search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.69k stars 359 forks source link

Bug: No server can be found, despite the fact that there are ProtonVPN servers that support the set of features #2498

Closed FlorentLM closed 2 weeks ago

FlorentLM commented 2 weeks ago

Is this urgent?

Yes

Host OS

Debian Bookworm

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-09-28T17:54:55.225Z (commit c665b13)

What's the problem 🤔

No server can be found, despite the fact that there are, indeed, many ProtonVPN servers that support Wireguard, secure-core and port forwarding.

Tried deleting /gluetun/servers.json and no change. Tried adding the environment variable - PROTOCOL=tcp and no change.

I see that in /gluetun/servers.json, only OpenVPN servers have the fields "udp": and "tcp":, but the Wireguard servers have neither of these fields. Could that be why the Wireguard ones return false for both udp and tcp?

Share your logs (at least 10 lines)

2024-09-29T16:54:22+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.4 and family v4
2024-09-29T16:54:22+02:00 INFO [routing] local ethernet link found: eth0
2024-09-29T16:54:22+02:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-09-29T16:54:22+02:00 INFO [firewall] enabling...
2024-09-29T16:54:22+02:00 INFO [firewall] enabled successfully
2024-09-29T16:54:23+02:00 INFO [storage] merging by most recent 20553 hardcoded servers and 20553 servers read from /gluetun/servers.json
2024-09-29T16:54:23+02:00 INFO Alpine version: 3.20.3
2024-09-29T16:54:23+02:00 INFO OpenVPN 2.5 version: 2.5.10
2024-09-29T16:54:23+02:00 INFO OpenVPN 2.6 version: 2.6.11
2024-09-29T16:54:23+02:00 INFO IPtables version: v1.8.10
2024-09-29T16:54:23+02:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: wireguard
|   |   |   ├── Secure Core only servers: yes
|   |   |   ├── Port forwarding only servers: yes
|   |   |   └── Wireguard selection settings:
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use code for provider: protonvpn
|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
|   └── Wireguard settings:
|       ├── Private key: 0GZ...2s=
|       ├── Interface addresses:
|       |   └── 10.2.0.2/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   └── cloudflare
|       ├── Caching: yes
|       ├── IPv6: no
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 172.16.0.0/12
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: xxx
|   ├── Process GID: xxx
|   └── Timezone: xxxxxx/xxxxxx
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-09-29T16:54:23+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.4 and family v4
2024-09-29T16:54:23+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-09-29T16:54:23+02:00 INFO [firewall] setting allowed subnets...
2024-09-29T16:54:23+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.4 and family v4
2024-09-29T16:54:23+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-09-29T16:54:23+02:00 INFO [http server] http server listening on [::]:8000
2024-09-29T16:54:23+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-09-29T16:54:23+02:00 ERROR [vpn] finding a VPN server: filtering servers: no server found: for VPN wireguard; protocol udp; port forwarding only; secure core only; target ip address 0.0.0.0
2024-09-29T16:54:23+02:00 INFO [vpn] retrying in 15s

Share your configuration

networks:
  reverseproxy:
    external: true

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    hostname: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    networks:
      - reverseproxy
    environment:
      - TZ=xxxxxx/xxxxxx
      - PUID=xxx
      - PGID=xxx
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=wireguard
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
      - SECURE_CORE_ONLY=on
      - PORT_FORWARD_ONLY=on
      - WIREGUARD_PRIVATE_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
      - SHADOWSOCKS=off
      - HTTPPROXY=off
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /xxxx/xxxx/xxxx/gluetun:/gluetun
    restart: always
    labels:
      - traefik.enable=true
      - traefik.docker.network=reverseproxy
      - traefik.http.routers.qbittorrent.tls=true
      - traefik.http.routers.qbittorrent.rule=Host(`xxxxx.xxxxx.xx`)
      - traefik.http.routers.qbittorrent.entrypoints=xxxxx
      - traefik.http.routers.qbittorrent.tls.certResolver=xxxxxx
      - traefik.http.routers.qbittorrent.tls.options=xxxxx@file
      - traefik.http.routers.qbittorrent.middlewares=xxxxx@file
      - traefik.http.routers.qbittorrent.service=xxxxx
      - traefik.http.services.qbittorrent.loadbalancer.server.port=xxxxx
github-actions[bot] commented 2 weeks ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

qdm12 commented 2 weeks ago

Was this working on the :v3.39 image tag?

FlorentLM commented 2 weeks ago

I just tried tag :v3.39 and I get the same error

Also tried with tag :v3.38 and I get this, but I suppose it's expected:

2024-09-29T19:51:10+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.20 and family v4
2024-09-29T19:51:10+02:00 INFO [routing] local ethernet link found: eth0
2024-09-29T19:51:10+02:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-09-29T19:51:10+02:00 INFO [firewall] enabling...
2024-09-29T19:51:10+02:00 INFO [firewall] enabled successfully
2024-09-29T19:51:10+02:00 INFO [storage] merging by most recent 19476 hardcoded servers and 20480 servers read from /gluetun/servers.json
2024-09-29T19:51:10+02:00 INFO [storage] Using airvpn servers from file which are 488 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using fastestvpn servers from file which are 608 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using ivpn servers from file which are 717 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using privado servers from file which are 187 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using private internet access servers from file which are 176 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using protonvpn servers from file which are 702 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using surfshark servers from file which are 82 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using vpnsecure servers from file which are 677 days more recent
2024-09-29T19:51:10+02:00 INFO [storage] Using windscribe servers from file which are 212 days more recent
2024-09-29T19:51:11+02:00 ERROR VPN settings: provider settings: VPN provider name is not valid for Wireguard: value is not one of the possible choices: protonvpn must be one of airvpn, custom, ivpn, mullvad, nordvpn, surfshark or windscribe
2024-09-29T19:51:11+02:00 INFO Shutdown successful
qdm12 commented 2 weeks ago

Having a quick look at the servers.json file, I don't find any wireguard server supporting both port forwarding and secure core. How are you sure such servers with all these features exist?

FlorentLM commented 2 weeks ago

Wow I think you're right, these don't seem to exist (anymore?) - can't even see any on the webpage Did they remove some secure core servers? 😭

Alright then, apologies for this issue, it's totally not a bug

github-actions[bot] commented 2 weeks ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.