ANSWERED AirVPN with Gluetun docker and OpenVPN, certificate error

[Jommes 0]

Yesterday i set up a docker container with Gluetun en QBittorrent on my DS920+

I tried it with Wireguard over UDP and it works. But my Ubuntu test torrent had very slow download speeds. I saw that when i use the VPN on my laptop via UDP that my connection had hickups. It wasn't stable an very slow. I remembered that my ISP has an issue with UDP and OpenVPN. When i use OpenVPN with TCP it works fine.

But AirVPN only works with UDP in combination with Wireguard. So i have no other option to use OpenVPN with tcp.

I changed my compose-file, but when i start Gluetun i get this errors:

 

2023-04-03T13:52:36+02:00 INFO [openvpn] OpenSSL: error:05800074:x509 certificate routines::key values mismatch
2023-04-03T13:52:36+02:00 INFO [openvpn] Cannot load private key file [[INLINE]]
2023-04-03T13:52:36+02:00 INFO [openvpn] SIGUSR1[soft,private-key-password-failure] received, process restarting
2023-04-03T13:52:42+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun/wiki/Healthcheck)
2023-04-03T13:52:42+02:00 INFO [vpn] stopping

 

This is my compose:

 

#gluetun
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
- 8090:8090 # port for qbittorrent
- 34671:34671
volumes:
- /volume1/docker/gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=openvpn
- PROTOCOL=tcp
- OPENVPN_USER=username
- OPENVPN_PASSWORD=password
- FIREWALL_VPN_INPUT_PORTS=34671
- SERVER_REGIONS=Europe
- TZ=Europe/Paris
- HTTPPROXY=on
- SHADOWSOCKS=on
- FIREWALL_OUTBOUND_SUBNETS=172.19.0.0/16,192.168.1.0/24
network_mode: vpn-stack
restart: unless-stopped

 

In /volume1/docker/gluetun:/gluetun i placed a client.crt and client.key file from this instructions: https://github.com/qdm12/gluetun/wiki/OpenVPN-client-key and  and i extracted them from the OVPN config file a generated from the config generator.

client.key contents:

 

-----BEGIN PRIVATE KEY-----
Very long key
-----END PRIVATE KEY-----

 

client.crt contents (in my AirVPN OVPN file i saw 2 certificates):
 

 

-----BEGIN CERTIFICATE-----
Very long key
-----END CERTIFICATE-----
</ca>
<cert>
-----BEGIN CERTIFICATE-----
Very long key 2
-----END CERTIFICATE-----

 

When i use one certificate, i get the same error. Can somebody help me out?

[OpenSourcerer 1435]

4 hours ago, Jommes said:

But AirVPN only works with UDP in combination with Wireguard

Correction: Wireguard itself works UDP-only. It's independent from the VPN provider.
 

4 hours ago, Jommes said:

client.crt contents (in my AirVPN OVPN file i saw 2 certificates):

I think this is where it hiccups. The instructions ask for the <cert> part only but you included the <ca> part, too. Moreover, <ca> is the first key appearing, so OpenVPN likely tries to use that as the <cert>, and logically fails because of a modulus mismatch. The instructions for AirVPN don't mention the CA cert being used.
 

4 hours ago, Jommes said:

When i use one certificate, i get the same error. Can somebody help me out?

Now it only depends which one you used. Can you make sure you used the <cert>?

[Jommes 0]

Okay, it's in Wireguard itself.
Many thanks! I had selected the <ca> and i need the <cert> after changing everything works!
I had to look in the logs to see if Gluetun uses TCP, and it does. A test-torrent go's very slow, when i test another Linux test-torrent it go's with almost the max of my downloadspeed.