WIREGUARD error: cannot connect to server

[AmphibianDev]

Describe the issue

docker-compose.yml

version: "3"
services:
  cyberghostvpn:
    image: tmcphee/cyberghostvpn:v1.2.2
    container_name: cyberghostvpn
    network_mode: "bridge"
    privileged: true
    cap_add:
      - NET_ADMIN
    environment:
      - TZ=America/New_York
      - ACC=my@email.com
      - PASS=mypassword
      - COUNTRY=US
      - NAMSERVER=1.1.1.1
    volumes:
      - ./Cyberghost-Config:/home/root/.cyberghost:rw

System info: OS: Windows 11, 23H2, build: 22631.2861 WSL2, Ubuntu-22.04 Docker Desktop 4.26.1 (131620)

Log / Screenshots

docker compose up  
[+] Running 1/1
 ✔ Container cyberghostvpn  Created                                                                                                                                    0.1s 
Attaching to cyberghostvpn
cyberghostvpn  | CyberGhostVPN - Docker Edition
cyberghostvpn  | ----------------------------------------------------------
cyberghostvpn  |        Created By: Tyler McPhee
cyberghostvpn  |        GitHub: https://github.com/tmcphee/cyberghostvpn
cyberghostvpn  |        DockerHub: https://hub.docker.com/r/tmcphee/cyberghostvpn
cyberghostvpn  |
cyberghostvpn  |        Ubuntu:20.04 | CyberGhost:1.3.4 | v1.2.2
cyberghostvpn  | ----------------------------------------------------------
cyberghostvpn  | **************User Defined Variables**************
cyberghostvpn  |        ACC: [PASSED - NOT SHOWN]
cyberghostvpn  |        PASS: [PASSED - NOT SHOWN]
cyberghostvpn  |        COUNTRY: US
cyberghostvpn  | **************************************************
cyberghostvpn  | net.ipv6.conf.all.disable_ipv6 = 1
cyberghostvpn  | net.ipv6.conf.default.disable_ipv6 = 1
cyberghostvpn  | net.ipv6.conf.lo.disable_ipv6 = 1
cyberghostvpn  | net.ipv6.conf.eth0.disable_ipv6 = 1
cyberghostvpn  | net.ipv4.ip_forward = 1
cyberghostvpn  | Firewall is active and enabled on system startup
cyberghostvpn  | Initiating Firewall First Time Setup...
cyberghostvpn  | Firewall stopped and disabled on system startup
cyberghostvpn  | Firewall is active and enabled on system startup
cyberghostvpn  | Firewall Setup Complete
cyberghostvpn  | Logging into CyberGhost...
cyberghostvpn  | Allowing PORT 53 - IN/OUT
cyberghostvpn  | spawn sudo cyberghostvpn --setup
cyberghostvpn  | Setup account ...
cyberghostvpn  | Enter CyberGhost username and press [ENTER]: my@email.com
cyberghostvpn  | Enter CyberGhost password and press [ENTER]: mypassword
cyberghostvpn  | Perform authentication ...
cyberghostvpn  | Creating a new device ...
cyberghostvpn  | Install completed ...
cyberghostvpn  | Blocking PORT 53 - IN/OUT
cyberghostvpn  | Disabling HTTP proxy...
cyberghostvpn  | Allowing PORT 53 - IN/OUT
cyberghostvpn  | Prepare Wireguard connection ...
cyberghostvpn  | Select server ... washington-s405-i22
cyberghostvpn  | Connecting ...
cyberghostvpn  | WIREGUARD error: cannot connect to server "washington-s405-i22.cg-dialup.net"!
cyberghostvpn  | Blocking PORT 53 - IN/OUT
cyberghostvpn  | ***********CyberGhost Connection Info***********
cyberghostvpn  |        IP:
cyberghostvpn  |        CITY: 
cyberghostvpn  |        REGION:
cyberghostvpn  |        COUNTRY:
cyberghostvpn  |        DNS: 99.83.181.72
cyberghostvpn  | ************************************************
Gracefully stopping... (press Ctrl+C again to force)

Troubleshooting

I tried:

• to remove only the config.ini, then the entire config
• to run the docker compose up in PowerShell with administrator privilege
• to add NAMSERVER=1.1.1.1
• to add FIREWALL=False
• to add PROTOCOL=openvpn

Using all of the above =>

docker compose up                                                                                                       
[+] Running 1/1                                                                                                                                                             
 ✔ Container cyberghostvpn  Recreated                                                                                                                                  0.3s 
Attaching to cyberghostvpn
cyberghostvpn  | CyberGhostVPN - Docker Edition
cyberghostvpn  | ----------------------------------------------------------
cyberghostvpn  |        Created By: Tyler McPhee
cyberghostvpn  |        GitHub: https://github.com/tmcphee/cyberghostvpn
cyberghostvpn  |        DockerHub: https://hub.docker.com/r/tmcphee/cyberghostvpn
cyberghostvpn  |
cyberghostvpn  |        Ubuntu:20.04 | CyberGhost:1.3.4 | v1.2.2
cyberghostvpn  | ----------------------------------------------------------
cyberghostvpn  | **************User Defined Variables**************
cyberghostvpn  |        ACC: [PASSED - NOT SHOWN]
cyberghostvpn  |        PASS: [PASSED - NOT SHOWN]
cyberghostvpn  |        COUNTRY: US
cyberghostvpn  |        PROTOCOL: openvpn
cyberghostvpn  | **************************************************
cyberghostvpn  | net.ipv6.conf.all.disable_ipv6 = 1
cyberghostvpn  | net.ipv6.conf.default.disable_ipv6 = 1
cyberghostvpn  | net.ipv6.conf.lo.disable_ipv6 = 1
cyberghostvpn  | net.ipv6.conf.eth0.disable_ipv6 = 1
cyberghostvpn  | net.ipv4.ip_forward = 1
cyberghostvpn  | Firewall stopped and disabled on system startup
cyberghostvpn  | Logging into CyberGhost...
cyberghostvpn  | Allowing PORT 53 - IN/OUT
cyberghostvpn  | spawn sudo cyberghostvpn --setup
cyberghostvpn  | Setup account ...
cyberghostvpn  | Enter CyberGhost username and press [ENTER]: my@email.com
cyberghostvpn  | Enter CyberGhost password and press [ENTER]: mypassword
cyberghostvpn  | Perform authentication ...
cyberghostvpn  | Creating a new device ...
cyberghostvpn  | Install completed ...
cyberghostvpn  | Blocking PORT 53 - IN/OUT
cyberghostvpn  | Disabling HTTP proxy...
cyberghostvpn  | Allowing PORT 53 - IN/OUT
cyberghostvpn  | Prepare OpenVPN connection ...
cyberghostvpn  | Select server ... atlanta-s407-i14
cyberghostvpn  | Connecting ...
cyberghostvpn  | The "CA" certificate is missing!
cyberghostvpn  | Downloading configuration ...
cyberghostvpn  | Blocking PORT 53 - IN/OUT
cyberghostvpn  | ***********CyberGhost Connection Info***********
cyberghostvpn  |        IP: 
cyberghostvpn  |        CITY: 
cyberghostvpn  |        REGION: 
cyberghostvpn  |        COUNTRY: 
cyberghostvpn  |        DNS: 99.83.181.72
cyberghostvpn  | ************************************************
cyberghostvpn  | [E2] VPN Connection Lost - Attempting to reconnect....
cyberghostvpn  | Allowing PORT 53 - IN/OUT
cyberghostvpn  | Traceback (most recent call last):
cyberghostvpn  |   File "urllib3/contrib/pyopenssl.py", line 485, in wrap_socket
cyberghostvpn  |   File "OpenSSL/SSL.py", line 1915, in do_handshake
cyberghostvpn  |   File "OpenSSL/SSL.py", line 1640, in _raise_ssl_error
cyberghostvpn  | OpenSSL.SSL.SysCallError: (-1, 'Unexpected EOF')
cyberghostvpn  |
cyberghostvpn  | During handling of the above exception, another exception occurred:
cyberghostvpn  |
cyberghostvpn  | Traceback (most recent call last):
cyberghostvpn  |   File "urllib3/connectionpool.py", line 665, in urlopen
cyberghostvpn  |   File "urllib3/connectionpool.py", line 376, in _make_request
cyberghostvpn  |   File "urllib3/connectionpool.py", line 996, in _validate_conn
cyberghostvpn  |   File "urllib3/connection.py", line 352, in connect
cyberghostvpn  |   File "urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
cyberghostvpn  |   File "urllib3/contrib/pyopenssl.py", line 491, in wrap_socket
cyberghostvpn  | ssl.SSLError: ("bad handshake: SysCallError(-1, 'Unexpected EOF')",)
cyberghostvpn  |
cyberghostvpn  | During handling of the above exception, another exception occurred:
cyberghostvpn  |
cyberghostvpn  | Traceback (most recent call last):
cyberghostvpn  |   File "requests/adapters.py", line 439, in send
cyberghostvpn  |   File "urllib3/connectionpool.py", line 719, in urlopen
cyberghostvpn  |   File "urllib3/util/retry.py", line 436, in increment
cyberghostvpn  | urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='v2-api.cyberghostvpn.com', port=443): Max retries exceeded with url: /v2/my/account?fields=(id,userName,location,activeProduct.plan)&language=en (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')")))
cyberghostvpn  |
cyberghostvpn  | During handling of the above exception, another exception occurred:
cyberghostvpn  |
cyberghostvpn  | Traceback (most recent call last):
cyberghostvpn  |   File "cyberghostvpn.py", line 761, in <module>
cyberghostvpn  |   File "cyberghostvpn.py", line 509, in main
cyberghostvpn  |   File "servers/traffic.py", line 13, in __init__
cyberghostvpn  |   File "libs/services.py", line 21, in __init__
cyberghostvpn  |   File "libs/locales.py", line 24, in __init__
cyberghostvpn  |   File "libs/user.py", line 40, in __init__
cyberghostvpn  |   File "libs/user.py", line 90, in setUser
cyberghostvpn  |   File "libs/user.py", line 71, in getUserData
cyberghostvpn  |   File "libs/api.py", line 195, in doGet
cyberghostvpn  |   File "libs/api.py", line 278, in __doRequest
cyberghostvpn  |   File "requests/api.py", line 75, in get
cyberghostvpn  |   File "requests/api.py", line 60, in request
cyberghostvpn  |   File "requests/sessions.py", line 533, in request
cyberghostvpn  |   File "requests/sessions.py", line 646, in send
cyberghostvpn  |   File "requests/adapters.py", line 514, in send
cyberghostvpn  | requests.exceptions.SSLError: HTTPSConnectionPool(host='v2-api.cyberghostvpn.com', port=443): Max retries exceeded with url: /v2/my/account?fields=(id,userName,location,activeProduct.plan)&language=en (Caused by SSLError(SSLError("bad handshake: SysCallError(-1, 'Unexpected EOF')")))
cyberghostvpn  | [328] Failed to execute script cyberghostvpn
cyberghostvpn  | Blocking PORT 53 - IN/OUT
cyberghostvpn  | ***********CyberGhost Connection Info***********
cyberghostvpn  |        IP: 
cyberghostvpn  |        CITY: 
cyberghostvpn  |        REGION: 
cyberghostvpn  |        COUNTRY: 
cyberghostvpn  |        DNS: 99.83.181.72
cyberghostvpn  | ************************************************
Gracefully stopping... (press Ctrl+C again to force)

[MarcBresson]

Hello, upon checking with cyberghost team, here are their answer:

The WireGuard protocol has been reported as currently not working on our CLI app. This has been reported to our development team for checking. In the meantime, we recommend using the OpenVPN protocol for your use.

[AmphibianDev]

I am disappointed with CyberGhost, but I understand that we are a minority. But, I wonder, would it not be better if they open-sourced the code for the Linux CLI at least? Let the community help. At the exact moment, not even the standard OpenVPN doesn't work, showing this but not connecting ...

$ sudo cyberghostvpn --connect
Prepare OpenVPN connection ...
Select server ...

[tmcphee]

The CyberGhost team claims to report it to development however I've been bugging them for almost 2yrs now. Linux CLI is completely unusable past 1.3.4. This a very old version now. I keep trying to find workarounds that work to keep it usable.

I might suggest disabling the firewall FIREWALL=False. To see if it can connect. The v2 API resolves to the IP 104.20.0.14. Which is allowed in the firewall.

[tmcphee]

I've just restarted my docker to see if I would experience the same issue. I also can no longer connect with Wireguard or OpenVPN. I will try to find another fix, but probably on CyberGhost side.

[tmcphee]

After Re authenticating with CyberGhost I can now connect. I deleted the config.ini and restarted the container, I'm running Unraid.

Prepare Wireguard connection ...
Select server ... lasvegas-s411-i30
Connecting ... 
VPN connection established.
Blocking PORT 53 - IN/OUT
Starting HTTP Proxy...
squid.service - Squid Web Proxy Server
    Loaded: loaded (/usr/lib/systemd/system/squid.service, enabled)
    Active: active (running)
***********CyberGhost Connection Info***********
        IP: X.X.X.X
        CITY: Las Vegas
        REGION: Nevada
        COUNTRY: US
        DNS:  1.1.1.1
************************************************

Prepare Wireguard connection ...
Select server ... bucharest-s408-i03
Connecting ... 
VPN connection established.
Blocking PORT 53 - IN/OUT
Starting HTTP Proxy...
squid.service - Squid Web Proxy Server
    Loaded: loaded (/usr/lib/systemd/system/squid.service, enabled)
    Active: active (running)
***********CyberGhost Connection Info***********
        IP: X.X.X.X
        CITY: Bucharest
        REGION: București
        COUNTRY: RO
        DNS:  1.1.1.1
************************************************

[AmphibianDev]

I found an awesome library which can be used with any VPN provider that has OpenVPN or WireGuard. GitHub Repo: https://github.com/qdm12/gluetun

Here is how to use it with CyberGhost: 1) Follow those instructions from here, only for Step 1, and download the configuration files. 2) Make a project like in the image below.

[tmcphee]

Glad to see you found something that works for you. Glutun will only do openvpn for cyberghost not wireguard. As cyberghost does not allow you to download wireguard configuration files.

[tmcphee]

OpenVPN only image available here running Cyberghost 1.4.1

[MarcBresson]

You should change the description of that new image @tmcphee . It's no longer a wireguard client then :)

@AmphibianDev thank you for sharing ! I might go this route too since it allows a lot of flexibility and is built on Alpine

[tmcphee]

Thanks for noticing that @MarcBresson. I updated the OpenVPN docker repository to reflect that. I had many plans for this docker. Since CyberGhost no longer supports their product, there is no point in developing further. I will probably switch to Private internet access after my subscription ends.

[MarcBresson]

I totally agree with you. That's a bummer than they don't (won't) fix it. That's funny because I also came across PIA today since it seemed to be particularly well integrated into gluetun. And it seems cheap.

[MarcBresson]

Anyway, thank you very much for your work! Except for cyber ghost being cyber ghost, it was a great work