search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.99k stars 368 forks source link

Bug: Can't initiate connection when using port forwarding #225

Closed FlorentLM closed 4 years ago

FlorentLM commented 4 years ago

TLDR: Can't initiate connection when using port forwarding, logs say Error EOF in loop

Sorry for yet another issue, but this seems to be a different problem than last time

  1. Is this urgent?

    • [x] Yes
    • [ ] No

  2. What VPN service provider are you using?

    • [x] PIA
    • [ ] Mullvad
    • [ ] Windscribe
    • [ ] Surfshark
    • [ ] Cyberghost

  3. What's the version of the program?

    See the line at the top of your logs

    Running version latest built on 2020-03-13T01:30:06Z (commit d0f678c)

  4. What are you using to run the container?

    • [ ] Docker run
    • [x] Docker Compose
    • [ ] Kubernetes
    • [ ] Docker stack
    • [ ] Docker swarm
    • [ ] Podman
    • [ ] Other:

  5. Extra information

Logs:

Running version latest built on 2020-08-24T01:53:55Z (commit 6fc2b3d)

🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12

2020-08-24T22:14:51.470+0200    INFO    OpenVPN version: 2.4.9
2020-08-24T22:14:51.471+0200    INFO    Unbound version: 1.10.1
2020-08-24T22:14:51.471+0200    INFO    IPtables version: v1.8.4
2020-08-24T22:14:51.489+0200    INFO    TinyProxy version: 1.10.0
2020-08-24T22:14:51.489+0200    INFO    Settings summary below:

OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 3
|--Run as root: no
|--Private Internet Access settings:
 |--Network protocol: udp
 |--Region: spain
 |--Encryption preset: strong
 |--Port forwarding: on, saved in /forwarded_port
System settings:
|--User ID: 1001
|--Group ID: 100
|--Timezone: europe/paris
|--IP Status filepath: /ip
DNS over TLS disabled, using plaintext DNS 192.168.150.17
Firewall settings:
 |--Allowed subnets: 192.168.150.0/24
 |--VPN input ports: 
TinyProxy settings: disabled
ShadowSocks settings: disabled
Public IP check period: 12h0m0s

2020-08-24T22:14:51.489+0200    INFO    routing: default route found: interface eth0, gateway 172.20.0.1
2020-08-24T22:14:51.489+0200    INFO    routing: local subnet found: 172.20.0.0/16
2020-08-24T22:14:51.489+0200    INFO    openvpn configurator: checking for device /dev/net/tun
2020-08-24T22:14:51.489+0200    WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-08-24T22:14:51.489+0200    INFO    openvpn configurator: creating /dev/net/tun
2020-08-24T22:14:51.490+0200    INFO    firewall: enabling...
2020-08-24T22:14:51.490+0200    INFO    Launching standard output merger
2020-08-24T22:14:51.495+0200    INFO    firewall: enabled successfully
2020-08-24T22:14:51.495+0200    INFO    firewall: setting allowed subnets through firewall...
2020-08-24T22:14:51.497+0200    INFO    routing: adding 192.168.150.0/24 as route via 172.20.0.1 eth0
2020-08-24T22:14:51.497+0200    INFO    http server: listening on 0.0.0.0:8000
2020-08-24T22:14:51.498+0200    INFO    dns over tls: falling back on plaintext DNS at address 192.168.150.17
2020-08-24T22:14:51.498+0200    INFO    dns configurator: using DNS address 192.168.150.17 internally
2020-08-24T22:14:51.498+0200    INFO    dns configurator: using DNS address 192.168.150.17 system wide
2020-08-24T22:14:51.498+0200    INFO    firewall: setting VPN connections through firewall...
2020-08-24T22:14:51.499+0200    INFO    openvpn configurator: starting openvpn
2020-08-24T22:14:51.500+0200    INFO    openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-08-24T22:14:51.500+0200    INFO    openvpn: library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-08-24T22:14:51.501+0200    INFO    openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2020-08-24T22:14:51.501+0200    INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.49.185:1197
2020-08-24T22:14:51.501+0200    INFO    openvpn: Socket Buffers: R=[212992->212992] S=[212992->212992]
2020-08-24T22:14:51.502+0200    INFO    openvpn: UDP link local: (not bound)
2020-08-24T22:14:51.502+0200    INFO    openvpn: UDP link remote: [AF_INET]212.102.49.185:1197
2020-08-24T22:14:51.532+0200    INFO    openvpn: TLS: Initial packet from [AF_INET]212.102.49.185:1197, sid=294103aa bcc29006
2020-08-24T22:14:51.583+0200    INFO    openvpn: VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
2020-08-24T22:14:51.583+0200    INFO    openvpn: VERIFY KU OK
2020-08-24T22:14:51.583+0200    INFO    openvpn: Validating certificate extended key usage
2020-08-24T22:14:51.583+0200    INFO    openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-08-24T22:14:51.583+0200    INFO    openvpn: VERIFY EKU OK
2020-08-24T22:14:51.583+0200    INFO    openvpn: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=cdeec2bf081ff6973c64c83545304d23, name=cdeec2bf081ff6973c64c83545304d23
2020-08-24T22:14:51.705+0200    WARN    openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'
2020-08-24T22:14:51.706+0200    WARN    openvpn: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
2020-08-24T22:14:51.706+0200    WARN    openvpn: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'
2020-08-24T22:14:51.706+0200    WARN    openvpn: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2020-08-24T22:14:51.706+0200    INFO    openvpn: Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2020-08-24T22:14:51.706+0200    INFO    openvpn: [cdeec2bf081ff6973c64c83545304d23] Peer Connection Initiated with [AF_INET]212.102.49.185:1197
2020-08-24T22:14:52.897+0200    INFO    openvpn: SENT CONTROL [cdeec2bf081ff6973c64c83545304d23]: 'PUSH_REQUEST' (status=1)
24T22:14:52.925+0200    INFO    openvpn: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.49.14.1,topology net30,ifconfig 10.49.14.6 10.49.14.5,auth-token'
2020-08-24T22:14:52.925+0200    INFO    openvpn: Pushed option removed by filter: 'auth-token RvLmrTUELkJsQw1S18vaszc47o+hEaP+HcdXYjlVCa4='
2020-08-24T22:14:52.925+0200    INFO    openvpn: OPTIONS IMPORT: timers and/or timeouts modified
2020-08-24T22:14:52.926+0200    INFO    openvpn: OPTIONS IMPORT: compression parms modified
2020-08-24T22:14:52.926+0200    INFO    openvpn: OPTIONS IMPORT: --ifconfig/up options modified
2020-08-24T22:14:52.926+0200    INFO    openvpn: OPTIONS IMPORT: route options modified
2020-08-24T22:14:52.926+0200    INFO    openvpn: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-08-24T22:14:52.926+0200    INFO    openvpn: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2020-08-24T22:14:52.926+0200    INFO    openvpn: Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-08-24T22:14:52.926+0200    INFO    openvpn: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2020-08-24T22:14:52.926+0200    INFO    openvpn: Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2020-08-24T22:14:52.926+0200    INFO    openvpn: ROUTE_GATEWAY 172.20.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:14:00:02
2020-08-24T22:14:52.927+0200    INFO    openvpn: TUN/TAP device tun0 opened
2020-08-24T22:14:52.927+0200    INFO    openvpn: TUN/TAP TX queue length set to 100
2020-08-24T22:14:52.927+0200    INFO    openvpn: /sbin/ip link set dev tun0 up mtu 1500
2020-08-24T22:14:52.929+0200    INFO    openvpn: /sbin/ip addr add dev tun0 local 10.49.14.6 peer 10.49.14.5
2020-08-24T22:14:52.932+0200    INFO    openvpn: /sbin/ip route add 212.102.49.185/32 via 172.20.0.1
2020-08-24T22:14:52.934+0200    INFO    openvpn: /sbin/ip route add 0.0.0.0/1 via 10.49.14.5
2020-08-24T22:14:52.936+0200    INFO    openvpn: /sbin/ip route add 128.0.0.0/1 via 10.49.14.5
2020-08-24T22:14:52.938+0200    INFO    openvpn: /sbin/ip route add 10.49.14.1/32 via 10.49.14.5
2020-08-24T22:14:52.940+0200    INFO    openvpn: UID set to nonrootuser
2020-08-24T22:14:52.940+0200    INFO    openvpn: Initialization Sequence Completed
2020-08-24T22:14:52.941+0200    INFO    dns over tls: not restarting because disabled
2020-08-24T22:14:52.941+0200    INFO    routing: default route found: interface eth0, gateway 172.20.0.1
2020-08-24T22:14:52.942+0200    INFO    Gateway VPN IP address: 212.102.49.185
2020-08-24T22:14:53.237+0200    INFO    ip getter: Public IP address is 212.102.49.185
2020-08-24T22:14:57.993+0200    ERROR   openvpn: Get "http://209.222.18.222:2000/?client_id=9740829f538b4c25ac616f37861109ec18a8c53fa6f618c8d34f359491f39c3e": EOF
2020-08-24T22:14:57.994+0200    INFO    openvpn: retrying in 30 seconds

And then it keeps repeating the last two lines with different client IDs...

Configuration file:

version: '2'

services:
  gluetun:
    image: qmcgaw/private-internet-access:latest
    container_name: gluetun
    hostname: gluetun
    networks:
      - vpn
    cap_add:
      - NET_ADMIN
    environment:
      - VPNSP=private internet access
      - PROTOCOL=udp
      - OPENVPN_VERBOSITY=3
      - OPENVPN_ROOT=no
      - TZ=Europe/xxxx
      - UID=1001
      - GID=100

      # PIA
      - REGION=Spain
      - USER=xxxxxxxxx
      - PASSWORD=xxxxxxxxxxxxxxxxxx
      - PIA_ENCRYPTION=strong
      - PORT_FORWARDING=on
      - PORT_FORWARDING_STATUS_FILE=/forwarded_port

      # Others
      - IP_STATUS_FILE=/ip
      - EXTRA_SUBNETS=192.168.0.0/24

      - DOT=off
      - DNS_PLAINTEXT_ADDRESS=192.168.0.20

      - SHADOWSOCKS=off
      - TINYPROXY=off

    volumes:
      - /path/to/ip:/ip
      - /path/to/forwarded_port:/forwarded_port

    restart: always

Host OS: Debian 9

I tried with and without the DOT option (thinking it was a DNS issue) but it doesn't change anything

Thanks!

qdm12 commented 4 years ago

I think it's just PIA disabling port forwarding on their servers for whatever reason. Please also note that the container will soon (in pull request for now) use the newer PIA servers by default which don't have port forwarding (for now at least), although you will still be able to use the older PIA servers using -e VPNSP="private internet access old". Let's continue the discussion on #177 .