protonvpn-docker icon indicating copy to clipboard operation
protonvpn-docker copied to clipboard

Published 20 hours ago verified publisher icon tprasadtp

curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.protonvpn.ch:443

Open niallobr opened this issue 3 years ago • 0 comments

Hey there. I've been getting this error:

curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to api.protonvpn.ch:443

When I try manually

curl -vvv --connect-timeout 60 https://api.protonvpn.ch/vpn/logicals
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.protonvpn.ch:443
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to api.protonvpn.ch:443

however when I try api.protonmail.ch

curl -vvv --connect-timeout 60 https://api.protonmail.ch/vpn/logicals

the connection is successful.

Is there any environment variable to change the protonvpn-cli config to use api.protonmail.ch instead of api.protonvpn.ch? Would that solve the problem?

I'm not sure why I'm actually getting the error. My ISP should not be blocking ProtonVPN. I can connect through the app on udp/tcp. I think a previous Docker might have spammed some requests so my connections might be getting refused now?

Here is the full log for docker run

docker run --name=protonvpn --device=/dev/net/tun --cap-add=NET_ADMIN -e PROTONVPN_PROTOCOL=udp -e PROTONVPN_USERNAME="user_name" -e PROTONVPN_PASSWORD="pass_word" -e PROTONVPN_TIER=2 -e PROTONVPN_COUNTRY=IE -e DEBUG=1 ghcr.io/tprasadtp/protonvpn:latest
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 70-vpn-setup: executing...
[VPN-Config-Setup] Using Fastest Server from IE
[VPN-Config-Setup] Plus Plan
[VPN-Config-Setup] UDP
[VPN-Config-Split] Validating CIDRs
[VPN-Config-Split] CIDR 169.254.169.254/32 is valid
[VPN-Config-Split] CIDR 169.254.170.2/32 is valid
[VPN-Config-DNS  ] Enabling DNS leak protection.
[VPN-Config-Split] Following CIDRs will be excluded from VPN 169.254.169.254/32 169.254.170.2/32
[Path Init       ] Creating folders
[Path Init       ] Permissions
[VPN-Config-Setup] Getting Server List
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to api.protonvpn.ch:443
[cont-init.d] 70-vpn-setup: exited 35.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

Here is the output if I run openssl s_client -connect api.protonvpn.ch:443 on the same machine – so it seems like I can make some connection?

openssl s_client -connect api.protonvpn.ch:443
CONNECTED(00000003)
depth=2 C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2
verify return:1
depth=1 C = CH, O = SwissSign AG, CN = SwissSign Server Gold CA 2014 - G22
verify return:1
depth=0 C = CH, ST = GE, L = Plan-les-Ouates, O = Proton Technologies AG, CN = protonmail.com
verify return:1
---
Certificate chain
 0 s:/C=CH/ST=GE/L=Plan-les-Ouates/O=Proton Technologies AG/CN=protonmail.com
   i:/C=CH/O=SwissSign AG/CN=SwissSign Server Gold CA 2014 - G22
 1 s:/C=CH/O=SwissSign AG/CN=SwissSign Server Gold CA 2014 - G22
   i:/C=CH/O=SwissSign AG/CN=SwissSign Gold CA - G2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIJcjCCCFqgAwIBAgIURJV1a/9kLlyocSn1BJcGXxklL6kwDQYJKoZIhvcNAQEL
BQAwUjELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3aXNzU2lnbiBBRzEsMCoGA1UE
AxMjU3dpc3NTaWduIFNlcnZlciBHb2xkIENBIDIwMTQgLSBHMjIwHhcNMTkwODA5
MTgxNDA2WhcNMjEwODA5MTgxNDA2WjBuMQswCQYDVQQGEwJDSDELMAkGA1UECBMC
R0UxGDAWBgNVBAcTD1BsYW4tbGVzLU91YXRlczEfMB0GA1UEChMWUHJvdG9uIFRl
Y2hub2xvZ2llcyBBRzEXMBUGA1UEAxMOcHJvdG9ubWFpbC5jb20wggIiMA0GCSqG
SIb3DQEBAQUAA4ICDwAwggIKAoICAQDTalqYnEsfPzYYHvMYuhO5Y/mNO0JNax0w
+b7BrxX2AT60luJIle8xiqAgivNCYxnKrvwwmxdoHiYgqGFEJ9XKqfDPClwZbyUt
2ybmvK/6RmzNEVIQTatsi+0Iwhg/CL46lGz9ReMR5/l9WS/qyf3H1qXqxrCXRTWH
bnbHttCH9j/QevbkF82T2rjka488Tt1vT05SvzHdGt9xqCTOAqvlu10rnnD9Ats0
uG0+xcs67FYAs4Yl+I/8J6H4fWkwgpGtm74adGuiwPqAd0hUctz1P7Xqg2N/sdPx
G4u9q3AoLkMUPbsxQ30eCquU3XS2IK52gSQZdjdoqevv/VkjDj+3SUhJuF91KGyj
PAPzbg6fhxhVttYv7ml3IIUHCV5UT/6w4K08wBrwJ1O1BRBSwhPKJ9ROpcELfvmr
FMYEQOOG55dJl1pPf9O7L13+ceYWzuZU7QHPnxv8knc1aK4Z/YMLVMWM4aBepH1m
/+LNDKQx7mFogL1TGU+8sTG25t5hAWRWTEfGr4F1lREujd+Wz1J+s8p8d3cpQ6eX
JgXzrt8TOoSTphamyjG2bbfslTipVz4uMqG/QGGaz6glrEiYAvTSWMHSnL4s8hh0
CeaM8hcznAF4/EXEYd8tAkFtWkPAoRQ4FosdJosx77gOU8z+rSkNzVwAEGaQ7ScZ
N89FfE7tBwIDAQABo4IFIjCCBR4wZgYDVR0RBF8wXYIOcHJvdG9ubWFpbC5jb22C
ECoucHJvdG9ubWFpbC5jb22CDyoucHJvdG9ubWFpbC5jaIIHKi5wbS5tZYIPKi5w
cm90b252cG4uY29tgg4qLnByb3RvbnZwbi5jaDAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB0GA1UdDgQWBBQzNhPLHFx6vXmc
++Ud26tfxmZBBjAfBgNVHSMEGDAWgBTn8ef9LlOtEeWBGlekc48SfZjIrjCB/wYD
VR0fBIH3MIH0MEegRaBDhkFodHRwOi8vY3JsLnN3aXNzc2lnbi5uZXQvRTdGMUU3
RkQyRTUzQUQxMUU1ODExQTU3QTQ3MzhGMTI3RDk4QzhBRTCBqKCBpaCBooaBn2xk
YXA6Ly9kaXJlY3Rvcnkuc3dpc3NzaWduLm5ldC9DTj1FN0YxRTdGRDJFNTNBRDEx
RTU4MTFBNTdBNDczOEYxMjdEOThDOEFFJTJDTz1Td2lzc1NpZ24lMkNDPUNIP2Nl
cnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0
cmlidXRpb25Qb2ludDBzBgNVHSAEbDBqMFQGCWCFdAFZAQIBCzBHMEUGCCsGAQUF
BwIBFjlodHRwOi8vcmVwb3NpdG9yeS5zd2lzc3NpZ24uY29tL1N3aXNzU2lnbi1H
b2xkLUNQLUNQUy5wZGYwCAYGBACPegEHMAgGBmeBDAECAjCB1QYIKwYBBQUHAQEE
gcgwgcUwZAYIKwYBBQUHMAKGWGh0dHA6Ly9zd2lzc3NpZ24ubmV0L2NnaS1iaW4v
YXV0aG9yaXR5L2Rvd25sb2FkL0U3RjFFN0ZEMkU1M0FEMTFFNTgxMUE1N0E0NzM4
RjEyN0Q5OEM4QUUwXQYIKwYBBQUHMAGGUWh0dHA6Ly9nb2xkLXNlcnZlci1nMi5v
Y3NwLnN3aXNzc2lnbi5uZXQvRTdGMUU3RkQyRTUzQUQxMUU1ODExQTU3QTQ3MzhG
MTI3RDk4QzhBRTCCAfQGCisGAQQB1nkCBAIEggHkBIIB4AHeAHUARJRlLrDuzq/E
QAfYqP4owNrmgr7YyzG1P9MzlrW2gagAAAFsd5aHjgAABAMARjBEAiAvJQ1jMULF
9cx9dd8nrZjUkK7tcOOtJHEnDeofT1PUFgIgK6zsBn1SrR6i9SO+OCqBmgF5BXv4
NkbciLrKMR7pHt8AdQBvU3asMfAxGdiZAKRRFf93FRwR2QLBACkGjbIImjfZEwAA
AWx3logrAAAEAwBGMEQCIDqgRJBXcriVw+SB4k8e6kaR26vQQFsDs/AlbGbwa5ym
AiBsen+FNjuLvtrFoFogd2gNM6kUpu5m+mQh4NAnjTdf4QB2ALvZ37wfinG1k5Qj
l6qSe0c4V5UKq1LoGpCWZDaOHtGFAAABbHeWhz0AAAQDAEcwRQIgPsDGEyoyM1K+
ZF9xTkrzjK//goZ7mM13mfV4RyB3UaECIQDga0C9lx6aoBc9dGRbc6Z4VbxlXyzz
4S5c3h04r3wQOwB2AO5Lvbd1zmC64UJpH6vhnmajD35fsHLYgwDEe4l6qP3LAAAB
bHeWhmYAAAQDAEcwRQIhAM3An43242oUHauorpbSh+7ZFDo3np/jIg85FTBXIPFG
AiAEAtGUvMoOCx9Y4rq6Nb59dmNhGiP0N4sMWTPANUyOazANBgkqhkiG9w0BAQsF
AAOCAQEAD9OY0rV54+fjV18XvCUPRowYcB8OuAxcZeY7c1fzT1jIFUHSmaSEVdXf
eZfc5KegPdJ3AJuG5LH5ihysq4V21pEX9HHrRIMNLyd78z/39jpHJQOOX5FZfgZe
krLIkDnTJCL6pL6KxbbtO/eN7cAu7zkPFatcCRsJOI88Kd+sykEJXglm6AOmHsNY
0Gj2lp3uU2NQd91lh1ANedSmHWcEZYo6zicQxfcL5dQqBSlHxI1rLxJoIU1UIYvB
6ZuAZeK4kmPHL97IjCwxir2hVlssjO/r/ppg1zPNaDK4QnTN+huOMl4OsaTJwL2R
FACtaNU5lw7Rl7fU+OCIGTJApUVrlw==
-----END CERTIFICATE-----
subject=/C=CH/ST=GE/L=Plan-les-Ouates/O=Proton Technologies AG/CN=protonmail.com
issuer=/C=CH/O=SwissSign AG/CN=SwissSign Server Gold CA 2014 - G22
---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4911 bytes and written 419 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 4096 bit
Secure Renegotiation IS supported
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: C822C7F72CCC289B7B1A54A5D61FFD2070033067F15C98458A0B61165AEC91E8
    Session-ID-ctx:
    Master-Key: D18A1F134E6C6D6A0BBE3FD9681F4DAFEAE7238A26C6935440F989A4E44A7D444D770BF99AF4365D3442C269147793EC
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1622121358
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
closed

niallobr avatar May 27 '21 11:05 niallobr