search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.03k stars 371 forks source link

Bug: Sequence complete, Healthy, then Unhealthy, Restarting VPN, Sequence complete and afterwards Healthy again #1017

Closed frepke closed 6 months ago

frepke commented 2 years ago

Is this urgent?

No

Host OS

Debian Bullseye

CPU arch

x86_64

VPN service provider

Surfshark

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2022-06-06T18:13:11.996Z (commit 5359257)

What's the problem πŸ€”

Sequence complete, Healthy, then Unhealthy, Restarting VPN, Sequence complete, and afterwards Healthy again

Share your logs

gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1 and assigned IP 172.18.0.2
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip rule add from 172.18.0.2/32 lookup 200 pref 100
gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] adding route for 0.0.0.0/0
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
gluetun  | 2022-06-07T09:08:35+02:00 INFO [firewall] setting allowed subnets...
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.18.0.2 -d 10.54.1.0/24 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1 and assigned IP 172.18.0.2
gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] adding route for 10.54.1.0/24
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip route replace 10.54.1.0/24 via 172.18.0.1 dev eth0 table 199
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip rule add to 10.54.1.0/24 lookup 199 pref 99
gluetun  | 2022-06-07T09:08:35+02:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
gluetun  | 2022-06-07T09:08:35+02:00 INFO [pprof] http server listening on [::]:6060
gluetun  | 2022-06-07T09:08:35+02:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
gluetun  | 2022-06-07T09:08:35+02:00 INFO [http proxy] listening on :8888
gluetun  | 2022-06-07T09:08:35+02:00 INFO [http server] http server listening on [::]:8000
gluetun  | 2022-06-07T09:08:35+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun  | 2022-06-07T09:08:35+02:00 INFO [shadowsocks] listening TCP on :8388
gluetun  | 2022-06-07T09:08:35+02:00 INFO [shadowsocks] listening UDP on :8388
gluetun  | 2022-06-07T09:08:35+02:00 INFO [firewall] allowing VPN connection...
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] iptables --append OUTPUT -d 178.239.173.43 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
gluetun  | 2022-06-07T09:08:35+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]178.239.173.43:1443 [nonblock]
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP connection established with [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound)
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:36+02:00 INFO [openvpn] [nl-ams-v126.prod.surfshark.com] Peer Connection Initiated with [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:37+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6)
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.3/24
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] UID set to nonrootuser
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] Initialization Sequence Completed
gluetun  | 2022-06-07T09:08:37+02:00 INFO [dns over tls] downloading DNS over TLS cryptographic files
gluetun  | 2022-06-07T09:08:37+02:00 INFO [healthcheck] healthy!
gluetun  | 2022-06-07T09:08:38+02:00 INFO [dns over tls] downloading hostnames and IP block lists
gluetun  | 2022-06-07T09:08:42+02:00 INFO [healthcheck] unhealthy: cannot dial: dial tcp4: lookup cloudflare.com on 127.0.0.1:53: read udp 127.0.0.1:34363->127.0.0.1:53: read: connection refused
gluetun  | 2022-06-07T09:08:50+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun  | 2022-06-07T09:08:50+02:00 INFO [vpn] stopping
gluetun  | 2022-06-07T09:08:50+02:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
gluetun  | 2022-06-07T09:08:50+02:00 INFO [vpn] starting
gluetun  | 2022-06-07T09:08:50+02:00 INFO [firewall] allowing VPN connection...
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --delete OUTPUT -d 178.239.173.43 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --append OUTPUT -d 89.46.223.212 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:51+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
gluetun  | 2022-06-07T09:08:51+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]89.46.223.212:1443 [nonblock]
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP connection established with [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound)
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] [nl-ams-v039.prod.surfshark.com] Peer Connection Initiated with [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] init module 0: validator
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] init module 1: iterator
gluetun  | 2022-06-07T09:08:52+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6)
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.15/24
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] UID set to nonrootuser
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] Initialization Sequence Completed
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] start of service (unbound 1.15.0).
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] ready
gluetun  | 2022-06-07T09:08:52+02:00 INFO [healthcheck] healthy!

Share your configuration

version: "3.7"

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8000:8000/tcp   #HTTP control server
      - 8888:8888/tcp   #HTTPproxy
      - 8388:8388/tcp   #shadowsocks
      - 8388:8388/udp   #shadowsocks
    volumes:
      - /dockercfg/gluetun:/gluetun
    secrets:
      - openvpn_user
      - openvpn_password
      - httpproxy_username
      - httpproxy_password
      - shadowsocks_password
    environment:
    # OPENVPN
      - VPN_SERVICE_PROVIDER=surfshark
      - OPENVPN_VERSION=2.5
      - OPENVPN_PROTOCOL=tcp
      - OPENVPN_VERBOSITY=1
      - OPENVPN_PROCESS_USER=no
    # Surfshark
      - SERVER_COUNTRIES=Netherlands
    # DNS over TLS
      - DOT=on
      - DOT_PROVIDERS=cloudflare
      - DOT_CACHING=on
      - DOT_IPV6=off
      - DOT_PRIVATE_ADDRESS=
      - DOT_VERBOSITY=1
      - DOT_VERBOSITY_DETAILS=0
      - DOT_VALIDATION_LOGLEVEL=0
      - DNS_UPDATE_PERIOD=24h
      - BLOCK_MALICIOUS=on
      - BLOCK_SURVEILLANCE=off
      - BLOCK_ADS=off
      - UNBLOCK=
      - DNS_KEEP_NAMESERVER=off
    # Firewall
      - FIREWALL=on
      - FIREWALL_DEBUG=on
      - FIREWALL_OUTBOUND_SUBNETS=10.54.1.0/24
    # Shadowsocks
      - SHADOWSOCKS=on
      - SHADOWSOCKS_LOG=off
      - SHADOWSOCKS_LISTENING_ADDRESS=:8388
      - SHADOWSOCKS_CIPHER=chacha20-ietf-poly1305
    # HTTPproxy
      - HTTPPROXY=on
      - HTTPPROXY_LOG=on
      - HTTPPROXY_LISTENING_ADDRESS=:8888
      - HTTPPROXY_STEALTH=on
    # System
      - TZ=Europe/Amsterdam
      - PUID=1000
      - PGID=100
    # HTTP Control server
      - HTTP_CONTROL_SERVER_ADDRESS=:8000
      - HTTP_CONTROL_SERVER_LOG=on
    # Other
      - PUBLICIP_PERIOD=12h
      - VERSION_INFORMATION=on
      - UPDATER_PERIOD=24h
    restart: unless-stopped
qdm12 commented 2 years ago

This can happen occasionally see https://github.com/qdm12/gluetun/wiki/Healthcheck#internal-healthcheck

we tcp dial cloudflare.com:443 and sometimes this can fail and that's fine.

Does this happen every time or is it a one off issue?

frepke commented 2 years ago

It does happen every time the last 10 times I've checked, I don't create an issue for an one off issue :)

qdm12 commented 2 years ago

Does it happen consistently on latest but not v3.29.0?

frepke commented 2 years ago

I checked it a few times in v3.29.0, here the error also exists

Gluetun v.3.29.0 Log ```gluetun | ======================================== gluetun | ======================================== gluetun | =============== gluetun ================ gluetun | ======================================== gluetun | =========== Made with ❀️ by ============ gluetun | ======= https://github.com/qdm12 ======= gluetun | ======================================== gluetun | ======================================== gluetun | gluetun | Running version v3.29.0 built on 2022-05-11T23:16:02.058Z (commit e32d251) gluetun | gluetun | πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new gluetun | πŸ› Bug? https://github.com/qdm12/gluetun/issues/new gluetun | ✨ New feature? https://github.com/qdm12/gluetun/issues/new gluetun | β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new gluetun | πŸ’» Email? quentin.mcgaw@gmail.com gluetun | πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12 gluetun | 2022-06-10T09:39:43+02:00 INFO [routing] default route found: interface eth0, gateway 172.24.0.1 and assigned IP 172.24.0.2 gluetun | 2022-06-10T09:39:43+02:00 INFO [routing] local ethernet link found: eth0 gluetun | 2022-06-10T09:39:43+02:00 INFO [routing] local ipnet found: 172.24.0.0/16 gluetun | 2022-06-10T09:39:43+02:00 INFO [firewall] enabling... gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --policy INPUT DROP gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --policy OUTPUT DROP gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --policy FORWARD DROP gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] ip6tables-nft --policy INPUT DROP gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] ip6tables-nft --policy OUTPUT DROP gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] ip6tables-nft --policy FORWARD DROP gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] ip6tables-nft --append INPUT -i lo -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o lo -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] ip6tables-nft --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.24.0.2 -d 172.24.0.0/16 -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.24.0.0/16 -j ACCEPT gluetun | 2022-06-10T09:39:43+02:00 INFO [firewall] enabled successfully gluetun | 2022-06-10T09:39:44+02:00 INFO [storage] merging by most recent 11416 hardcoded servers and 11190 servers read from /gluetun/servers.json gluetun | 2022-06-10T09:39:44+02:00 INFO [storage] Using ipvanish servers from file which are 6941h48m27s more recent gluetun | 2022-06-10T09:39:44+02:00 INFO [storage] Using privatevpn servers from file which are 917h25m11s more recent gluetun | 2022-06-10T09:39:44+02:00 INFO [storage] Using protonvpn servers from file which are 1152h44m21s more recent gluetun | 2022-06-10T09:39:44+02:00 INFO [storage] Using purevpn servers from file which are 1530h43m15s more recent gluetun | 2022-06-10T09:39:44+02:00 INFO [storage] Using surfshark servers from file which are 6974h58m35s more recent gluetun | 2022-06-10T09:39:45+02:00 INFO Alpine version: 3.15.4 gluetun | 2022-06-10T09:39:45+02:00 INFO OpenVPN 2.4 version: 2.4.12 gluetun | 2022-06-10T09:39:45+02:00 INFO OpenVPN 2.5 version: 2.5.6 gluetun | 2022-06-10T09:39:45+02:00 INFO Unbound version: 1.13.2 gluetun | 2022-06-10T09:39:45+02:00 INFO IPtables version: v1.8.7 gluetun | 2022-06-10T09:39:45+02:00 INFO Settings summary: gluetun | β”œβ”€β”€ VPN settings: gluetun | | β”œβ”€β”€ VPN provider settings: gluetun | | | β”œβ”€β”€ Name: surfshark gluetun | | | └── Server selection settings: gluetun | | | β”œβ”€β”€ VPN type: openvpn gluetun | | | β”œβ”€β”€ Countries: netherlands gluetun | | | └── OpenVPN server selection settings: gluetun | | | └── Protocol: TCP gluetun | | └── OpenVPN settings: gluetun | | β”œβ”€β”€ OpenVPN version: 2.5 gluetun | | β”œβ”€β”€ User: [set] gluetun | | β”œβ”€β”€ Password: [set] gluetun | | β”œβ”€β”€ Tunnel IPv6: no gluetun | | β”œβ”€β”€ Network interface: tun0 gluetun | | β”œβ”€β”€ Run OpenVPN as: no gluetun | | └── Verbosity level: 1 gluetun | β”œβ”€β”€ DNS settings: gluetun | | β”œβ”€β”€ DNS server address to use: 127.0.0.1 gluetun | | β”œβ”€β”€ Keep existing nameserver(s): no gluetun | | └── DNS over TLS settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Update period: every 24h0m0s gluetun | | β”œβ”€β”€ Unbound settings: gluetun | | | β”œβ”€β”€ Authoritative servers: gluetun | | | | └── cloudflare gluetun | | | β”œβ”€β”€ Caching: yes gluetun | | | β”œβ”€β”€ IPv6: no gluetun | | | β”œβ”€β”€ Verbosity level: 1 gluetun | | | β”œβ”€β”€ Verbosity details level: 0 gluetun | | | β”œβ”€β”€ Validation log level: 0 gluetun | | | β”œβ”€β”€ System user: root gluetun | | | └── Allowed networks: gluetun | | | β”œβ”€β”€ 0.0.0.0/0 gluetun | | | └── ::/0 gluetun | | └── DNS filtering settings: gluetun | | β”œβ”€β”€ Block malicious: yes gluetun | | β”œβ”€β”€ Block ads: no gluetun | | └── Block surveillance: no gluetun | β”œβ”€β”€ Firewall settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Debug mode: on gluetun | | └── Outbound subnets: gluetun | | └── {10.54.1.0 ffffff00} gluetun | β”œβ”€β”€ Log settings: gluetun | | └── Log level: INFO gluetun | β”œβ”€β”€ Health settings: gluetun | | β”œβ”€β”€ Server listening address: 127.0.0.1:9999 gluetun | | β”œβ”€β”€ Target address: cloudflare.com:443 gluetun | | └── VPN wait durations: gluetun | | β”œβ”€β”€ Initial duration: 6s gluetun | | └── Additional duration: 5s gluetun | β”œβ”€β”€ Shadowsocks server settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Listening address: :8388 gluetun | | β”œβ”€β”€ Cipher: chacha20-ietf-poly1305 gluetun | | β”œβ”€β”€ Password: [set] gluetun | | └── Log addresses: no gluetun | β”œβ”€β”€ HTTP proxy settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Listening address: :8888 gluetun | | β”œβ”€β”€ User: gluetun | | β”œβ”€β”€ Password: [not set] gluetun | | β”œβ”€β”€ Stealth mode: yes gluetun | | └── Log: yes gluetun | β”œβ”€β”€ Control server settings: gluetun | | β”œβ”€β”€ Listening address: :8000 gluetun | | └── Logging: yes gluetun | β”œβ”€β”€ OS Alpine settings: gluetun | | β”œβ”€β”€ Process UID: 1000 gluetun | | β”œβ”€β”€ Process GID: 100 gluetun | | └── Timezone: Europe/Amsterdam gluetun | β”œβ”€β”€ Public IP settings: gluetun | | β”œβ”€β”€ Fetching: every 12h0m0s gluetun | | └── IP file path: /tmp/gluetun/ip gluetun | β”œβ”€β”€ Server data updater settings: gluetun | | β”œβ”€β”€ Update period: 24h0m0s gluetun | | β”œβ”€β”€ DNS address: 1.1.1.1 gluetun | | └── Providers to update: surfshark gluetun | └── Version settings: gluetun | └── Enabled: yes gluetun | 2022-06-10T09:39:45+02:00 INFO [routing] default route found: interface eth0, gateway 172.24.0.1 and assigned IP 172.24.0.2 gluetun | 2022-06-10T09:39:45+02:00 DEBUG [routing] ip rule add from 172.24.0.2/32 lookup 200 pref 100 gluetun | 2022-06-10T09:39:45+02:00 INFO [routing] adding route for 0.0.0.0/0 gluetun | 2022-06-10T09:39:45+02:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.24.0.1 dev eth0 table 200 gluetun | 2022-06-10T09:39:45+02:00 INFO [firewall] setting allowed subnets... gluetun | 2022-06-10T09:39:45+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.24.0.2 -d 10.54.1.0/24 -j ACCEPT gluetun | 2022-06-10T09:39:45+02:00 INFO [routing] default route found: interface eth0, gateway 172.24.0.1 and assigned IP 172.24.0.2 gluetun | 2022-06-10T09:39:45+02:00 INFO [routing] adding route for 10.54.1.0/24 gluetun | 2022-06-10T09:39:45+02:00 DEBUG [routing] ip route replace 10.54.1.0/24 via 172.24.0.1 dev eth0 table 199 gluetun | 2022-06-10T09:39:45+02:00 DEBUG [routing] ip rule add to 10.54.1.0/24 lookup 199 pref 99 gluetun | 2022-06-10T09:39:45+02:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it... gluetun | 2022-06-10T09:39:45+02:00 INFO [pprof] http server listening on [::]:6060 gluetun | 2022-06-10T09:39:45+02:00 INFO [http server] http server listening on [::]:8000 gluetun | 2022-06-10T09:39:45+02:00 INFO [firewall] allowing VPN connection... gluetun | 2022-06-10T09:39:45+02:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1 gluetun | 2022-06-10T09:39:45+02:00 INFO [http proxy] listening on :8888 gluetun | 2022-06-10T09:39:45+02:00 INFO [healthcheck] listening on 127.0.0.1:9999 gluetun | 2022-06-10T09:39:45+02:00 DEBUG [firewall] iptables --append OUTPUT -d 81.19.209.51 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT gluetun | 2022-06-10T09:39:45+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:39:45+02:00 INFO [shadowsocks] listening TCP on :8388 gluetun | 2022-06-10T09:39:45+02:00 INFO [shadowsocks] listening UDP on :8388 gluetun | 2022-06-10T09:39:45+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022 gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 gluetun | 2022-06-10T09:39:45+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]81.19.209.51:1443 gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]81.19.209.51:1443 [nonblock] gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] TCP connection established with [AF_INET]81.19.209.51:1443 gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound) gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]81.19.209.51:1443 gluetun | 2022-06-10T09:39:45+02:00 INFO [openvpn] [nl-ams-st001.prod.surfshark.com] Peer Connection Initiated with [AF_INET]81.19.209.51:1443 gluetun | 2022-06-10T09:39:46+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6) gluetun | 2022-06-10T09:39:46+02:00 INFO [openvpn] TUN/TAP device tun0 opened gluetun | 2022-06-10T09:39:46+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500 gluetun | 2022-06-10T09:39:46+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up gluetun | 2022-06-10T09:39:46+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.17/24 gluetun | 2022-06-10T09:39:46+02:00 INFO [openvpn] UID set to nonrootuser gluetun | 2022-06-10T09:39:46+02:00 INFO [openvpn] Initialization Sequence Completed gluetun | 2022-06-10T09:39:46+02:00 INFO [dns over tls] downloading DNS over TLS cryptographic files gluetun | 2022-06-10T09:39:47+02:00 INFO [healthcheck] healthy! gluetun | 2022-06-10T09:39:47+02:00 INFO [dns over tls] downloading hostnames and IP block lists gluetun | 2022-06-10T09:39:52+02:00 INFO [healthcheck] unhealthy: cannot dial: dial tcp4: lookup cloudflare.com on 127.0.0.1:53: read udp 127.0.0.1:46297->127.0.0.1:53: read: connection refused gluetun | 2022-06-10T09:40:00+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN gluetun | 2022-06-10T09:40:00+02:00 INFO [vpn] stopping gluetun | 2022-06-10T09:40:00+02:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled gluetun | 2022-06-10T09:40:00+02:00 INFO [vpn] starting gluetun | 2022-06-10T09:40:00+02:00 INFO [firewall] allowing VPN connection... gluetun | 2022-06-10T09:40:00+02:00 DEBUG [firewall] iptables --delete OUTPUT -d 81.19.209.51 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT gluetun | 2022-06-10T09:40:00+02:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:40:00+02:00 DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:40:00+02:00 DEBUG [firewall] iptables --append OUTPUT -d 89.46.223.104 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT gluetun | 2022-06-10T09:40:00+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:40:00+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022 gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 gluetun | 2022-06-10T09:40:00+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]89.46.223.104:1443 gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]89.46.223.104:1443 [nonblock] gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] TCP connection established with [AF_INET]89.46.223.104:1443 gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound) gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]89.46.223.104:1443 gluetun | 2022-06-10T09:40:00+02:00 INFO [openvpn] [nl-ams-v049.prod.surfshark.com] Peer Connection Initiated with [AF_INET]89.46.223.104:1443 gluetun | 2022-06-10T09:40:00+02:00 INFO [dns over tls] init module 0: validator gluetun | 2022-06-10T09:40:00+02:00 INFO [dns over tls] init module 1: iterator gluetun | 2022-06-10T09:40:01+02:00 INFO [dns over tls] start of service (unbound 1.13.2). gluetun | 2022-06-10T09:40:01+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6) gluetun | 2022-06-10T09:40:01+02:00 INFO [openvpn] TUN/TAP device tun0 opened gluetun | 2022-06-10T09:40:01+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500 gluetun | 2022-06-10T09:40:01+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up gluetun | 2022-06-10T09:40:01+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.6/24 gluetun | 2022-06-10T09:40:01+02:00 INFO [openvpn] UID set to nonrootuser gluetun | 2022-06-10T09:40:01+02:00 INFO [openvpn] Initialization Sequence Completed gluetun | 2022-06-10T09:40:04+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN gluetun | 2022-06-10T09:40:04+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN gluetun | 2022-06-10T09:40:04+02:00 INFO [dns over tls] ready gluetun | 2022-06-10T09:40:04+02:00 INFO [healthcheck] healthy!
frepke commented 2 years ago

But for now, the latest-logs look a bit different. Healthy and Unhealthy still exists, but there's no VPN stopping/starting anymore

Gluetun Latest Log ```gluetun | ======================================== gluetun | ======================================== gluetun | =============== gluetun ================ gluetun | ======================================== gluetun | =========== Made with ❀️ by ============ gluetun | ======= https://github.com/qdm12 ======= gluetun | ======================================== gluetun | ======================================== gluetun | gluetun | Running version latest built on 2022-06-09T23:51:29.642Z (commit ebd9472) gluetun | gluetun | πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new gluetun | πŸ› Bug? https://github.com/qdm12/gluetun/issues/new gluetun | ✨ New feature? https://github.com/qdm12/gluetun/issues/new gluetun | β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new gluetun | πŸ’» Email? quentin.mcgaw@gmail.com gluetun | πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12 gluetun | 2022-06-10T09:49:49+02:00 INFO [routing] default route found: interface eth0, gateway 172.26.0.1 and assigned IP 172.26.0.2 gluetun | 2022-06-10T09:49:49+02:00 INFO [routing] local ethernet link found: eth0 gluetun | 2022-06-10T09:49:49+02:00 INFO [routing] local ipnet found: 172.26.0.0/16 gluetun | 2022-06-10T09:49:49+02:00 INFO [firewall] enabling... gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --policy INPUT DROP gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --policy OUTPUT DROP gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --policy FORWARD DROP gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] ip6tables-nft --policy INPUT DROP gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] ip6tables-nft --policy OUTPUT DROP gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] ip6tables-nft --policy FORWARD DROP gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] ip6tables-nft --append INPUT -i lo -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o lo -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] ip6tables-nft --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.26.0.2 -d 172.26.0.0/16 -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.26.0.0/16 -j ACCEPT gluetun | 2022-06-10T09:49:49+02:00 INFO [firewall] enabled successfully gluetun | 2022-06-10T09:49:51+02:00 INFO [storage] merging by most recent 11233 hardcoded servers and 11234 servers read from /gluetun/servers.json gluetun | 2022-06-10T09:49:51+02:00 INFO [storage] Using surfshark servers from file which are 101h48m4s more recent gluetun | 2022-06-10T09:49:51+02:00 INFO Alpine version: 3.16.0 gluetun | 2022-06-10T09:49:51+02:00 INFO OpenVPN 2.4 version: 2.4.12 gluetun | 2022-06-10T09:49:51+02:00 INFO OpenVPN 2.5 version: 2.5.6 gluetun | 2022-06-10T09:49:51+02:00 INFO Unbound version: 1.15.0 gluetun | 2022-06-10T09:49:51+02:00 INFO IPtables version: v1.8.8 gluetun | 2022-06-10T09:49:51+02:00 INFO Settings summary: gluetun | β”œβ”€β”€ VPN settings: gluetun | | β”œβ”€β”€ VPN provider settings: gluetun | | | β”œβ”€β”€ Name: surfshark gluetun | | | └── Server selection settings: gluetun | | | β”œβ”€β”€ VPN type: openvpn gluetun | | | β”œβ”€β”€ Countries: netherlands gluetun | | | └── OpenVPN server selection settings: gluetun | | | └── Protocol: TCP gluetun | | └── OpenVPN settings: gluetun | | β”œβ”€β”€ OpenVPN version: 2.5 gluetun | | β”œβ”€β”€ User: [set] gluetun | | β”œβ”€β”€ Password: [set] gluetun | | β”œβ”€β”€ Tunnel IPv6: no gluetun | | β”œβ”€β”€ Network interface: tun0 gluetun | | β”œβ”€β”€ Run OpenVPN as: no gluetun | | └── Verbosity level: 1 gluetun | β”œβ”€β”€ DNS settings: gluetun | | β”œβ”€β”€ DNS server address to use: 127.0.0.1 gluetun | | β”œβ”€β”€ Keep existing nameserver(s): no gluetun | | └── DNS over TLS settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Update period: every 24h0m0s gluetun | | β”œβ”€β”€ Unbound settings: gluetun | | | β”œβ”€β”€ Authoritative servers: gluetun | | | | └── cloudflare gluetun | | | β”œβ”€β”€ Caching: yes gluetun | | | β”œβ”€β”€ IPv6: no gluetun | | | β”œβ”€β”€ Verbosity level: 1 gluetun | | | β”œβ”€β”€ Verbosity details level: 0 gluetun | | | β”œβ”€β”€ Validation log level: 0 gluetun | | | β”œβ”€β”€ System user: root gluetun | | | └── Allowed networks: gluetun | | | β”œβ”€β”€ 0.0.0.0/0 gluetun | | | └── ::/0 gluetun | | └── DNS filtering settings: gluetun | | β”œβ”€β”€ Block malicious: yes gluetun | | β”œβ”€β”€ Block ads: no gluetun | | └── Block surveillance: no gluetun | β”œβ”€β”€ Firewall settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Debug mode: on gluetun | | └── Outbound subnets: gluetun | | └── {10.54.1.0 ffffff00} gluetun | β”œβ”€β”€ Log settings: gluetun | | └── Log level: INFO gluetun | β”œβ”€β”€ Health settings: gluetun | | β”œβ”€β”€ Server listening address: 127.0.0.1:9999 gluetun | | β”œβ”€β”€ Target address: cloudflare.com:443 gluetun | | └── VPN wait durations: gluetun | | β”œβ”€β”€ Initial duration: 6s gluetun | | └── Additional duration: 5s gluetun | β”œβ”€β”€ Shadowsocks server settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Listening address: :8388 gluetun | | β”œβ”€β”€ Cipher: chacha20-ietf-poly1305 gluetun | | β”œβ”€β”€ Password: [set] gluetun | | └── Log addresses: no gluetun | β”œβ”€β”€ HTTP proxy settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Listening address: :8888 gluetun | | β”œβ”€β”€ User: gluetun | | β”œβ”€β”€ Password: [not set] gluetun | | β”œβ”€β”€ Stealth mode: yes gluetun | | └── Log: yes gluetun | β”œβ”€β”€ Control server settings: gluetun | | β”œβ”€β”€ Listening address: :8000 gluetun | | └── Logging: yes gluetun | β”œβ”€β”€ OS Alpine settings: gluetun | | β”œβ”€β”€ Process UID: 1000 gluetun | | β”œβ”€β”€ Process GID: 100 gluetun | | └── Timezone: Europe/Amsterdam gluetun | β”œβ”€β”€ Public IP settings: gluetun | | β”œβ”€β”€ Fetching: every 12h0m0s gluetun | | └── IP file path: /tmp/gluetun/ip gluetun | β”œβ”€β”€ Server data updater settings: gluetun | | β”œβ”€β”€ Update period: 24h0m0s gluetun | | β”œβ”€β”€ DNS address: 1.1.1.1 gluetun | | └── Providers to update: surfshark gluetun | └── Version settings: gluetun | └── Enabled: yes gluetun | 2022-06-10T09:49:51+02:00 INFO [routing] default route found: interface eth0, gateway 172.26.0.1 and assigned IP 172.26.0.2 gluetun | 2022-06-10T09:49:51+02:00 DEBUG [routing] ip rule add from 172.26.0.2/32 lookup 200 pref 100 gluetun | 2022-06-10T09:49:51+02:00 INFO [routing] adding route for 0.0.0.0/0 gluetun | 2022-06-10T09:49:51+02:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.26.0.1 dev eth0 table 200 gluetun | 2022-06-10T09:49:51+02:00 INFO [firewall] setting allowed subnets... gluetun | 2022-06-10T09:49:51+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.26.0.2 -d 10.54.1.0/24 -j ACCEPT gluetun | 2022-06-10T09:49:51+02:00 INFO [routing] default route found: interface eth0, gateway 172.26.0.1 and assigned IP 172.26.0.2 gluetun | 2022-06-10T09:49:51+02:00 INFO [routing] adding route for 10.54.1.0/24 gluetun | 2022-06-10T09:49:51+02:00 DEBUG [routing] ip route replace 10.54.1.0/24 via 172.26.0.1 dev eth0 table 199 gluetun | 2022-06-10T09:49:51+02:00 DEBUG [routing] ip rule add to 10.54.1.0/24 lookup 199 pref 99 gluetun | 2022-06-10T09:49:51+02:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it... gluetun | 2022-06-10T09:49:51+02:00 INFO [pprof] http server listening on [::]:6060 gluetun | 2022-06-10T09:49:51+02:00 INFO [http server] http server listening on [::]:8000 gluetun | 2022-06-10T09:49:51+02:00 INFO [firewall] allowing VPN connection... gluetun | 2022-06-10T09:49:51+02:00 DEBUG [firewall] iptables --append OUTPUT -d 143.244.42.110 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT gluetun | 2022-06-10T09:49:51+02:00 INFO [healthcheck] listening on 127.0.0.1:9999 gluetun | 2022-06-10T09:49:51+02:00 INFO [http proxy] listening on :8888 gluetun | 2022-06-10T09:49:51+02:00 INFO [shadowsocks] listening TCP on :8388 gluetun | 2022-06-10T09:49:51+02:00 INFO [shadowsocks] listening UDP on :8388 gluetun | 2022-06-10T09:49:51+02:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1 gluetun | 2022-06-10T09:49:51+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:49:51+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022 gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 gluetun | 2022-06-10T09:49:51+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]143.244.42.110:1443 gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]143.244.42.110:1443 [nonblock] gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] TCP connection established with [AF_INET]143.244.42.110:1443 gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound) gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]143.244.42.110:1443 gluetun | 2022-06-10T09:49:51+02:00 INFO [openvpn] [nl-ams-v133.prod.surfshark.com] Peer Connection Initiated with [AF_INET]143.244.42.110:1443 gluetun | 2022-06-10T09:49:52+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6) gluetun | 2022-06-10T09:49:52+02:00 INFO [openvpn] TUN/TAP device tun0 opened gluetun | 2022-06-10T09:49:52+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500 gluetun | 2022-06-10T09:49:52+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up gluetun | 2022-06-10T09:49:52+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.2/24 gluetun | 2022-06-10T09:49:52+02:00 INFO [openvpn] UID set to nonrootuser gluetun | 2022-06-10T09:49:53+02:00 INFO [openvpn] Initialization Sequence Completed gluetun | 2022-06-10T09:49:53+02:00 INFO [dns over tls] downloading DNS over TLS cryptographic files gluetun | 2022-06-10T09:49:53+02:00 INFO [healthcheck] healthy! gluetun | 2022-06-10T09:49:54+02:00 INFO [dns over tls] downloading hostnames and IP block lists gluetun | 2022-06-10T09:50:01+02:00 INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout gluetun | 2022-06-10T09:50:07+02:00 INFO [dns over tls] init module 0: validator gluetun | 2022-06-10T09:50:07+02:00 INFO [dns over tls] init module 1: iterator gluetun | 2022-06-10T09:50:07+02:00 INFO [dns over tls] start of service (unbound 1.15.0). gluetun | 2022-06-10T09:50:07+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN gluetun | 2022-06-10T09:50:07+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN gluetun | 2022-06-10T09:50:07+02:00 INFO [dns over tls] ready gluetun | 2022-06-10T09:50:07+02:00 INFO [healthcheck] healthy! gluetun | 2022-06-10T09:50:08+02:00 INFO [vpn] You are running on the bleeding edge of latest! gluetun | 2022-06-10T09:50:09+02:00 INFO [ip getter] Public IP address is 143.244.42.111 (Netherlands, North Holland, Amsterdam)
qdm12 commented 2 years ago

It's most likely because the nameserver is changed to 127.0.0.1 to use Unbound, but Unbound didn't finish setting up (hence the connection refuse on port 53).

I'm working on #137 now, let's see if it indirectly solves it. I'll message here once it's done.

antro31 commented 2 years ago

Seems I have the same issue here. 

2022-06-19T20:26:36Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:26:37Z INFO [healthcheck] healthy!
2022-06-19T20:26:50Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:26:55Z INFO [healthcheck] healthy!
2022-06-19T20:27:03Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:27:08Z INFO [healthcheck] healthy!
2022-06-19T20:27:32Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:27:33Z INFO [healthcheck] healthy!
2022-06-19T20:27:46Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:27:47Z INFO [healthcheck] healthy!
2022-06-19T20:27:55Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:27:56Z INFO [healthcheck] healthy!
2022-06-19T20:28:09Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:28:10Z INFO [healthcheck] healthy!
2022-06-19T20:28:48Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:28:49Z INFO [healthcheck] healthy!
2022-06-19T20:29:07Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:29:15Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2022-06-19T20:29:15Z INFO [vpn] stopping
2022-06-19T20:29:15Z INFO [vpn] starting
2022-06-19T20:29:15Z INFO [firewall] allowing VPN connection...
2022-06-19T20:29:15Z INFO [wireguard] Using available kernelspace implementation
2022-06-19T20:29:15Z INFO [wireguard] Connecting to 62.210.204.161:51820
2022-06-19T20:29:15Z INFO [wireguard] Wireguard is up
2022-06-19T20:29:15Z INFO [healthcheck] healthy!
2022-06-19T20:29:15Z INFO [ip getter] Public IP address is 62.210.204.161 (France, Île-de-France, Paris)
2022-06-19T20:29:49Z INFO [healthcheck] unhealthy: cannot dial: dial tcp4: i/o timeout
2022-06-19T20:29:54Z INFO [healthcheck] healthy!
antro31 commented 2 years ago

Hi all, for me, changing HEALTH_TARGET_ADDRESS and DNS_ADDRESS to 1.1.1.1 both solved the issue.

qdm12 commented 2 years ago

@antro31 that's just a workaround, and it means you don't test if the DNS server is working or not.

Can one of you try using BLOCK_MALICIOUS=off, does it give the same consistent unhealthy? For my part, running Mullvad with OpenVPN or Wireguard works fine and it's not unhealthy at start:

2022-06-27T21:51:48Z INFO [openvpn] Initialization Sequence Completed
2022-06-27T21:51:48Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-06-27T21:51:48Z INFO [healthcheck] healthy!
2022-06-27T21:51:49Z INFO [dns over tls] downloading hostnames and IP block lists
2022-06-27T21:51:51Z INFO [dns over tls] init module 0: validator
2022-06-27T21:51:51Z INFO [dns over tls] init module 1: iterator
2022-06-27T21:51:51Z INFO [dns over tls] start of service (unbound 1.15.0).
2022-06-27T21:51:51Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-06-27T21:51:51Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-06-27T21:51:51Z INFO [dns over tls] ready
2022-06-27T21:51:51Z INFO [ip getter] Public IP address is 198.54.132.55 (United States, Illinois, Chicago)
2022-06-27T21:51:52Z INFO [vpn] There is a new release v3.29.0 (v3.29.0) created 46 days ago
frepke commented 2 years ago

I checked it a few times with MALICIOUS OFF, now the VPN restarts are gone

Gluetun MALICIOUS OFF Log ```gluetun | ======================================== gluetun | ======================================== gluetun | =============== gluetun ================ gluetun | ======================================== gluetun | =========== Made with ❀️ by ============ gluetun | ======= https://github.com/qdm12 ======= gluetun | ======================================== gluetun | ======================================== gluetun | gluetun | Running version latest built on 2022-06-26T21:32:21.808Z (commit 87dbae5) gluetun | gluetun | πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new gluetun | πŸ› Bug? https://github.com/qdm12/gluetun/issues/new gluetun | ✨ New feature? https://github.com/qdm12/gluetun/issues/new gluetun | β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new gluetun | πŸ’» Email? quentin.mcgaw@gmail.com gluetun | πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12 gluetun | 2022-06-28T06:32:11+02:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2 gluetun | 2022-06-28T06:32:11+02:00 INFO [routing] local ethernet link found: eth0 gluetun | 2022-06-28T06:32:11+02:00 INFO [routing] local ipnet found: 172.19.0.0/16 gluetun | 2022-06-28T06:32:12+02:00 INFO [firewall] enabling... gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --policy INPUT DROP gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --policy OUTPUT DROP gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --policy FORWARD DROP gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] ip6tables-nft --policy INPUT DROP gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] ip6tables-nft --policy OUTPUT DROP gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] ip6tables-nft --policy FORWARD DROP gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] ip6tables-nft --append INPUT -i lo -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o lo -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] ip6tables-nft --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT gluetun | 2022-06-28T06:32:12+02:00 INFO [firewall] enabled successfully gluetun | 2022-06-28T06:32:14+02:00 INFO [storage] merging by most recent 11236 hardcoded servers and 11237 servers read from /gluetun/servers.json gluetun | 2022-06-28T06:32:14+02:00 INFO [storage] Using surfshark servers from file which are 5 days more recent gluetun | 2022-06-28T06:32:14+02:00 INFO Alpine version: 3.16.0 gluetun | 2022-06-28T06:32:14+02:00 INFO OpenVPN 2.4 version: 2.4.12 gluetun | 2022-06-28T06:32:14+02:00 INFO OpenVPN 2.5 version: 2.5.6 gluetun | 2022-06-28T06:32:14+02:00 INFO Unbound version: 1.15.0 gluetun | 2022-06-28T06:32:14+02:00 INFO IPtables version: v1.8.8 gluetun | 2022-06-28T06:32:14+02:00 INFO Settings summary: gluetun | β”œβ”€β”€ VPN settings: gluetun | | β”œβ”€β”€ VPN provider settings: gluetun | | | β”œβ”€β”€ Name: surfshark gluetun | | | └── Server selection settings: gluetun | | | β”œβ”€β”€ VPN type: openvpn gluetun | | | β”œβ”€β”€ Countries: netherlands gluetun | | | └── OpenVPN server selection settings: gluetun | | | └── Protocol: TCP gluetun | | └── OpenVPN settings: gluetun | | β”œβ”€β”€ OpenVPN version: 2.5 gluetun | | β”œβ”€β”€ User: [set] gluetun | | β”œβ”€β”€ Password: [set] gluetun | | β”œβ”€β”€ Tunnel IPv6: no gluetun | | β”œβ”€β”€ Network interface: tun0 gluetun | | β”œβ”€β”€ Run OpenVPN as: no gluetun | | └── Verbosity level: 1 gluetun | β”œβ”€β”€ DNS settings: gluetun | | β”œβ”€β”€ DNS server address to use: 127.0.0.1 gluetun | | β”œβ”€β”€ Keep existing nameserver(s): no gluetun | | └── DNS over TLS settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Update period: every 24h0m0s gluetun | | β”œβ”€β”€ Unbound settings: gluetun | | | β”œβ”€β”€ Authoritative servers: gluetun | | | | └── cloudflare gluetun | | | β”œβ”€β”€ Caching: yes gluetun | | | β”œβ”€β”€ IPv6: no gluetun | | | β”œβ”€β”€ Verbosity level: 1 gluetun | | | β”œβ”€β”€ Verbosity details level: 0 gluetun | | | β”œβ”€β”€ Validation log level: 0 gluetun | | | β”œβ”€β”€ System user: root gluetun | | | └── Allowed networks: gluetun | | | β”œβ”€β”€ 0.0.0.0/0 gluetun | | | └── ::/0 gluetun | | └── DNS filtering settings: gluetun | | β”œβ”€β”€ Block malicious: no gluetun | | β”œβ”€β”€ Block ads: no gluetun | | └── Block surveillance: no gluetun | β”œβ”€β”€ Firewall settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Debug mode: on gluetun | | └── Outbound subnets: gluetun | | └── {10.54.1.0 ffffff00} gluetun | β”œβ”€β”€ Log settings: gluetun | | └── Log level: INFO gluetun | β”œβ”€β”€ Health settings: gluetun | | β”œβ”€β”€ Server listening address: 127.0.0.1:9999 gluetun | | β”œβ”€β”€ Target address: cloudflare.com:443 gluetun | | └── VPN wait durations: gluetun | | β”œβ”€β”€ Initial duration: 6s gluetun | | └── Additional duration: 5s gluetun | β”œβ”€β”€ Shadowsocks server settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Listening address: :8388 gluetun | | β”œβ”€β”€ Cipher: chacha20-ietf-poly1305 gluetun | | β”œβ”€β”€ Password: [set] gluetun | | └── Log addresses: no gluetun | β”œβ”€β”€ HTTP proxy settings: gluetun | | β”œβ”€β”€ Enabled: yes gluetun | | β”œβ”€β”€ Listening address: :8888 gluetun | | β”œβ”€β”€ User: gluetun | | β”œβ”€β”€ Password: [not set] gluetun | | β”œβ”€β”€ Stealth mode: yes gluetun | | └── Log: yes gluetun | β”œβ”€β”€ Control server settings: gluetun | | β”œβ”€β”€ Listening address: :8000 gluetun | | └── Logging: yes gluetun | β”œβ”€β”€ OS Alpine settings: gluetun | | β”œβ”€β”€ Process UID: 1000 gluetun | | β”œβ”€β”€ Process GID: 100 gluetun | | └── Timezone: Europe/Amsterdam gluetun | β”œβ”€β”€ Public IP settings: gluetun | | β”œβ”€β”€ Fetching: every 12h0m0s gluetun | | └── IP file path: /tmp/gluetun/ip gluetun | β”œβ”€β”€ Server data updater settings: gluetun | | β”œβ”€β”€ Update period: 24h0m0s gluetun | | β”œβ”€β”€ DNS address: 1.1.1.1:53 gluetun | | β”œβ”€β”€ Minimum ratio: 0.8 gluetun | | └── Providers to update: surfshark gluetun | └── Version settings: gluetun | └── Enabled: yes gluetun | 2022-06-28T06:32:14+02:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2 gluetun | 2022-06-28T06:32:14+02:00 DEBUG [routing] ip rule add from 172.19.0.2/32 lookup 200 pref 100 gluetun | 2022-06-28T06:32:14+02:00 INFO [routing] adding route for 0.0.0.0/0 gluetun | 2022-06-28T06:32:14+02:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200 gluetun | 2022-06-28T06:32:14+02:00 INFO [firewall] setting allowed subnets... gluetun | 2022-06-28T06:32:14+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 10.54.1.0/24 -j ACCEPT gluetun | 2022-06-28T06:32:14+02:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2 gluetun | 2022-06-28T06:32:14+02:00 INFO [routing] adding route for 10.54.1.0/24 gluetun | 2022-06-28T06:32:14+02:00 DEBUG [routing] ip route replace 10.54.1.0/24 via 172.19.0.1 dev eth0 table 199 gluetun | 2022-06-28T06:32:14+02:00 DEBUG [routing] ip rule add to 10.54.1.0/24 lookup 199 pref 99 gluetun | 2022-06-28T06:32:14+02:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it... gluetun | 2022-06-28T06:32:14+02:00 INFO [pprof] http server listening on [::]:6060 gluetun | 2022-06-28T06:32:14+02:00 INFO [http server] http server listening on [::]:8000 gluetun | 2022-06-28T06:32:14+02:00 INFO [firewall] allowing VPN connection... gluetun | 2022-06-28T06:32:14+02:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1 gluetun | 2022-06-28T06:32:14+02:00 INFO [http proxy] listening on :8888 gluetun | 2022-06-28T06:32:14+02:00 INFO [shadowsocks] listening UDP on :8388 gluetun | 2022-06-28T06:32:14+02:00 INFO [healthcheck] listening on 127.0.0.1:9999 gluetun | 2022-06-28T06:32:14+02:00 DEBUG [firewall] iptables --append OUTPUT -d 213.152.165.104 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT gluetun | 2022-06-28T06:32:14+02:00 INFO [shadowsocks] listening TCP on :8388 gluetun | 2022-06-28T06:32:14+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-28T06:32:14+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT gluetun | 2022-06-28T06:32:14+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022 gluetun | 2022-06-28T06:32:14+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10 gluetun | 2022-06-28T06:32:14+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit gluetun | 2022-06-28T06:32:14+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.165.104:1443 gluetun | 2022-06-28T06:32:14+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]213.152.165.104:1443 [nonblock] gluetun | 2022-06-28T06:32:14+02:00 INFO [openvpn] TCP connection established with [AF_INET]213.152.165.104:1443 gluetun | 2022-06-28T06:32:14+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound) gluetun | 2022-06-28T06:32:14+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]213.152.165.104:1443 gluetun | 2022-06-28T06:32:15+02:00 INFO [openvpn] [nl-ams-v127.prod.surfshark.com] Peer Connection Initiated with [AF_INET]213.152.165.104:1443 gluetun | 2022-06-28T06:32:16+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6) gluetun | 2022-06-28T06:32:16+02:00 INFO [openvpn] TUN/TAP device tun0 opened gluetun | 2022-06-28T06:32:16+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500 gluetun | 2022-06-28T06:32:16+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up gluetun | 2022-06-28T06:32:16+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.9/24 gluetun | 2022-06-28T06:32:16+02:00 INFO [openvpn] UID set to nonrootuser gluetun | 2022-06-28T06:32:16+02:00 INFO [openvpn] Initialization Sequence Completed gluetun | 2022-06-28T06:32:16+02:00 INFO [dns over tls] downloading DNS over TLS cryptographic files gluetun | 2022-06-28T06:32:17+02:00 INFO [healthcheck] healthy! gluetun | 2022-06-28T06:32:18+02:00 INFO [dns over tls] downloading hostnames and IP block lists gluetun | 2022-06-28T06:32:18+02:00 INFO [dns over tls] init module 0: validator gluetun | 2022-06-28T06:32:18+02:00 INFO [dns over tls] init module 1: iterator gluetun | 2022-06-28T06:32:18+02:00 INFO [dns over tls] start of service (unbound 1.15.0). gluetun | 2022-06-28T06:32:18+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN gluetun | 2022-06-28T06:32:18+02:00 INFO [dns over tls] ready gluetun | 2022-06-28T06:32:19+02:00 INFO [vpn] You are running on the bleeding edge of latest! gluetun | 2022-06-28T06:32:19+02:00 INFO [ip getter] Public IP address is 213.152.165.105 (Netherlands, North Holland, Amsterdam)
romainguinot commented 2 years ago

@qdm12 I've been having similar issues recently. Gluetun starting / stopping the VPN due an unhealthy ping. The issue is that the dependent containers seem to lose all connectivity until they are themselves restarted. That wasn't an issue before the healtcheck mechanism was introduced.

Maybe the VPN could be restarted only in multiple checks fail over the course of a minute or so ? I don't really know if a gluetun could signal other containers to automatically restart if it has to kick and restart the VPN.

For now i have turned off BLOCK_MALICIOUS, as well as SURVEILLANCE and ADS which i had turned on, let's see if that addresses the issue at least temporarily.

Thanks for the tool though, it's great and very useful !

qdm12 commented 2 years ago

@romainguinot you can make durations larger https://github.com/qdm12/gluetun/wiki/Health-options

The issue is that the dependent containers seem to lose all connectivity until they are themselves restarted.

Actually the point of the 'inner vpn restart' is so connected containers don't disconnect. Are you sure there isn't something retarting gluetun externally (as in, container restart)? That would cause connected containers to disconnect.

qdm12 commented 2 years ago

I don't really know if a gluetun could signal other containers to automatically restart if it has to kick and restart the VPN.

Subscribe to #641 its still a work in progress (through another container qmcgaw/deunhealth) and I'm lacking time, but I'm doing my best to finish this soon.

romainguinot commented 2 years ago

Actually the point of the 'inner vpn restart' is so connected containers don't disconnect. Are you sure there isn't something retarting gluetun externally (as in, container restart)? That would cause connected containers to disconnect.

As far as i can tell no, gluetun does not restart. But if there is an inner VPN restart, some containers are fine with it, some are not. I suspect that those that have long running connections may get "confused" by the VPN restart and lose connectivity, but those who only need periodic web access in short bursts aren't affected.

I have turned off for now BLOCK_MALICIOUS, as well as SURVEILLANCE and ADS and will see how it goes. To mitigate this a bit, i have also scheduled a daily restart of the affected container that gets stuck if the inner VPN is restarted.

romainguinot commented 2 years ago

I don't really know if a gluetun could signal other containers to automatically restart if it has to kick and restart the VPN.

Subscribe to #641 its still a work in progress (through another container qmcgaw/deunhealth) and I'm lacking time, but I'm doing my best to finish this soon.

I will subscribe. Take your time though it's not a huge deal. Gluetun is really great and it's really appreciated how quick and detailed your responses are.

shudack commented 2 years ago

Seems I have the same issue here. I have turned off for now BLOCK_MALICIOUS as you suggested and will see how it goes.

Good job with your gluetun project!

bradenmitchell commented 2 years ago

+1 for users experiencing this issue. Mine wasn't as repetitive as the examples above but it would happen more often than not when setting the container up. Seemed to be more stable with some Surfshark endpoint than others. E.g. Hardly ever occurred connecting to hostname sg-hk.prod.surfshark.com but often for nl-sg.prod.surfshark.com. When it did happen I would also never see the [ip getter] with the public ip in the logs. Made me nervous so I kept restarting until it was present.

Setting BLOCK_MALICIOUS=no and this error still occurs but significantly less frequently.

the-lazy-fox commented 2 years ago

I’m also having frequent healthcheck failures and gluetun disconnection, screwing the container behind since few days now. What does the block malicious option do please? Thank you!

<removed by qdm12>
qdm12 commented 2 years ago

@romainguinot You are correct, long running connections might fail. I had the case within Gluetun and the http client communicating with the Private Internet Access API. The solution for me was to close the idle connections of my http client, but that's really a programming detail and not always possible to do for other containers. Once #641 is done, this should fix that problem though (restart all connected containers).

For other people complaining about frequent internal vpn restarts:

romainguinot commented 1 year ago

forgot to reply @qdm12 sorry. For now with the scheduled daily restarts of the affected container it seems to mitigate the issue. One day if there can be a restart of dependent containers that would be great but no rush.

I wish in the Synology NAS or in Portainer you could easily mark containers as dependent on gluetun so that they can wait for a healthy gluetun as well before starting up, but that's a minor inconvenience as this is only an issue when the whole NAS is restarted which is clearly not very frequent.

bnhf commented 1 year ago

@romainguinot

I use:

        depends_on:
            - gluetun

after all of the dependent containers in my Portainer Stack -- and it seems to do the trick. The only time I need to stop and restart the entire stack is when I do an on demand update of all running containers using Watchtower.

qdm12 commented 6 months ago

See #2154 there is some interesting information, especially

tldr: For me, UDP-based VPNs (both Wireguard and OpenVPN) experiences this issue, but TCP-based OpenVPN works without connection restarts.

Closing this due to inactivity πŸ˜‰

github-actions[bot] commented 6 months ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.