Closed xrhstos closed 3 years ago
Try with a previous image. I changed some Openvpn settings 11 days ago, maybe that's why.
Does :v3.24.0 work? See more image tags at https://github.com/qdm12/gluetun/wiki/Docker-image-tags
Just tried it I get the same error messages! The same with v3.19.1 also.
That's most likely a configuration error then.
OPENVPN_VERSION=2.4
, maybe fastestvpn doesn't support 2.5.1) I am pretty sure it's valid.I can connect using my iPhone 2) Tried with 3 different servers , also tried the same server on my iPhone and I can connect 3) I am sorry , I pruned the images as part of my maintenance Saturday. 4) I tried with OPENVPN_VERSION=2.4 i got the same error 5) I am going to try it later but I don't think it's gonna be a problem.
Is there any way I can store the credentials in a file and not as enviroment variables ? Is there any way to ensure that the variables are passed to the container ?
Yes you can with: https://github.com/qdm12/gluetun/wiki/Docker-secrets
You can also run docker exec gluetun cat /etc/openvpn/auth.conf
on a running gluetun to check your username is on the first line and password on the second line.
Well credentials seem correct. My docker-compose seems correct . Is there anything else I should check ?
It might be worth trying with openvpn on a desktop. I guess you are using the Fastestvpn mobile app and not openvpn on your phone right? This really all point to bad credentials.
If it works with one of their openvpn config and the same credentials, send here one of their openvpn config maybe something dramatic changed, but I doubt that would be a reason 🤔
Maybe also try with OPENVPN_FLAGS=--tun-mtu 1500
as well? I really doubt that's the problem but maybe 😄
I managed to connect using a desktop client on Win :/. Here are their configurations https://support.fastestvpn.com/download/openvpn-tcp-udp-config-files/ I used the guide from their website to connect here : https://support.fastestvpn.com/tutorials/windows/openvpn. The OPENVPN_FLAGS=--tun-mtu 1500
didn't work.
5d8d92462dec89e8210dedbfb26f649b775bbd3c updates FastestVPN server data, it seems like they removed a bunch of their servers and also changed their hostnames. That might be the root cause, please try pulling latest and try again?
(Wait for this build to complete before pulling the image)
It doesn't work I get the same
2021/09/25 17:30:56 ERROR openvpn: AUTH: Received control message: AUTH_FAILED
Your credentials might be wrong
Using this image : RUN |4 VERSION=latest CREATED=2021-09-25T13:34:36Z COMMIT=5d8d924
I managed to solve this using the custom provider method. What I did was copy a opvn conf from their site to the volume then changed my docker-compose.yml to use custom provider.
You have to edit the ovpn.conf from the country of your choice and change hostname to IP.
host pl2.jumptoserver.com
pl2.jumptoserver.com has address 194.15.196.117
Then use the following docker-compose:
version: "2.4"
services:
superimage:
image: superimage:latest
container_name: superimage
environment:
- PUID=1000
- PGID=100
- TZ=Europe/Athens
volumes:
- /srv/downloads:/downloads
network_mode: "service:gluetun"
restart: unless-stopped
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
network_mode: bridge
ports:
- 9091:9091/tcp
volumes:
- /srv/fastestvpn/ovpn.conf:/gluetun/config.conf:ro
environment:
- VPNSP=custom
- VPN_TYPE=openvpn
- OPENVPN_USER=my_fastest_vpn_email
- OPENVPN_PASSWORD=my_super_secure_password
- OPENVPN_CUSTOM_CONFIG=/gluetun/config.conf
- TZ=Europe/Athens
restart: unless-stopped
To test using Portainer I opened exec on "superimage" and did a : curl ifconfig.me it should return the IP you changed in the ovpn.conf
Hope this helps to solve it and not use the custom provider method.
Thank you very much.
Ok thanks! I guess it's then a problem on my side, my apologies.
I changed the config a bit to match their newer config more closely, try:
USER=youruser
PASSWORD=yourpassword
docker run -it --rm -e VPNSP=fastestvpn \
-e OPENVPN_USER=$USER -e OPENVPN_PASSWORD=$PASSWORD \
-e SERVER_HOSTNAME=pl2.jumptoserver.com \
qmcgaw/gluetun:642
(Note the :642
image tag)
If it still doesn't work, you could try getting the generated config
docker run -it --rm -e VPNSP=fastestvpn \
-e OPENVPN_USER=bla -e OPENVPN_PASSWORD=bla \
-e SERVER_HOSTNAME=pl2.jumptoserver.com \
qmcgaw/gluetun:642 openvpnconfig > config.ovpn
And fiddle with that config.ovpn
Openvpn configuration file to see what causes it to not work.
If it works, let me know and I'll push the changes in the latest image, maybe fix v3.24.0 for it too.
Sorry for the late reply. The image :642
cannot be found in registry.
root@zeus # docker pull qmcgaw/gluetun:642
Error response from daemon: manifest for qmcgaw/gluetun:642 not found: manifest unknown: manifest unknown
Am I doing something worng ?
🙄 sorry, I built it but forgot to push it. It's pushed now!
So 642
doesn't work. I exported the config.ovpn
and there are some huge differences on the files.
Here is their conf : https://www.dropbox.com/s/y0vpixxmqprud6u/poland.conf?dl=0 And here is the exported conf : https://www.dropbox.com/s/e3cimk8t21vlf6c/config.ovpn?dl=0
TLDR: Please docker pull qmcgaw/gluetun:642
and try again
Differences that might matter:
pull-filter ignore "auth-token"
maybe FastestVPN changed to rely on auth tokens and that's why it fails. I removed that.reneg-sec 0
is missing (disabled renegotiation after 1hr). I doubt it would change much, but I re-added itping-restart 0
disables the automatic OpenVPN restart after 120s if no ping is received from the server. In gluetun, there is a 6s ping checker anyway so that instruction was removed. I re-added it just in case.Other differences with explanations between the two:
<ca>
and <tls-auth>
are the same values, it's just all on one linecipher
which is deprecated and replaced by data-ciphers
and data-ciphers-fallback
in OpenVPN 2.5tls-client
is implied by client
so I removed it (see --client
in the reference)resolv-retry infinite
is useless since it uses IP addresses to connect to the VPN server, so I removed itremote-random
is useless since there is only one remote address specified, so it's removedping-timer-rem
is useless, this is for OpenVPN servers, not clientspersist-key
and persist-tun
are used if you run without root, but we run as root so it's removed (it's added if running openvpn without root in gluetun).dev tun
means dynamically pick the first interface available (usually tun0
), and is better than their dev tun0
to avoid conflicts with other eventual network interfaces.auth-user-pass
to prompt you for password, whilst we use auth-user-pass /etc/openvpn/auth.conf
since your credentials are written to file.Some values are added in the gluetun config:
auth-nocache
is to force Openvpn to re-read the auth file instead of caching the values in memoryauth-retry nointeract
is to make OpenVPN re-authenticate without user input using the auth fileexplicit-exit-notify
is to signal to FastestVPN server (only for UDP) that we disconnected to avoid getting banned for too many connectionsmute-replay-warnings
, verb 1
and suppress-timestamps
are for log outputs onlypull-filter ignore "ifconfig-ipv6"
and pull-filter ignore "route-ipv6"
is for IPv6tls-exit
is to make OpenVPN exit if there is a TLS errorYeah now it works perfectly :)
Fantastic! Do you mind pulling image :642
again and check it works still? I only left that auth-token unfiltered since I think that was the root of the problem... And then I'll push it on latest, thanks !
Sorry for late reply. Unfortunately it didn't work. Here is the output
2021/09/28 07:20:43 INFO openvpn: OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2021/09/28 07:20:43 INFO openvpn: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2021/09/28 07:20:43 WARN openvpn: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2021/09/28 07:20:43 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]194.15.196.117:4443
2021/09/28 07:20:43 INFO openvpn: UDP link local: (not bound)
2021/09/28 07:20:43 INFO openvpn: UDP link remote: [AF_INET]194.15.196.117:4443
2021/09/28 07:20:43 WARN dns over tls: cannot update files
2021/09/28 07:20:43 INFO dns over tls: attempting restart in 40s
2021/09/28 07:20:43 ERROR ip getter: Get "https://ipinfo.io/ip": dial tcp: lookup ipinfo.io on 1.1.1.1:53: read udp 10.16.0.24:59153->1.1.1.1:53: i/o timeout
2021/09/28 07:20:43 INFO ip getter: retrying in 5s
2021/09/28 07:20:43 WARN openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1570'
2021/09/28 07:20:43 WARN openvpn: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2021/09/28 07:20:43 WARN openvpn: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2021/09/28 07:20:43 INFO openvpn: [FastestVPN] Peer Connection Initiated with [AF_INET]194.15.196.117:4443
2021/09/28 07:20:45 ERROR openvpn: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: block-outside-dns (2.5.2)
2021/09/28 07:20:45 INFO openvpn: setsockopt TCP_NODELAY=1 failed
2021/09/28 07:20:45 INFO openvpn: TUN/TAP device tun0 opened
2021/09/28 07:20:45 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/09/28 07:20:45 INFO openvpn: /sbin/ip link set dev tun0 up
2021/09/28 07:20:45 INFO openvpn: /sbin/ip addr add dev tun0 10.16.0.11/16
2021/09/28 07:20:45 ERROR openvpn: RTNETLINK answers: File exists
2021/09/28 07:20:45 INFO openvpn: ERROR: Linux route add command failed: external program exited with error status: 2
2021/09/28 07:20:45 INFO openvpn: Initialization Sequence Completed
2021/09/28 07:20:55 INFO openvpn: write to TUN/TAP : Invalid argument (code=22)
2021/09/28 07:21:03 ERROR ip getter: Get "https://api.ipify.org": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2021/09/28 07:21:03 INFO ip getter: retrying in 5s
2021/09/28 07:21:05 INFO healthcheck: program has been unhealthy for 21s: restarting VPN
2021/09/28 07:21:05 INFO vpn: stopping
2021/09/28 07:21:05 INFO vpn: starting
2021/09/28 07:21:05 INFO firewall: setting VPN connection through firewall...
And it keeps looping trying to connect.
This is due to:
2021/09/28 07:20:45 ERROR openvpn: RTNETLINK answers: File exists
2021/09/28 07:20:45 INFO openvpn: ERROR: Linux route add command failed: external program exited with error status: 2
Maybe try removing the container completely and restart it?
I rebuilt it this time re-adding comp-lzo
, that might the cause of your last error. Try pulling and it should be working.
FYI Compression (comp-lzo
) is about to be deprecated since it has been used in the past to break encryption. Maybe FastestVPN might want to allow running clients without compression 😉
I removed image qmcgaw/gluetun:642
. Then I tested with docker run -it --rm --cap-add=NET_ADMIN -e VPNSP=fastestvpn -e OPENVPN_USER=myemail@email.com -e OPENVPN_PASSWORD=this_is_not_my_pass -e SERVER_HOSTNAME=pl2.jumptoserver.com qmcgaw/gluetun:642
and it works!!!!
Great, thanks for your patience in all this!
It's in :latest
with commit 62a6016882e282a41f49d24ac1a7356691340f42
I'll do a release soon as well (v3.25.0).
Is this urgent?: No
Host OS (approximate answer is fine too): Debian 10.10 (OMV5)
CPU arch or device name: amd64
What VPN provider are you using: FastestVPN
What are you using to run your container?: Docker Compose
What is the version of the program (See the line at the top of your logs)
What's the problem 🤔
Before update FastestVPN was connecting successfully. After pulling :latest it stopped working giving a strange AUTH_FAILED. My credentials work I never changed them (Tested on their site & iPhone app)