FastestVPN Wireguard Instructions

[sclinton13]

URL to the Wiki page

https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/fastestvpn.md

What's missing?

Missing instructions for FastestVPN using Wireguard (e.g. Private / Shared Key ) This is new to FastestVPN, launched in March 2024

[Zerauskire]

+1 for this

They do now support WireGuard but they just don't make it super convenient to get your keys to do so. Currently you have to reach out to support through their app and request your keys. Just tell them you need the WireGuard config for your router.

The servers listed on this page https://support.fastestvpn.com/vpn-servers/ under "IKEv2", "TCP", "UDP" are the ones enabled for WireGuard per their support team.

[Zerauskire]

FastestVPN Servers for Gluetun.txt
I spent this whole time putting this together only to realize that they use the same Public Key for every server rofl... ohh well. At least maybe this can still help and with the format, if they ever change to use a different public key per server, at least it will be an easy change.

[jvanderzande]

Just a quick question on this:
Tried to use this updated Gluetun.txt but still get "VPN provider name is not valid for Wireguard" when using :

environment:
  - VPN_SERVICE_PROVIDER=fastestvpn
  - VPN_TYPE=wireguard
  - SERVER_COUNTRIES=Belgium
  - WIREGUARD_PRIVATE_KEY=4thequickbrownfoxjumpsQ=

.. so guess I need to wait until provider.go is updated to include fastestvpn as valid WireGuard provider or is there another way?
It works fine when using a conf file with a target IP address, but not with the DNS hostname.

[jvanderzande]

Just to answer my own question:
There are changes required, so made my own fork and added the changes.
It also contains an updated servers.json containing all current fastestvpn servers, which is generated from an XML file which is generated/updated by the Windows Fastestvpn Client. This is done by a php script also available in this branch.
[Changes made]--- removed as it's now implemented in the master ---

[Zerauskire]

Cool. Nice work. Now if it could just get implemented in to the main branch... Yeah that XML file is exactly where I got my list from. Also to answer your question that you answered yourself lol, yeah other stuff needs to be changed. I wasn't able to just put these servers in and make it work. Nice to see you were able to just fork this and make those changes though.

[jvanderzande]

All you have to do now is get those changes from the link and build the docker image yourself, and things are working fine. ;)

[qdm12]

Do you all have the same server public key 658QxufMbjOTmB61Z7f+c7Rjg7oqWLnepTalqBERjF0=?

[jvanderzande]

I have, but guess you knew that already. :)
... and @Zerauskire has the same in that version of servers.json posted file:

FastestVPN Servers for Gluetun.txt

[qdm12]

Ok great. What I am currently working on is get the servers data from the fastestvpn website. I sort-of reversed engineered where their table data is coming from:

curl -X POST https://support.fastestvpn.com/wp-admin/admin-ajax.php --data "action=vpn_servers&protocol=tcp"
curl -X POST https://support.fastestvpn.com/wp-admin/admin-ajax.php --data "action=vpn_servers&protocol=udp"
curl -X POST https://support.fastestvpn.com/wp-admin/admin-ajax.php --data "action=vpn_servers&protocol=ikev2"

So I'll use that and then deduplicate servers (for both openvpn and Wireguard) etc. to match Gluetun server model. That will be quite a better than the existing update mechanism using the openvpn configuration files zip file from https://support.fastestvpn.com/download/fastestvpn_ovpn since I doubt this file changes much at all...

Stay tuned!

[jvanderzande]

That should work nicely .... tnx

[qdm12]

First step done: update the servers data using the API (openvpn TCP+UDP only for now): qdm12/gluetun@ab08a5e

Now I'm adding Wireguard.

[jvanderzande]

Just an FYI:
I've done a quick compare with a modified version of the posted php script, to compare the results from the local xml file with the Web Urls you posted.

• The ikev2 doesn't add any server so should be fine to skip.
• These are the differences:

===  Servers missing in the Weblist ======
0 Argentina ->  => ar-vr.jumptoserver.com
1 Belgium -> Brussel => bel-02.jumptoserver.com
2 Bulgaria -> Sofia => bg-02.jumptoserver.com
3 Colombia -> Streaming => clmb-pro.jumptoserver.com
4 Cyprus ->  => cy-nc.jumptoserver.com
5 Czech Republic -> Prague => cz-pro.jumptoserver.com
6 Denmark ->  => dk-pro.jumptoserver.com
7 Egypt -> Cairo => eg-cai.jumptoserver.com
8 France -> Streaming => fr2.jumptoserver.com
9 Georgia -> Tbilisi => ge-tb.jumptoserver.com
10 Germany -> Frankfurt => de-02.jumptoserver.com
11 Greece -> Athina => grc-pro.jumptoserver.com
12 Hong Kong -> Streaming => hk-stream.jumptoserver.com
13 Hungary -> Budapest => hng-pro.jumptoserver.com
14 Indonesia -> Jakarta => id-jk.jumptoserver.com
15 Ireland -> Dublin => ir-pro.jumptoserver.com
16 Netherlands -> D-VPN => us-dl-dbl.jumptoserver.com
17 Norway -> Oslo => nr-pro.jumptoserver.com
18 Poland -> Gdansk => pl-02.jumptoserver.com
19 Romania -> Bucharest => ro-02.jumptoserver.com
20 Serbia -> Belgrade => rs-pro.jumptoserver.com
21 Singapore -> Streaming => sg-pro.jumptoserver.com
22 Slovakia -> Bratislava => svk-pro.jumptoserver.com
23 Spain -> Streaming => es-stream.jumptoserver.com
24 Sweden -> Stockholm => se-02.jumptoserver.com
25 Switzerland -> Zurich => ch-02.jumptoserver.com
26 Turkey -> Istanbul => tr-ist.jumptoserver.com
27 USA ->  => us-wt-pro.jumptoserver.com
28 USA ->  => us-pl-pro.jumptoserver.com
29 USA ->  => us-tpa.jumptoserver.com
30 USA -> Buffalo => us-buf.jumptoserver.com
31 USA -> Chicago => us-ch-pro.jumptoserver.com
32 USA -> Florida => us-mia-pro.jumptoserver.com
33 USA -> Kansas City => us-kan.jumptoserver.com
34 USA -> Los Angeles => us-la-pro.jumptoserver.com
35 USA -> New York => us-ny2.jumptoserver.com
36 Vietnam -> Ha noi => vn-hn.jumptoserver.com


===  Servers missing in the XML Windows App list ======
-none-

[qdm12]

Nice 👍 I would suggest emailing fastestvpn so they add these servers on their website. It's also for their own good.
Because using their app to generate an xml file is really clumsy to do, everytime you want to update servers data, so I would avoid that. In the worst case scenario, I guess I could hardcode these few additional servers, but I would really ideally avoid that since it defeats the purpose of the automated update mechanism.

[jvanderzande]

I wouldn't worry about making it perfect. Just wanted to check if your approach would be close ... and I think it should be fine this way.

[qdm12]

qdm12/gluetun#2383 has code to support (hopefully) wireguard with FastestVPN. Quite a bit similar to @jvanderzande with more "guard rails" (aka foolproof settings) and an updated updating mechanism 😉
Can someone try it with image qmcgaw/gluetun:pr-2383? Feel free to comment on the PR directly as well!

[bijfy]

Feedback. Fastestvpn wuth wireguard is working awesome in gluetun. Thanks

[ksurl]

I tried the "contact support through the app" and it opened a link to a live chat. the support person told me to request config files by emailing [email protected]

[jvanderzande]

The app uses an API call to API.fastestvpn.com, but they do not seem to be publicly available as I can't find any documentation. Requestion a file doesn't sound the right approach to me. :-)
One other thing: does anybody know another approach for getting the private key? I initially found it by running the old windows client, which would create a temp wireguard config file during the active session, but since the last windows update, the wireguard config file only exists for a few seconds and is deleted after the wireguard client is started. I have a batch file to monitor for the file and copy it, but maybe there is a simpler way of retrieving it?

[ksurl]

Would you mind sharing it? Havent heard back from support yet

[jvanderzande]

Sure... Download and Open the linked file and look at the top for a description of what the batch file does.
Short description: Rename the file back to .bat, run it and do the steps as described in the opened CMD window.

=========================================================================================
Manual Steps before this script can copy your Wireguard settings for FastestVPN:
=========================================================================================
 - First you need to start the FastestVPN Windows client
 - Ensure the protocol is set to wireguard in: Settings/VPN Protocol/Disable Auto and Select Wireguard
 - Press "any key" in this window so the batchfile will start monitoring for: C:\Program Files\FastestVPN\Resources\data\FastestVPNWireGuard.conf
 - Start a vpn connection in the FastestVPN program
 - The batchscript should detect the creation of C:\Program Files\FastestVPN\Resources\data\FastestVPNWireGuard.conf and copy it to this script directory
Press any key to continue . . .

Updated batchfile:
FastestVPN_Get_wireguard_config.bat.txt

[jvanderzande]

@ksurl, did the script work for you? I haven't found another way yet to obtain my private key.
The other thing that is still required is to update the wiki page for FastestVPN to include the WireGuard support, which probably needs some info about obtaining this privatekey.

[ksurl]

@ksurl, did the script work for you? I haven't found another way yet to obtain my private key.

The other thing that is still required is to update the wiki page for FastestVPN to include the WireGuard support, which probably needs some info about obtaining this privatekey.

It did grab the config but it did not work. It shouldn't matter what server I connect to if it is different from the one I connected with the official client right? I did get an official config from support and that works. But obviously can't use more than once simultaneously with the same client ip.

[jvanderzande]

So what exactly was wrong/different using the batch file, just so I understand?

[ksurl]

The config was retrieved. When I tried to use it with gluetun it failed to connect. I will have to grab the error when I retry.

[jvanderzande]

The grabbed config will not work as that contains a hostname and gluetun works with IP adresses. The batch file output gives you the environment variables to use and you simply don't use any config file.
Something like this is shown:

-----------------------------------------------------------------------------------------
Use this data for your docker gluetun settings:
-----------------------------------------------------------------------------------------
    environment:
      - VPN_SERVICE_PROVIDER=fastestvpn
      - VPN_TYPE=wireguard
      - SERVER_COUNTRIES=##YourCountryOfChoice##
      - WIREGUARD_PRIVATE_KEY=0m-----------------------o
      - WIREGUARD_ADDRESSES=172.16.33.166/32
-- END --

[ksurl]

Yes, I only used the client ip address and private key. The other fields I used env as the wiki said

[ksurl]

here's the log after container startup:

2024-08-14T20:07:38-07:00 DEBUG [wireguard] Wireguard server public key: PUBLIC
2024-08-14T20:07:38-07:00 DEBUG [wireguard] Wireguard client private key: PRIVATE
2024-08-14T20:07:38-07:00 DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-08-14T20:07:38-07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-08-14T20:07:38-07:00 INFO [firewall] allowing VPN connection...
2024-08-14T20:07:38-07:00 DEBUG [firewall] iptables --append OUTPUT -d IP -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2024-08-14T20:07:38-07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-08-14T20:07:38-07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-08-14T20:07:38-07:00 INFO [wireguard] Using available kernelspace implementation
2024-08-14T20:07:38-07:00 INFO [wireguard] Connecting to IP:51820
2024-08-14T20:07:38-07:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-08-14T20:07:38-07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-08-14T20:07:48-07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-08-14T20:07:48-07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-14T20:07:48-07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-14T20:07:48-07:00 INFO [vpn] stopping
2024-08-14T20:07:48-07:00 DEBUG [wireguard] closing controller client...
2024-08-14T20:07:48-07:00 ERROR [vpn] getting public IP address information: context canceled
2024-08-14T20:07:48-07:00 DEBUG [wireguard] removing IPv4 rule...
2024-08-14T20:07:48-07:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled
2024-08-14T20:07:48-07:00 DEBUG [wireguard] shutting down link...
2024-08-14T20:07:48-07:00 DEBUG [wireguard] deleting link...
2024-08-14T20:07:48-07:00 INFO [vpn] starting

[jvanderzande]

2024-08-14T20:07:38-07:00 INFO [wireguard] Connecting to IP:51820

There is no IP address of the target VPN server in that line, but states "IP:"! No idea why that is, but should contain a proper ip address.
Also found an issue with retrieving the "PrivateKey = " in the batch file that I need to look at so you need to copy that manually from the "FastestVPNWireGuard.conf" for now.

This is my working Fastestvpn with gluetun yaml:

version: "3"
services:
  wireguard:
    container_name: wireguard
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=fastestvpn
      - VPN_TYPE=wireguard
      - SERVER_COUNTRIES=Belgium,France
      - WIREGUARD_ADDRESSES=172.16.33.166/32
      - WIREGUARD_PRIVATE_KEY=0m-----------------------o
    ports:
      - 8020:8000

    restart: unless-stopped

which gives this log:

└── Version settings:
    └── Enabled: yes
2024-08-15T07:46:16Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-08-15T07:46:16Z INFO [routing] adding route for 0.0.0.0/0
2024-08-15T07:46:16Z INFO [firewall] setting allowed subnets...
2024-08-15T07:46:16Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-08-15T07:46:16Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-08-15T07:46:16Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-08-15T07:46:16Z INFO [http server] http server listening on [::]:8000
2024-08-15T07:46:16Z INFO [firewall] allowing VPN connection...
2024-08-15T07:46:16Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-08-15T07:46:16Z INFO [wireguard] Using available kernelspace implementation
2024-08-15T07:46:16Z INFO [wireguard] Connecting to 146.70.40.99:51820
2024-08-15T07:46:16Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-08-15T07:46:16Z INFO [healthcheck] healthy!
2024-08-15T07:46:16Z INFO [dns] downloading DNS over TLS cryptographic files
2024-08-15T07:46:17Z INFO [dns] downloading hostnames and IP block lists
2024-08-15T07:46:22Z INFO [dns] init module 0: validator
2024-08-15T07:46:22Z INFO [dns] init module 1: iterator
2024-08-15T07:46:22Z INFO [dns] start of service (unbound 1.20.0).
2024-08-15T07:46:22Z INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-15T07:46:22Z INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-15T07:46:23Z INFO [dns] ready
2024-08-15T07:46:23Z INFO [ip getter] Public IP address is 146.70.40.99 (France, Île-de-France, Saint-Denis)
2024-08-15T07:46:24Z INFO [vpn] You are running on the bleeding edge of latest!

[ksurl]

I redacted the ip and key. I did copy from conf file. I will double check settings and retry.

[jvanderzande]

The IP is retrieved from the servers.json, so the whole idea is that you only specify Country and/or City name and gluetun will do the rest. Of course you also need the othe env variables as I have shown, which I believe are all the required fields.

[jvanderzande]

I've updated the batch file to show the proper full PrivateKey. Let me know if this works or still needs changes.
FastestVPN_Get_wireguard_config.bat.txt

[ksurl]

I just retried after it grabbed a new key and ip and it works now.

[qdm12]

Whoops I skipped this.

This was implemented and added to the wiki 2 weeks ago 😄 in commit 62a2951

[github-actions]

Closed issues are NOT monitored, so commenting here will NOT be seen by the maintainer.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because qdm12 is the sole maintainer of this project which became too popular to monitor closed issues for additional comments.

[qdm12]

Whoops 2, I guess I closed this too quickly. I've documented in the wiki fastestvpn page to ask [email protected] for your wireguard settings. That way it indirectly forces them to automate obtaining it for future users 👼 😈

@ksurl did you get any feedback?

@jvanderzande I appreciate the bat script 👍 🎖️ But that requires a windows machine, the fastestvpn app as well, so not super portable, I feel like sending an email is easier 😄 Perhaps worth mentioning if fastestvpn doesn't want to let us automate the obtention of the config file though.

[ksurl]

Whoops 2, I guess I closed this too quickly. I've documented in the wiki fastestvpn page to ask [email protected] for your wireguard settings. That way it indirectly forces them to automate obtaining it for future users 👼 😈

@ksurl did you get any feedback?

@jvanderzande I appreciate the bat script 👍 🎖️ But that requires a windows machine, the fastestvpn app as well, so not super portable, I feel like sending an email is easier 😄 Perhaps worth mentioning if fastestvpn doesn't want to let us automate the obtention of the config file though.

What feedback did you mean? From support? They did send me a file. As for the script, it wouldn't be hard to write a bash script for linux and mac clients, but yes it seems it's the only way to get a config without support currently. It just checks for the file existing and copies it before deletion. Pretty straightforward.

[qdm12]

What feedback did you mean? From support?

Oh my bad, I thought you asked about api.fastestvpn.com. It's 4:40AM here, that's probably why 😆
I'll send them an email; about this, what auth do you use to log in on the fastestvpn app? Just email+password?

As for the script, it wouldn't be hard to write a bash script for linux and mac clients, but yes it seems it's the only way to get a config without support currently. It just checks for the file existing and copies it before deletion. Pretty straightforward.

Call me lazy 😄 But I would rather send them an email and wait for a reply the next day!

[ksurl]

yes email and password. it's unclear if you ask for a new one if you use more than 1 instance of gluetun it would invalidate the previous config.

[qdm12]

Sent the email 😉

[jvanderzande]

@jvanderzande I appreciate the bat script 👍 🎖️ But that requires a windows machine, the fastestvpn app as well, so not super portable, I feel like sending an email is easier 😄 Perhaps worth mentioning if fastestvpn doesn't want to let us automate the obtention of the config file though.

Agree, and I actually was making a pull-req proposal to indicates the 2 options in that sequence. I simply shared what I had done for myself, as it wasn't clear at the time that their support would share the required info.

[qdm12]

their support would share the required info.

Well indeed, they replied:

Thanks for reaching out, At the moment the feature is not available and may added in the future, moreover, the private key and address are unique for each user.

🤷

[jvanderzande]

Thanks for reaching out, At the moment the feature is not available and may added in the future, moreover, the private key and address are unique for each user.

Is his answer about multiple connections?
I can make multiple connections with the same userkey, from multi devices and/or different client applications, but need to use different VPN Countries/Locations, which could be due to the fact that the assigned IP address is linked to this key and assume you can have only one in a VPN concentrator.

[ksurl]

it seems after several reconnections (due to host or container reboot), the key is invalidated. I lose network connection and no matter how many restarts it never connects. I confirmed getting a new key with the script still works. I think this also happens on vpn unlimited but on a much stricter limit.