[BUG] - Container will not start - Failed to refresh ProtonVPN server metadata (server name is invalid or not found)

neilrees commented 1 year ago

Version

7.2.3

Credential and Server Validation

[X] I have verified that the servers I am trying to connect to are available under my plan.
[X] I have verified that my generated Wireguard private keys are valid and have required features (Netshield Ad-blocker, VPN accelerator etc) are enabled.
[X] I am using a valid server name (either fully qualified DNS name like nl-free-127.protonvpn.net or server name like NL#1) as mentioned in the docs.

System Architecture

aarch64

Kernel Version

5.15.0-1035-raspi

Running on a NAS?

No

Runtime

docker

Version of Runtime

Server Version: 20.10.21

My configuration

version: "3.5" services: protonwire: container_name: protonwire image: ghcr.io/tprasadtp/protonwire:7.2.3 init: true restart: unless-stopped environment: PROTONVPN_SERVER: "nl-free-70.protonvpn.net" DEBUG: "1" KILL_SWITCH: "0" WIREGUARD_PRIVATE_KEY: *** cap_add:

NET_ADMIN sysctls: net.ipv4.conf.all.rp_filter: 2 net.ipv6.conf.all.disable_ipv6: 1 volumes:
type: tmpfs target: /tmp
type: bind source: /srv/protonwire/private.key target: /etc/protonwire/private-key read_only: true

Whitelisting API endpoints

I am not using ad-blocking DNS server or gateway

Troubleshooting & Runtime

[X] Wireguard is supported by my kernel
[X] I have read FAQ and Troubleshooting.
[X] I am using latest stable version

Container/Pod/systemd log output with DEBUG=1 or `--debug` flag

[DEBUG   ] Server info file is missing - /tmp/protonwire.server.json 
[INFO    ] Refresing server metadata (for nl-free-70.protonvpn.net) 
[DEBUG   ] API - https://protonwire-api.vercel.app/v1/server/nl-free-70.protonvpn.net 
[TRACE   ] (curl) % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current 
[TRACE   ] (curl) Dload  Upload   Total   Spent    Left  Speed 
[TRACE   ] (curl) 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 76.76.21.22:443... 
[TRACE   ] (curl) * Connected to protonwire-api.vercel.app (76.76.21.22) port 443 
[TRACE   ] (curl) * ALPN: curl offers h2,http/1.1 
[TRACE   ] (curl) } [5 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1): 
[TRACE   ] (curl) } [512 bytes data] 
[TRACE   ] (curl) *  CAfile: /etc/ssl/certs/ca-certificates.crt 
[TRACE   ] (curl) *  CApath: none 
[TRACE   ] (curl) { [5 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2): 
[TRACE   ] (curl) { [122 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 
[TRACE   ] (curl) { [15 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11): 
[TRACE   ] (curl) { [3977 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15): 
[TRACE   ] (curl) { [264 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20): 
[TRACE   ] (curl) { [36 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 
[TRACE   ] (curl) } [1 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20): 
[TRACE   ] (curl) } [36 bytes data] 
[TRACE   ] (curl) * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 
[TRACE   ] (curl) * ALPN: server accepted h2 
[TRACE   ] (curl) * Server certificate: 
[TRACE   ] (curl) *  subject: CN=*.vercel.app 
[TRACE   ] (curl) *  start date: Sep 25 03:14:47 2023 GMT 
[TRACE   ] (curl) *  expire date: Dec 24 03:14:46 2023 GMT 
[TRACE   ] (curl) *  subjectAltName: host "protonwire-api.vercel.app" matched cert's "*.vercel.app" 
[TRACE   ] (curl) *  issuer: C=US; O=Let's Encrypt; CN=R3 
[TRACE   ] (curl) *  SSL certificate verify ok. 
[TRACE   ] (curl) { [5 bytes data] 
[TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 
[TRACE   ] (curl) { [122 bytes data] 
[TRACE   ] (curl) * using HTTP/2 
[TRACE   ] (curl) * [HTTP/2] [1] OPENED stream for https://protonwire-api.vercel.app/v1/server/nl-free-70.protonvpn.net 
[TRACE   ] (curl) * [HTTP/2] [1] [:method: GET] 
[TRACE   ] (curl) * [HTTP/2] [1] [:scheme: https] 
[TRACE   ] (curl) * [HTTP/2] [1] [:authority: protonwire-api.vercel.app] 
[TRACE   ] (curl) * [HTTP/2] [1] [:path: /v1/server/nl-free-70.protonvpn.net] 
[TRACE   ] (curl) * [HTTP/2] [1] [user-agent: protonwire/v7] 
[TRACE   ] (curl) * [HTTP/2] [1] [accept: */*] 
[TRACE   ] (curl) } [5 bytes data] 
[TRACE   ] (curl) > GET /v1/server/nl-free-70.protonvpn.net HTTP/2

[TRACE   ] (curl) > Host: protonwire-api.vercel.app

[TRACE   ] (curl) > User-Agent: protonwire/v7

[TRACE   ] (curl) > Accept: */*

[TRACE   ] (curl) > 

[TRACE   ] (curl) { [5 bytes data] 
[TRACE   ] (curl) < HTTP/2 404 

[TRACE   ] (curl) < access-control-allow-origin: *

[TRACE   ] (curl) < age: 666

[TRACE   ] (curl) < cache-control: s-maxage=60, stale-while-revalidate=600

[TRACE   ] (curl) < content-disposition: inline; filename="404.html"

[TRACE   ] (curl) < content-type: application/json

[TRACE   ] (curl) < date: Mon, 23 Oct 2023 21:50:31 GMT

[TRACE   ] (curl) < etag: "099bd024eae0b810dcc70996aaaf14c8"

[TRACE   ] (curl) < server: Vercel

[TRACE   ] (curl) < strict-transport-security: max-age=63072000; includeSubDomains; preload

[TRACE   ] (curl) < x-vercel-cache: HIT

[TRACE   ] (curl) < x-vercel-id: lhr1::97nbx-1698097831067-dcae3453f800

[TRACE   ] (curl) < content-length: 44

[TRACE   ] (curl) * The requested URL returned error: 404 
[TRACE   ] (curl) 
  0    44    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0 
[TRACE   ] (curl) * Connection #0 to host protonwire-api.vercel.app left intact 
[TRACE   ] (curl) curl: (22) The requested URL returned error: 404 
[ERROR   ] Failed to refresh ProtonVPN server metadata (server name is invalid or not found) 
[DEBUG   ] metadata_fetch_tries=3 
[DEBUG   ] metadata_fetch_max_tries=3 
[ERROR   ] Failed to fetch server metadata after 3 tries! 
[ERROR   ] Please check your internet connection and try again! 
[ERROR   ] If you have killswitch enabled please disable it and try again! 
[ERROR   ] Failed to connect to nl-free-70.protonvpn.net 
[DEBUG   ] Wireguard interface for protonwire is not present.

Any additional info

Is this caused by the URL https://protonwire-api.vercel.app/v1/server/nl-free-70.protonvpn.net returning a 404? I get a 404 no matter which server name is used.

Is there an example of a URL that contains a value that does not return 404?

Code of Conduct & PII Redaction

[X] I agree to follow this project's Code of Conduct.
[X] I have removed any sensitive personally identifying information(PII) and secrets from in this issue report.

tprasadtp commented 1 year ago

Well, nl-free-70.protonvpn.net does not exist. You probably meant node-nl-70.protonvpn.net. You cannot make up DNS names from server names. Copy it from ProtonVPN page. little drop down arrow should show you the DNS name or use server name like NL#1 (dont' forget to quote it for YAML). server-dns-name

neilrees commented 1 year ago

Understood, presumably that server has existed at some time in the past as this config has worked previously (admittedly a few months ago) and given it was still in the same form as the example config in the README it was presumed to still be valid

Thank you for the pointer, container is now connected!

strech345 commented 7 months ago

Well, nl-free-70.protonvpn.net does not exist. You probably meant node-nl-70.protonvpn.net. You cannot make up DNS names from server names. Copy it from ProtonVPN page. little drop down arrow should show you the DNS name or use server name like NL#1 (dont' forget to quote it for YAML).

does this changed? i have only the download button. Also it should work with ip? for me it doesnt. Im a free user, but i think this should also work right? Update: i now found the name by analyse the network inspector of the page. But still get this error

[ERROR   ] See https://github.com/tprasadtp/protonvpn-docker/blob/master/docs/help.md for troubleshooting. 
[ERROR   ] Failed to fetch server metadata after 3 tries! 
[ERROR   ] Please check your internet connection and try again! 
[ERROR   ] If you have killswitch enabled please disable it and try again! 
[ERROR   ] Failed to connect to 212.8.252.66

version: "3.9" # optional since v1.27.0
services:
  vpn:
    image: ghcr.io/tprasadtp/protonwire:latest
    init: true
    restart: unless-stopped
    cap_add:
      - NET_ADMIN # Required
      #- NET_RAW
    environment:
      PGID: 100
      PUID: 1003
      # Quote this value as server name can contain '#'.
      PROTONVPN_SERVER: "node-nl-114.protonvpn.net" #NL-FREE#508077
      WIREGUARD_PRIVATE_KEY: "xxxxxxxxxxxxxxx"
      # Set this to 1 to show debug logs for issue forms.
      DEBUG: "1"
      # Set this to 0 to disable kill-switch.
      KILL_SWITCH: "0"
    # NET_ADMIN capability is mandatory!
    ports:
      - "5800:5800"
      - "5900:5900"
    sysctls:
      net.ipv4.conf.all.rp_filter: 2
      net.ipv6.conf.all.disable_ipv6: 1
      #- net.ipv6.conf.all.disable_ipv6=1 # Recomended if using ipv4 only
      #- net.ipv4.conf.all.src_valid_mark=1
  jd2gui:
    image: jlesage/jdownloader-2:latest
    environment:
      - "USER_ID=1003"
      - "GROUP_ID=100"
      - "TZ=Etc/UTC"
    volumes:
      - "xxxx"
    network_mode: service:vpn
    depends_on:
      - vpn

strech345 commented 7 months ago

i created a new account, now it works yeah :-)

tprasadtp / protonvpn-docker