Docker-transmission-openvpn: ProtonVPN connection error

Created on 23 Oct 2019 · 12Comments · Source: haugene/docker-transmission-openvpn

Description
No change made to the config, suddenly it stopped working. The docker keeps trying to connect to ProtonVPN with no success.

Add your docker run command
docker run -d --name='Transmission_VPN' --net='bridge' --log-opt max-size='50m' --log-opt max-file='1' --privileged=true -e TZ="Europe/Paris" -e HOST_OS="Unraid" -e 'OPENVPN_USERNAME'='_myusername_' -e 'OPENVPN_PASSWORD'='_mypassword_' -e 'OPENVPN_CONFIG'='Switzerland' -e 'OPENVPN_PROVIDER'='PROTONVPN' -e 'LOCAL_NETWORK'='192.168.1.0/24' -e 'TRANSMISSION_RPC_USERNAME'='admin' -e 'TRANSMISSION_RPC_PASSWORD'='password' -e 'OPENVPN_OPTS'='--inactive 3600 --ping 10 --ping-exit 60' -e 'PUID'='99' -e 'PGID'='100' -e 'TRANSMISSION_DOWNLOAD_DIR'='/downloads' -e 'TRANSMISSION_RPC_AUTHENTICATION_REQUIRED'='false' -e 'TRANSMISSION_RATIO_LIMIT'='1.1' -e 'TRANSMISSION_RATIO_LIMIT_ENABLED'='false' -p '9091:9091/tcp' -p '1198:1198/udp' -v '/mnt/user/appdata/Transmission_VPN/':'/data':'rw' -v '/mnt/user/Media/download/':'/downloads':'rw' -v '/mnt/user/Media/download/Watch/':'/watch':'rw' -v '/mnt/user/appdata/Transmission_VPN':'/config':'rw' --restart=always --log-opt max-size=50m --log-opt max-file=1 'haugene/transmission-openvpn'

Logs
Wed Oct 23 20:19:47 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
Wed Oct 23 20:19:47 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Wed Oct 23 20:19:47 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Oct 23 20:19:47 2019 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Oct 23 20:19:47 2019 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Oct 23 20:19:47 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]62.112.9.165:5060
Wed Oct 23 20:19:47 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Oct 23 20:19:47 2019 UDP link local: (not bound)
Wed Oct 23 20:19:47 2019 UDP link remote: [AF_INET]62.112.9.165:5060
Wed Oct 23 20:20:47 2019 [UNDEF] Inactivity timeout (--ping-exit), exiting
Wed Oct 23 20:20:47 2019 SIGTERM[soft,ping-exit] received, process exiting
Using OpenVPN provider: PROTONVPN
Supplied config Switzerland.ovpn could not be found.
Using default OpenVPN gateway for provider protonvpn
Setting OPENVPN credentials...
adding route to local network 192.168.1.0/24 via 172.17.0.1 dev eth0

Host system:
Unraid Docker

Source

yayitazale

Most helpful comment

Thanks for your investigations @haugene. I tried it again and it works for now. Even came up on the first try.
I had the same behaviour as @yayitazale yesterday where the container was in a restart loop.

According to their Blog, Proton introduced new servers in Greece two days ago. Maybe they also deployed some buggy configs for other regions by mistake. Who knows...

I will monitor the behaviour and might open a support ticket with them if the issues should come back.

ChristophWenk on 24 Oct 2019

👍2

All 12 comments

Having the same problem with Proton. Problems started today 23.10.2019 12:42 CEST. Unfortunately the last log entries are from yesterday so I am not of much help. All I can say it's not you alone.

ChristophWenk on 23 Oct 2019

👍1

Yup same issue here using a Synology NAS. Also using ProtonVPN as a provider.

midnightmercenary on 23 Oct 2019

It looks like the problem is fetching the .ovpn files from Proton's server... not sure...

yayitazale on 23 Oct 2019

Hey guys. I've had a look at this and the error seems to be more "random" than expected.

First of all, there has been updates to the ProtonVPN configs lately and I'd been slow with merging them, so I thought that was it. Merged all updated configs to master branch and tested. And it worked. I got AUTH_FAILED, but I don't have an account so that's expected and it means that I was successfully communicating with the server.

Then I retried with an older image, and it still worked. Then I tried again on the new image and it failed. That's when I saw that there was another pattern in the working/non-working examples.

In the cases where it worked, I was connecting to:
Thu Oct 24 11:59:43 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]62.112.9.165:443
While in the cases it failed I was connecting to:
Thu Oct 24 11:59:09 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]62.112.9.165:5060

The ports are different and that seems to play a big part. This is also the same port as you have in your logs @yayitazale.

Now... That being said, the log line about Supplied config Switzerland.ovpn could not be found is not surprising as I can't see that it's ever been a config in ProtonVPN directory in this image.
When the config is missing it falls back to the default config which is nl-01.protonvpn.com.udp.ovpn

That file defines the following remotes:

remote 62.112.9.165 80
remote 62.112.9.165 443
remote 62.112.9.165 4569
remote 62.112.9.165 1194
remote 62.112.9.165 5060

One of them will be picked at startup, and you just have to hope it's the right one. If my suspicions are correct then you should be able to connect if you just try multiple times until one of the working remotes are selected. Why the :5060 remote is there I don't know, these are ProtonVPN configs.

If you start the container with --restart=always, and the --ping-exit option that is described in the readme, the container should exit when it can't connect and Docker Daemon will restart it until it finally connects.

PS: It probably won't hurt to pull the new image anyways docker pull haugene/transmission-openvpn:latest before starting it. But there shouldn't be any change to that specific (default) config.

Let me know how it goes!

haugene on 24 Oct 2019

I left the container running yesterday, as you can see, with the -restart=always and the --ping-exit arguments, and it was looping ifinitely by the Docker Daemon trying each port at a time with no success. For my config (-p '1198:1198/udp' ) I understand that it has to work on remote 62.112.9.165 1194, but it doesn't.

I will give a try this evening...

yayitazale on 24 Oct 2019

I don't think the -p 1198:1198 has any effect. This is forwarding a port from your host to the container, but that is not where the VPN traffic is going. The VPN traffic is on the tun0 interface and you don't need to open any ports to communicate with the provider when you are the client.

haugene on 24 Oct 2019

What you could do is to docker exec into the container and remove the lines other than :443 from the config being used. Then restart it. Just to see if there is a deeper problem or if it is the configs.

haugene on 24 Oct 2019

According to their Blog, Proton introduced new servers in Greece two days ago. Maybe they also deployed some buggy configs for other regions by mistake. Who knows...

I will monitor the behaviour and might open a support ticket with them if the issues should come back.

ChristophWenk on 24 Oct 2019

👍2

Working perfectly without touching anything. Thanks a lot. I close this threat.

yayitazale on 24 Oct 2019

👍1

Last update broked the protonvpn

It doesn't matter witch country do you select, it says that the file can't be found, and the default is failing too

Use --help for more information.
Using OpenVPN provider: PROTONVPN
Supplied config Switzerland.ovpn could not be found.
Using default OpenVPN gateway for provider protonvpn
Setting OPENVPN credentials...
adding route to local network 192.168.1.0/24 via 172.17.0.1 dev eth0
Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/protonvpn/default.ovpn:1: nl-01.protonvpn.com.udp.ovpn (2.4.7)

yayitazale on 4 Jun 2020

Regarding country.. check the proton VPN files.. there is no Switzerland.. it’s ch-1 etc..
Regarding the default, I linked it to a random one, please try and download the ovpn from this repo and try with custom