Feature request: PIA Port Forwarding Wireguard Custom Config

[xtinct101]

What's the feature 🧐

Hello,

Firstly, thanks for your continued work on Gluetun.
I use PIA and switched to a custom wireguard config from openvpn. Everything works great except that when I try to use the "VPN_PORT_FORWARDING=on" with custom provider I get an error stating that it can only be used with PIA service provider.
I'd like to have the PIA port fowarding when using wireguard but I've searched the wiki and issues section but could find a solution for this.
Any help would be appreciated.

Extra information and references

No response

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[qdm12]

Have you also set VPN_PORT_FORWARDING_PROVIDER="private internet access"?

[xtinct101]

Thanks for the reply. I did not but have now added it and am getting this error:

gluetun  | 2024-06-16T22:26:19.715980602Z 2024-06-16T22:26:19Z INFO [port forwarding] starting
gluetun  | 2024-06-16T22:26:19.718359294Z panic: server name cannot be empty
gluetun  | 2024-06-16T22:26:19.718406926Z 
gluetun  | 2024-06-16T22:26:19.718420956Z goroutine 117 [running]:
gluetun  | 2024-06-16T22:26:19.718442649Z github.com/qdm12/gluetun/internal/provider/privateinternetaccess.(*Provider).PortForward(0x7f8100041380?, {0x1230458?, 0xc0000a4960?}, {{0x7f81280d58c8, 0xc000207900}, {{0x0, 0xffff0a0b8001}, 0xc000010018}, 0xc001988300, {0x0, ...}, ...})
gluetun  | 2024-06-16T22:26:19.718456186Z       github.com/qdm12/gluetun/internal/provider/privateinternetaccess/portforward.go:32 +0x6aa
gluetun  | 2024-06-16T22:26:19.718466679Z github.com/qdm12/gluetun/internal/portforward/service.(*Service).Start(0xc0001c2750, {0x1230458, 0xc0000a4960})
gluetun  | 2024-06-16T22:26:19.718474832Z       github.com/qdm12/gluetun/internal/portforward/service/start.go:32 +0x3b3
gluetun  | 2024-06-16T22:26:19.718486083Z github.com/qdm12/gluetun/internal/portforward.(*Loop).run(0xc00020d700, {0x1230458, 0xc0000a4960}, 0xc0001fc9c0?, 0xc0001fcae0, 0xc0001fca20, 0xc0001fca80)
gluetun  | 2024-06-16T22:26:19.718495178Z       github.com/qdm12/gluetun/internal/portforward/loop.go:119 +0x8f5
gluetun  | 2024-06-16T22:26:19.718506682Z created by github.com/qdm12/gluetun/internal/portforward.(*Loop).Start in goroutine 34
gluetun  | 2024-06-16T22:26:19.718514818Z       github.com/qdm12/gluetun/internal/portforward/loop.go:71 +0x20a

[xtinct101]

Will add the SERVER_NAMES= and try again

[xtinct101]

Ok, I've added SERVER_NAMES=
I then ran docker run --rm -v ./appdata/gluetun:/gluetun qmcgaw/gluetun format-servers -private-internet-access to get a list of servers.
Selected this server | CA Vancouver | `ca-vancouver.privacy.network` | vancouver419 | ✅ | ✅ | ✅ |
Used vancouver419 as the name but still getting this error: ERROR VPN settings: provider settings: server selection: for VPN service provider custom: the server name specified is not valid: one or more values is set but there is no possible value available
I also tried using ca-vancouver.privacy.network as the server name but same error.
Here is my config:

      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP=xxxx
      - VPN_ENDPOINT_PORT=1337
      - WIREGUARD_PUBLIC_KEY=xxxx
      - WIREGUARD_PRIVATE_KEY=xxxx
      - SERVER_NAMES=vancouver419
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER="private internet access"
      - WIREGUARD_ADDRESSES=xxxx

Am I still missing something?

[xtinct101]

could it be an issue that in the server.json file all the pia servers are listed as openvpn?

        "vpn": "openvpn",
        "region": "CA Vancouver",
        "server_name": "vancouver419",
        "hostname": "ca-vancouver.privacy.network",
        "tcp": true,
        "udp": true,
        "port_forward": true
        

[qdm12]

Actually PIA port forwarding using the custom provider/wireguard has been an uphill battle for a month 😄 Sorry I forgot when initially replying to your issue.

The tip of the conversation is really at #2048 (comment) where we use SERVER_HOSTNAMES with the image qmcgaw/gluetun:pr-2254 (from #2254). I would really appreciate if you can help in the conversation on #2048 to try fixes I push on that branch 😉

Other related issue is #2147 but this would be unblocked + changed with #2048 so let's focus on #2048

Closing this to avoid duplicate issues, thanks!

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

[qdm12]

Re-opening this since this is different than #2048 although very similar to #2147

[qdm12]

I pushed 93ed87d which should allow you to set SERVER_NAMES=someservername. It's a bit ugly since it's not really for filtering a server out of a pool of servers, and really just for PIA's port forwarding but... I'm being lazy 😄 Let me know if it helps! 👍

[xtinct101]

is there a specific branch I need to use for this?

[qdm12]

Nope just the latest image, since this is really just a tiny fix and not a change/anything drastic 😉 You can docker pull qmcgaw/gluetun.

[xtinct101]

tried latest, doesnt hang on the same error but I now get this:

gluetun  | 2024-06-17T22:48:01.409292051Z 2024-06-17T22:48:01Z ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
gluetun  | 2024-06-17T22:48:01.409355734Z 2024-06-17T22:48:01Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
gluetun  | 2024-06-17T22:48:01.409363950Z 2024-06-17T22:48:01Z INFO [port forwarding] starting
gluetun  | 2024-06-17T22:48:01.480912053Z 2024-06-17T22:48:01Z INFO [port forwarding] Found saved forwarded port data for port 25984
gluetun  | 2024-06-17T22:48:01.480973327Z 2024-06-17T22:48:01Z INFO [port forwarding] Port forwarded data expires in 62 days
gluetun  | 2024-06-17T22:48:01.509695250Z 2024-06-17T22:48:01Z WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: read udp 10.11.128.3:56432->1.1.1.1:53: i/o timeout
gluetun  | 2024-06-17T22:48:01.509752942Z 2024-06-17T22:48:01Z INFO [dns] attempting restart in 10s

[qdm12]

Oh that's just the VPN server not working for whatever reason. Try another server/double check your Wireguard credentials?

[xtinct101]

yeah i guess the config changes and it screws up gluetun connection.
I updated config with latest server info and this is what I see in the logs

gluetun  | 2024-06-18T03:09:27.172317869Z 2024-06-18T03:09:27Z INFO [vpn] You are running on the bleeding edge of latest!
gluetun  | 2024-06-18T03:09:27.172379146Z 2024-06-18T03:09:27Z INFO [port forwarding] starting
gluetun  | 2024-06-18T03:09:27.173012454Z 2024-06-18T03:09:27Z INFO [port forwarding] Found saved forwarded port data for port 25984
gluetun  | 2024-06-18T03:09:27.173075370Z 2024-06-18T03:09:27Z INFO [port forwarding] Port forwarded data expires in 62 days
gluetun  | 2024-06-18T03:09:57.174333135Z 2024-06-18T03:09:57Z ERROR [vpn] port forwarding for the first time: binding port: Get "https://10.4.249.1:19999/bindPort?payload=<payload>&signature=<signature>": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

[xtinct101]

Just as reference, I've been using https://github.com/thrnz/docker-wireguard-pia for my PIA wireguard + portforwarding and it seems to connect successfully. Not sure how he/she is doing it but thought I'd just mention it in case its of any help.

[qdm12]

Perhaps try another VPN server? Would 10.4.249.1 conflict with your docker network or lan perhaps? For example 10.0.0.0/8 would conflict. If not, can you share what you get when running docker exec gluetun /bin/sh -c "ip route show all", I'm curious to see, maybe my code detects wrongly the VPN server gateway IP address.

I checked thrnz/docker-wireguard-pia and it does use the same (https://github.com/thrnz/docker-wireguard-pia/blob/30fb739fd38f06086eed332fdacab88064a73701/extra/pf.sh#L123 and https://github.com/thrnz/docker-wireguard-pia/blob/30fb739fd38f06086eed332fdacab88064a73701/extra/pf.sh#L226) as in the current Gluetun code.

EDIT: also, port forwarding was working fine with OpenVPN correct?

[xtinct101]

Yes, using OpenVPN with the montreal location works. The other, vancouver/toronto, do not. 

I tried other servers using the wireguard but its the same issue.
This is what I get when running that command

default via 192.168.90.1 dev eth0 
192.168.90.0/24 dev eth0 proto kernel scope link src 192.168.90.20

Also is there a way to get the wireguard config automatically like thrnz/docker-wireguard-pia. It seems that after a while my settings stop working and I need to generate a new wg0 file and copy the settings. To put another way, is there a way gluetun can generate the wg0 file automatically?

[xtinct101]

Hi again,
So i've tried a few servers and I still get this error
gluetun | 2024-06-21T21:47:10.367471392Z 2024-06-21T21:47:10Z ERROR [vpn] port forwarding for the first time: binding port: Get "https://10.20.191.1:19999/bindPort?payload=<payload>&signature=<signature>": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

I've tried with disabling the firewall, adding outbound_subnets but always the same error.

├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: wireguard
|   |   |   ├── Target IP address: 181.41.202.239
|   |   |   ├── Server names: vancouver435
|   |   |   └── Wireguard selection settings:
|   |   |       ├── Endpoint IP address: 181.41.202.239
|   |   |       ├── Endpoint port: 1337
|   |   |       └── Server public key: xxxx
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use code for provider: private internet access
|   |       └── Forwarded port file path: /gluetun/port.txt
|   └── Wireguard settings:
|       ├── Private key: xxxx
|       ├── Interface addresses:
|       |   └── 10.20.191.190/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── Debug mode: on
|   └── Outbound subnets:
|       └── 192.168.90.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes