[BUG] - Updated, connection stops working after a second #324

exander77 · 2024-11-01T09:55:15Z

Version

latest

Credential and Server Validation

I have verified that the servers I am trying to connect to are available under my plan.
I have verified that my generated Wireguard private keys are valid and have required features (Netshield Ad-blocker, VPN accelerator etc) are enabled.
I am using a valid server name (either fully qualified DNS name like nl-free-127.protonvpn.net or server IP) as mentioned in the docs.

System Architecture

Linux kni 6.8.0-47-generic #47-Ubuntu SMP PREEMPT_DYNAMIC Fri Sep 27 21:40:26 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Kernel Version

6.8.0-47-generic

Running on a NAS?

No

Runtime

docker

Version of Runtime

 Version:    24.0.5
 Context:    default
 Debug Mode: false
 Plugins:
  buildx: Docker Buildx (Docker Inc.)
    Version:  v0.11.2
    Path:     /usr/libexec/docker/cli-plugins/docker-buildx
  compose: Docker Compose (Docker Inc.)
    Version:  v2.20.2
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 36
  Running: 4
  Paused: 0
  Stopped: 32
 Images: 2362
 Server Version: 24.0.5
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 3dce8eb055cbb6872793272b4f20ed16117344f8
 runc version: v1.1.7-0-g860f061
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.8.0-47-generic
 Operating System: Ubuntu 24.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 16
 Total Memory: 42.93GiB
 Name: kni
 ID: UDUM:ADIB:JVYP:66GJ:X765:AI5W:NPCR:AJFX:HCB2:U3M3:QNUP:SJ7I
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

My configuration

version: '3.4'
services:
  protonvpn:
    environment:
      # Credentials
      WIREGUARD_PRIVATE_KEY: "REMOVED"
      PROTONVPN_USERNAME: "REMOVED"
      PROTONVPN_PASSWORD: "REMOVED"
      # Override these where applicable
      PROTONVPN_SERVER: ${PROTONVPN_SERVER:-node-cz-05.protonvpn.net}
      PROTONVPN_TIER: ${PROTONVPN_TIER:-3}
      SKIP_DNS_CONFIG: 1
      IPCHECK_INTERVAL: 0
      DEBUG: 1
      KILL_SWITCH: 0
    # Always use semver tags, avoid using tag latest!
    image: ghcr.io/tprasadtp/protonwire:latest
    init: true
    #build:
    #  context: .
    restart: unless-stopped
    networks:
      - internet
      - proxy
    cap_add:
      - NET_ADMIN
    sysctls:
      net.ipv4.conf.all.rp_filter: 2
      net.ipv6.conf.all.disable_ipv6: 1
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 127.0.0.1:5800:5800
    volumes:
      - type: tmpfs
        target: /tmp

Whitelisting API endpoints

I am not using ad-blocking DNS server or gateway

Troubleshooting & Runtime

Wireguard is supported by my kernel
I have read FAQ and Troubleshooting.
I am using latest stable version

Container/Pod/systemd log output with DEBUG=1 or `--debug` flag

polach@kni:~/repos/protonvpn-docker$16 [master %|u=] docker compose logs protonvpn
protonvpn-docker-protonvpn-1  | [DEBUG   ] PROTONVPN_SERVER                    : node-cz-05.protonvpn.net 
protonvpn-docker-protonvpn-1  | [DEBUG   ] IPCHECK_INTERVAL                    : 0 
protonvpn-docker-protonvpn-1  | [DEBUG   ] IPCHECK_URL                         : https://protonwire-api.vercel.app/v1/client/ip 
protonvpn-docker-protonvpn-1  | [DEBUG   ] METADATA_URL                        : https://protonwire-api.vercel.app/v1/server 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Checking requirements 
protonvpn-docker-protonvpn-1  | [DEBUG   ] __PROTONWIRE_SRV_INFO_FILE          : /tmp/protonwire.server.json 
protonvpn-docker-protonvpn-1  | [DEBUG   ] __PROTONWIRE_HCR                    : /tmp/protonwire.hc.response 
protonvpn-docker-protonvpn-1  | [DEBUG   ] __PROTONWIRE_HCS                    : /tmp/protonwire.hc.status 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Checking if IP on other interface is reserved - 127.0.0.1 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Checking if IP on other interface is reserved - 172.28.0.2 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Checking if IP on other interface is reserved - 172.25.0.2 
protonvpn-docker-protonvpn-1  | [NOTICE  ] Skipped validating default IPCHECK_URL 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Can use CAP_NET_ADMIN capability 
protonvpn-docker-protonvpn-1  | [DEBUG   ] IPCHECK_THRESHOLD                   : NA 
protonvpn-docker-protonvpn-1  | [DEBUG   ] IPCHECK_INTERVAL                    : 0 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Server info file is missing - /tmp/protonwire.server.json 
protonvpn-docker-protonvpn-1  | [INFO    ] Refresing server metadata (for node-cz-05.protonvpn.net) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] API - https://protonwire-api.vercel.app/v1/server/node-cz-05.protonvpn.net 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) Dload  Upload   Total   Spent    Left  Speed 
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 76.76.21.123:443... 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * Connected to protonwire-api.vercel.app (76.76.21.123) port 443 (#0) 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * ALPN: offers h2,http/1.1 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) } [5 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Client hello (1): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) } [512 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  CAfile: /etc/ssl/certs/ca-certificates.crt 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  CApath: /etc/ssl/certs 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [5 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Server hello (2): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [122 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [15 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Certificate (11): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [2580 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, CERT verify (15): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [264 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Finished (20): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [36 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) } [1 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (OUT), TLS handshake, Finished (20): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) } [36 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * ALPN: server accepted h2 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * Server certificate: 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  subject: CN=*.vercel.app 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  start date: Oct 17 00:02:14 2024 GMT 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  expire date: Jan 15 00:02:13 2025 GMT 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  subjectAltName: host "protonwire-api.vercel.app" matched cert's "*.vercel.app" 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  issuer: C=US; O=Let's Encrypt; CN=R11 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) *  SSL certificate verify ok. 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) } [5 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * using HTTP/2 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * h2h3 [:method: GET] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * h2h3 [:path: /v1/server/node-cz-05.protonvpn.net] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * h2h3 [:scheme: https] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * h2h3 [:authority: protonwire-api.vercel.app] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * h2h3 [user-agent: protonwire/v7] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * h2h3 [accept: */*] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * Using Stream ID: 1 (easy handle 0x5d17ec6f9c80) 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) } [5 bytes data] 
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) > GET /v1/server/node-cz-05.protonvpn.net HTTP/2
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) > Host: protonwire-api.vercel.app
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) > user-agent: protonwire/v7
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) > accept: */*
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) > 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [5 bytes data] 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [122 bytes data] 
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < HTTP/2 200 
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < accept-ranges: bytes
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < access-control-allow-origin: *
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < age: 501
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < cache-control: s-maxage=60, stale-while-revalidate=600
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < content-disposition: inline; filename="node-cz-05.protonvpn.net"
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < content-type: application/json
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < date: Fri, 01 Nov 2024 09:50:13 GMT
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < etag: "756383af3b428b87b7335e8adbe453b9"
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < last-modified: Fri, 01 Nov 2024 09:41:52 GMT
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < server: Vercel
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < strict-transport-security: max-age=63072000; includeSubDomains; pre oad
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < x-vercel-cache: HIT
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < x-vercel-id: fra1::l67k2-1730454613809-2b0958a79c52
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < content-length: 640
 rotonvpn-docker-protonvpn-1  | [TRACE   ] (curl) < 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) { [5 bytes data] 
100   640  100   640    0     0   7961      0 --:--:-- --:--:-- --:--:--  8000 
protonvpn-docker-protonvpn-1  | [TRACE   ] (curl) * Connection #0 to host protonwire-api.vercel.app left intact 
protonvpn-docker-protonvpn-1  | [SUCCESS ] Successfully refreshed server metadata 
protonvpn-docker-protonvpn-1  | [DEBUG   ] __PROTONWIRE_SRV_INFO_FILE JSON valid 
protonvpn-docker-protonvpn-1  | [DEBUG   ] metadata_fetch_tries=1 
protonvpn-docker-protonvpn-1  | [DEBUG   ] metadata_fetch_max_tries=3 
protonvpn-docker-protonvpn-1  | [SUCCESS ] Server node-cz-05.protonvpn.net is online 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Selecting all ONLINE endpoints 
protonvpn-docker-protonvpn-1  | [DEBUG   ] __PROTONWIRE_ENDPOINT_IPS_ONLINE    : 146.70.129.18 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Selecting all endpoints for building keymap 
protonvpn-docker-protonvpn-1  | [DEBUG   ] __PROTONWIRE_ENDPOINT_IPS_ALL       : 146.70.129.18 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Endpoint(146.70.129.18) has pubkey - sDVKmYDevvGvpKNei9f2SDbx5FMFi6FqBmuRYG/EFg8= 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.18(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.19(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.20(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.21(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.22(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.23(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.24(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.25(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.26(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.27(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.28(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.29(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Valid Exit IP for node-cz-05.protonvpn.net - 146.70.129.30(IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Not validating country 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Not validating if server supports P2P 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Not validating if server supports Stremaing 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Not validating if server supports Tor 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Not validating if server supports SecureCore 
protonvpn-docker-protonvpn-1  | [SUCCESS ] WIREGUARD_PRIVATE_KEY(MAR3K**********) is a valid key 
protonvpn-docker-protonvpn-1  | [SUCCESS ] net.ipv4.conf.all.rp_filter is already set to 2 
protonvpn-docker-protonvpn-1  | [NOTICE  ] Creating WireGuard Interface - protonwire0 
protonvpn-docker-protonvpn-1  | [INFO    ] Setting WireGuard interface address - 10.2.0.2 
protonvpn-docker-protonvpn-1  | [INFO    ] Setting WireGuard interface MTU to 1480 
protonvpn-docker-protonvpn-1  | [SUCCESS ] Configured WireGuard private key 
protonvpn-docker-protonvpn-1  | [DEBUG   ] No configured endpoints on the interface 'protonwire0' 
protonvpn-docker-protonvpn-1  | [DEBUG   ] __PROTONWIRE_ENDPOINT_IPS_ONLINE    : 146.70.129.18 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Selected endpoint 146.70.129.18 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Peer public key - sDVKmYDevvGvpKNei9f2SDbx5FMFi6FqBmuRYG/EFg8= 
protonvpn-docker-protonvpn-1  | [INFO    ] WireGuard interface is configured with peer - sDVKmYDevvGvpKNei9f2SDbx5FMFi6FqBmuRYG/EFg8=(146.70.129.18) 
protonvpn-docker-protonvpn-1  | [INFO    ] Bringing WireGuard interface up 
protonvpn-docker-protonvpn-1  | [SUCCESS ] Configured fwmark on WireGuard interface to - 0xca6d 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Excluding RFC-1918 subnets(IPv4) except DNS sever from WireGuard table 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Excluding ULA subnets(IPv6) from WireGuard table 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Collecting existing routes if any (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] No existing killswitch routes found 
protonvpn-docker-protonvpn-1  | [DEBUG   ] No existing routes found (IPv4) 
protonvpn-docker-protonvpn-1  | [NOTICE  ] Creating routes (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 10.2.0.1/32 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 0.0.0.0/5 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 8.0.0.0/7 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 11.0.0.0/8 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 12.0.0.0/6 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 16.0.0.0/4 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 32.0.0.0/3 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 64.0.0.0/3 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 96.0.0.0/6 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 100.0.0.0/10 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 100.128.0.0/9 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 101.0.0.0/8 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 102.0.0.0/7 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 104.0.0.0/5 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 112.0.0.0/5 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 120.0.0.0/6 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 124.0.0.0/7 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 126.0.0.0/8 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 128.0.0.0/3 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 160.0.0.0/5 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 168.0.0.0/8 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.0.0.0/9 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.128.0.0/10 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.192.0.0/11 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.224.0.0/12 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.240.0.0/13 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.248.0.0/14 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.252.0.0/15 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 169.255.0.0/16 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 170.0.0.0/7 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 172.0.0.0/12 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 172.32.0.0/11 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 172.64.0.0/10 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 172.128.0.0/9 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 173.0.0.0/8 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 174.0.0.0/7 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 176.0.0.0/4 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.0.0.0/9 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.128.0.0/11 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.160.0.0/13 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.169.0.0/16 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.170.0.0/15 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.172.0.0/14 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.176.0.0/12 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 192.192.0.0/10 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 193.0.0.0/8 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 194.0.0.0/7 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 196.0.0.0/6 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 200.0.0.0/5 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 208.0.0.0/4 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.1.0/24 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.2.0/23 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.4.0/22 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.8.0/21 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.16.0/20 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.32.0/19 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.64.0/18 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.0.128.0/17 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.1.0.0/16 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.2.0.0/15 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.4.0.0/14 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.8.0.0/13 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.16.0.0/12 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.32.0.0/11 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.64.0.0/10 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 224.128.0.0/9 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 225.0.0.0/8 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 226.0.0.0/7 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 228.0.0.0/6 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Added route - 232.0.0.0/5 to table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] KillSwitch is disabled (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Configuring IP rules (IPv4) 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Adding IP rule for Table 51821 (IPv4) 
protonvpn-docker-protonvpn-1  | [INFO    ] Skipping DNS configuration 
protonvpn-docker-protonvpn-1  | [WARNING ] Not verifying connection, as healthchecks are disabled 
protonvpn-docker-protonvpn-1  | [DEBUG   ] Using default check interval 120s 
protonvpn-docker-protonvpn-1  | [DEBUG   ] No systemd notify socket found, skiping READY=1 notification 
protonvpn-docker-protonvpn-1  | [WARNING ] Healthchecks are disabled 
protonvpn-docker-protonvpn-1  | [INFO    ] Listening for signals



### Any additional info

Seems that connection is working like a second after start and is on VPN, but then fails.

### Code of Conduct & PII Redaction

- [X] I agree to follow this project's Code of Conduct.
- [X] I have removed any sensitive personally identifying information(PII) and secrets from in this issue report.

The text was updated successfully, but these errors were encountered:

exander77 · 2024-11-01T23:43:07Z

I did minimal configuration from example, and still the same issue:

version: '2.3'
services:
  protonwire:
    container_name: protonwire
    # Use semver tags or sha256 hashes of manifests.
    # using latest tag can lead to issues when used with
    # automatic image updaters like watchtower/podman.
    image: ghcr.io/tprasadtp/protonwire:latest
    init: true
    restart: unless-stopped
    environment:
      # Quote this value as server name can contain '#'.
      WIREGUARD_PRIVATE_KEY: "REMOVED"
      PROTONVPN_SERVER: ${PROTONVPN_SERVER:-node-cz-05.protonvpn.net}
      # Set this to 1 to show debug logs for issue forms.
      DEBUG: "0"
      # Set this to 0 to disable kill-switch.
      KILL_SWITCH: "1"
      IPCHECK_INTERVAL: 0
    # NET_ADMIN capability is mandatory!
    cap_add:
      - NET_ADMIN
    # sysctl net.ipv4.conf.all.rp_filter is mandatory!
    # net.ipv6.conf.all.disable_ipv6 disables IPv6 as protonVPN does not support IPv6.
    # 'net.*' sysctls are not required on application containers,
    # as they share network stack with protonwire container.
    sysctls:
      net.ipv4.conf.all.rp_filter: 2
      net.ipv6.conf.all.disable_ipv6: 1
    volumes:
      - type: tmpfs
        target: /tmp
    ports:
      - 127.0.0.1:5800:5800
  # This is sample application which will be routed over VPN
  # Replace this with your preferred application(s).
  firefox:
    depends_on:
      - protonwire
    environment:
      TZ: "Europe/Prague"
      PGID: "1000"
      PUID: "1000"
      SECURE_CONNECTION: 1
      DARK_MODE: 1
      KEEP_APP_RUNNING: 1
    image: jlesage/firefox
    restart: unless-stopped
    userns_mode: host
    # Do not apply any networking configs
    # on this container!
    # All networking labels and settings should be defined
    # on the vpn container.
    network_mode: service:protonwire
    volumes:
      - ./data:/config

exander77 added the bug Issue is a bug label Nov 1, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BUG] - Updated, connection stops working after a second #324

[BUG] - Updated, connection stops working after a second #324

exander77 commented Nov 1, 2024

exander77 commented Nov 1, 2024

[BUG] - Updated, connection stops working after a second #324

[BUG] - Updated, connection stops working after a second #324

Comments

exander77 commented Nov 1, 2024

Version

Credential and Server Validation

System Architecture

Kernel Version

Running on a NAS?

Runtime

Version of Runtime

My configuration

Whitelisting API endpoints

Troubleshooting & Runtime

Container/Pod/systemd log output with DEBUG=1 or --debug flag

exander77 commented Nov 1, 2024

Container/Pod/systemd log output with DEBUG=1 or `--debug` flag