ProtonVPN API error on startup

[betterphp]

vpn_http_proxy-1  | [!] There was an error with accessing the ProtonVPN API.
vpn_http_proxy-1  | [!] Please make sure your connection is working properly!
vpn_http_proxy-1  | [!] HTTP Error Code: 422
vpn_http_proxy-1  | [!] There was an error with accessing the ProtonVPN API.
vpn_http_proxy-1  | [!] Please make sure your connection is working properly!
vpn_http_proxy-1  | [!] HTTP Error Code: 422
vpn_http_proxy-1  | Device "proton0" does not exist

According to this Reddit post the CLI is no longer supported.

[betterphp]

Seems related to this too https://github.com/Rafficer/linux-cli-community/issues/365

[ab2022]

Same issue here. I guess pip3 install protonvpn-cli isn't going to work anymore b/c must use a more recent version of the command line client.

[ab2022]

This diff fixed the issue for me. I think the right process is to submit a merge request but sorry I'm not a tech guy, don't know how exactly. Pretty straightforward tho

diff --git a/Dockerfile b/Dockerfile
index 92a6bcb..f49ef04 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,8 +19,10 @@ ENV PVPN_USERNAME= \
 COPY app /app
 COPY pvpn-cli /root/.pvpn-cli

-RUN apk --update add coreutils openvpn privoxy procps python3 runit \
+RUN apk --update add coreutils git openvpn privoxy procps python3 runit \
     && python3 -m ensurepip \
-    && pip3 install protonvpn-cli
+    && git clone https://github.com/ProtonVPN/linux-cli-community \
+    && cd linux-cli-community \
+    && pip3 install -e .

 CMD ["runsvdir", "/app"]

[betterphp]

That's great :D I created a PR with that fix https://github.com/walterl/proton-privoxy/pull/47

Basically the process is;

1. Create a fork of the project (there's a button for that at the top of the repo page)
2. Clone the forked version, which should be named something like ab2022/proton-privoxy by default
3. Make a new branch
4. Make you changes and create a commit
5. Push the branch
6. GitHub will give you a link to create a PR in the response :)

[betterphp]

I can confirm that worked too :)

[MyVizDrake]

This may be a short term fix ...

See this comment and then this comment from the original github issue referenced above.

Just a friendly heads-up: it's probably best not to rely too heavily on the latest version. We're planning to fully end the support in the near future (for reasons explained above). So, while things might still be working for some days, it's perhaps best to see if the native client or manual configuration are viable alternative for your situation.

[ab2022]

Yeah probably it will stop working eventually. They recommend to use their app but it's UI only, no cli AFAIK.

For alpine (not one of their supported distros) they suggest wireguard. But wg each server needs it's own config which you download from your account login. That makes a container like this pretty useless.

Alternative, someone could volunteer to become maintainer of the community client. That seems to be their issue with it - it's unmaintained, no updates in years.

[MyVizDrake]

Yeah ... WG is bad in that regard. OpenVPN though can do "country specific" endpoint pools IIRC, but that's probably another headache. Unfortunately I am not a coder so am now seeing what my alternatives are I saw this and 1st thought was GREAT! I can do that! Then I realized an alternative needs to be investigated on my side (no big deal it is what it is). My internal proton-privoxy solution can probably be migrated to something else I already have running .. my guest network version may be more problemmatic. :-)

[betterphp]

Yeah agreed - a short term solution is better than leaving it broken though. A better solution would be a script that pulls the server list from https://api.protonmail.ch/vpn/logicals and generates the VPN config when the container starts - that'll take way longer to implement though.

[walterl]

Thanks a lot for the issue and PR #47, @betterphp and @ab2022. After some adjustments, that PR was merged, and this issue should now be fixed. It's available on DockerHub: docker pull walt3rl/proton-privoxy.

[walterl]

Thanks for the link to that discussion, @MyVizDrake.

It's really unfortunate that ProtonVPN isn't planning on supporting any alternative to the CLI. While I've been with ProtonVPN for years, and generally hold them in high regard, this feels like a betrayal of their (perceived?) early "hacker-friendly" ethos. I'll have to start looking at alternative VPN providers, for one that supports the use case that this project requires. If it's easier to switch to a more CLI-friendly VPN service, than to implement a solution like what @betterphp is suggesting (limited in scope as it is), I don't mind voting with my wallet.

[MyVizDrake]

@walterl if OpenVPN is OK, one could create a OpenVPN file that has all of the possible end points someone wants. I know I can download an OpenVPN file now for say, Belgium and I would get all of the Belgian ProtonVPN OpenVPN servers and I believe it will select one at random. This would be better than a single WG endpoint and a lot simpler than the idea that @betterphp proposed. Would be at the expense of tunnel speed being OpenVPN vs WG.

I could be a guinea-pig (i.e. tester) if need be.

I had been running your container for at least a year and really appreciate the effort you had put into it!!!

[malvinas2]

@MyVizDrake There are a number of Docker images available on github that provide OpenVPN and Privoxy functionality. But I suspect that the Proton CLI client is preferred because it provides some additional features that are not possible with OpenVPN (whatever they may be, I don't use them myself...)

[betterphp]

Being able to pick the country with an environment variable was the main thing for me, not likely to be a generic solution for that since it would always require provider specific information.

Thanks for sorting all that out @walterl <3