search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.35k stars 348 forks source link

Bug: ProtonVPN Portforwarding fails since today #2051

Closed Lokilicious closed 1 month ago

Lokilicious commented 7 months ago

Is this urgent?

No

Host OS

Debian Buster

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-01-01T18:24:19.221Z (commit c826707)

What's the problem ๐Ÿค”

Port forwarding fails with

2024-01-17T12:39:27Z ERROR [vpn] port forwarding for the first time: adding UDP port mapping: executing remote procedure call: connection timeout: after 2m7.75s

Share your logs (at least 10 lines)

2024-01-17T12:37:13.032332352Z ========================================
2024-01-17T12:37:13.032364410Z ========================================
2024-01-17T12:37:13.032367307Z =============== gluetun ================
2024-01-17T12:37:13.032369164Z ========================================
2024-01-17T12:37:13.032370954Z =========== Made with โค๏ธ by ============
2024-01-17T12:37:13.032373450Z ======= https://github.com/qdm12 =======
2024-01-17T12:37:13.032375228Z ========================================
2024-01-17T12:37:13.032376988Z ========================================
2024-01-17T12:37:13.032378860Z 
2024-01-17T12:37:13.032380705Z Running version latest built on 2024-01-01T18:24:19.221Z (commit c826707)
2024-01-17T12:37:13.032382613Z 
2024-01-17T12:37:13.032384378Z ๐Ÿ”ง Need help? https://github.com/qdm12/gluetun/discussions/new
2024-01-17T12:37:13.032386222Z ๐Ÿ› Bug? https://github.com/qdm12/gluetun/issues/new
2024-01-17T12:37:13.032388023Z โœจ New feature? https://github.com/qdm12/gluetun/issues/new
2024-01-17T12:37:13.032390228Z โ˜• Discussion? https://github.com/qdm12/gluetun/discussions/new
2024-01-17T12:37:13.032393200Z ๐Ÿ’ป Email? quentin.mcgaw@gmail.com
2024-01-17T12:37:13.032396145Z ๐Ÿ’ฐ Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-01-17T12:37:13.033343065Z 2024-01-17T12:37:13Z INFO [routing] default route found: interface eth0, gateway 172.24.0.1, assigned IP 172.24.0.3 and family v4
2024-01-17T12:37:13.033385268Z 2024-01-17T12:37:13Z INFO [routing] local ethernet link found: eth0
2024-01-17T12:37:13.033476158Z 2024-01-17T12:37:13Z INFO [routing] local ipnet found: 172.24.0.0/24
2024-01-17T12:37:13.044057970Z 2024-01-17T12:37:13Z INFO [firewall] enabling...
2024-01-17T12:37:13.096414676Z 2024-01-17T12:37:13Z INFO [firewall] enabled successfully
2024-01-17T12:37:13.320317201Z 2024-01-17T12:37:13Z INFO [storage] creating /gluetun/servers.json with 17743 hardcoded servers
2024-01-17T12:37:13.380724539Z 2024-01-17T12:37:13Z INFO Alpine version: 3.18.5
2024-01-17T12:37:13.390318096Z 2024-01-17T12:37:13Z INFO OpenVPN 2.5 version: 2.5.8
2024-01-17T12:37:13.395568193Z 2024-01-17T12:37:13Z INFO OpenVPN 2.6 version: 2.6.8
2024-01-17T12:37:13.397682969Z 2024-01-17T12:37:13Z INFO Unbound version: 1.17.1
2024-01-17T12:37:13.398105330Z 2024-01-17T12:37:13Z INFO IPtables version: v1.8.9
2024-01-17T12:37:13.398226101Z 2024-01-17T12:37:13Z INFO Settings summary:
2024-01-17T12:37:13.398233181Z โ”œโ”€โ”€ VPN settings:
2024-01-17T12:37:13.398235988Z |   โ”œโ”€โ”€ VPN provider settings:
2024-01-17T12:37:13.398237864Z |   |   โ”œโ”€โ”€ Name: custom
2024-01-17T12:37:13.398239715Z |   |   โ”œโ”€โ”€ Server selection settings:
2024-01-17T12:37:13.398241467Z |   |   |   โ”œโ”€โ”€ VPN type: wireguard
2024-01-17T12:37:13.398243261Z |   |   |   โ”œโ”€โ”€ Target IP address: 190.2.146.180
2024-01-17T12:37:13.398250844Z |   |   |   โ””โ”€โ”€ Wireguard selection settings:
2024-01-17T12:37:13.398253104Z |   |   |       โ”œโ”€โ”€ Endpoint IP address: 190.2.146.180
2024-01-17T12:37:13.398254968Z |   |   |       โ”œโ”€โ”€ Endpoint port: 51820
2024-01-17T12:37:13.398256775Z |   |   |       โ””โ”€โ”€ Server public key: EbxfUNJudEt6J4xL0kHH57eQM+P+OvypYxG4rpzE8iw=
2024-01-17T12:37:13.398258618Z |   |   โ””โ”€โ”€ Automatic port forwarding settings:
2024-01-17T12:37:13.398260387Z |   |       โ”œโ”€โ”€ Redirection listening port: disabled
2024-01-17T12:37:13.398262160Z |   |       โ”œโ”€โ”€ Use code for provider: protonvpn
2024-01-17T12:37:13.398264788Z |   |       โ””โ”€โ”€ Forwarded port file path: /tmp/gluetun/forwarded_port
2024-01-17T12:37:13.398268046Z |   โ””โ”€โ”€ Wireguard settings:
2024-01-17T12:37:13.398270440Z |       โ”œโ”€โ”€ Private key: UBH...Uc=
2024-01-17T12:37:13.398272228Z |       โ”œโ”€โ”€ Interface addresses:
2024-01-17T12:37:13.398273978Z |       |   โ””โ”€โ”€ 10.2.0.2/32
2024-01-17T12:37:13.398275720Z |       โ”œโ”€โ”€ Allowed IPs:
2024-01-17T12:37:13.398277546Z |       |   โ”œโ”€โ”€ 0.0.0.0/0
2024-01-17T12:37:13.398279292Z |       |   โ””โ”€โ”€ ::/0
2024-01-17T12:37:13.398281225Z |       โ””โ”€โ”€ Network interface: tun0
2024-01-17T12:37:13.398283056Z |           โ””โ”€โ”€ MTU: 1400
2024-01-17T12:37:13.398284828Z โ”œโ”€โ”€ DNS settings:
2024-01-17T12:37:13.398286643Z |   โ”œโ”€โ”€ Keep existing nameserver(s): no
2024-01-17T12:37:13.398288374Z |   โ”œโ”€โ”€ DNS server address to use: 127.0.0.1
2024-01-17T12:37:13.398290133Z |   โ””โ”€โ”€ DNS over TLS settings:
2024-01-17T12:37:13.398291860Z |       โ”œโ”€โ”€ Enabled: yes
2024-01-17T12:37:13.398293639Z |       โ”œโ”€โ”€ Update period: every 24h0m0s
2024-01-17T12:37:13.398295388Z |       โ”œโ”€โ”€ Unbound settings:
2024-01-17T12:37:13.398297157Z |       |   โ”œโ”€โ”€ Authoritative servers:
2024-01-17T12:37:13.398298927Z |       |   |   โ””โ”€โ”€ cloudflare
2024-01-17T12:37:13.398300705Z |       |   โ”œโ”€โ”€ Caching: yes
2024-01-17T12:37:13.398302475Z |       |   โ”œโ”€โ”€ IPv6: no
2024-01-17T12:37:13.398304220Z |       |   โ”œโ”€โ”€ Verbosity level: 1
2024-01-17T12:37:13.398305975Z |       |   โ”œโ”€โ”€ Verbosity details level: 0
2024-01-17T12:37:13.398307744Z |       |   โ”œโ”€โ”€ Validation log level: 0
2024-01-17T12:37:13.398309494Z |       |   โ”œโ”€โ”€ System user: root
2024-01-17T12:37:13.398311239Z |       |   โ””โ”€โ”€ Allowed networks:
2024-01-17T12:37:13.398313000Z |       |       โ”œโ”€โ”€ 0.0.0.0/0
2024-01-17T12:37:13.398314780Z |       |       โ””โ”€โ”€ ::/0
2024-01-17T12:37:13.398316530Z |       โ””โ”€โ”€ DNS filtering settings:
2024-01-17T12:37:13.398320701Z |           โ”œโ”€โ”€ Block malicious: yes
2024-01-17T12:37:13.398322694Z |           โ”œโ”€โ”€ Block ads: no
2024-01-17T12:37:13.398324429Z |           โ”œโ”€โ”€ Block surveillance: no
2024-01-17T12:37:13.398326191Z |           โ””โ”€โ”€ Blocked IP networks:
2024-01-17T12:37:13.398327952Z |               โ”œโ”€โ”€ 127.0.0.1/8
2024-01-17T12:37:13.398330172Z |               โ”œโ”€โ”€ 10.0.0.0/8
2024-01-17T12:37:13.398331970Z |               โ”œโ”€โ”€ 172.16.0.0/12
2024-01-17T12:37:13.398333732Z |               โ”œโ”€โ”€ 192.168.0.0/16
2024-01-17T12:37:13.398335481Z |               โ”œโ”€โ”€ 169.254.0.0/16
2024-01-17T12:37:13.398337200Z |               โ”œโ”€โ”€ ::1/128
2024-01-17T12:37:13.398338952Z |               โ”œโ”€โ”€ fc00::/7
2024-01-17T12:37:13.398340682Z |               โ”œโ”€โ”€ fe80::/10
2024-01-17T12:37:13.398342400Z |               โ”œโ”€โ”€ ::ffff:127.0.0.1/104
2024-01-17T12:37:13.398344181Z |               โ”œโ”€โ”€ ::ffff:10.0.0.0/104
2024-01-17T12:37:13.398345926Z |               โ”œโ”€โ”€ ::ffff:169.254.0.0/112
2024-01-17T12:37:13.398347656Z |               โ”œโ”€โ”€ ::ffff:172.16.0.0/108
2024-01-17T12:37:13.398349453Z |               โ””โ”€โ”€ ::ffff:192.168.0.0/112
2024-01-17T12:37:13.398351243Z โ”œโ”€โ”€ Firewall settings:
2024-01-17T12:37:13.398352991Z |   โ”œโ”€โ”€ Enabled: yes
2024-01-17T12:37:13.398354734Z |   โ”œโ”€โ”€ Input ports:
2024-01-17T12:37:13.398356445Z |   |   โ””โ”€โ”€ 8080
2024-01-17T12:37:13.398358249Z |   โ””โ”€โ”€ Outbound subnets:
2024-01-17T12:37:13.398359982Z |       โ””โ”€โ”€ 192.168.178.0/24
2024-01-17T12:37:13.398361734Z โ”œโ”€โ”€ Log settings:
2024-01-17T12:37:13.398363496Z |   โ””โ”€โ”€ Log level: INFO
2024-01-17T12:37:13.398365214Z โ”œโ”€โ”€ Health settings:
2024-01-17T12:37:13.398366953Z |   โ”œโ”€โ”€ Server listening address: 127.0.0.1:9999
2024-01-17T12:37:13.398368723Z |   โ”œโ”€โ”€ Target address: cloudflare.com:443
2024-01-17T12:37:13.398370489Z |   โ”œโ”€โ”€ Duration to wait after success: 5s
2024-01-17T12:37:13.398372256Z |   โ”œโ”€โ”€ Read header timeout: 100ms
2024-01-17T12:37:13.398373978Z |   โ”œโ”€โ”€ Read timeout: 500ms
2024-01-17T12:37:13.398375696Z |   โ””โ”€โ”€ VPN wait durations:
2024-01-17T12:37:13.398377409Z |       โ”œโ”€โ”€ Initial duration: 6s
2024-01-17T12:37:13.398379144Z |       โ””โ”€โ”€ Additional duration: 5s
2024-01-17T12:37:13.398380875Z โ”œโ”€โ”€ Shadowsocks server settings:
2024-01-17T12:37:13.398382627Z |   โ””โ”€โ”€ Enabled: no
2024-01-17T12:37:13.398384363Z โ”œโ”€โ”€ HTTP proxy settings:
2024-01-17T12:37:13.398386132Z |   โ””โ”€โ”€ Enabled: no
2024-01-17T12:37:13.398389708Z โ”œโ”€โ”€ Control server settings:
2024-01-17T12:37:13.398391581Z |   โ”œโ”€โ”€ Listening address: :8000
2024-01-17T12:37:13.398393313Z |   โ””โ”€โ”€ Logging: yes
2024-01-17T12:37:13.398395120Z โ”œโ”€โ”€ OS Alpine settings:
2024-01-17T12:37:13.398396900Z |   โ”œโ”€โ”€ Process UID: 1000
2024-01-17T12:37:13.398398704Z |   โ””โ”€โ”€ Process GID: 100
2024-01-17T12:37:13.398400473Z โ”œโ”€โ”€ Public IP settings:
2024-01-17T12:37:13.398402194Z |   โ”œโ”€โ”€ Fetching: every 12h0m0s
2024-01-17T12:37:13.398403919Z |   โ””โ”€โ”€ IP file path: /tmp/gluetun/ip
2024-01-17T12:37:13.398405645Z โ””โ”€โ”€ Version settings:
2024-01-17T12:37:13.398407402Z     โ””โ”€โ”€ Enabled: yes
2024-01-17T12:37:13.400352845Z 2024-01-17T12:37:13Z INFO [routing] default route found: interface eth0, gateway 172.24.0.1, assigned IP 172.24.0.3 and family v4
2024-01-17T12:37:13.400365284Z 2024-01-17T12:37:13Z INFO [routing] adding route for 0.0.0.0/0
2024-01-17T12:37:13.400484115Z 2024-01-17T12:37:13Z INFO [firewall] setting allowed subnets...
2024-01-17T12:37:13.401102729Z 2024-01-17T12:37:13Z INFO [routing] default route found: interface eth0, gateway 172.24.0.1, assigned IP 172.24.0.3 and family v4
2024-01-17T12:37:13.401110037Z 2024-01-17T12:37:13Z INFO [routing] adding route for 192.168.178.0/24
2024-01-17T12:37:13.401176816Z 2024-01-17T12:37:13Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-01-17T12:37:13.401198249Z 2024-01-17T12:37:13Z INFO [firewall] setting allowed input port 8080 through interface eth0...
2024-01-17T12:37:13.404263397Z 2024-01-17T12:37:13Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-01-17T12:37:13.404728492Z 2024-01-17T12:37:13Z INFO [http server] http server listening on [::]:8000
2024-01-17T12:37:13.404737218Z 2024-01-17T12:37:13Z INFO [firewall] allowing VPN connection...
2024-01-17T12:37:13.404763889Z 2024-01-17T12:37:13Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-01-17T12:37:13.406538648Z 2024-01-17T12:37:13Z INFO [wireguard] Using available kernelspace implementation
2024-01-17T12:37:13.406879018Z 2024-01-17T12:37:13Z INFO [wireguard] Connecting to 190.2.146.180:51820
2024-01-17T12:37:13.407286920Z 2024-01-17T12:37:13Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-01-17T12:37:13.508218746Z 2024-01-17T12:37:13Z INFO [dns] downloading DNS over TLS cryptographic files
2024-01-17T12:37:14.482239365Z 2024-01-17T12:37:14Z INFO [healthcheck] healthy!
2024-01-17T12:37:15.006935821Z 2024-01-17T12:37:15Z INFO [dns] downloading hostnames and IP block lists
2024-01-17T12:37:18.433157291Z 2024-01-17T12:37:18Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52798 in 44.36ยตs
2024-01-17T12:37:18.825840971Z 2024-01-17T12:37:18Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52802 in 7.453ยตs
2024-01-17T12:37:19.038875574Z 2024-01-17T12:37:19Z INFO [dns] init module 0: validator
2024-01-17T12:37:19.038896698Z 2024-01-17T12:37:19Z INFO [dns] init module 1: iterator
2024-01-17T12:37:19.080487710Z 2024-01-17T12:37:19Z INFO [dns] start of service (unbound 1.17.1).
2024-01-17T12:37:19.276597845Z 2024-01-17T12:37:19Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-01-17T12:37:19.294681107Z 2024-01-17T12:37:19Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52812 in 6.088ยตs
2024-01-17T12:37:19.316580225Z 2024-01-17T12:37:19Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-01-17T12:37:19.551676545Z 2024-01-17T12:37:19Z INFO [dns] ready
2024-01-17T12:37:19.864368417Z 2024-01-17T12:37:19Z INFO [vpn] You are running on the bleeding edge of latest!
2024-01-17T12:37:19.864455649Z 2024-01-17T12:37:19Z INFO [port forwarding] starting
2024-01-17T12:37:19.912296049Z 2024-01-17T12:37:19Z INFO [port forwarding] gateway external IPv4 address is 190.2.146.180
2024-01-17T12:37:20.025406849Z 2024-01-17T12:37:20Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52828 in 8.629ยตs
2024-01-17T12:37:20.028140198Z 2024-01-17T12:37:20Z INFO [ip getter] Public IP address is 190.2.146.228 (Netherlands, North Holland, Amsterdam)
2024-01-17T12:37:21.184299864Z 2024-01-17T12:37:21Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52844 in 7.879ยตs
2024-01-17T12:37:23.122892623Z 2024-01-17T12:37:23Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52858 in 300.188ยตs
2024-01-17T12:37:26.741645899Z 2024-01-17T12:37:26Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52884 in 6.737ยตs
2024-01-17T12:37:33.567940022Z 2024-01-17T12:37:33Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52926 in 7.202ยตs
2024-01-17T12:37:46.739135841Z 2024-01-17T12:37:46Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:52982 in 7.452ยตs
2024-01-17T12:38:12.660015606Z 2024-01-17T12:38:12Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:53076 in 7.691ยตs
2024-01-17T12:38:17.614397028Z 2024-01-17T12:38:17Z INFO [http server] 200 GET /portforwarded wrote 11B to 192.168.178.58:60042 in 15.898ยตs
2024-01-17T12:38:17.648622851Z 2024-01-17T12:38:17Z INFO [http server] 400 GET /favicon.ico wrote 41B to 192.168.178.58:60042 in 35.354ยตs
2024-01-17T12:38:19.164388078Z 2024-01-17T12:38:19Z INFO [http server] 200 GET /portforwarded wrote 11B to 192.168.178.58:60042 in 16.884ยตs
2024-01-17T12:38:19.223815184Z 2024-01-17T12:38:19Z INFO [http server] 400 GET /favicon.ico wrote 41B to 192.168.178.58:60042 in 17.374ยตs
2024-01-17T12:39:02.793899696Z 2024-01-17T12:39:02Z INFO [http server] 200 GET /ip wrote 272B to 172.24.0.1:53476 in 677.868ยตs
2024-01-17T12:39:04.214420008Z 2024-01-17T12:39:04Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.24.0.1:53488 in 6.679ยตs
2024-01-17T12:39:07.926412006Z 2024-01-17T12:39:07Z INFO [http server] 200 GET /portforwarded wrote 11B to 192.168.178.58:60070 in 15.851ยตs
2024-01-17T12:39:07.956653451Z 2024-01-17T12:39:07Z INFO [http server] 400 GET /favicon.ico wrote 41B to 192.168.178.58:60070 in 14.838ยตs
2024-01-17T12:39:08.969878655Z 2024-01-17T12:39:08Z INFO [http server] 200 GET /portforwarded wrote 11B to 192.168.178.58:60070 in 18.451ยตs
2024-01-17T12:39:09.001497653Z 2024-01-17T12:39:09Z INFO [http server] 400 GET /favicon.ico wrote 41B to 192.168.178.58:60070 in 60.084ยตs
2024-01-17T12:39:27.666748381Z 2024-01-17T12:39:27Z ERROR [vpn] port forwarding for the first time: adding UDP port mapping: executing remote procedure call: connection timeout: after 2m7.75s

Share your configuration

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=100
      - VPN_TYPE=wireguard
      - VPN_SERVICE_PROVIDER=custom
      - VPN_ENDPOINT_IP=X
      - VPN_ENDPOINT_PORT=51820
      - WIREGUARD_PUBLIC_KEY=X
      - WIREGUARD_PRIVATE_KEY=X
      - WIREGUARD_ADDRESSES=X
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
      - FIREWALL_OUTBOUND_SUBNETS=192.168.178.0/24
      - FIREWALL_INPUT_PORTS=8080
    restart: unless-stopped
    ports:
      - 5800:5800 #Jdownloader
      - 8080:8080/tcp #qBittorrent
      - 8000:8000 #gluetun
    networks:
      gluetun_network:
j-piecuch commented 7 months ago

I have the exact same problem, virtually identical config.

I tried to set up port forwarding manually inside the container by following the instructions from https://protonvpn.com/support/port-forwarding-manual-setup/#how-to-use-port-forwarding

/ # apk add libnatpmp --repository=https://dl-cdn.alpinelinux.org/alpine/edge/community
/ # natpmpc
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 149.88.27.206
epoch = 1124894
closenatpmp() returned 0 (SUCCESS)
/ # natpmpc -g 10.2.0.1 -a 1 0 udp 60
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 149.88.27.206
epoch = 1124909
sendnewportmappingrequest returned 12 (SUCCESS)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -7 (FAILED)
readnatpmpresponseorretry() failed : the gateway does not support nat-pmp

The instructions work fine when I'm connected to the VPN using ProtonVPN's official Linux app (although the app only supports OpenVPN, so it's possible that this issue is wireguard-specific).

j-piecuch commented 7 months ago

Manual port forwarding works with WireGuard, using config downloaded from ProtonVPN site:

[Interface]
# Key for wg-ch
# Bouncing = 0
# NetShield = 1
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = [...]
Address = 10.2.0.2/32
DNS = 10.2.0.1

[Peer]
# CH#61
PublicKey = CgC9o9MUl4n/r4pueamp9JFw2cneCqSnHJD088Zm+Bg=
AllowedIPs = 0.0.0.0/0
Endpoint = 79.135.104.11:51820
$ sudo wg-quick up wg-ch
$ natpmpc -g 10.2.0.1
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 79.135.104.13
epoch = 3984812
closenatpmp() returned 0 (SUCCESS)
$ natpmpc -a 1 0 udp 60 -g 10.2.0.1
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 79.135.104.13
epoch = 3984823
sendnewportmappingrequest returned 12 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Mapped public port 38534 protocol UDP to local port 0 lifetime 60
epoch = 3984823
closenatpmp() returned 0 (SUCCESS)
$ natpmpc -a 1 0 tcp 60 -g 10.2.0.1
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 79.135.104.13
epoch = 3984852
sendnewportmappingrequest returned 12 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Mapped public port 38534 protocol TCP to local port 0 lifetime 60
epoch = 3984852
closenatpmp() returned 0 (SUCCESS)
qdm12 commented 7 months ago

Strange, although no change was made to the code, and their documentation looks the same ๐Ÿค” I changed the code such that the error contain the details of each failed attempt (9 max retries) when doing a network call in commit d8b9b2a85b297208b7fe699e842167dbce752160 can you try pulling the latest image and report back with the logs you get? Because right now executing remote procedure call: connection timeout: after 2m7.75s doesn't really highlight what happened in those 9 tries, except that they all failed.

EDIT: changed bad commit to commit d8b9b2a85b297208b7fe699e842167dbce752160

j-piecuch commented 7 months ago

Port forwarding seems to work fine for me now... I guess it was a temporary problem on the provider's side ยฏ\_(ใƒ„)_/ยฏ

We might want to wait with closing this issue until @Lokilicious confirms this.

Thank you for this awesome piece of software!

Lokilicious commented 7 months ago

For me it also resolved itself ๐Ÿค” maybe some issue with the ProtonVPN server. Anyhow having more accurate log output is always a good thing. Thanks @qdm12

Lokilicious commented 7 months ago

Issue just resurfaced:

26/01/2024 07:28:42 2024-01-26T06:28:42Z ERROR [vpn] port forwarding for the first time: adding UDP port mapping: executing remote procedure call: connection timeout: failed attempts: read udp 10.2.0.2:47511->10.2.0.1:5351: i/o timeout (tries 1, 2, 3, 4, 5, 6, 7, 8, 9)

After changing the ProtonVPN Server it started working again. ๐Ÿค” Not sure if its an issue from gluetun or the server behaves strangely.

j-piecuch commented 7 months ago

It has to be an issue on ProtonVPN's side: the issue also resurfaced for me yesterday. I connected manually (not using gluetun) to the same server with which I was having issues using gluetun: same keys and ip. Using ProtonVPN's own instructions from https://protonvpn.com/support/port-forwarding-manual-setup/#how-to-use-port-forwarding I wasn't able to set up port forwarding:

$ natpmpc -g 10.2.0.1
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 149.88.27.206
epoch = 1872293
closenatpmp() returned 0 (SUCCESS)
$ natpmpc -a 1 0 udp 60 -g 10.2.0.1
initnatpmp() returned 0 (SUCCESS)
using gateway : 10.2.0.1
sendpublicaddressrequest returned 2 (SUCCESS)
readnatpmpresponseorretry returned 0 (OK)
Public IP address : 149.88.27.206
epoch = 1872303
sendnewportmappingrequest returned 12 (SUCCESS)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -100 (TRY AGAIN)
readnatpmpresponseorretry returned -7 (FAILED)
readnatpmpresponseorretry() failed : the gateway does not support nat-pmp
qdm12 commented 1 month ago

Thanks @j-piecuch for confirming, let's close this then. Might be worth sending Protonvpn a message next time this happens. Thanks everyone!

github-actions[bot] commented 1 month ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.