gluetun
gluetun copied to clipboard
qdm12
SlickVPN Support
- [x] Update mechanism
- [x] Openvpn config
- [x] Markdown format headers
- [x] Servers.json updated
- [x] Up to date with master branch
- [x] Test image
- [x] Where to find
TCPconfiguration files? One could just try on port 443 and protocol tcp. - [x] Is
redirect-gatewayneeded?
Sorry I've been force-pushing on the master branch the last commit, sorry I forgot your fork :cry: Let me know if you need help rebasing/dropping the older commit I have overridden a bunch of times.
Hey @Rohaq I actually ended up pushing all these modifications I have been talking about to make VPN provider addition simpler. That means your branch needs quite a bit of work to match the newer format. If that's ok with you, I can rebase your branch on the repo master branch, let me know (I can already push on your forked repo branch).
Hey @Rohaq I'm about to work on your branch and update it to the latest changes. Would you then be able to just test the image see if it works (probably tomorrow I would guess)? Thanks!
Soooo... I rebased, refactored, reviewed all your code 👍
A few important changes:
- Fix the CA to match the ca found in their openvpn config
- Remove the CRL which doesn't show in their openvpn config
- Fix the port from
8888to443for openvpn udp - cannot find tcp still, so I explicitely disallowed it for slickvpn
- only 2 hosts out of 150 are bad openvpn files urls (this one and that one), so not that bad after all.
It might just work as is, so feel free on your gluetun fork repo to
git reset --hard origin/master
docker build -t qmcgaw/gluetun .
docker run -it --rm --cap-add=NET_ADMIN -e VPNSP=slickvpn -e OPENVPN_USER=abc -e OPENVPN_PASSWORD=abc qmcgaw/gluetun
and see if it works?
Hi, I'm also using SlickVPN and tried building and running the container. It threw the following error:
2022-06-21T18:57:56Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022 2022-06-21T18:57:56Z INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 2022-06-21T18:57:56Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXXX:443 2022-06-21T18:57:56Z INFO [openvpn] UDP link local: (not bound) 2022-06-21T18:57:56Z INFO [openvpn] UDP link remote: [AF_INET]XXXXXXXXXXXXX:443 2022-06-21T18:57:56Z INFO [openvpn] VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN, serial=11658383158490768694 2022-06-21T18:57:56Z INFO [openvpn] OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 2022-06-21T18:57:56Z INFO [openvpn] TLS_ERROR: BIO read tls_read_plaintext error 2022-06-21T18:57:56Z INFO [openvpn] TLS Error: TLS object -> incoming plaintext read error 2022-06-21T18:57:56Z INFO [openvpn] TLS Error: TLS handshake failed 2022-06-21T18:57:56Z INFO [openvpn] SIGTERM received, sending exit notification to peer 2022-06-21T18:57:56Z INFO [openvpn] SIGTERM[soft,tls-error] received, process exiting
Seems something was wrong with the certificate. So I edited the file openvpnconf.go, found a newer certificate on the SlickVPN website. Changed line 23 to this:
CA: "MIIESDCCAzCgAwIBAgIJAKHK5bbBPSU2MA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNVBAYTAlVTMQwwCgYDVQQIEwNWUE4xDDAKBgNVBAcTA1ZQTjEMMAoGA1UEChMDVlBOMQwwCgYDVQQLEwNWUE4xDDAKBgNVBAMTA1ZQTjEMMAoGA1UEKRMDVlBOMRIwEAYJKoZIhvcNAQkBFgNWUE4wHhcNMjIwMjE0MjEzNDQwWhcNMzIwMjEyMjEzNDQwWjB1MQswCQYDVQQGEwJVUzEMMAoGA1UECBMDVlBOMQwwCgYDVQQHEwNWUE4xDDAKBgNVBAoTA1ZQTjEMMAoGA1UECxMDVlBOMQwwCgYDVQQDEwNWUE4xDDAKBgNVBCkTA1ZQTjESMBAGCSqGSIb3DQEJARYDVlBOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwUl1XkfGo3c1uFsvgbO3C3yvu0+cHs9IUSsju5U9cPNCo53mqRHU/qntCC+ldIDKN+dNWn7eURIDszy+flutkgucs0qgETy5fzpXnVMtiKmMiOYWiJDor7j7QivRaxoT/O2fyjxvVCL8gMa60ekWSGBT6isYY8t8BnwTPVP0KvDm36wdaqLmubhf2XGvka/hhNx0SXMmz2x3OJ8BcoypZVLLk/+Qm6DJh1KxyDi4kI+jBC41QuaKKDNwb0kth1304eqZoUeCXtGkzl91y76ODAfdqzXf9WYJdgkXpOm53Cg7FtB42AqPRqHJVwYxDnQyrFwy4a3CWqFJnKtxJM/WlwIDAQABo4HaMIHXMB0GA1UdDgQWBBRSzxAtISfbSRPr0fmhwNZc8kOeKzCBpwYDVR0jBIGfMIGcgBRSzxAtISfbSRPr0fmhwNZc8kOeK6F5pHcwdTELMAkGA1UEBhMCVVMxDDAKBgNVBAgTA1ZQTjEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAKHK5bbBPSU2MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGuKFW765F3D5wax5IFSQbEtr+rVHgjR8jiYTzxOCmbLaU4oj6phOhfQJiTTADQYgCIC/DN0HsAEEqrKkwEn8KdAoNiAWfqCV/eqnK83y7yRDGx6/zfsch+PAzKZouMJLrvR9RYbHq7m3adZv84YLge7FE1JqFk1j6rSa4dUUnGQPrQgr9Sasnz8O8KK45XH6fqKrsd4p485n+BXPDzWVsHl4M5dqQV7qUZTazbzzh4NyP5/RQ6Oh5jqMN7po4qiqWv1pu0EKDxUG6gcECc2cTQwHhIOPeCGdHS7uuI2FlLnHaCUFBgi8zTsZxaeaPuPch5M7Zxbdg0GBhS2SmNi+io=", //nolint:lll
After that I got the following response:
2022-06-21T18:59:55Z INFO [firewall] allowing VPN connection... 2022-06-21T18:59:55Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022 2022-06-21T18:59:55Z INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 2022-06-21T18:59:55Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXXXX:443 2022-06-21T18:59:55Z INFO [openvpn] UDP link local: (not bound) 2022-06-21T18:59:55Z INFO [openvpn] UDP link remote: [AF_INET]XXXXXXXXXXX:443 2022-06-21T18:59:56Z INFO [openvpn] [VPN] Peer Connection Initiated with [AF_INET]XXXXXXXXXX:443 2022-06-21T18:59:57Z INFO [openvpn] TUN/TAP device tun0 opened 2022-06-21T18:59:57Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500 2022-06-21T18:59:57Z INFO [openvpn] /sbin/ip link set dev tun0 up 2022-06-21T18:59:57Z INFO [openvpn] /sbin/ip addr add dev tun0 local 10.10.8.22 peer 10.10.8.21 2022-06-21T18:59:57Z INFO [openvpn] UID set to nonrootuser 2022-06-21T18:59:57Z INFO [openvpn] Initialization Sequence Completed 2022-06-21T18:59:57Z INFO [dns over tls] downloading DNS over TLS cryptographic files 2022-06-21T18:59:58Z INFO [healthcheck] healthy!
I found this certificate in the stock OVPN file by the way, from the site HERE DIRECT LINK
EDIT: Just saw your post above, I've got some additions.
Soooo... I rebased, refactored, reviewed all your code 👍
A few important changes:
- Fix the CA to match the ca found in their openvpn config
- Remove the CRL which doesn't show in their openvpn config
- Fix the port from
8888to443for openvpn udp- cannot find tcp still, so I explicitely disallowed it for slickvpn
- only 2 hosts out of 150 are bad openvpn files urls (this one and that one), so not that bad after all.
It might just work as is, so feel free on your gluetun fork repo to
git reset --hard origin/master docker build -t qmcgaw/gluetun . docker run -it --rm --cap-add=NET_ADMIN -e VPNSP=slickvpn -e OPENVPN_USER=abc -e OPENVPN_PASSWORD=abc qmcgaw/gluetunand see if it works?
Using the SlickVPN software on Windows, the port can be chosen, there the choice is 443, 8888 or 8080. All three of them seem to work for me in my custom config.:
#Either of these server configs work:
remote 185.34.136.13 443 udp
remote 185.34.136.13 8888 udp
remote 185.34.136.13 8080 udp
resolv-retry 5
auth-user-pass
client
redirect-gateway
remote-cert-tls server
cipher AES-256-CBC
proto udp
dev tun
nobind
<ca>
-----BEGIN CERTIFICATE-----
MIIESDCCAzCgAwIBAgIJAKHK5bbBPSU2MA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIEwNWUE4xDDAKBgNVBAcTA1ZQTjEMMAoGA1UEChMDVlBO
MQwwCgYDVQQLEwNWUE4xDDAKBgNVBAMTA1ZQTjEMMAoGA1UEKRMDVlBOMRIwEAYJ
KoZIhvcNAQkBFgNWUE4wHhcNMjIwMjE0MjEzNDQwWhcNMzIwMjEyMjEzNDQwWjB1
MQswCQYDVQQGEwJVUzEMMAoGA1UECBMDVlBOMQwwCgYDVQQHEwNWUE4xDDAKBgNV
BAoTA1ZQTjEMMAoGA1UECxMDVlBOMQwwCgYDVQQDEwNWUE4xDDAKBgNVBCkTA1ZQ
TjESMBAGCSqGSIb3DQEJARYDVlBOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwUl1XkfGo3c1uFsvgbO3C3yvu0+cHs9IUSsju5U9cPNCo53mqRHU/qnt
CC+ldIDKN+dNWn7eURIDszy+flutkgucs0qgETy5fzpXnVMtiKmMiOYWiJDor7j7
QivRaxoT/O2fyjxvVCL8gMa60ekWSGBT6isYY8t8BnwTPVP0KvDm36wdaqLmubhf
2XGvka/hhNx0SXMmz2x3OJ8BcoypZVLLk/+Qm6DJh1KxyDi4kI+jBC41QuaKKDNw
b0kth1304eqZoUeCXtGkzl91y76ODAfdqzXf9WYJdgkXpOm53Cg7FtB42AqPRqHJ
VwYxDnQyrFwy4a3CWqFJnKtxJM/WlwIDAQABo4HaMIHXMB0GA1UdDgQWBBRSzxAt
ISfbSRPr0fmhwNZc8kOeKzCBpwYDVR0jBIGfMIGcgBRSzxAtISfbSRPr0fmhwNZc
8kOeK6F5pHcwdTELMAkGA1UEBhMCVVMxDDAKBgNVBAgTA1ZQTjEMMAoGA1UEBxMD
VlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQww
CgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAKHK5bbBPSU2MAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGuKFW765F3D5wax5IFSQbEtr+rV
HgjR8jiYTzxOCmbLaU4oj6phOhfQJiTTADQYgCIC/DN0HsAEEqrKkwEn8KdAoNiA
WfqCV/eqnK83y7yRDGx6/zfsch+PAzKZouMJLrvR9RYbHq7m3adZv84YLge7FE1J
qFk1j6rSa4dUUnGQPrQgr9Sasnz8O8KK45XH6fqKrsd4p485n+BXPDzWVsHl4M5d
qQV7qUZTazbzzh4NyP5/RQ6Oh5jqMN7po4qiqWv1pu0EKDxUG6gcECc2cTQwHhIO
PeCGdHS7uuI2FlLnHaCUFBgi8zTsZxaeaPuPch5M7Zxbdg0GBhS2SmNi+io=
-----END CERTIFICATE-----
</ca>
The same goes for UDP or TCP, according the Windows software it can be either, on all the three ports. I tested port 8888 by changing the remote and proto to TCP, this also works fine :-)
@Fietspomp86 awesome thank you for the feedback. I added a few commits:
- Fix the certificate
- Allow
OPENVPN_PROTOCOL=tcp - Allow
VPN_ENDPOINT_PORTto be 443, or 8080, or 8888 - Removed the
redirect-gatewaydefault option
Let me know when you got the time if everything works as expected and I'll get this merged. Thanks!
@qdm12
Thanks for the fast work!
Just pulled the new repo. It didn't work, but I also had to do a "git pull" of course....
git reset --hard origin/master
git pull
docker build -t qmcgaw/gluetun .
docker run -it --rm --cap-add=NET_ADMIN -e VPNSP=slickvpn -e OPENVPN_USER=abc -e OPENVPN_PASSWORD=abc qmcgaw/gluetun
Seems to be working now! I got a strange error though, but I guess that's because of permissions and hasn't anything todo with the SlickVPN config:
> 2022-06-22T05:39:37Z INFO [firewall] allowing VPN connection...
> 2022-06-22T05:39:37Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
> 2022-06-22T05:39:37Z INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
> 2022-06-22T05:39:37Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXXXXX:443
> 2022-06-22T05:39:37Z INFO [openvpn] UDP link local: (not bound)
> 2022-06-22T05:39:37Z INFO [openvpn] UDP link remote: [AF_INET]XXXXXXXXX:443
> 2022-06-22T05:39:38Z INFO [openvpn] [VPN] Peer Connection Initiated with [AF_INET]XXXXXXXXXX:443
> 2022-06-22T05:39:39Z INFO [openvpn] TUN/TAP device tun0 opened
> 2022-06-22T05:39:39Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
> 2022-06-22T05:39:39Z INFO [openvpn] /sbin/ip link set dev tun0 up
> 2022-06-22T05:39:39Z INFO [openvpn] /sbin/ip addr add dev tun0 local 10.10.8.38 peer 10.10.8.37
> 2022-06-22T05:39:39Z INFO [openvpn] UID set to nonrootuser
> 2022-06-22T05:39:39Z INFO [openvpn] Initialization Sequence Completed
> 2022-06-22T05:39:41Z INFO [dns over tls] downloading DNS over TLS cryptographic files
> 2022-06-22T05:39:41Z WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: write udp 172.17.0.2:34526->1.1.1.1:53: write: operation not permitted
> 2022-06-22T05:39:41Z INFO [dns over tls] attempting restart in 40s
> 2022-06-22T05:39:41Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 172.17.0.2:38628->1.1.1.1:53: write: operation not permitted
> 2022-06-22T05:39:41Z INFO [ip getter] retrying in 5s
> 2022-06-22T05:39:46Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 172.17.0.2:52010->1.1.1.1:53: write: operation not permitted
> 2022-06-22T05:39:46Z INFO [ip getter] retrying in 5s
> 2022-06-22T05:39:51Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 172.17.0.2:55131->1.1.1.1:53: write: operation not permitted
> 2022-06-22T05:39:51Z INFO [ip getter] retrying in 5s
> 2022-06-22T05:39:56Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 172.17.0.2:35175->1.1.1.1:53: write: operation not permitted
> 2022-06-22T05:39:56Z INFO [ip getter] retrying in 5s
> 2022-06-22T05:39:59Z INFO [healthcheck] program has been unhealthy for 21s: restarting VPN
> 2022-06-22T05:39:59Z INFO [vpn] stopping
If you need anything else I can test/do, let me know! Is there also an option to select countries, like with other providers? e.g.: -e SERVER_COUNTRIES=Netherlands ?
That error is just the vpn not working, it's a config problem. Please try by adding the environment variable OPENVPN_FLAGS=--redirect-gateway? I'll re-add it if that's the missing piece.
Regarding server filters, I'll add a wiki page documenting that.
OPENVPN_FLAGS=--redirect-gateway
Ok I've added that flag, seems better now, but it's still throwing an error:
2022-06-22T14:20:29Z INFO [firewall] allowing VPN connection...
2022-06-22T14:20:29Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-22T14:20:29Z INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
2022-06-22T14:20:29Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXXXXX:443
2022-06-22T14:20:29Z INFO [openvpn] UDP link local: (not bound)
2022-06-22T14:20:29Z INFO [openvpn] UDP link remote: [AF_INET]XXXXXXXXX:443
2022-06-22T14:20:29Z INFO [openvpn] [VPN] Peer Connection Initiated with [AF_INET]XXXXXXXX:443
2022-06-22T14:20:31Z INFO [openvpn] TUN/TAP device tun0 opened
2022-06-22T14:20:31Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-06-22T14:20:31Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-06-22T14:20:31Z INFO [openvpn] /sbin/ip addr add dev tun0 local 10.10.8.10 peer 10.10.8.9
2022-06-22T14:20:31Z INFO [openvpn] UID set to nonrootuser
2022-06-22T14:20:31Z INFO [openvpn] Initialization Sequence Completed
2022-06-22T14:20:31Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-06-22T14:20:31Z INFO [healthcheck] healthy!
2022-06-22T14:20:31Z INFO [dns over tls] downloading hostnames and IP block lists
2022-06-22T14:20:35Z INFO [dns over tls] init module 0: validator
2022-06-22T14:20:35Z INFO [dns over tls] init module 1: iterator
2022-06-22T14:20:35Z INFO [dns over tls] start of service (unbound 1.15.0).
2022-06-22T14:20:39Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-22T14:20:47Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2022-06-22T14:20:47Z INFO [vpn] stopping
2022-06-22T14:20:47Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled
2022-06-22T14:20:47Z INFO [vpn] starting
Looks like a DNS error? Here is my custom config by the way which I use now with Gluetun, there I also have the redirect-gateway option:
remote 185.34.136.13 8888 udp
remote-random
resolv-retry 5
auth-user-pass
client
redirect-gateway
remote-cert-tls server
cipher AES-256-CBC
proto udp
dev tun
nobind
<ca>
-----BEGIN CERTIFICATE-----
MIIESDCCAzCgAwIBAgIJAKHK5bbBPSU2MA0GCSqGSIb3DQEBBQUAMHUxCzAJBgNV
BAYTAlVTMQwwCgYDVQQIEwNWUE4xDDAKBgNVBAcTA1ZQTjEMMAoGA1UEChMDVlBO
MQwwCgYDVQQLEwNWUE4xDDAKBgNVBAMTA1ZQTjEMMAoGA1UEKRMDVlBOMRIwEAYJ
KoZIhvcNAQkBFgNWUE4wHhcNMjIwMjE0MjEzNDQwWhcNMzIwMjEyMjEzNDQwWjB1
MQswCQYDVQQGEwJVUzEMMAoGA1UECBMDVlBOMQwwCgYDVQQHEwNWUE4xDDAKBgNV
BAoTA1ZQTjEMMAoGA1UECxMDVlBOMQwwCgYDVQQDEwNWUE4xDDAKBgNVBCkTA1ZQ
TjESMBAGCSqGSIb3DQEJARYDVlBOMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAwUl1XkfGo3c1uFsvgbO3C3yvu0+cHs9IUSsju5U9cPNCo53mqRHU/qnt
CC+ldIDKN+dNWn7eURIDszy+flutkgucs0qgETy5fzpXnVMtiKmMiOYWiJDor7j7
QivRaxoT/O2fyjxvVCL8gMa60ekWSGBT6isYY8t8BnwTPVP0KvDm36wdaqLmubhf
2XGvka/hhNx0SXMmz2x3OJ8BcoypZVLLk/+Qm6DJh1KxyDi4kI+jBC41QuaKKDNw
b0kth1304eqZoUeCXtGkzl91y76ODAfdqzXf9WYJdgkXpOm53Cg7FtB42AqPRqHJ
VwYxDnQyrFwy4a3CWqFJnKtxJM/WlwIDAQABo4HaMIHXMB0GA1UdDgQWBBRSzxAt
ISfbSRPr0fmhwNZc8kOeKzCBpwYDVR0jBIGfMIGcgBRSzxAtISfbSRPr0fmhwNZc
8kOeK6F5pHcwdTELMAkGA1UEBhMCVVMxDDAKBgNVBAgTA1ZQTjEMMAoGA1UEBxMD
VlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQww
CgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAKHK5bbBPSU2MAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAGuKFW765F3D5wax5IFSQbEtr+rV
HgjR8jiYTzxOCmbLaU4oj6phOhfQJiTTADQYgCIC/DN0HsAEEqrKkwEn8KdAoNiA
WfqCV/eqnK83y7yRDGx6/zfsch+PAzKZouMJLrvR9RYbHq7m3adZv84YLge7FE1J
qFk1j6rSa4dUUnGQPrQgr9Sasnz8O8KK45XH6fqKrsd4p485n+BXPDzWVsHl4M5d
qQV7qUZTazbzzh4NyP5/RQ6Oh5jqMN7po4qiqWv1pu0EKDxUG6gcECc2cTQwHhIO
PeCGdHS7uuI2FlLnHaCUFBgi8zTsZxaeaPuPch5M7Zxbdg0GBhS2SmNi+io=
-----END CERTIFICATE-----
</ca>
I've tried without it, then I get the same errors as I had above, so yes "redirect-gateway" should definitely be added again.
EDIT:
Since I assumed something was wrong with DoT, I've managed to start the container with the following flag added as well:
docker run -it --rm --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=slickvpn -e [email protected] -e OPENVPN_PASSWORD=XXXXXX -e SERVER_COUNTRIES=Netherlands -e DNS_ADDRESS=84.200.70.40 -e OPENVPN_FLAGS=--redirect-gateway qmcgaw/gluetun
This is the output now:
2022-06-22T14:30:40Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-06-22T14:30:40Z INFO [routing] adding route for 0.0.0.0/0
2022-06-22T14:30:40Z INFO [firewall] setting allowed subnets...
2022-06-22T14:30:40Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-06-22T14:30:40Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-06-22T14:30:40Z INFO [pprof] http server listening on [::]:6060
2022-06-22T14:30:40Z INFO [http server] http server listening on [::]:8000
2022-06-22T14:30:40Z INFO [dns over tls] using plaintext DNS at address 84.200.70.40
2022-06-22T14:30:40Z INFO [healthcheck] listening on 127.0.0.1:9999
2022-06-22T14:30:40Z INFO [firewall] allowing VPN connection...
2022-06-22T14:30:40Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-22T14:30:40Z INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
2022-06-22T14:30:40Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]XXXXXX:443
2022-06-22T14:30:40Z INFO [openvpn] UDP link local: (not bound)
2022-06-22T14:30:40Z INFO [openvpn] UDP link remote: [AF_INET]XXXXXXXXX:443
2022-06-22T14:30:40Z INFO [openvpn] [VPN] Peer Connection Initiated with [AF_INET]XXXXXXXXX:443
2022-06-22T14:30:41Z INFO [openvpn] TUN/TAP device tun0 opened
2022-06-22T14:30:41Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-06-22T14:30:41Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-06-22T14:30:41Z INFO [openvpn] /sbin/ip addr add dev tun0 local 10.10.8.46 peer 10.10.8.45
2022-06-22T14:30:41Z INFO [openvpn] UID set to nonrootuser
2022-06-22T14:30:41Z INFO [openvpn] Initialization Sequence Completed
2022-06-22T14:30:41Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-06-22T14:30:42Z INFO [healthcheck] healthy!
2022-06-22T14:30:47Z INFO [dns over tls] downloading hostnames and IP block lists
2022-06-22T14:30:49Z INFO [dns over tls] ready
2022-06-22T14:30:49Z INFO [ip getter] Public IP address is XXXXXXXXXX (Netherlands, North Holland, Amsterdam)
2022-06-22T14:30:49Z INFO [vpn] There is a new release v3.29.0 (v3.29.0) created 41 days ago
2022-06-22T14:30:51Z INFO [dns over tls] init module 0: validator
2022-06-22T14:30:51Z INFO [dns over tls] init module 1: iterator
2022-06-22T14:30:51Z INFO [dns over tls] start of service (unbound 1.15.0).
2022-06-22T14:32:01Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-22T14:32:02Z INFO [healthcheck] healthy!
I don't see why Unbound (DOT aka dns over tls) would fail. Maybe just let it reboot once, maybe 6s is not enough for the vpn and unbound to get started? I also re-added redirect-gateway so feel free to docker pull qmcgaw/gluetun:slickvpn to get that change.
I don't see why Unbound (DOT aka dns over tls) would fail. Maybe just let it reboot once, maybe 6s is not enough for the vpn and unbound to get started? I also re-added
redirect-gatewayso feel free todocker pull qmcgaw/gluetun:slickvpnto get that change.
I'm not sure, I also think that has nothing to do with the SlickVPN side of things. TBH I also don't use it with my own custom config since I had issues there as well, perhaps due to the fact that I'm running DNS through my own PiHoles with unbound and that all traffic on port 53 gets redirected to them?
Anyway, just pulled the qmcgaw/gluetun:slickvpn, and it works perfect!
Sorry for the delay in responding to this, I saw how much refactoring you'd been doing, and thought it might be worth waiting - unfortunately real life has also been getting in the way as we're down a developer at work!
Nice to see @Fietspomp86 got it working with your changes though! I'll try and make some time to look over them this week!
No worry @Rohaq one more thing I'd like to do is remove the cascadia dependency. I did it for #848 (although it took me a few hours), I'll give it a stab here 😉
No worry @Rohaq one more thing I'd like to do is remove the cascadia dependency. I did it for #848 (although it took me a few hours), I'll give it a stab here 😉
Dang, I thought I got away with it due to it being in the updater component. Nice to see you've moved away from Regex though! 😆
I'm going to try and resurrect my htmlutils package in your updated master branch, but only using x/net/html - at least by creating better tooling within the project, it might speed up future development 😄
@Rohaq maybe have a look at https://github.com/qdm12/gluetun/blob/vpnsecure/internal/provider/vpnsecure/updater/website.go and its test file https://github.com/qdm12/gluetun/blob/vpnsecure/internal/provider/vpnsecure/updater/website_test.go to find commonly used patterns for both providers. But let's keep shared/utils code to the minimum to what's in use and shared, and the rest private to each provider updater package.
You could also just have these html helper functions in internal/provider/common/html.go and import them using the common package.
Let me know when you start working on this, I'll comment here as well if I do on my side before you do (almost did this evening but tv called for me 😄)
@Rohaq thanks for the work, merging it now! 👍
- I rebased your branch on the current master branch
- Applied my own feedback
- Reworked the html package (so it can be used with #848)
- Reworked the parsing and fetching of html
- Added unit tests for the fetch & parse of the html (with a local index.html as well)
↪️ For end users, the Wiki page