gluetun icon indicating copy to clipboard operation
gluetun copied to clipboard

Published 20 hours ago verified publisher icon qdm12

Bug: PIA: custom endpoint port is not allowed: 254 must be one of 53, 1194, 1197, 1198, 8080 or 9201

Open JollyG88 opened this issue 9 months ago • 7 comments

Is this urgent?

None

Host OS

Ubuntu

CPU arch

x86_64

VPN service provider

Private Internet Access

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-04-30T08:08:30.634Z (commit 7e0738d)

What's the problem 🤔

When attempting to start my container using the PIA Provided OVPN files, it begins the attempt, however fails due to issues with the port.

The issue also occurs if I attempt to change my config to a custom VPN provider utilising a Conf file.

I can see that this was a bug in previous builds, wondering if this has resurfaced?

Share your logs (at least 10 lines)

2024-05-02T00:45:25Z INFO Shutdown successful
Running version latest built on 2024-04-30T08:08:30.634Z (commit 7e0738d)
2024-05-02T00:45:24Z INFO [routing] default route found: interface eth0, gateway 172.19.1.1, assigned IP 172.19.1.10 and family v4
2024-05-02T00:45:24Z INFO [routing] local ethernet link found: eth0
2024-05-02T00:45:24Z INFO [routing] local ipnet found: 172.19.1.0/24
2024-05-02T00:45:25Z INFO [firewall] enabling...
2024-05-02T00:45:25Z INFO [firewall] enabled successfully
2024-05-02T00:45:25Z INFO [storage] merging by most recent 19425 hardcoded servers and 19425 servers read from /gluetun/servers.json
2024-05-02T00:45:25Z ERROR VPN settings: provider settings: server selection: OpenVPN server selection settings: custom endpoint port is not allowed: for VPN service provider private internet access: value is not one of the possible choices: 254 must be one of 53, 1194, 1197, 1198, 8080 or 9201

Share your configuration

gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    networks:
      VPN:
        ipv4_address: #custom static docker internal IP
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - /docker/gluetun:/gluetun
    environment:
      - UPDATER_PERIOD=24h
      - VPN_SERVICE_PROVIDER=private internet access
      - TZ=Australia/Brisbane
      - OPENVPN_USER=
      - OPENVPN_PASSWORD=
      - SERVER_REGIONS=Netherlands
      - VPN_ENDPOINT_PORT=1198

JollyG88 avatar May 02 '24 00:05 JollyG88

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

  • do not ask for updates, be patient
  • :+1: the issue to show your support instead of commenting @qdm12 usually checks issues at least once a week, if this is a new urgent bug, revert to an older tagged container image

github-actions[bot] avatar May 02 '24 00:05 github-actions[bot]

Quick Edit, rolling back to v3.37 restored the connection

JollyG88 avatar May 02 '24 04:05 JollyG88

254 is not one of the possible endpoint port for PIA, where did you see it was?

qdm12 avatar May 02 '24 06:05 qdm12

Thats the really odd thing. I can't see it in my config at all [both my docker compose file or viewing the container via Portainer GUI] or in any of the OVPN files that I've put in the OVPN directory. I previously had one of the OVPN files renamed to custom.conf and had mapped that in and it was working in v3.37 however that broke when I upgraded recently to v3.38. I have actually raised a case with PIA as their OVPN files seem to have an issue with malformed information and bad expiry dates in the CRL Verify portion which breaks in OpenSSL 3.3.0 and above. There a number of threads about that and PIA are also aware too apparently from the response I got, but no new OVPN files are available from them.

JollyG88 avatar May 02 '24 22:05 JollyG88

I have actually raised a case with PIA as their OVPN files seem to have an issue with malformed information and bad expiry dates in the CRL Verify portion which breaks in OpenSSL 3.3.0 and above.

Why don't you use the private internet access provider directly instead of the custom one? It has certificates that work openvpn 2.5/2.6 and openssl 3.x.x. See the gluetun wiki's pia setup page

qdm12 avatar May 04 '24 17:05 qdm12

Yeah, that’s what I’m currently doing but I was trying the custom.conf file as a test.

Even using pia as the provider in my config, it still comes up with that error unless I roll back to v3.37

JollyG88 avatar May 05 '24 09:05 JollyG88

Just try to remove VPN_ENDPOINT_PORT? There must be a 254 port defined somewhere in your config.

qdm12 avatar May 05 '24 13:05 qdm12

So, I removed that, still was still an issue. Created a test container using the exact same config as I listed above when raising this minus the Endpoint port environment variable and copying across my OVPN config folder with the certs from the old container to the new, and it worked fine using the latest build version.

So, took a look at my original container and removed the Wireguard conf folder that had the wg0.conf file from before I changed to PIA. There was also a .key file in the root directory of the container so I deleted that and retested the original container, and it's started working. For some reason, the container was still referencing something in those files which was telling it to use port 254.

Apologies for this. I will close this off

JollyG88 avatar May 06 '24 23:05 JollyG88

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.

github-actions[bot] avatar May 06 '24 23:05 github-actions[bot]