vpn-configs-contrib VS gluetun

EDIT: I also attempted to manually add a .ovpn file from https://github.com/haugene/vpn-configs-contrib/tree/main/openvpn/surfshark to /etc/openvpn/surfshark/ and specifying it using OPENVPN_CONFIG=\ but still get Error: Invalid prefix for given prefix length.

Starting container with revision: 81277fb6f8ae6aeb57f913172d4d45c7af8c0b31 TRANSMISSION_HOME is currently set to: /config/transmission-home Creating TUN device /dev/net/tun Using OpenVPN provider: SURFSHARK Running with VPN_CONFIG_SOURCE auto No bundled config script found for SURFSHARK. Defaulting to external config Will get configs from https://github.com/haugene/vpn-configs-contrib.git Cloning https://github.com/haugene/vpn-configs-contrib.git into /config/vpn-configs-contrib Cloning into '/config/vpn-configs-contrib'... Found configs for SURFSHARK in /config/vpn-configs-contrib/openvpn/surfshark, will replace current content in /etc/openvpn/surfshark No VPN configuration provided. Using default. Modifying /etc/openvpn/surfshark/default.ovpn for best behaviour in this container Modification: Point auth-user-pass option to the username/password file sed: can't read /etc/openvpn/surfshark/default.ovpn: No such file or directory Modification: Change ca certificate path sed: can't read /etc/openvpn/surfshark/default.ovpn: No such file or directory Modification: Change ping options sed: can't read /etc/openvpn/surfshark/default.ovpn: No such file or directory sed: can't read /etc/openvpn/surfshark/default.ovpn: No such file or directory sed: can't read /etc/openvpn/surfshark/default.ovpn: No such file or directory sed: can't read /etc/openvpn/surfshark/default.ovpn: No such file or directory Modification: Update/set resolv-retry to 15 seconds Modification: Change tls-crypt keyfile path Modification: Set output verbosity to 3 Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop Modification: Updating status for config failure detection Setting OpenVPN credentials... adding route to local network 192.168.0.51/24 via 172.17.0.1 dev eth0 Error: Invalid prefix for given prefix length.

TRANSMISSION_HOME is currently set to: /config/transmission-home Creating TUN device /dev/net/tun Using OpenVPN provider: PUREVPN Running with VPN_CONFIG_SOURCE auto No bundled config script found for PUREVPN. Defaulting to external config Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.FZkI5t1Nnt Extracting configs to /tmp/tmp.pqXCM2MKhT Found configs for PUREVPN in /tmp/tmp.pqXCM2MKhT/vpn-configs-contrib-main/openvpn/purevpn, will replace current content in /etc/openvpn/purevpn Cleanup: deleting /tmp/tmp.FZkI5t1Nnt and /tmp/tmp.pqXCM2MKhT No VPN configuration provided. Using default. Modifying /etc/openvpn/purevpn/default.ovpn for best behaviour in this container Modification: Point auth-user-pass option to the username/password file Modification: Change ca certificate path Modification: Change ping options Modification: Update/set resolv-retry to 15 seconds Modification: Change tls-crypt keyfile path Modification: Set output verbosity to 3 Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop Modification: Updating status for config failure detection Setting OpenVPN credentials... adding route to local network 192.168.1.0/24 via 172.18.0.1 dev eth0 2023-05-04 16:54:09 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2023-05-04 16:54:09 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022 2023-05-04 16:54:09 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 2023-05-04 16:54:09 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2023-05-04 16:54:09 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2023-05-04 16:54:09 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2023-05-04 16:54:09 TCP/UDP: Preserving recently used remote address: [AF_INET]37.46.122.74:80 2023-05-04 16:54:09 Socket Buffers: R=[87380->87380] S=[16384->16384] 2023-05-04 16:54:09 Attempting to establish TCP connection with [AF_INET]37.46.122.74:80 [nonblock] 2023-05-04 16:54:09 TCP connection established with [AF_INET]37.46.122.74:80 2023-05-04 16:54:09 TCP_CLIENT link local: (not bound) 2023-05-04 16:54:09 TCP_CLIENT link remote: [AF_INET]37.46.122.74:80 2023-05-04 16:54:09 Connection reset, restarting [0] 2023-05-04 16:54:09 SIGTERM[soft,connection-reset] received, process exiting

file #4660: bad zipfile offset (local header sig): 9946869 file #4661: bad zipfile offset (local header sig): 9950250 Cleanup: deleting /tmp/tmp.h95yq5FWo9 and /tmp/tmp.yD8lTJkQkV Starting container with revision: 840c1f36d3cdbaf5db418383603c19a84062b3cc TRANSMISSION_HOME is currently set to: /config/transmission-home WARNING: Deprecated. Found old default transmission-home folder at /data/transmission-home, setting this as TRANSMISSION_HOME. This might break in future versions. We will fallback to this directory as long as the folder exists. Please consider moving it to /config/transmission-home Creating TUN device /dev/net/tun Using OpenVPN provider: MULLVAD Running with VPN_CONFIG_SOURCE auto No bundled config script found for MULLVAD. Defaulting to external config Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.hhuSwq73Dl Extracting configs to /tmp/tmp.Ps48QIV5sL Found configs for MULLVAD in /tmp/tmp.Ps48QIV5sL/vpn-configs-contrib-main/openvpn/mullvad, will replace current content in /etc/openvpn/mullvad Cleanup: deleting /tmp/tmp.hmZdeiIkdl and /tmp/tmp.Ps48QIV5sL Starting OpenVPN using config au_mel.ovpn Modifying /etc/openvpn/mullvad/au_mel.ovpn for best behaviour in this container Modification: Point auth-user-pass option to the username/password file Modification: Change ca certificate path Modification: Change ping options Modification: Update/set resolv-retry to 15 seconds Modification: Change tls-crypt keyfile path Modification: Set output verbosity to 3 Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop Modification: Updating status for config failure detection Setting OpenVPN credentials... 2023-03-22 08:57:21 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore. 2023-03-22 08:57:21 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2023-03-22 08:57:21 OpenVPN 2.5.5 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022 2023-03-22 08:57:21 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10 2023-03-22 08:57:21 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2023-03-22 08:57:21 TCP/UDP: Preserving recently used remote address: [AF_INET]116.206.228.202:1301 2023-03-22 08:57:21 Socket Buffers: R=[212992->425984] S=[212992->425984] 2023-03-22 08:57:21 UDP link local: (not bound) 2023-03-22 08:57:21 UDP link remote: [AF_INET]116.206.228.202:1301 2023-03-22 08:58:21 [UNDEF] Inactivity timeout (--ping-exit), exiting 2023-03-22 08:58:21 SIGTERM[soft,ping-exit] received, process exiting

IF i understand correctly, I should add a folder to the volume settings which will host the SurfShark files https://github.com/haugene/vpn-configs-contrib/tree/main/openvpn/surfshark (all of them?).

According to their Github, it looks like they changed the configs for the ProtonVPN servers yesterday so that stopped it from working on my end. I changed it to one of the new configs "xx.protonvpn.net.tcp" and that stopped the container from crashing.

us.protonvpn.com.tcp.ovpn us.protonvpn.com.udp.ovpn vn.protonvpn.com.tcp.ovpn vn.protonvpn.com.udp.ovpn za.protonvpn.com.tcp.ovpn za.protonvpn.com.udp.ovpn NB: Remember to not specify .ovpn as part of the config name. Starting container with revision: 84941a9ea4663d8b2e1af3db1d50fe4f7fa8736e Creating TUN device /dev/net/tun Using OpenVPN provider: PROTONVPN Running with VPN_CONFIG_SOURCE auto No bundled config script found for PROTONVPN. Defaulting to external config Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.bGsY9IsLQ0 Extracting configs to /tmp/tmp.eV7G2M5aLE

"2022-10-03T15:07:46.020409599Z stdout No VPN configuration provided. Using default. 2022-10-03T15:07:45.595275472Z stdout Cleanup: deleting /tmp/tmp.LaZLnA0s9H and /tmp/tmp.T9ZFaI82eD 2022-10-03T15:07:45.425531099Z stdout Found configs for SURFSHARK in /tmp/tmp.T9ZFaI82eD/vpn-configs-contrib-main/openvpn/surfshark, will replace current content in /etc/openvpn/surfshark 2022-10-03T15:07:43.162937062Z stdout Extracting configs to /tmp/tmp.T9ZFaI82eD 2022-10-03T15:07:40.294968573Z stdout Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.LaZLnA0s9H 2022-10-03T15:07:40.179966352Z stdout No bundled config script found for SURFSHARK. Defaulting to external config 2022-10-03T15:07:40.179912932Z stdout Running with VPN_CONFIG_SOURCE auto 2022-10-03T15:07:40.179739196Z stdout Using OpenVPN provider: SURFSHARK 2022-10-03T15:07:40.145710758Z stdout mknod: /dev/net/tun: File exists 2022-10-03T15:07:40.091060363Z stdout Creating TUN device /dev/net/tun"

Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.t92SVqJtVT

Sat Jun 18 23:26:56 2022 VERIFY OK: depth=0, CN=ams-005.vpn.privado.io Sat Jun 18 23:26:57 2022 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA Sat Jun 18 23:26:57 2022 [ams-005.vpn.privado.io] Peer Connection Initiated with [AF_INET]91.148.224.50:1194 Sat Jun 18 23:26:58 2022 SENT CONTROL [ams-005.vpn.privado.io]: 'PUSH_REQUEST' (status=1) Sat Jun 18 23:26:59 2022 AUTH: Received control message: AUTH_FAILED Sat Jun 18 23:26:59 2022 SIGTERM[soft,auth-failure] received, process exiting Starting container with revision: 32bcf7522d1ecf9428cefe9044e12f9af5e30476 Creating TUN device /dev/net/tun Using OpenVPN provider: PRIVADO Running with VPN_CONFIG_SOURCE auto No bundled config script found for PRIVADO. Defaulting to external config Downloading configs from https://github.com/haugene/vpn-configs-contrib/archive/main.zip into /tmp/tmp.wWlMA6bC5L Extracting configs to /tmp/tmp.zUe95iRvys Found configs for PRIVADO in /tmp/tmp.zUe95iRvys/vpn-configs-contrib-main/openvpn/privado, will replace current content in /etc/openvpn/privado Cleanup: deleting /tmp/tmp.wWlMA6bC5L and /tmp/tmp.zUe95iRvys No VPN configuration provided. Using default. Modifying /etc/openvpn/privado/default.ovpn for best behaviour in this container Modification: Point auth-user-pass option to the username/password file Modification: Change ca certificate path Modification: Change ping options Modification: Update/set resolv-retry to 15 seconds Modification: Change tls-crypt keyfile path Modification: Set output verbosity to 3 Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop Setting OpenVPN credentials... adding route to local network 192.168.1.1/24 via 172.31.0.1 dev eth0 Error: Invalid prefix for given prefix length. Sat Jun 18 23:27:06 2022 WARNING: file '/config/openvpn-credentials.txt' is group or others accessible Sat Jun 18 23:27:06 2022 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022 Sat Jun 18 23:27:06 2022 library versions: OpenSSL 1.1.1f 31 Mar 2020, LZO 2.10 Sat Jun 18 23:27:06 2022 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Jun 18 23:27:06 2022 TCP/UDP: Preserving recently used remote address: [AF_INET]91.148.224.50:1194 Sat Jun 18 23:27:06 2022 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Jun 18 23:27:06 2022 UDP link local: (not bound) Sat Jun 18 23:27:06 2022 UDP link remote: [AF_INET]91.148.224.50:1194 Sat Jun 18 23:27:06 2022 TLS: Initial packet from [AF_INET]91.148.224.50:1194, sid=bb1cebc1 cdec8696 Sat Jun 18 23:27:06 2022 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sat Jun 18 23:27:06 2022 VERIFY OK: depth=1, CN=Privado Sat Jun 18 23:27:06 2022 VERIFY KU OK Sat Jun 18 23:27:06 2022 Validating certificate extended key usage Sat Jun 18 23:27:06 2022 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Sat Jun 18 23:27:06 2022 VERIFY EKU OK Sat Jun 18 23:27:06 2022 VERIFY X509NAME OK: CN=ams-005.vpn.privado.io Sat Jun 18 23:27:06 2022 VERIFY OK: depth=0, CN=ams-005.vpn.privado.io Sat Jun 18 23:27:08 2022 Control Channel: TLSv1.2, cipher SSLv3 DHE-RSA-AES256-SHA, 4096 bit RSA Sat Jun 18 23:27:08 2022 [ams-005.vpn.privado.io] Peer Connection Initiated with [AF_INET]91.148.224.50:1194 Sat Jun 18 23:27:09 2022 SENT CONTROL [ams-005.vpn.privado.io]: 'PUSH_REQUEST' (status=1) Sat Jun 18 23:27:09 2022 AUTH: Received control message: AUTH_FAILED Sat Jun 18 23:27:09 2022 SIGTERM[soft,auth-failure] received, process exiting

healthcheck: # https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220 test: "curl -sf https://example.com || exit 1" interval: 1m timeout: 10s retries: 2

I have containers a,b,c. Container C is running Gluetun (https://github.com/qdm12/gluetun) which is a VPN container.

The last couple of years I have been donating to Gluetun.

One option I could find is Gluetun, which looks very popular and actively maintained. In this case we have one single point of contact with VPN provider. The other containers should be run with network_mode: service:gluetun. If I understand correctly, those container will use VPN for every network operation, even for inter-container communication. Would they be visible for the containers not attached to gluetun (e.g. the SWAG reverse proxy)?

Try setting it up. https://github.com/qdm12/gluetun See if it works for your needs.

After some digging around, I found this project, which I think should get a lot more light on itself. It allows to setup port-forwarding on linux very easily, together with a lot of other things !

I setup Gluetun with qbittorrent in docker. Gluetun connects to the nord via manual login and I get to choose the specific servers I want it to you in its environment variables.

Hi guys, I have a dumb question: according to their github page, one of the features is the killswitch. It is not clear to me whether this would shutdown other containers (connected to it) when vpn drops, or only when the whole internet connection goes down

# See https://github.com/qdm12/gluetun/wiki