I have the exact same issue as of a couple a days ago. Took a while to figure out what the problem was. Not sure how to make it point something else than default. which is vleu-no2-ovpn-udp.pointtoserver.com:53

It comforts me to know that I'm not the only one :)

For me, PureVPN was just awful. It wasn't great when I got a lifetime sub some years ago and has been steadily going downhill.

Definitely a PUREVPN issue.

Sun Jan 19 07:09:00 2020 Could not determine IPv4/IPv6 protocol
Sun Jan 19 07:09:00 2020 SIGUSR1[soft,init_instance] received, process restarting
Sun Jan 19 07:14:00 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sun Jan 19 07:14:00 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Jan 19 07:14:00 2020 RESOLVE: Cannot resolve host address: vleu-no2-ovpn-udp.pointtoserver.com:53 (Name or service not known)
Sun Jan 19 07:14:01 2020 RESOLVE: Cannot resolve host address: vleu-no2-ovpn-udp.pointtoserver.com:53 (Name or service not known)

So I'm digging around and /var/lib/docker/overlay2/2507aa3744ee85b769bca9c1018c2bc7ab33afe376b429883cde7b779d08463d/diff/etc/openvpn/purevpn/default.ovpn#
here the 1 remote server is set to vleu-no2-ovpn-udp.pointtoserver.com. Changing it here does nothing, How does docker use these files in overlay2?

Here are the only server available in Norway and there is no longer number 2

So I'm digging around and /var/lib/docker/overlay2/2507aa3744ee85b769bca9c1018c2bc7ab33afe376b429883cde7b779d08463d/diff/etc/openvpn/purevpn/default.ovpn#
here the 1 remote server is set to vleu-no2-ovpn-udp.pointtoserver.com. Changing it here does nothing, How does docker use these files in overlay2?

actually something happened, if set to anything else. i get TLS hadshake error.

Wish I knew how to fix, but I’m stuck at the moment until I can really dig in.

under /etc/openvpn/purevpn is the default opvpn config file "default.ovpn" it is a symbolic link to the default openvpn config which is Norway-udp.ovpn
I guess there are a number of solutions:
[1] change that symbolic link to reference to another ovpn profile
[2] edit Norway-udp.ovpn and change line 4 to "remote vleu-no1-ovpn-udp.pointtoserver.com 53"

I went for option 1 (because the 2nd one didnt work for some reason). Now the symbolic link points to Netherlands-udp.ovpn. And everything works again

update:

• correct location: /etc/openvpn/purevpn
• 2nd solution didnt work for me for some reason. Dont know why.

under /openvpn/purevpn is the default opvpn config file "default.ovpn" it is a symbolic link to the default openvpn config which is Norway-udp.ovpn
I guess there are a number of solutions:

• change that symbolic link to reference to another ovpn profile
• edit Norway-udp.ovpn nd change line 4 to "remote vleu-no1-ovpn-udp.pointtoserver.com 53"

Ok but where is exactly the ovpn file ?

under /openvpn/purevpn is the default opvpn config file "default.ovpn" it is a symbolic link to the default openvpn config which is Norway-udp.ovpn
I guess there are a number of solutions:

• change that symbolic link to reference to another ovpn profile
• edit Norway-udp.ovpn nd change line 4 to "remote vleu-no1-ovpn-udp.pointtoserver.com 53"

There is no purevpn dir in openvpn only 2 files update-resolve-conf and up.sh. there's actually no Norway-udp.ovpn to be found anywhere, I mean except for the one I found in /var/lib/docker/overlay2/2507aa3744ee85b769bca9c1018c2bc7ab33afe376b429883cde7b779d08463d/diff/etc/openvpn/purevpn/

If I change that I get TLS handshake error

Try deleting the container and re-downloading it. Then add a value for a different location such as OPENVPN_CONFIG=Netherlands-udp

Via Portainer:
I was able to simply stop the container, update the OPENVPN_CONFIG with a new value (used Netherlands-udp) and restart the container.

PureVPN available values for OPENVPN_CONFIG include:

Australia-udp
Belgium-udp
Canada-udp
Denmark-udp
France-udp
Germany-udp
Italy-udp
Japan-udp
Korea-udp
Netherlands-udp
Norway-udp
Panama-udp
Sweden-udp
Taiwan-udp
UK-London-udp
US-Chicago-udp
US-Houston-udp
US-SaltLakeCity-udp
US-SanFrancisco-udp
US-WashingtonDC-udp
US-udp

Via Portainer:
I was able to simply stop the container, update the OPENVPN_CONFIG with a new value (used Netherlands-udp) and restart the container.

PureVPN available values for OPENVPN_CONFIG include:

Australia-udp
Belgium-udp
Canada-udp
Denmark-udp
France-udp
Germany-udp
Italy-udp
Japan-udp
Korea-udp
Netherlands-udp
Norway-udp
Panama-udp
Sweden-udp
Taiwan-udp
UK-London-udp
US-Chicago-udp
US-Houston-udp
US-SaltLakeCity-udp
US-SanFrancisco-udp
US-WashingtonDC-udp
US-udp

I test and not work

With OPENVPN_CONFIG:Belgium-udp

2020-01-21 11:25:30 stdout Tue Jan 21 11:25:30 2020 Exiting due to fatal error
2020-01-21 11:25:30 stdout Tue Jan 21 11:25:30 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
2020-01-21 11:25:29 stdout Tue Jan 21 11:25:29 2020 [Secure-Server] Peer Connection Initiated with [AF_INET]172.111.223.4:53
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 UDP link remote: [AF_INET]172.111.223.4:53
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 UDP link local (bound): [AF_INET][undef]:1194
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]172.111.223.4:53
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
2020-01-21 11:25:28 stdout Tue Jan 21 11:25:28 2020 WARNING: file '/etc/openvpn/purevpn/Wdc.key' is group or others accessible
2020-01-21 11:25:27 stdout adding route to local network 192.168.0.0/24 via 172.17.0.1 dev eth0
2020-01-21 11:25:27 stdout Setting OPENVPN credentials...
2020-01-21 11:25:27 stdout Starting OpenVPN using config Belgium-udp.ovpn
2020-01-21 11:25:27 stdout Using OpenVPN provider: PUREVPN

With OPENVPN_CONFIG:Netherlands-udp

2020-01-21 11:28:00 stdout Tue Jan 21 11:28:00 2020 Exiting due to fatal error
2020-01-21 11:28:00 stdout Tue Jan 21 11:28:00 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
2020-01-21 11:27:58 stdout Tue Jan 21 11:27:58 2020 or from peer address: [AF_INET]172.94.19.4:53
2020-01-21 11:27:58 stdout Tue Jan 21 11:27:58 2020 or from peer address: [AF_INET]188.72.98.4:53
2020-01-21 11:27:58 stdout Tue Jan 21 11:27:58 2020 TCP/UDP: Incoming packet rejected from [AF_INET]172.111.223.4:53[2], expected peer address: [AF_INET]178.170.137.4:53 (allow this incoming source address/port by removing --remote or adding --float)
2020-01-21 11:27:58 stdout Tue Jan 21 11:27:58 2020 [Secure-Server] Peer Connection Initiated with [AF_INET]178.170.137.4:53
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 UDP link remote: [AF_INET]178.170.137.4:53
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 UDP link local (bound): [AF_INET][undef]:1194
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]178.170.137.4:53
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
2020-01-21 11:27:57 stdout Tue Jan 21 11:27:57 2020 WARNING: file '/etc/openvpn/purevpn/Wdc.key' is group or others accessible
2020-01-21 11:27:57 stdout adding route to local network 192.168.0.0/24 via 172.17.0.1 dev eth0
2020-01-21 11:27:57 stdout Setting OPENVPN credentials...
2020-01-21 11:27:57 stdout Starting OpenVPN using config Netherlands-udp.ovpn
2020-01-21 11:27:57 stdout Using OpenVPN provider: PUREVPN

I went thru the same issue.

under /etc/openvpn/purevpn is the default opvpn config file "default.ovpn" it is a symbolic link to the default openvpn config which is Norway-udp.ovpn
I guess there are a number of solutions:
[1] change that symbolic link to reference to another ovpn profile
[2] edit Norway-udp.ovpn and change line 4 to "remote vleu-no1-ovpn-udp.pointtoserver.com 53"

I went for option 1 (because the 2nd one didnt work for some reason). Now the symbolic link points to Netherlands-udp.ovpn. And everything works again

update:

• correct location: /etc/openvpn/purevpn
• 2nd solution didnt work for me for some reason. Dont know why.

The second solution worked for me as well.
Hostname in default.ovpn file is no longer vaild.

Not work for me when i change vleu-no2 to vleu-no1... :'(

I try to remove all and redownload/reconfig

I've just make the change in norway-udp and norway-tcp (with vleu-no1-ovpn-udp.pointtoserver.com and vleu-no1-ovpn-tcp.pointtoserver.com) and send a pull request. Until the next version of the code come up you have tu use an other purevpn server...

I've just make the change in norway-udp and norway-tcp (with vleu-no1-ovpn-udp.pointtoserver.com and vleu-no1-ovpn-tcp.pointtoserver.com) and send a pull request. Until the next version of the code come up you have tu use an other purevpn server...

After change UDP and TCP, my container have :

I tryed it and got the same error...

I'm sorry but... i have change my container.

I use Binhex/arch-delugevpn and it's work.

Hey guys. Sorry about the late response. Just merged 2 PRs from @nicomarti83 that hopefully fixes the Norway configs. Thanks @nicomarti83 for providing a fix! 👍

Question is if other configs are outdated as well. Considering just downloading all configs from here https://support.purevpn.com/openvpn-files and replace existing ones. Any comments?

Hi, the fix I made is not functional don't know why... the server adress is ok but got errors at connection.

Using OpenVPN provider: PUREVPN
Starting OpenVPN using config Norway-tcp.ovpn
Setting OPENVPN credentials...
adding route to local network 192.168.1.0/24 via 10.0.3.1 dev eth0
Sat Jan 25 09:32:28 2020 WARNING: file '/etc/openvpn/purevpn/Wdc.key' is group or others accessible
Sat Jan 25 09:32:28 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
Sat Jan 25 09:32:28 2020 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sat Jan 25 09:32:28 2020 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jan 25 09:32:28 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jan 25 09:32:28 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]82.102.22.211:80
Sat Jan 25 09:32:28 2020 Attempting to establish TCP connection with [AF_INET]82.102.22.211:80 [nonblock]
Sat Jan 25 09:32:29 2020 TCP connection established with [AF_INET]82.102.22.211:80
Sat Jan 25 09:32:29 2020 TCP_CLIENT link local: (not bound)
Sat Jan 25 09:32:29 2020 TCP_CLIENT link remote: [AF_INET]82.102.22.211:80
Sat Jan 25 09:32:29 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jan 25 09:32:29 2020 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, [email protected]
Sat Jan 25 09:32:29 2020 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sat Jan 25 09:32:29 2020 TLS_ERROR: BIO read tls_read_plaintext error
Sat Jan 25 09:32:29 2020 TLS Error: TLS object -> incoming plaintext read error
Sat Jan 25 09:32:29 2020 TLS Error: TLS handshake failed
Sat Jan 25 09:32:29 2020 Fatal TLS error (check_tls_errors_co), restarting
Sat Jan 25 09:32:29 2020 SIGUSR1[soft,tls-error] received, process restarting

PureVpn provide new recommanded openvpn files on the support page but lot of servers are missing... I'll write a support ticket to ask explanations.

You built the image yourself? I see the build queue on Docker hub is moving slow so I'm not sure if it's part of the published versions yet. I can try adding a couple of configs from the new recommended servers from PureVPN and then you can see if that works?

I tried to modify the openvpn file in a running docker image.

Aha. Let's try the new ones then. Just give me a sec.

EDIT: Had more issues with this than I though I would. Were getting some errors like this:
OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

This probably has to do with our upgrade to ubuntu 18.04 in #939 as proposed in https://askubuntu.com/questions/1049798/cannot-connect-to-openvpn-after-upgrade-to-18-04/1049802

I tried the tls-cipher "DEFAULT:@SECLEVEL=0" suggestion in the config without any luck.
TCP configs seems to work though. Pushing new changes now and we'll see 🤞

The builds on Docker hub is queueing forever. If you have time to test it now @nicomarti83 you can use haugene/transmission-openvpn:nico that I built and pushed directly. I'll delete that tag in a couple of hours when the new dev image is pushed.

Seems to work fine, I've got just an inhabitual error

Sun Feb 2 21:18:42 2020 ERROR: Linux route add command failed: external program exited with error status: 2

Yeah. I was half expecting that. I think it's due to this line:
https://github.com/haugene/docker-transmission-openvpn/blob/dev/openvpn/purevpn/nl2-ovpn-tcp-tcp.ovpn#L119

Can you try to edit the config in the container, removing that line and see if the error disappears?

No more errors :)

Great! Thing about removing route commands is that you kind of think it's good for something. You can run a test-torrent to see that the traffic is still behind VPN. It shouldn't matter as the command errors anyways. I guess that option isn't compatible with running in a container or something.

945 suggests to replace it with redirect-gateway. If that works for PureVPN as well, it might be the better option.

I tried this (https://torguard.net/checkmytorrentipaddress.php) and the trafic is still passing trough the vpn.
If I understand you have replace the old openvpn files with the new ones ? In this case we have lost a lot of servers. I wait for an answer of the purevpn team about this limited new servers file.

For the record there is two news warning in the logs

Sun Feb 2 21:32:37 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1560'
Sun Feb 2 21:32:37 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

Yes - I've replaced all the old ones with the new. Let me know what PureVPN says and we can take it from there. I also saw those warnings in the logs when I tested. Looks like we can just update those on the client side.

the message from purevpn:

in recommended openvpn there are few locations on which our team is working on it. If you wish to use more locations then you may use the old openVPN files. It will also work fine with our services.
Further,You may also edit the Openvpn file from below link:
https://support.purevpn.com/vpn-servers
And make your own from above link with openvpn servers in Notepad via .ovpn extension.
Feel free to contact us if you have any questions.
Regards,
Angelo

If you'r ok I can build all ovpn files with the new template of the recomanded servers for the P2P compatible servers (https://support.purevpn.com/p2p-file-sharing).

I'm also getting the ca md too weak error. Has there been any progress on this? Anything I can do to help?

If you'r ok I can build all ovpn files with the new template of the recomanded servers for the P2P compatible servers (https://support.purevpn.com/p2p-file-sharing).

_This list is pretty out to date, I used it but basically only Netherland let you download permanently
If I use another server from the list, after a day or two of download, I get ban from this server for at least month than it work again._

I add similar issue few months ago and by chatting with a competent tech he gave me new certificate which resolve my situation.

__basically it was ca2.crt which is mentioned here but I can't find anymore__

.... I found the CA2.CRT on one of my computer

-----BEGIN CERTIFICATE-----
MIIE6DCCA9CgAwIBAgIJAMjXFoeo5uSlMA0GCSqGSIb3DQEBCwUAMIGoMQswCQYD
VQQGEwJISzEQMA4GA1UECBMHQ2VudHJhbDELMAkGA1UEBxMCSEsxGDAWBgNVBAoT
D1NlY3VyZS1TZXJ2ZXJDQTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1NlY3VyZS1T
ZXJ2ZXJDQTEYMBYGA1UEKRMPU2VjdXJlLVNlcnZlckNBMR8wHQYJKoZIhvcNAQkB
FhBtYWlsQGhvc3QuZG9tYWluMB4XDTE2MDExNTE1MzQwOVoXDTI2MDExMjE1MzQw
OVowgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdDZW50cmFsMQswCQYDVQQHEwJI
SzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQswCQYDVQQLEwJJVDEYMBYGA1UE
AxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9TZWN1cmUtU2VydmVyQ0ExHzAd
BgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW4wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDluufhyLlyvXzPUL16kAWAdivl1roQv3QHbuRshyKacf/1
Er1JqEbtW3Mx9Fvr/u27qU2W8lQI6DaJhU2BfijPe/KHkib55mvHzIVvoexxya26
nk79F2c+d9PnuuMdThWQO3El5a/i2AASnM7T7piIBT2WRZW2i8RbfJaTT7G7LP7O
pMKIV1qyBg/cWoO7cIWQW4jmzqrNryIkF0AzStLN1DxvnQZwgXBGv0CwuAkfQuNS
Lu0PQgPp0PhdukNZFllv5D29IhPr0Z+kwPtrAgPQo+lHlOBHBMUpDT4XChTPeAvM
aUSBsqmonAE8UUHEabWrqYN/kWNHCNkYXMkiVmK1AgMBAAGjggERMIIBDTAdBgNV
HQ4EFgQU456ijsFrYnzHBShLAPpOUqQ+Z2cwgd0GA1UdIwSB1TCB0oAU456ijsFr
YnzHBShLAPpOUqQ+Z2ehga6kgaswgagxCzAJBgNVBAYTAkhLMRAwDgYDVQQIEwdD
ZW50cmFsMQswCQYDVQQHEwJISzEYMBYGA1UEChMPU2VjdXJlLVNlcnZlckNBMQsw
CQYDVQQLEwJJVDEYMBYGA1UEAxMPU2VjdXJlLVNlcnZlckNBMRgwFgYDVQQpEw9T
ZWN1cmUtU2VydmVyQ0ExHzAdBgkqhkiG9w0BCQEWEG1haWxAaG9zdC5kb21haW6C
CQDI1xaHqObkpTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQCvga2H
MwOtUxWH/inL2qk24KX2pxLg939JNhqoyNrUpbDHag5xPQYXUmUpKrNJZ0z+o/Zn
NUPHydTSXE7Z7E45J0GDN5E7g4pakndKnDLSjp03NgGsCGW+cXnz6UBPM5FStFvG
dDeModeSUyoS9fjk+mYROvmiy5EiVDP91sKGcPLR7Ym0M7zl2aaqV7bb98HmMoBO
xpeZQinof67nKrCsgz/xjktWFgcmPl4/PQSsmqQD0fTtWxGuRX+FzwvF2OCMCAJg
p1RqJNlk2g50/kBIoJVPPCfjDFeDU5zGaWGSQ9+z1L6/z7VXdjUiHL0ouOcHwbiS
4ZjTr9nMn6WdAHU2
-----END CERTIFICATE-----

ca md too weak

So basically PureVPN remote my machine since 2days to fix Slow Connection on my Linux Machine

I open several ticket and one of them is purevpn tls handshake failed which is due of their old version on OpenVPN on their server side.

they gave me this list of new server, which still not published
you need to use them with CA2.crt such as published earlier

kinda beta stage

usut2-ovpn-tcp.pointtoserver.com
usut2-ovpn-udp.pointtoserver.com
ussf2-ovpn-tcp.pointtoserver.com
ussf2-ovpn-udp.pointtoserver.com
usil2-ovpn-tcp.pointtoserver.com
usil2-ovpn-udp.pointtoserver.com
usga2-ovpn-tcp.pointtoserver.com
usga2-ovpn-udp.pointtoserver.com
ustx2-ovpn-tcp.pointtoserver.com
ustx2-ovpn-udp.pointtoserver.com
usnj2-ovpn-tcp.pointtoserver.com
usnj2-ovpn-udp.pointtoserver.com
usphx2-ovpn-tcp.pointtoserver.com
usphx2-ovpn-udp.pointtoserver.com
usny2-ovpn-tcp.pointtoserver.com
usny2-ovpn-udp.pointtoserver.com
usla2-ovpn-tcp.pointtoserver.com
usla2-ovpn-udp.pointtoserver.com
uswdc2-ovpn-tcp.pointtoserver.com
uswdc2-ovpn-udp.pointtoserver.com
ca2-ovpn-tcp.pointtoserver.com
ca2-ovpn-udp.pointtoserver.com
vleu-no2-ovpn-tcp.pointtoserver.com
vleu-no2-ovpn-udp.pointtoserver.com
ukl2-ovpn-tcp.pointtoserver.com
ukl2-ovpn-udp.pointtoserver.com 
nl2-ovpn-tcp.pointtoserver.com
nl2-ovpn-udp.pointtoserver.com
us2.ovpn-tcp.pointtoserver.com
us2.ovpn-udp.pointtoserver.com
se2-ovpn-tcp.pointtoserver.com
se2-ovpn-udp.pointtoserver.com
de2-ovpn-tcp.pointtoserver.com
de2-ovpn-udp.pointtoserver.com
au2-ovpn-tcp.pointtoserver.com
au2-ovpn-udp.pointtoserver.com
vleu-be2-ovpn-tcp.pointtoserver.com
vleu-be2-ovpn-udp.pointtoserver.com
fr2-ovpn-tcp.pointtoserver.com
fr2-ovpn-udp.pointtoserver.com
it2-ovpn-tcp.pointtoserver.com
it2-ovpn-udp.pointtoserver.com
vleu-no2-ovpn-tcp.pointtoserver.com
vleu-no2-ovpn-udp.pointtoserver.com
vlus-pa2-ovpn-tcp.pointtoserver.com
vlus-pa2-ovpn-udp.pointtoserver.com
tw2-ovpn-tcp.pointtoserver.com
tw2-ovpn-udp.pointtoserver.com
at2-ovpn-tcp.pointtoserver.com
at2-ovpn-udp.pointtoserver.com

kinda alpha stage

theses works for torrenting

hk2-ovpn-udp.pointtoserver.com
hk2-ovpn-tcp.pointtoserver.com
de2-ovpn-udp.pointtoserver.com
de2-ovpn-tcp.pointtoserver.com

nl-cn1.ptoserver.com
de-cn1.ptoserver.com
de-ao1.pointtoserver.com
de-ao.pointtoserver.com
de.pointtoserver.com
nl.pointtoserver.com

@haugene I am also having a problem with purevpn. Here's the log:
OpenSSL: error:140AB18E:SSL routines:SSL_CTX_use_certificate:ca md too weak

Is there a permanent fix?

@kennyparsons the issue is well-known and it's an issue on the PureVPN side; the OpenVPN version they use is incompatible with the version used by in this docker.

Even if I'm a PureVPN user, I'm not a fan of their service, but I've been in discussion with them quite a few time and their obviously works on new servers which use a newer OpenVPN version and is compatible with. It's the list above. if you use these servers it will work.

@JOduMonT It is an issue on the purevpn side, as they've issued the wrong certificates in their new openvpn configs. I finally figured this out last night. I was able to fix this really easy. Here's what I did:
1. add /path/to/custom:/etc/openvpn/custom to my volume mounts
- Create a copy of the ovpn file you want to use to connect to purevpn in this host path (/path/to/custom)
- Create an auth.txt file here as well that contains two lines. Line 1 is the username only, line 2 is the password only
2. add /path/to/openvpn.cnf:/etc/ssl/openssl.cnf to my volume mounts
- This is the config which is causing the md too weak
- The openssl.cnf file is attached, but all I changed was the default_md from default to sha256
3. Edit the config of the server you want to connect to. For example, nl2-openvpn-udp-udp.ovpn
- Add /etc/openvpn/custom/auth.txt to the auth-user-pass line
- Remove the config groups: <ca>, <cert>, <key>, and <tls-auth>
- Add the contents of the attached file replacement_details.txt. These are the correct certs and keys.
4. Finally, edit the openvpn provider to use CUSTOM as the provider

Hope this helps someone. @haugene I'd be glad to help with a pull request to change the openssl.cnf
replacement_details.txt
openssl.cnf.txt

@kennyparsons do you use the ca2.crt or ca.crt ?

@kennyparsons do you use the ca2.crt or ca.crt ?

@JOduMonT I used the details in ca2.crt, provided by PureVPN support.

_{Sent with GitHawk}

@JOduMonT It is an issue on the purevpn side, as they've issued the wrong certificates in their new openvpn configs. I finally figured this out last night. I was able to fix this really easy. Here's what I did:

1. add /path/to/custom:/etc/openvpn/custom to my volume mounts

• Create a copy of the ovpn file you want to use to connect to purevpn in this host path (/path/to/custom)
• Create an auth.txt file here as well that contains two lines. Line 1 is the username only, line 2 is the password only

1. add /path/to/openvpn.cnf:/etc/ssl/openvssl.cnf to my volume mounts

• This is the config which is causing the md too weak
• The openssl.cnf file is attached, but all I changed was the default_md from default to sha256

1. Edit the config of the server you want to connect to. For example, nl2-openvpn-udp-udp.ovpn

• Add /etc/openvpn/custom/auth.txt to the auth-user-pass line
• Remove the config groups: <ca>, <cert>, <key>, and <tls-auth>
• Add the contents of the attached file replacement_details.txt. These are the correct certs and keys.

1. Finally, edit the openvpn provider to use CUSTOM as the provider

Hope this helps someone. @haugene I'd be glad to help with a pull request to change the openssl.cnf
replacement_details.txt
openssl.cnf.txt

Please submit the PR and I can review this

It looks the .ovpn files (https://support.purevpn.com/openvpn-files) provided by PureVPN are working fine. Including Norway TCP and UDP.

I slightly modified them to get rid of some warnings. Here are the differences:

(left side is from the repo, right side is what I got from PureVPN and modified)

< verb 1
---
> verb 3
4c4
< remote vlap-ph2-ovpn.pointtoserver.com 80
---
> remote vlap-ph2-ovpn-tcp.pointtoserver.com 80
7a8,10
> auth-nocache
> tun-mtu 1500
> comp-lzo
92,94c95,97
< # 
< # 2048 bit OpenVPN static key 
< # 
---
> #
> # 2048 bit OpenVPN static key
> #
117,119c120,121
< route-method exe 
< route-delay 2 
< route 0.0.0.0 0.0.0.0
---
> route-method exe
> route-delay 2

The UDP files have more differences. The certificates from the repo are outdated.

The > auth-nocache line suppress the following warning:

transmission    | Sat Jun  6 22:32:16 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

The > tun-mtu 1500 suppress the following, however, I'm not sure what it means:

transmission    | Sat Jun  6 22:32:17 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1560'

The comp-lzo enables compression and suppress the warning:

transmission    | Sat Jun  6 22:32:17 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

The removal of route 0.0.0.0 0.0.0.0 suppress the following (as suggested/tested earlier in this thread).

transmission    | Sat Jun  6 22:32:21 2020 ERROR: Linux route add command failed: external program exited with error status: 2

I'm running this configuration for a couple of weeks switching providers and protocols from time to time and running fine at max speed. The speed is just limited by my internet provider plan.

If people still have enough interest on this subject, I'm happy to provide the PR to add/remove/update the .ovpn files (both TCP and UDP). If so, just let me know which branch should i work.

Hey, yeah, would be great if you could update the ovpn.
Just fork the repo and once you have pushed the changes to your fork it
should auto ask you to create a PR against this repo.
Thanks

On Sun, Jun 7, 2020 at 12:13 Daniel Spagnol notifications@github.com
wrote:

It looks the .ovpn files (https://support.purevpn.com/openvpn-files)
provided by PureVPN are working fine. Including Norway TCP and UDP.

I slightly modified them to get rid of some warnings. Here are the
differences:

(left side is from the repo, right side is what I got from PureVPN and
modified)

2c2

< verb 1

verb 3
4c4

< remote vlap-ph2-ovpn.pointtoserver.com 80

remote vlap-ph2-ovpn-tcp.pointtoserver.com 80
7a8,10
auth-nocache
tun-mtu 1500
comp-lzo
92,94c95,97
< #
< # 2048 bit OpenVPN static key

< #

#

2048 bit OpenVPN static key

#
117,119c120,121
< route-method exe
< route-delay 2

< route 0.0.0.0 0.0.0.0

route-method exe
route-delay 2

The UDP files have more differences. The certificates from the repo are
outdated.

The > auth-nocache line suppress the following warning:

transmission | Sat Jun 6 22:32:16 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

The > tun-mtu 1500 suppress the following, however, I'm not sure what it
means:

transmission | Sat Jun 6 22:32:17 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1560'

The comp-lzo enables compression and suppress the warning:

transmission | Sat Jun 6 22:32:17 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

The removal of route 0.0.0.0 0.0.0.0 suppress the following (as
suggested/tested earlier in this thread).

transmission | Sat Jun 6 22:32:21 2020 ERROR: Linux route add command failed: external program exited with error status: 2

I'm running this configuration for a couple of weeks switching providers
and protocols from time to time and running fine at max speed. The speed is
just limited by my internet provider plan.

If people still have enough interest on this subject, I'm happy to provide
the PR to add/remove/update the .ovpn files (both TCP and UDP). If so, just
let me know which branch should i work.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
https://github.com/haugene/docker-transmission-openvpn/issues/1012#issuecomment-640150271,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AA7OFYWZEQG4OMGMAAH75D3RVMAUFANCNFSM4KITQQBA
.

1242 merged, so closing this for now

Purevpn started failing on me again. Continuously getting TLS Error: TLS key negotiation failed. Their support is terrible. They still havent fixed the in-line cert. Anyone else having this issue?

Purevpn started failing on me again. Continuously getting TLS Error: TLS key negotiation failed. Their support is terrible. They still havent fixed the in-line cert. Anyone else having this issue?

Which server are you using? Which build are you testing? FYI, the fix is still in dev, not merged to master yet.