diff --git a/FAQ/Docker image.md b/FAQ/Docker image.md new file mode 100644 index 0000000..50a307a --- /dev/null +++ b/FAQ/Docker image.md @@ -0,0 +1,28 @@ +# Docker image + +![Visitors count](https://visitor-badge.laobi.icu/badge?page_id=gluetun.faq.dockerimage) + +If you use the default `qmcgaw/private-internet-access` image, you are technically using the Docker image with the `:latest` tag. +If it happens to be **broken**, this page is for you. + +## Release tag + +[Multiple releases](https://github.com/qdm12/private-internet-access-docker/releases) are made through time when the image is considered stable. + +ℹī¸ [List of image tags](https://hub.docker.com/r/qmcgaw/private-internet-access/tags?page=1&ordering=last_updated) + +Each time a Github release is made, an associated Docker image tag is made, for example a `v3.1.0` release produces the image `qmcgaw/private-internet-access:v3.1.0`. + +You can thus use one of these image tags if `:latest` doesn't work for you. Also, don't forget to create an issue for it 😉 + +## Build the image from a Git commit + +1. Install [Git](https://git-scm.com/), test it's here with `git version` +1. Find a [commit](https://github.com/qdm12/private-internet-access-docker/commits/master) you want to build for, in example `095623925a9cc0e5cf89d5b9b510714792267d9b` +1. Build the image + + ```sh + docker build -t qmcgaw/private-internet-access https://github.com/qdm12/private-internet-access-docker.git#095623925a9cc0e5cf89d5b9b510714792267d9b + ``` + +1. You can now use `qmcgaw/private-internet-access` which is the image you just built. diff --git a/FAQ/Mullvad.md b/FAQ/Mullvad.md new file mode 100644 index 0000000..db118a1 --- /dev/null +++ b/FAQ/Mullvad.md @@ -0,0 +1,24 @@ +# Mullvad + +![Visitors count](https://visitor-badge.laobi.icu/badge?page_id=gluetun.faq.mullvad) + +If you want to tunnel IPv6 with Mullvad, follow the following. + +1. Ensure your Kernel has IPv6 + + ```sh + lsmod | grep ipv6 + ``` + + Should show something. +1. Set the environment variable `OPENVPN_IPV6` to `on` +1. Enable IPv6 in Docker for this container: + - For a Docker run command, add the flag `--sysctl net.ipv6.conf.all.disable_ipv6=0` (or `--sysctl net.ipv6.conf.all.disable=0` on some systems) + - For docker-compose.yml files, add this to your `gluetun` config block: + + ```yml + sysctls: + - net.ipv6.conf.all.disable_ipv6=0 + ``` + +1. Start the container diff --git a/FAQ/Openvpn killed.md b/FAQ/Openvpn killed.md new file mode 100644 index 0000000..25bf409 --- /dev/null +++ b/FAQ/Openvpn killed.md @@ -0,0 +1,15 @@ +# OpenVPN killed + +It may happen, quite rarely though, that Openvpn gets killed in a loop by the host system. + +If you get regularly in your logs + +```s +openvpn: Sun May 10 19:23:37 2020 Initialization Sequence Completed +openvpn: Sun May 10 19:23:45 2020 event_wait : Interrupted system call (code=4) +openvpn: Sun May 10 19:23:45 2020 ERROR: Linux route delete command failed: external program exited with error status: 2 +openvpn: signal: killed +``` + +It might be another app you have interfering with the `/dev/net/tun` device and thus killing openvpn. +For QNAP users, it may be the **QCenter**. More information on [this issue](https://github.com/qdm12/private-internet-access-docker/issues/157) and many thanks for @AlexAlbright for finding the root cause through trial and error 🎈 diff --git a/FAQ/Openvpn warnings.md b/FAQ/Openvpn warnings.md new file mode 100644 index 0000000..fc063dc --- /dev/null +++ b/FAQ/Openvpn warnings.md @@ -0,0 +1,17 @@ +# OpenVPN warnings + +You might see some warnings similar to: + +```s +openvpn: Sat Feb 22 15:55:02 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this +openvpn: Sat Feb 22 15:55:02 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1542' +openvpn: Sat Feb 22 15:55:02 2020 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC' +openvpn: Sat Feb 22 15:55:02 2020 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1' +openvpn: Sat Feb 22 15:55:02 2020 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128' +openvpn: Sat Feb 22 15:55:02 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' +openvpn: Sat Feb 22 15:55:02 2020 [a121ce520d670b71bfd3aa475485539b] Peer Connection Initiated with [AF_INET]xx.xx.xx.xx:1197 +``` + +It is mainly because the option [disable-occ](https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/) was removed for transparency with you. + +Private Internet Access explains [here why](https://www.privateinternetaccess.com/helpdesk/kb/articles/why-do-i-get-cipher-auth-warnings-when-i-connect) the warnings show up. diff --git a/FAQ/Ping timeout.md b/FAQ/Ping timeout.md new file mode 100644 index 0000000..820a5bc --- /dev/null +++ b/FAQ/Ping timeout.md @@ -0,0 +1,26 @@ +# Ping timeout + +If your Openvpn drops the connection because of a ping timeout, then this page is for you. + +It happens, especially on some Private Internet Access servers, that the server side configuration changes or the server goes offline. + +You will obtain an error similar to: + +```s +openvpn: Wed Mar 18 22:13:00 2020 [3a51ae90324bcb0719cb399b650c64d4] Inactivity timeout (--ping-restart), restarting, +openvpn: Wed Mar 18 22:13:00 2020 SIGUSR1[soft,ping-restart] received, process restarting, +... +openvpn: Wed Mar 18 22:13:17 2020 Preserving previous TUN/TAP instance: tun0, +openvpn: Wed Mar 18 22:13:17 2020 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device., +openvpn: Wed Mar 18 22:13:17 2020 ERROR: Linux route delete command failed: external program exited with error status: 2, +openvpn: Wed Mar 18 22:13:17 2020 ERROR: Linux route delete command failed: external program exited with error status: 2, +openvpn: Wed Mar 18 22:13:17 2020 ERROR: Linux route delete command failed: external program exited with error status: 2, +openvpn: Wed Mar 18 22:13:17 2020 ERROR: Linux route delete command failed: external program exited with error status: 2, +openvpn: Wed Mar 18 22:13:17 2020 /sbin/ip addr del dev tun0 local 10.6.11.6 peer 10.6.11.5, +openvpn: Wed Mar 18 22:13:17 2020 Linux ip addr del failed: external program exited with error status: 2, +openvpn: Wed Mar 18 22:13:18 2020 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1), +openvpn: Wed Mar 18 22:13:18 2020 Exiting due to fatal error, +exit status 1 +``` + +To fix it, you would have to run openvpn with root, by setting the environment variable `OPENVPN_ROOT=yes`. diff --git a/FAQ/Portainer.md b/FAQ/Portainer.md new file mode 100644 index 0000000..c448f7d --- /dev/null +++ b/FAQ/Portainer.md @@ -0,0 +1,10 @@ +# Portainer + +If you use Portainer to run the container and get the error: + +``` +2020-05-03T09:04:11.283Z ERROR failed executing "-P INPUT ACCEPT": iptables v1.8.3 (legacy): can't initialize iptables table `filter': Permission denied (you must be root) +Perhaps iptables or your kernel needs to be upgraded.: exit status 3``` +``` + +This might be because portainer does not set the `--cap_add=NET_ADMIN` successfully. You might need to run the container without Portainer in this case. More information on [this issue](https://github.com/qdm12/private-internet-access-docker/issues/139). diff --git a/Home.md b/Home.md index 119f684..7d40972 100644 --- a/Home.md +++ b/Home.md @@ -1,5 +1,6 @@ # Home 1. [Setup](Setup) +1. [FAQ](FAQ) 1. [HTTP Control server](HTTP-Control-server) 1. [Contributing](Contributing)