[BUG] - Server is s
almarzn opened this issue · 0 comments
almarzn commented
Version
7
Credential and Server Validation
- I have verified that the servers I am trying to connect to are available under my plan.
- I have verified that my generated Wireguard private keys are valid and have required features (Netshield Ad-blocker, VPN accelerator etc) are enabled.
- I am using a valid server name (either fully qualified DNS name like
nl-free-127.protonvpn.netor server name likeNL#1) as mentioned in the docs.
System Architecture
x86_64
Kernel Version
5.15.0-88-generic
Running on a NAS?
No
Runtime
Systemd (>244) Unit
Version of Runtime
alma@almachine:~$ sudo podman info
host:
arch: amd64
buildahVersion: 1.31.2
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
- misc
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: conmon_2:2.1.8-0ubuntu22.04+obs16.23_amd64
path: /usr/bin/conmon
version: 'conmon version 2.1.8, commit: '
cpuUtilization:
idlePercent: 99.32
systemPercent: 0.2
userPercent: 0.48
cpus: 4
databaseBackend: boltdb
distribution:
codename: jammy
distribution: ubuntu
version: "22.04"
eventLogger: journald
freeLocks: 2046
hostname: almachine
idMappings:
gidmap: null
uidmap: null
kernel: 5.15.0-88-generic
linkmode: dynamic
logDriver: journald
memFree: 10260275200
memTotal: 12266328064
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns_1.6.0-0ubuntu22.04+obs34.25_amd64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.6.0
package: netavark_1.3.0-0ubuntu22.04+obs22.9_amd64
path: /usr/libexec/podman/netavark
version: netavark 1.3.0
ociRuntime:
name: crun
package: crun_101:1.11.1-0ubuntu22.04+obs63.1_amd64
path: /usr/bin/crun
version: |-
crun version 1.11.1
commit: 1084f9527c143699b593b44c23555fb3cc4ff2f3
rundir: /run/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
pasta:
executable: ""
package: ""
version: ""
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/bin/slirp4netns
package: slirp4netns_1.2.2-0ubuntu22.04+obs12.11_amd64
version: |-
slirp4netns version 1.2.2
commit: 0ee2d87523e906518d34a6b423271e4826f71faf
libslirp: 4.6.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.3
swapFree: 4294963200
swapTotal: 4294963200
uptime: 3h 10m 37.00s (Approximately 0.12 days)
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- registry.fedoraproject.org
- registry.access.redhat.com
- docker.io
- quay.io
store:
configFile: /usr/share/containers/storage.conf
containerStore:
number: 2
paused: 0
running: 1
stopped: 1
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/lib/containers/storage
graphRootAllocated: 83955703808
graphRootUsed: 690630656
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 2
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.6.2
Built: 0
BuiltTime: Thu Jan 1 00:00:00 1970
GitCommit: ""
GoVersion: go1.18.1
Os: linux
OsArch: linux/amd64
Version: 4.6.2
My configuration
[Install]
RequiredBy=testvpn.service
[Container]
ContainerName=protonwire
Image=ghcr.io/tprasadtp/protonwire:7
Tmpfs=/tmp
Secret={{ wireguard.secret_name }},mode=600
Environment=PROTONVPN_SERVER={{ wireguard.server }}
RunInit=true
AddCapability=NET_ADMIN
Sysctl=net.ipv4.conf.all.rp_filter=2 net.ipv6.conf.all.disable_ipv6=1
Notify=true
{% for service,port in wireguard.ports.items() %}
PublishPort={{ port }}:{{ port }}
{% endfor %}
HealthStartPeriod=20s
HealthInterval=120s
HealthCmd=protonwire check --container --silent
HealthOnFailure=stopWhitelisting API endpoints
I am not using ad-blocking DNS server or gateway
Troubleshooting & Runtime
- Wireguard is supported by my kernel
- I have read FAQ and Troubleshooting.
- I am using latest stable version
Container/Pod/systemd log output with DEBUG=1 or --debug flag
alma@almachine:~$ sudo podman logs 13f
[DEBUG ] PROTONVPN_SERVER : node-fr-13.protonvpn.net
[DEBUG ] IPCHECK_URL : https://protonwire-api.vercel.app/v1/client/ip
[DEBUG ] METADATA_URL : https://protonwire-api.vercel.app/v1/server
[DEBUG ] Running as container USER=root
[DEBUG ] Checking requirements
[DEBUG ] Using /etc/resolv.conf for DNS (systemd is not available)
[DEBUG ] RUNTIME_DIRECTORY : NA
[DEBUG ] XDG_RUNTIME_DIR : NA
[DEBUG ] __PROTONWIRE_SRV_INFO_FILE : /tmp/protonwire.server.json
[DEBUG ] __PROTONWIRE_HCR : /tmp/protonwire.hc.response
[DEBUG ] WATCHDOG_USEC is not set or invalid
[DEBUG ] NOTIFY_SOCKET is set to /run/notify/notify.sock
[DEBUG ] Checking if IP on other interface is reserved - 127.0.0.1
[DEBUG ] Checking if IP on other interface is reserved - 10.88.0.9
[NOTICE ] Skipped validating default IPCHECK_URL
[DEBUG ] Can use CAP_NET_ADMIN capability
[DEBUG ] IPCHECK_THRESHOLD : NA
[DEBUG ] IPCHECK_INTERVAL : NA
[DEBUG ] Server info file is missing - /tmp/protonwire.server.json
[INFO ] Refresing server metadata (for node-fr-13.protonvpn.net)
[DEBUG ] API - https://protonwire-api.vercel.app/v1/server/node-fr-13.protonvpn.net
[TRACE ] (curl) % Total % Received % Xferd Average Speed Time Time Time Current
[TRACE ] (curl) Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 76.76.21.61:443...
[TRACE ] (curl) * Connected to protonwire-api.vercel.app (76.76.21.61) port 443
[TRACE ] (curl) * ALPN: curl offers h2,http/1.1
[TRACE ] (curl) } [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[TRACE ] (curl) } [512 bytes data]
[TRACE ] (curl) * CAfile: /etc/ssl/certs/ca-certificates.crt
[TRACE ] (curl) * CApath: /etc/ssl/certs
[TRACE ] (curl) { [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2):
[TRACE ] (curl) { [122 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[TRACE ] (curl) { [15 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11):
[TRACE ] (curl) { [3977 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[TRACE ] (curl) { [264 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20):
[TRACE ] (curl) { [36 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[TRACE ] (curl) } [1 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20):
[TRACE ] (curl) } [36 bytes data]
[TRACE ] (curl) * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
[TRACE ] (curl) * ALPN: server accepted h2
[TRACE ] (curl) * Server certificate:
[TRACE ] (curl) * subject: CN=*.vercel.app
[TRACE ] (curl) * start date: Sep 25 03:14:47 2023 GMT
[TRACE ] (curl) * expire date: Dec 24 03:14:46 2023 GMT
[TRACE ] (curl) * subjectAltName: host "protonwire-api.vercel.app" matched cert's "*.vercel.app"
[TRACE ] (curl) * issuer: C=US; O=Let's Encrypt; CN=R3
[TRACE ] (curl) * SSL certificate verify ok.
[TRACE ] (curl) { [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[TRACE ] (curl) { [122 bytes data]
[TRACE ] (curl) * using HTTP/2
[TRACE ] (curl) * [HTTP/2] [1] OPENED stream for https://protonwire-api.vercel.app/v1/server/node-fr-13.protonvpn.net
[TRACE ] (curl) * [HTTP/2] [1] [:method: GET]
[TRACE ] (curl) * [HTTP/2] [1] [:scheme: https]
[TRACE ] (curl) * [HTTP/2] [1] [:authority: protonwire-api.vercel.app]
[TRACE ] (curl) * [HTTP/2] [1] [:path: /v1/server/node-fr-13.protonvpn.net]
[TRACE ] (curl) * [HTTP/2] [1] [user-agent: protonwire/v7]
[TRACE ] (curl) * [HTTP/2] [1] [accept: */*]
[TRACE ] (curl) } [5 bytes data]
TRACE ] (curl) > GET /v1/server/node-fr-13.protonvpn.net HTTP/2
TRACE ] (curl) > Host: protonwire-api.vercel.app
TRACE ] (curl) > User-Agent: protonwire/v7
TRACE ] (curl) > Accept: */*
TRACE ] (curl) >
[TRACE ] (curl) { [5 bytes data]
TRACE ] (curl) < HTTP/2 200
TRACE ] (curl) < accept-ranges: bytes
TRACE ] (curl) < access-control-allow-origin: *
TRACE ] (curl) < age: 580
TRACE ] (curl) < cache-control: s-maxage=60, stale-while-revalidate=600
TRACE ] (curl) < content-disposition: inline; filename="node-fr-13.protonvpn.net"
TRACE ] (curl) < content-type: application/json
TRACE ] (curl) < date: Sat, 11 Nov 2023 20:04:16 GMT
TRACE ] (curl) < etag: "354c26a47f67941adce868bb1c7df014"
TRACE ] (curl) < server: Vercel
TRACE ] (curl) < strict-transport-security: max-age=63072000; includeSubDomains; preload
TRACE ] (curl) < x-vercel-cache: HIT
TRACE ] (curl) < x-vercel-id: cdg1::p6ggd-1699733056750-8d523a43d9a8
TRACE ] (curl) < content-length: 669
TRACE ] (curl) <
[TRACE ] (curl) { [669 bytes data]
100 669 100 669 0 0 6655 0 --:--:-- --:--:-- --:--:-- 6690
[TRACE ] (curl) * Connection #0 to host protonwire-api.vercel.app left intact
[SUCCESS ] Successfully refreshed server metadata
[DEBUG ] __PROTONWIRE_SRV_INFO_FILE JSON valid
[DEBUG ] metadata_fetch_tries=1
[DEBUG ] metadata_fetch_max_tries=3
[SUCCESS ] Server node-fr-13.protonvpn.net is online
[DEBUG ] Selecting all ONLINE endpoints
[DEBUG ] __PROTONWIRE_ENDPOINT_IPS_ONLINE : 185.246.211.193
[DEBUG ] Selecting all endpoints for building keymap
[DEBUG ] __PROTONWIRE_ENDPOINT_IPS_ALL : 185.246.211.193
[DEBUG ] Endpoint(185.246.211.193) has pubkey - V9f3hsjREcRebCDIoKJ6rTPqR/g89maWZSua6H73B1w=
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.193(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.194(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.195(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.196(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.197(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.198(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.199(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.200(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.201(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.202(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.203(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.204(IPv4)
[DEBUG ] Valid Exit IP for node-fr-13.protonvpn.net - 185.246.211.205(IPv4)
[DEBUG ] Not validating country
[DEBUG ] Not validating if server supports P2P
[DEBUG ] Not validating if server supports Stremaing
[DEBUG ] Not validating if server supports Tor
[DEBUG ] Not validating if server supports SecureCore
[DEBUG ] WIREGUARD_PRIVATE_KEY is not set
[DEBUG ] File not found - /etc/protonwire/private-key
[DEBUG ] File not found - /etc/protonwire/protonwire-private-key
[DEBUG ] File not found - /etc/protonwire/protonvpn-private-key
[DEBUG ] File not found - /etc/protonwire/wireguard-private-key
[DEBUG ] File not found - /run/secrets/private-key
[DEBUG ] File - /run/secrets/protonwire-private-key has correct permissions (600)
[SUCCESS ] Using PrivateKeyFile - /run/secrets/protonwire-private-key
[SUCCESS ] net.ipv4.conf.all.rp_filter is already set to 2
[NOTICE ] Creating WireGuard Interface - protonwire0
[INFO ] Setting WireGuard interface address - 10.2.0.2
[INFO ] Setting WireGuard interface MTU to 1480
[SUCCESS ] Configured WireGuard private key from /run/secrets/protonwire-private-key
[DEBUG ] No configured endpoints on the interface 'protonwire0'
[DEBUG ] __PROTONWIRE_ENDPOINT_IPS_ONLINE : 185.246.211.193
[DEBUG ] Selected endpoint 185.246.211.193
[DEBUG ] Peer public key - V9f3hsjREcRebCDIoKJ6rTPqR/g89maWZSua6H73B1w=
[INFO ] WireGuard interface is configured with peer - V9f3hsjREcRebCDIoKJ6rTPqR/g89maWZSua6H73B1w=(185.246.211.193)
[INFO ] Bringing WireGuard interface up
[SUCCESS ] Configured fwmark on WireGuard interface to - 0xca6d
[DEBUG ] Excluding RFC-1918 subnets(IPv4) except DNS sever from WireGuard table
[DEBUG ] Excluding ULA subnets(IPv6) from WireGuard table
[DEBUG ] Legacy killswitch route table 51822 not found or is empty
[DEBUG ] Deleting legacy kill-switch routing rules
[DEBUG ] Collecting existing routes if any (IPv4)
[DEBUG ] No legacy routes (from 7.0.0-7.0.3) found (IPv4)
[DEBUG ] No existing killswitch routes found
[DEBUG ] No existing routes found (IPv4)
[NOTICE ] Creating routes (IPv4)
[DEBUG ] Added route - 10.2.0.1/32 to table 51821 (IPv4)
[DEBUG ] Added route - 0.0.0.0/5 to table 51821 (IPv4)
[DEBUG ] Added route - 8.0.0.0/7 to table 51821 (IPv4)
[DEBUG ] Added route - 11.0.0.0/8 to table 51821 (IPv4)
[DEBUG ] Added route - 12.0.0.0/6 to table 51821 (IPv4)
[DEBUG ] Added route - 16.0.0.0/4 to table 51821 (IPv4)
[DEBUG ] Added route - 32.0.0.0/3 to table 51821 (IPv4)
[DEBUG ] Added route - 64.0.0.0/3 to table 51821 (IPv4)
[DEBUG ] Added route - 96.0.0.0/6 to table 51821 (IPv4)
[DEBUG ] Added route - 100.0.0.0/10 to table 51821 (IPv4)
[DEBUG ] Added route - 100.128.0.0/9 to table 51821 (IPv4)
[DEBUG ] Added route - 101.0.0.0/8 to table 51821 (IPv4)
[DEBUG ] Added route - 102.0.0.0/7 to table 51821 (IPv4)
[DEBUG ] Added route - 104.0.0.0/5 to table 51821 (IPv4)
[DEBUG ] Added route - 112.0.0.0/5 to table 51821 (IPv4)
[DEBUG ] Added route - 120.0.0.0/6 to table 51821 (IPv4)
[DEBUG ] Added route - 124.0.0.0/7 to table 51821 (IPv4)
[DEBUG ] Added route - 126.0.0.0/8 to table 51821 (IPv4)
[DEBUG ] Added route - 128.0.0.0/3 to table 51821 (IPv4)
[DEBUG ] Added route - 160.0.0.0/5 to table 51821 (IPv4)
[DEBUG ] Added route - 168.0.0.0/8 to table 51821 (IPv4)
[DEBUG ] Added route - 169.0.0.0/9 to table 51821 (IPv4)
[DEBUG ] Added route - 169.128.0.0/10 to table 51821 (IPv4)
[DEBUG ] Added route - 169.192.0.0/11 to table 51821 (IPv4)
[DEBUG ] Added route - 169.224.0.0/12 to table 51821 (IPv4)
[DEBUG ] Added route - 169.240.0.0/13 to table 51821 (IPv4)
[DEBUG ] Added route - 169.248.0.0/14 to table 51821 (IPv4)
[DEBUG ] Added route - 169.252.0.0/15 to table 51821 (IPv4)
[DEBUG ] Added route - 169.255.0.0/16 to table 51821 (IPv4)
[DEBUG ] Added route - 170.0.0.0/7 to table 51821 (IPv4)
[DEBUG ] Added route - 172.0.0.0/12 to table 51821 (IPv4)
[DEBUG ] Added route - 172.32.0.0/11 to table 51821 (IPv4)
[DEBUG ] Added route - 172.64.0.0/10 to table 51821 (IPv4)
[DEBUG ] Added route - 172.128.0.0/9 to table 51821 (IPv4)
[DEBUG ] Added route - 173.0.0.0/8 to table 51821 (IPv4)
[DEBUG ] Added route - 174.0.0.0/7 to table 51821 (IPv4)
[DEBUG ] Added route - 176.0.0.0/4 to table 51821 (IPv4)
[DEBUG ] Added route - 192.0.0.0/9 to table 51821 (IPv4)
[DEBUG ] Added route - 192.128.0.0/11 to table 51821 (IPv4)
[DEBUG ] Added route - 192.160.0.0/13 to table 51821 (IPv4)
[DEBUG ] Added route - 192.169.0.0/16 to table 51821 (IPv4)
[DEBUG ] Added route - 192.170.0.0/15 to table 51821 (IPv4)
[DEBUG ] Added route - 192.172.0.0/14 to table 51821 (IPv4)
[DEBUG ] Added route - 192.176.0.0/12 to table 51821 (IPv4)
[DEBUG ] Added route - 192.192.0.0/10 to table 51821 (IPv4)
[DEBUG ] Added route - 193.0.0.0/8 to table 51821 (IPv4)
[DEBUG ] Added route - 194.0.0.0/7 to table 51821 (IPv4)
[DEBUG ] Added route - 196.0.0.0/6 to table 51821 (IPv4)
[DEBUG ] Added route - 200.0.0.0/5 to table 51821 (IPv4)
[DEBUG ] Added route - 208.0.0.0/4 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.1.0/24 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.2.0/23 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.4.0/22 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.8.0/21 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.16.0/20 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.32.0/19 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.64.0/18 to table 51821 (IPv4)
[DEBUG ] Added route - 224.0.128.0/17 to table 51821 (IPv4)
[DEBUG ] Added route - 224.1.0.0/16 to table 51821 (IPv4)
[DEBUG ] Added route - 224.2.0.0/15 to table 51821 (IPv4)
[DEBUG ] Added route - 224.4.0.0/14 to table 51821 (IPv4)
[DEBUG ] Added route - 224.8.0.0/13 to table 51821 (IPv4)
[DEBUG ] Added route - 224.16.0.0/12 to table 51821 (IPv4)
[DEBUG ] Added route - 224.32.0.0/11 to table 51821 (IPv4)
[DEBUG ] Added route - 224.64.0.0/10 to table 51821 (IPv4)
[DEBUG ] Added route - 224.128.0.0/9 to table 51821 (IPv4)
[DEBUG ] Added route - 225.0.0.0/8 to table 51821 (IPv4)
[DEBUG ] Added route - 226.0.0.0/7 to table 51821 (IPv4)
[DEBUG ] Added route - 228.0.0.0/6 to table 51821 (IPv4)
[DEBUG ] Added route - 232.0.0.0/5 to table 51821 (IPv4)
[DEBUG ] KillSwitch is disabled (IPv4)
[DEBUG ] Configuring IP rules (IPv4)
[DEBUG ] Adding IP rule for Table 51821 (IPv4)
[DEBUG ] Updating /etc/resolv.conf
[SUCCESS ] DNS is is set to 10.2.0.1 via /etc/resolv.conf
[SUCCESS ] Successfully configured DNS (resolvconf)
[INFO ] Verifying connection
[DEBUG ] WireGuard interface - protonwire0 is present
[DEBUG ] Connected to peer - V9f3hsjREcRebCDIoKJ6rTPqR/g89maWZSua6H73B1w=
[DEBUG ] Connected to server: FR#72(node-fr-13.protonvpn.net)
[DEBUG ] Not validating country
[DEBUG ] Not validating if server supports P2P
[DEBUG ] Not validating if server supports Stremaing
[DEBUG ] Not validating if server supports Tor
[DEBUG ] Not validating if server supports SecureCore
[DEBUG ] Allowed ExitIPs - 185.246.211.193 185.246.211.194 185.246.211.195 185.246.211.196 185.246.211.197 185.246.211.198 185.246.211.199 185.246.211.200 185.246.211.201 185.246.211.202 185.246.211.203 185.246.211.204 185.246.211.205
[DEBUG ] Checking client IP via https://protonwire-api.vercel.app/v1/client/ip
[TRACE ] (curl) % Total % Received % Xferd Average Speed Time Time Time Current
[TRACE ] (curl) Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 76.76.21.22:443...
[TRACE ] (curl) * Connected to protonwire-api.vercel.app (76.76.21.22) port 443
[TRACE ] (curl) * ALPN: curl offers h2,http/1.1
[TRACE ] (curl) } [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[TRACE ] (curl) } [512 bytes data]
[TRACE ] (curl) * CAfile: /etc/ssl/certs/ca-certificates.crt
[TRACE ] (curl) * CApath: /etc/ssl/certs
[TRACE ] (curl) { [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2):
[TRACE ] (curl) { [122 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[TRACE ] (curl) { [15 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11):
[TRACE ] (curl) { [3977 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[TRACE ] (curl) { [264 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20):
[TRACE ] (curl) { [36 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[TRACE ] (curl) } [1 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20):
[TRACE ] (curl) } [36 bytes data]
[TRACE ] (curl) * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
[TRACE ] (curl) * ALPN: server accepted h2
[TRACE ] (curl) * Server certificate:
[TRACE ] (curl) * subject: CN=*.vercel.app
[TRACE ] (curl) * start date: Sep 25 03:14:47 2023 GMT
[TRACE ] (curl) * expire date: Dec 24 03:14:46 2023 GMT
[TRACE ] (curl) * subjectAltName: host "protonwire-api.vercel.app" matched cert's "*.vercel.app"
[TRACE ] (curl) * issuer: C=US; O=Let's Encrypt; CN=R3
[TRACE ] (curl) * SSL certificate verify ok.
[TRACE ] (curl) { [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[TRACE ] (curl) { [122 bytes data]
[TRACE ] (curl) * using HTTP/2
[TRACE ] (curl) * [HTTP/2] [1] OPENED stream for https://protonwire-api.vercel.app/v1/client/ip
[TRACE ] (curl) * [HTTP/2] [1] [:method: GET]
[TRACE ] (curl) * [HTTP/2] [1] [:scheme: https]
[TRACE ] (curl) * [HTTP/2] [1] [:authority: protonwire-api.vercel.app]
[TRACE ] (curl) * [HTTP/2] [1] [:path: /v1/client/ip]
[TRACE ] (curl) * [HTTP/2] [1] [user-agent: protonwire/v7]
[TRACE ] (curl) * [HTTP/2] [1] [accept: */*]
[TRACE ] (curl) } [5 bytes data]
TRACE ] (curl) > GET /v1/client/ip HTTP/2
TRACE ] (curl) > Host: protonwire-api.vercel.app
TRACE ] (curl) > User-Agent: protonwire/v7
TRACE ] (curl) > Accept: */*
TRACE ] (curl) >
[TRACE ] (curl) { [5 bytes data]
TRACE ] (curl) < HTTP/2 308
TRACE ] (curl) < cache-control: public, max-age=0, must-revalidate
TRACE ] (curl) < content-type: text/plain
TRACE ] (curl) < date: Sat, 11 Nov 2023 20:04:17 GMT
TRACE ] (curl) < location: https://icanhazip.com/
TRACE ] (curl) < refresh: 0;url=https://icanhazip.com/
TRACE ] (curl) < server: Vercel
TRACE ] (curl) < strict-transport-security: max-age=63072000; includeSubDomains; preload
TRACE ] (curl) < x-vercel-id: cdg1::t9c67-1699733057392-0bfcb7947983
TRACE ] (curl) <
[TRACE ] (curl) * Ignoring the response-body
[TRACE ] (curl) { [15 bytes data]
100 15 0 15 0 0 102 0 --:--:-- --:--:-- --:--:-- 103
[TRACE ] (curl) * Connection #0 to host protonwire-api.vercel.app left intact
[TRACE ] (curl) * Issue another request to this URL: 'https://icanhazip.com/'
[TRACE ] (curl) * Trying 104.18.114.97:443...
[TRACE ] (curl) * Connected to icanhazip.com (104.18.114.97) port 443
[TRACE ] (curl) * ALPN: curl offers h2,http/1.1
[TRACE ] (curl) } [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[TRACE ] (curl) } [512 bytes data]
[TRACE ] (curl) * CAfile: /etc/ssl/certs/ca-certificates.crt
[TRACE ] (curl) * CApath: /etc/ssl/certs
[TRACE ] (curl) { [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2):
[TRACE ] (curl) { [122 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[TRACE ] (curl) { [19 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11):
[TRACE ] (curl) { [2335 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[TRACE ] (curl) { [79 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20):
[TRACE ] (curl) { [52 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[TRACE ] (curl) } [1 bytes data]
[TRACE ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20):
[TRACE ] (curl) } [52 bytes data]
[TRACE ] (curl) * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
[TRACE ] (curl) * ALPN: server accepted h2
[TRACE ] (curl) * Server certificate:
[TRACE ] (curl) * subject: C=US; ST=California; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
[TRACE ] (curl) * start date: Apr 7 00:00:00 2023 GMT
[TRACE ] (curl) * expire date: Apr 6 23:59:59 2024 GMT
[TRACE ] (curl) * subjectAltName: host "icanhazip.com" matched cert's "icanhazip.com"
[TRACE ] (curl) * issuer: C=US; O=Cloudflare, Inc.; CN=Cloudflare Inc ECC CA-3
[TRACE ] (curl) * SSL certificate verify ok.
[TRACE ] (curl) } [5 bytes data]
[TRACE ] (curl) * using HTTP/2
[TRACE ] (curl) * [HTTP/2] [1] OPENED stream for https://icanhazip.com/
[TRACE ] (curl) * [HTTP/2] [1] [:method: GET]
[TRACE ] (curl) * [HTTP/2] [1] [:scheme: https]
[TRACE ] (curl) * [HTTP/2] [1] [:authority: icanhazip.com]
[TRACE ] (curl) * [HTTP/2] [1] [:path: /]
[TRACE ] (curl) * [HTTP/2] [1] [user-agent: protonwire/v7]
[TRACE ] (curl) * [HTTP/2] [1] [accept: */*]
[TRACE ] (curl) } [5 bytes data]
TRACE ] (curl) > GET / HTTP/2
TRACE ] (curl) > Host: icanhazip.com
TRACE ] (curl) > User-Agent: protonwire/v7
TRACE ] (curl) > Accept: */*
TRACE ] (curl) >
[TRACE ] (curl) { [5 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[TRACE ] (curl) { [238 bytes data]
[TRACE ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
[TRACE ] (curl) { [238 bytes data]
[TRACE ] (curl) * old SSL session ID is stale, removing
[TRACE ] (curl) { [5 bytes data]
TRACE ] (curl) < HTTP/2 200
TRACE ] (curl) < date: Sat, 11 Nov 2023 20:04:17 GMT
TRACE ] (curl) < content-type: text/plain
TRACE ] (curl) < content-length: 16
TRACE ] (curl) < access-control-allow-origin: *
TRACE ] (curl) < access-control-allow-methods: GET
[TRACE ] (curl) < set-cookie: __cf_bm=9W.Gw_Qqz_OY5XBEDoqVSeTcOs4LAimEP5DWlZA_r6g-1699733057-0-ATq0xYbinJyf8LNsJSFHfQka05ziyhPyUqg8BrlfCXRr5geH494YgzEIQtCtYvD6gvMnpTD7KSdF4oSGG1RdbAM=; path=/; expires=Sat, 11-Nov-23 20:34:17 GMT; domain=.icanhazip.com; HttpOnly; Secure; SameSite=None
TRACE ] (curl) < server: cloudflare
TRACE ] (curl) < cf-ray: 824924b9bfced2e1-CDG
TRACE ] (curl) < alt-svc: h3=":443"; ma=86400
TRACE ] (curl) <
[TRACE ] (curl) { [16 bytes data]
100 16 100 16 0 0 50 0 --:--:-- --:--:-- --:--:-- 50
[TRACE ] (curl) * Connection #1 to host icanhazip.com left intact
[DEBUG ] Healthcheck curl exit code - 0
[DEBUG ] Client IP address - 185.246.211.194
[DEBUG ] Connected to node-fr-13.protonvpn.net (via 185.246.211.194)
[SUCCESS ] Connection verified!
[DEBUG ] Using default check interval 120s
[NOTICE ] Notifying systemd that we are ready
[INFO ] Checking status - every 120 seconds
Any additional info
As can be seen, I am using podman quadlet in rootful mode. When I run sudo podman ps it displays the protonwire as Up (starting) :
alma@almachine:~$ sudo podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
13f9ae0c1897 ghcr.io/tprasadtp/protonwire:7 /usr/bin/protonwi... About a minute ago Up About a minute (starting) 0.0.0.0:8000->8000/tcp protonwire
24eabfed436a docker.io/library/caddy:latest caddy reverse-pro... About a minute ago Up About a minute 0.0.0.0:8000->8000/tcp test_vpn
Code of Conduct & PII Redaction
- I agree to follow this project's Code of Conduct.
- I have removed any sensitive personally identifying information(PII) and secrets from in this issue report.