search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.1k stars 374 forks source link

Bug: Windscribe server list is outdated #2261

Open giorgiooriani opened 6 months ago

giorgiooriani commented 6 months ago

Is this urgent?

No

Host OS

Synology DSM 7.2

CPU arch

x86_64

VPN service provider

Windscribe

What are you using to run the container

docker run

What is the version of Gluetun

RunningRunning version latest built on 2024-05-04T16:22:29.394Z (commit ef6874f)

What's the problem 🤔

The 10gbps servers from windscribe are not on the list of servers. I updated the list using the command line but they are still missing. I updated the file by hand but obviously I would rather have the list auto update and not have to mess with it by hand. With the manually inserted servers it works (logs provided).

Example hostnames missing: zrh-317-wg.whiskergalaxy.com, zrh-264-wg.whiskergalaxy.com.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2024-05-04T16:22:29.394Z (commit ef6874f)
🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-05-05T00:20:38+02:00 INFO [routing] default route found: interface eth0, gateway 10.0.5.1, assigned IP 10.0.5.7 and family v4
2024-05-05T00:20:38+02:00 INFO [routing] local ethernet link found: eth0
2024-05-05T00:20:38+02:00 INFO [routing] local ipnet found: 10.0.5.0/24
2024-05-05T00:20:39+02:00 INFO [firewall] enabling...
2024-05-05T00:20:39+02:00 INFO [firewall] enabled successfully
2024-05-05T00:20:40+02:00 INFO [storage] merging by most recent 19425 hardcoded servers and 19471 servers read from /gluetun/servers.json
2024-05-05T00:20:40+02:00 INFO [storage] Using nordvpn servers from file which are 44 days more recent
2024-05-05T00:20:40+02:00 INFO [storage] Using windscribe servers from file which are 124 days more recent
2024-05-05T00:20:41+02:00 INFO Alpine version: 3.19.1
2024-05-05T00:20:41+02:00 INFO OpenVPN 2.5 version: 2.5.8
2024-05-05T00:20:42+02:00 INFO OpenVPN 2.6 version: 2.6.8
2024-05-05T00:20:42+02:00 INFO Unbound version: 1.19.3
2024-05-05T00:20:42+02:00 INFO IPtables version: v1.8.10
2024-05-05T00:20:42+02:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: windscribe
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Hostnames: zrh-264-wg.whiskergalaxy.com
|   |       └── Wireguard selection settings:
|   |           ├── Endpoint port: 65142
|   |           └── Server public key: 3+ehrqWHaqA4lC10BRkscYasaewB2eamMSRda+HSkxQ=
|   └── Wireguard settings:
|       ├── Private key: OMJ...H0=
|       ├── Pre-shared key: kVB...u4=
|       ├── Interface addresses:
|       |   └── 100.109.214.246/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── Outbound subnets:
|       ├── 172.20.0.0/16
|       └── 10.0.1.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1032
|   ├── Process GID: 65537
|   └── Timezone: Europe/Rome
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-05-05T00:20:42+02:00 INFO [routing] default route found: interface eth0, gateway 10.0.5.1, assigned IP 10.0.5.7 and family v4
2024-05-05T00:20:42+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-05-05T00:20:42+02:00 INFO [firewall] setting allowed subnets...
2024-05-05T00:20:42+02:00 INFO [routing] default route found: interface eth0, gateway 10.0.5.1, assigned IP 10.0.5.7 and family v4
2024-05-05T00:20:42+02:00 INFO [routing] adding route for 172.20.0.0/16
2024-05-05T00:20:42+02:00 INFO [routing] adding route for 10.0.1.0/24
2024-05-05T00:20:42+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-05-05T00:20:42+02:00 INFO [http server] http server listening on [::]:8000
2024-05-05T00:20:42+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-05-05T00:20:42+02:00 INFO [firewall] allowing VPN connection...
2024-05-05T00:20:42+02:00 INFO [wireguard] Using available kernelspace implementation
2024-05-05T00:20:42+02:00 INFO [wireguard] Connecting to 141.255.162.212:65142
2024-05-05T00:20:42+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-05-05T00:20:42+02:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-05-05T00:20:43+02:00 INFO [healthcheck] healthy!
2024-05-05T00:20:44+02:00 INFO [dns] downloading hostnames and IP block lists
2024-05-05T00:20:51+02:00 INFO [dns] init module 0: validator
2024-05-05T00:20:51+02:00 INFO [dns] init module 1: iterator
2024-05-05T00:20:51+02:00 INFO [dns] start of service (unbound 1.19.3).
2024-05-05T00:20:51+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-05-05T00:20:51+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-05-05T00:20:51+02:00 INFO [dns] ready
2024-05-05T00:20:52+02:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-05-05T00:20:52+02:00 WARN [ip getter] too many requests sent for this month from https://ipinfo.io/: 403 403 Forbidden; not retrying.
2024-05-05T00:20:52+02:00 INFO [healthcheck] healthy!

Share your configuration

gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    networks:  
      - media_bridge
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8080:8080 # port for qbittorrent
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - /volume1/configs/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=windscribe
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=key
      - WIREGUARD_PUBLIC_KEY=3+ehrqWHaqA4lC10BRkscYasaewB2eamMSRda+HSkxQ=
      - WIREGUARD_ADDRESSES=100.109.214.246/32
      - SERVER_HOSTNAMES=zrh-264-wg.whiskergalaxy.com
      - VPN_ENDPOINT_PORT=65142
      - WIREGUARD_PRESHARED_KEY=key
      - TZ=Europe/Rome
      - PUID=x
      - PGID=x
      - FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,10.0.1.0/24
    restart: unless-stopped
github-actions[bot] commented 6 months ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

qdm12 commented 6 months ago

The automatic update takes data from https://assets.windscribe.com/serverlist/mob-v2/1/321321321

On the JSON data returned, you can see zrh-264-wg.whiskergalaxy.com has different nodes, for example ch-019.whiskergalaxy.com. Checking in the updated servers.json this server ch-019.whiskergalaxy.com is part of the update so these servers are effectively part of the gluetun data, it's just that it doesn't have that wireguard specific hostname, although it also has the x509 tls verification name zrh-264.windscribe.com (cannot be used for filtering servers though).

I don't think there is a point having the wireguard endpoint (parent of 3 physical nodes), whereas we can have the more specific node hostname.

giorgiooriani commented 6 months ago

I didn't notice there were multiple nodes. Thanks for that. However I am getting the following when running the updater: ERROR updating server information: getting servers: Get "https://assets.windscribe.com/serverlist/mob-v2/1/1715082639": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

github-actions[bot] commented 6 months ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.

qdm12 commented 6 months ago

However I am getting the following when running the updater:

It works fine for me, double check your Internet works etc. (it takes 1 second for me)

giorgiooriani commented 6 months ago

Still getting the issue. Internet works fine and updated nordvpn servers when I was using nordvpn. Seems to fail on windscribe. I noticed the url is different in the error compared to your previous message.

qdm12 commented 6 months ago

The last bit of the url (1715082639 for https://assets.windscribe.com/serverlist/mob-v2/1/1715082639) is for the cache and is meant to be random for every request. If you try to access it for example with:

docker run -it --rm alpine:3.19
apk add wget
wget -O- https://assets.windscribe.com/serverlist/mob-v2/1/1715082639
exit

Does it work?

0ibaba commented 1 month ago

On the JSON data returned, you can see zrh-264-wg.whiskergalaxy.com has different nodes, for example ch-019.whiskergalaxy.com. Checking in the updated servers.json this server ch-019.whiskergalaxy.com is part of the update so these servers are effectively part of the gluetun data, it's just that it doesn't have that wireguard specific hostname, although it also has the x509 tls verification name zrh-264.windscribe.com (cannot be used for filtering servers though).

Thank you, it's working

If I wanted to manually select the servers, do I have to add all 3 nodes, or is adding one node enough?