qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.94k stars 367 forks source link

VPN provider support: Ovpn.com #495

Open qdm12 opened 3 years ago

qdm12 commented 3 years ago
  1. Download all files from https://www.ovpn.com/en/configurations
  2. Set up code for supporting it, and use the hostname to extract location information dk.copenhagen.ovpn.com (countrycode.city.ovpn.com)
  3. Configure updating mechanism to resolve existing hostnames only. This is limited and will not detect new servers added.
  4. Message u/tamenqt
Magic-Deceiver commented 3 years ago

I will be waiting for this update patiently. Would love to see this become a reality! Had OVPN and am extremely satisfied. The only thing is I cannot get the OVPN wireguard to work with custom provider instruction no matter how I tweaked it. Either DNS could not resolve, or some other issues (may have something to do with multihop from OVPN).

Anyway! I really enjoy using gluetun! Thanks a lot!

qdm12 commented 3 years ago

@Magic-Deceiver I'll try to get to it soon (can't promise though I'm flooded 😄). Feel free to create a Github discussion on this repo I can help you setup Wireguard if you want.

Magic-Deceiver commented 3 years ago

No problem! I truly appreciate your help! I Will create a discussion once I get my logs captured so its faster to see whats the problem :)

P.S.: That's gotta be the fastest response I have ever received on GitHub lol.

qdm12 commented 3 years ago

For Wireguard, see discussion #677 where someone using ovpn managed to set it up 😉

Magic-Deceiver commented 3 years ago

Echo #677

  1. Do each server config have the same interface address? As far as I know, the interface config remains the same

  2. Do each server config have the same endpoint port? All peer endpoint ports are the same

  3. Do they have IP addresses for their endpoint or only hostnames? They use the hostname in the form of [VPN server#].[prd].[servers city location].[ovpn.com]:[port] e.g. vpn71.prd.newyork.ovpn.com:9929 e.g. vpn06.prd.malmo.ovpn.com:9929 e.g. vpn72.prd.zurich.ovpn.com:9929 prd remains the same for all

  4. Is your interface private key the same for all server configs? If I download multiple configs using the same public key generated by OVPN, then all the interface private key remains the same

  5. Do they have maybe an API to get all of their server information (such as IP address, Wireguard public key)? That I have no idea. The only option I have seen is to manual download

Hopefully, someone smarter than me will be able to figure out how to access their server info other than downloading it manually from the website.

I hope this helps!

qdm12 commented 3 years ago

@Magic-Deceiver nice thanks!! It does definitely helps. Wireguard support will be nice given what you said. Another two questions:

  1. Is the PublicKey field value the same for all servers? It should be different but who knows 😄
  2. Since it seems all their configs are hidden behind a login wall (😢), can you please:
    1. Download all their configs for each server. If it's not an easy process to download all the configs at once, then feel free to give up too (I would 😄)
    2. Remove your PrivateKey value for all of them. You could do that e.g. with VSCode by opening the directory where all your files are, then press CTRL+SHIFT+H (replace in all files), then ALT+R (use regular expression), then type ^PrivateKey.+$ in the Search field and write PrivateKey = in the Replace field. Finally press CTRL+ALT+Enter to replace all.
    3. Zip the resulting files
    4. Send the zip file to me at quentin.mcgaw@gmail.com
qdm12 commented 3 years ago

@Magic-Deceiver perfect I received your email. I now have both OpenVPN and Wireguard configuration files, perfect. I sent a message to ovpn.com's support to ask them where their API is and how to use it, if I can obtain some server information programmatically that would be better to automatically update server information. I'll get to it soon.

qdm12 commented 3 years ago

From their support email (notes to my future self):

With all this, it should be a top tier integration 💯 (at the top with Mullvad and Ivpn).

I'm re-working the entire configuration setup right now, it might take me a few days, and then this is next on my list. I'll comment here once I have something ready to test, thanks for your patience!

Magic-Deceiver commented 3 years ago

Can't wait! I'm glad I was able to facilitate the process.

So far, no complaints with OVPN - on par with Mullvad, if not better.

Magic-Deceiver commented 3 years ago

Also, are you planning on integrating their public DNS server when connecting to OVPN? I believe they have four in total (perhaps you will find them helpful):

IPv4 addresses: 46.227.67.134 192.165.9.158

IPv6 addresses: 2a07:a880:4601:10f0:cd45::1 2001:67c:750:1:cafe:cd45::1

qdm12 commented 2 years ago

Since I have a rather long backlog of providers to add support for, I spent a good amount of time refactoring the code and writing guides on adding a VPN provider. You need a bit of programming experience but you could also learn as you go. The relevant pages are:

I'll comment here again if I start implementing the provider to avoid any potential duplicate work, but it should not be anytime soon I think. Please also comment here if you decide to start working on it

stonedemoman commented 1 year ago

Forgive me if I'm being presumptuous by asking, but did plans to implement this particular provider support get cancelled?

ichbinder commented 1 year ago

Yes would be cool if the VPN provider would be included.

derekcentrico commented 11 months ago

I'm happy to assist with this if given some background. I ported ovpn options into a openvpn project previously.

Only issue will be if this project can resolve domain names prior to VPN up because the use of addresses in the configs prevents end-users from having to edit their environments when IPs change.

nFec commented 3 months ago

@qdm12 could you point me to an example for steps 2 and 3? I could be giving it a go at least.

qdm12 commented 2 weeks ago

Hello everyone, first of all my apologies for the 3 years of delay (❗❗❗), but I finally got to implement something.

See https://github.com/qdm12/gluetun/pull/2537 which contains instructions on how to run it for both wireguard and openvpn.

Wireguard should work fine, but OpenVPN is likely missing configuration options.... To which I am asking you: can you share an openvpn configuration file here (without your username+password). And also share one for Singapore which apparently has (at least had 3 years ago) a different openvpn configuration than other servers.

Thank you for the help and for the extreme patience 💪

derekcentrico commented 2 weeks ago

You can see a lot of the OVPN options here: https://github.com/haugene/vpn-configs-contrib/tree/main/openvpn/ovpn where I contributed to another project.

qdm12 commented 1 week ago

Please pull that image :pr-2537 again to see if it works for openvpn and wireguard, I've added a few options for openvpn. Thanks!

derekcentrico commented 1 week ago

:pr-2537

Setup a VM to test with, but I don't see notes in re environmental vars for wireguard or openvpn for OVPN.COM. Will test, but want to be sure I know the specifics to add to ensure I test properly?

c1em3ntchua commented 1 week ago

@derekcentrico there are some examples in this page.

I have tried SERVER_CITIES=amsterdam and SERVER_CITIES=singapore, and both seem to work as intended. As for WIREGUARD_ADDRESSES, reference the .conf file that is downloadable from OVPN.com. In my case it was 172.18.90.172/32.

derekcentrico commented 1 week ago

@derekcentrico there are some examples in this page.

I have tried SERVER_CITIES=amsterdam and SERVER_CITIES=singapore, and both seem to work as intended. As for WIREGUARD_ADDRESSES, reference the .conf file that is downloadable from OVPN.com. In my case it was 172.18.90.172/32.

Doh! Didn't see that above earlier.

qdm12 commented 2 days ago

As for WIREGUARD_ADDRESSES, reference the .conf file that is downloadable from OVPN.com.

Note you can also plug in the Wireguard config file directly (search the Wiki I forgot the exact file path 😄)

Anyone had time to try out OpenVPN, so I can merge all this? Thanks 🙏 !

stonedemoman commented 2 days ago

@qdm12 Wireguard has been working perfectly. I tried switching over to OpenVPN to verify for you and it failed. These two errors kept repeating: ERROR [openvpn] --tls-auth and --tls-crypt are mutually exclusive dial tcp4: lookup cloudflare.com on 1.1.1.1:53: write udp [redacted]->1.1.1.1:53: write: operation not permitted)

Hope this helps!

qdm12 commented 1 day ago

Please re-pull 😉 I changed it to use tls-crypt only for the singapore servers, and tls-auth only for all other servers. Not too sure why that's the case 🤷

stonedemoman commented 1 day ago

Please re-pull 😉 I changed it to use tls-crypt only for the singapore servers, and tls-auth only for all other servers. Not too sure why that's the case 🤷

Okay I renewed image and now this error is repeating: [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=3,code=111)

qdm12 commented 1 day ago

This usually happens when trying to reach the wrong ip address or port. What VPN server are you trying to connect to: hostname/ip, port and tcp-or-udp? Perhaps try changing OPENVPN_ENDPOINT_PORT for example to 1195? 🤔

stonedemoman commented 1 day ago

@qdm12 I was using configs downloaded from the website and pointed to with OPENVPN_CUSTOM_CONFIG. I've tried for a couple hours to get it working now, no success. Attempted to connect to the Miami and Atlanta servers with the IP and port from the ovpn website used with respective OPENVPN_ENDPOINT_IP and OPENVPN_ENDPOINT_PORT variables and with both TCP and UDP plugged into OPENVPN_PROTOCOL variable.

The connection refused errors got replaced with some new errors when I plugged in ip, port, and one protocol variable (two separate times): [openvpn] UDPv4 link local: (not bound) [openvpn] TCPv4_CLIENT link local: (not bound)

If there's a specific config set you want me to test out I'd be happy to, in case I'm doing anything wrong.

stonedemoman commented 2 hours ago

@qdm12 I sent you an email with more information