With PIA being acquired by Kape, support for other VPN providers?

[elmerfds]

With Kape acquiring PIA, will you ever consider building an image for a different provider like Windscribe, the only reason I haven't switched yet is because I really like this image and there aren't any good or many Windscribe images on DockerHub.

Thanks

[qdm12]

It's in process, I'm changing the shell scripting to a Go compiled static binary to handle the init and all the services running in the container (openvpn, unbound, shadowsocks, tinyproxy, etc etc) and to allow for easier maintainability/testing. Once that's done, I'll add VPN providers and I'll likely need help to test it out! The first one on the list is Mullvad; I guess Windscribe will be second! 👍

[elmerfds]

That's fantastic news, glad you'll be supporting other providers. I did narrow down my search to Mullvad & Windscribe but the 3 year BF deal on Windscribe was too cheap to pass. Let me know when you've added support, happy to help you out with testing. 😀

[burkasaurusrex]

Love this container and glad to hear you're planning to support other providers. Lower priority but it would be cool to have the option to use Wireguard as well instead of OpenVPN (pretty sure both Mullvad and Windscribe support it)

[qdm12]

Yes that's also part of the plan. I'm working on another Docker image with a userspace Wireguard program (not in the kernel). Probably a tiny bit slower, but easily Dockerized. Once it's done I'll add it to this image!

EDIT: As in I'll first add support for these 2 other vpn providers before :smile:

[groenator]

It's in process, I'm changing the shell scripting to a Go compiled static binary to handle the init and all the services running in the container (openvpn, unbound, shadowsocks, tinyproxy, etc etc) and to allow for easier maintainability/testing. Once that's done, I'll add VPN providers and I'll likely need help to test it out! The first one on the list is Mullvad; I guess Windscribe will be second! 👍

If you need help on testing the image, let me know. I am a windscribe provider, I would be very interested in testing this image with different providers.

[qdm12]

I'll get back to you as soon as these are being added.

I am still working on the Go branch, re-implementing the shell scripting with some added goodies. You can track latest commits here and will bundle mullvad and windscribe support before merging the branch, so I'll need your testing :+1:

[groenator]

Awesome! Thanks for including me for testing. I will wait for your update.

Regards,

On Sun, 22 Dec 2019, 18:26 Quentin McGaw, notifications@github.com wrote:

I'll get back to you as soon as these are being added.

I am still working on the Go branch, re-implementing the shell scripting with some added goodies. You can track latest commits here https://github.com/qdm12/private-internet-access-docker/commits/go and will bundle mullvad and windscribe support before merging the branch, so I'll need your testing 👍

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/qdm12/private-internet-access-docker/issues/59?email_source=notifications&email_token=ABJRLJV5K3HBVI6OW2QEPV3QZ6WOFA5CNFSM4JTDIUC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEHPW2CY#issuecomment-568290571, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJRLJVF6ZKIHRNYDRCPYCTQZ6WOFANCNFSM4JTDIUCQ .

[qdm12]

The Go rewrite Docker image is now out in 'beta' at qmcgaw/private-internet-access:go.

• The documentation is here
• It should work with the same settings as before
• Feel free to comment here or on the Slack channel
• Note that it's lacking port forwarding for now, I will do it in the coming few days
• It might have bugs as it's not totally unit tested yet

I will add more providers soon once this Go image is ready for prime time!

[groenator]

Great! Thanks for the update, I will give it a try this weekend.

Regards,

On Tue, 4 Feb 2020, 02:13 Quentin McGaw, notifications@github.com wrote:

The Go rewrite Docker image is now out in 'beta' at qmcgaw/private-internet-access:go.

• The documentation is here https://github.com/qdm12/private-internet-access-docker/tree/go#private-internet-access-client
• It should work with the same settings as before
• Feel free to comment here or on the Slack channel https://join.slack.com/t/qdm12/shared_invite/enQtOTE0NjcxNTM1ODc5LTYyZmVlOTM3MGI4ZWU0YmJkMjUxNmQ4ODQ2OTAwYzMxMTlhY2Q1MWQyOWUyNjc2ODliNjFjMDUxNWNmNzk5MDk
• Note that it's lacking port forwarding for now, I will do it in the coming few days
• It might have bugs as it's not totally unit tested yet

I will add more providers soon once this Go image is ready for prime time!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/qdm12/private-internet-access-docker/issues/59?email_source=notifications&email_token=ABJRLJWNE6P5UII4SRHDJDDRBDFMLA5CNFSM4JTDIUC2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEKWC3SY#issuecomment-581709259, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABJRLJSBG4TNTNRFVY2XQKLRBDFMLANCNFSM4JTDIUCQ .

[frepke]

I'm testing the go branch for now, so far no noticeable problems. Installation went without problems.

[ljmerza]

Will this repo be moved to another name once other VPNs are added?

[qdm12]

It will likely stay with the same repository and docker image name I think. Although I'm opened to suggestions renaming the Github repository, or adding another Docker image name mirroring the current one.

By the way I started development for Mullvad this morning, for now I'm mapping all their countries, cities and IP addresses :smile: it is tiring haha, but it should be relatively quick to implement overall for openvpn.

[ljmerza]

I was thinking something like simple-vpn or similar since it automates port forwarding, kill switch, etc. I think people are moving away from the PIA brand so people seeing the name on the repo might overlook this awesome tool.

[elmerfds]

Agree with @ljmerza, it might be best to move away from the PIA branding once you've added support for more providers. Can't think of a good name at the moment 😐.

I'll get it added to the Unraid Community Applications once you come to a decision on that.

[qdm12]

Maybe gluetun - eases your tunneling by gluing pieces together for you ™️ 😄

[ljmerza]

hey, it works

[qdm12]

I merged the Mullvad support in the latest tag, I'll start development for Windscribe next week and ping back here once there is a beta version.

[qdm12]

Hello, for people using Mullvad (I think @ljmerza if my memory is right) is it stable enough in your opinion? I would like to do another release + docker tag with support for pia and mullvad only before we move on to Windscribe.

[qdm12]

I'm trying to access openvpn config files for Windscribe but I can't, can anyone subscribed with them attach some of their Openvpn configs (ideally all if it's possible)? Thanks!

[frepke]

I'm trying to access openvpn config files for Windscribe but I can't, can anyone subscribed with them attach some of their Openvpn configs (ideally all if it's possible)? Thanks!

Here you go (found them on the Internet).

Windscribe-OVPN-TCP.zip Windscribe-OVPN-UDP.zip

[qdm12]

Thanks @Frepke

I made all the changes for Windscribe on this branch, however, from the files attached, I only added the regions I found there (see this code) although there seem to be more regions/cities from https://windscribe.com/status. Could anyone subscribed with Windscribe send the updated openvpn files (careful to remove your username/password if there is any).

Thanks!

EDIT: YOu can try the image with the tag :windscribe and using the environment variable REGION=netherlands, and set your user and password as before.

[elmerfds]

Here you go mate:

Windscribe-OVPN-UDP.zip Windscribe-OVPN-TCP.zip

[frepke]

Thanks @Frepke

I made all the changes for Windscribe on this branch, however, from the files attached, I only added the regions I found there (see this code) although there seem to be more regions/cities from https://windscribe.com/status. Could anyone subscribed with Windscribe send the updated openvpn files (careful to remove your username/password if there is any).

Thanks!

EDIT: YOu can try the image with the tag :windscribe and using the environment variable REGION=netherlands, and set your user and password as before.

Hmmm...

I think :windscribe isn't a tag for now.

[qdm12]

Indeed, the build failed because of this silly s390x cpu architecture no one uses 😄 ... Anyway it should be building now and will create a :windscribe tag (I'm also about to move to Github actions for building and more visibility).

I also added all the missing regions so it should be good for beta testing 😉

[frepke]

Indeed, the build failed because of this silly s390x cpu architecture no one uses 😄 ... Anyway it should be building now and will create a :windscribe tag (I'm also about to move to Github actions for building and more visibility).

I also added all the missing regions so it should be good for beta testing 😉

Waiting for the new build and then... ...testing 😄

[frepke]

1st test: VPNSP can't be windscribe, it has to be pia or mullvad.

[frepke]

2nd test: won't run

2020-03-24T14:33:59.824+0100    INFO    openvpn configurator: checking for device /dev/net/tun
2020-03-24T14:33:59.825+0100    WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-03-24T14:33:59.825+0100    INFO    openvpn configurator: creating /dev/net/tun
2020-03-24T14:33:59.825+0100    INFO    openvpn configurator: writing auth file /etc/openvpn/auth.conf
2020-03-24T14:33:59.827+0100    INFO    firewall configurator: accepting all traffic
2020-03-24T14:33:59.839+0100    INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-03-24T14:33:59.840+0100    INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-03-24T14:33:59.841+0100    INFO    Launching standard output merger
2020-03-24T14:34:00.395+0100    INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-03-24T14:34:00.576+0100    INFO    dns configurator: generating Unbound configuration
2020-03-24T14:34:01.550+0100    INFO    dns configurator: 131467 hostnames blocked overall
2020-03-24T14:34:01.551+0100    INFO    dns configurator: 9 IP addresses blocked overall
2020-03-24T14:34:01.901+0100    INFO    dns configurator: starting unbound
2020-03-24T14:34:01.903+0100    INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-03-24T14:34:01.904+0100    INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-03-24T14:34:01.910+0100    WARN    could not resolve github.com (try 1 of 10)
2020-03-24T14:34:03.383+0100    INFO    unbound: [1585056843] unbound[22:0] notice: init module 0: validator
2020-03-24T14:34:03.383+0100    INFO    unbound: [1585056843] unbound[22:0] notice: init module 1: iterator
2020-03-24T14:34:03.422+0100    INFO    unbound: [1585056843] unbound[22:0] info: start of service (unbound 1.9.6).
2020-03-24T14:34:03.453+0100    INFO    unbound: [1585056843] unbound[22:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
2020-03-24T14:34:03.653+0100    INFO    firewall configurator: detecting default network route
2020-03-24T14:34:03.654+0100    INFO    firewall configurator: default route found: interface eth0, gateway 172.17.0.1, subnet 172.17.0.0/16
2020-03-24T14:34:03.657+0100    INFO    firewall configurator: adding 10.54.1.0/24 as route via eth0
2020-03-24T14:34:03.660+0100    INFO    firewall configurator: clearing all rules
2020-03-24T14:34:03.670+0100    INFO    firewall configurator: blocking all traffic
2020-03-24T14:34:03.682+0100    INFO    firewall configurator: creating general rules
2020-03-24T14:34:03.702+0100    INFO    firewall configurator: allowing output traffic to VPN server 185.212.171.131 through eth0 on port udp 443
2020-03-24T14:34:03.707+0100    INFO    firewall configurator: allowing output traffic to VPN server 84.17.46.2 through eth0 on port udp 443
2020-03-24T14:34:03.711+0100    INFO    firewall configurator: allowing output traffic to VPN server 72.11.157.35 through eth0 on port udp 443
2020-03-24T14:34:03.715+0100    INFO    firewall configurator: allowing output traffic to VPN server 72.11.157.67 through eth0 on port udp 443
2020-03-24T14:34:03.719+0100    INFO    firewall configurator: allowing output traffic to VPN server 185.253.96.3 through eth0 on port udp 443
2020-03-24T14:34:03.725+0100    INFO    firewall configurator: allowing output traffic to VPN server 37.120.192.19 through eth0 on port udp 443
2020-03-24T14:34:03.729+0100    INFO    firewall configurator: allowing output traffic to VPN server 46.166.143.98 through eth0 on port udp 443
2020-03-24T14:34:03.738+0100    INFO    firewall configurator: accepting input and output traffic for 172.17.0.0/16
2020-03-24T14:34:03.744+0100    INFO    firewall configurator: accepting input traffic through eth0 from 10.54.1.0/24 to 172.17.0.0/16
2020-03-24T14:34:03.746+0100    INFO    firewall configurator: accepting output traffic through eth0 from 172.17.0.0/16 to 10.54.1.0/24
2020-03-24T14:34:03.749+0100    INFO    firewall configurator: accepting any input traffic on port 8388
2020-03-24T14:34:03.759+0100    INFO    openvpn configurator: starting openvpn
2020-03-24T14:34:03.767+0100    INFO    openvpn: Tue Mar 24 14:34:03 2020 OpenVPN 2.4.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb  7 2020
2020-03-24T14:34:03.767+0100    INFO    openvpn: Tue Mar 24 14:34:03 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
2020-03-24T14:34:03.774+0100    INFO    openvpn: Tue Mar 24 14:34:03 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.212.171.131:443
2020-03-24T14:34:03.774+0100    INFO    openvpn: Tue Mar 24 14:34:03 2020 UDP link local: (not bound)
2020-03-24T14:34:03.775+0100    INFO    openvpn: Tue Mar 24 14:34:03 2020 UDP link remote: [AF_INET]185.212.171.131:443
2020-03-24T14:34:03.775+0100    INFO    openvpn: Tue Mar 24 14:34:03 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2020-03-24T14:35:03.803+0100    INFO    openvpn: Tue Mar 24 14:35:03 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-24T14:35:03.803+0100    INFO    openvpn: Tue Mar 24 14:35:03 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-24T14:35:13.804+0100    INFO    openvpn: Tue Mar 24 14:35:13 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.253.96.3:443
2020-03-24T14:35:13.804+0100    INFO    openvpn: Tue Mar 24 14:35:13 2020 UDP link local: (not bound)
2020-03-24T14:35:13.804+0100    INFO    openvpn: Tue Mar 24 14:35:13 2020 UDP link remote: [AF_INET]185.253.96.3:443
2020-03-24T14:36:13.512+0100    INFO    openvpn: Tue Mar 24 14:36:13 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-24T14:36:13.512+0100    INFO    openvpn: Tue Mar 24 14:36:13 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-24T14:36:23.512+0100    INFO    openvpn: Tue Mar 24 14:36:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.143.98:443
2020-03-24T14:36:23.513+0100    INFO    openvpn: Tue Mar 24 14:36:23 2020 UDP link local: (not bound)
2020-03-24T14:36:23.513+0100    INFO    openvpn: Tue Mar 24 14:36:23 2020 UDP link remote: [AF_INET]46.166.143.98:443
2020-03-24T14:37:23.518+0100    INFO    openvpn: Tue Mar 24 14:37:23 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-24T14:37:23.518+0100    INFO    openvpn: Tue Mar 24 14:37:23 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-24T14:37:33.519+0100    INFO    openvpn: Tue Mar 24 14:37:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.192.19:443
2020-03-24T14:37:33.519+0100    INFO    openvpn: Tue Mar 24 14:37:33 2020 UDP link local: (not bound)
2020-03-24T14:37:33.519+0100    INFO    openvpn: Tue Mar 24 14:37:33 2020 UDP link remote: [AF_INET]37.120.192.19:443
2020-03-24T14:38:33.979+0100    INFO    openvpn: Tue Mar 24 14:38:33 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-24T14:38:33.979+0100    INFO    openvpn: Tue Mar 24 14:38:33 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-24T14:38:43.980+0100    INFO    openvpn: Tue Mar 24 14:38:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.67:443
2020-03-24T14:38:43.981+0100    INFO    openvpn: Tue Mar 24 14:38:43 2020 UDP link local: (not bound)
2020-03-24T14:38:43.981+0100    INFO    openvpn: Tue Mar 24 14:38:43 2020 UDP link remote: [AF_INET]72.11.157.67:443
2020-03-24T14:39:43.186+0100    INFO    openvpn: Tue Mar 24 14:39:43 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-24T14:39:43.186+0100    INFO    openvpn: Tue Mar 24 14:39:43 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-24T14:39:53.187+0100    INFO    openvpn: Tue Mar 24 14:39:53 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.35:443
2020-03-24T14:39:53.187+0100    INFO    openvpn: Tue Mar 24 14:39:53 2020 UDP link local: (not bound)
2020-03-24T14:39:53.187+0100    INFO    openvpn: Tue Mar 24 14:39:53 2020 UDP link remote: [AF_INET]72.11.157.35:443

[frepke]

I thought by inserting a code, the comment wouldn't be that large :(

[qdm12]

You need to surround your code with 3 backticks :wink:

Ok so the problem comes from the openvpn config and Windscribe not being happy with it:

[UNDEF] Inactivity timeout (--ping-restart), restarting

I'll fix it at noon (in 2 hours).

[frepke]

3rd test: no luck

2020-03-24T21:18:19.685+0100    INFO    openvpn configurator: checking for device /dev/net/tun
2020-03-24T21:18:19.685+0100    WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-03-24T21:18:19.685+0100    INFO    openvpn configurator: creating /dev/net/tun
2020-03-24T21:18:19.685+0100    INFO    openvpn configurator: writing auth file /etc/openvpn/auth.conf
2020-03-24T21:18:19.686+0100    INFO    firewall configurator: accepting all traffic
2020-03-24T21:18:19.697+0100    INFO    Launching standard output merger
2020-03-24T21:18:19.697+0100    INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-03-24T21:18:19.697+0100    INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-03-24T21:18:19.980+0100    INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-03-24T21:18:19.990+0100    INFO    dns configurator: generating Unbound configuration
2020-03-24T21:18:21.010+0100    INFO    dns configurator: 131467 hostnames blocked overall
2020-03-24T21:18:21.011+0100    INFO    dns configurator: 9 IP addresses blocked overall
2020-03-24T21:18:21.351+0100    INFO    dns configurator: starting unbound
2020-03-24T21:18:21.353+0100    INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-03-24T21:18:21.354+0100    INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-03-24T21:18:21.359+0100    WARN    could not resolve github.com (try 1 of 10)
2020-03-24T21:18:22.737+0100    INFO    unbound: [1585081102] unbound[21:0] notice: init module 0: validator
2020-03-24T21:18:22.737+0100    INFO    unbound: [1585081102] unbound[21:0] notice: init module 1: iterator
2020-03-24T21:18:22.777+0100    INFO    unbound: [1585081102] unbound[21:0] info: start of service (unbound 1.9.6).
2020-03-24T21:18:22.809+0100    INFO    unbound: [1585081102] unbound[21:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
2020-03-24T21:18:23.028+0100    INFO    firewall configurator: detecting default network route
2020-03-24T21:18:23.028+0100    INFO    firewall configurator: default route found: interface eth0, gateway 172.17.0.1, subnet 172.17.0.0/16
2020-03-24T21:18:23.031+0100    INFO    firewall configurator: adding 10.54.1.0/24 as route via eth0
2020-03-24T21:18:23.034+0100    INFO    firewall configurator: clearing all rules
2020-03-24T21:18:23.043+0100    INFO    firewall configurator: blocking all traffic
2020-03-24T21:18:23.052+0100    INFO    firewall configurator: creating general rules
2020-03-24T21:18:23.066+0100    INFO    firewall configurator: allowing output traffic to VPN server 185.212.171.131 through eth0 on port udp 443
2020-03-24T21:18:23.071+0100    INFO    firewall configurator: allowing output traffic to VPN server 84.17.46.2 through eth0 on port udp 443
2020-03-24T21:18:23.074+0100    INFO    firewall configurator: allowing output traffic to VPN server 72.11.157.35 through eth0 on port udp 443
2020-03-24T21:18:23.077+0100    INFO    firewall configurator: allowing output traffic to VPN server 46.166.143.98 through eth0 on port udp 443
2020-03-24T21:18:23.080+0100    INFO    firewall configurator: allowing output traffic to VPN server 185.253.96.3 through eth0 on port udp 443
2020-03-24T21:18:23.083+0100    INFO    firewall configurator: allowing output traffic to VPN server 72.11.157.67 through eth0 on port udp 443
2020-03-24T21:18:23.086+0100    INFO    firewall configurator: allowing output traffic to VPN server 37.120.192.19 through eth0 on port udp 443
2020-03-24T21:18:23.093+0100    INFO    firewall configurator: accepting input and output traffic for 172.17.0.0/16
2020-03-24T21:18:23.098+0100    INFO    firewall configurator: accepting input traffic through eth0 from 10.54.1.0/24 to 172.17.0.0/16
2020-03-24T21:18:23.101+0100    INFO    firewall configurator: accepting output traffic through eth0 from 172.17.0.0/16 to 10.54.1.0/24
2020-03-24T21:18:23.104+0100    INFO    firewall configurator: accepting any input traffic on port 8388
2020-03-24T21:18:23.113+0100    INFO    openvpn configurator: starting openvpn
2020-03-24T21:18:23.121+0100    INFO    openvpn: Tue Mar 24 21:18:23 2020 OpenVPN 2.4.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb  7 2020
2020-03-24T21:18:23.121+0100    INFO    openvpn: Tue Mar 24 21:18:23 2020 library versions: OpenSSL 1.1.1d  10 Sep 2019, LZO 2.10
2020-03-24T21:18:23.125+0100    INFO    openvpn: Tue Mar 24 21:18:23 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]37.120.192.19:443
2020-03-24T21:18:23.125+0100    INFO    openvpn: Tue Mar 24 21:18:23 2020 UDP link local: (not bound)
2020-03-24T21:18:23.126+0100    INFO    openvpn: Tue Mar 24 21:18:23 2020 UDP link remote: [AF_INET]37.120.192.19:443
2020-03-24T21:18:23.126+0100    INFO    openvpn: Tue Mar 24 21:18:23 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2020-03-24T21:19:23.532+0100    INFO    openvpn: Tue Mar 24 21:19:23 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-24T21:19:23.532+0100    INFO    openvpn: Tue Mar 24 21:19:23 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-24T21:19:33.533+0100    INFO    openvpn: Tue Mar 24 21:19:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.253.96.3:443
2020-03-24T21:19:33.533+0100    INFO    openvpn: Tue Mar 24 21:19:33 2020 UDP link local: (not bound)
2020-03-24T21:19:33.533+0100    INFO    openvpn: Tue Mar 24 21:19:33 2020 UDP link remote: [AF_INET]185.253.96.3:443
2020-03-24T21:20:33.322+0100    INFO    openvpn: Tue Mar 24 21:20:33 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-24T21:20:33.323+0100    INFO    openvpn: Tue Mar 24 21:20:33 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-24T21:20:43.322+0100    INFO    openvpn: Tue Mar 24 21:20:43 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]46.166.143.98:443
2020-03-24T21:20:43.323+0100    INFO    openvpn: Tue Mar 24 21:20:43 2020 UDP link local: (not bound)
2020-03-24T21:20:43.323+0100    INFO    openvpn: Tue Mar 24 21:20:43 2020 UDP link remote: [AF_INET]46.166.143.98:443

[qdm12]

What version are you using (see top of logs)?

Also can you disable shadowsocks in order to clean out the logs? Thanks!

[frepke]

What version are you using (see top of logs)?

Also can you disable shadowsocks in order to clean out the logs? Thanks!

Running version windscribe built on 2020-03-24T18:07:34Z (commit a0513c0)

[qdm12]

Also, what region are you using? Maybe try with another region? Can anyone else subscribed with Windscribe also try?

And does it work using one of the openvpn files using openvpn on your laptop/desktop?

Sorry, I'm a bit running out of options on that one 😕

[frepke]

Maybe the problem is me, trying it with a free Windscribe accound.

[frepke]

I build a Windscribe-plan for two country's. Now I can get in the sites PRO-section. I've to genereate my own .ovpn-file by selecting some inputfields:

• Location: Netherlands*
• UDP or TCP = UDP*
• Port 443, 80, 53, 123, 1194 or 54783 = 443*
• Cipher AES-CBC or AES-GCM = AES-CBC `` = my selection My selection generates a .ovpn-file (see below) and comes with specific credentials.

Setting up openvpn on a Windows10 machine with generated .ovpn and given credentials connect me successfully to a Dutch Windscribe server :)

The dockercontainer doesn't work for now :) I hope this helps.

kr., Frepke

Windscribe-Netherlands.ovpn

dev tun
proto udp
remote nl.windscribe.com 443

nobind
auth-user-pass

resolv-retry infinite

auth SHA512
cipher AES-256-CBC
comp-lzo
verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun

key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIF3DCCA8SgAwIBAgIJAMsOivWTmu9fMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNV
BAYTAkNBMQswCQYDVQQIDAJPTjEQMA4GA1UEBwwHVG9yb250bzEbMBkGA1UECgwS
V2luZHNjcmliZSBMaW1pdGVkMRMwEQYDVQQLDApPcGVyYXRpb25zMRswGQYDVQQD
DBJXaW5kc2NyaWJlIE5vZGUgQ0EwHhcNMTYwMzA5MDMyNjIwWhcNNDAxMDI5MDMy
NjIwWjB7MQswCQYDVQQGEwJDQTELMAkGA1UECAwCT04xEDAOBgNVBAcMB1Rvcm9u
dG8xGzAZBgNVBAoMEldpbmRzY3JpYmUgTGltaXRlZDETMBEGA1UECwwKT3BlcmF0
aW9uczEbMBkGA1UEAwwSV2luZHNjcmliZSBOb2RlIENBMIICIjANBgkqhkiG9w0B
AQEFAAOCAg8AMIICCgKCAgEAruBtLR1Vufd71LeQEqChgHS4AQJ0fSRner0gmZPE
r2TL5uWboOEWXFFoEUTthF+P/N8yy3xRZ8HhG/zKlmJ1xw+7KZRbTADD6shJPj3/
uvTIO80sU+9LmsyKSWuPhQ1NkgNA7rrMTfz9eHJ2MVDs4XCpYWyX9iuAQrHSY6aP
q+4TpCbUgprkM3Gwjh9RSt9IoDoc4CF2bWSaVepUcL9yz/SXLPzFx2OT9rFrDhL3
ryHRzJQ/tA+VD8A7lo8bhOcDqiXgEFmVOZNMLw+r167Qq1Ck7X86yr2mnW/6HK2g
JOvY0/SPKukfGJAiYZKdG+fe4ekyYcAVhDfPJg7rF9wUqPwUzejJyAs1K18JwX94
Y8fnD6vQobjpC3qfHtwQP7Uj2AcI6QC8ytWDegV6UIkHXAMXBQSX5suSQoE11deG
32cy7nyp5vhgy31rTyNoopqlcCAhPm6k0jVVQbvXhLcpTSL8iCCoMdrP28i/xsfv
ktBAkl5giHMdK6hxqWgPI+Bx9uPIhRp3fJ2z8AgFm8g1ARB2ZzQ+OZZ2RUIkJuUK
hi2kUhgKSAQ+eF89aoqDjp/J1miZqGRzt4DovSZfQOeL01RkKHEibAPYCfgHG2ZS
woLoeaxE2vNZiX4dpXiOQYTOIXOwEPZzPvfTQf9T4Kxvx3jzQnt3PzjlMCqKk3Ai
pm8CAwEAAaNjMGEwHQYDVR0OBBYEFEH2v9F2z938Ebngsj9RkVSSgs45MB8GA1Ud
IwQYMBaAFEH2v9F2z938Ebngsj9RkVSSgs45MA8GA1UdEwEB/wQFMAMBAf8wDgYD
VR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQAgI6NgYkVo5rB6yKStgHjj
ZsINsgEvoMuHwkM0YaV22XtKNiHdsiOmY/PGCRemFobTEHk5XHcvcOTWv/D1qVf8
fI21WAoNQVH7h8KEsr4uMGKCB6Lu8l6xALXRMjo1xb6JKBWXwIAzUu691rUD2exT
1E+A5t+xw+gzqV8rWTMIoUaH7O1EKjN6ryGW71Khiik8/ETrP3YT32ZbS2P902iM
Kw9rpmuS0wWhnO5k/iO/6YNA1ZMV5JG5oZvZQYEDk7enLD9HvqazofMuy/Sz/n62
ZCDdQsnabzxl04wwv5Y3JZbV/6bOM520GgdJEoDxviY05ax2Mz05otyBzrAVjFw9
RZt/Ls8ATifu9BusZ2ootvscdIuE3x+ZCl5lvANcFEnvgGw0qpCeASLpsfxwq1dR
gIn7BOiTauFv4eoeFAQvCD+l+EKGWKu3M2y19DgYX94N2+Xs2bwChroaO5e4iFem
MLMuWKZvYgnqS9OAtRSYWbNX/wliiPz7u13yj+qSWgMfu8WPYNQlMZJXuGWUvKLE
XCUExlu7/o8D4HpsVs30E0pUdaqN0vExB1KegxPWWrmLcYnPG3knXpkC3ZBZ5P/e
l/2eyhZRy9ydiITF8gM3L08E8aeqvzZMw2FDSmousydIzlXgeS5VuEf+lUFA2h8o
ZYGQgrLt+ot8MbLhJlkp4Q==
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
5801926a57ac2ce27e3dfd1dd6ef8204
2d82bd4f3f0021296f57734f6f1ea714
a6623845541c4b0c3dea0a050fe6746c
b66dfab14cda27e5ae09d7c155aa554f
399fa4a863f0e8c1af787e5c602a801d
3a2ec41e395a978d56729457fe6102d7
d9e9119aa83643210b33c678f9d4109e
3154ac9c759e490cb309b319cf708cae
83ddadc3060a7a26564d1a24411cd552
fe6620ea16b755697a4fc5e6e9d0cfc0
c5c4a1874685429046a424c026db672e
4c2c492898052ba59128d46200b40f88
0027a8b6610a4d559bdc9346d33a0a6b
08e75c7fd43192b162bfd0aef0c716b3
1584827693f676f9a5047123466f0654
eade34972586b31c6ce7e395f4b478cb
-----END OpenVPN Static key V1-----
</tls-auth>```

[frepke]

Quentin,

Is it possible to modify the .ovpn file in the dockercontainer by myselve and restart the service afterwards in the container?

[qdm12]

I think key-direction 1 in the code, I'll add it in my lunch break.

You could docker run the container with --entrypoint=/bin/sh, then run /entrypoint, ctrl-c to exit, modify the config file generated (in /etc/openvpn/) and run openvpn to test. That would be a good way to debug what's wrong. But a bit tedious unfortunately.

[frepke]

I think key-direction 1 in the code, I'll add it in my lunch break.

You could docker run the container with --entrypoint=/bin/sh, then run /entrypoint, ctrl-c to exit, modify the config file generated (in /etc/openvpn/) and run openvpn to test. That would be a good way to debug what's wrong. But a bit tedious unfortunately.

Tried it in the Portainer-console. vi /etc/openvpn/target.ovpn and add key-direction 1 saved the file and then openvpn /etc/openvpn/target.ovpn

still not running :(

Maybe openvpn isn't running with the new settings

[qdm12]

I added the missing key-direction 1. I think you need to run openvpn ---config /etc/openvpn/target.ovpn instead.

Also I need to add the port selection option for Windscribe, I wasn't aware you could pick it. The encryption one will probably come with #94

Do Windscribe have a free plan? I will try with it if so.

[frepke]

Sorry, still the same errors:

Running version windscribe built on 2020-03-25T16:37:29Z (commit f15a885) The "key-direction 1" isn't in /etc/openvpn/target.ovpn

2020-03-25T19:40:37.318+0100    INFO    openvpn: Wed Mar 25 19:40:37 2020 UDP link local: (not bound)
2020-03-25T19:40:37.318+0100    INFO    openvpn: Wed Mar 25 19:40:37 2020 UDP link remote: [AF_INET]46.166.143.98:443
2020-03-25T19:41:37.639+0100    INFO    openvpn: Wed Mar 25 19:41:37 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
2020-03-25T19:41:37.639+0100    INFO    openvpn: Wed Mar 25 19:41:37 2020 SIGUSR1[soft,ping-restart] received, process restarting
2020-03-25T19:41:47.640+0100    INFO    openvpn: Wed Mar 25 19:41:47 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]72.11.157.35:443
2020-03-25T19:41:47.640+0100    INFO    openvpn: Wed Mar 25 19:41:47 2020 UDP link local: (not bound)
2020-03-25T19:41:47.640+0100    INFO    openvpn: Wed Mar 25 19:41:47 2020 UDP link remote: [AF_INET]72.11.157.35:443

[frepke]

I added the missing key-direction 1. I think you need to run openvpn ---config /etc/openvpn/target.ovpn instead.

Also I need to add the port selection option for Windscribe, I wasn't aware you could pick it. The encryption one will probably come with #94

Do Windscribe have a free plan? I will try with it if so.

Yes, they have a free plan for 10GB a month on selected servers. For $2 you can build a custom pro plan for a month.

[qdm12]

@Frepke I have signed up, paid them $2 (probably to save hours of debugging 😆 ) . The bug was me copy pasta some lines of code, and basically it was using the mullvad configurator instead of the newer windscribe, hence making the ovpn file not the right one! It's fixed now, I tested it and it connects successfully 👍 Let me know how it goes for you and we can then finally close this long issue! 🎉

[frepke]

I've tried my two subscribed regions with Windscribe (Netherlands and United Kingdom). Both connected instantly and without errors 👍 And now I see the correct target.ovpn in /etc/openvpn/ 😄

I'm happy with this, thanks.

[frepke]

Are you planning support for other providers? Just a question, I've nothing in mind myself.

[elmerfds]

Windscribe is working for me as well, nice one @qdm12 👏

Are there any plans to support port forwarding on Mullvad & Windscribe? 😄

[qdm12]

Great, thanks for the help guys!

I still need to support other ports for Windscribe before closing this issue.

Supporting other ciphers and auth algorithm for Windscribe and pia will come in #94

I'll create another issue for port forwarding for Mullvad and Windscribe (didn't know you could!)

EDIT: And there is still other issues I want to resolve before moving to more providers. Also I need to rename it to gluetun :smile: And using other protocols like Wireguard would be cool too.

[qdm12]

Ok I've added support for custom ciphers and custom port, so please try it one last time and I'll merge it with the latest.

[frepke]

Quentin,

I tested some different ports/protocols and all connect perfectly. But there are some warnings in the log:

2020-03-27T07:56:18.079+0100    INFO    openvpn: Fri Mar 27 07:56:18 2020 Initialization Sequence Completed
2020-03-27T08:56:16.116+0100    INFO    openvpn: Fri Mar 27 08:56:16 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1550'
2020-03-27T08:56:16.116+0100    INFO    openvpn: Fri Mar 27 08:56:16 2020 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
2020-03-27T08:56:16.116+0100    INFO    openvpn: Fri Mar 27 08:56:16 2020 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2020-03-27T09:56:16.893+0100    INFO    openvpn: Fri Mar 27 09:56:16 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1550'
2020-03-27T09:56:16.893+0100    INFO    openvpn: Fri Mar 27 09:56:16 2020 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
2020-03-27T09:56:16.893+0100    INFO    openvpn: Fri Mar 27 09:56:16 2020 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]

[qdm12]

@Frepke It seems to be related to this Reddit post because their server has a different configuration than the client config they give (which is silly but anyway, pia does the same...).

You can safely ignore these, but the client will essentially use the remote settings pushed by the server (i.e. even if you set encryption as AES-256-CBC it will use the GCM variant).

I will add this to the documentation. I'll merge the windscribe branch/tag this weekend.

[frepke]

Okay,

And thanks for this amazing piece of work!