gluetun: Help: Port forwarding cannot obtain token due to router (I think)
TLDR: Describe your issue in a one liner here Getting the following error: port forwarding: cannot obtain token: Get “https://[username]😗**@10.0.0.1/authv3/generateToken”: x509: certificate is valid for myrouter.io, not toronto405
It seems to be related in some way to my router, but I don’t know how to fix it. If I go to the above url it just leads to my router login page, though it looks slightly different (less formatting on the page, login doesn’t work, etc)
Use case will be to forward deluge torrents through the vpn (and figure out a way to still be able to connect with the windows GUI client on LAN)
-
Is this urgent?
- Yes
- No
-
What VPN service provider are you using?
- PIA
- Mullvad
- Windscribe
- Surfshark
- Cyberghost
-
What’s the version of the program?
Running version unknown built on an unknown date (commit unknown)
2020-11-07T15:16:59.711-0400 INFO OpenVPN version: 2.4.9 2020-11-07T15:16:59.777-0400 INFO Unbound version: 1.10.1 2020-11-07T15:16:59.802-0400 INFO IPtables version: v1.8.4
-
What are you using to run the container?
- Docker run
- Docker Compose
- Kubernetes
- Docker stack
- Docker swarm
- Podman
- Other:
-
Extra information
Logs:
=========================================,
================ Gluetun ================,
=========================================,
==== A mix of OpenVPN, DNS over TLS, ====,
======= Shadowsocks and HTTP proxy ======,
========= all glued up with Go ==========,
=========================================,
=========== For tunneling to ============,
======== your favorite VPN server =======,
=========================================,
=== Made with ❤️ by github.com/qdm12 ====,
=========================================,
,
Running version unknown built on an unknown date (commit unknown),
,
📣 Port forwarding is working for PIA v4 servers,
,
🔧 Need help? https://github.com/qdm12/gluetun/issues/new,
💻 Email? quentin.mcgaw@gmail.com,
☕ Slack? Join from the Slack button on Github,
💸 Help me? https://github.com/sponsors/qdm12,
2020-11-07T15:16:59.711-0400 INFO OpenVPN version: 2.4.9,
2020-11-07T15:16:59.777-0400 INFO Unbound version: 1.10.1,
2020-11-07T15:16:59.802-0400 INFO IPtables version: v1.8.4,
2020-11-07T15:16:59.802-0400 WARN You are using the old environment variable EXTRA_SUBNETS, please consider changing it to FIREWALL_OUTBOUND_SUBNETS,
2020-11-07T15:16:59.803-0400 INFO Settings summary below:,
OpenVPN settings:,
|--User: [redacted],
|--Password: [redacted],
|--Verbosity level: 1,
|--Run as root: no,
|--Private Internet Access settings:,
|--Network protocol: udp,
|--Regions: ca toronto,
|--Encryption preset: strong,
|--Port forwarding: on, saved in /tmp/gluetun/forwarded_port,
System settings:,
|--User ID: 1000,
|--Group ID: 1000,
|--Timezone: america/toronto,
|--IP Status filepath: /tmp/gluetun/ip,
DNS over TLS settings:,
|--DNS over TLS provider:,
|--cloudflare,
|--Caching: enabled,
|--Block malicious: enabled,
|--Block surveillance: disabled,
|--Block ads: disabled,
|--Allowed hostnames:,
|--,
|--Private addresses:,
|--127.0.0.1/8,
|--10.0.0.0/8,
|--172.16.0.0/12,
|--192.168.0.0/16,
|--169.254.0.0/16,
|--::1/128,
|--fc00::/7,
|--fe80::/10,
|--::ffff:0:0/96,
|--Verbosity level: 1/5,
|--Verbosity details level: 0/4,
|--Validation log level: 0/2,
|--IPv6 resolution: disabled,
|--Update: every 24h0m0s,
|--Keep nameserver (disabled blocking): no,
Firewall settings:,
|--VPN input ports: ,
|--Input ports: ,
|--Outbound subnets: 10.0.0.0/24,
HTTP Proxy settings: disabled,
ShadowSocks settings:,
|--Password: [redacted],
|--Log: enabled,
|--Port: 8388,
|--Method: chacha20-ietf-poly1305,
HTTP Control server:,
|--Listening port: 8000,
|--Logging: true,
Public IP check period: 12h0m0s,
Version information: enabled,
Updater: disabled,
,
2020-11-07T15:16:59.860-0400 INFO storage: Merging by most recent 6556 hardcoded servers and 6556 servers read from /gluetun/servers.json,
2020-11-07T15:16:59.903-0400 INFO routing: default route found: interface eth0, gateway 172.17.0.1,
2020-11-07T15:16:59.903-0400 INFO routing: local subnet found: 172.17.0.0/16,
2020-11-07T15:16:59.904-0400 INFO routing: default route found: interface eth0, gateway 172.17.0.1,
2020-11-07T15:16:59.904-0400 INFO routing: adding route for 0.0.0.0/0,
2020-11-07T15:16:59.904-0400 INFO firewall: firewall disabled, only updating allowed subnets internal list,
2020-11-07T15:16:59.904-0400 INFO routing: default route found: interface eth0, gateway 172.17.0.1,
2020-11-07T15:16:59.904-0400 INFO routing: adding route for 10.0.0.0/24,
2020-11-07T15:16:59.904-0400 INFO openvpn configurator: checking for device /dev/net/tun,
2020-11-07T15:16:59.904-0400 WARN TUN device is not available: open /dev/net/tun: no such file or directory,
2020-11-07T15:16:59.904-0400 INFO openvpn configurator: creating /dev/net/tun,
2020-11-07T15:16:59.904-0400 INFO firewall: enabling...,
2020-11-07T15:16:59.955-0400 INFO firewall: enabled successfully,
2020-11-07T15:16:59.956-0400 INFO Launching standard output merger,
2020-11-07T15:16:59.956-0400 INFO dns over tls: falling back on plaintext DNS at address 1.1.1.1,
2020-11-07T15:16:59.957-0400 INFO dns configurator: using DNS address 1.1.1.1 internally,
2020-11-07T15:16:59.957-0400 INFO dns configurator: using DNS address 1.1.1.1 system wide,
2020-11-07T15:16:59.957-0400 INFO healthcheck: listening on 127.0.0.1:9999,
2020-11-07T15:16:59.958-0400 INFO http server: listening on 0.0.0.0:8000,
2020-11-07T15:16:59.959-0400 INFO firewall: setting VPN connection through firewall...,
2020-11-07T15:16:59.961-0400 INFO shadowsocks: listening TCP on 0.0.0.0:8388,
2020-11-07T15:16:59.961-0400 INFO shadowsocks: listening UDP on 0.0.0.0:8388,
2020-11-07T15:16:59.973-0400 INFO openvpn configurator: starting openvpn,
2020-11-07T15:16:59.975-0400 INFO openvpn: OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020,
2020-11-07T15:16:59.975-0400 INFO openvpn: library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10,
2020-11-07T15:17:00.000-0400 INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]],
2020-11-07T15:17:00.000-0400 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]172.83.47.250:1197,
2020-11-07T15:17:00.000-0400 INFO openvpn: UDP link local: (not bound),
2020-11-07T15:17:00.000-0400 INFO openvpn: UDP link remote: [AF_INET]172.83.47.250:1197,
2020-11-07T15:17:00.416-0400 WARN openvpn: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542',
2020-11-07T15:17:00.417-0400 WARN openvpn: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC',
2020-11-07T15:17:00.417-0400 WARN openvpn: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1',
2020-11-07T15:17:00.417-0400 WARN openvpn: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128',
2020-11-07T15:17:00.417-0400 INFO openvpn: [toronto405] Peer Connection Initiated with [AF_INET]172.83.47.250:1197,
2020-11-07T15:17:01.681-0400 INFO openvpn: TUN/TAP device tun0 opened,
2020-11-07T15:17:01.681-0400 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500,
2020-11-07T15:17:01.783-0400 INFO openvpn: /sbin/ip addr add dev tun0 10.51.110.3/24 broadcast 10.51.110.255,
2020-11-07T15:17:01.787-0400 INFO openvpn: UID set to nonrootuser,
2020-11-07T15:17:01.788-0400 INFO openvpn: Initialization Sequence Completed,
2020-11-07T15:17:01.788-0400 INFO dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated,
2020-11-07T15:17:01.788-0400 INFO VPN routing IP address: 172.83.47.250,
2020-11-07T15:17:01.788-0400 INFO VPN gateway IP address: 10.51.110.1,
2020-11-07T15:17:01.807-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:17:01.807-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:17:02.458-0400 INFO dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated,
2020-11-07T15:17:02.491-0400 INFO dns configurator: generating Unbound configuration,
2020-11-07T15:17:02.782-0400 INFO dns configurator: 63525 hostnames blocked overall,
2020-11-07T15:17:02.782-0400 INFO dns configurator: 2695 IP addresses blocked overall,
2020-11-07T15:17:02.921-0400 INFO dns configurator: starting unbound,
2020-11-07T15:17:02.922-0400 INFO dns configurator: using DNS address 127.0.0.1 internally,
2020-11-07T15:17:02.922-0400 INFO dns configurator: using DNS address 127.0.0.1 system wide,
2020-11-07T15:17:03.289-0400 INFO unbound: init module 0: validator,
2020-11-07T15:17:03.289-0400 INFO unbound: init module 1: iterator,
2020-11-07T15:17:03.304-0400 INFO unbound: start of service (unbound 1.10.1).,
2020-11-07T15:17:03.433-0400 INFO unbound: generate keytag query _ta-4a5c-4f66. NULL IN,
2020-11-07T15:17:03.954-0400 INFO dns over tls: DNS over TLS is ready,
2020-11-07T15:17:04.309-0400 INFO There is a new release v3.6.0 (HTTP proxy in Go) created 2 days ago,
2020-11-07T15:17:04.670-0400 INFO ip getter: Public IP address is 172.83.47.250,
2020-11-07T15:17:11.835-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:17:11.835-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:17:21.859-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:17:21.859-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:17:31.886-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:17:31.886-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:17:41.914-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:17:41.914-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:17:51.938-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:17:51.938-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:18:01.964-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:18:01.964-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:18:11.994-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:18:11.994-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:18:22.024-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:18:22.025-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:18:32.052-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:18:32.052-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:18:42.078-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:18:42.078-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:18:52.108-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:18:52.108-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:19:02.186-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:19:02.186-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:19:12.217-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:19:12.217-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:19:22.245-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:19:22.245-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:19:32.274-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:19:32.274-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:19:42.304-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:19:42.304-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:19:52.336-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:19:52.336-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:20:02.362-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:20:02.362-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:20:12.390-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:20:12.390-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:20:22.417-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:20:22.417-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:20:32.445-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:20:32.445-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:20:42.472-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:20:42.472-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:20:52.500-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:20:52.500-0400 INFO port forwarding: Trying again in 10s,
2020-11-07T15:21:02.531-0400 ERROR port forwarding: cannot obtain token: Get "https://[username]:***@10.0.0.1/authv3/generateToken": x509: certificate is valid for myrouter.io, not toronto405,
2020-11-07T15:21:02.531-0400 INFO port forwarding: Trying again in 10s,
Configuration file:
version: "3.7"
services:
gluetun:
image: qmcgaw/private-internet-access
network_mode: bridge # Required
cap_add:
- NET_ADMIN # Required
environment: #
- VPNSP=private internet access
- TZ=America/Toronto
- USER=
- PASSWORD=
- REGION=CA Toronto
- PORT_FORWARDING=on
- EXTRA_SUBNETS=10.0.0.0/24
- SHADOWSOCKS=on
- SHADOWSOCKS_PASSWORD=password
- SHADOWSOCKS_LOG=on
volumes:
- /volume1/docker/gluetun_pia_vpn:/gluetun
- /volume1/docker/gluetun_forwarded_port:/tmp/gluetun/forwarded_port
ports:
- 8112:8112 #deluge
- 58846:58846 #deluge daemon port
- 58946:58946 #deluge
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8100:8000/tcp # Built-in HTTP control server
restart: always
Host OS: Synology DSM
About this issue
- Original URL
- State: closed
- Created 4 years ago
- Comments: 15 (8 by maintainers)
Yep just noticed this was happening on my container as well! The EXTRA_SUBNETS work around should help