address is X.X.X.X (Canada, British Columbia, Vancouver)
2024-06-17T09:30:47-06:00 INFO [vpn] There is a new release v3.38.0 (v3.38.0) created 83 days ago
2024-06-17T09:30:47-06:00 INFO [port forwarding] starting
2024-06-17T09:30:48-06:00 ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching port forwarding data: HTTP status code is not OK: https://ca-vancouver.privacy.network:19999/getSignature?token=<token>: 401 401 Unauthorized: response received: { "status": "ERROR", "message": "Unauthorized client"}
Using the curl method described above the results are similar
{
"status": "ERROR",
"message": "Unauthorized client"
}
Has this moved, now, to an issue with either my subscription or with PIA?
Not sure what is different for me, but when I try using port forward on openvpn it seems to work just fine.
gluetun | 2024-06-17T21:05:38.274723451Z 2024-06-17T21:05:38Z INFO [ip getter] Public IP address is 140.228.21.147 (Canada, Quebec, MontrΓ©al)
gluetun | 2024-06-17T21:05:38.772714587Z 2024-06-17T21:05:38Z INFO [vpn] You are running on the bleeding edge of latest!
gluetun | 2024-06-17T21:05:38.772748512Z 2024-06-17T21:05:38Z INFO [port forwarding] starting
gluetun | 2024-06-17T21:05:39.789600351Z 2024-06-17T21:05:39Z INFO [port forwarding] Port forwarded data expires in 62 days
gluetun | 2024-06-17T21:05:39.875325244Z 2024-06-17T21:05:39Z INFO [port forwarding] port forwarded is 25984
gluetun | 2024-06-17T21:05:39.875369710Z 2024-06-17T21:05:39Z INFO [firewall] setting allowed input port 25984 through interface tun0...
This is on the latest build, not even using the PR. The interesting thing is, when I change it to vancouver or montreal it wont even connect for me. I tried updating the server list using, https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list, but it still halts on this.
gluetun | 2024-06-17T21:08:48.586132017Z 2024-06-17T21:08:48Z INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun | 2024-06-17T21:08:48.586135144Z 2024-06-17T21:08:48Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
gluetun | 2024-06-17T21:08:48.586904043Z 2024-06-17T21:08:48Z INFO [openvpn] CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
gluetun | 2024-06-17T21:08:48.586912563Z 2024-06-17T21:08:48Z INFO [openvpn] xxxx
gluetun | 2024-06-17T21:08:48.586925976Z 2024-06-17T21:08:48Z INFO [openvpn] -----END X509 CRL-----
gluetun | 2024-06-17T21:08:48.586995179Z 2024-06-17T21:08:48Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]208.78.42.164:1197
gluetun | 2024-06-17T21:08:48.587007861Z 2024-06-17T21:08:48Z INFO [openvpn] UDPv4 link local: (not bound)
gluetun | 2024-06-17T21:08:48.587024341Z 2024-06-17T21:08:48Z INFO [openvpn] UDPv4 link remote: [AF_INET]208.78.42.164:1197
gluetun | 2024-06-17T21:08:48.581087407Z 2024-06-17T21:08:48Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
My issue is different as I'm trying to get this working using wireguard but maybe it all connected?!
Interesting input @xtinct101 maybe it is working as intended currently π€ @MillsyBot have you tried with another VPN server? Also your Docker network or LAN wouldn't conflict with the VPN gateway 10.31.110.1
right?
I re-checked PIA's scripts and it didn't change so the current code (latest image/master branch) should still be working by connecting to the gateway ip address, using the server name as TLS name to verify against.
@xtinct101 I'm re-opening your original issue, since it might well be something different, my bad for thinking it was the same!
As I stated when using montreal it works fine, when i try toronto or vancouver, using openvpn, it wont connect but it also doesnt error out, it just restarts the container.
gluetun | 2024-06-17T21:08:48.586132017Z 2024-06-17T21:08:48Z INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun | 2024-06-17T21:08:48.586135144Z 2024-06-17T21:08:48Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
gluetun | 2024-06-17T21:08:48.586904043Z 2024-06-17T21:08:48Z INFO [openvpn] CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
gluetun | 2024-06-17T21:08:48.586912563Z 2024-06-17T21:08:48Z INFO [openvpn] xxxx
gluetun | 2024-06-17T21:08:48.586925976Z 2024-06-17T21:08:48Z INFO [openvpn] -----END X509 CRL-----
gluetun | 2024-06-17T21:08:48.586995179Z 2024-06-17T21:08:48Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]208.78.42.164:1197
gluetun | 2024-06-17T21:08:48.587007861Z 2024-06-17T21:08:48Z INFO [openvpn] UDPv4 link local: (not bound)
gluetun | 2024-06-17T21:08:48.587024341Z 2024-06-17T21:08:48Z INFO [openvpn] UDPv4 link remote: [AF_INET]208.78.42.164:1197
gluetun | 2024-06-17T21:08:48.581087407Z 2024-06-17T21:08:48Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
@MillsyBot The more I read this together with @xtinct101 comments, my conclusions are:
ca-vancouver.privacy.network:19999
replies 401
unauthorized since you are indeed not authorized. Your token is to communicate with gateway:19999
, not ca-vancouver.privacy.network:19999
gateway:19999
plainly doesn't work (it hangs) and that likely is due to a network conflict (your Docker networks, your LAN?)@xtinct101 Oh indeed, sorry I got confused by (the still confusing π)
(Canada, Quebec, MontrΓ©al) The interesting thing is, when I change it to vancouver or montreal it wont even connect for me
Anyway let's continue the conversation back on your issue π Thanks again
bridge 172.17.0.0/16
code-server_default 172.23.0.0/16
docker-dexcom_default 192.168.112.0/20
homepage_default 172.24.0.0/16
htpc_default 172.31.0.0/16
monitoring_default 172.20.0.0/16
photoprism_default 172.22.0.0/16
pihole_default 172.25.0.0/16
plex_default 172.28.0.0/16
unifi_default 172.19.0.0/16
I don't see a network that would conflict with any 10/8. My home network is all 192.168. networks.
@MillsyBot When running Gluetun, what do you get from docker exec gluetun /bin/sh -c "ip route show all"
? I'm curious to see, maybe the code I wrote doesn't detect the VPN gateway IP address correctly π€ That could explain the client timeout error, since it's trying to reach the wrong ip address.
EDIT: also, you are using OpenVPN correct?
root@d# docker exec gluetun /bin/sh -c "ip route show all"
0.0.0.0/1 via 10.19.110.1 dev tun0
default via 172.17.0.1 dev eth0
10.19.110.0/24 dev tun0 proto kernel scope link src 10.19.110.73
128.0.0.0/1 via 10.19.110.1 dev tun0
140.228.21.88 via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3
root@d# docker exec gluetun /bin/sh -c "dig ca-montreal.privacy.network +short"
172.98.71.13
84.247.105.88
140.228.24.188
024-06-17T20:58:22-06:00 INFO Settings summary:
βββ VPN settings:
| βββ VPN provider settings:
| | βββ Name: private internet access
| | βββ Server selection settings:
| | | βββ VPN type: openvpn
| | | βββ Regions: CA Montreal
| | | βββ Server names: montreal420
| | | βββ Hostnames: ca-montreal.privacy.network
| | | βββ OpenVPN server selection settings:
| | | βββ Protocol: UDP
| | | βββ Private Internet Access encryption preset: strong
| | βββ Automatic port forwarding settings:
| | βββ Redirection listening port: disabled
| | βββ Use code for provider: private internet access
| | βββ Forwarded port file path: /gluetun/forwarded_port
| βββ OpenVPN settings:
| βββ OpenVPN version: 2.6
| βββ User: [set]
| βββ Password: [set]
| βββ Private Internet Access encryption preset: strong
| βββ Network interface: tun0
| βββ Run OpenVPN as: root
| βββ Verbosity level: 1
| βββ Flags: [--fast-io --sndbuf 512000 --rcvbuf 512000 --txqueuelen 2000]
βββ DNS settings:
| βββ Keep existing nameserver(s): no
| βββ DNS server address to use: 127.0.0.1
| βββ DNS over TLS settings:
| βββ Enabled: yes
| βββ Update period: every 24h0m0s
| βββ Unbound settings:
| | βββ Authoritative servers:
| | | βββ cloudflare
| | βββ Caching: yes
| | βββ IPv6: no
| | βββ Verbosity level: 1
| | βββ Verbosity details level: 0
| | βββ Validation log level: 0
| | βββ System user: root
| | βββ Allowed networks:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ DNS filtering settings:
| βββ Block malicious: yes
| βββ Block ads: no
| βββ Block surveillance: no
| βββ Blocked IP networks:
| βββ 127.0.0.1/8
| βββ 10.0.0.0/8
| βββ 172.16.0.0/12
| βββ 192.168.0.0/16
| βββ 169.254.0.0/16
| βββ ::1/128
| βββ fc00::/7
| βββ fe80::/10
| βββ ::ffff:127.0.0.1/104
| βββ ::ffff:10.0.0.0/104
| βββ ::ffff:169.254.0.0/112
| βββ ::ffff:172.16.0.0/108
| βββ ::ffff:192.168.0.0/112
βββ Firewall settings:
| βββ Enabled: yes
| βββ Outbound subnets:
| βββ 10.0.0.0/8
| βββ 192.168.0.0/16
| βββ 172.16.0.0/12
βββ Log settings:
| βββ Log level: info
βββ Health settings:
| βββ Server listening address: 127.0.0.1:9999
| βββ Target address: cloudflare.com:443
| βββ Duration to wait after success: 5s
| βββ Read header timeout: 100ms
| βββ Read timeout: 500ms
| βββ VPN wait durations:
| βββ Initial duration: 6s
| βββ Additional duration: 5s
βββ Shadowsocks server settings:
| βββ Enabled: no
βββ HTTP proxy settings:
| βββ Enabled: yes
| βββ Listening address: :8888
| βββ User:
| βββ Password: [not set]
| βββ Stealth mode: no
| βββ Log: no
| βββ Read header timeout: 1s
| βββ Read timeout: 3s
βββ Control server settings:
| βββ Listening address: :8000
| βββ Logging: yes
βββ OS Alpine settings:
| βββ Process UID: 1000
| βββ Process GID: 1000
| βββ Timezone: America/Denver
βββ Public IP settings:
| βββ Fetching: every 12h0m0s
| βββ IP file path: /tmp/gluetun/ip
| βββ Public IP data API: ipinfo
βββ Version settings:
βββ Enabled: yes
Yes, I am using OpenVPN.
| βββ Outbound subnets:
| βββ 10.0.0.0/8
That might conflict, can you try removing it? That's as I recall the FIREWALL_OUTBOUND_SUBNETS
variable
βββ Firewall settings:
| βββ Enabled: yes
| βββ Outbound subnets:
| βββ 192.168.0.0/16
| βββ 172.16.0.0/12
βββ Log settings:
| βββ Log level: info
Same
2024-06-18T15:51:08-06:00 ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching port forwarding data: HTTP status code is not OK: https://ca-montreal.privacy.network:19999/getSignature?token=<token>: 401 401 Unauthorized: response received: { "status": "ERROR", "message": "Unauthorized client"}
But switch back to the latest image instead (using the gateway IP address, not the vpn server hostname)
2024-06-19T18:16:50-06:00 INFO [port forwarding] Port forwarded data expires in 62 days
2024-06-19T18:16:50-06:00 INFO [port forwarding] port forwarded is 27292
2024-06-19T18:16:50-06:00 INFO [firewall] setting allowed input port 27292 through interface tun0...
2024-06-19T18:16:50-06:00 INFO [port forwarding] writing port file /gluetun/forwarded_port
Everything works.
Thanks for the patience!
Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.
This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.
Hi same problem here with Wireguard + PIA. Port forwarding seems to not work. How could I solve it?
βββ VPN settings:
| βββ VPN provider settings:
| | βββ Name: custom
| | βββ Server selection settings:
| | | βββ VPN type: wireguard
| | | βββ Target IP address: target ip
| | | βββ Server names: name
| | | βββ Wireguard selection settings:
| | | βββ Endpoint IP address: ip
| | | βββ Endpoint port: port
| | | βββ Server public key: publickey
| | βββ Automatic port forwarding settings:
| | βββ Redirection listening port: disabled
| | βββ Use code for provider: private internet access
| | βββ Forwarded port file path: /tmp/gluetun/forwarded_port.txt
| | βββ Credentials:
| | βββ Username: username
| | βββ Password: [set]
| βββ Wireguard settings:
| βββ Private key: WGG...nQ=
| βββ Interface addresses:
| | βββ int ip
| βββ Allowed IPs:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ Network interface: tun0
| βββ MTU: 1400
βββ DNS settings:
| βββ Keep existing nameserver(s): no
| βββ DNS server address to use: 127.0.0.1
| βββ DNS over TLS settings:
| βββ Enabled: yes
| βββ Update period: every 24h0m0s
| βββ Unbound settings:
| | βββ Authoritative servers:
| | | βββ cloudflare
| | βββ Caching: yes
| | βββ IPv6: no
| | βββ Verbosity level: 1
| | βββ Verbosity details level: 0
| | βββ Validation log level: 0
| | βββ System user: root
| | βββ Allowed networks:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ DNS filtering settings:
| βββ Block malicious: yes
| βββ Block ads: no
| βββ Block surveillance: no
| βββ Blocked IP networks:
| βββ 127.0.0.1/8
| βββ 10.0.0.0/8
| βββ 172.16.0.0/12
| βββ 192.168.0.0/16
| βββ 169.254.0.0/16
| βββ ::1/128
| βββ fc00::/7
| βββ fe80::/10
| βββ ::ffff:127.0.0.1/104
| βββ ::ffff:10.0.0.0/104
| βββ ::ffff:169.254.0.0/112
| βββ ::ffff:172.16.0.0/108
| βββ ::ffff:192.168.0.0/112
βββ Firewall settings:
| βββ Enabled: yes
βββ Log settings:
| βββ Log level: info
βββ Health settings:
| βββ Server listening address: 127.0.0.1:9999
| βββ Target address: cloudflare.com:443
| βββ Duration to wait after success: 5s
| βββ Read header timeout: 100ms
| βββ Read timeout: 500ms
| βββ VPN wait durations:
| βββ Initial duration: 6s
| βββ Additional duration: 5s
βββ Shadowsocks server settings:
| βββ Enabled: no
βββ HTTP proxy settings:
| βββ Enabled: no
βββ Control server settings:
| βββ Listening address: :8000
| βββ Logging: yes
βββ OS Alpine settings:
| βββ Process UID: 1000
| βββ Process GID: 1000
βββ Public IP settings:
| βββ Fetching: every 12h0m0s
| βββ IP file path: /tmp/gluetun/ip
| βββ Public IP data API: ipinfo
βββ Version settings:
βββ Enabled: yes
2024-07-22T17:29:54Z INFO [port forwarding] starting
2024-07-22T17:30:09Z ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching token: Post "https://www.privateinternetaccess.com/api/client/v2/token": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-07-22T18:06:17Z ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching port forwarding data: obtaining signature payload: Get "https://10.5.246.1:19999/getSignature?token=<token>": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
services:
gluetun:
image: qmcgaw/gluetun
devices:
- /dev/net/tun:/dev/net/tun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
- VPN_ENDPOINT_IP=ip
- VPN_ENDPOINT_PORT=port
- WIREGUARD_PRIVATE_KEY=...
- WIREGUARD_PUBLIC_KEY=...
- WIREGUARD_ADDRESSES=address
- SERVER_NAMES=name
- VPN_PORT_FORWARDING=on
- VPN_PORT_FORWARDING_PROVIDER=private internet access
- VPN_PORT_FORWARDING_STATUS_FILE=/tmp/gluetun/forwarded_port.txt
- VPN_PORT_FORWARDING_USERNAME=user
- VPN_PORT_FORWARDING_PASSWORD=pass
#- FIREWALL_VPN_INPUT_PORTS=3094
restart: always
@MrColoo see issue #2320 π
this thread was useful but I'm still stuck on the same issue the OP is on using pr-2254
Keep getting the 401 error. Is there anyway I can help with this problem?
2024-08-07T01:26:53Z ERROR [vpn] port forwarding for the first time: refreshing port forward data: fetching port forwarding data: HTTP status code is not OK: https://ca-ontario.privacy.network:19999/getSignature?token=<token>: 401 401 Unauthorized: response received: { "status": "ERROR", "message": "Unauthorized client"}
env:
OPENVPN_USER:
secretKeyRef:
expandObjectName: false
name: vpn-credentials
key: username
OPENVPN_PASSWORD:
secretKeyRef:
expandObjectName: false
name: vpn-credentials
key: password
DOT: off
FIREWALL_OUTBOUND_SUBNETS: 10.0.0.0/8
DNS_PLAINTEXT_ADDRESS: 10.0.0.243
PORT_FORWARD_ONLY: true
VPN_PORT_FORWARDING: on
VPN_PORT_FORWARDING_PROVIDER: "private internet access"
VPN_SERVICE_PROVIDER: "private internet access"
SERVER_REGIONS: CA Ontario
The tunnel comes up but no PF sadly.
Perhaps try removing the value for FIREWALL_OUTBOUND_SUBNETS
?
EDIT: I don't monitor closed issues, so you will likely not get another response
Hello!
First off: thanks for making such a cool product!
Now to business: I have been using PIA (sans port forwarding) for sometime and have really enjoyed it. I am attempting now to add the port forwarding feature for a current use case that I have. I believe that I have configured things properly, however it is quite possible that I missed something. Here are the relevant environment variables
And here are the logs that I am getting.
I have verified on a few locations that claim they support port forwarding, however the results are the same. I attempted to reach the 10.31.110.1 port 19999 from inside the gluetun container, and that was also a bust.
Thanks in advance for any help. Sorry if this one is too obvious!