search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.93k stars 367 forks source link

Port forwarding with Windscribe doesn't work #1050

Closed hacktek closed 2 years ago

hacktek commented 2 years ago

Is this urgent?

No

Host OS

Ubuntu 18.04

CPU arch

x86_64

VPN service provider

Windscribe

What are you using to run the container

docker run

What is the version of Gluetun

Running version latest built on 2022-06-29T12:27:08.014Z (commit 9f959db)

What's the problem 🤔

Glutun is running on OpenVPN and has a container linked like so:

docker run -d --name embyserver --volume /etc/localtime:/etc/localtime:ro --volume /opt/emby:/config --volume /mnt/unionfs/Media:/data -v /mnt:/mnt -v /tmp:/tmp -v /dev/shm:/dev/shm --env UID=1000 --env GID=1000 --env GIDLIST=1000 --network=container:windscribe emby/embyserver:latest

The interface is available on the linked container:

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.121.82.63  P-t-P:10.121.82.63  Mask:255.255.254.0```

And traceroute is going out via the VPN:

# docker exec -ti embyserver traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets
 1  10.121.82.1 (10.121.82.1)  17.135 ms  16.973 ms  17.275 ms
 2  23-94-26-89-host.colocrossing.com (23.94.26.89)  18.845 ms  18.187 ms  18.298 ms
 3  10.8.36.249 (10.8.36.249)  18.471 ms  10.8.36.53 (10.8.36.53)  17.540 ms  10.8.36.249 (10.8.36.249)  17.503 ms
 4  10.8.40.245 (10.8.40.245)  19.287 ms  10.8.40.229 (10.8.40.229)  17.322 ms  10.8.40.245 (10.8.40.245)  18.137 ms
...

Port forwarding is set up on windscribe:

10059->8096

And even though this works fine on the container:

# docker exec -ti embyserver nc -zv 127.0.0.1 8096
127.0.0.1 (127.0.0.1:8096) open

It never connects...

# docker logs windscribe | grep Public
├── Public IP settings:
2022-06-30T04:23:12Z INFO [ip getter] Public IP address is 198.12.64.46 (United States, New York, Buffalo)
$ curl -v 198.12.64.46:10059
*   Trying 198.12.64.46:10059...

Am I doing something wrong?

Share your logs

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2022-06-29T12:27:08.014Z (commit 9f959db)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2022-06-30T04:23:04Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-06-30T04:23:04Z INFO [routing] local ethernet link found: eth0
2022-06-30T04:23:04Z INFO [routing] local ipnet found: 172.17.0.0/16
2022-06-30T04:23:04Z INFO [firewall] enabling...
2022-06-30T04:23:05Z INFO [firewall] enabled successfully
2022-06-30T04:23:05Z INFO [storage] creating /gluetun/servers.json with 11236 hardcoded servers
2022-06-30T04:23:05Z INFO Alpine version: 3.16.0
2022-06-30T04:23:05Z INFO OpenVPN 2.4 version: 2.4.12
2022-06-30T04:23:05Z INFO OpenVPN 2.5 version: 2.5.6
2022-06-30T04:23:05Z INFO Unbound version: 1.15.0
2022-06-30T04:23:05Z INFO IPtables version: v1.8.8
2022-06-30T04:23:05Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: windscribe
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Regions: us east
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Tunnel IPv6: no
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2022-06-30T04:23:05Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-06-30T04:23:05Z INFO [routing] adding route for 0.0.0.0/0
2022-06-30T04:23:05Z INFO [firewall] setting allowed subnets...
2022-06-30T04:23:05Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.2
2022-06-30T04:23:05Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022-06-30T04:23:05Z INFO [pprof] http server listening on [::]:6060
2022-06-30T04:23:05Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-06-30T04:23:05Z INFO [http server] http server listening on [::]:8000
2022-06-30T04:23:05Z INFO [healthcheck] listening on 127.0.0.1:9999
2022-06-30T04:23:05Z INFO [firewall] allowing VPN connection...
2022-06-30T04:23:05Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-06-30T04:23:05Z INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
2022-06-30T04:23:05Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]198.12.64.34:1194
2022-06-30T04:23:05Z INFO [openvpn] UDP link local: (not bound)
2022-06-30T04:23:05Z INFO [openvpn] UDP link remote: [AF_INET]198.12.64.34:1194
2022-06-30T04:23:05Z INFO [openvpn] [buf-281.windscribe.com] Peer Connection Initiated with [AF_INET]198.12.64.34:1194
2022-06-30T04:23:06Z INFO [openvpn] TUN/TAP device tun0 opened
2022-06-30T04:23:06Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-06-30T04:23:06Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-06-30T04:23:06Z INFO [openvpn] /sbin/ip addr add dev tun0 10.121.82.63/23
2022-06-30T04:23:06Z INFO [openvpn] UID set to nonrootuser
2022-06-30T04:23:06Z INFO [openvpn] Initialization Sequence Completed
2022-06-30T04:23:06Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-06-30T04:23:07Z INFO [healthcheck] healthy!
2022-06-30T04:23:07Z INFO [dns over tls] downloading hostnames and IP block lists
2022-06-30T04:23:11Z INFO [dns over tls] init module 0: validator
2022-06-30T04:23:11Z INFO [dns over tls] init module 1: iterator
2022-06-30T04:23:11Z INFO [dns over tls] start of service (unbound 1.15.0).
2022-06-30T04:23:11Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-06-30T04:23:12Z INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2022-06-30T04:23:12Z INFO [dns over tls] ready
2022-06-30T04:23:12Z INFO [ip getter] Public IP address is 198.12.64.46 (United States, New York, Buffalo)
2022-06-30T04:23:12Z INFO [vpn] You are running on the bleeding edge of latest!

Share your configuration

docker run -d --name=windscribe -it --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=windscribe \
-e VPN_TYPE=openvpn \
-e OPENVPN_USER="xxxxxxx" -e OPENVPN_PASSWORD="xxxxxxxxx" \
-e SERVER_REGIONS="US East" qmcgaw/gluetun
hacktek commented 2 years ago

Lol. As soon as I posted this it occurred to me to turn off the firewall.

We're done here :P

qdm12 commented 2 years ago

You should not turn off the firewall, this might leak data out of the vpn. Check the wiki page on port forwarding and use FIREWALL_VPN_INPUT_PORTS