Privado: custom endpoint port is not allowed

[Qballjos]

Discussed in https://github.com/qdm12/gluetun/discussions/2346

^{Originally posted by **Qballjos** July 5, 2024} unable to setup this container with provider Privado selected, not with the template or docker compose. It seems that it is stuck trying to use port 51820 also used custom config with privado settings and manualy changing the hostname to an ip still not picking up the wanted port 1194

[github-actions[bot]]

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

• do not ask for updates, be patient
• :+1: the issue to show your support instead of commenting @qdm12 usually checks issues at least once a week, if this is a new urgent bug, revert to an older tagged container image

[Amlor]

Yep, have the same error with protonvpn after image update

[qdm12]

@Qballjos I'm not sure I follow. Privado only supports Openvpn UDP on port 1194 which is the default. Running for example docker run -it --rm --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=privado -e OPENVPN_USER=a -e OPENVPN_PASSWORD=b qmcgaw/gluetun tries to connect on port 1194, for example it logs out: [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]91.148.224.20:1194 so that seems correct to me.

Also, WHAT GLUETUN VERSION ARE YOU USING!????? It's logged at the top of the logs.

@Amlor Please create an issue with required fields information and details, since I really cannot help you without additional information, and this issue is about Privado.

[TheRealBix]

Hi, I think I have the same issue this person tried to report to. I was previously using wireguard and now i'm trying to switch to openvpn, but "classic" config will result in error.

Here's my compose :

  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 9865:9865/tcp
    volumes:
      - /volume2/docker/gluetun:/gluetun
      # - /volume2/docker/gluetun/wireguard/wg0.conf:/gluetun/wireguard/wg0.conf
    environment:
      - PUID=1029
      - PGID=100
      - TZ=Europe/Paris
      # - VPN_SERVICE_PROVIDER=custom                       #config wireguard
      # - VPN_TYPE=wireguard                                #config wireguard
      # - VPN_PORT_FORWARDING_PROVIDER=protonvpn            #config wireguard
      - VPN_SERVICE_PROVIDER=protonvpn                                #config openvpn
      - VPN_PORT_FORWARDING_USER=sdfsdfsdfs+pmp            #config openvpn
      - VPN_PORT_FORWARDING_PASSWORD=sdfsdfsdfsdfsdf   #config openvpn
      - VPN_PORT_FORWARDING=on                                        #config openvpn
      - SERVER_CITIES=paris                                           #config openvpn
      - FIREWALL_OUTBOUND_SUBNETS=172.17.0.0/16,192.168.1.0/24
      - UPDATER_PERIOD=24h
      - BLOCK_MALICIOUS=off
      - BLOCK_SURVEILLANCE=off
      - BLOCK_ADS=off
    network_mode: bridge
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped

Here's some log :

Running version latest built on 2024-07-12T19:57:02.146Z (commit 9d50c23)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-07-26T11:38:17+02:00 INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.4 and family v4
2024-07-26T11:38:17+02:00 INFO [routing] local ethernet link found: eth0
2024-07-26T11:38:17+02:00 INFO [routing] local ipnet found: 172.17.0.0/16
2024-07-26T11:38:17+02:00 INFO [firewall] enabling...
2024-07-26T11:38:17+02:00 INFO [firewall] enabled successfully
2024-07-26T11:38:19+02:00 INFO [storage] merging by most recent 19425 hardcoded servers and 19425 servers read from /gluetun/servers.json
2024-07-26T11:38:19+02:00 ERROR VPN settings: provider settings: server selection: OpenVPN server selection settings: custom endpoint port is not allowed: for VPN service provider protonvpn: value is not one of the possible choices: 51820 must be one of 80, 443, 1194, 4569 or 5060
2024-07-26T11:38:19+02:00 INFO Shutdown successful

[TheRealBix]

Gluetun seems to keep trying to read config files instead of just following env settings.

I modified the "wg0.conf" to "wg0.conf.old", which gluetun shouldn't use as it's configured to use openvpn, and now gluetun say this : ERROR VPN settings: OpenVPN settings: user is empty

To my understanding, with my env settings, gluetun shouldn't read any config file...

edit : this last one was fixed by usin OPENVPN_USER/PASSWORD instead of VPN_PORT_FORWARDING_USER/PASSWORD

[qdm12]

Gluetun seems to keep trying to read config files instead of just following env settings.

You got it! Thanks 💯 Looking into it. It does read everything (both wireguard and openvpn) in case you want to switch 'live' from one to another, in the future (still work in progress).

this last one was fixed by usin OPENVPN_USER/PASSWORD instead of VPN_PORT_FORWARDING_USER/PASSWORD

yes that warning logs was a bug fixed in a03041cfea85b670c1c84d6cfbee3a60fdde55b1

[qdm12]

This bug was introduced in https://github.com/qdm12/gluetun/commit/ecc80a5a9e3f5ba8c3096eb47c9ed8544a7e8867 after the v3.38.0 release. It's fixed in 36c8da7ea7152d71ba62c5f1884784793d4facde which, as a side effect, also changes, with retro-compatibility:

• Split VPN_ENDPOINT_IP in OPENVPN_ENDPOINT_IP and WIREGUARD_ENDPOINT_IP
• Split VPN_ENDPOINT_PORT in OPENVPN_ENDPOINT_PORT and WIREGUARD_ENDPOINT_PORT

This (retro-compatible) change will be documented in the wiki soon ™️

[github-actions[bot]]

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.