Proxy not working

[drsood]

Hi
I am trying to use this on Windows 11 inside docker.
Docker config:

services:
  openvpn-client:
    image: ghcr.io/wfg/openvpn-client
    container_name: openvpn-singapore
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    environment:
      - SUBNETS=192.168.29.0/24
      - HTTP_PROXY=off
      - SOCKS_PROXY=on
      - VPN_CONFIG_FILE=Windscribe-Singapore-SMRT.ovpn
    volumes: 
       - D:\Software\Docker\openvpn proxy:/data/vpn
    ports:
      - 1080:1080
    restart: unless-stopped

The VPN seems to be connecting:

---- Running with the following variables ----
Kill switch: on
HTTP proxy: off
SOCKS proxy: on
Proxy username secret: none
Proxy password secret: none
Allowing subnets: 192.168.29.0/24
Using OpenVPN log level: 3
Listening on: none
Using configuration file: /data/vpn/Windscribe-Singapore-SMRT.ovpn
Creating /data/vpn/Windscribe-Singapore-SMRT.ovpn.modified and making required changes to that file.
Changes made.
Creating VPN kill switch and local routes.
Allowing established and related connections...
Allowing loopback connections...
Allowing Docker network connections...
Allowing specified subnets...
Allowing remote servers in configuration file...
  Using:
    sin-241.whiskergalaxy.com (IP: 103.107.198.227 PORT: 80 PROTOCOL: tcp)
    sin-241.whiskergalaxy.com (IP: 103.62.48.224 PORT: 80 PROTOCOL: tcp)
Allowing connections over VPN interface...
Preventing anything else...
iptables rules created and routes configured.
Running OpenVPN client.
Running Dante SOCKS proxy server.
2022-02-02 10:35:38 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-02-02 10:35:38 WARNING: file 'credentials.conf' is group or others accessible
2022-02-02 10:35:38 OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022-02-02 10:35:38 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
2022-02-02 10:35:38 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-02-02 10:35:38 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-02-02 10:35:38 TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.198.227:80
2022-02-02 10:35:38 Socket Buffers: R=[131072->131072] S=[16384->16384]
2022-02-02 10:35:38 Attempting to establish TCP connection with [AF_INET]103.107.198.227:80 [nonblock]
2022-02-02 10:35:38 TCP connection established with [AF_INET]103.107.198.227:80
2022-02-02 10:35:38 TCPv4_CLIENT link local: (not bound)
2022-02-02 10:35:38 TCPv4_CLIENT link remote: [AF_INET]103.107.198.227:80
2022-02-02 10:35:38 TLS: Initial packet from [AF_INET]103.107.198.227:80, sid=6b2e5c2c 862072e9
2022-02-02 10:35:38 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
2022-02-02 10:35:38 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
2022-02-02 10:35:38 VERIFY KU OK
2022-02-02 10:35:38 Validating certificate extended key usage
2022-02-02 10:35:38 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-02-02 10:35:38 VERIFY EKU OK
2022-02-02 10:35:38 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=sin-241.windscribe.com
2022-02-02 10:35:39 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1603', remote='link-mtu 1551'
2022-02-02 10:35:39 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2022-02-02 10:35:39 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2022-02-02 10:35:39 [sin-241.windscribe.com] Peer Connection Initiated with [AF_INET]103.107.198.227:80
2022-02-02 10:35:40 SENT CONTROL [sin-241.windscribe.com]: 'PUSH_REQUEST' (status=1)
2022-02-02 10:35:40 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,rcvbuf 0,sndbuf 0,route-gateway 10.123.36.1,topology subnet,ping 5,ping-restart 60,dhcp-option DNS 10.255.255.2,ifconfig 10.123.36.16 255.255.254.0,peer-id 0,cipher AES-256-GCM'
2022-02-02 10:35:40 OPTIONS IMPORT: timers and/or timeouts modified
2022-02-02 10:35:40 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-02-02 10:35:40 Socket Buffers: R=[131072->131072] S=[87040->87040]
2022-02-02 10:35:40 OPTIONS IMPORT: --ifconfig/up options modified
2022-02-02 10:35:40 OPTIONS IMPORT: route options modified
2022-02-02 10:35:40 OPTIONS IMPORT: route-related options modified
2022-02-02 10:35:40 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-02-02 10:35:40 OPTIONS IMPORT: peer-id set
2022-02-02 10:35:40 OPTIONS IMPORT: adjusting link_mtu to 1626
2022-02-02 10:35:40 OPTIONS IMPORT: data channel crypto options modified
2022-02-02 10:35:40 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-02-02 10:35:40 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-02-02 10:35:40 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-02-02 10:35:40 ROUTE_GATEWAY 172.18.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:12:00:03
2022-02-02 10:35:40 TUN/TAP device tun0 opened
2022-02-02 10:35:40 /sbin/ip link set dev tun0 up mtu 1500
2022-02-02 10:35:40 /sbin/ip link set dev tun0 up
2022-02-02 10:35:40 /sbin/ip addr add dev tun0 10.123.36.16/23
2022-02-02 10:35:40 /sbin/ip route add 103.107.198.227/32 via 172.18.0.1
2022-02-02 10:35:40 /sbin/ip route add 0.0.0.0/1 via 10.123.36.1
2022-02-02 10:35:40 /sbin/ip route add 128.0.0.0/1 via 10.123.36.1
2022-02-02 10:35:40 Initialization Sequence Completed

However, the actual connection to proxy gives error.
docker run --rm -it --network=container:openvpn-singapore alpine wget -qO - ifconfig.me
produces error
wget: bad address 'ifconfig.me'

Please help

[the-hotmann]

Same for me, without Proxy, but with VPN

I'm on Debian 10.

[fredssh]

services:
  openvpn-client:
    image: ghcr.io/wfg/openvpn-client
    container_name: openvpn-germany
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    environment:
      - SUBNETS=192.168.29.0/24
      - HTTP_PROXY=off
      - SOCKS_PROXY=on
      - VPN_CONFIG_FILE=Germany.ovpn
      - VPN_AUTH_SECRET=auth.txt
    volumes:
       - F:/vpn/myvpn:/data/vpn
       - F:/vpn/myvpn/secrets/auth.txt:/run/secrets/auth.txt
    ports:
      - 1080:1080
    restart: unless-stopped

wget: bad address 'ipinfo.io'

Same issue, anyone had any luck with it?!

openvpn-germany  |
openvpn-germany  | ---- Running with the following variables ----
openvpn-germany  | Kill switch: on
openvpn-germany  | HTTP proxy: off
openvpn-germany  | SOCKS proxy: on
openvpn-germany  | Proxy username secret: none
openvpn-germany  | Proxy password secret: none
openvpn-germany  | Allowing subnets: 192.168.1.0/24
openvpn-germany  | Using OpenVPN log level: 3
openvpn-germany  | Listening on: none
openvpn-germany  | Using configuration file: /data/vpn/Germany.ovpn
openvpn-germany  | Creating /data/vpn/Germany.ovpn.modified and making required changes to that file.
openvpn-germany  | Changes made.
openvpn-germany  |
openvpn-germany  | Creating VPN kill switch and local routes.
openvpn-germany  | Allowing established and related connections...
openvpn-germany  | Allowing loopback connections...
openvpn-germany  | Allowing Docker network connections...
openvpn-germany  | Allowing specified subnets...
openvpn-germany  | Allowing remote servers in configuration file...
openvpn-germany  |   Using:
 PROTOCOL: udp)  |     de.myvpn.de (IP: xx.xxx.xxx.xxx PORT: 443
" does not resolve to anything.8.7 (legacy): Port "443
openvpn-germany  |
openvpn-germany  | Try `iptables -h' or 'iptables --help' for more information.
openvpn-germany  | Allowing connections over VPN interface...
openvpn-germany  | Preventing anything else...
openvpn-germany  | iptables rules created and routes configured.
openvpn-germany  |
openvpn-germany  | Configuring OpenVPN authentication.
openvpn-germany  | Running OpenVPN client.
openvpn-germany  |
openvpn-germany  | Running Dante SOCKS proxy server.
openvpn-germany  |
openvpn-germany  | 2022-02-19 10:09:04 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
openvpn-germany  | 2022-02-19 10:09:04 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
openvpn-germany  | 2022-02-19 10:09:04 WARNING: file '/run/secrets/auth.txt' is group or others accessible
openvpn-germany  | 2022-02-19 10:09:04 OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
openvpn-germany  | 2022-02-19 10:09:04 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
openvpn-germany  | 2022-02-19 10:09:04 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxxx.xxx.xxx:443
openvpn-germany  | 2022-02-19 10:09:04 Socket Buffers: R=[212992->212992] S=[212992->212992]
openvpn-germany  | 2022-02-19 10:09:04 UDP link local: (not bound)
openvpn-germany  | 2022-02-19 10:09:04 UDP link remote: [AF_INET]xxx.xxxx.xxxx:443
openvpn-germany  | 2022-02-19 10:09:04 write UDP: Operation not permitted (code=1)
openvpn-germany  | 2022-02-19 10:09:06 write UDP: Operation not permitted (code=1)
openvpn-germany  | 2022-02-19 10:09:11 write UDP: Operation not permitted (code=1)
openvpn-germany  | 2022-02-19 10:09:19 write UDP: Operation not permitted (code=1)```

[HGebhardt]

I had the same issue.
After setting the dns configuration everything works fine and it resolves the domains.
Maybe this helps anyone here.

[joeblowout]

I had the same issue. After setting the dns configuration everything works fine and it resolves the domains. Maybe this helps anyone here.

Sir, could you elaborate how exactly did you do it? here's my current config, I've been cracking my head for the past few days trying to get either http or socks5 proxy to work on my vps...

services:
openvpn-client:
image: ghcr.io/wfg/openvpn-client
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
environment:
- HTTP_PROXY=on
- SOCKS_PROXY=on
- SUBNETS=192.168.29.0/24 #0.0.0.0/0
- VPN_CONFIG_FILE=config.ovpn
- LISTEN_ON=0.0.0.0
- KILL_SWITCH=on
ports:
- 8080:8080 #http
- 1080:1080 #socks5
volumes:
- ./data:/data/vpn
- /etc/resolv.conf:/etc/resolv.conf:ro
dns:
- 8.8.8.8
- 1.1.1.1
network_mode: bridge
restart: unless-stopped

enabling 1.1.1.1 adn 8.8.8.8 as dns did not work for me at all

[joeblowout]

Well, i guess it works partially by adding WAN ip manually, say my ip is 123.123.123.123, then i add 123.123.123.0/24.

However, when my IP changes, cause it's dynamic, I would have to add new one again. 0.0.0.0/0 wont work. How do I make it so that the docker container accept all incoming requests from all IPs?