Closed jsrich1102 closed 5 months ago
I'm facing the same issue!
I just setup a backup that uses Wireguard and not OpenVPN. working for me right now. I am not sure why there is an issue with VPN Unlimited and OpenVPN working together.
I just setup a backup that uses Wireguard and not OpenVPN. working for me right now. I am not sure why there is an issue with VPN Unlimited and OpenVPN working together.
It works with Wireguard. Thanks!
I just setup a backup that uses Wireguard and not OpenVPN. working for me right now. I am not sure why there is an issue with VPN Unlimited and OpenVPN working together.
can you share a wireguard compose? and you downloaded a wg conf from the website?
I just setup a backup that uses Wireguard and not OpenVPN. working for me right now. I am not sure why there is an issue with VPN Unlimited and OpenVPN working together.
can you share a wireguard compose? and you downloaded a wg conf from the website?
I downloaded from the website...
Have you tried steps mentioned in https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md ?? Was it working before? Did it work on a previous Gluetun release? Do the CA still match
and
?
I just downloaded a fresh ovpn file and it matches the CA still.
Does it work again now? Is it failing for all their openvpn servers?
it works on some like us-la, but not others like canada. getting the self signed cert error
What can us users do to help get gluetun updated? Looks like the problem has been known for a over a month now #2005, are there specific logs we can provide? I am having this issue hitting ca-tr.vpnunlimitedapp.com
for example.
gluetun | 2024-03-25T06:14:28Z INFO [openvpn] VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: C=US, ST=NY, L=New York, O=Simplex Solutions Inc., OU=Vpn Unlimited, CN=server.vpnunlimitedapp.com, name=server.vpnunlimitedapp.com, emailAddress=support@simplexsolutionsinc.com, serial=12327878784855983598
I tested the same .ovpn
file on an android device in the openvpn app and it worked right away (with just the cert info in the .ovpn
file, no additional user/pass auth required).
Wireguard appears to be unaffected, only OpenVPN.
Updated to 3.38.0 and same issue.
VERIFY ERROR: depth=1, error=self-signed certificate in certificate chain: C=US, ST=NY, L=New York, O=Simplex Solutions Inc., OU=Vpn Unlimited, CN=server.vpnunlimitedapp.com, name=server.vpnunlimitedapp.com, emailAddress=support@simplexsolutions.com, serial=12327878784855983598
It may be the fqdn mismatch. The cert is giving server.vpnunlimitedapp.com and the host in the config is ca-tr instead of server.
@xenago please compare the certificate base64 encoded values (or post them here), they probably updated the certificates for some of their servers I guess? 🤔 Also has anyone tried running with OPENVPN_VERSION=2.6
see if it fixes it?
@qdm12 I went through the OpenVPN log on Android since that was working, and compared with the broken Gluetun log and noticed the servers were serving different certs. That seemed weird until I realized that the ports were actually different. Gluetun doesn't appear to be using the last line in the .ovpn
file: port 1197
, and is instead connecting on port 1194
. The key was setting VPN_ENDPOINT_PORT=1197
and then the connection worked fine. OpenVPN 2.5 and 2.6 both function as expected with that environment variable set.
Thanks @xenago ! I guess they changed that on their end, ugh. So the certificates are the same as the ones set in Gluetun, but just the endpoint port changed right? Did it change endpoint port for both TCP and UDP?
@qdm12 The certs seem to be the same, and by changing the proto udp
line to proto tcp
in the .ovpn
file it works on Android so I believe the port changed for both TCP and UDP to 1197
!
Part of why this was hard to diagnose was because gluetun is not parsing (or ignoring?) the contents at the bottom of the .ovpn
file, i.e.
remote ca-tr.vpnunlimitedapp.com
proto udp
port 1197
I'd expect all the config values within the file to be respected by gluetun, which should have allowed this connection to succeed even if the hardcoded configs in gluetun are not correct. Should I submit a separate issue for this problem of gluetun not following config values in .ovpn
files?
A few questions here:
port 1197
option was ignored, correct? The port
option is, if I recall correctly, deprecated and the port should be in a remote ip port
form. But I can add the port
parsing, that shouldn't hurt.@qdm12
I don't know if it's officially supported or not, they don't seem to say. But it does currently work on TCP, as it did function in my test with the android openvpn app (by editing the config to use tcp instead of udp for the proto
directive). I confirmed after connecting that it said TCP. But hard to know if that will remain the case since the .ovpn
file generated by their website does only contain proto udp
.
Yes, exactly - I am using the custom provider option. Is port
actually deprecated? It doesn't appear to be listed alongside others like keysize
on the official list, but I could be misreading
VPNUnlimited UDP port changed from 1194 to 1197 in 0b078e5f5eb275d514ba8069e40958bc8c56d7a4
port 2321
should now be parsed correctly.Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.
This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.
Is this urgent?
None
Host OS
Docker in Synology
CPU arch
x86_64
VPN service provider
VPNUnlimited
What are you using to run the container
docker-compose
What is the version of Gluetun
lastest
What's the problem 🤔
Getting the same TLS Error: TLS handshake failed we got back a few months ago. I tried to use all the addresses listed in the json file and pull a new OVPN as well as pull a new cert for it with the same issue.
Share your logs (at least 10 lines)
Share your configuration