Open DcR-NL opened 2 years ago
Closing (for now). Has been running fine for at least a month.
This actually happens to me as well, but it never restores after VPN restart.
At the start of the container it's fine, even if the port was saved before:
2022-10-16T12:43:18Z INFO [firewall] allowing VPN connection...
2022-10-16T12:43:18Z INFO [openvpn] OpenVPN 2.5.6 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-10-16T12:43:18Z INFO [openvpn] library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
2022-10-16T12:43:18Z INFO [openvpn] CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
2022-10-16T12:43:18Z INFO [openvpn] *REDACTED*
2022-10-16T12:43:18Z INFO [openvpn] -----END X509 CRL-----
2022-10-16T12:43:18Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]191.96.168.252:1197
2022-10-16T12:43:18Z INFO [openvpn] UDP link local: (not bound)
2022-10-16T12:43:18Z INFO [openvpn] UDP link remote: [AF_INET]*REDACTED*
2022-10-16T12:43:18Z INFO [openvpn] [amsterdam433] Peer Connection Initiated with [AF_INET]*REDACTED*
2022-10-16T12:43:18Z INFO [openvpn] TUN/TAP device tun0 opened
2022-10-16T12:43:18Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-10-16T12:43:18Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-10-16T12:43:18Z INFO [openvpn] /sbin/ip addr add dev tun0 10.42.110.182/24
2022-10-16T12:43:18Z INFO [openvpn] UID set to nonrootuser
2022-10-16T12:43:18Z INFO [openvpn] Initialization Sequence Completed
2022-10-16T12:43:18Z INFO [ip getter] Public IP address is *REDACTED*
2022-10-16T12:43:18Z INFO [vpn] You are running on the bleeding edge of latest!
2022-10-16T12:43:18Z INFO [vpn] VPN gateway IP address: *REDACTED*
2022-10-16T12:43:19Z INFO [port forwarding] Found saved forwarded port data for port 49747
2022-10-16T12:43:19Z INFO [port forwarding] Port forwarded data expires in 52 days
2022-10-16T12:43:19Z INFO [healthcheck] healthy!
2022-10-16T12:43:19Z INFO [port forwarding] port forwarded is 49747
2022-10-16T12:43:19Z INFO [firewall] setting allowed input port 49747 through interface tun0...
2022-10-16T12:43:19Z INFO [port forwarding] writing port file /gluetun/forwarded_port
But then inevitably this happens:
2022-10-16T21:39:12Z INFO [healthcheck] program has been unhealthy for 13s: restarting VPN
2022-10-16T21:39:17Z INFO [vpn] stopping
2022-10-16T21:39:17Z INFO [port forwarding] stopping
2022-10-16T21:39:19Z INFO [port forwarding] removing port file /gluetun/forwarded_port
2022-10-16T21:39:23Z INFO [vpn] starting
2022-10-16T21:39:24Z INFO [firewall] removing allowed port 49747...
2022-10-16T21:40:09Z INFO [firewall] allowing VPN connection...
2022-10-16T21:40:25Z INFO [openvpn] OpenVPN 2.5.6 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-10-16T21:40:26Z INFO [openvpn] library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
2022-10-16T21:40:26Z INFO [openvpn] CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
2022-10-16T21:40:27Z INFO [openvpn] *REDACTED*
2022-10-16T21:40:27Z INFO [openvpn] -----END X509 CRL-----
2022-10-16T21:40:27Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]*REDACTED*
2022-10-16T21:40:27Z INFO [openvpn] UDP link local: (not bound)
2022-10-16T21:40:27Z INFO [openvpn] UDP link remote: [AF_INET]*REDACTED*
2022-10-16T21:40:27Z INFO [openvpn] [amsterdam433] Peer Connection Initiated with [AF_INET]*REDACTED*
2022-10-16T21:40:27Z INFO [openvpn] TUN/TAP device tun0 opened
2022-10-16T21:40:27Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-10-16T21:40:29Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-10-16T21:40:29Z INFO [openvpn] /sbin/ip addr add dev tun0 *REDACTED*
2022-10-16T21:40:29Z INFO [openvpn] UID set to nonrootuser
2022-10-16T21:40:29Z INFO [openvpn] Initialization Sequence Completed
2022-10-16T21:40:32Z INFO [healthcheck] healthy!
2022-10-16T21:40:33Z INFO [vpn] VPN gateway IP address: *REDACTED*
2022-10-16T21:40:36Z INFO [ip getter] Public IP address is *REDACTED*
Nothing about port forwarding after reconnect.
Raspberry Pi 4B on Raspbian (Debian) Buster latest, arm64 VPN Provider: Private Internet Access Using docker-compose Running version latest built on 2022-10-02T09:36:14.095Z (commit cb80457)
docker-compose.yml:
version: "3.7"
services:
pia:
image: qmcgaw/gluetun:latest
container_name: pia
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8888:8888/tcp # HTTP proxy
- 8001:8000/tcp # Gluetun API
- 8005:8005
- 3001:3001
volumes:
- ${PATH_CONFIG}/gluetun:/config
- ${PATH_CONFIG}/gluetun/tmp:/gluetun
environment:
- TZ=${TZ:-Etc/UTC}
- VPN_SERVICE_PROVIDER=private internet access
- SERVER_REGIONS=${PIA_REGION}
- OPENVPN_USER=${PIA_USER}
- OPENVPN_PASSWORD=${PIA_PASS}
- PRIVATE_INTERNET_ACCESS_OPENVPN_ENCRYPTION_PRESET=strong
- PRIVATE_INTERNET_ACCESS_VPN_PORT_FORWARDING=on
- PRIVATE_INTERNET_ACCESS_VPN_PORT_FORWARDING_STATUS_FILE=/gluetun/forwarded_port
- FIREWALL=on
- LOG_LEVEL=info
- HEALTH_SERVER_ADDRESS=127.0.0.1:9999
- HEALTH_TARGET_ADDRESS=protonvpn.com:443
- HEALTH_VPN_DURATION_INITIAL=13s
- HEALTH_VPN_DURATION_ADDITION=30s
- DOT=off
- BLOCK_MALICIOUS=on
- BLOCK_SURVEILLANCE=off
- BLOCK_ADS=off
- DNS_UPDATE_PERIOD=24h
- DNS_ADDRESS=127.0.0.1
- DNS_KEEP_NAMESERVER=off
- HTTP_CONTROL_SERVER_ADDRESS=:8000
- UPDATER_VPN_SERVICE_PROVIDERS=private internet access
- PUBLICIP_FILE=/gluetun/ip
- PUBLICIP_PERIOD=12h
- VERSION_INFORMATION=on
- HTTPPROXY=on
- HTTPPROXY_LOG=off
- HTTPPROXY_STEALTH=on
extra_hosts:
- ${HOST}
@manz4rk see + subscribe to #1086
Reopening, because it's still an issue for me. See https://github.com/qdm12/gluetun/discussions/1086#discussioncomment-4832378
Is this urgent?
No
Host OS
Synology DSM 6.2.4
CPU arch
x86_64
VPN service provider
Private Internet Access
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2022-07-24T03:13:44.061Z (commit 877617c)
What's the problem 🤔
Port file gets removed, including the allowed port in the firewall after detecting an unhealthy VPN and doesn't restore. Zero output with the [port forwarding] tag after the "[vpn] VPN gateway IP address" message.
The first times it restores fine, but the moment it stops renewing, a container restart is needed.
I've added logs from a good and bad situation.
If a discussion is needed; I've created a discussion (https://github.com/qdm12/gluetun/discussions/1086) a week ago.
Share your logs
Share your configuration