Closed Erik262 closed 3 years ago
Does it work with -e PROTOCOL=tcp
perhaps?
If it doesn't work with tcp either, I would tend to think the container has no internet access, perhaps try then running it with -e FIREWALL=off
, then exec into it docker exec gluetun wget -qO- https://ipinfo.io
does that work? It should return your public IP address if the vpn isn't connected.
Tried with TCP and got this:
2021/06/01 08:26:27 INFO storage: merging by most recent 9140 hardcoded servers and 9140 servers read from /gluetun/servers.json
2021/06/01 08:26:27 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021/06/01 08:26:27 INFO routing: local ethernet link found: eth0
2021/06/01 08:26:27 INFO routing: local ipnet found: 172.17.0.0/16
2021/06/01 08:26:27 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021/06/01 08:26:27 INFO routing: adding route for 0.0.0.0/0
2021/06/01 08:26:27 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/06/01 08:26:27 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2021/06/01 08:26:27 INFO openvpn configurator: checking for device /dev/net/tun
2021/06/01 08:26:27 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/06/01 08:26:27 INFO openvpn configurator: creating /dev/net/tun
2021/06/01 08:26:27 INFO firewall: enabling...
2021/06/01 08:26:27 INFO firewall: enabled successfully
2021/06/01 08:26:27 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/06/01 08:26:27 INFO healthcheck: listening on 127.0.0.1:9999
2021/06/01 08:26:27 INFO http server: listening on :8000
2021/06/01 08:26:27 INFO firewall: setting VPN connection through firewall...
2021/06/01 08:26:27 INFO openvpn configurator: starting OpenVPN 2.5
2021/06/01 08:26:27 INFO openvpn: OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021/06/01 08:26:27 INFO openvpn: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021/06/01 08:26:27 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]206.123.139.4:80
2021/06/01 08:26:27 INFO openvpn: Attempting to establish TCP connection with [AF_INET]206.123.139.4:80 [nonblock]
2021/06/01 08:26:28 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/06/01 08:26:34 WARN openvpn: unhealthy program: restarting openvpn
2021/06/01 08:26:35 INFO firewall: setting VPN connection through firewall...
2021/06/01 08:26:35 INFO openvpn configurator: starting OpenVPN 2.5
2021/06/01 08:26:35 INFO openvpn: OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021/06/01 08:26:35 INFO openvpn: library versions: OpenSSL 1.1.1k 25 Mar 2021, LZO 2.10
2021/06/01 08:26:35 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]94.242.54.23:80
2021/06/01 08:26:35 INFO openvpn: Attempting to establish TCP connection with [AF_INET]94.242.54.23:80 [nonblock]
2021/06/01 08:26:35 INFO openvpn: TCP connection established with [AF_INET]94.242.54.23:80
2021/06/01 08:26:35 INFO openvpn: TCP_CLIENT link local: (not bound)
2021/06/01 08:26:35 INFO openvpn: TCP_CLIENT link remote: [AF_INET]94.242.54.23:80
2021/06/01 08:26:35 WARN openvpn: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]
2021/06/01 08:26:35 INFO openvpn: Connection reset, restarting [0]
2021/06/01 08:26:35 INFO openvpn: SIGUSR1[soft,connection-reset] received, process restarting
2021/06/01 08:26:35 INFO openvpn: unhealthy program: waiting 12s for it to change to healthy
tun is already activated and starts everytime after restart.
It seems to work with firewall=off but gives me not the VPN address, just my normal internet IP
It seems to work with firewall=off but gives me not the VPN address, just my normal internet IP
Ok so you do have internet
Now let's check you have access to port 80
over TCP for example. Try
docker run -it --rm alpine:3.13 wget -O- http://google.com:80 | wc -l
you should see something similar to:
Connecting to google.com:80 (172.217.10.78:80)
Connecting to www.google.com (172.217.12.132:80)
writing to stdout
- 100% |****************************| 15388 0:00:00 ETA
written to stdout
15
Or do you get a connection reset?
wget -O- http://google.com:80 | wc -l
yap, this is what I exactly got, no connection reset/error :) Are we on the path of enlightenment?
So no error right? Try another region?? Running low on ideas sorry π
EDIT: Also was it working before? Or is this your first time?
So no error right? Try another region?? Running low on ideas sorry π
EDIT: Also was it working before? Or is this your first time?
No error. This is my first time getting this running.
So I figured it out!!
I started docker with the country environment instead of the region environment because I thought it will choose randomly the regions of a specific country. Then I tried to use a region instead and got the message in the log files that I have to use "AES-256-GCM" as cipher. Than it started working.
Why there are not all possible connections for pureVPN there? can't use many other regions.
Gluetun works by using IP addresses directly instead of VPN server hostnames. This is like so to avoid leaking a DNS resolution out of the VPN at start (to resolve vpn.domain.com
to an IP address). Otherwise your ISP/government/etc. could know which VPN server you are connecting to (or at least see you use encrypted DNS queries).
Now it comes with (a lot) of IP addresses built in the program for each VPN provider. These however can get outdated (what happened here for some PureVPN servers). In this case, you need to follow https://github.com/qdm12/gluetun/wiki/Updating-Servers#cli-operation if none of the servers work. Ideally, you can still find one VPN server working, connect to it and just set -e UPDATE_PERIOD=24h
so server information is updated every 24 hours. On a container restart or settings change, gluetun will pick up the persisted server information (from /gluetun/servers.json
) and use it π I also updated the program with newer IPs so you could also just re-pull the Docker image if you're extra lazy (wait for this to finish though)π
On the AES-256-GCM cipher, PureVPN's openvpn zip file still precise cipher AES-256-CBC
so that's what gluetun still uses, but I had reports that only GCM works now. Could you try a few other servers without setting OPENVPN_CIPHER
see if they all give that GCM error? It will change the default to GCM in that case, maybe their zip file is outdated.
Thanks!
Gluetun works by using IP addresses directly instead of VPN server hostnames. This is like so to avoid leaking a DNS resolution out of the VPN at start (to resolve
vpn.domain.com
to an IP address). Otherwise your ISP/government/etc. could know which VPN server you are connecting to (or at least see you use encrypted DNS queries).Now it comes with (a lot) of IP addresses built in the program for each VPN provider. These however can get outdated (what happened here for some PureVPN servers). In this case, you need to follow https://github.com/qdm12/gluetun/wiki/Updating-Servers#cli-operation if none of the servers work. Ideally, you can still find one VPN server working, connect to it and just set
-e UPDATE_PERIOD=24h
so server information is updated every 24 hours. On a container restart or settings change, gluetun will pick up the persisted server information (from/gluetun/servers.json
) and use it π I also updated the program with newer IPs so you could also just re-pull the Docker image if you're extra lazy (wait for this to finish though)πOn the AES-256-GCM cipher, PureVPN's openvpn zip file still precise
cipher AES-256-CBC
so that's what gluetun still uses, but I had reports that only GCM works now. Could you try a few other servers without settingOPENVPN_CIPHER
see if they all give that GCM error? It will change the default to GCM in that case, maybe their zip file is outdated.Thanks!
Wow, you put a lot of effort! Thanks for the background knowledge! Actually, I tried a few servers from different countries and they gave me all the cipher error messages, then I read a github issue where you suggested to change the cipher variable, then it started working. I prefer the lazy way and check the new IP addresses whether they do work or not xP
fb7fdcd925be7cb0a82f1c988c1876e57354db5e changes the default cipher to AES-256-GCM.
Before closing the issue, I just want to:
60 bit message hash 'SHA1' for HMAC authentication 2022-08-29 20:06:38 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2022-08-29 20:06:38 TCP/UDP: Preserving recently used remote address: [AF_INET]85.239.62.22:16979 2022-08-29 20:06:38 UDP link local: (not bound)
@OtojonKhudayarov please create another issue with full logs and your config, thanks!
Is this urgent?: No
Host OS: Synology Diskstation
CPU arch: INTEL Celeron N3150
What VPN provider are you using: pureVPN
What is the version of the program latest
I tried to run the docker file but it always get stuck with "UDP link local: (not bound)" No connection to any servers are possible How can I solve this problem?