Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.4)

Is this urgent?

Host OS

Debian Bullseye

CPU arch

x86_64

VPN service provider

Surfshark

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version pr-848 built on 2022-02-16T03:43:28.135Z (commit 56168a9)

What's the problem 🤔

ERROR openvpn: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.4)

I had this error a long way ago: https://github.com/qdm12/gluetun/issues/316#issue-772817218 and now it's back (a long time also)

Share your logs

today at 10:01:46========================================
today at 10:01:46========================================
today at 10:01:46=============== gluetun ================
today at 10:01:46========================================
today at 10:01:46=========== Made with ❤️ by ============
today at 10:01:46======= https://github.com/qdm12 =======
today at 10:01:46========================================
today at 10:01:46========================================
today at 10:01:46
today at 10:01:46Running version pr-848 built on 2022-02-16T03:43:28.135Z (commit 56168a9)
today at 10:01:46
today at 10:01:46🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
today at 10:01:46🐛 Bug? https://github.com/qdm12/gluetun/issues/new
today at 10:01:46✨ New feature? https://github.com/qdm12/gluetun/issues/new
today at 10:01:46☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
today at 10:01:46💻 Email? quentin.mcgaw@gmail.com
today at 10:01:46💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
today at 10:01:462022/02/16 10:01:46 INFO routing: default route found: interface eth0, gateway 172.18.0.1
today at 10:01:462022/02/16 10:01:46 INFO routing: local ethernet link found: eth0
today at 10:01:462022/02/16 10:01:46 INFO routing: local ipnet found: 172.18.0.0/16
today at 10:01:462022/02/16 10:01:46 INFO firewall: enabling...
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --policy INPUT DROP
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --policy OUTPUT DROP
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --policy FORWARD DROP
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --append INPUT -i lo -j ACCEPT
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --append OUTPUT -o lo -j ACCEPT
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --append OUTPUT -o eth0 -s 172.18.0.2 -d 172.18.0.0/16 -j ACCEPT
today at 10:01:462022/02/16 10:01:46 DEBUG firewall: iptables --append INPUT -i eth0 -d 172.18.0.0/16 -j ACCEPT
today at 10:01:462022/02/16 10:01:46 INFO firewall: enabled successfully
today at 10:01:472022/02/16 10:01:47 INFO storage: merging by most recent 11173 hardcoded servers and 11173 servers read from /gluetun/servers.json
today at 10:01:472022/02/16 10:01:47 INFO Alpine version: 3.15.0
today at 10:01:472022/02/16 10:01:47 INFO OpenVPN 2.4 version: 2.4.11
today at 10:01:472022/02/16 10:01:47 INFO OpenVPN 2.5 version: 2.5.4
today at 10:01:472022/02/16 10:01:47 INFO Unbound version: 1.13.2
today at 10:01:472022/02/16 10:01:47 INFO IPtables version: v1.8.7
today at 10:01:472022/02/16 10:01:47 INFO Settings summary:
today at 10:01:47├── VPN settings:
today at 10:01:47|   ├── VPN provider settings:
today at 10:01:47|   |   ├── Name: surfshark
today at 10:01:47|   |   └── Server selection settings:
today at 10:01:47|   |       ├── VPN type: openvpn
today at 10:01:47|   |       ├── Hostnames: nl-ams.prod.surfshark.com
today at 10:01:47|   |       └── OpenVPN server selection settings:
today at 10:01:47|   |           └── Protocol: TCP
today at 10:01:47|   └── OpenVPN settings:
today at 10:01:47|       ├── OpenVPN version: 2.5
today at 10:01:47|       ├── User: [set]
today at 10:01:47|       ├── Password: [set]
today at 10:01:47|       ├── Tunnel IPv6: no
today at 10:01:47|       ├── Network interface: tun0
today at 10:01:47|       ├── Run OpenVPN as: no
today at 10:01:47|       └── Verbosity level: 1
today at 10:01:47├── DNS settings:
today at 10:01:47|   ├── DNS server address to use: 127.0.0.1
today at 10:01:47|   ├── Keep existing nameserver(s): no
today at 10:01:47|   └── DNS over TLS settings:
today at 10:01:47|       ├── Enabled: yes
today at 10:01:47|       ├── Update period: every 24h0m0s
today at 10:01:47|       ├── Unbound settings:
today at 10:01:47|       |   ├── Authoritative servers:
today at 10:01:47|       |   |   └── cloudflare
today at 10:01:47|       |   ├── Caching: yes
today at 10:01:47|       |   ├── IPv6: no
today at 10:01:47|       |   ├── Verbosity level: 1
today at 10:01:47|       |   ├── Verbosity details level: 0
today at 10:01:47|       |   ├── Validation log level: 0
today at 10:01:47|       |   ├── System user: root
today at 10:01:47|       |   └── Allowed networks:
today at 10:01:47|       |       ├── 0.0.0.0/0
today at 10:01:47|       |       └── ::/0
today at 10:01:47|       └── DNS filtering settings:
today at 10:01:47|           ├── Block malicious: no
today at 10:01:47|           ├── Block ads: no
today at 10:01:47|           └── Block surveillance: no
today at 10:01:47├── Firewall settings:
today at 10:01:47|   ├── Enabled: yes
today at 10:01:47|   ├── Debug mode: on
today at 10:01:47|   └── Outbound subnets:
today at 10:01:47|       └── {10.54.1.0 ffffff00}
today at 10:01:47├── Log settings:
today at 10:01:47|   └── Log level: INFO
today at 10:01:47├── Health settings:
today at 10:01:47|   ├── Server listening address: 127.0.0.1:9999
today at 10:01:47|   ├── Address to ping: github.com
today at 10:01:47|   └── VPN wait durations:
today at 10:01:47|       ├── Initial duration: 5s
today at 10:01:47|       └── Additional duration: 5s
today at 10:01:47├── Shadowsocks server settings:
today at 10:01:47|   ├── Enabled: yes
today at 10:01:47|   ├── Listening address: :8388
today at 10:01:47|   ├── Cipher: chacha20-ietf-poly1305
today at 10:01:47|   ├── Password: [set]
today at 10:01:47|   └── Log addresses: no
today at 10:01:47├── HTTP proxy settings:
today at 10:01:47|   ├── Enabled: yes
today at 10:01:47|   ├── Listening address: :8888
today at 10:01:47|   ├── User: 
today at 10:01:47|   ├── Password: [not set]
today at 10:01:47|   ├── Stealth mode: yes
today at 10:01:47|   └── Log: yes
today at 10:01:47├── Control server settings:
today at 10:01:47|   ├── Listening address: :8000
today at 10:01:47|   └── Logging: yes
today at 10:01:47├── OS Alpine settings:
today at 10:01:47|   ├── Process UID: 1000
today at 10:01:47|   ├── Process GID: 100
today at 10:01:47|   └── Timezone: Europe/Amsterdam
today at 10:01:47├── Public IP settings:
today at 10:01:47|   ├── Fetching: every 12h0m0s
today at 10:01:47|   └── IP file path: /tmp/gluetun/ip
today at 10:01:47├── Server data updater settings:
today at 10:01:47|   ├── Update period: 24h0m0s
today at 10:01:47|   ├── DNS address: 1.1.1.1
today at 10:01:47|   └── Providers to update: surfshark
today at 10:01:47└── Version settings:
today at 10:01:47    └── Enabled: yes
today at 10:01:472022/02/16 10:01:47 INFO routing: default route found: interface eth0, gateway 172.18.0.1
today at 10:01:472022/02/16 10:01:47 DEBUG routing: ip rule add from 172.18.0.2/32 lookup 200 pref 100
today at 10:01:472022/02/16 10:01:47 INFO routing: adding route for 0.0.0.0/0
today at 10:01:472022/02/16 10:01:47 DEBUG routing: ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
today at 10:01:472022/02/16 10:01:47 INFO firewall: setting allowed subnets through firewall...
today at 10:01:472022/02/16 10:01:47 DEBUG firewall: iptables --append OUTPUT -o eth0 -s 172.18.0.2 -d 10.54.1.0/24 -j ACCEPT
today at 10:01:472022/02/16 10:01:47 INFO routing: default route found: interface eth0, gateway 172.18.0.1
today at 10:01:472022/02/16 10:01:47 INFO routing: adding route for 10.54.1.0/24
today at 10:01:472022/02/16 10:01:47 DEBUG routing: ip route replace 10.54.1.0/24 via 172.18.0.1 dev eth0 table 199
today at 10:01:472022/02/16 10:01:47 DEBUG routing: ip rule add to 10.54.1.0/24 lookup 199 pref 99
today at 10:01:472022/02/16 10:01:47 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
today at 10:01:472022/02/16 10:01:47 INFO pprof http server listening on [::]:6060
today at 10:01:472022/02/16 10:01:47 INFO dns over tls: using plaintext DNS at address 1.1.1.1
today at 10:01:472022/02/16 10:01:47 INFO http proxy: listening on :8888
today at 10:01:472022/02/16 10:01:47 INFO firewall: setting VPN connection through firewall...
today at 10:01:472022/02/16 10:01:47 DEBUG firewall: iptables --append OUTPUT -d 89.46.223.68 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT
today at 10:01:472022/02/16 10:01:47 INFO http server: listening on :8000
today at 10:01:472022/02/16 10:01:47 INFO healthcheck: listening on 127.0.0.1:9999
today at 10:01:472022/02/16 10:01:47 INFO shadowsocks: listening TCP on :8388
today at 10:01:472022/02/16 10:01:47 INFO shadowsocks: listening UDP on :8388
today at 10:01:472022/02/16 10:01:47 DEBUG firewall: iptables --append OUTPUT -o tun0 -j ACCEPT
today at 10:01:472022/02/16 10:01:47 INFO openvpn: OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
today at 10:01:472022/02/16 10:01:47 INFO openvpn: library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
today at 10:01:472022/02/16 10:01:47 WARN openvpn: --ping should normally be used with --ping-restart or --ping-exit
today at 10:01:472022/02/16 10:01:47 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]89.46.223.68:1443
today at 10:01:472022/02/16 10:01:47 INFO openvpn: Attempting to establish TCP connection with [AF_INET]89.46.223.68:1443 [nonblock]
today at 10:01:472022/02/16 10:01:47 INFO openvpn: TCP connection established with [AF_INET]89.46.223.68:1443
today at 10:01:472022/02/16 10:01:47 INFO openvpn: TCP_CLIENT link local: (not bound)
today at 10:01:472022/02/16 10:01:47 INFO openvpn: TCP_CLIENT link remote: [AF_INET]89.46.223.68:1443
today at 10:01:472022/02/16 10:01:47 INFO openvpn: [nl-ams-v097.prod.surfshark.com] Peer Connection Initiated with [AF_INET]89.46.223.68:1443
today at 10:01:482022/02/16 10:01:48 ERROR openvpn: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.4)
today at 10:01:482022/02/16 10:01:48 INFO openvpn: TUN/TAP device tun0 opened
today at 10:01:482022/02/16 10:01:48 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
today at 10:01:482022/02/16 10:01:48 INFO openvpn: /sbin/ip link set dev tun0 up
today at 10:01:482022/02/16 10:01:48 INFO openvpn: /sbin/ip addr add dev tun0 10.7.7.4/24
today at 10:01:482022/02/16 10:01:48 INFO openvpn: UID set to nonrootuser
today at 10:01:482022/02/16 10:01:48 INFO openvpn: Initialization Sequence Completed
today at 10:01:482022/02/16 10:01:48 INFO dns over tls: downloading DNS over TLS cryptographic files
today at 10:01:492022/02/16 10:01:49 INFO healthcheck: healthy!
today at 10:01:502022/02/16 10:01:50 INFO dns over tls: downloading hostnames and IP block lists
today at 10:01:502022/02/16 10:01:50 INFO dns over tls: init module 0: validator
today at 10:01:502022/02/16 10:01:50 INFO dns over tls: init module 1: iterator
today at 10:01:502022/02/16 10:01:50 INFO dns over tls: start of service (unbound 1.13.2).
today at 10:01:512022/02/16 10:01:51 INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
today at 10:01:512022/02/16 10:01:51 INFO dns over tls: ready
today at 10:01:522022/02/16 10:01:52 INFO vpn: There is a new release v3.27.0 (v3.27.0) created 23 days ago
today at 10:01:532022/02/16 10:01:53 INFO ip getter: Public IP address is 89.46.223.69 (Netherlands, North Holland, Amsterdam)

Share your configuration

version: "3.7"

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8000:8000/tcp   #HTTP control server
      - 8888:8888/tcp   #HTTPproxy
      - 8388:8388/tcp   #shadowsocks
      - 8388:8388/udp   #shadowsocks
      - 9501:8080/tcp   #sabnzbd
      - 9502:5076/tcp   #hydra2
      - 9503:9503/tcp   #qbittorrent
      - 9504:5800/tcp   #firefox
      - 5900:5900/tcp   #firefox VCN
      - 9091:9091       #transmission
      - 31413:51413     #transmission
      - 31413:51413/udp #transmission
    volumes:
      - /dockercfg/gluetun:/gluetun
    secrets:
      - openvpn_user
      - openvpn_password
      - httpproxy_username
      - httpproxy_password
      - shadowsocks_password
    environment:
    # OPENVPN
      - VPN_SERVICE_PROVIDER=surfshark
      - OPENVPN_VERSION=2.5
      - OPENVPN_PROTOCOL=tcp
      - OPENVPN_VERBOSITY=1
      - OPENVPN_PROCESS_USER=no
    # Surfshark
      - SERVER_HOSTNAMES=nl-ams.prod.surfshark.com
    # DNS over TLS
      - DOT=on
      - DOT_PROVIDERS=cloudflare
      - DOT_CACHING=on
      - DOT_IPV6=off
      - DOT_PRIVATE_ADDRESS=
      - DOT_VERBOSITY=1
      - DOT_VERBOSITY_DETAILS=0
      - DOT_VALIDATION_LOGLEVEL=0
      - DNS_UPDATE_PERIOD=24h
      - BLOCK_MALICIOUS=off
      - BLOCK_SURVEILLANCE=off
      - BLOCK_ADS=off
      - UNBLOCK=
      - DNS_KEEP_NAMESERVER=off
    # Firewall
      - FIREWALL=on
      - FIREWALL_DEBUG=on
      - FIREWALL_OUTBOUND_SUBNETS=10.54.1.0/24
    # Shadowsocks
      - SHADOWSOCKS=on
      - SHADOWSOCKS_LOG=off
      - SHADOWSOCKS_LISTENING_ADDRESS=:8388
      - SHADOWSOCKS_CIPHER=chacha20-ietf-poly1305
    # HTTPproxy
      - HTTPPROXY=on
      - HTTPPROXY_LOG=on
      - HTTPPROXY_LISTENING_ADDRESS=:8888
      - HTTPPROXY_STEALTH=on
    # System
      - TZ=Europe/Amsterdam
      - PUID=1000
      - PGID=100
    # HTTP Control server
      - HTTP_CONTROL_SERVER_ADDRESS=:8000
      - HTTP_CONTROL_SERVER_LOG=on
    # Other
      - PUBLICIP_PERIOD=12h
      - VERSION_INFORMATION=on
      - UPDATER_PERIOD=24h
    restart: unless-stopped

qdm12 / gluetun

Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.4) #850