Bug: Gluetun 3.39 no servers available with protonvpn

[brpaz]

Is this urgent?

Yes

Host OS

Fedora

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

Kubernetes

What is the version of Gluetun

Running version v3.38.0 built on 2024-03-25T15:53:33.983Z (commit b3ceece)

What's the problem 🤔

Hello.

After updating to gluetun 3.39, I cannot get a connection to ProtonVPN. It always says there are no servers available.

[vpn] finding a valid server connection: filtering servers: no server found: for VPN openvpn; protocol udp

I have tried updating the servers manually but still get the same error.

Share your logs (at least 10 lines)

024-09-06T21:37:35Z INFO [routing] default route found: interface eth0, gateway 10.0.0.32, assigned IP 10.0.0.80 and family v4
2024-09-06T21:37:35Z INFO [routing] local ethernet link found: eth0
2024-09-06T21:37:35Z INFO [routing] local ipnet found: 10.0.0.32/32
2024-09-06T21:37:35Z INFO [routing] local ipnet found: fe80::/64
2024-09-06T21:37:35Z INFO [firewall] enabling...
2024-09-06T21:37:35Z DEBUG [firewall] iptables --policy INPUT DROP
2024-09-06T21:37:35Z DEBUG [firewall] iptables --policy OUTPUT DROP
2024-09-06T21:37:35Z DEBUG [firewall] iptables --policy FORWARD DROP
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --policy INPUT DROP
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-09-06T21:37:35Z DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 10.0.0.80 -d 10.0.0.32/32 -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -s fe80::68e6:8aff:fea9:ff2 -d fe80::/64 -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] iptables --append INPUT -i eth0 -d 10.0.0.32/32 -j ACCEPT
2024-09-06T21:37:35Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -d fe80::/64 -j ACCEPT
2024-09-06T21:37:35Z INFO [firewall] enabled successfully
2024-09-06T21:37:36Z INFO [storage] merging by most recent 20476 hardcoded servers and 19794 servers read from /gluetun/servers.json
2024-09-06T21:37:36Z INFO [storage] Using protonvpn servers from file which are 36 days more recent
2024-09-06T21:37:36Z DEBUG [netlink] IPv6 is supported by link eth0
2024-09-06T21:37:36Z INFO Alpine version: 3.20.2
2024-09-06T21:37:36Z INFO OpenVPN 2.5 version: 2.5.10
2024-09-06T21:37:36Z INFO OpenVPN 2.6 version: 2.6.11
2024-09-06T21:37:36Z INFO Unbound version: 1.20.0
2024-09-06T21:37:36Z INFO IPtables version: v1.8.10
2024-09-06T21:37:36Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Port forwarding only servers: yes
|   |   |   └── OpenVPN server selection settings:
|   |   |       └── Protocol: UDP
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use port forwarding code for current provider
|   |       ├── Forwarded port file path: /gluetun/forwarded_port
|   |       └── Credentials:
|   |           ├── Username: <redacted>++pmp
|   |           └── Password: <redacted
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: oM...gce
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── Input ports:
|   |   ├── 8080
|   |   ├── 6881
|   |   └── 8001
|   └── Outbound subnets:
|       └── 10.0.0.0/8
├── Log settings:
|   └── Log level: debug
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6m0s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
├── Server data updater settings:
|   ├── Update period: 12h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: protonvpn
└── Version settings:
    └── Enabled: yes
2024-09-06T21:37:36Z INFO [routing] default route found: interface eth0, gateway 10.0.0.32, assigned IP 10.0.0.80 and family v4
2024-09-06T21:37:36Z DEBUG [routing] ip rule add from 10.0.0.80/32 lookup 200 pref 100
2024-09-06T21:37:36Z INFO [routing] adding route for 0.0.0.0/0
2024-09-06T21:37:36Z DEBUG [routing] ip route replace 0.0.0.0/0 via 10.0.0.32 dev eth0 table 200
2024-09-06T21:37:36Z INFO [firewall] setting allowed subnets...
2024-09-06T21:37:36Z DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 10.0.0.80 -d 10.0.0.0/8 -j ACCEPT
2024-09-06T21:37:36Z INFO [routing] default route found: interface eth0, gateway 10.0.0.32, assigned IP 10.0.0.80 and family v4
2024-09-06T21:37:36Z INFO [routing] adding route for 10.0.0.0/8
2024-09-06T21:37:36Z DEBUG [routing] ip route replace 10.0.0.0/8 via 10.0.0.32 dev eth0 table 199
2024-09-06T21:37:36Z DEBUG [routing] ip rule add to 10.0.0.0/8 lookup 199 pref 99
2024-09-06T21:37:36Z DEBUG [routing] ip rule add to 10.0.0.32/32 lookup 254 pref 98
2024-09-06T21:37:36Z DEBUG [routing] ip rule add to fe80::/64 lookup 254 pref 98
2024-09-06T21:37:36Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-09-06T21:37:36Z INFO [firewall] setting allowed input port 8080 through interface eth0...
2024-09-06T21:37:36Z DEBUG [firewall] iptables --append INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] iptables --append INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
2024-09-06T21:37:36Z INFO [firewall] setting allowed input port 6881 through interface eth0...
2024-09-06T21:37:36Z DEBUG [firewall] iptables --append INPUT -i eth0 -p tcp -m tcp --dport 6881 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -p tcp -m tcp --dport 6881 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] iptables --append INPUT -i eth0 -p udp -m udp --dport 6881 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -p udp -m udp --dport 6881 -j ACCEPT
2024-09-06T21:37:36Z INFO [firewall] setting allowed input port 8001 through interface eth0...
2024-09-06T21:37:36Z DEBUG [firewall] iptables --append INPUT -i eth0 -p tcp -m tcp --dport 8001 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -p tcp -m tcp --dport 8001 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] iptables --append INPUT -i eth0 -p udp -m udp --dport 8001 -j ACCEPT
2024-09-06T21:37:36Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -p udp -m udp --dport 8001 -j ACCEPT
2024-09-06T21:37:36Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-09-06T21:37:36Z INFO [http server] http server listening on [::]:8000
2024-09-06T21:37:36Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-09-06T21:37:36Z ERROR [vpn] finding a valid server connection: filtering servers: no server found: for VPN openvpn; protocol udp
2024-09-06T21:37:36Z INFO [vpn] retrying in 15s
2024-09-06T21:37:51Z ERROR [vpn] finding a valid server connection: filtering servers: no server found: for VPN openvpn; protocol udp
2024-09-06T21:37:51Z INFO [vpn] retrying in 30s
2024-09-06T21:38:21Z ERROR [vpn] finding a valid server connection: filtering servers: no server found: for VPN openvpn; protocol udp
2024-09-06T21:38:21Z INFO [vpn] retrying in 1m0s

Share your configuration

No response

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[GameAlex]

Deleting the file servers.json in /gluetun fixed this problem for me

[cjhetzle]

Yup ran into this same issue after redeploying my image to latest. Deleting servers.json also fixed the issue.

Running on Synology DMS 7.2.1

[brpaz]

It worked for me as well. Seems that for some reason the servers list is not being updated correctly. I will close this issue,

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

[qdm12]

That's strange, and what happens if you run the v3.38 image and then back the v3.39 image? Does it fail again? 🤔

[VoidJuiceConcentrate]

Edit: Looks like in my case, "FREE_ONLY" is not compatible with "PORT_FORWARDING". Once I removed port forwarding from the config it just worked.

Hello! I am using gluetun within docker and I am having the same issue using ProtonVPN and free only servers.

I noticed, inside the servers.json file there are servers that meet the criteria of UDP, Free, and OpenVPN, but it just returns and repeats the following error:

2024-09-24T22:41:51Z ERROR [vpn] finding a valid server connection: filtering servers: no server found: for VPN openvpn; protocol udp; free tier only

If I remove "FREE_ONLY=ON" then that results in successful server connections, but invalid credentials since my account is free only.

Below is a snip of my docker-compose. I left out ports and volumes for privacy.

gluetun:
    image: qmcgaw/gluetun:latest
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - OPENVPN_USER=<userID>
      - OPENVPN_PASSWORD=<userPass>
      - PORT_FORWARDING=on
      - FREE_ONLY=on
    network_mode: bridge

[qdm12]

Edit: Looks like in my case, "FREE_ONLY" is not compatible with "PORT_FORWARDING". Once I removed port forwarding from the config it just worked.

• 62747f1 adds missing details to the 'no server found' error, including the port forward only field, so that will be clearer to debug next time.
• c665b13 prevents using FREE_ONLY and PORT_FORWARD_ONLY together with protonvpn, and would return an error port forwarding only filter is not supported: together with free only filter if a user tries to use it.

I think this is resolved, so closing this! And thanks for debugging and finding out what the error was!

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

[FlorentLM]

Similar issue here, using this:

environment:
      - TZ=xxxxxx/xxxxxx
      - PUID=xxx
      - PGID=xxx
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=wireguard
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
      - SECURE_CORE_ONLY=on
      - PORT_FORWARD_ONLY=on
      - WIREGUARD_PRIVATE_KEY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx=
      - SHADOWSOCKS=off
      - HTTPPROXY=off

And it says:

2024-09-29T16:47:40+02:00 ERROR [vpn] finding a VPN server: filtering servers: no server found: for VPN wireguard; protocol udp; port forwarding only; secure core only; target ip address 0.0.0.0

Despite the fact that there are, indeed, many ProtonVPN servers that support Wireguard, secure-core and port forwarding.

Tried deleting /gluetun/servers.json and no change.
Tried adding - PROTOCOL=tcp and no change.

I see that in the json, only OpenVPN servers have the fields "udp": and "tcp": , but the wireguard servers have neither field. Could that be why the wireguard ones return false for both udp and tcp?