[BUG] - Unable to verify connection/resolve DNS at https://protonwire-api.vercel.app/v1/client/ip

[eebette]

Version

Latest (ghcr.io/tprasadtp/protonwire:latest)

Credential and Server Validation

• [X] I have verified that the servers I am trying to connect to are available under my plan.
• [X] I have verified that my generated Wireguard private keys are valid and have required features (Netshield Ad-blocker, VPN accelerator etc) are enabled.
• [X] I am using a valid server name (either fully qualified DNS name like nl-free-127.protonvpn.net or server name like NL#1) as mentioned in the docs.

System Architecture

aarch64

Kernel Version

6.1.21-v8+

Running on a NAS?

No

Runtime

docker

Version of Runtime

root@eric-rpi:/home/arr # docker info
Client: Docker Engine - Community
 Version:    24.0.2
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.10.5
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.18.1
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 1
  Running: 1
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 24.0.2
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.21-v8+
 Operating System: Debian GNU/Linux 11 (bullseye)
 OSType: linux
 Architecture: aarch64
 CPUs: 4
 Total Memory: 7.628GiB
 Name: eric-rpi
 ID: 8c3569c8-3c5c-4df8-a244-c5b043e43dae
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

WARNING: No memory limit support
WARNING: No swap limit support

My configuration

root@eric-rpi:/home/arr # cat docker-compose.yml 
version: '2.3'
services:
  protonwire:
    container_name: protonwire
    # Use semver tags or sha256 hashes of manifests.
    # using latest tag can lead to issues when used with
    # automatic image updaters like watchtower.
    image: ghcr.io/tprasadtp/protonwire:latest
    init: true
    restart: unless-stopped
    environment:
      # PUID: 1005
      # PGID: 1006
      # Quote this value as server name can contain '#'.
      PROTONVPN_SERVER: "ES#9"
      # Set this to 1 to show debug logs for issue forms.
      DEBUG: "1"
      # Set this to 1 to enable kill-switch.
      KILL_SWITCH: "1"
    # NET_ADMIN capability is mandatory!
    cap_add:
      - NET_ADMIN
    # sysctl net.ipv4.conf.all.rp_filter is mandatory!
    # net.ipv6.conf.all.disable_ipv6 disables IPv6 as protonVPN does not support IPv6.
    # 'net.*' sysctls are not required on application containers,
    # as they share network stack with protonwire container.
    sysctls:
      net.ipv4.conf.all.rp_filter: 2
      net.ipv6.conf.all.disable_ipv6: 1
    volumes:
      - type: tmpfs
        target: /tmp
      - type: bind
        source: private.key
        target: /etc/protonwire/private-key
        read_only: true
    ports:
      - 8000:80
      - 8001:8080 # qBittorrent
      - 9117:9117 # Jackett
      - 8191:8191 # FlaseSolverr
      - 7878:7878 # Radarr
      - 8989:8989 # Sonarr
      - 6767:6767 # Bazarr
      - 8265:8265 # Tdarr
      - 8266:8266 # server port
      - 8267:8267 # Internal node port

  # This is sample application which will be routed over VPN
  # Replace this with your preferred application(s).
  caddy_proxy:
    image: caddy:latest
    network_mode: service:protonwire
    restart: unless-stopped
    environment:
      - PUID=1005
      - PGID=1006
      - UMASK=002
      - TZ=Asia/Tokyo
    command: |
      caddy reverse-proxy \
          --change-host-header \
          --from :80 \
          --to https://ip.me:443

  qbittorrent:
    container_name: qbittorrent
    image: cr.hotio.dev/hotio/qbittorrent
    network_mode: service:protonwire
    restart: unless-stopped
    environment:
      - PUID=1005
      - PGID=1006
      - UMASK=002
      - TZ=Asia/Tokyo
    volumes:
      - /etc/docker/config/qbittorrent/config:/config
      - /media/data/media/:/data

  jackett:
    container_name: jackett
    image: cr.hotio.dev/hotio/jackett
    network_mode: service:protonwire
    restart: unless-stopped
    environment:
      - PUID=1005
      - PGID=1006
      - UMASK=002
      - TZ=Asia/Tokyo
    volumes:
      - /etc/docker/config/jackett/config:/config

  flaresolverr:
    image: ghcr.io/flaresolverr/flaresolverr:latest
    container_name: flaresolverr
    restart: unless-stopped
    environment:
      - LOG_LEVEL=${LOG_LEVEL:-info}
      - LOG_HTML=${LOG_HTML:-false}
      - CAPTCHA_SOLVER=${CAPTCHA_SOLVER:-none}
      - TZ=Asia/Tokyo

  radarr:
    container_name: radarr
    image: cr.hotio.dev/hotio/radarr:latest
    restart: unless-stopped
    logging:
      driver: json-file
    network_mode: service:protonwire
    environment:
      - PUID=1005
      - PGID=1006
      - TZ=Asia/Tokyo
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/docker/config/radarr/config:/config
      - /media/data/media:/data

  sonarr:
    container_name: sonarr
    image: cr.hotio.dev/hotio/sonarr
    network_mode: service:protonwire
    restart: unless-stopped
    environment:
      - PUID=1005
      - PGID=1006
      - UMASK=002
      - TZ=Asia/Tokyo
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/docker/config/sonarr/config:/config
      - /media/data/media:/data

  bazarr:
    container_name: bazarr
    image: cr.hotio.dev/hotio/bazarr
    network_mode: service:protonwire
    restart: unless-stopped
    environment:
      - PUID=1005
      - PGID=1006
      - UMASK=002
      - TZ=Asia/Tokyo
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/docker/config/bazarr/config:/config
      - /media/data/media:/data

  tdarr:
    container_name: tdarr
    image: ghcr.io/haveagitgat/tdarr:latest
    restart: unless-stopped
    network_mode: service:protonwire
    environment:
      - TZ=Asia/Tokyo
      - PUID=1005
      - PGID=1006
      - UMASK_SET=002
      - serverIP=0.0.0.0
      - serverPort=8266
      - webUIPort=8265
      - internalNode=false
      - inContainer=true
    volumes:
      - /etc/docker/tdarr/server:/app/server
      - /etc/docker/tdarr/configs:/app/configs
      - /etc/docker/tdarr/logs:/app/logs
      - /media/data/media/:/media

  unpackerr:
    container_name: unpackerr
    image: cr.hotio.dev/hotio/unpackerr
    restart: unless-stopped
    network_mode: service:protonwire
    environment:
      - PUID=1005
      - PGID=1006
      - UMASK=002
      - TZ=Asia/Tokyo
    volumes:
      - /etc/docker/config/unpackerr/config:/config

Whitelisting API endpoints

I am not using ad-blocking DNS server or gateway

Troubleshooting & Runtime

• [X] Wireguard is supported by my kernel
• [X] I have read FAQ and Troubleshooting.
• [X] I am using latest stable version

Container/Pod/systemd log output with DEBUG=1 or --debug flag

root@eric-rpi:/home/arr # docker compose up protonwire
[+] Building 0.0s (0/0)                                                                                                                                                              
[+] Running 1/1
 ✔ Container protonwire  Recreated                                                                                                                                             83.5s 
Attaching to protonwire
protonwire  | [DEBUG   ] PROTONVPN_SERVER                    : ES#9 
protonwire  | [DEBUG   ] IPCHECK_URL                         : https://protonwire-api.vercel.app/v1/client/ip 
protonwire  | [DEBUG   ] METADATA_URL                        : https://protonwire-api.vercel.app/v1/server 
protonwire  | [DEBUG   ] Running as container USER=root 
protonwire  | [DEBUG   ] Checking requirements 
protonwire  | [DEBUG   ] Using /etc/resolv.conf for DNS (systemd is not available) 
protonwire  | [DEBUG   ] RUNTIME_DIRECTORY                   : NA 
protonwire  | [DEBUG   ] XDG_RUNTIME_DIR                     : NA 
protonwire  | [DEBUG   ] __PROTONWIRE_SRV_INFO_FILE          : /tmp/protonwire.server.json 
protonwire  | [DEBUG   ] __PROTONWIRE_HCR                    : /tmp/protonwire.hc.response 
protonwire  | [DEBUG   ] WATCHDOG_USEC is not set or invalid 
protonwire  | [DEBUG   ] Checking if IP on other interface is reserved - 127.0.0.1 
protonwire  | [DEBUG   ] Checking if IP on other interface is reserved - 172.23.0.2 
protonwire  | [NOTICE  ] Skipped validating default IPCHECK_URL 
protonwire  | [DEBUG   ] Can use CAP_NET_ADMIN capability 
protonwire  | [DEBUG   ] IPCHECK_THRESHOLD                   : NA 
protonwire  | [DEBUG   ] IPCHECK_INTERVAL                    : NA 
protonwire  | [DEBUG   ] Server info file is missing - /tmp/protonwire.server.json 
protonwire  | [INFO    ] Refresing server metadata (for ES#9) 
protonwire  | [DEBUG   ] API - https://protonwire-api.vercel.app/v1/server/ES-9 
protonwire  | [TRACE   ] (curl) % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current 
protonwire  | [TRACE   ] (curl) Dload  Upload   Total   Spent    Left  Speed 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 76.76.21.98:443... 
protonwire  | [TRACE   ] (curl) * Connected to protonwire-api.vercel.app (76.76.21.98) port 443 (#0) 
protonwire  | [TRACE   ] (curl) * ALPN: offers h2,http/1.1 
protonwire  | [TRACE   ] (curl) } [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1): 
protonwire  | [TRACE   ] (curl) } [512 bytes data] 
protonwire  | [TRACE   ] (curl) *  CAfile: /etc/ssl/certs/ca-certificates.crt 
protonwire  | [TRACE   ] (curl) *  CApath: none 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2): 
protonwire  | [TRACE   ] (curl) { [122 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 
protonwire  | [TRACE   ] (curl) { [15 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11): 
protonwire  | [TRACE   ] (curl) { [4036 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15): 
protonwire  | [TRACE   ] (curl) { [264 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20): 
protonwire  | [TRACE   ] (curl) { [36 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 
protonwire  | [TRACE   ] (curl) } [1 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20): 
protonwire  | [TRACE   ] (curl) } [36 bytes data] 
protonwire  | [TRACE   ] (curl) * SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 
protonwire  | [TRACE   ] (curl) * ALPN: server accepted h2 
protonwire  | [TRACE   ] (curl) * Server certificate: 
protonwire  | [TRACE   ] (curl) *  subject: CN=*.vercel.app 
protonwire  | [TRACE   ] (curl) *  start date: Apr 27 00:13:16 2023 GMT 
protonwire  | [TRACE   ] (curl) *  expire date: Jul 26 00:13:15 2023 GMT 
protonwire  | [TRACE   ] (curl) *  subjectAltName: host "protonwire-api.vercel.app" matched cert's "*.vercel.app" 
protonwire  | [TRACE   ] (curl) *  issuer: C=US; O=Let's Encrypt; CN=R3 
protonwire  | [TRACE   ] (curl) *  SSL certificate verify ok. 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 
protonwire  | [TRACE   ] (curl) { [130 bytes data] 
protonwire  | [TRACE   ] (curl) * using HTTP/2 
protonwire  | [TRACE   ] (curl) * h2 [:method: GET] 
protonwire  | [TRACE   ] (curl) * h2 [:scheme: https] 
protonwire  | [TRACE   ] (curl) * h2 [:authority: protonwire-api.vercel.app] 
protonwire  | [TRACE   ] (curl) * h2 [:path: /v1/server/ES-9] 
protonwire  | [TRACE   ] (curl) * h2 [user-agent: protonwire/v7] 
protonwire  | [TRACE   ] (curl) * h2 [accept: */*] 
protonwire  | [TRACE   ] (curl) * Using Stream ID: 1 (easy handle 0x7fab386b00) 
protonwire  | [TRACE   ] (curl) } [5 bytes data] 
 rotonwire  | [TRACE   ] (curl) > GET /v1/server/ES-9 HTTP/2
 rotonwire  | [TRACE   ] (curl) > Host: protonwire-api.vercel.app
 rotonwire  | [TRACE   ] (curl) > User-Agent: protonwire/v7
 rotonwire  | [TRACE   ] (curl) > Accept: */*
 rotonwire  | [TRACE   ] (curl) > 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
 rotonwire  | [TRACE   ] (curl) < HTTP/2 200 
 rotonwire  | [TRACE   ] (curl) < accept-ranges: bytes
 rotonwire  | [TRACE   ] (curl) < access-control-allow-origin: *
 rotonwire  | [TRACE   ] (curl) < age: 51
 rotonwire  | [TRACE   ] (curl) < cache-control: s-maxage=60, stale-while-revalidate=600
 rotonwire  | [TRACE   ] (curl) < content-disposition: inline; filename="ES-9"
 rotonwire  | [TRACE   ] (curl) < content-type: application/json
 rotonwire  | [TRACE   ] (curl) < date: Fri, 16 Jun 2023 10:40:05 GMT
 rotonwire  | [TRACE   ] (curl) < etag: "7d282d043d14f4b9e8bb19fcd537673f"
 rotonwire  | [TRACE   ] (curl) < server: Vercel
 rotonwire  | [TRACE   ] (curl) < strict-transport-security: max-age=63072000; includeSubDomains; preload
 rotonwire  | [TRACE   ] (curl) < x-vercel-cache: HIT
 rotonwire  | [TRACE   ] (curl) < x-vercel-id: hnd1::fvpnb-1686912005811-7da266556c07
 rotonwire  | [TRACE   ] (curl) < content-length: 575
 rotonwire  | [TRACE   ] (curl) < 
protonwire  | [TRACE   ] (curl) { [575 bytes data] 
100   575  100   575    0     0   4216      0 --:--:-- --:--:-- --:--:--  4227 
protonwire  | [TRACE   ] (curl) * Connection #0 to host protonwire-api.vercel.app left intact 
protonwire  | [SUCCESS ] Successfully refreshed server metadata 
protonwire  | [DEBUG   ] __PROTONWIRE_SRV_INFO_FILE JSON valid 
protonwire  | [DEBUG   ] metadata_fetch_tries=1 
protonwire  | [DEBUG   ] metadata_fetch_max_tries=3 
protonwire  | [SUCCESS ] Server ES#9 is online 
protonwire  | [DEBUG   ] Selecting all ONLINE endpoints 
protonwire  | [DEBUG   ] __PROTONWIRE_ENDPOINT_IPS_ONLINE    : 195.181.167.193 
protonwire  | [DEBUG   ] Selecting all endpoints for building keymap 
protonwire  | [DEBUG   ] __PROTONWIRE_ENDPOINT_IPS_ALL       : 195.181.167.193 
protonwire  | [DEBUG   ] Endpoint(195.181.167.193) has pubkey - MK3425tJbRhEz+1xQLxlL+l6GNl52zKNwo5V0fHEwj4= 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.193(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.194(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.195(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.196(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.197(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.198(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.199(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.200(IPv4) 
protonwire  | [DEBUG   ] Valid Exit IP for ES#9 - 195.181.167.201(IPv4) 
protonwire  | [DEBUG   ] Not validating country 
protonwire  | [DEBUG   ] Not validating if server supports P2P 
protonwire  | [DEBUG   ] Not validating if server supports Stremaing 
protonwire  | [DEBUG   ] Not validating if server supports Tor 
protonwire  | [DEBUG   ] Not validating if server supports SecureCore 
protonwire  | [DEBUG   ] WIREGUARD_PRIVATE_KEY is not set 
protonwire  | [DEBUG   ] File - /etc/protonwire/private-key has correct permissions (600) 
protonwire  | [SUCCESS ] Using PrivateKeyFile - /etc/protonwire/private-key 
protonwire  | [SUCCESS ] net.ipv4.conf.all.rp_filter is already set to 2 
protonwire  | [NOTICE  ] Creating WireGuard Interface - protonwire0 
protonwire  | [INFO    ] Setting WireGuard interface address - 10.2.0.2 
protonwire  | [INFO    ] Setting WireGuard interface MTU to 1480 
protonwire  | [SUCCESS ] Configured WireGuard private key from /etc/protonwire/private-key 
protonwire  | [DEBUG   ] No configured endpoints on the interface 'protonwire0' 
protonwire  | [DEBUG   ] __PROTONWIRE_ENDPOINT_IPS_ONLINE    : 195.181.167.193 
protonwire  | [DEBUG   ] Selected endpoint 195.181.167.193 
protonwire  | [DEBUG   ] Peer public key - MK3425tJbRhEz+1xQLxlL+l6GNl52zKNwo5V0fHEwj4= 
protonwire  | [INFO    ] WireGuard interface is configured with peer - MK3425tJbRhEz+1xQLxlL+l6GNl52zKNwo5V0fHEwj4=(195.181.167.193) 
protonwire  | [INFO    ] Bringing WireGuard interface up 
protonwire  | [SUCCESS ] Configured fwmark on WireGuard interface to - 0xca6d 
protonwire  | [DEBUG   ] Excluding RFC-1918 subnets(IPv4) except DNS sever from WireGuard table 
protonwire  | [DEBUG   ] Excluding ULA subnets(IPv6) from WireGuard table 
protonwire  | [DEBUG   ] Legacy killswitch route table 51822 not found or is empty 
protonwire  | [DEBUG   ] Deleting legacy kill-switch routing rules 
protonwire  | [DEBUG   ] Collecting existing routes if any (IPv4) 
protonwire  | [DEBUG   ] No legacy routes (from 7.0.0-7.0.3) found (IPv4) 
protonwire  | [DEBUG   ] No existing killswitch routes found 
protonwire  | [DEBUG   ] No existing routes found (IPv4) 
protonwire  | [NOTICE  ] Creating routes (IPv4) 
protonwire  | [DEBUG   ] Added route - 10.2.0.1/32 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 0.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 8.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 11.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 12.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 16.0.0.0/4 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 32.0.0.0/3 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 64.0.0.0/3 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 96.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 100.0.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 100.128.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 101.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 102.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 104.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 112.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 120.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 124.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 126.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 128.0.0.0/3 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 160.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 168.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.0.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.128.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.192.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.224.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.240.0.0/13 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.248.0.0/14 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.252.0.0/15 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 169.255.0.0/16 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 170.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 172.0.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 172.32.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 172.64.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 172.128.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 173.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 174.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 176.0.0.0/4 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.0.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.128.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.160.0.0/13 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.169.0.0/16 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.170.0.0/15 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.172.0.0/14 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.176.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 192.192.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 193.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 194.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 196.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 200.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 208.0.0.0/4 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.1.0/24 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.2.0/23 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.4.0/22 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.8.0/21 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.16.0/20 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.32.0/19 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.64.0/18 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.0.128.0/17 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.1.0.0/16 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.2.0.0/15 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.4.0.0/14 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.8.0.0/13 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.16.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.32.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.64.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 224.128.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 225.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 226.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 228.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added route - 232.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [NOTICE  ] Creating Killswitch routes (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 10.2.0.1/32 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 0.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 8.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 11.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 12.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 16.0.0.0/4 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 32.0.0.0/3 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 64.0.0.0/3 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 96.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 100.0.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 100.128.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 101.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 102.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 104.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 112.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 120.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 124.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 126.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 128.0.0.0/3 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 160.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 168.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.0.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.128.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.192.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.224.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.240.0.0/13 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.248.0.0/14 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.252.0.0/15 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 169.255.0.0/16 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 170.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 172.0.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 172.32.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 172.64.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 172.128.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 173.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 174.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 176.0.0.0/4 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.0.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.128.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.160.0.0/13 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.169.0.0/16 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.170.0.0/15 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.172.0.0/14 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.176.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 192.192.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 193.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 194.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 196.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 200.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 208.0.0.0/4 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.1.0/24 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.2.0/23 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.4.0/22 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.8.0/21 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.16.0/20 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.32.0/19 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.64.0/18 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.0.128.0/17 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.1.0.0/16 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.2.0.0/15 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.4.0.0/14 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.8.0.0/13 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.16.0.0/12 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.32.0.0/11 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.64.0.0/10 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 224.128.0.0/9 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 225.0.0.0/8 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 226.0.0.0/7 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 228.0.0.0/6 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Added prohibit route - 232.0.0.0/5 to table 51821 (IPv4) 
protonwire  | [DEBUG   ] Configuring IP rules (IPv4) 
protonwire  | [DEBUG   ] Adding IP rule for Table 51821 (IPv4) 
protonwire  | [DEBUG   ] Updating /etc/resolv.conf 
protonwire  | [SUCCESS ] DNS is is set to 10.2.0.1 via /etc/resolv.conf 
protonwire  | [SUCCESS ] Successfully configured DNS (resolvconf) 
protonwire  | [INFO    ] Verifying connection 
protonwire  | [DEBUG   ] WireGuard interface - protonwire0 is present 
protonwire  | [DEBUG   ] Connected to peer - MK3425tJbRhEz+1xQLxlL+l6GNl52zKNwo5V0fHEwj4= 
protonwire  | [DEBUG   ] Connected to server: ES#9(node-es-03.protonvpn.net) 
protonwire  | [DEBUG   ] Not validating country 
protonwire  | [DEBUG   ] Not validating if server supports P2P 
protonwire  | [DEBUG   ] Not validating if server supports Stremaing 
protonwire  | [DEBUG   ] Not validating if server supports Tor 
protonwire  | [DEBUG   ] Not validating if server supports SecureCore 
protonwire  | [DEBUG   ] Allowed ExitIPs  - 195.181.167.193 195.181.167.194 195.181.167.195 195.181.167.196 195.181.167.197 195.181.167.198 195.181.167.199 195.181.167.200 195.181.167.201 
protonwire  | [DEBUG   ] Checking client IP via https://protonwire-api.vercel.app/v1/client/ip 
protonwire  | [TRACE   ] (curl) % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current 
protonwire  | [TRACE   ] (curl) Dload  Upload   Total   Spent    Left  Speed 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 76.76.21.9:443... 
protonwire  | [TRACE   ] (curl) * Connected to protonwire-api.vercel.app (76.76.21.9) port 443 (#0) 
protonwire  | [TRACE   ] (curl) * ALPN: offers h2,http/1.1 
protonwire  | [TRACE   ] (curl) } [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1): 
protonwire  | [TRACE   ] (curl) } [512 bytes data] 
protonwire  | [TRACE   ] (curl) *  CAfile: /etc/ssl/certs/ca-certificates.crt 
protonwire  | [TRACE   ] (curl) *  CApath: none 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2): 
protonwire  | [TRACE   ] (curl) { [122 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 
protonwire  | [TRACE   ] (curl) { [15 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11): 
protonwire  | [TRACE   ] (curl) { [4036 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15): 
protonwire  | [TRACE   ] (curl) { [264 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20): 
protonwire  | [TRACE   ] (curl) { [36 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 
protonwire  | [TRACE   ] (curl) } [1 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20): 
protonwire  | [TRACE   ] (curl) } [36 bytes data] 
protonwire  | [TRACE   ] (curl) * SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 
protonwire  | [TRACE   ] (curl) * ALPN: server accepted h2 
protonwire  | [TRACE   ] (curl) * Server certificate: 
protonwire  | [TRACE   ] (curl) *  subject: CN=*.vercel.app 
protonwire  | [TRACE   ] (curl) *  start date: Apr 27 00:13:16 2023 GMT 
protonwire  | [TRACE   ] (curl) *  expire date: Jul 26 00:13:15 2023 GMT 
protonwire  | [TRACE   ] (curl) *  subjectAltName: host "protonwire-api.vercel.app" matched cert's "*.vercel.app" 
protonwire  | [TRACE   ] (curl) *  issuer: C=US; O=Let's Encrypt; CN=R3 
protonwire  | [TRACE   ] (curl) *  SSL certificate verify ok. 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 
protonwire  | [TRACE   ] (curl) { [130 bytes data] 
protonwire  | [TRACE   ] (curl) * using HTTP/2 
protonwire  | [TRACE   ] (curl) * h2 [:method: GET] 
protonwire  | [TRACE   ] (curl) * h2 [:scheme: https] 
protonwire  | [TRACE   ] (curl) * h2 [:authority: protonwire-api.vercel.app] 
protonwire  | [TRACE   ] (curl) * h2 [:path: /v1/client/ip] 
protonwire  | [TRACE   ] (curl) * h2 [user-agent: protonwire/v7] 
protonwire  | [TRACE   ] (curl) * h2 [accept: */*] 
protonwire  | [TRACE   ] (curl) * Using Stream ID: 1 (easy handle 0x7fb6e55b00) 
protonwire  | [TRACE   ] (curl) } [5 bytes data] 
 rotonwire  | [TRACE   ] (curl) > GET /v1/client/ip HTTP/2
 rotonwire  | [TRACE   ] (curl) > Host: protonwire-api.vercel.app
 rotonwire  | [TRACE   ] (curl) > User-Agent: protonwire/v7
 rotonwire  | [TRACE   ] (curl) > Accept: */*
 rotonwire  | [TRACE   ] (curl) > 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
 rotonwire  | [TRACE   ] (curl) < HTTP/2 308 
 rotonwire  | [TRACE   ] (curl) < cache-control: public, max-age=0, must-revalidate
 rotonwire  | [TRACE   ] (curl) < content-type: text/plain
 rotonwire  | [TRACE   ] (curl) < date: Fri, 16 Jun 2023 10:40:09 GMT
 rotonwire  | [TRACE   ] (curl) < location: https://icanhazip.com/
 rotonwire  | [TRACE   ] (curl) < refresh: 0;url=https://icanhazip.com/
 rotonwire  | [TRACE   ] (curl) < server: Vercel
 rotonwire  | [TRACE   ] (curl) < strict-transport-security: max-age=63072000; includeSubDomains; preload
 rotonwire  | [TRACE   ] (curl) < x-vercel-cache: MISS
 rotonwire  | [TRACE   ] (curl) < x-vercel-id: lhr1::nrcwg-1686912009686-9f931d50e1d4
 rotonwire  | [TRACE   ] (curl) < 
protonwire  | [TRACE   ] (curl) * Ignoring the response-body 
protonwire  | [TRACE   ] (curl) { [44 bytes data] 
100    44    0    44    0     0     25      0 --:--:--  0:00:01 --:--:--    25 
protonwire  | [TRACE   ] (curl) * Connection #0 to host protonwire-api.vercel.app left intact 
protonwire  | [TRACE   ] (curl) * Issue another request to this URL: 'https://icanhazip.com/' 
protonwire  | [TRACE   ] (curl) * Could not resolve host: icanhazip.com 
protonwire  | [TRACE   ] (curl) * Closing connection 1 
protonwire  | [TRACE   ] (curl) curl: (6) Could not resolve host: icanhazip.com 
protonwire  | [DEBUG   ] Healthcheck curl exit code - 6 
protonwire  | [ERROR   ] Failed to resolve DNS domain (https://protonwire-api.vercel.app/v1/client/ip) 
protonwire  | [ERROR   ] Retry (1/5) after 2 seconds 
protonwire  | [DEBUG   ] WireGuard interface - protonwire0 is present 
protonwire  | [DEBUG   ] Connected to peer - MK3425tJbRhEz+1xQLxlL+l6GNl52zKNwo5V0fHEwj4= 
protonwire  | [DEBUG   ] Connected to server: ES#9(node-es-03.protonvpn.net) 
protonwire  | [DEBUG   ] Not validating country 
protonwire  | [DEBUG   ] Not validating if server supports P2P 
protonwire  | [DEBUG   ] Not validating if server supports Stremaing 
protonwire  | [DEBUG   ] Not validating if server supports Tor 
protonwire  | [DEBUG   ] Not validating if server supports SecureCore 
protonwire  | [DEBUG   ] Allowed ExitIPs  - 195.181.167.193 195.181.167.194 195.181.167.195 195.181.167.196 195.181.167.197 195.181.167.198 195.181.167.199 195.181.167.200 195.181.167.201 
protonwire  | [DEBUG   ] Checking client IP via https://protonwire-api.vercel.app/v1/client/ip 
protonwire  | [TRACE   ] (curl) % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current 
protonwire  | [TRACE   ] (curl) Dload  Upload   Total   Spent    Left  Speed 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 76.76.21.9:443... 
protonwire  | [TRACE   ] (curl) * Connected to protonwire-api.vercel.app (76.76.21.9) port 443 (#0) 
protonwire  | [TRACE   ] (curl) * ALPN: offers h2,http/1.1 
protonwire  | [TRACE   ] (curl) } [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1): 
protonwire  | [TRACE   ] (curl) } [512 bytes data] 
protonwire  | [TRACE   ] (curl) *  CAfile: /etc/ssl/certs/ca-certificates.crt 
protonwire  | [TRACE   ] (curl) *  CApath: none 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2): 
protonwire  | [TRACE   ] (curl) { [122 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 
protonwire  | [TRACE   ] (curl) { [15 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11): 
protonwire  | [TRACE   ] (curl) { [4036 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15): 
protonwire  | [TRACE   ] (curl) { [264 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20): 
protonwire  | [TRACE   ] (curl) { [36 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 
protonwire  | [TRACE   ] (curl) } [1 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20): 
protonwire  | [TRACE   ] (curl) } [36 bytes data] 
protonwire  | [TRACE   ] (curl) * SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256 
protonwire  | [TRACE   ] (curl) * ALPN: server accepted h2 
protonwire  | [TRACE   ] (curl) * Server certificate: 
protonwire  | [TRACE   ] (curl) *  subject: CN=*.vercel.app 
protonwire  | [TRACE   ] (curl) *  start date: Apr 27 00:13:16 2023 GMT 
protonwire  | [TRACE   ] (curl) *  expire date: Jul 26 00:13:15 2023 GMT 
protonwire  | [TRACE   ] (curl) *  subjectAltName: host "protonwire-api.vercel.app" matched cert's "*.vercel.app" 
protonwire  | [TRACE   ] (curl) *  issuer: C=US; O=Let's Encrypt; CN=R3 
protonwire  | [TRACE   ] (curl) *  SSL certificate verify ok. 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
protonwire  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 
protonwire  | [TRACE   ] (curl) { [130 bytes data] 
protonwire  | [TRACE   ] (curl) * using HTTP/2 
protonwire  | [TRACE   ] (curl) * h2 [:method: GET] 
protonwire  | [TRACE   ] (curl) * h2 [:scheme: https] 
protonwire  | [TRACE   ] (curl) * h2 [:authority: protonwire-api.vercel.app] 
protonwire  | [TRACE   ] (curl) * h2 [:path: /v1/client/ip] 
protonwire  | [TRACE   ] (curl) * h2 [user-agent: protonwire/v7] 
protonwire  | [TRACE   ] (curl) * h2 [accept: */*] 
protonwire  | [TRACE   ] (curl) * Using Stream ID: 1 (easy handle 0x7f9b8d3b00) 
protonwire  | [TRACE   ] (curl) } [5 bytes data] 
 rotonwire  | [TRACE   ] (curl) > GET /v1/client/ip HTTP/2
 rotonwire  | [TRACE   ] (curl) > Host: protonwire-api.vercel.app
 rotonwire  | [TRACE   ] (curl) > User-Agent: protonwire/v7
 rotonwire  | [TRACE   ] (curl) > Accept: */*
 rotonwire  | [TRACE   ] (curl) > 
protonwire  | [TRACE   ] (curl) { [5 bytes data] 
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0< HTTP/2 308 
 rotonwire  | [TRACE   ] (curl) < cache-control: public, max-age=0, must-revalidate
 rotonwire  | [TRACE   ] (curl) < content-type: text/plain
 rotonwire  | [TRACE   ] (curl) < date: Fri, 16 Jun 2023 10:40:13 GMT
 rotonwire  | [TRACE   ] (curl) < location: https://icanhazip.com/
 rotonwire  | [TRACE   ] (curl) < refresh: 0;url=https://icanhazip.com/
 rotonwire  | [TRACE   ] (curl) < server: Vercel
 rotonwire  | [TRACE   ] (curl) < strict-transport-security: max-age=63072000; includeSubDomains; preload
 rotonwire  | [TRACE   ] (curl) < x-vercel-cache: MISS
 rotonwire  | [TRACE   ] (curl) < x-vercel-id: lhr1::2n4tb-1686912013863-d213f848355b
 rotonwire  | [TRACE   ] (curl) < 
protonwire  | [TRACE   ] (curl) * Ignoring the response-body 
protonwire  | [TRACE   ] (curl) { [44 bytes data] 
100    44    0    44    0     0     30      0 --:--:--  0:00:01 --:--:--    29 
protonwire  | [TRACE   ] (curl) * Connection #0 to host protonwire-api.vercel.app left intact 
protonwire  | [TRACE   ] (curl) * Issue another request to this URL: 'https://icanhazip.com/' 
protonwire  | [TRACE   ] (curl) * Could not resolve host: icanhazip.com 
protonwire  | [TRACE   ] (curl) * Closing connection 1 
protonwire  | [TRACE   ] (curl) curl: (6) Could not resolve host: icanhazip.com 
protonwire  | [DEBUG   ] Healthcheck curl exit code - 6 
protonwire  | [ERROR   ] Failed to resolve DNS domain (https://protonwire-api.vercel.app/v1/client/ip) 
...
protonwire  | [ERROR   ] Retry (5/5) after 2 seconds 
protonwire  | [ERROR   ] Failed to verify connection! 
protonwire  | [DEBUG   ] No systemd notify socket found, skiping stopping notification 
protonwire  | [DEBUG   ] Restoring /etc/resolv.conf 
protonwire  | [SUCCESS ] Reverted DNS configuration 
protonwire  | [DEBUG   ] Removing backup /etc/resolv.conf.protonwire 
protonwire  | [SUCCESS ] Successfully restored DNS(resolvconf) 
protonwire  | [DEBUG   ] Existing wireguard routes found (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 10.2.0.1/32 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 0.0.0.0/5 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 8.0.0.0/7 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 11.0.0.0/8 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 12.0.0.0/6 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 16.0.0.0/4 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 32.0.0.0/3 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 64.0.0.0/3 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 96.0.0.0/6 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 100.0.0.0/10 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 100.128.0.0/9 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 101.0.0.0/8 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 102.0.0.0/7 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 104.0.0.0/5 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 112.0.0.0/5 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 120.0.0.0/6 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 124.0.0.0/7 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 126.0.0.0/8 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 128.0.0.0/3 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 160.0.0.0/5 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 168.0.0.0/8 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.0.0.0/9 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.128.0.0/10 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.192.0.0/11 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.224.0.0/12 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.240.0.0/13 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.248.0.0/14 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.252.0.0/15 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 169.255.0.0/16 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 170.0.0.0/7 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 172.0.0.0/12 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 172.32.0.0/11 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 172.64.0.0/10 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 172.128.0.0/9 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 173.0.0.0/8 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 174.0.0.0/7 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 176.0.0.0/4 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.0.0.0/9 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.128.0.0/11 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.160.0.0/13 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.169.0.0/16 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.170.0.0/15 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.172.0.0/14 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.176.0.0/12 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 192.192.0.0/10 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 193.0.0.0/8 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 194.0.0.0/7 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 196.0.0.0/6 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 200.0.0.0/5 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 208.0.0.0/4 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.1.0/24 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.2.0/23 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.4.0/22 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.8.0/21 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.16.0/20 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.32.0/19 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.64.0/18 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.0.128.0/17 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.1.0.0/16 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.2.0.0/15 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.4.0.0/14 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.8.0.0/13 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.16.0.0/12 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.32.0.0/11 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.64.0.0/10 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 224.128.0.0/9 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 225.0.0.0/8 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 226.0.0.0/7 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 228.0.0.0/6 in table 51821 (IPv4) 
protonwire  | [DEBUG   ] Deleting route - 232.0.0.0/5 in table 51821 (IPv4) 
protonwire  | [NOTICE  ] Not deleting IP routng rule as kill-switch is active 
protonwire  | [INFO    ] Removing WireGuard interface 

Any additional info

I think maybe this is related to curl(6) happening for icanhazip.com:

root@eric-rpi:/home/arr # curl -6 https://icanhazip.com
curl: (7) Couldn't connect to server
root@eric-rpi:/home/arr # curl -4 https://icanhazip.com
*returns ip as intended*

Code of Conduct & PII Redaction

• [X] I agree to follow this project's Code of Conduct.
• [X] I have removed any sensitive personally identifying information(PII) and secrets from in this issue report.

[eebette]

Issue started on 7.2.0

Confirmed connection is verified successfully on 7.1.1:

protonwire  | [SUCCESS ] Connected to node-es-03.protonvpn.net (via 195.181.167.194) 
protonwire  | [SUCCESS ] Connection verified! 

[eebette]

Confirmed issue occurs on a fresh install of Raspberry Pi OS on RPi4

[Joshwa]

I was able to find a way to manually disconnect from the VPN here

Running cat /etc/resolv.conf.protonwire > /etc/resolv.conf && rm /etc/resolv.conf.protonwire in my container running 7.2.0 fixed this issue for me.

[eebette]

I was able to find a way to manually disconnect from the VPN here

Running cat /etc/resolv.conf.protonwire > /etc/resolv.conf && rm /etc/resolv.conf.protonwire in my container running 7.2.0 fixed this issue for me.

Unfortunately, this sets the dns server of your requests to the ISP nameserver which is a huge vulnerability for IP leaks.

[Joshwa]

I was able to find a way to manually disconnect from the VPN here Running cat /etc/resolv.conf.protonwire > /etc/resolv.conf && rm /etc/resolv.conf.protonwire in my container running 7.2.0 fixed this issue for me.

Unfortunately, this sets the dns server of your requests to the ISP nameserver which is a huge vulnerability for IP leaks.

Ah, yikes. Thank you for filling me in.

[eebette]

This is resolved by doing one of the following:

1) changing the Netshield option to Block malware only instead of Block malware, ads and trackers since that level of Netshield monitoring will break

2) changing the docker environment variable IPCHECK_URL to a URL that is not blocked by Proton VPN's Netshield. Not sure which one this could be since I haven't tested it but I can confirm that the default and https://icanhazip.com DOES NOT work as they get blocked.