Newest image broken ?
Closed this issue · 13 comments
I use Watchtower to automatically pull the latest images.
About 30 minutes ago, the latest version broke my install.
No internet via proxy, and the the containers running through nordvpn-proxy failed.
Couldn't find any error in the logs of the nordvpn-proxy container
Switching back to v1.0.3 resolved the issue.
Let me know if you need any more info to help you fix.
Can you tell me which environment variables you are using?
environment:
- TZ=Europe/Paris
- USERNAME=XXXXXX
- PASSWORD=XXXXXX
- LOCAL_NETWORK=10.0.0.0/24
- CONNECT=France
- TECHNOLOGY=NordLynxThis image does not support these:
- CONNECT=France -> You can use COUNTRY=fr to connect to France.
- TECHNOLOGY=NordLynx -> Not supported, only OpenVPN. So it will not be used.
Can you provide some logs maybe?
Sorry, those vars were a remnant of another image I used for nordvpn.
By default it selected a french server.
I updated my docker compose with your changes: still no success.
environment:
- TZ=Europe/Paris
- USERNAME=XXXXX
- PASSWORD=XXXXXXX
- LOCAL_NETWORK=10.0.0.0/24
- COUNTRY=frNothing ssems abnormal in the container logs:
2020-12-21 17:15:28 INFO: Removing current cronfile
2020-12-21 17:15:28 INFO: Download and extract ovpn files
2020-12-21 17:15:29 INFO: Creating new cronfile
2020-12-21 17:15:29 INFO: Your cron settings (*/15 * * * *) will be applied!
2020-12-21 17:15:35 INFO: OVPN files successfully unzipped to /app/ovpn/config
2020-12-21 17:15:41 INFO: Privoxy will be started
2020-12-21 17:15:41 INFO: SERVER has not been set, choosing best for you.
2020-12-21 17:15:41 INFO: Your country setting will be used. This is set to: FR
2020-12-21 17:15:42 INFO: The country codes are unknown, getting country codes from API
2020-12-21 17:15:52.405 76f2a574 Info: Privoxy version 3.0.28
2020-12-21 17:15:52.406 76f2a574 Info: Program name: privoxy
2020-12-21 17:15:52.411 76f2a574 Info: Listening on port 8118 on IP address 0.0.0.0
fr591.nordvpn.com
2020-12-21 17:15:55 INFO: Creating tun interface /dev/net/tun
2020-12-21 17:15:55 INFO: Connection to server: France #591
2020-12-21 17:15:55 INFO: Current load: 13
2020-12-21 17:15:55 INFO: Info updated at: 2020-12-21 17:13:24
2020-12-21 17:15:55 INFO: Server IP: 185.128.25.51
2020-12-21 17:15:55 INFO: Protocol: tcp
Mon Dec 21 17:15:55 2020 OpenVPN 2.4.7 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 5 2019
Mon Dec 21 17:15:55 2020 library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10
Mon Dec 21 17:15:55 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Mon Dec 21 17:15:55 2020 NOTE: --fast-io is disabled since we are not using UDP
Mon Dec 21 17:15:55 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 21 17:15:55 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 21 17:15:55 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.128.25.51:443
Mon Dec 21 17:15:55 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]
Mon Dec 21 17:15:55 2020 Attempting to establish TCP connection with [AF_INET]185.128.25.51:443 [nonblock]
Mon Dec 21 17:15:56 2020 TCP connection established with [AF_INET]185.128.25.51:443
Mon Dec 21 17:15:56 2020 TCP_CLIENT link local: (not bound)
Mon Dec 21 17:15:56 2020 TCP_CLIENT link remote: [AF_INET]185.128.25.51:443
Mon Dec 21 17:15:56 2020 TLS: Initial packet from [AF_INET]185.128.25.51:443, sid=64a4639d c24773f8
Mon Dec 21 17:15:56 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Dec 21 17:15:56 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
Mon Dec 21 17:15:56 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
Mon Dec 21 17:15:56 2020 VERIFY KU OK
Mon Dec 21 17:15:56 2020 Validating certificate extended key usage
Mon Dec 21 17:15:56 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mon Dec 21 17:15:56 2020 VERIFY EKU OK
Mon Dec 21 17:15:56 2020 VERIFY OK: depth=0, CN=fr591.nordvpn.com
Mon Dec 21 17:15:56 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA
Mon Dec 21 17:15:56 2020 [fr591.nordvpn.com] Peer Connection Initiated with [AF_INET]185.128.25.51:443
Mon Dec 21 17:15:57 2020 SENT CONTROL [fr591.nordvpn.com]: 'PUSH_REQUEST' (status=1)
Mon Dec 21 17:15:57 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.1.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: compression parms modified
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Mon Dec 21 17:15:57 2020 Socket Buffers: R=[131072->327680] S=[44800->327680]
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: route options modified
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: route-related options modified
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: peer-id set
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: adjusting link_mtu to 1659
Mon Dec 21 17:15:57 2020 OPTIONS IMPORT: data channel crypto options modified
Mon Dec 21 17:15:57 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Dec 21 17:15:57 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Dec 21 17:15:57 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Dec 21 17:15:57 2020 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:02
Mon Dec 21 17:15:57 2020 TUN/TAP device tun0 opened
Mon Dec 21 17:15:57 2020 TUN/TAP TX queue length set to 100
Mon Dec 21 17:15:57 2020 /sbin/ip link set dev tun0 up mtu 1500
Mon Dec 21 17:15:57 2020 /sbin/ip addr add dev tun0 10.7.1.4/24 broadcast 10.7.1.255
Mon Dec 21 17:15:57 2020 /sbin/ip route add 185.128.25.51/32 via 172.18.0.1
Mon Dec 21 17:15:57 2020 /sbin/ip route add 0.0.0.0/1 via 10.7.1.1
Mon Dec 21 17:15:57 2020 /sbin/ip route add 128.0.0.0/1 via 10.7.1.1
Mon Dec 21 17:15:57 2020 Initialization Sequence Completed
2020-12-21 17:16:29.152 76e23d7c Request: api.nordvpn.com:443/
2020-12-21 17:17:33.841 76e23d7c Request: api.nordvpn.com:443/
2020-12-21 17:18:38.442 76e23d7c Request: api.nordvpn.com:443/
2020-12-21 17:19:42.368 76e23d7c Request: api.nordvpn.com:443/
2020-12-21 17:20:46.201 76e23d7c Request: api.nordvpn.com:443/
2020-12-21 17:21:50.160 76e23d7c Request: api.nordvpn.com:443/
2020-12-21 17:22:53.930 76e23d7c Request: api.nordvpn.com:443/
2020-12-21 17:23:57.584 76e23d7c Request: api.nordvpn.com:443/
port 8118 not accessible:
nc -vz <target ip> 8118
nc: connectx to <target ip> port 8118 (tcp) failed: Operation timed out
Logs seems to be fine. Can you tell me what the state of the health check is? I see some request for api.nordvpn.com that's is used for the health check.
2020-12-21 18:44:32.126 76ed5d7c Request: api.nordvpn.com:443/
2020-12-21 18:45:05 INFO: The current load of 9 on fr710.nordvpn.com is okay
2020-12-21 18:45:36.353 76ed5d7c Request: api.nordvpn.com:443/
2020-12-21 18:46:40.329 76ed5d7c Request: api.nordvpn.com:443/
I switched back to v1.0.3, and those "Request" line do not seem to ever appear.
I really don't think it can help solve the problem. but it is the only difference in the logs...
https://github.com/Joentje/nordvpn-proxy/pull/43/files
In the app/privoxy/run file why the '0' (zero) at the end of the 'gw' variable ?
gw=$(ip route | awk '/default/ {print $3}')0
if [ -n "$LOCAL_NETWORK" ]; then
ip route add to ${LOCAL_NETWORK} via $gw dev eth0
fi
ip route add to 192.168.1.0/24 via $gw dev eth0Could it be the culprit ?
I tried locally building your image and running the same docker compose. It worked...
Well, it seems it was the issue after all.
I built the image on my server with the 0 removed and I could access my container as usual.
You are correct. Just did some test, by mistake this 0 was applied. Thanks for reporting/testing. #47 should fix it 👍
Awesome!
You can try the latest image now
It is fixed now! Thanks