Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

<FASTESTVPN>

Where are the configs?

REQUIRED

<[Fastestvpn_ovpn(2).zip](https://github.com/haugene/vpn-configs-contrib/files/7040894/Fastestvpn_ovpn.2.zip)>

Additional context

Optional

<[Fastestvpn_ovpn(2).zip](https://github.com/haugene/vpn-configs-contrib/files/7040894/Fastestvpn_ovpn.2.zip) for optional>

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

transmission:
image: haugene/transmission-openvpn:dev
container_name: transmission
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
restart: unless-stopped
network_mode: mybridge
logging:
driver: json-file
options:
max-size: "10m"
ports:
- 9091:9091
dns:
- 8.8.8.8
- 8.8.4.4
volumes:
- /etc/localtime:/etc/localtime:ro
- /mnt/media_sharing/Downloads/Transmission/:/data
environment:
- CREATE_TUN_DEVICE=false
- OPENVPN_PROVIDER=PIA
- PIA_OPENVPN_CONFIG_BUNDLE=openvpn
- OPENVPN_CONFIG=sweden
- OPENVPN_USERNAME=xxxxxx
- OPENVPN_PASSWORD=xxxxxx
- WEBPROXY_ENABLED=false
- GLOBAL_APPLY_PERMISSIONS=false
- LOCAL_NETWORK=192.168.1.0/24
- TRANSMISSION_DOWNLOAD_QUEUE_ENABLED=false
- TRANSMISSION_DOWNLOAD_QUEUE_SIZE=1000
- TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED=true
- TRANSMISSION_SPEED_LIMIT_DOWN=14000
- TRANSMISSION_SPEED_LIMIT_UP_ENABLED=true
- TRANSMISSION_SPEED_LIMIT_UP=500
- TRANSMISSION_LPD_ENABLED=true
- TRANSMISSION_UTP_ENABLED=true
- TRANSMISSION_PEX_ENABLED=true
- TRANSMISSION_DHT_ENABLED=true
- TRANSMISSION_RATIO_LIMIT_ENABLED=true
- TRANSMISSION_RATIO_LIMIT=2
- start-added-torrents=true

Current Behavior

Port forwarding failed to open, marked as closed into the network tab of transmission.

Expected Behavior

Having a port opened correctly and reachable with status "Open" in network tab, as the previous dev docker image.

How have you tried to solve the problem?

Can't coming back on the dev version, but was working before.

Log output

STARTING TRANSMISSION
Provider PIA has a script for automatic port forwarding. Will run it now.
If you want to disable this, set environment variable DISABLE_PORT_UPDATER=true
Transmission startup script complete.
Thu Oct 21 20:54:23 2021 /sbin/ip route add 195.246.120.22/32 via 172.18.0.1
Thu Oct 21 20:54:23 2021 /sbin/ip route add 0.0.0.0/1 via 10.19.112.1
Thu Oct 21 20:54:23 2021 /sbin/ip route add 128.0.0.0/1 via 10.19.112.1
Thu Oct 21 20:54:23 2021 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Thu Oct 21 20:54:23 2021 Initialization Sequence Completed
Running functions for token based port fowarding
curl: (28) Operation timed out after 15000 milliseconds with 0 bytes received
Thu Oct 21 20:54:44 EDT 2021: getSignature error
{ "status": "ERROR", "message": "Login failed!" }
the has been a fatal_error
parse error: Invalid numeric literal at EOF at line 1, column 3
parse error: Invalid numeric literal at EOF at line 1, column 3
Thu Oct 21 20:54:46 EDT 2021: bindPort error
{ "status": "", "message": "bad signature" }
the has been a fatal_error
transmission auth not required
waiting for transmission to become responsive
transmission became responsive
5 0% 5.83 MB Unknown 0.0 0.0 0.0 Idle
Sum: 7.44 GB 0.0 0.0
setting transmission port to
localhost:9091/transmission/rpc/ responded: "success"
Checking port...
Error: portTested: http error 0: No Response
#######################
SUCCESS
#######################
Port:
Expiration Thu Oct 21 00:00:00 EDT 2021
#######################
Entering infinite while loop
Every 15 minutes, check port status
60 day port reservation reached
Getting a new one
curl: (28) Operation timed out after 15001 milliseconds with 0 bytes received
Thu Oct 21 20:55:12 EDT 2021: getSignature error
{ "status": "ERROR", "message": "Login failed!" }
the has been a fatal_error
parse error: Invalid numeric literal at EOF at line 1, column 3
parse error: Invalid numeric literal at EOF at line 1, column 3
Thu Oct 21 20:55:13 EDT 2021: bindPort error
{ "status": "", "message": "bad signature" }
the has been a fatal_error
transmission auth not required
waiting for transmission to become responsive
transmission became responsive
5 0% 5.83 MB Unknown 0.0 0.0 0.0 Idle
Sum: 7.44 GB 0.0 0.0
setting transmission port to
localhost:9091/transmission/rpc/ responded: "success"
Checking port...
Error: portTested: http error 0: No Response

Environment

- OS: Centos 8
- Docker: Docker version 20.10.7, build f0df350

Anything else?

No response

Which provider?

FastestVPN

Where are the configs?

https://support.fastestvpn.com/download/openvpn-tcp-udp-config-files/

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

version: '3.3'
services:
media-vault:
cap_add:
- NET_ADMIN
restart: unless-stopped
volumes:
- type: volume
source: nfs-elements
target: /data
volume:
nocopy: true
environment:
- NORDVPN_COUNTRY=FR
- NORDVPN_CATEGORY=legacy_p2p
- NORDVPN_PROTOCOL=udp
- OPENVPN_PROVIDER=NORDVPN
- OPENVPN_USERNAME=*****************
- OPENVPN_PASSWORD=**********************
- OPENVPN_CONFIG=france
- LOCAL_NETWORK=192.168.1.0/24
- TRANSMISSION_INCOMPLETE_DIR=/data/New\ Downloads
- TRANSMISSION_DOWNLOAD_DIR=/data/New\ Downloads
logging:
driver: json-file
options:
max-size: 10m
ports:
- '9091:9091'
image: haugene/transmission-openvpn:latest

volumes:
nfs-elements:
driver_opts:
type: "cifs"
o: "username=anon,password=password,file_mode=0777,dir_mode=0777,vers=1.0"
device: "//192.168.1.1/Elements/public"

Current Behavior

Everytime I start the container it gets stuck on "Selecting the best server". Have tried various combinations. Logs never progress past this step.

Expected Behavior

OpenVPN connects and the transmission server becomes accessible

How have you tried to solve the problem?

Tried latest and dev tags
Tried changing between FR and GB.
Changing OPENVPN_CONFIG to undefined, setting to france.
Tried CURL to NordVPN api from machine to check for rate limiting, no problem immediately downloading response.
Tried changing technology between tcp and udp
docker-compose up --context media-vault up -d --force-recreate

Log output

mediavault-media-vault-1 | Starting container with revision: 44c82aa1297b0f4473ad141f2cea326b407d9c22
mediavault-media-vault-1 | Creating TUN device /dev/net/tun
mediavault-media-vault-1 | Using OpenVPN provider: NORDVPN
mediavault-media-vault-1 | Running with VPN_CONFIG_SOURCE auto
mediavault-media-vault-1 | Provider NORDVPN has a bundled setup script. Defaulting to internal config
mediavault-media-vault-1 | Executing setup script for NORDVPN
mediavault-media-vault-1 | Downloading user specified config. NORDVPN_PROTOCOL is set to: tcp
mediavault-media-vault-1 | 2022-07-05 19:44:18 Checking curl installation
mediavault-media-vault-1 | 2022-07-05 19:44:18 Removing existing configs
mediavault-media-vault-1 | 2022-07-05 19:44:18 Selecting the best server...

HW/SW Environment

- OS: Ubuntu 22.04
- Docker: 20.10.12

Anything else?

N/A

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

I have been using the latest branch of Transmission-VPN for few years now. i noticed a recent push (2days ago) that made an edit to the "--ca". this has broken my instance not allowing use of IPVANISH --ca fails with 'ca.ipvanish.com.crt'. I have tried manual paths, downloading copies of the files and using the Custom envitomentals and still nothing. my Config is currently:

transmission-vpn:
  container_name: transmission-vpn
  image: haugene/transmission-openvpn:latest
  restart: always
  networks:
    t2_proxy:
     ipv4_address: 192.168.50.50
  depends_on:
    - traefik
    - organizr
    - oauth
  security_opt:
    - no-new-privileges:true

ports:

- "7900:7878"

  expose:
    - "9091"
    - "8888"
  cap_add:
    - NET_ADMIN
  devices:
    - /dev/net/tun
  dns:
    - 1.1.1.1
    - 1.0.0.1
  volumes:
    - /etc/localtime:/etc/localtime:ro
    - $DOCKERDIR/transmission-vpn:/config
    - $DOCKERDIR/transmission-vpn/data:/data
    - $DOCKERDIR/shared:/shared
    - $DOCKERDIR/transmission-vpn/OpenVPN/:/etc/openvpn/custom/
    - $TMPDATA/Downloads:/watch
    - $TMPDATA/Downloads/completed:/completed
    - $TMPDATA/Downloads/incomplete:/incomplete
  environment:
    OPENVPN_PROVIDER: IPVANISH
    OPENVPN_USERNAME: $IPVANISH_USERNAME
    OPENVPN_PASSWORD: $IPVANISH_PASSWORD
    OPENVPN_CONFIG: ipvanish-UK-Manchester-man-c06,ipvanish-UK-Manchester-man-c07,ipvanish-UK-Manchester-man-c08
    OPENVPN_OPTS: --inactive 3600 --ping 10 --ping-exit 60
    LOCAL_NETWORK: $LOCAL_NETWORK
    PUID: $PUID
    PGID: $PGID
    TZ: $TZ
    UMASK_SET: 2

Current Behavior

Reboot loop of Transmission due to VPN Failure

Expected Behavior

Load VPN as normal

How have you tried to solve the problem?

1. Used custom layout
2. Manually Set Paths
3. Cleared environmentals to see if something was clashing

Log output

Starting container with revision: e6fd367db74075e2b507d420191a55a43b5e8d90

Creating TUN device /dev/net/tun

mknod: /dev/net/tun: File exists

Using OpenVPN provider: IPVANISH

Running with VPN_CONFIG_SOURCE auto

Provider IPVANISH has a bundled setup script. Defaulting to internal config

Executing setup script for IPVANISH

Downloading OpenVPN config bundle configs.zip into temporary file /tmp/tmp.MmBfKT2JPK

Extract OpenVPN config bundle into /etc/openvpn/ipvanish

3 servers found in OPENVPN_CONFIG, ipvanish-UK-Manchester-man-c08 chosen randomly

Starting OpenVPN using config ipvanish-UK-Manchester-man-c08.ovpn

Modifying /etc/openvpn/ipvanish/ipvanish-UK-Manchester-man-c08.ovpn for best behaviour in this container

Modification: Point auth-user-pass option to the username/password file

Modification: Change ca certificate path

Modification: Change ping options

Setting OpenVPN credentials...

adding route to local network 192.168.0.0/24 via 192.168.50.1 dev eth0

Tue Sep 7 12:11:07 2021 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6

Options error: --ca fails with 'ca.ipvanish.com.crt': No such file or directory (errno=2)

Options error: Please correct these errors.

Environment

- OS:20.04
- Docker:

Anything else?

No response

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

FASTESTVPN

<placeholder>

Where are the configs?

**https://support.fastestvpn.com/tutorials/linux/raspberry-pi/openvpn
Fastestvpn_ovpn(2).zip
**

<placeholder>

Additional context

Optional

<placeholder for optional>

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

The CONTRIBUTING.md file does not actually talk about contributing, only about how to use custom configs. It would be good to have it include contributing guidelines or to have a wiki page for it.

As I only have "experience" with one VPN provider and I don't know all the stuff that could be needed for others I only have a short list:

• Make sure not the include any account related directives/certificates (examples needed for user name, password, etc)
• Config directives up and down need to be removed from the config files or commented out with # at the start of the line
• The auth-user-pass config directive needs to be added/replaced and point to /config/openvpn-credentials.txt
• Touch the original configs provided by the provider as less as possible(?) (file names, config directives, etc.)
• Creating a config download script is preferred over storing all configs in this repository when the provider has an API for doing so(?)

What is not 100% clear to me:

• Do you require or prefer a default.ovpn symlink to be present? If so, where should it point to?
• <vpn-technology>/<provider>/<bundle-name>/configs.ovpn is the described folder structure, but privatevpn is basically the only provider that has a <bundle-name> subfolder at the moment. Is this folder strictly organisational for us and can it have any name or does it corresponde to some provider specific parameter? If the former is the case, do we need to take file name uniqueness across all folders into account? Can it have additional subfolders as well? I'm thinking <vpn-technology>/<provider>/free/udp/configs.ovpn and <vpn-technology>/<provider>/free/tcp/configs.ovpn, etc
• Should symlinks be added for profiles that don't exist any more when updating all profile of a provider and have it point to something similar?
• If a provider has p2p specific configs, but the non-p2p work just as well, should both be included anyway or do we stick to what the provider indicates/prefers?
• Should tor openvpn configs be included if provided by the provider?

What else is preferred/recommended/required?

Anything else?

No response

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

ProtonVPN

Where are the configs?

REQUIRED

http://dageek247.com/wordpress/wp-content/uploads/2021/08/protonvpn.zip

Additional context

ProtonVPN claims to block p2p traffic on most of their servers, and allow it on a specific few. https://protonvpn.com/support/p2p-vpn-redirection/ I have found that this block is not complete - it doesn't work for the server I have been using for the past month or on the free version i used at a friends house one time. It is entirely possible that this block doesn't work at all based on my limited testing.

However, in the spirit of using the service as intended, I am providing a file with all the ProtonVPN servers that explicitly support p2p traffic. One thing of note is that ProtonVPN has three tiers of access to their servers. Free, Basic, and Plus. I have access to files for Basic and Free, but not Plus. If someone could download the Plus p2p servers that would also be helpful. Also note that the free plan doesn't have access to any of the servers listed as allowing p2p, so I have just included all of them. This new free list has more servers than the current one. It is all sorted in the zip file, but can be merged into a single folder pretty easily.

Issues with the current protonvpn config files that this file fixes:

• the protonvpn website has the wrong names for some of their files by default
• the current config files are incomplete (it doesn't have all the p2p servers, or all of the actual servers)
• the current config files include p2p servers and non-p2p servers

For ProtonVPN, you can also pick a server that will pick the best target server in a specific country, or you can pick a specific server yourself. These are country configurations and standard configurations. Country will choose a server for you and standard is a specific server connection. I have separated these two different types into two subfolders.

I used sed to switch specific bits of text in the ovpn files:

• I replaced my username with 'protonusername'. These config files mention the downloader's username for things like their ad/malware dns blocker by default, which are helpful, but don't actually need a specific username.
• I replaced 'cipher AES-256-CBC' with '--data-ciphers-fallback AES-256-CBC'. ProtonVPN works without the switch, but openvpn wont write nastygrams in the logs if you change this.
• I replaced 'auth-user-pass' with 'auth-user-pass /config/openvpn-credentials.txt'.
• I also commented out the up/down lines by replacing 'up' with '#up' and 'down' with '#down'.

As far as I can tell, these are all the changes that needed to be made to the ovpn files before they work as a default protonvpn config library.

Which provider?
zorrovpn.com

Where are the configs?
https://ufile.io/28l98gm8

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

Mozilla

Where are the configs?

REQUIRED

I can't find any. It's possible I don't know what I'm doing.
Website here: https://www.mozilla.org/en-US/products/vpn/

Additional context

There is a fork: https://github.com/mozilla/openvpn
I'm not good enough at any of this but would be amazing if Mozilla was added to the base VPN configs.

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

Please see https://github.com/derekcentrico/vpn-configs-contrib-ovpnwork/tree/main/openvpn/ovpn and my talking-to-myself discussion at #111.

I have a script to automatically process the OVPN options based upon defined environmental variables.

I cannot test/utilize this without it being baked internally it would seem:

No bundled config script found for OVPN. Defaulting to external config
Downloading configs from https://github.com/derekcentrico/vpn-configs-contrib-ovpnwork/archive/main.zip into /tmp/tmp.z3yLk1v32P
Extracting configs to /tmp/tmp.Ykzp4V9zrB
Found configs for OVPN in /tmp/tmp.Ykzp4V9zrB/vpn-configs-contrib-ovpnwork-main/openvpn/ovpn, will replace current content in /etc/openvpn/ovpn
Cleanup: deleting /tmp/tmp.z3yLk1v32P and /tmp/tmp.Ykzp4V9zrB
No VPN configuration provided. Using default.
Modifying /etc/openvpn/ovpn/default.ovpn for best behaviour in this container

It may be of value for the project to verify upon download if there is a configure-openvpn.sh prior to determining internal vs. external. Currently, it won't read the OVPN script to set a default.ovpn based upon the defined variables because it isn't "internal." I can open an issue/request on the main project for this if needed.

Anything else?

No response

I'm trying to get the docker-compose for this going in my portainer instance on my openMediaVault server, but I can't seem to get the .ovpn file structured to work correctly.

Can HotspotShield be added to the supported providers, please?

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• I have checked the container repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

Ipvanish config base URL is https://configs.ipvanish.com/configs but /etc/openvpn/ipvanish/configure-openvpn.sh script uses https://www.ipvanish.com/software/configs.

Current Behavior

....
Provider IPVANISH has a bundled setup script. Defaulting to internal config
Executing setup script for IPVANISH
Downloading OpenVPN config bundle configs.zip into temporary file /tmp/tmp.gJKumetqDQ
Extract OpenVPN config bundle into /etc/openvpn/ipvanish
[/tmp/tmp.gJKumetqDQ]
End-of-central-directory signature not found. Either this file is not
a zipfile, or it constitutes one disk of a multi-part archive. In the
latter case the central directory and zipfile comment will be found on
the last disk(s) of this archive.
unzip: cannot find zipfile directory in one of /tmp/tmp.gJKumetqDQ or
/tmp/tmp.gJKumetqDQ.zip, and cannot find /tmp/tmp.gJKumetqDQ.ZIP, period.

(actually the "zip" file is a html page)

Expected Behavior

A download of configs.zip is expected

How have you tried to solve the problem?

na

Log output

na

Environment

na

Anything else?

No response

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

PRIVATEVPN

Where are the configs?

REQUIRED

PrivateVPN-TUN-CBC.zip

Additional context

Optional

Hardcoded IP address needs to be changed or DNS resolving must be used. For example: Stockholm IP Changed from 193.180.119.2 to 45.130.87.9

EDIT:

For anyone waiting for this to be resolved:
Use the ovpn files with the docker container in CUSTOM provider mode.

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

WINDSCRIBE

Where are the configs?

REQUIRED

Providers website

Additional context

Optional

Refer: https://blog.windscribe.com/openvpn-security-improvements-and-changes-7b04ea49222
Windscribe has started phasing out OpenVPN compression, this requires a small change in the existing config files.
Line 13, i.e. comp-lzo in the Windscribe config files need to be removed.

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• I have checked the container repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

version: '3.3'
services:
   transmission-openvpn:
    container_name: trasmission-vpn
    cap_add:
      - NET_ADMIN
    volumes:
      - /trasmission/:/data
      - /trasmission/config:/config
    environment:
      - OPENVPN_PROVIDER=WINDSCRIBE        #PRIVADO
      - OPENVPN_CONFIG=Milan-Duomo-tcp,Milan-Galleria-tcp,Rome-Colosseum-tcp,Rome-Colosseum-udp                #mxp-001,mxp-002
      - OPENVPN_USERNAME=xxxxxx        #xxxxxxxx
      - OPENVPN_PASSWORD=xxxxxxxxxx
      - LOCAL_NETWORK=192.168.1.0/24
      
    logging:
      driver: json-file
      options:
        max-size: 10m
    ports:
       - 9091:9091
    image: haugene/transmission-openvpn

Current Behavior

I have tried using transmission with both Privado and Windscribe, everything seems to be fine until authentication. I get the same error in both cases:

Starting container with revision: 8cc1870cc039201e0e2f8b7684a9f4e96ae03ab9
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.WWcSv1CRXO
Extracting configs to /tmp/tmp.rS0D2P1pif
Found configs for WINDSCRIBE in /tmp/tmp.rS0D2P1pif/vpn-configs-contrib-main/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Cleanup: deleting /tmp/tmp.WWcSv1CRXO and /tmp/tmp.rS0D2P1pif
4 servers found in OPENVPN_CONFIG, Milan-Duomo-tcp chosen randomly
Starting OpenVPN using config Milan-Duomo-tcp.ovpn
Modifying /etc/openvpn/windscribe/Milan-Duomo-tcp.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 172.27.0.1 dev eth0
Sun Apr 10 13:33:03 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Sun Apr 10 13:33:03 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Sun Apr 10 13:33:03 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 10 13:33:03 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:03 2022 Socket Buffers: R=[131072->131072] S=[16384->16384]
Sun Apr 10 13:33:03 2022 Attempting to establish TCP connection with [AF_INET]84.17.59.66:1194 [nonblock]
Sun Apr 10 13:33:04 2022 TCP connection established with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TCP_CLIENT link local: (not bound)
Sun Apr 10 13:33:04 2022 TCP_CLIENT link remote: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TLS: Initial packet from [AF_INET]84.17.59.66:1194, sid=7fcf2166 789df229
Sun Apr 10 13:33:04 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Sun Apr 10 13:33:04 2022 VERIFY KU OK
Sun Apr 10 13:33:04 2022 Validating certificate extended key usage
Sun Apr 10 13:33:04 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Apr 10 13:33:04 2022 VERIFY EKU OK
Sun Apr 10 13:33:04 2022 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:05 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Sun Apr 10 13:33:05 2022 [mxp-318.windscribe.com] Peer Connection Initiated with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:06 2022 SENT CONTROL [mxp-318.windscribe.com]: 'PUSH_REQUEST' (status=1)
Sun Apr 10 13:33:06 2022 AUTH: Received control message: AUTH_FAILED
Sun Apr 10 13:33:06 2022 SIGTERM[soft,auth-failure] received, process exiting

Expected Behavior

To connect to the VPN

How have you tried to solve the problem?

1. I tried to give root permissions
2. I checked if it changed the credentials in the config file, and it did.
3. tried different .opvn from the two VPN providers
4. changed account passwords (with or without special characters)
5. test the credential on the VPN providers portal

Log output

Starting container with revision: 8cc1870cc039201e0e2f8b7684a9f4e96ae03ab9
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.WWcSv1CRXO
Extracting configs to /tmp/tmp.rS0D2P1pif
Found configs for WINDSCRIBE in /tmp/tmp.rS0D2P1pif/vpn-configs-contrib-main/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Cleanup: deleting /tmp/tmp.WWcSv1CRXO and /tmp/tmp.rS0D2P1pif
4 servers found in OPENVPN_CONFIG, Milan-Duomo-tcp chosen randomly
Starting OpenVPN using config Milan-Duomo-tcp.ovpn
Modifying /etc/openvpn/windscribe/Milan-Duomo-tcp.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 172.27.0.1 dev eth0
Sun Apr 10 13:33:03 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Sun Apr 10 13:33:03 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Sun Apr 10 13:33:03 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Apr 10 13:33:03 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sun Apr 10 13:33:03 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:03 2022 Socket Buffers: R=[131072->131072] S=[16384->16384]
Sun Apr 10 13:33:03 2022 Attempting to establish TCP connection with [AF_INET]84.17.59.66:1194 [nonblock]
Sun Apr 10 13:33:04 2022 TCP connection established with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TCP_CLIENT link local: (not bound)
Sun Apr 10 13:33:04 2022 TCP_CLIENT link remote: [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:04 2022 TLS: Initial packet from [AF_INET]84.17.59.66:1194, sid=7fcf2166 789df229
Sun Apr 10 13:33:04 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Sun Apr 10 13:33:04 2022 VERIFY KU OK
Sun Apr 10 13:33:04 2022 Validating certificate extended key usage
Sun Apr 10 13:33:04 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sun Apr 10 13:33:04 2022 VERIFY EKU OK
Sun Apr 10 13:33:04 2022 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:04 2022 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mxp-318.windscribe.com
Sun Apr 10 13:33:05 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Sun Apr 10 13:33:05 2022 [mxp-318.windscribe.com] Peer Connection Initiated with [AF_INET]84.17.59.66:1194
Sun Apr 10 13:33:06 2022 SENT CONTROL [mxp-318.windscribe.com]: 'PUSH_REQUEST' (status=1)
Sun Apr 10 13:33:06 2022 AUTH: Received control message: AUTH_FAILED
Sun Apr 10 13:33:06 2022 SIGTERM[soft,auth-failure] received, process exiting

Environment

- OS: Ubuntu Server 20.04
- Docker: Docker 20.10.12

Anything else?

No response

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

Please add Bulletvpn in repo

Anything else?

.

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

version: "3.3"
services:
    transmission-openvpn:
        cap_add:
            - NET_ADMIN
        volumes:
            - "/root/mam/data:/data"
            - "/root/books:/data/completed"
            - "/root/mam/config:/config"
            - "/root/mam/scripts:/scripts"
        environment:
            - OPENVPN_PROVIDER=PIA
            - OPENVPN_CONFIG=turkey
            - LOCAL_NETWORK=192.168.0.0/16
            - MAM_SESSION=$MAM_SESSION
            - OPENVPN_USERNAME=$OPENVPN_USERNAME
            - OPENVPN_PASSWORD=$OPENVPN_PASSWORD
            - TRANSMISSION_WEB_UI=flood-for-transmission
        logging:
            driver: json-file
            options:
                max-size: 10m
        image: haugene/transmission-openvpn
        restart: unless-stopped
        labels:
            - "traefik.enable=true"
            - "traefik.http.routers.mam.rule=Host(`mam.arceus.box`)"
            - "traefik.http.routers.mam.entrypoints=web"
            - "traefik.http.services.transmission-openvpn-mam.loadbalancer.server.port=9091"

Current Behavior

I'm getting error saying Could not resolve host: tun0

Expected Behavior

To be able to resolve tun0

How have you tried to solve the problem?

1. Tried updating local copy of the image
2. Tried DNS settings
3. Tried DNS Environment Variables

Log output

Starting OpenVPN using config turkey.ovpn
Modifying /etc/openvpn/pia/turkey.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.0.0/16 via 172.21.0.1 dev eth0
Tue Jun 28 19:04:31 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Tue Jun 28 19:04:31 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Tue Jun 28 19:04:31 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Jun 28 19:04:31 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]188.213.34.67:1198
Tue Jun 28 19:04:31 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jun 28 19:04:31 2022 UDP link local: (not bound)
Tue Jun 28 19:04:31 2022 UDP link remote: [AF_INET]188.213.34.67:1198
Tue Jun 28 19:04:31 2022 TLS: Initial packet from [AF_INET]188.213.34.67:1198, sid=26cc2609 f7d32971
Tue Jun 28 19:04:31 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jun 28 19:04:31 2022 VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
Tue Jun 28 19:04:31 2022 VERIFY KU OK
Tue Jun 28 19:04:31 2022 Validating certificate extended key usage
Tue Jun 28 19:04:31 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jun 28 19:04:31 2022 VERIFY EKU OK
Tue Jun 28 19:04:31 2022 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=istanbul401, name=istanbul401
Tue Jun 28 19:04:31 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Tue Jun 28 19:04:31 2022 [istanbul401] Peer Connection Initiated with [AF_INET]188.213.34.67:1198
Tue Jun 28 19:04:32 2022 SENT CONTROL [istanbul401]: 'PUSH_REQUEST' (status=1)
Tue Jun 28 19:04:32 2022 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.1.112.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.1.112.103 255.255.255.0,peer-id 12,cipher AES-128-GCM'
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: compression parms modified
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: route options modified
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: route-related options modified
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: peer-id set
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: adjusting link_mtu to 1625
Tue Jun 28 19:04:32 2022 OPTIONS IMPORT: data channel crypto options modified
Tue Jun 28 19:04:32 2022 Data Channel: using negotiated cipher 'AES-128-GCM'
Tue Jun 28 19:04:32 2022 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Jun 28 19:04:32 2022 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Jun 28 19:04:32 2022 ROUTE_GATEWAY 172.21.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:15:00:02
Tue Jun 28 19:04:32 2022 GDG6: remote_host_ipv6=n/a
Tue Jun 28 19:04:32 2022 ROUTE6: default_gateway=UNDEF
Tue Jun 28 19:04:32 2022 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Tue Jun 28 19:04:32 2022 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Tue Jun 28 19:04:32 2022 TUN/TAP device tun0 opened
Tue Jun 28 19:04:32 2022 TUN/TAP TX queue length set to 100
Tue Jun 28 19:04:32 2022 /sbin/ip link set dev tun0 up mtu 1500
Tue Jun 28 19:04:32 2022 /sbin/ip addr add dev tun0 10.1.112.103/24 broadcast 10.1.112.255
Tue Jun 28 19:04:32 2022 /etc/openvpn/tunnelUp.sh tun0 1500 1553 10.1.112.103 255.255.255.0 init
Up script executed with tun0 1500 1553 10.1.112.103 255.255.255.0 init
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.1.112.103
Using Flood for Transmission UI, overriding TRANSMISSION_WEB_HOME
Updating Transmission settings.json with values from env variables
Using existing settings.json for Transmission /data/transmission-home/settings.json
Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.1.112.103
Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /data/completed
Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /data/incomplete
Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091
Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /data/watch
sed'ing True to true

-------------------------------------
Transmission will run as
-------------------------------------
User name:   root
User uid:    0
User gid:    0
-------------------------------------

STARTING TRANSMISSION
Provider PIA has a script for automatic port forwarding. Will run it now.
If you want to disable this, set environment variable DISABLE_PORT_UPDATER=true
Executing /scripts/transmission-post-start.sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
Running functions for token based port fowarding

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:03 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:04 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:05 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:06 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:07 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:08 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:09 --:--:--     0curl: (6) Could not resolve host: t.myanonamouse.net
/scripts/transmission-post-start.sh returned 6
Transmission startup script complete.
Tue Jun 28 19:04:42 2022 /sbin/ip route add 188.213.34.67/32 via 172.21.0.1
Tue Jun 28 19:04:42 2022 /sbin/ip route add 0.0.0.0/1 via 10.1.112.1
Tue Jun 28 19:04:42 2022 /sbin/ip route add 128.0.0.0/1 via 10.1.112.1
Tue Jun 28 19:04:42 2022 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Tue Jun 28 19:04:42 2022 Initialization Sequence Completed
curl: (6) Could not resolve host: www.privateinternetaccess.com
curl: (6) Could not resolve host: tun0
curl: (6) Could not resolve host: tun0
curl: (6) Could not resolve host: tun0
curl: (6) Could not resolve host: tun0
curl: (6) Could not resolve host: tun0
curl: (6) Could not resolve host: tun0
Tue Jun 28 19:06:03 UTC 2022: getSignature error

the has been a fatal_error
curl: (6) Could not resolve host: tun0
curl: (6) Could not resolve host: tun0
curl: (6) Could not resolve host: tun0

HW/SW Environment

- OS: Alpine 3.15
- Docker: 20.10.16
- Kernel: Kernel 5.15.40-0-virt
- Arche: x86_64

Anything else?

It was working before I moved houses and now it is having problems with tun0

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

Torguard

Where are the configs?

REQUIRED

https://torguard.net/tgconf.php?action=vpn-openvpnconfig

Additional context

Optional
I believe that the previous 2 Australian servers in the OpenVPN config have been switched to only one located in Sydney, Australia for TorGuard. I have had numerous issues gaining a connection, and I think this can be attributed to the change in hostname. Where previously the two servers were au1.torguard.com:1912 and au2.torguard.com:1912 , the new server appears to be au.torguard.com:1912 according to the OpenVPN config file downloaded for Sydney. I may be completely off here, but I have spent hours on this problem and struggled to get a custom config file in to test (new to Docker, Linux, and all of that, so please be patient with me!). Hopefully this will come easier with the 4.0 update in the works.

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

Prior to #113 ProtonVPN had country configs as well as the individual servers.

For example nl.protonvpn.net.udp.txt (I had to change the extension to txt so that GitHub would let me upload it here).

@Forage did the previous PR so can probably do this? Or if you could explain what I need to do to the config files before adding them I could do the PR?

Anything else?

When I try using the CUSTOM option it still goes to download from this repo so I think I'm doing something wrong there too!

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• I have checked the container repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

{
"CapAdd" : [ "NET_ADMIN" ],
"CapDrop" : [],
"cmd" : "dumb-init /etc/openvpn/start.sh",
"cpu_priority" : 50,
"enable_publish_all_ports" : false,
"enable_restart_policy" : false,
"enabled" : true,
"env_variables" : [
{
"key" : "PATH",
"value" : "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
},
{
"key" : "OPENVPN_USERNAME",
"value" : ""
},
{
"key" : "OPENVPN_PASSWORD",
"value" : ""
},
{
"key" : "OPENVPN_PROVIDER",
"value" : "slickvpncore"
},
{
"key" : "GLOBAL_APPLY_PERMISSIONS",
"value" : "true"
},
{
"key" : "TRANSMISSION_HOME",
"value" : "/data/transmission-home"
},
{
"key" : "TRANSMISSION_RPC_PORT",
"value" : "9091"
},
{
"key" : "TRANSMISSION_DOWNLOAD_DIR",
"value" : "/data/completed"
},
{
"key" : "TRANSMISSION_INCOMPLETE_DIR",
"value" : "/data/incomplete"
},
{
"key" : "TRANSMISSION_WATCH_DIR",
"value" : "/data/watch"
},
{
"key" : "CREATE_TUN_DEVICE",
"value" : "true"
},
{
"key" : "ENABLE_UFW",
"value" : "false"
},
{
"key" : "UFW_ALLOW_GW_NET",
"value" : "false"
},
{
"key" : "UFW_EXTRA_PORTS",
"value" : ""
},
{
"key" : "UFW_DISABLE_IPTABLES_REJECT",
"value" : "false"
},
{
"key" : "PUID",
"value" : ""
},
{
"key" : "PGID",
"value" : ""
},
{
"key" : "PEER_DNS",
"value" : "true"
},
{
"key" : "PEER_DNS_PIN_ROUTES",
"value" : "true"
},
{
"key" : "DROP_DEFAULT_ROUTE",
"value" : ""
},
{
"key" : "WEBPROXY_ENABLED",
"value" : "false"
},
{
"key" : "WEBPROXY_PORT",
"value" : "8118"
},
{
"key" : "WEBPROXY_USERNAME",
"value" : ""
},
{
"key" : "WEBPROXY_PASSWORD",
"value" : ""
},
{
"key" : "LOG_TO_STDOUT",
"value" : "false"
},
{
"key" : "HEALTH_CHECK_HOST",
"value" : "google.com"
},
{
"key" : "SELFHEAL",
"value" : "false"
},
{
"key" : "REVISION",
"value" : "20877f1b168b6ff27fc58aeef40756572c562d47"
},
{
"key" : "OPENVPN_CONFIG",
"value" : "Romania-Bucharest, Netherlands-Amsterdam, Hungary-Budapest"
},
{
"key" : "TRANSMISSION_WEB_UI",
"value" : "transmission-web-control"
}
],
"exporting" : false,
"id" : "3ea461c4454e8d0b0cfd1250ec598c91cb6cbb5cd24bdfb86ccf58592f1fa81b",
"image" : "haugene/transmission-openvpn:latest",
"is_ddsm" : false,
"is_package" : false,
"links" : [],
"memory_limit" : 0,
"name" : "haugene-transmission-openvpn2-copy",
"network" : [
{
"driver" : "bridge",
"name" : "bridge"
}
],
"network_mode" : "bridge",
"port_bindings" : [
{
"container_port" : 8118,
"host_port" : 8118,
"type" : "tcp"
},
{
"container_port" : 9091,
"host_port" : 9091,
"type" : "tcp"
}
],
"privileged" : false,
"shortcut" : {
"enable_shortcut" : false,
"enable_status_page" : false,
"enable_web_page" : false,
"web_page_url" : ""
},
"use_host_network" : false,
]
}

Current Behavior

On March 17, my docker container shutdown after detecting "Inactivity". When I tried to manually restart it, the VPN would not connect and would time out.

Expected Behavior

Should connect like it did previously.

How have you tried to solve the problem?

1. Checked changelog and found a cert change on the March 1st. I wonder if this is preventing the connection from re-establishing, but do not know how to debug since docker files are hidden in Synology DSM

Log output

Starting container with revision: 20877f1b168b6ff27fc58aeef40756572c562d47
Creating TUN device /dev/net/tun
mknod: /dev/net/tun: File exists
Using OpenVPN provider: SLICKVPNCORE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for SLICKVPNCORE. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.zXb9azYx2y
Extracting configs to /tmp/tmp.6ftpAxSaKW
Found configs for SLICKVPNCORE in /tmp/tmp.6ftpAxSaKW/vpn-configs-contrib-main/openvpn/slickvpncore, will replace current content in /etc/openvpn/slickvpncore
Cleanup: deleting /tmp/tmp.zXb9azYx2y and /tmp/tmp.6ftpAxSaKW
3 servers found in OPENVPN_CONFIG, Netherlands-Amsterdam chosen randomly
Starting OpenVPN using config Netherlands-Amsterdam.ovpn
Modifying /etc/openvpn/slickvpncore/Netherlands-Amsterdam.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
Sun Mar 20 00:19:00 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Sun Mar 20 00:19:00 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Sun Mar 20 00:19:00 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Mar 20 00:19:00 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]96.118.22.105:443
Sun Mar 20 00:19:00 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sun Mar 20 00:19:00 2022 UDP link local: (not bound)
Sun Mar 20 00:19:00 2022 UDP link remote: [AF_INET]96.118.22.105:443
Sun Mar 20 00:20:00 2022 [UNDEF] Inactivity timeout (--ping-exit), exiting
Sun Mar 20 00:20:00 2022 SIGTERM[soft,ping-exit] received, process exiting

Environment

- OS: Synology DSM 7.0.1-42218 Update 3
- Docker: 20.10.3-1239

Anything else?

No response

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

version: '3.3'

transmission-vpn:
container_name: transmission-vpn
image: haugene/transmission-openvpn
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
restart: always
ports:
- 9091:9091
dns:
- 8.8.8.8
- 8.8.4.4
volumes:
- /etc/localtime:/etc/localtime:ro
- /home/media/docker/transmission-vpn:/data
- /home/media/docker/shared:/shared
- /media/drive/data/torrents:/data/torrents
environment:
- OPENVPN_PROVIDER=PIA
- OPENVPN_USERNAME=pXXXXXXXX
- OPENVPN_PASSWORD=XXXXXXXXX
- OPENVPN_CONFIG=switzerland
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- LOCAL_NETWORK=192.168.xxx.0/24
- PUID=1001
- PGID=1001
- TZ=Europe/Amsterdam
- TRANSMISSION_UMASK=002
- TRANSMISSION_RATIO_LIMIT_ENABLED=false
- TRANSMISSION_DOWNLOAD_DIR=/data/torrents
- TRANSMISSION_DOWNLOAD_QUEUE_ENABLED=false
- TRANSMISSION_INCOMPLETE_DIR_ENABLED=false
- TRANSMISSION_WATCH_DIR_ENABLED=false
- TRANSMISSION_HOME=/data/transmission-home
- TRANSMISSION_RENAME_PARTIAL_FILES=false
- TRANSMISSION_PEX_ENABLED=false
- TRANSMISSION_DHT_ENABLED=false
- TRANSMISSION_SCRIPT_TORRENT_DONE_ENABLED=true
- TRANSMISSION_SCRIPT_TORRENT_DONE_FILENAME=/data/extract_torrent.sh
- TRANSMISSION_CACHE_SIZE_MB=10

Current Behavior

Most torrents download perfectly fine using Haugene's transmission-vpn. Since approx. one month however some torrents get stuck at Magnetized transfer - retrieving metadata 0%. This problem seems only to appear when using public trackers.

I tested these torrents on my laptop with qbitorrent and connecting to PIA and it works just fine. So it seems for certain torrents transmission can't connect to peers.

I am not sure if it has something to do with ipv6 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected. nor do I know how to fix this error.

Expected Behavior

Download of all torrents if seeders are available.

How have you tried to solve the problem?

1. Restarted docker container
2. Restarted server
3. Changed DNS in .yml from 1.1.1.1/1.0.0.1 to 8.8.8.8/8.8.4.4

Log output

transmission-vpn | STARTING TRANSMISSION
transmission-vpn | Provider PIA has a script for automatic port forwarding. Will run it now.
transmission-vpn | If you want to disable this, set environment variable DISABLE_PORT_UPDATER=true
transmission-vpn | Transmission startup script complete.
transmission-vpn | Mon Sep 6 12:04:26 2021 WARNING: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
transmission-vpn | Mon Sep 6 12:04:26 2021 Initialization Sequence Completed
transmission-vpn | Running functions for token based port fowarding
transmission-vpn | Reserved Port: 25848 Mon Sep 6 12:04:33 CEST 2021
transmission-vpn | transmission auth not required
transmission-vpn | waiting for transmission to become responsive
transmission-vpn | transmission became responsive
transmission-vpn | 6 100% 6.22 MB Done 0.0 0.0 0.0 Idle
transmission-vpn | Sum: 110.5 GB 0.0 0.0
transmission-vpn | setting transmission port to 25848
transmission-vpn | localhost:9091/transmission/rpc/ responded: "success"
transmission-vpn | Checking port...
transmission-vpn | Port is open: Yes
transmission-vpn | #######################
transmission-vpn | SUCCESS
transmission-vpn | #######################

In the transmission.log file i often see these messages:
[2021-09-06 13:10:23.266] Couldn't connect socket 120 to 2a05:4f44:b13:4e00::2, port 32247 (errno 99 - Cannot assign requested address) (net.c:288)

Please let me know if further logs are required

Environment

- OS: Ubuntu 20.04
- Docker: 20.10.7
- VPN Provider: PrivateInternetAccess

Anything else?

No response

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

Ghostpath has updated their certificate and as a result I'm getting this error in the log when I try to open Transmission: "OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed." I've tested using the custom provider option and it's working fine for me now, but I don't have the resources at the moment to create a PR and thought I should at least report it. Would someone be able to update the certificate file for this provider? You can find all of the latest Ghostpath configs, any of which contains the new certificate, here: https://ghostpath.com/servers. Thanks in advance!

Anything else?

No response

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

TrustZone

Where are the configs?

REQUIRED

https://trust.zone/downloads/ovpn.zip

Additional context

Optional

Per the update on their website: https://trust.zone/post/big-security-update-trustzone-vpn

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• I have checked the container repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

version: '3.3'

services:
transmission:
image: haugene/transmission-openvpn:latest
restart: unless-stopped
cap_add:
- NET_ADMIN
ports:
- 9091:9091 # http://nas-ip:9091 to access ui
- 8888:8888 # web-proxy
environment:
- LOCAL_NETWORK=10.55.0.0/16
- OPENVPN_CONFIG=stockholm-sweden-allportfwd
#- OPENVPN_CONFIG=los-angeles-usa-allportfwd
#- OPENVPN_CONFIG=new-york-usa-allportfwd
- OPENVPN_USERNAME="username"
- OPENVPN_PASSWORD="password"
- OPENVPN_PROVIDER=PRIVATEVPN # PIA or etc
- CREATE_TUN_DEVICE=true
- HEALTH_CHECK_HOST=PRIVATEVPN.com
- OPENVPN_OPTS=--inactive 3600 --ping 20 --ping-exit 120

volumes:
  - /volume1/docker/TransmissionVPN/resolv.conf:/etc/resolv.conf:ro # use to stop dns-leak
  - /volume1/Media/Downloads/Complete:/completed # change to download dir
  - /volume1/docker/TransmissionVPN:/data
  - /volume1/docker/TransmissionVPN/transmission-home:/config

network_mode: bridge

Current Behavior

Container wont start as it fails Authication in portainer, I am using a stack here for the first time, it must be said.

Expected Behavior

Login to PV and tramsission to start

How have you tried to solve the problem?

1. latest has ben tried
2. DNS resolves fine
3. Tried about 10 diffrent files and was advised to log a ticket here by pkishino haugene/docker-transmission-openvpn#1839 (comment)
4. settings to my knowledge are fine
5. issues checked, haugene/docker-transmission-openvpn#1839

Log output

Starting container with revision: a2f99f41df498d83019c50c08a9fcb498e4bf929

Creating TUN device /dev/net/tun

Using OpenVPN provider: PRIVATEVPN

Running with VPN_CONFIG_SOURCE auto

No bundled config script found for PRIVATEVPN. Defaulting to external config

Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.alv8YvCzCs

Extracting configs to /tmp/tmp.FKdJlIEr22

Found configs for PRIVATEVPN in /tmp/tmp.FKdJlIEr22/vpn-configs-contrib-main/openvpn/privatevpn, will replace current content in /etc/openvpn/privatevpn

Cleanup: deleting /tmp/tmp.alv8YvCzCs and /tmp/tmp.FKdJlIEr22

Starting OpenVPN using config RU Moscow.ovpn

Modifying /etc/openvpn/privatevpn/RU Moscow.ovpn for best behaviour in this container

Modification: Point auth-user-pass option to the username/password file

Modification: Change ca certificate path

Modification: Change ping options

Setting OpenVPN credentials...

adding route to local network 10.55.0.0/16 via 172.17.0.1 dev eth0

Tue Sep 7 23:28:44 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021

Tue Sep 7 23:28:44 2021 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10

Tue Sep 7 23:28:44 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Tue Sep 7 23:28:44 2021 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication

Tue Sep 7 23:28:44 2021 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication

Tue Sep 7 23:28:44 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]92.223.103.138:1194

Tue Sep 7 23:28:44 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]

Tue Sep 7 23:28:44 2021 UDP link local: (not bound)

Tue Sep 7 23:28:44 2021 UDP link remote: [AF_INET]92.223.103.138:1194

Tue Sep 7 23:28:45 2021 TLS: Initial packet from [AF_INET]92.223.103.138:1194, sid=a2d7000e 17ac49a0

Tue Sep 7 23:28:45 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Tue Sep 7 23:28:45 2021 VERIFY OK: depth=1, C=SE, ST=CA, L=Stockholm, O=PrivateVPN, CN=PrivateVPN CA, name=PrivateVPN, emailAddress=[email protected]

Tue Sep 7 23:28:45 2021 VERIFY KU OK

Tue Sep 7 23:28:45 2021 Validating certificate extended key usage

Tue Sep 7 23:28:45 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Tue Sep 7 23:28:45 2021 VERIFY EKU OK

Tue Sep 7 23:28:45 2021 VERIFY OK: depth=0, C=SE, ST=CA, L=Stockholm, O=PrivateVPN, CN=PrivateVPN, name=PrivateVPN, emailAddress=[email protected]

Tue Sep 7 23:28:46 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA

Tue Sep 7 23:28:46 2021 [PrivateVPN] Peer Connection Initiated with [AF_INET]92.223.103.138:1194

Tue Sep 7 23:28:47 2021 SENT CONTROL [PrivateVPN]: 'PUSH_REQUEST' (status=1)

Tue Sep 7 23:28:47 2021 AUTH: Received control message: AUTH_FAILED

Tue Sep 7 23:28:47 2021 SIGTERM[soft,auth-failure] received, process exiting

Environment

- OS:DSM7
- Docker: 20.10.3-1233
- Portainer ce: latest

Anything else?

I was told there is a bug in the config...

haugene/docker-transmission-openvpn#1839 (comment)

thanks in advance

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

Hi All,

I tried to let this work. I have created a custom .OVPN file at VPNunlimited portal. This OVPN file have a server specific for torrents. I mount the file as written in documents. But its unclear what to do with:

      OPENVPN_PROVIDER: custom
      OPENVPN_CONFIG: nl

Here is my compose:

version: '3.3'
services:
  transmission-openvpn:
    image: haugene/transmission-openvpn
    container_name: transmission
    hostname: transmission
    restart: always
    cap_add:
      - NET_ADMIN
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /volume1/data/torrents:/data:rw
      - /volume1/docker/transmission/ovpn/default.ovpn:/etc/openvpn/custom/default.ovpn

    environment:
      TZ: Europe/Amsterdam
      PUID: 1026
      PGID: 100
      OPENVPN_PROVIDER: custom
      OPENVPN_CONFIG: nl
      OPENVPN_USERNAME: username
      OPENVPN_PASSWORD: password
    ports:
       - 9091:9091
  

Anything else?

No response

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

Windscribe

Where are the configs?

REQUIRED

No download that I know of; they use a config generator, for which I believe there may be an existing scraper (see below).

Additional context

Optional

Windscribe just gave notice that they are sunsetting their current certificates on 20th July, so the existing OVPN files will need to be updated. As far as I can tell there is no way to just download all of the OVPN files from them at once, but a scraper was mentioned by @wilmardo in [this PR](https://github.com/haugene/docker-transmission-openvpn/pull/1691). Hopefully that can be used to grab the new files.

From Windscribe: "We are sunsetting our OpenVPN certificate authority and beginning to phase out compression on July 20 2021 at 17:00 UTC. If you're using an OpenVPN version less than 2.4 you will need download new configurations and install them on July 20 2021 after 17:00 UTC as they no longer contain compression options and it is not possible to gracefully transition without doing this at the same time we perform maintenance."

Links:
[https://blog.windscribe.com/openvpn-security-improvements-and-changes-7b04ea49222](https://blog.windscribe.com/openvpn-security-improvements-and-changes-7b04ea49222)
[https://windscribe.com/getconfig/openvpn](https://windscribe.com/getconfig/openvpn)

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

update for Froot Configs

Anything else?

The UDP port in the current FrootVPN files is no longer officially offered by Froot the configs in image continuing to work.

In recent weeks I started noticing that the default.ovpn (Sweden) with Froot started changing my location to Spokane Washington sometimes which was weird... I never found the reason for this (since the hostname was still correct) but i noticed the certificates and other config settings were not up to do date with current official Froot configs.

I also noticed that Florida VPN file at Froot does not support torrent traffic anymore, so i replaced it with a CH/zurich config instead.

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

transmission:
image: haugene/transmission-openvpn:latest
container_name: transmission
volumes:
- /mnt/data:/mnt/data
- /config/openvpn-credentials.txt:/config/openvpn-credentials.txt
environment:
- PUID=1000
- PGID=1000
- CONFIG_MOD_CA_CERTS=false
- GITHUB_CONFIG_SOURCE_REPO=tuzun89/vpn-configs-contrib
- CREATE_TUN_DEVICE=true
- OPENVPN_PROVIDER=celo
- OPENVPN_CONFIG=uk1-TCP-443
- OPENVPN_USERNAME=***
- OPENVPN_PASSWORD=***
- WEBPROXY_ENABLED=false
- TRANSMISSION_DOWNLOAD_DIR=/mnt/data/downloads
- TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true
- TRANSMISSION_SEED_QUEUE_ENABLED=true
- TRANSMISSION_INCOMPLETE_DIR_ENABLED=false
- LOCAL_NETWORK=192.168.0.0/24
cap_add:
- NET_ADMIN
logging:
driver: json-file
options:
max-size: 10m
ports:
- "9091:9091"
restart: unless-stopped

Current Behavior

cannot connect to vpn service
infinite loop

Expected Behavior

direct connection to vpn service

How have you tried to solve the problem?

attempted to some potential solutions using advice on the issues page.

Log output

Starting container with revision: 8744279e2cd191486ca5ae21e8e051b7b1000b71
Creating TUN device /dev/net/tun
Using OpenVPN provider: CELO
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for CELO. Defaulting to external config
Downloading configs from https://github.com/tuzun89/vpn-configs-contrib/archive/main.zip into /tmp/tmp.c3sKmQGthj
Extracting configs to /tmp/tmp.Stn2pJrlZd
Found configs for CELO in /tmp/tmp.Stn2pJrlZd/vpn-configs-contrib-main/openvpn/celo, will replace current content in /etc/openvpn/celo
Cleanup: deleting /tmp/tmp.c3sKmQGthj and /tmp/tmp.Stn2pJrlZd
Starting OpenVPN using config uk1-TCP-443.ovpn
Modifying /etc/openvpn/celo/uk1-TCP-443.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Setting OpenVPN credentials...
adding route to local network 192.168.0.0/24 via 172.18.0.1 dev eth0
Tue Sep 7 23:35:44 2021 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Tue Sep 7 23:35:44 2021 WARNING: cannot stat file 'uk1-TCP-443-tls.key': No such file or directory (errno=2)
Options error: --tls-crypt fails with 'uk1-TCP-443-tls.key': No such file or directory (errno=2)
Options error: Please correct these errors.
Use --help for more information.

Environment

- OS: Ubuntu Server 20.04
- Docker: Latest

Anything else?

No response

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• I have checked the container repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

docker run --cap-add=NET_ADMIN --device=/dev/net/tun \
-d -v /mnt/tank0/movies/incoming/:/data \
-d -v /home/steffen/cryptostorm/:/etc/openvpn/custom/ \
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
-e "OPENVPN_PROVIDER=custom" \
-e "OPENVPN_CONFIG=Germany-Frankfurt_TCP" \
-e "OPENVPN_USERNAME=redacted" \
-e "OPENVPN_PASSWORD=redacted" \
-e "LOCAL_NETWORK=192.168.178.0/24" \
-e "TRANSMISSION_BLOCKLIST_URL=http://john.bitsurge.net/public/biglist.p2p.gz" \
-e "TRANSMISSION_RATIO_LIMIT=0.2" \
-e "TRANSMISSION_RATIO_LIMIT_ENABLED=1" \
-e "TRANSMISSION_IDLE_SEEDING_LIMIT=1" \
-e "TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=1" \
-e "TRANSMISSION_BLOCKLIST_ENABLED=1" \
-e "PUID=1000" \
-e "GUID=1000" \
--restart unless-stopped \
-p 9091:9091 haugene/transmission-openvpn

Current Behavior

connection not established container restarts

Expected Behavior

connection established

How have you tried to solve the problem?

I tried to use the config provided by crypto storm (hence the custom provider)

Log output

Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800
Creating TUN device /dev/net/tun
Using OpenVPN provider: CUSTOM
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for CUSTOM. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.p4bzg19i27
Extracting configs to /tmp/tmp.tu2W0MVXgE
ERROR: Could not find any configs for provider CUSTOM in downloaded configs
Cleanup: deleting /tmp/tmp.p4bzg19i27 and /tmp/tmp.tu2W0MVXgE
Starting OpenVPN using config Germany-Frankfurt_TCP.ovpn
Modifying /etc/openvpn/custom/Germany-Frankfurt_TCP.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.178.0/24 via 172.17.0.1 dev eth0
Thu Oct 21 15:02:17 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Thu Oct 21 15:02:17 2021 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Thu Oct 21 15:02:17 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Oct 21 15:02:17 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Oct 21 15:02:17 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Oct 21 15:02:17 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]84.16.242.72:443
Thu Oct 21 15:02:17 2021 Socket Buffers: R=[131072->131072] S=[16384->16384]
Thu Oct 21 15:02:17 2021 Attempting to establish TCP connection with [AF_INET]84.16.242.72:443 [nonblock]
Thu Oct 21 15:02:18 2021 TCP connection established with [AF_INET]84.16.242.72:443
Thu Oct 21 15:02:18 2021 TCP_CLIENT link local: (not bound)
Thu Oct 21 15:02:18 2021 TCP_CLIENT link remote: [AF_INET]84.16.242.72:443
Thu Oct 21 15:02:20 2021 Connection reset, restarting [0]
Thu Oct 21 15:02:20 2021 SIGTERM[soft,connection-reset] received, process exiting

Environment

- OS: Ubuntu 20.04
- Docker: 20.10.7, build 20.10.7-0ubuntu1~20.04.2

Anything else?

Thanks for this Wonderfull docker image which I have been using for some time now...

Before creating this issue I have:

REQUIRED

• Read through the pinned issues for related problems
• Searched for similar provider issues and container issues
• Read the documentation, especially the troubleshooting section and FAQ
• Tried to add as much relevant information to the issue as possible
• Verified I have tried using newest release as well
• Agreed that my issue will be closed if I do not follow this template and will remain closed until I complete the template

Container version & last working release

Required, problem occurs in :

<latest>

If possible, last working version:

<Leave empty if not known>

Describe the problem

TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed
SIGUSR1[soft,tls-error] received, process restarting
Restart pause, 5 second(s)

REQUIRED

Can't seem to connect to the VPN server, thus Transmission never starts

Describe the steps you have tried to solve the problem

REQUIRED

Rebuilt container 
Tried DNS override ENV variables
Tried CREATE_TUN_DEVICE=true

Add your docker run command or docker-compose file or env details

REQUIRED

version: '3.3'
services:
    transmission-openvpn:
        cap_add:
            - NET_ADMIN
        volumes:
            - '/Volumes/Expansion:/volume1/Expansion'
            - '/Volumes/Synology/Fresh/Transmission/completed:/downloads'
            - '/Volumes/Synology/Fresh/Transmission:/data'
            - '/Volumes/Synology:/volume1/Synology'
        environment:
        - OPENVPN_USERNAME=username
        - OPENVPN_PASSWORD=password
        - OPENVPN_PROVIDER=TORGUARD
        - LOCAL_NETWORK=192.168.0.0/23
        - OVERRIDE_DNS_1=8.8.8.8
        - OVERRIDE_DNS_2=8.8.4.4
        logging:
            driver: json-file
            options:
                max-size: 10m
        ports:
            - '9091:9091'
        image: haugene/transmission-openvpn

Logs

REQUIRED

transmission-openvpn_1  | Starting container with revision: 73ec516cc246972289c7b96ffa88c81e037fe364
transmission-openvpn_1  | One or more OVERRIDE_DNS addresses found. Will use them to overwrite /etc/resolv.conf
transmission-openvpn_1  | Creating TUN device /dev/net/tun
transmission-openvpn_1  | Using OpenVPN provider: TORGUARD
transmission-openvpn_1  | No VPN configuration provided. Using default.
transmission-openvpn_1  | Setting OpenVPN credentials...
transmission-openvpn_1  | adding route to local network 192.168.0.0/23 via 172.21.0.1 dev eth0
transmission-openvpn_1  | 2021-07-23 05:15:15 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6
transmission-openvpn_1  | 2021-07-23 05:15:15 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
transmission-openvpn_1  | 2021-07-23 05:15:15 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
transmission-openvpn_1  | 2021-07-23 05:15:15 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
transmission-openvpn_1  | 2021-07-23 05:15:15 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
transmission-openvpn_1  | 2021-07-23 05:15:15 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
transmission-openvpn_1  | 2021-07-23 05:15:15 TCP/UDP: Preserving recently used remote address: [AF_INET]206.217.216.10:1912
transmission-openvpn_1  | 2021-07-23 05:15:15 Socket Buffers: R=[212992->425984] S=[212992->425984]
transmission-openvpn_1  | 2021-07-23 05:15:15 UDP link local: (not bound)
transmission-openvpn_1  | 2021-07-23 05:15:15 UDP link remote: [AF_INET]206.217.216.10:1912
transmission-openvpn_1  | 2021-07-23 05:16:15 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
transmission-openvpn_1  | 2021-07-23 05:16:15 TLS Error: TLS handshake failed
transmission-openvpn_1  | 2021-07-23 05:16:15 SIGUSR1[soft,tls-error] received, process restarting
transmission-openvpn_1  | 2021-07-23 05:16:15 Restart pause, 5 second(s)
transmission-openvpn_1  | 2021-07-23 05:16:20 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
transmission-openvpn_1  | 2021-07-23 05:16:20 Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
transmission-openvpn_1  | 2021-07-23 05:16:20 Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication
transmission-openvpn_1  | 2021-07-23 05:16:20 TCP/UDP: Preserving recently used remote address: [AF_INET]206.217.216.23:1912
transmission-openvpn_1  | 2021-07-23 05:16:20 Socket Buffers: R=[212992->425984] S=[212992->425984]
transmission-openvpn_1  | 2021-07-23 05:16:20 UDP link local: (not bound)
transmission-openvpn_1  | 2021-07-23 05:16:20 UDP link remote: [AF_INET]206.217.216.23:1912
^CGracefully stopping... (press Ctrl+C again to force)

Host system

REQUIRED

Running MacOS (Intel), Docker (Docker Desktop 2.5.1)
Local network is 192.168.0.0/23

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

nordvpn looks for files in:
https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/france.udp.ovpn

but they are for example:
https://downloads.nordcdn.com/configs/files/ovpn_legacy/servers/fr542.nordvpn.com.udp1194.ovpn

i personally went into the openvpn/nordvpn/updateConfigs.sh and changed ${nordvpn_cdn} to the hardcoded link in line 113, so it would work again... certainly not the greatest way to fix this though.

Anything else?

No response

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

OPENVPN_PROVIDER=PUREVPN
OPENVPN_CONFIG=ustx2-auto-tcp

Current Behavior

Log prompts a list of available PureVPN servers that are no longer consisted with current DNS names. Current server list can be found here: https://support.purevpn.com/vpn-servers. It appears that the list of .ovpn files downloaded for configuration are outdated.

Expected Behavior

If valid server is set to variable OPENVPN_CONFIIG, then that should be used.

How have you tried to solve the problem?

I've tried to use servers listed in the configured downloaded file, however, they are invalid and authentication fails.

Log output

Starting container with revision: a2f99f41df498d83019c50c08a9fcb498e4bf929
Creating TUN device /dev/net/tun
Using OpenVPN provider: PUREVPN
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for PUREVPN. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.uVKgg9iLeS
Extracting configs to /tmp/tmp.rCP4ZTbAJL
Found configs for PUREVPN in /tmp/tmp.rCP4ZTbAJL/vpn-configs-contrib-main/openvpn/purevpn, will replace current content in /etc/openvpn/purevpn
Cleanup: deleting /tmp/tmp.uVKgg9iLeS and /tmp/tmp.rCP4ZTbAJL
Supplied config ustx2-auto-tcp.ovpn could not be found.
Your options for this provider are:
at2-ovpn-tcp.ovpn
at2-ovpn-udp.ovpn
au-sd2-ovpn-tcp.ovpn
au-sd2-ovpn-udp.ovpn
au2-ovpn-tcp.ovpn
au2-ovpn-udp.ovpn
au2-pe-ovpn-tcp.ovpn
au2-pe-ovpn-udp.ovpn
br2-ovpn-tcp.ovpn
br2-ovpn-udp.ovpn
ca2-ovpn-tcp.ovpn
ca2-ovpn-udp.ovpn
cav2-ovpn-tcp.ovpn
cav2-ovpn-udp.ovpn
ch2-ovpn-tcp.ovpn
ch2-ovpn-udp.ovpn
cz2-ovpn-tcp.ovpn
cz2-ovpn-udp.ovpn
de2-ovpn-tcp.ovpn
de2-ovpn-udp.ovpn
default.ovpn
dk2-ovpn-tcp.ovpn
dk2-ovpn-udp.ovpn
es2-ovpn-tcp.ovpn
es2-ovpn-udp.ovpn
fr2-ovpn-tcp.ovpn
fr2-ovpn-udp.ovpn
gr2-ovpn-tcp.ovpn
gr2-ovpn-udp.ovpn
hk2-ovpn-tcp.ovpn
hk2-ovpn-udp.ovpn
in2-ovpn-tcp.ovpn
in2-ovpn-udp.ovpn
it2-ovpn-tcp.ovpn
it2-ovpn-udp.ovpn
jp2-ovpn-tcp.ovpn
jp2-ovpn-udp.ovpn
kr2-ovpn-tcp.ovpn
kr2-ovpn-udp.ovpn
my2-ovpn-tcp.ovpn
my2-ovpn-udp.ovpn
nl2-ovpn-tcp.ovpn
nl2-ovpn-udp.ovpn
p2p-udp.ovpn
pl2-ovpn-tcp.ovpn
pl2-ovpn-udp.ovpn
pt2-ovpn-tcp.ovpn
pt2-ovpn-udp.ovpn
ru2-ovpn-tcp.ovpn
ru2-ovpn-udp.ovpn
se2-ovpn-tcp.ovpn
se2-ovpn-udp.ovpn
sg2-ovpn-tcp.ovpn
sg2-ovpn-udp.ovpn
tw2-ovpn-tcp.ovpn
tw2-ovpn-udp.ovpn
uk-obf-udp.ovpn
ukg2-ovpn-tcp.ovpn
ukg2-ovpn-udp.ovpn
ukl2-ovpn-tcp.ovpn
ukl2-ovpn-udp.ovpn
ukm2-ovpn-tcp.ovpn
ukm2-ovpn-udp.ovpn
us2-ovpn-tcp.ovpn
us2-ovpn-udp.ovpn
usfl2-ovpn-tcp.ovpn
usfl2-ovpn-udp.ovpn
usga2-ovpn-tcp.ovpn
usga2-ovpn-udp.ovpn
usil2-ovpn-tcp.ovpn
usil2-ovpn-udp.ovpn
usla2-ovpn-tcp.ovpn
usla2-ovpn-udp.ovpn
usnj2-ovpn-tcp.ovpn
usnj2-ovpn-udp.ovpn
usny2-ovpn-tcp.ovpn
usny2-ovpn-udp.ovpn
usphx2-ovpn-tcp.ovpn
usphx2-ovpn-udp.ovpn
ussa2-ovpn-tcp.ovpn
ussa2-ovpn-udp.ovpn
ussf2-ovpn-tcp.ovpn
ussf2-ovpn-udp.ovpn
ustx2-ovpn-tcp.ovpn
ustx2-ovpn-udp.ovpn
usut2-ovpn-tcp.ovpn
usut2-ovpn-udp.ovpn
usva2-ovpn-tcp.ovpn
usva2-ovpn-udp.ovpn
uswdc2-ovpn-tcp.ovpn
uswdc2-ovpn-udp.ovpn
vlap-ph2-ovpn-tcp.ovpn
vlap-ph2-ovpn-udp.ovpn
vlap-th2-ovpn-tcp.ovpn
vlap-th2-ovpn-udp.ovpn
vlap-vn2-ovpn-tcp.ovpn
vlap-vn2-ovpn-udp.ovpn
vleu-be2-ovpn-tcp.ovpn
vleu-be2-ovpn-udp.ovpn
vleu-no2-ovpn-tcp.ovpn
vleu-no2-ovpn-udp.ovpn
vlus-mx2-ovpn-tcp.ovpn
vlus-mx2-ovpn-udp.ovpn
vlus-pa2-ovpn-tcp.ovpn
vlus-pa2-ovpn-udp.ovpn
za2-ovpn-tcp.ovpn
za2-ovpn-udp.ovpn
NB: Remember to not specify .ovpn as part of the config name.

Environment

- OS: Ubuntu 20.04
- Docker: 20.10.12

Anything else?

No response

Before creating this issue I have:

REQUIRED

• Read through the pinned issues for related problems
• Searched for similar provider issues and container issues
• Read the documentation, especially the troubleshooting section and FAQ
• Tried to add as much relevant information to the issue as possible
• Verified I have tried using newest release as well
• Agreed that my issue will be closed if I do not follow this template and will remain closed until I complete the template

Container version & last working release

Required, problem occurs in :

latest and dev

If possible, last working version:

<placeholder>

Describe the problem

REQUIRED

latest:
2021-06-09 00:01:15 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-06-09 00:01:15 TLS Error: TLS handshake failed
2021-06-09 00:01:15 SIGUSR1[soft,tls-error] received, process restarting

dev:
Tue Jun  8 23:58:38 2021 [UNDEF] Inactivity timeout (--ping-exit), exiting
Tue Jun  8 23:58:38 2021 SIGTERM[soft,ping-exit] received, process exiting

Describe the steps you have tried to solve the problem

REQUIRED

1) Tested ovpn file from image on desktop - confirmed it works
2) Tried adding DNS using both methods
3) Tried adding as custom
4) Tried changing timezone to match ovpn country

Add your docker run command or docker-compose file or env details

REQUIRED

    transmission:
      image: haugene/transmission-openvpn:latest
      container_name: transmission
      restart: always
      networks:
        - proxy
        - mail
      dns:
        - 213.133.99.99
        - 213.133.98.98
      cap_add:
        - NET_ADMIN
      volumes:
        - /etc/localtime:/etc/localtime:ro
        - transmission_data:/data
        - transmission_config:/config
        - /mnt/data/downloads:/downloads
      environment:
        CREATE_TUN_DEVICE: "true"
        OPENVPN_PROVIDER: FASTESTVPN
        OPENVPN_USERNAME: $FASTEST_USERNAME
        OPENVPN_PASSWORD: $FASTEST_PASSWORD
        OPENVPN_CONFIG: "France-UDP"
        LOCAL_NETWORK: "172.0.0.0/8"
        PUID: $UID
        PGID: $GID
        TZ: $TZ
        UMASK_SET: $UMASK
        TRANSMISSION_RPC_AUTHENTICATION_REQUIRED: "false"
        TRANSMISSION_RPC_HOST_WHITELIST: "127.0.0.1,172.0.0.0/8,178.63.63.219"
        TRANSMISSION_RPC_PASSWORD: ${ROOT_PASSWORD}
        TRANSMISSION_RPC_USERNAME: $ADMIN_EMAIL
        TRANSMISSION_UMASK: 002
        TRANSMISSION_RATIO_LIMIT: 0.01
        TRANSMISSION_RATIO_LIMIT_ENABLED: "true"
        TRANSMISSION_ALT_SPEED_DOWN: 40000
        TRANSMISSION_ALT_SPEED_ENABLED: "false"
        TRANSMISSION_ALT_SPEED_UP: 250
        TRANSMISSION_SPEED_LIMIT_DOWN: 80000
        TRANSMISSION_SPEED_LIMIT_DOWN_ENABLED: "true"
        TRANSMISSION_SPEED_LIMIT_UP: 500
        TRANSMISSION_SPEED_LIMIT_UP_ENABLED: "true"
        TRANSMISSION_INCOMPLETE_DIR: /downloads/torrent/incomming
        TRANSMISSION_INCOMPLETE_DIR_ENABLED: "true"
        TRANSMISSION_WATCH_DIR: /downloads/torrent/watched
        TRANSMISSION_WATCH_DIR_ENABLED: "true"
        TRANSMISSION_DOWNLOAD_DIR: /downloads/torrent/complete
        LOG_TO_STDOUT: "true"
      labels:
        - "com.centurylinklabs.watchtower.enable=true"
        - "traefik.enable=true"
        ## HTTP Routers
        - "traefik.http.routers.transmission-rtr.entrypoints=https"
        - "traefik.http.routers.transmission-rtr.tls=true"
        - "traefik.http.routers.transmission-rtr.rule=Host(`transmission.$DOMAINNAME`)"
        - "traefik.http.routers.transmission-rtr.priority=99"
        ## Middlewares
        - "traefik.http.routers.transmission-rtr.middlewares=chain-oauth@file"
        ## HTTP Services
        - "traefik.http.routers.transmission-rtr.service=transmission-svc"
        - "traefik.http.services.transmission-svc.loadbalancer.server.port=9091"

Logs

REQUIRED

Starting container with revision: 9fae5acbd73f8c8f51fdaef4921447f03b324913
Creating TUN device /dev/net/tun
Using OpenVPN provider: FASTESTVPN
Starting OpenVPN using config France-UDP.ovpn
Setting OpenVPN credentials...
adding route to local network 172.0.0.0/8 via 172.25.0.1 dev eth0
2021-06-09 00:04:09 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2021-06-09 00:04:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2021-06-09 00:04:09 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021-06-09 00:04:09 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021-06-09 00:04:09 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2021-06-09 00:04:09 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2021-06-09 00:04:09 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2021-06-09 00:04:09 TCP/UDP: Preserving recently used remote address: [AF_INET]37.59.172.213:4443
2021-06-09 00:04:09 UDP link local: (not bound)
2021-06-09 00:04:09 UDP link remote: [AF_INET]37.59.172.213:4443
2021-06-09 00:05:09 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2021-06-09 00:05:09 TLS Error: TLS handshake failed
2021-06-09 00:05:09 SIGUSR1[soft,tls-error] received, process restarting

Host system

REQUIRED

Ubuntu 20.04
Hetzner dedicated server (Ryzen 3700x)
Docker version 20.10.7, build f0df350 

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

OPENVPN_PROVIDER: 'NORDVPN'
NORDVPN_COUNTRY: 'CA'
NORDVPN_PROTOCOL: 'udp'
NORDVPN_CATEGORY: 'P2P'

Current Behavior

Best NordVPN server is selected in any country.

Expected Behavior

Only the recommended server in Canada should be selected.

How have you tried to solve the problem?

I have tried to use CA and Canada as value for NORDVPN_COUNTRY but neither are visible in the logs are being used. The UDP and P2P settings are being used correctly.

When adding the OPENVPN_CONFIG value with any value (just not empty), the log shows the use of the country code and selects the recommended server in that country however the config supplied in OPENVPN_CONFIG is also downloaded and is also the actual config being used. If no config is found based on the OPENVPN_CONFIG value, it will provide an error that is was not able to download the config and the container stops and does not use the recommended server it detected based on the country code.

So it looks like the country code only works when a value is provided into OPENVPN_CONFIG but is not actually used at all. The OPENVPN_CONFIG seems to override it.

Log output

When not using OPENVPN_CONFIG env:

│
│ Provider NORDVPN has a custom startup script, executing it │
│ Downloading user specified config. NORDVPN_PROTOCOL is set to: udp │
│ 2021-09-13 18:25:50 Checking curl installation │
│ 2021-09-13 18:25:50 Removing existing configs │
│ 2021-09-13 18:25:50 Selecting the best server... │
│ 2021-09-13 18:25:50 Searching for group: legacy_p2p │
│ 2021-09-13 18:25:50 Searching for technology: openvpn_udp │
│ 2021-09-13 18:25:50 Best server : fr668.nordvpn.com │
│ 2021-09-13 18:25:50 Downloading config: default.ovpn │
│ 2021-09-13 18:25:50 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/fr668.nordvpn.com.udp.ovpn │
│ 2021-09-13 18:25:50 Using OpenVPN CONFIG :: │
│ 2021-09-13 18:25:50 Downloading config: .ovpn │
│ 2021-09-13 18:25:50 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn │
│ INFO: Found OpenVPN configuration: "" for provider "NORDVPN" using it

When using OPENVPN_CONFIG env with value fr668.nordvpn.com:

│ Provider NORDVPN has a custom startup script, executing it │
│ Downloading user specified config. NORDVPN_PROTOCOL is set to: udp │
│ 2021-09-13 18:31:25 Checking curl installation │
│ 2021-09-13 18:31:25 Removing existing configs │
│ 2021-09-13 18:31:25 Selecting the best server... │
│ 2021-09-13 18:31:25 Searching for country : ca (38) │
│ 2021-09-13 18:31:25 Searching for group: legacy_p2p │
│ 2021-09-13 18:31:25 Searching for technology: openvpn_udp │
│ 2021-09-13 18:31:25 Best server : ca1064.nordvpn.com │
│ 2021-09-13 18:31:25 Downloading config: default.ovpn │
│ 2021-09-13 18:31:25 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/ca1064.nordvpn.com.udp.ovpn │
│ 2021-09-13 18:31:25 Using OpenVPN CONFIG :: fr668.nordvpn.com │
│ 2021-09-13 18:31:25 Downloading config: fr668.nordvpn.com.ovpn │
│ 2021-09-13 18:31:25 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/fr668.nordvpn.com.udp.ovpn │
│ INFO: Found OpenVPN configuration: "fr668.nordvpn.com" for provider "NORDVPN" using it

Environment

- OS: Ubuntu 20.04
- Kubernetes: v1.21.3

Anything else?

No response

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

mullvad

Where are the configs?

REQUIRED

https://mullvad.net/en/account/#/openvpn-config/

Additional context

Optional

Similar to https://mullvad.net/en/account/#/openvpn-config/, I don't quite understand how to get port forwarding
 to work with mullvad. Transmission reports the port as "closed". Mullvad offers port forwarding, but on demand 
and via a random port only, so it would be nice to pass this in with the docker run command somehow? 
Happy to help with documenting it if someone can point me in the right direction.

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

relevent environment variables:

OPENVPN_PROVIDER=NORDVPN
NORDVPN_COUNTRY=KR
NORDVPN_CATEGORY=legacy_p2p
NORDVPN_PROTOCOL=tcp

Current Behavior

I recently changed VPN providers from PIA to NordVPN. I have gotten Nord to connect successfully, however I'm having issues with seeding torrents. They appear as seeded, but peers are unable to download them from me. I believe this is because NordVPN does not offer port forwarding. PIA was working great with port forwarding.

I've seen this exact behavior when I was previously using PIA locally with Transmission with port forwarding off. I was able to download, but peers couldn't grab from me. I moved to this docker image in order to resolve that issue. And it was resolved until I changed providers.

What are my options?

Expected Behavior

peers would be able to download my torrents

How have you tried to solve the problem?

google mostly. I can see plenty of other people using Nord, however I can't find any solutions. I can only find a post that essentially says don't use Nord.

Log output

2022-03-09 17:03:29 Searching for technology: openvpn_tcp
2022-03-09 17:03:29 Best server : us9451.nordvpn.com
2022-03-09 17:03:29 Downloading config: default.ovpn
2022-03-09 17:03:29 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/us9451.nordvpn.com.tcp.ovpn
2022-03-09 17:03:29 Selecting the best server...
2022-03-09 17:03:29 Searching for country : KR (114)
2022-03-09 17:03:29 Searching for technology: openvpn_tcp
2022-03-09 17:03:29 Best server : kr40.nordvpn.com
2022-03-09 17:03:29 Downloading config: kr40.nordvpn.com.ovpn
2022-03-09 17:03:29 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/kr40.nordvpn.com.tcp.ovpn
Starting OpenVPN using config kr40.nordvpn.com.ovpn
Modifying /etc/openvpn/nordvpn/kr40.nordvpn.com.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 172.17.0.1 dev eth0
Wed Mar 9 17:03:32 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Wed Mar 9 17:03:32 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Mar 9 17:03:32 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Mar 9 17:03:32 2022 NOTE: --fast-io is disabled since we are not using UDP
Wed Mar 9 17:03:32 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Mar 9 17:03:32 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Wed Mar 9 17:03:32 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]172.107.194.171:443
Wed Mar 9 17:03:32 2022 Socket Buffers: R=[131072->131072] S=[16384->16384]
Wed Mar 9 17:03:32 2022 Attempting to establish TCP connection with [AF_INET]172.107.194.171:443 [nonblock]
Wed Mar 9 17:03:33 2022 TCP connection established with [AF_INET]172.107.194.171:443
Wed Mar 9 17:03:33 2022 TCP_CLIENT link local: (not bound)
Wed Mar 9 17:03:33 2022 TCP_CLIENT link remote: [AF_INET]172.107.194.171:443
Wed Mar 9 17:03:33 2022 TLS: Initial packet from [AF_INET]172.107.194.171:443, sid=5f73f95b 45b918d1
Wed Mar 9 17:03:33 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Mar 9 17:03:34 2022 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Wed Mar 9 17:03:34 2022 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
Wed Mar 9 17:03:34 2022 VERIFY KU OK
Wed Mar 9 17:03:34 2022 Validating certificate extended key usage
Wed Mar 9 17:03:34 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Mar 9 17:03:34 2022 VERIFY EKU OK
Wed Mar 9 17:03:34 2022 VERIFY OK: depth=0, CN=kr40.nordvpn.com
Wed Mar 9 17:03:35 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Wed Mar 9 17:03:35 2022 [kr40.nordvpn.com] Peer Connection Initiated with [AF_INET]172.107.194.171:443
Wed Mar 9 17:03:36 2022 SENT CONTROL [kr40.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Wed Mar 9 17:03:36 2022 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.1.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: timers and/or timeouts modified
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: compression parms modified
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Wed Mar 9 17:03:36 2022 Socket Buffers: R=[131072->425984] S=[87040->425984]
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --ifconfig/up options modified
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: route options modified
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: route-related options modified
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: peer-id set
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: adjusting link_mtu to 1659
Wed Mar 9 17:03:36 2022 OPTIONS IMPORT: data channel crypto options modified
Wed Mar 9 17:03:36 2022 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Mar 9 17:03:36 2022 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 9 17:03:36 2022 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Mar 9 17:03:36 2022 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
Wed Mar 9 17:03:36 2022 TUN/TAP device tun0 opened
Wed Mar 9 17:03:36 2022 TUN/TAP TX queue length set to 100
Wed Mar 9 17:03:36 2022 /sbin/ip link set dev tun0 up mtu 1500
Wed Mar 9 17:03:36 2022 /sbin/ip addr add dev tun0 10.7.1.2/24 broadcast 10.7.1.255
Wed Mar 9 17:03:36 2022 /etc/openvpn/tunnelUp.sh tun0 1500 1587 10.7.1.2 255.255.255.0 init
Up script executed with tun0 1500 1587 10.7.1.2 255.255.255.0 init
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.7.1.2
Updating Transmission settings.json with values from env variables
Using existing settings.json for Transmission /config/settings.json
Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.7.1.2
Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /mnt/2TB_1/Torrents
Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /mnt/2TB_1/Torrents
Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091
Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /mnt/2TB_1/Black Hole
sed'ing True to true
Enforcing ownership on transmission config directories
Applying permissions to transmission config directories
Setting owner for transmission paths to 1000:1000
Setting permissions for download and incomplete directories
�
2
Directories: 775
Files: 664
Setting permission for watch directory (775) and its files (664)

Transmission will run as

User name: abc
User uid: 1000
User gid: 1000

STARTING TRANSMISSION
Transmission startup script complete.
Wed Mar 9 17:04:17 2022 /sbin/ip route add 172.107.194.171/32 via 172.17.0.1
Wed Mar 9 17:04:17 2022 /sbin/ip route add 0.0.0.0/1 via 10.7.1.1
Wed Mar 9 17:04:17 2022 /sbin/ip route add 128.0.0.0/1 via 10.7.1.1
Wed Mar 9 17:04:17 2022 Initialization Sequence Completed

HW/SW Environment

- OS: Ubuntu Mate
- Docker: not relevent in this case

Anything else?

No response

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

Any (testing via expressVPN)

Anything else?

This is more a suggestion than a bug report.

Currently your repository is pretty manual, meaning you add e.g. ovpn files from expressVPN/any provider to the respective folder and push that. I see you have a test_provider.py script to test these first.

I see some automation potential here, you could write a script, which downloads all ovpn config files from each provider (curl in a shell script?) (daily/weekly), compares the list of downloaded ovpn files with the files of the repo and adds new / removes old ones (to keep a clean commit history).

To achive this as an automated task, you could create a job for each vpn provider in github actions, which does this and commits/pushes updates automatically, which would perhaps save you a lot of maintenance time.

Lately i created 10 docker containers to see 2 of them not working due to ovpn file not existing, being:

my_expressvpn_hong_kong_-_4_udp.ovpn
my_expressvpn_japan_-_tokyo_-_3_udp.ovpn

If you like the idea, i could create a pull request with automation for expressVPN, so you have a template and can use that for other providers and/or generify.

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• I have checked the container repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

I'm using Kubernetes, here is my deployment:

kind: Deployment
apiVersion: apps/v1
metadata:
  name: torrent-transmission-openvpn
  namespace: media
spec:
  replicas: 1
  selector:
    matchLabels:
      app: transmission-openvpn
      release: torrent
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: transmission-openvpn
        release: torrent
    spec:
      volumes:
        - name: downloads
          persistentVolumeClaim:
            claimName: torrent-pvc
        - name: config
          secret:
            secretName: windscribe-uk-udp-1194
            defaultMode: 420
        - name: auth-user-pass
          secret:
            secretName: windscribe-user-pass
            defaultMode: 420
        - name: dev-tun
          hostPath:
            path: /dev/net/tun
            type: ''
      containers:
        - name: transmission-openvpn
          image: haugene/transmission-openvpn:latest
          ports:
            - name: http
              containerPort: 9091
              protocol: TCP
          env:
            - name: OPENVPN_PROVIDER
              value: WINDSCRIBE
            - name: OPENVPN_USERNAME
              valueFrom:
                secretKeyRef:
                  name: windscribe-credentials
                  key: username
            - name: OPENVPN_PASSWORD
              valueFrom:
                secretKeyRef:
                  name: windscribe-credentials
                  key: password
            - name: TRANSMISSION_RPC_USERNAME
              value: foo
            - name: TRANSMISSION_RPC_PASSWORD
              value: foo
            - name: TRANSMISSION_PEER_PORT
              value: '47444'
            - name: TRANSMISSION_RPC_AUTHENTICATION_REQUIRED
              value: 'true'
            - name: TRANSMISSION_DOWNLOAD_DIR
              value: /downloads/transmission
            - name: PUID
              value: '1000'
            - name: PGID
              value: '1000'
          resources: {}
          volumeMounts:
            - name: downloads
              mountPath: /data
              subPath: configs/transmission-data
            - name: downloads
              mountPath: /downloads/transmission
              subPath: downloads/transmission
            - name: config
              mountPath: /etc/openvpn/custom/default.ovpn
              subPath: openvpn.conf
            - name: dev-tun
              mountPath: /dev/net/tun
            - name: auth-user-pass
              mountPath: /config/openvpn-credentials.txt
              subPath: openvpn-credentials.txt
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      dnsPolicy: None
      securityContext: {}
      schedulerName: default-scheduler
      dnsConfig:
        nameservers:
          - 8.8.8.8
          - 8.8.4.4

Here is the config file I'm using from the secret windscribe-uk-udp-1194 :
I obtained it from windscribe website directly, generated for openvpn version 2.6+

client
dev tun
proto udp
remote lhr-171.whiskergalaxy.com 1194
verify-x509-name lhr-171.windscribe.com name

nobind
auth-user-pass /config/openvpn-credentials.txt

resolv-retry infinite

cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
auth SHA512

verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun

key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
MIIF5zCCA8+gAwIBAgIUXKzAwOtQBNDoTXcnwR7GxbVkRqAwDQYJKoZIhvcNAQEL
BQAwezELMAkGA1UEBhMCQ0ExCzAJBgNVBAgMAk9OMRAwDgYDVQQHDAdUb3JvbnRv
MRswGQYDVQQKDBJXaW5kc2NyaWJlIExpbWl0ZWQxEDAOBgNVBAsMB1N5c3RlbXMx
HjAcBgNVBAMMFVdpbmRzY3JpYmUgTm9kZSBDQSBYMTAeFw0yMTA3MDYyMTM5NDNa
Fw0zNzA3MDIyMTM5NDNaMHsxCzAJBgNVBAYTAkNBMQswCQYDVQQIDAJPTjEQMA4G
A1UEBwwHVG9yb250bzEbMBkGA1UECgwSV2luZHNjcmliZSBMaW1pdGVkMRAwDgYD
VQQLDAdTeXN0ZW1zMR4wHAYDVQQDDBVXaW5kc2NyaWJlIE5vZGUgQ0EgWDEwggIi
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDg/79XeOvthNbhtocxaJ6raIsr
lSrnUJ9xAyYHJV+auT4ZlACNE54NVhrGPBEVdNttUdezHaPUlQA+XTWUPlHMayIg
9dsQEFdHH3StnFrjYBzeCO76trPZ8McU6PzW+LqNEvFAwtdKjYMgHISkt0YPUPdB
7vED6yqbyiIAlmN5u/uLG441ImnEq5kjIQxVB+IHhkV4O7EuiKOEXvsKdFzdRACi
4rFOq9Z6zK2Yscdg89JvFOwIm1nY5PMYpZgUKkvdYMcvZQ8aFDaArniu+kUZiVyU
tcKRaCUCyyMM7iiN+5YV0vQ0Etv59ldOYPqL9aJ6QeRG9Plq5rP8ltbmXJRBO/kd
jQTBrP4gYddt5W0uv5rcMclZ9te0/JGl3Os3Gps5w7bYHeVdYb3j0PfsJAQ5WrM+
hS5/GaX3ltiJKXOA9kwtDG3YpPqvpMVAqpM6PFdRwTH62lOemVAOHRrThOVbclqp
Ebe3zH59jwSML5WXgVIfwrpcpndj2uEyKS50y30GzVBIn5M1pcQJJplYuBp8nVGC
qA9AVV+JHffVP/JrkvEJzhui8M5SVnkzmAK3i+rwL0NMRJKwKaSm1uJVvJyoXMMN
TEcu1lqnSl+i2UlIYAgeqeT//D9zcNgcOdP8ix6NhFChjE1dvNFv8mXxkezmu+et
PpQZTpgc1eBZvAAojwIDAQABo2MwYTAdBgNVHQ4EFgQUVLNKLT/c9fTG4BJ+6rTZ
kPjS4RgwHwYDVR0jBBgwFoAUVLNKLT/c9fTG4BJ+6rTZkPjS4RgwDwYDVR0TAQH/
BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAF4Bpc0X
dBsgF3WSeRLJ6t2J7vOjjMXBePwSL0g6GDjLpKW9sz9F3wfXaK5cKjY5tj5NEwmk
Vbqa+BXg4FWic0uLinI7tx7sLtvqHrKUFke35L8gjgIEpErg8nmBPokEVsmCcfYY
utwOi2IGikurpY29O4HniDY9baXp8kvwn1T92ZwF9G5SGzxc9Y0rGs+BwmDZu58I
hID3aqAJ16aHw5FHQWGUxje5uNbEUFdVaj7ODvznM6ef/5sAFVL15mftsRokLhCn
DdEjI/9QOYQoPrKJAudZzbWeOux3k93SehS7UWDZW4AFz/7XTaWL79tLqqtTI6Li
uHn73enHgH6BlsH3ESB+Has6Rn7aH0wBByLQ9+NYIfAwXUCd4nevUXeJ3r/aORi3
67ATj1yb3J8llFCsoc/PT7a+PxDT8co2m6TtcRK3mFT/71svWB0zy7qAtSWT1C82
W5JFkhkP44UMLwGUuJsrYy2qAZVru6Jp6vU/zOghLp5kwa1cO1GEbYinvoyTw4Xk
OuaIfEMUZA10QCCW8uocxqIZXTzvF7LaqqsTCcAMcviKGXS5lvxLtqTEDO5rYbf8
n71J2qUyUQ5yYTE0UFQYiYTuvCbtRg2TJdQy05nisw1O8Hm2erAmUveSTr3CWZ/a
v7Dtup352gRS6qxW4w0jRN3NLfLyazK/JjTX
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
5801926a57ac2ce27e3dfd1dd6ef8204
2d82bd4f3f0021296f57734f6f1ea714
a6623845541c4b0c3dea0a050fe6746c
b66dfab14cda27e5ae09d7c155aa554f
399fa4a863f0e8c1af787e5c602a801d
3a2ec41e395a978d56729457fe6102d7
d9e9119aa83643210b33c678f9d4109e
3154ac9c759e490cb309b319cf708cae
83ddadc3060a7a26564d1a24411cd552
fe6620ea16b755697a4fc5e6e9d0cfc0
c5c4a1874685429046a424c026db672e
4c2c492898052ba59128d46200b40f88
0027a8b6610a4d559bdc9346d33a0a6b
08e75c7fd43192b162bfd0aef0c716b3
1584827693f676f9a5047123466f0654
eade34972586b31c6ce7e395f4b478cb
-----END OpenVPN Static key V1-----
</tls-auth>

username
password

Current Behavior

When the pod starts I get the error AUTH_FAILED:

Expected Behavior

Authentication to work

How have you tried to solve the problem?

• Tried different locations from Windscribe.
• Tried tcp/udp.
• Tried configuration files from: https://github.com/haugene/vpn-configs-contrib/blob/main/openvpn/windscribe/

Log output

Here is a complete log:

Starting container with revision: 8cc1870cc039201e0e2f8b7684a9f4e96ae03ab9
Creating TUN device /dev/net/tun
mknod: /dev/net/tun: File exists
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.Jr4ukIUBWb
Extracting configs to /tmp/tmp.Y2ALqRDBwC
Found configs for WINDSCRIBE in /tmp/tmp.Y2ALqRDBwC/vpn-configs-contrib-main/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Cleanup: deleting /tmp/tmp.Jr4ukIUBWb and /tmp/tmp.Y2ALqRDBwC
No VPN configuration provided. Using default.
Modifying /etc/openvpn/windscribe/default.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
/etc/openvpn/start.sh: line 160: /config/openvpn-credentials.txt: Read-only file system
/etc/openvpn/start.sh: line 161: /config/openvpn-credentials.txt: Read-only file system
chmod: changing permissions of '/config/openvpn-credentials.txt': Read-only file system
Fri Feb 18 17:54:13 2022 WARNING: file '/config/openvpn-credentials.txt' is group or others accessible
Fri Feb 18 17:54:13 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 19 2021
Fri Feb 18 17:54:13 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Fri Feb 18 17:54:13 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Feb 18 17:54:13 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Feb 18 17:54:13 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Feb 18 17:54:13 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]103.108.92.83:1194
Fri Feb 18 17:54:13 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Feb 18 17:54:13 2022 UDP link local: (not bound)
Fri Feb 18 17:54:13 2022 UDP link remote: [AF_INET]103.108.92.83:1194
Fri Feb 18 17:54:13 2022 TLS: Initial packet from [AF_INET]103.108.92.83:1194, sid=09680171 36ec70dd
Fri Feb 18 17:54:13 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Feb 18 17:54:13 2022 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
Fri Feb 18 17:54:13 2022 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
Fri Feb 18 17:54:13 2022 VERIFY KU OK
Fri Feb 18 17:54:13 2022 Validating certificate extended key usage
Fri Feb 18 17:54:13 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Fri Feb 18 17:54:13 2022 VERIFY EKU OK
Fri Feb 18 17:54:13 2022 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=adl-354.windscribe.com
Fri Feb 18 17:54:13 2022 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=adl-354.windscribe.com
Fri Feb 18 17:54:14 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Fri Feb 18 17:54:14 2022 [adl-354.windscribe.com] Peer Connection Initiated with [AF_INET]103.108.92.83:1194
Fri Feb 18 17:54:15 2022 SENT CONTROL [adl-354.windscribe.com]: 'PUSH_REQUEST' (status=1)
Fri Feb 18 17:54:15 2022 AUTH: Received control message: AUTH_FAILED
Fri Feb 18 17:54:15 2022 SIGTERM[soft,auth-failure] received, process exiting

Environment

- OS: Debian 11
- Containerd: 1.4.9
- Kubernetes: 1.22.2

Anything else?

No response

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

OPENVPN_PROVIDER=NORDVPN
NORDVPN_COUNTRY=CA
NORDVPN_CATEGORY=legacy_p2p
NORDVPN_PROTOCOL=tcp
OPENVPN_USERNAME=EMAIL
OPENVPN_PASSWORD=PASSWORD
LOCAL_NETWORK=192.168.10.0/24
PUID=1000
PGID=1000

Current Behavior

Looping this message

Starting container with revision: 25b9724178f48227084f5a462b82b1fbc087498d


Creating TUN device /dev/net/tun


Using OpenVPN provider: NORDVPN


Running with VPN_CONFIG_SOURCE auto


Provider NORDVPN has a bundled setup script. Defaulting to internal config


Executing setup script for NORDVPN


2022-02-03 05:28:32 Checking curl installation


2022-02-03 05:28:32 Removing existing configs


2022-02-03 05:28:32 Selecting the best server...


parse error: Invalid numeric literal at line 1, column 7


2022-02-03 05:28:32 Searching for technology: openvpn_tcp


parse error: Invalid numeric literal at line 1, column 7


2022-02-03 05:28:32 Unable to find a server with the specified parameters, using any recommended server


parse error: Invalid numeric literal at line 1, column 7


2022-02-03 05:28:32 Best server : 


2022-02-03 05:28:32 Downloading config: default.ovpn


2022-02-03 05:28:32 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/.tcp.ovpn


2022-02-03 05:28:32 Selecting the best server...


parse error: Invalid numeric literal at line 1, column 7

Expected Behavior

It to work like it used to, the webUI to start and the VPN to connect.

How have you tried to solve the problem?

I tried 2.4, 4.0, latest nothing works. I don't even know what this error means to begin to debug it. Every issue that someone had anything similar was because of Synology. I do not run that, I am running docker on a Ubuntu Server 20.04 LTS. This container used to be working fine until I rebooted it to pull latest and now it doesn't work.

I have also tried deleting and re-creating the container, same issue. I have also tried making sure all of the missing NORDVPN config ENV variables are properly set. I tried giving a privileged container, and removing it like one workaround said to try. Still nothing.

Log output

Starting container with revision: 25b9724178f48227084f5a462b82b1fbc087498d,
Creating TUN device /dev/net/tun,
Using OpenVPN provider: NORDVPN,
Running with VPN_CONFIG_SOURCE auto,
Provider NORDVPN has a bundled setup script. Defaulting to internal config,
Executing setup script for NORDVPN,
2022-02-03 05:30:14 Checking curl installation,
2022-02-03 05:30:14 Removing existing configs,
2022-02-03 05:30:14 Selecting the best server...,
parse error: Invalid numeric literal at line 1, column 7,
2022-02-03 05:30:14 Searching for technology: openvpn_tcp,
parse error: Invalid numeric literal at line 1, column 7,
2022-02-03 05:30:14 Unable to find a server with the specified parameters, using any recommended server,
parse error: Invalid numeric literal at line 1, column 7,
2022-02-03 05:30:14 Best server : ,
2022-02-03 05:30:14 Downloading config: default.ovpn,
2022-02-03 05:30:14 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/.tcp.ovpn,
2022-02-03 05:30:14 Selecting the best server...,
parse error: Invalid numeric literal at line 1, column 7,
parse error: Invalid numeric literal at line 1, column 7,
2022-02-03 05:30:14 Searching for technology: openvpn_tcp,
parse error: Invalid numeric literal at line 1, column 7,
2022-02-03 05:30:14 Unable to find a server with the specified parameters, using any recommended server,
parse error: Invalid numeric literal at line 1, column 7,
2022-02-03 05:30:14 Best server : ,
2022-02-03 05:30:14 Downloading config: .ovpn,
2022-02-03 05:30:14 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/.tcp.ovpn,
No VPN configuration provided. Using default.,
Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container,
Modification: Point auth-user-pass option to the username/password file,
Modification: Change ca certificate path,
Modification: Change ping options,
Modification: Update/set resolv-retry to 15 seconds,
Modification: Change tls-crypt keyfile path,
Modification: Set output verbosity to 3,
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop,
Setting OpenVPN credentials...,
adding route to local network 192.168.10.0/24 via 172.17.0.1 dev eth0,
Options error: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/nordvpn/default.ovpn:1: html (2.4.7),
Use --help for more information.

Environment

- OS:Ubuntu 20.04 LTS
- Docker:
Client:
 Version:           20.10.7
 API version:       1.41
 Go version:        go1.13.8
 Git commit:        20.10.7-0ubuntu5~18.04.3
 Built:             Mon Nov  1 01:04:14 2021
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.7
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.13.8
  Git commit:       20.10.7-0ubuntu5~18.04.3
  Built:            Fri Oct 22 00:57:37 2021
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.5.5-0ubuntu3~18.04.1
  GitCommit:        
 runc:
  Version:          1.0.1-0ubuntu2~18.04.1
  GitCommit:        
 docker-init:
  Version:          0.19.0
  GitCommit:

Anything else?

No response

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

Windscribe

Where are the configs?

REQUIRED

Providers website

Additional context

Optional

https://blog.windscribe.com/openvpn-security-improvements-and-changes-7b04ea49222

VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2, serial=1

OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed ```
<!-- check *Preview Issue* before submitting -->

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

	docker run --detach --restart=always  \
		-v "$datapath":/data \
		-e OPENVPN_PROVIDER="$vpnprovider" \
		-e OPENVPN_USERNAME="$vpnuser" \
		-e OPENVPN_PASSWORD="$vpnpass" \
		-e OPENVPN_OPTS='--inactive 0 --ping 0 --ping-exit 0 --ping-restart 0' \
		-e NORDVPN_CATEGORY='P2P' \
		-e NORDVPN_COUNTRY="$vpncountry" \
		-e NORDVPN_PROTOCOL="$vpnprotocol" \
		-e LOCAL_NETWORK=192.168.0.0/16 \
		-e HEALTH_CHECK_HOST='api.nordvpn.com' \
		-e TRANSMISSION_WEB_UI=flood-for-transmission \
		-e WEBPROXY_ENABLED=false \
		--restart unless-stopped \
		--log-driver json-file \
		--log-opt max-size=10m \
		--cap-add=NET_ADMIN \
		--net=bridge --dns="$dnsip" \
		-p "$seedboxport":"$seedboxport" \
		"$image"

	# https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
	# https://haugene.github.io/docker-transmission-openvpn/config-options/#health_check_option
	# Because your VPN connection can sometimes fail, Docker will run a health check on this container every 5 minutes to see if the container is still connected to the internet. By default, this check is done by pinging google.com once. You change the host that is pinged.

	# Wed Oct 20 17:35:57 2021 [au620.nordvpn.com] Inactivity timeout (--ping-restart), restarting
	# -e OPENVPN_OPTS='--inactive 3600 --ping 10 --ping-exit 60' \
	# when used on both peers will cause OpenVPN to exit within 60 seconds if its peer disconnects, but will exit after one hour if no actual tunnel data is exchanged.

	# -e OPENVPN_OPTS='--pull-filter ignore ping' \
	# --restart unless-stopped \

	# -e OPENVPN_OPTS='--inactive 0' \

	# -e TZ=UTC \
	# --sysctl net.ipv6.conf.all.disable_ipv6=0 \
   # restart: unless-stopped
	# -e NORDVPN_PROTOCOL=tcp

Current Behavior

After a seemingly random amount of time, the container stops automatically and has to be manually started again. This issue has persisted for at least a week. With the amount of time for termination being 30 mins to less than a day.

Expected Behavior

Container should not stop.

How have you tried to solve the problem?

I've tried upgrading to the latest image, which causes reverification of all torrents, which can cause inactivity timeouts with nordvpn, as such I've tried various configuration permutations to address this issue, and address the initial inactivity timeouts while the torrents are reverifying.

I've searched dozens of issues, and the various documentation pages. All current issues reporting such errors have been marked as resolved, so opening a new issue.

I've also tried updating all apt packages, and reinstalling docker.

Log output

Thu Oct 21 01:24:46 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #2923243 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:24:46 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #2923244 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:28:27 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3086163 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:28:27 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3086164 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:29:03 2021 TLS: tls_process: killed expiring key
Thu Oct 21 01:29:04 2021 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Thu Oct 21 01:29:04 2021 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA6
Thu Oct 21 01:29:04 2021 VERIFY KU OK
Thu Oct 21 01:29:04 2021 Validating certificate extended key usage
Thu Oct 21 01:29:04 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Oct 21 01:29:04 2021 VERIFY EKU OK
Thu Oct 21 01:29:04 2021 VERIFY OK: depth=0, CN=au547.nordvpn.com
Thu Oct 21 01:29:06 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Oct 21 01:29:06 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Oct 21 01:29:06 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Thu Oct 21 01:29:14 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3123695 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:29:14 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3123696 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:29:16 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3125832 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:29:16 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3125833 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:29:16 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3125836 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:29:16 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3125837 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:29:16 2021 AEAD Decrypt error: bad packet ID (may be a replay): [ #3125838 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Thu Oct 21 01:38:48 2021 [au547.nordvpn.com] Inactivity timeout (--ping-restart), restarting
Thu Oct 21 01:38:48 2021 SIGTERM received, sending exit notification to peer
Thu Oct 21 01:38:49 2021 /etc/openvpn/tunnelDown.sh tun0 1500 1585 10.8.1.3 255.255.255.0 init
resolv.conf was restored
Sending kill signal to transmission-daemon
Successfuly closed transmission-daemon
Thu Oct 21 01:38:50 2021 /sbin/ip route del 45.248.78.3/32
Thu Oct 21 01:38:50 2021 /sbin/ip route del 0.0.0.0/1
Thu Oct 21 01:38:50 2021 /sbin/ip route del 128.0.0.0/1
Thu Oct 21 01:38:50 2021 Closing TUN/TAP interface
Thu Oct 21 01:38:50 2021 /sbin/ip addr del dev tun0 10.8.1.3/24
Thu Oct 21 01:38:50 2021 SIGTERM[soft,exit-with-notification] received, process exiting

Environment

- OS: Ubuntu 21.04 on a Raspberry Pi 4
- Docker: Docker version 20.10.9, build c2ea9bc
- DNS is directed to an AdGuard Home instance on a separate Raspberry Pi 4 to prevent DNS Interception issues

> docker ps -a
CONTAINER ID   IMAGE                          COMMAND                  CREATED        STATUS                    PORTS                                                 NAMES
01244b2df821   haugene/transmission-openvpn   "dumb-init /etc/open…"   16 hours ago   Up 16 hours (unhealthy)   8118/tcp, 0.0.0.0:9091->9091/tcp, :::9091->9091/tcp   affectionate_dhawan

> docker images -a
REPOSITORY                     TAG       IMAGE ID       CREATED       SIZE
haugene/transmission-openvpn   latest    01bdfc8f7cbb   5 days ago    265MB
hello-world                    latest    18e5af790473   3 weeks ago   9.14kB
alpine                         latest    bb3de5531c18   7 weeks ago   5.34MB

Anything else?

So I've tried -e OPENVPN_OPTS='--inactive 0 --ping 0 --ping-exit 0 --ping-restart 0' to disable such inactivity checks, using only the HEALTH_CHECK_HOST as the only connection check.

I have not tried adding --pull-filter ignore ping to those options, as it seems it would be unneeded with that combination, however I am not knowledgeable about this.

I have not tried --restart always as I am under the impression that will prevent the container from being stopped manually, however I am not knowledgeable about this.

I have not yet tried NORDVPN_PROTOCOL=tcp

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

transmission-openvpn:
container_name: transmission-openvpn
image: haugene/transmission-openvpn
cap_add:
- NET_ADMIN
network_mode: bridge
restart: unless-stopped
volumes:
- /etc/localtime:/etc/localtime:ro
- /dev/net:/dev/net:z
- /volume1/video/downloads:/data
environment:
- OPENVPN_PROVIDER=PIA
- OPENVPN_CONFIG=austria,romania,czech_republic
- OPENVPN_USERNAME=***
- 'OPENVPN_PASSWORD=***
- 'OPENVPN_OPTS=--mute-replay-warnings'
- LOCAL_NETWORK=192.168.0.0/24
- TRANSMISSION_WEB_UI=flood-for-transmission
- TRANSMISSION_SCRAPE_PAUSED_TORRENTS_ENABLED=false
- PUID=${PUID}
- PGID=${PGID}
- TZ=${TZ}
logging:
driver: json-file
options:
max-size: 10m
ports:
- 9091:9091
dns:
- 1.1.1.1
- 1.0.0.1

Current Behavior

Package works flawlessly with my 3 public trackers but when I try to add a torrent from a udp based private tracker, it doesn't start downloading/seeding.
When I looked into the log files, I found this line to be the cause of the issue:
Tracker gave HTTP response code 0 (No Response) (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/announcer.c:1085)
I tried checking Enable uTP for peer communication but it didn't help. I tested the tracker on my pc with qbitorrent and it works just fine.

Expected Behavior

Would work even with a private udp based tracker.

How have you tried to solve the problem?

1. Restarted the docker container
2. Restarted my NAS
3. Changed the DNS servers from PIA to Cloudflare

Log output

These are the logs after restart, there's something interesting about UDP not working maybe?
[2021-09-02 14:36:28.466] Transmission 3.00 (bb6b5a062e) started (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/session.c:769) [2021-09-02 14:36:28.467] RPC Server Adding address to whitelist: 127.0.0.1 (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/rpc-server.c:956) [2021-09-02 14:36:28.467] RPC Server Adding address to whitelist: ::1 (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/rpc-server.c:956) [2021-09-02 14:36:28.467] RPC Server Serving RPC and Web requests on 0.0.0.0:9091/transmission/ (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/rpc-server.c:1243) [2021-09-02 14:36:28.467] Port Forwarding Stopped (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/port-forwarding.c:196) [2021-09-02 14:36:28.467] UDP Failed to set receive buffer: requested 4194304, got 425984 (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/tr-udp.c:97) [2021-09-02 14:36:28.467] UDP Please add the line "net.core.rmem_max = 4194304" to /etc/sysctl.conf (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/tr-udp.c:99) [2021-09-02 14:36:28.467] UDP Failed to set send buffer: requested 1048576, got 425984 (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/tr-udp.c:105) [2021-09-02 14:36:28.467] UDP Please add the line "net.core.wmem_max = 1048576" to /etc/sysctl.conf (/home/buildozer/aports/community/transmission/src/transmission-3.00/libtransmission/tr-udp.c:107)

I've attached one line from the logs in the current behavior part, I've read the other logs thoroughly and they don't appear to contain anything important.

Environment

- OS: Synology DSM 7.0
- Docker: 20.10.3
- VPN Provider: PrivateInternetAccess

Anything else?

No response

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

docker run --cap-add=NET_ADMIN -d
-v /media/DataStorage01/Downloads/:/data
-v /etc/localtime:/etc/localtime:ro
-e OPENVPN_PROVIDER=NORDVPN
-e OPENVPN_USERNAME=MegaSecret
-e OPENVPN_PASSWORD=SuperSecret
-e WEBPROXY_ENABLED=false
-e LOCAL_NETWORK=10.0.0.0/24,192.168.1.0/24
--log-driver json-file
--log-opt max-size=10m
-p 9091:9091
--dns 8.8.8.8
--dns 8.8.4.4
-e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60"
-e "TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true"
-e "TRANSMISSION_RPC_ENABLED=true"
-e "TRANSMISSION_RPC_USERNAME=MegaSecret"
-e "TRANSMISSION_RPC_PASSWORD=SuperSecret"
-e CREATE_TUN_DEVICE=true
--restart=always
--name=transmission
haugene/transmission-openvpn:latest

Current Behavior

Was working fine, but decided to update my docker images.

Updated, and now the container restarts every 60 seconds as it can't connect.

Expected Behavior

Connect to VPN

How have you tried to solve the problem?

Checked with NordVPN if they had any issues.
Made sure I can resolve the NordVPN API and Downloads from within the container.
It's also complaining that /etc/openvpn/nordvpn/default.ovpn doesn't exist - which is correct, it's not in the image it seems.

Log output

Starting container with revision: 8744279e2cd191486ca5ae21e8e051b7b1000b71
Creating TUN device /dev/net/tun
Using OpenVPN provider: NORDVPN
Running with VPN_CONFIG_SOURCE auto
Provider NORDVPN has a bundled setup script. Defaulting to internal config
Executing setup script for NORDVPN
2021-09-10 19:35:23 Checking curl installation
2021-09-10 19:35:23 Removing existing configs
2021-09-10 19:35:23 Selecting the best server...
2021-09-10 19:35:23 Searching for technology: openvpn_udp
2021-09-10 19:35:23 Unable to find a server with the specified parameters, using any recommended server
2021-09-10 19:35:23 Best server :
2021-09-10 19:35:23 Downloading config: default.ovpn
2021-09-10 19:35:23 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/.udp.ovpn
curl: (7) Failed to connect to downloads.nordcdn.com port 443: Connection refused
No VPN configuration provided. Using default.
Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
sed: can't read /etc/openvpn/nordvpn/default.ovpn: No such file or directory
Modification: Change ca certificate path
sed: can't read /etc/openvpn/nordvpn/default.ovpn: No such file or directory
Modification: Change ping options
sed: can't read /etc/openvpn/nordvpn/default.ovpn: No such file or directory
sed: can't read /etc/openvpn/nordvpn/default.ovpn: No such file or directory
sed: can't read /etc/openvpn/nordvpn/default.ovpn: No such file or directory
sed: can't read /etc/openvpn/nordvpn/default.ovpn: No such file or directory
Setting OpenVPN credentials...
adding route to local network 10.0.0.0/24 via 172.17.0.1 dev eth0
adding route to local network 192.168.1.0/24 via 172.17.0.1 dev eth0
Fri Sep 10 19:36:23 2021 disabling NCP mode (--ncp-disable) because not in P2MP client or server mode
Options error: You must define TUN/TAP device (--dev)
Use --help for more information.
Starting container with revision: 8744279e2cd191486ca5ae21e8e051b7b1000b71

Environment

- OS: raspbian(Linux 5.10.17-v8+ haugene/docker-transmission-openvpn#1421 SMP PREEMPT Thu May 27 14:01:37 BST 2021 aarch64 GNU/Linux)
- Docker: 20.10.8, build 3967b7d

Anything else?

No response

Before creating this request I have:

REQUIRED

• [x ] Searched for similar provider requests and container issues
• [ x] Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• [ x] Tried to add as much relevant information to the request as possible
• [x ] Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

Windscribe

Where are the configs?

https://windscribe.com/getconfig/openvpn

Additional context

Optional

New configurations can be downloaded from: https://windscribe.com/getconfig/openvpn ```
<!-- check *Preview Issue* before submitting -->

Do you have the latest provider files?

• I have checked that the provider are the latest

Have you tested the provider files?

• I have tested the provider files

Can you create a PR for this config?

• I can create a PR for this

Provider details

The provider is already supported and there's already a script that updates the files.

Anything else?

The privado provider seems to update their servers from time to time, invalidating less used servers like mex-001 and mex-002, so it seems like this kind of update needs to be done from time to time.

Before creating this request I have:

REQUIRED

• Searched for similar provider requests and container issues
• Read the documentation, especially the provider, custom provider, troubleshooting section and FAQ
• Tried to add as much relevant information to the request as possible
• Agreed that my request will be closed if I do not follow this template and will remain closed until I complete the template

Which provider?

REQUIRED

NordVPN

Where are the configs?

REQUIRED

https://nordvpn.com/ovpn/

Additional context

I noticed yesterday that my container was in a constant reboot loop and after digging into the logs, found that it was failing to grab a config file from https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/***.udp.ovpn. Attempting to hit that endpoint outside the container also failed with 502's (which is still the case as of now).

I tried to locate any updates from the Nord side but could see no posting or status messages but after review of their site, it seems they have changed the url where users should download the configs from.

Old Url Example
https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/***.udp.ovpn

New Url Example

https://downloads.nordcdn.com/configs/files/ovpn_legacy/servers/al18.nordvpn.com.udp1194.ovpn
https://downloads.nordcdn.com/configs/files/ovpn_legacy/servers/al18.nordvpn.com.tcp443.ovpn

Hi, can anyone guide me to update fastestvpn config files. No idea what to do . Haugene said to update it in the repo but didn't get anything how to do it . Any help would be appreciated. Fyi I have downloaded all new ovpn files . Thanks again
Fastestvpn_ovpn.zip

Is there a pinned issue for this?

• I have read the pinned issues

Is there an existing or similar issue for this?

• I have searched the existing issues

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to the container/transmission?

• I have checked the container repo for issues

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Config used

transmission-openvpn:
    cap_add:
      - NET_ADMIN
    container_name: transmission-openvpn
    environment:
      - OPENVPN_PROVIDER=PROTONVPN
      - OPENVPN_CONFIG=nl.protonvpn.com.udp,ch.protonvpn.com.udp,se.protonvpn.com.udp,es.protonvpn.com.udp
      - OPENVPN_USERNAME=**None**
      - OPENVPN_PASSWORD=**None**
      - LOCAL_NETWORK=192.168.86.0/24
      - 'TZ=${TZ}'
      - TRANSMISSION_ALT_SPEED_UP=10
      - TRANSMISSION_ALT_SPEED_DOWN=200
      - TRANSMISSION_ALT_SPEED_TIME_ENABLED=true
      - TRANSMISSION_ALT_SPEED_TIME_BEGIN=640
      - TRANSMISSION_ALT_SPEED_TIME_END=1410
      - TRANSMISSION_PEER_SOCKET_TOS='lowcost'
      - TRANSMISSION_RATIO_LIMIT_ENABLED=true
      - TRANSMISSION_RATIO_LIMIT=3
      - TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true
      - TRANSMISSIOB_IDLE_SEEDING_LIMIT=720
    image: haugene/transmission-openvpn
    logging:
      driver: json-file
      options:
        max-size: 10m
    ports:
      - '6767:6767'
      - '7878:7878'
      - '8787:8787'
      - '8989:8989'
      - '9696:9696'
      - '9091:9091'
    restart: unless-stopped
    volumes:
      - '${ROOT}/downloads:/data'
      - './proton-vpn_credentials.txt:/config/openvpn-credentials.txt'

Current Behavior

Container does not start / gets stuck in boot loop. It randomises through all the addresses but get the same issue with all of them.

Expected Behavior

I've used this setup for a while and it's always (mostly) been fine.

The proton VPN configs were changed recently and I switched to them, they were working fine, but it stopped working in the last day or two.

How have you tried to solve the problem?

?

Log output

Creating transmission-openvpn ... done
Attaching to transmission-openvpn
transmission-openvpn    | Starting container with revision: 44c82aa1297b0f4473ad141f2cea326b407d9c22
transmission-openvpn    | Creating TUN device /dev/net/tun
transmission-openvpn    | Using OpenVPN provider: PROTONVPN
transmission-openvpn    | Running with VPN_CONFIG_SOURCE auto
transmission-openvpn    | No bundled config script found for PROTONVPN. Defaulting to external config
transmission-openvpn    | Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.0NGXympSvo
transmission-openvpn    | Extracting configs to /tmp/tmp.8kRWeBWmqc
transmission-openvpn    | Found configs for PROTONVPN in /tmp/tmp.8kRWeBWmqc/vpn-configs-contrib-main/openvpn/protonvpn, will replace current content in /etc/openvpn/protonvpn
transmission-openvpn    | Cleanup: deleting /tmp/tmp.0NGXympSvo and /tmp/tmp.8kRWeBWmqc
transmission-openvpn    | 4 servers found in OPENVPN_CONFIG, se.protonvpn.com.udp chosen randomly
transmission-openvpn    | Starting OpenVPN using config se.protonvpn.com.udp.ovpn
transmission-openvpn    | Modifying /etc/openvpn/protonvpn/se.protonvpn.com.udp.ovpn for best behaviour in this container
transmission-openvpn    | Modification: Point auth-user-pass option to the username/password file
transmission-openvpn    | Modification: Change ca certificate path
transmission-openvpn    | Modification: Change ping options
transmission-openvpn    | Modification: Update/set resolv-retry to 15 seconds
transmission-openvpn    | Modification: Change tls-crypt keyfile path
transmission-openvpn    | Modification: Set output verbosity to 3
transmission-openvpn    | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
transmission-openvpn    | Found existing OPENVPN credentials at /config/openvpn-credentials.txt
transmission-openvpn    | adding route to local network 192.168.86.0/24 via 172.18.0.1 dev eth0
transmission-openvpn    | Fri Jun 24 08:19:53 2022 OpenVPN 2.4.7 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
transmission-openvpn    | Fri Jun 24 08:19:53 2022 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
transmission-openvpn    | Fri Jun 24 08:19:53 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
transmission-openvpn    | Fri Jun 24 08:19:53 2022 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
transmission-openvpn    | Fri Jun 24 08:19:53 2022 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
transmission-openvpn    | Fri Jun 24 08:19:54 2022 RESOLVE: Cannot resolve host address: se.protonvpn.com:4569 (No address associated with hostname)
transmission-openvpn    | Fri Jun 24 08:19:54 2022 RESOLVE: Cannot resolve host address: se.protonvpn.com:4569 (No address associated with hostname)
transmission-openvpn    | Fri Jun 24 08:19:59 2022 RESOLVE: Cannot resolve host address: se.protonvpn.com:4569 (No address associated with hostname)
transmission-openvpn    | Fri Jun 24 08:20:04 2022 RESOLVE: Cannot resolve host address: se.protonvpn.com:4569 (No address associated with hostname)
transmission-openvpn    | Fri Jun 24 08:20:04 2022 Could not determine IPv4/IPv6 protocol
transmission-openvpn    | Fri Jun 24 08:20:04 2022 SIGTERM[soft,init_instance] received, process exiting

^C
Gracefully stopping... (press Ctrl+C again to force)
Stopping transmission-openvpn ... done

Environment

- OS:Raspbian GNU/Linux 10 (buster)
- Docker: 20.10.17

Anything else?

No response