[Hotspotshield] Connection reset, impossible to start container
Fgabz opened this issue · 4 comments
Fgabz commented
Is there a pinned issue for this?
- I have read the pinned issues
Is there an existing or similar issue for this?
- I have searched the existing issues
Is there any comment in the documentation for this?
- I have read the documentation, especially the FAQ and Troubleshooting parts
Is this related to the container/transmission?
- I have checked the container repo for issues
Are you using the latest release?
- I am using the latest release
Have you tried using the dev branch latest?
- I have tried using dev branch
Config used
Container inside k3s
apiVersion: apps/v1
kind: Deployment
metadata:
name: transmission-openvpn-deployment
Wed Oct 19 12:43:04 2022 Connection reset command was pushed by server ('')
apiVersion: apps/v1
kind: Deployment
metadata:
name: transmission-openvpn-deployment
labels:
app: transmission-openvpn
spec:
replicas: 1
selector:
matchLabels:
app: transmission-openvpn
template:
metadata:
labels:
app: transmission-openvpn
spec:
dnsConfig:
nameservers:
- 8.8.8.8
- 8.8.4.4
volumes:
- name: "media-ssd"
persistentVolumeClaim:
claimName: "media-ssd" # PersistentVolumeClaim created earlier
- name: "dev-tun" # Needed for VPN
hostPath:
path: "/dev/net/tun"
containers:
- name: transmission-openvpn
image: "haugene/transmission-openvpn"
imagePullPolicy: IfNotPresent
env:
- name: OPENVPN_PROVIDER
value: "HOTSPOTSHIELD"
- name: OPENVPN_USERNAME
valueFrom: # Reference to the secret | openvpn.username
secretKeyRef:
name: "openvpn"
key: "username"
- name: OPENVPN_PASSWORD
valueFrom: # Reference to the secret | openvpn.password
secretKeyRef:
name: "openvpn"
key: "password"
- name: OPENVPN_CONFIG
value: "HotspotShield_PT_v4"
- name: LOCAL_NETWORK
value: "192.168.1.0/24"
- name: TRANSMISSION_DOWNLOAD_DIR
value: "/downloads/transmission"
- name: PUID
value: "1000"
- name: PGID
value: "1000"
ports:
- name: http
containerPort: 9091
protocol: TCP
securityContext:
#readOnlyRootFilesystem: false
capabilities:
add: ["NET_ADMIN"]
volumeMounts:
- name: "media-ssd"
mountPath: "/data"
subPath: "configs/transmission-data" # Path /mnt/ssd/media/configs/transmission-data where transmission writes the configuration
- name: "media-ssd"
mountPath: "/downloads/transmission"
subPath: "downloads/transmission" # Path /mnt/ssd/media/downloads/transmission where transmission downloads Torrents
- name: dev-tun
mountPath: "/dev/net/tun" # Needed for VPN
Current Behavior
Starting container with revision: 84941a9ea4663d8b2e1af3db1d50fe4f7fa8736e
Creating TUN device /dev/net/tun
mknod: /dev/net/tun: File exists
Using OpenVPN provider: HOTSPOTSHIELD
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for HOTSPOTSHIELD. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.VOMFp3RLuP
Extracting configs to /tmp/tmp.49c5HTg5kx
Found configs for HOTSPOTSHIELD in /tmp/tmp.49c5HTg5kx/vpn-configs-contrib-main/openvpn/hotspotshield, will replace current content in /etc/openvpn/hotspotshield
Cleanup: deleting /tmp/tmp.VOMFp3RLuP and /tmp/tmp.49c5HTg5kx
Starting OpenVPN using config HotspotShield_PT_v4.ovpn
Modifying /etc/openvpn/hotspotshield/HotspotShield_PT_v4.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 10.42.1.1 dev eth0
Wed Oct 19 12:48:22 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Oct 19 12:48:22 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Oct 19 12:48:22 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Oct 19 12:48:27 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Oct 19 12:48:27 2022 UDP link local: (not bound)
Wed Oct 19 12:48:27 2022 UDP link remote: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 TLS: Initial packet from [AF_INET]185.187.215.105:8041, sid=62a03e7a 63378d42
Wed Oct 19 12:48:27 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
Wed Oct 19 12:48:27 2022 VERIFY KU OK
Wed Oct 19 12:48:27 2022 Validating certificate extended key usage
Wed Oct 19 12:48:27 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Oct 19 12:48:27 2022 VERIFY EKU OK
Wed Oct 19 12:48:27 2022 VERIFY X509NAME OK: CN=blushingpink.us
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=0, CN=blushingpink.us
Wed Oct 19 12:48:27 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1569'
Wed Oct 19 12:48:27 2022 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Wed Oct 19 12:48:27 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Wed Oct 19 12:48:27 2022 [blushingpink.us] Peer Connection Initiated with [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Connection reset command was pushed by server ('')
Wed Oct 19 12:48:27 2022 SIGTERM[soft,server-pushed-connection-reset] received, process exiting
Expected Behavior
container shoud work
How have you tried to solve the problem?
- Tried different VPN configuration, same output
Log output
Starting container with revision: 84941a9ea4663d8b2e1af3db1d50fe4f7fa8736e
Creating TUN device /dev/net/tun
mknod: /dev/net/tun: File exists
Using OpenVPN provider: HOTSPOTSHIELD
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for HOTSPOTSHIELD. Defaulting to external config
Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.VOMFp3RLuP
Extracting configs to /tmp/tmp.49c5HTg5kx
Found configs for HOTSPOTSHIELD in /tmp/tmp.49c5HTg5kx/vpn-configs-contrib-main/openvpn/hotspotshield, will replace current content in /etc/openvpn/hotspotshield
Cleanup: deleting /tmp/tmp.VOMFp3RLuP and /tmp/tmp.49c5HTg5kx
Starting OpenVPN using config HotspotShield_PT_v4.ovpn
Modifying /etc/openvpn/hotspotshield/HotspotShield_PT_v4.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Setting OpenVPN credentials...
adding route to local network 192.168.1.0/24 via 10.42.1.1 dev eth0
Wed Oct 19 12:48:22 2022 OpenVPN 2.4.7 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Wed Oct 19 12:48:22 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10
Wed Oct 19 12:48:22 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Oct 19 12:48:27 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Oct 19 12:48:27 2022 UDP link local: (not bound)
Wed Oct 19 12:48:27 2022 UDP link remote: [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 TLS: Initial packet from [AF_INET]185.187.215.105:8041, sid=62a03e7a 63378d42
Wed Oct 19 12:48:27 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
Wed Oct 19 12:48:27 2022 VERIFY KU OK
Wed Oct 19 12:48:27 2022 Validating certificate extended key usage
Wed Oct 19 12:48:27 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Oct 19 12:48:27 2022 VERIFY EKU OK
Wed Oct 19 12:48:27 2022 VERIFY X509NAME OK: CN=blushingpink.us
Wed Oct 19 12:48:27 2022 VERIFY OK: depth=0, CN=blushingpink.us
Wed Oct 19 12:48:27 2022 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1569'
Wed Oct 19 12:48:27 2022 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Wed Oct 19 12:48:27 2022 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Wed Oct 19 12:48:27 2022 [blushingpink.us] Peer Connection Initiated with [AF_INET]185.187.215.105:8041
Wed Oct 19 12:48:27 2022 Connection reset command was pushed by server ('')
Wed Oct 19 12:48:27 2022 SIGTERM[soft,server-pushed-connection-reset] received, process exiting
Environment
- OS:Ubuntu server
- K3s: v1.24.6+k3s1
Anything else?
No response
pkishino commented
vpn server triggers the connection reset, probably needs updated ovpn files..
Fgabz commented
I suppose, I've manually used the file provided by Hotspot and it worked
pkishino commented
You mean you tried with a newer profile and it worked? this means the current ones in this repo are outdated,right?
asavage7 commented
I've had this issue as well, it seems that HotspotShield generates a new ovpn file each time you link a new device. The file will only work for the device and location you set up, so anyone using HotspotShield needs to add a custom config file :/