search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.04k stars 372 forks source link

Bug: Privado server selection #324

Closed shuntera closed 3 years ago

shuntera commented 3 years ago

Host OS (approximate answer is fine too): MacOS

Is this urgent?: No

What VPN provider are you using: Privado

What are you using to run your container?: Docker Compose

What is the version of the program (See the line at the top of your logs)

2020-12-29T23:01:47Z (commit 3a20b84)

What's the problem šŸ¤”

My docker-compose used to pull qmcgaw/private-internet-access:privado but as of today I get a manifest error when trying to pull that, so I switched it to :latest

To check that worked OK, I ran a whatsmyip using the gluetun container and it told me I have a Warsaw, Poland IP address even though in my docker-compose I have CITY=jfk in my Privado config section. I do notice in the logs below that Cities and Server Number are blank?

Share your logs...

...careful to remove i.e. token information with PIA port forwarding

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ā¤ļø  by github.com/qdm12 ====
=========================================

Running version latest built on 2020-12-29T23:01:47Z (commit 3a20b84)

šŸ“£  New Docker image qmcgaw/gluetun

šŸ”§  Need help? https://github.com/qdm12/gluetun/issues/new
šŸ’»  Email? quentin.mcgaw@gmail.com
ā˜•  Slack? Join from the Slack button on Github
šŸ’ø  Help me? https://github.com/sponsors/qdm12
2020-12-29T23:20:04.287-0500    INFO    Unbound version: 1.10.1
2020-12-29T23:20:04.291-0500    INFO    IPtables version: v1.8.4
2020-12-29T23:20:04.299-0500    INFO    OpenVPN version: 2.4.9
2020-12-29T23:20:04.300-0500    WARN    You are using the old environment variable USER, please consider changing it to OPENVPN_USER
2020-12-29T23:20:04.300-0500    WARN    You are using the old environment variable PASSWORD, please consider changing it to OPENVPN_PASSWORD
2020-12-29T23:20:04.300-0500    INFO    Settings summary below:
OpenVPN settings:
|--User: [redacted]
|--Password: [redacted]
|--Verbosity level: 1
|--Run as root: no
|--Privado settings:
 |--Network protocol: udp
 |--Cities: 
 |--Server numbers: 
System settings:
|--Process user ID: 1000
|--Process group ID: 1000
|--Timezone: america/new_york
DNS over TLS settings:
 |--DNS over TLS provider:
  |--cloudflare
 |--Caching: enabled
 |--Block malicious: enabled
 |--Block surveillance: disabled
 |--Block ads: disabled
 |--Allowed hostnames:
  |--
 |--Private addresses:
  |--127.0.0.1/8
  |--10.0.0.0/8
  |--172.16.0.0/12
  |--192.168.0.0/16
  |--redacted/16
  |--::1/128
  |--fc00::/7
  |--fe80::/10
  |--::ffff:0:0/96
 |--Verbosity level: 1/5
 |--Verbosity details level: 0/4
 |--Validation log level: 0/2
 |--IPv6 resolution: disabled
 |--Update: every 24h0m0s
 |--Keep nameserver (disabled blocking): no
Firewall settings:
 |--VPN input ports: 
 |--Input ports: 
 |--Outbound subnets: redacted/32
HTTP Proxy settings: disabled
ShadowSocks settings:
 |--Password: [redacted]
 |--Log: enabled
 |--Port: 8388
 |--Method: chacha20-ietf-poly1305
HTTP Control server:
 |--Listening port: 8000
 |--Logging: true
Server updater settings: disabled
Public IP getter settings:
|--Period: 12h0m0s
|--IP file: /tmp/gluetun/ip
Version information: enabled

2020-12-29T23:20:04.394-0500    INFO    storage: merging by most recent 6734 hardcoded servers and 6735 servers read from /gluetun/servers.json
2020-12-29T23:20:04.455-0500    INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-12-29T23:20:04.455-0500    INFO    routing: local subnet found: 172.17.0.0/16
2020-12-29T23:20:04.456-0500    INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-12-29T23:20:04.457-0500    INFO    routing: adding route for 0.0.0.0/0
2020-12-29T23:20:04.457-0500    INFO    firewall: firewall disabled, only updating allowed subnets internal list
2020-12-29T23:20:04.457-0500    INFO    routing: default route found: interface eth0, gateway 172.17.0.1
2020-12-29T23:20:04.457-0500    INFO    routing: adding route for 192.168.1.107/32
2020-12-29T23:20:04.457-0500    INFO    openvpn configurator: checking for device /dev/net/tun
2020-12-29T23:20:04.457-0500    WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-12-29T23:20:04.457-0500    INFO    openvpn configurator: creating /dev/net/tun
2020-12-29T23:20:04.457-0500    INFO    firewall: enabling...
2020-12-29T23:20:04.502-0500    INFO    firewall: enabled successfully
2020-12-29T23:20:04.502-0500    INFO    Launching standard output merger
2020-12-29T23:20:04.503-0500    INFO    dns over tls: using plaintext DNS at address 1.1.1.1
2020-12-29T23:20:04.503-0500    INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-12-29T23:20:04.503-0500    INFO    dns configurator: using DNS address 1.1.1.1 system wide
2020-12-29T23:20:04.506-0500    INFO    firewall: setting VPN connection through firewall...
2020-12-29T23:20:04.509-0500    INFO    http server: listening on 0.0.0.0:8000
2020-12-29T23:20:04.511-0500    INFO    openvpn configurator: starting openvpn
2020-12-29T23:20:04.513-0500    INFO    healthcheck: listening on 127.0.0.1:9999
2020-12-29T23:20:04.513-0500    INFO    shadowsocks: listening UDP on 0.0.0.0:8388
2020-12-29T23:20:04.514-0500    INFO    shadowsocks: listening TCP on 0.0.0.0:8388
2020-12-29T23:20:04.518-0500    INFO    openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-12-29T23:20:04.518-0500    INFO    openvpn: library versions: OpenSSL 1.1.1i  8 Dec 2020, LZO 2.10
2020-12-29T23:20:04.528-0500    INFO    openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.209.166:1194
2020-12-29T23:20:04.528-0500    INFO    openvpn: UDP link local: (not bound)
2020-12-29T23:20:04.528-0500    INFO    openvpn: UDP link remote: [AF_INET]217.138.209.166:1194
2020-12-29T23:20:05.353-0500    INFO    openvpn: [waw-004.vpn.privado.io] Peer Connection Initiated with [AF_INET]217.138.209.166:1194
2020-12-29T23:20:06.718-0500    INFO    openvpn: TUN/TAP device tun0 opened
2020-12-29T23:20:06.718-0500    INFO    openvpn: /sbin/ip link set dev tun0 up mtu 1500
2020-12-29T23:20:06.721-0500    INFO    openvpn: /sbin/ip addr add dev tun0 172.21.36.49/23 broadcast 172.21.37.255
2020-12-29T23:20:06.729-0500    INFO    openvpn: UID set to nonrootuser
2020-12-29T23:20:06.729-0500    INFO    openvpn: Initialization Sequence Completed
2020-12-29T23:20:06.730-0500    INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-12-29T23:20:07.855-0500    INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-12-29T23:20:08.004-0500    INFO    dns configurator: generating Unbound configuration
2020-12-29T23:20:08.995-0500    INFO    dns configurator: 62361 hostnames blocked overall
2020-12-29T23:20:08.995-0500    INFO    dns configurator: 2752 IP addresses blocked overall
2020-12-29T23:20:09.134-0500    INFO    dns configurator: starting unbound
2020-12-29T23:20:09.135-0500    INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-12-29T23:20:09.135-0500    INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-12-29T23:20:09.581-0500    INFO    unbound: init module 0: validator
2020-12-29T23:20:09.582-0500    INFO    unbound: init module 1: iterator
2020-12-29T23:20:09.615-0500    INFO    unbound: start of service (unbound 1.10.1).
2020-12-29T23:20:10.284-0500    INFO    unbound: generate keytag query _ta-4a5c-4f66. NULL IN
2020-12-29T23:20:12.895-0500    INFO    dns over tls: DNS over TLS is ready
2020-12-29T23:20:12.895-0500    INFO    VPN routing IP address: 217.138.209.166
2020-12-29T23:20:14.053-0500    INFO    You are running on the bleeding edge of latest!
2020-12-29T23:20:17.273-0500    INFO    ip getter: Public IP address is 217.138.209.189
2020-12-29T23:30:06.906-0500    ERROR   cannot resolve github.com: operation was canceled
qdm12 commented 3 years ago

Hey there!

I deleted the Privado docker image tag today as that was just automatically made on the branch when adding support for Privado.

I think Privado support was added in release tag v3.7.0 if I'm not mistaken so you can try with that image (double check in the Gitbub releases).

I'll investigate why the server selection settings are not propagated properly. In the meantime, do you mind sending your config/docker run command (and comment out your credentials)?

On a side note, the Docker image name is now qmcgaw/gluetun for future releases and :latest, although the older image name will mirror it for the coming few months.

qdm12 commented 3 years ago

Privado servers selection was changed to use only hostnames instead of cities + server numbers (reason here).

Have a look at the readme, you can use for example HOSTNAME=osl-001.vpn.privado.io. The full list of hostnames is here. I also fixed now in 1d9d49f406f149dfdeb187404ce3018cc164b5d6 the settings logging which will show the hostnames instead of cities + server numbers.

shuntera commented 3 years ago

As requested here is the gluetun section from my docker-compose file. As of today gluetun is failing and so none of my other containers are coming up, so I will figure out where it might be failing and open another issue if I can figure it out.

version: "3.7" services: gluetun: image: qmcgaw/private-internet-access:latest container_name: gluetun_vpn cap_add:

On Wed, Dec 30, 2020 at 12:39 AM Quentin McGaw notifications@github.com wrote:

Hey there!

I deleted the Privado docker image tag today as that was just automatically made on the branch when adding support for Privado.

I think Privado support was added in release tag v3.7.0 if I'm not mistaken so you can try with that image (double check in the Gitbub releases).

I'll investigate why the server selection settings are not propagated properly. In the meantime, do you mind sending your config/docker run command (and comment out your credentials)?

On a side note, the Docker image name is now qmcgaw/gluetun for future releases and :latest, although the older image name will mirror it for the coming few months.

ā€” You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/qdm12/gluetun/issues/324#issuecomment-752334500, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACUJ6LGOE5DHMLCPESACG2DSXK4HVANCNFSM4VN5JLOA .

qdm12 commented 3 years ago

Can you send the error(s) you are getting? Thanks.

shuntera commented 3 years ago

Never mind, I figured it out after reading through your posts, here is what I did to fix my docker-compose.yml

1: Changed image: qmcgaw/private-internet-access:latest to image: qmcgaw/gluetun:latest

2: Removed CITY=jfk

3: Removed SERVER_NUMBER=3

  1. Added SERVER_HOSTNAME= followed by all the jfk-00x servers you documented, comma separated

After that it worked just fine. docker-compose logs showed that I should change USER and PASSWORD to OPENVPN_USER and OPENVPN_PASSWORD so I made that change subsequently too.

All good now.

Thanks

Stuart

On Fri, Jan 1, 2021 at 1:00 PM Quentin McGaw notifications@github.com wrote:

Can you send the error(s) you are getting? Thanks.

ā€” You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/qdm12/gluetun/issues/324#issuecomment-753357286, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACUJ6LG5YHGVM6F3CL5RTL3SXYEUTANCNFSM4VN5JLOA .

qdm12 commented 3 years ago

Cool! Note that both images are the same, you probably had to re-pull the image šŸ˜‰ Thanks for getting back to me.