search

bubuntux / nordlynx

GNU General Public License v3.0
192 stars 43 forks source link

Connected but unhealthy #88

Closed krusse closed 1 year ago

krusse commented 1 year ago

Describe the bug

Connection successful, but shows as unhealthy immediately. All dependent containers won't connect. Has been working for the last year until this week.

To Reproduce using docker-compose

docker-compose.yml

version: '3.7'

networks:
  default:
    driver: bridge

services:
  nordlynx:
    image: ghcr.io/bubuntux/nordlynx
    container_name: nordlynx
    network_mode: bridge
    cap_add:
      - NET_ADMIN #required
    environment:
      - PRIVATE_KEY=${VPN_KEY} #required
      - NET_LOCAL=192.168.6.0/24
      - ALLOWED_IPS=0.0.0.0/0
      - TZ=${TZ}
    ports:
      - 8080:8080 #qbittorrent
      - 6881:6881
      - 6881:6881/udp
      - 3001:3000 #flood
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

Expected behavior

Connected and healthy.

Logs

No errors.

s6-rc: info: service s6rc-oneshot-runner: starting
s6-rc: info: service s6rc-oneshot-runner successfully started
s6-rc: info: service fix-attrs: starting
s6-rc: info: service 00-legacy: starting
s6-rc: info: service 00-legacy successfully started
s6-rc: info: service fix-attrs successfully started
s6-rc: info: service legacy-cont-init: starting
cont-init: info: running /etc/cont-init.d/00-firewall
cont-init: info: /etc/cont-init.d/00-firewall exited 0
cont-init: info: running /etc/cont-init.d/01-envfile
[2022-07-27T20:47:30+00:00] Firewall is up, everything has to go through the vpn
cont-init: info: /etc/cont-init.d/01-envfile exited 0
cont-init: info: running /etc/cont-init.d/01-migrations
cont-init: info: /etc/cont-init.d/01-migrations exited 0
cont-init: info: running /etc/cont-init.d/02-tamper-check
[migrations] started
[migrations] no migrations found
cont-init: info: /etc/cont-init.d/02-tamper-check exited 0
cont-init: info: running /etc/cont-init.d/10-adduser
usermod: no changes

-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/

Brought to you by linuxserver.io
-------------------------------------

To support the app dev(s) visit:
Bubuntux: https://github.com/sponsors/bubuntux
WireGuard: https://www.wireguard.com/donations/
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------

User uid:    911
User gid:    911
-------------------------------------

cont-init: info: /etc/cont-init.d/10-adduser exited 0
cont-init: info: running /etc/cont-init.d/10-validate
cont-init: info: /etc/cont-init.d/10-validate exited 0
cont-init: info: running /etc/cont-init.d/20-inet
[2022-07-27T20:47:30+00:00] Enabling connection to eth0 172.17.0.2/16
[2022-07-27T20:47:31+00:00] Enabling connection to secure interfaces
cont-init: info: /etc/cont-init.d/20-inet exited 0
cont-init: info: running /etc/cont-init.d/20-inet6
cont-init: info: /etc/cont-init.d/20-inet6 exited 0
cont-init: info: running /etc/cont-init.d/30-route
[2022-07-27T20:47:31+00:00] No interface network6 detected
[2022-07-27T16:47:31-04:00] Enabling connection to network 192.168.6.0/24
cont-init: info: /etc/cont-init.d/30-route exited 0
cont-init: info: running /etc/cont-init.d/30-route6
cont-init: info: /etc/cont-init.d/30-route6 exited 0
cont-init: info: running /etc/cont-init.d/40-allowlist
cont-init: info: /etc/cont-init.d/40-allowlist exited 0
cont-init: info: running /etc/cont-init.d/90-custom-folders
cont-init: info: /etc/cont-init.d/90-custom-folders exited 0
cont-init: info: running /etc/cont-init.d/99-custom-files
[custom-init] no custom files found exiting...
cont-init: info: /etc/cont-init.d/99-custom-files exited 0
s6-rc: info: service legacy-cont-init successfully started
s6-rc: info: service legacy-services: starting
services-up: info: copying legacy longrun wireguard (no readiness notification)
s6-rc: info: service legacy-services successfully started
s6-rc: info: service 99-ci-service-check: starting
[ls.io-init] done.
s6-rc: info: service 99-ci-service-check successfully started
[2022-07-27T16:47:31-04:00] Finding the best server...
[2022-07-27T16:47:32-04:00] Using server: {
  "id": 990359,
  "created_at": "2022-06-01 12:29:45",
  "updated_at": "2022-07-27 20:45:18",
  "name": "Canada #1658",
  "station": "153.92.40.132",
  "ipv6_station": "",
  "hostname": "ca1658.nordvpn.com",
  "load": 6,
  "status": "online",
  "cpt": 0,
  "locations": [
    {
      "id": 269,
      "created_at": "2017-06-15 14:06:47",
      "updated_at": "2017-06-15 14:06:47",
      "latitude": 43.666667,
      "longitude": -79.416667,
      "country": {
        "id": 38,
        "name": "Canada",
        "code": "CA",
        "city": {
          "id": 1054250,
          "name": "Toronto",
          "latitude": 43.666667,
          "longitude": -79.416667,
          "dns_name": "toronto",
          "hub_score": 0
        }
      }
    }
  ],
  "groups": [
    {
      "id": 11,
      "created_at": "2017-06-13 13:43:00",
      "updated_at": "2017-06-13 13:43:00",
      "title": "Standard VPN servers",
      "identifier": "legacy_standard",
      "type": {
        "id": 3,
        "created_at": "2017-06-13 13:40:17",
        "updated_at": "2017-06-13 13:40:23",
        "title": "Legacy category",
        "identifier": "legacy_group_category"
      }
    },
    {
      "id": 15,
      "created_at": "2017-06-13 13:43:38",
      "updated_at": "2017-06-13 13:43:38",
      "title": "P2P",
      "identifier": "legacy_p2p",
      "type": {
        "id": 3,
        "created_at": "2017-06-13 13:40:17",
        "updated_at": "2017-06-13 13:40:23",
        "title": "Legacy category",
        "identifier": "legacy_group_category"
      }
    },
    {
      "id": 21,
      "created_at": "2017-10-27 14:23:03",
      "updated_at": "2017-10-30 08:09:48",
      "title": "The Americas",
      "identifier": "the_americas",
      "type": {
        "id": 5,
        "created_at": "2017-10-27 14:16:30",
        "updated_at": "2017-10-27 14:16:30",
        "title": "Regions",
        "identifier": "regions"
      }
    }
  ],
  "specifications": [
    {
      "id": 8,
      "title": "Version",
      "identifier": "version",
      "values": [
        {
          "id": 257,
          "value": "2.1.0"
        }
      ]
    }
  ],
  "ips": [
    {
      "id": 573215,
      "created_at": "2022-06-03 05:42:01",
      "updated_at": "2022-06-03 05:42:01",
      "server_id": 990359,
      "ip_id": 10075118,
      "type": "entry",
      "ip": {
        "id": 10075118,
        "ip": "153.92.40.132",
        "version": 4
      }
    }
  ]
}
[2022-07-27T16:47:33-04:00] Connecting...
[#]
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.5.0.2/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] iptables-restore -n
[#]
[2022-07-27T16:47:34-04:00] Connected! \(ᵔᵕᵔ)/

Additional context

krusse commented 1 year ago

It looks like my private key had changed. Updating that fixed the issue.

Why would it be connected with an outdated private key or why is there no indication that the key is wrong?

Anyway, issue solved.

Ownlt commented 1 year ago

I have the same issue : connected but the container is unhealthy. I can't ping google.com, I can't curl ifconfig.io and qbittorrent container can't connect.

arkandias commented 1 year ago

I had the same issue (connected but unhealthy--actually no data received at all from the server). After spending a lot of time trying to work this out, I realized my NordVPN subscription had expired a few days ago... 🤦