qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.04k stars 371 forks source link

Bug: Wireguard not connecting inside the container #1371

Closed tushardhadiwal closed 1 year ago

tushardhadiwal commented 1 year ago

Is this urgent?

No

Host OS

ubuntu

CPU arch

x86_64

VPN service provider

Custom

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2022-12-31T17:50:58.654Z (commit ea40b84)

What's the problem 🤔

Gluetun Wireguard not connecting to my wireguard server. I am able to connect to same wireguard VPN server from iOS wireguard client.

Share your logs

gluetun_1  | ========================================
gluetun_1  | ========================================
gluetun_1  | =============== gluetun ================
gluetun_1  | ========================================
gluetun_1  | =========== Made with ❤️ by ============
gluetun_1  | ======= https://github.com/qdm12 =======
gluetun_1  | ========================================
gluetun_1  | ========================================
gluetun_1  |
gluetun_1  | Running version latest built on 2022-12-31T17:50:58.654Z (commit ea40b84)
gluetun_1  |
gluetun_1  | 🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
gluetun_1  | 🐛 Bug? https://github.com/qdm12/gluetun/issues/new
gluetun_1  | ✨ New feature? https://github.com/qdm12/gluetun/issues/new
gluetun_1  | ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
gluetun_1  | 💻 Email? quentin.mcgaw@gmail.com
gluetun_1  | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
gluetun_1  | 2023-01-26T01:17:53Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2
gluetun_1  | 2023-01-26T01:17:53Z INFO [routing] local ethernet link found: eth0
gluetun_1  | 2023-01-26T01:17:53Z INFO [routing] local ipnet found: 172.19.0.0/16
gluetun_1  | 2023-01-26T01:17:53Z INFO [firewall] enabling...
gluetun_1  | 2023-01-26T01:17:53Z INFO [firewall] enabled successfully
gluetun_1  | 2023-01-26T01:17:53Z INFO [storage] creating /gluetun/servers.json with 13224 hardcoded servers
gluetun_1  | 2023-01-26T01:17:53Z INFO Alpine version: 3.16.3
gluetun_1  | 2023-01-26T01:17:53Z INFO OpenVPN 2.4 version: 2.4.12
gluetun_1  | 2023-01-26T01:17:53Z INFO OpenVPN 2.5 version: 2.5.6
gluetun_1  | 2023-01-26T01:17:53Z INFO Unbound version: 1.15.0
gluetun_1  | 2023-01-26T01:17:53Z INFO IPtables version: v1.8.8
gluetun_1  | 2023-01-26T01:17:53Z INFO Settings summary:
gluetun_1  | ├── VPN settings:
gluetun_1  | |   ├── VPN provider settings:
gluetun_1  | |   |   ├── Name: custom
gluetun_1  | |   |   └── Server selection settings:
gluetun_1  | |   |       ├── VPN type: wireguard
gluetun_1  | |   |       ├── Target IP address: xxxx
gluetun_1  | |   |       └── Wireguard selection settings:
gluetun_1  | |   |           ├── Endpoint IP address: xxxx
gluetun_1  | |   |           ├── Endpoint port: 51820
gluetun_1  | |   |           └── Server public key: REPLACED
gluetun_1  | |   └── Wireguard settings:
gluetun_1  | |       ├── Private key: yM...lM=
gluetun_1  | |       ├── Pre-shared key: v+...R0=
gluetun_1  | |       ├── Interface addresses:
gluetun_1  | |       |   └── 10.13.13.2/32
gluetun_1  | |       └── Network interface: tun0
gluetun_1  | ├── DNS settings:
gluetun_1  | |   ├── DNS server address to use: 127.0.0.1
gluetun_1  | |   ├── Keep existing nameserver(s): no
gluetun_1  | |   └── DNS over TLS settings:
gluetun_1  | |       ├── Enabled: yes
gluetun_1  | |       ├── Update period: every 24h0m0s
gluetun_1  | |       ├── Unbound settings:
gluetun_1  | |       |   ├── Authoritative servers:
gluetun_1  | |       |   |   └── cloudflare
gluetun_1  | |       |   ├── Caching: yes
gluetun_1  | |       |   ├── IPv6: no
gluetun_1  | |       |   ├── Verbosity level: 1
gluetun_1  | |       |   ├── Verbosity details level: 0
gluetun_1  | |       |   ├── Validation log level: 0
gluetun_1  | |       |   ├── System user: root
gluetun_1  | |       |   └── Allowed networks:
gluetun_1  | |       |       ├── 0.0.0.0/0
gluetun_1  | |       |       └── ::/0
gluetun_1  | |       └── DNS filtering settings:
gluetun_1  | |           ├── Block malicious: yes
gluetun_1  | |           ├── Block ads: no
gluetun_1  | |           ├── Block surveillance: no
gluetun_1  | |           └── Blocked IP networks:
gluetun_1  | |               ├── 127.0.0.1/8
gluetun_1  | |               ├── 10.0.0.0/8
gluetun_1  | |               ├── 172.16.0.0/12
gluetun_1  | |               ├── 192.168.0.0/16
gluetun_1  | |               ├── 169.254.0.0/16
gluetun_1  | |               ├── ::1/128
gluetun_1  | |               ├── fc00::/7
gluetun_1  | |               ├── fe80::/10
gluetun_1  | |               ├── ::ffff:7f00:1/104
gluetun_1  | |               ├── ::ffff:a00:0/104
gluetun_1  | |               ├── ::ffff:a9fe:0/112
gluetun_1  | |               ├── ::ffff:ac10:0/108
gluetun_1  | |               └── ::ffff:c0a8:0/112
gluetun_1  | ├── Firewall settings:
gluetun_1  | |   └── Enabled: yes
gluetun_1  | ├── Log settings:
gluetun_1  | |   └── Log level: INFO
gluetun_1  | ├── Health settings:
gluetun_1  | |   ├── Server listening address: 127.0.0.1:9999
gluetun_1  | |   ├── Target address: cloudflare.com:443
gluetun_1  | |   ├── Read header timeout: 100ms
gluetun_1  | |   ├── Read timeout: 500ms
gluetun_1  | |   └── VPN wait durations:
gluetun_1  | |       ├── Initial duration: 6s
gluetun_1  | |       └── Additional duration: 5s
gluetun_1  | ├── Shadowsocks server settings:
gluetun_1  | |   └── Enabled: no
gluetun_1  | ├── HTTP proxy settings:
gluetun_1  | |   └── Enabled: no
gluetun_1  | ├── Control server settings:
gluetun_1  | |   ├── Listening address: :8000
gluetun_1  | |   └── Logging: yes
gluetun_1  | ├── OS Alpine settings:
gluetun_1  | |   ├── Process UID: 1000
gluetun_1  | |   └── Process GID: 1000
gluetun_1  | ├── Public IP settings:
gluetun_1  | |   ├── Fetching: every 12h0m0s
gluetun_1  | |   └── IP file path: /tmp/gluetun/ip
gluetun_1  | └── Version settings:
gluetun_1  |     └── Enabled: yes
gluetun_1  | 2023-01-26T01:17:53Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2
gluetun_1  | 2023-01-26T01:17:53Z INFO [routing] adding route for 0.0.0.0/0
gluetun_1  | 2023-01-26T01:17:53Z INFO [firewall] setting allowed subnets...
gluetun_1  | 2023-01-26T01:17:53Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1 and assigned IP 172.19.0.2
gluetun_1  | 2023-01-26T01:17:53Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
gluetun_1  | 2023-01-26T01:17:53Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
gluetun_1  | 2023-01-26T01:17:53Z INFO [http server] http server listening on [::]:8000
gluetun_1  | 2023-01-26T01:17:53Z INFO [healthcheck] listening on 127.0.0.1:9999
gluetun_1  | 2023-01-26T01:17:53Z INFO [firewall] allowing VPN connection...
gluetun_1  | 2023-01-26T01:17:53Z INFO [wireguard] Using available kernelspace implementation
gluetun_1  | 2023-01-26T01:17:53Z INFO [wireguard] Connecting to 20.2.14.49:51820
gluetun_1  | 2023-01-26T01:17:53Z INFO [wireguard] Wireguard is up
gluetun_1  | 2023-01-26T01:17:53Z INFO [dns over tls] downloading DNS over TLS cryptographic files
gluetun_1  | 2023-01-26T01:17:53Z WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: write udp 10.13.13.2:60621->1.1.1.1:53: write: required key not available
gluetun_1  | 2023-01-26T01:17:53Z INFO [dns over tls] attempting restart in 10s
gluetun_1  | 2023-01-26T01:17:53Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 10.13.13.2:52510->1.1.1.1:53: write: required key not available
gluetun_1  | 2023-01-26T01:17:53Z INFO [ip getter] retrying in 5s
gluetun_1  | 2023-01-26T01:17:53Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": dial tcp: lookup api.github.com on 1.1.1.1:53: write udp 10.13.13.2:56334->1.1.1.1:53: write: required key not available
gluetun_1  | 2023-01-26T01:17:58Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 10.13.13.2:54213->1.1.1.1:53: write: required key not available
gluetun_1  | 2023-01-26T01:17:58Z INFO [ip getter] retrying in 5s
gluetun_1  | 2023-01-26T01:17:59Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun_1  | 2023-01-26T01:17:59Z INFO [vpn] stopping
gluetun_1  | 2023-01-26T01:17:59Z INFO [vpn] starting
gluetun_1  | 2023-01-26T01:17:59Z INFO [firewall] allowing VPN connection...
gluetun_1  | 2023-01-26T01:17:59Z INFO [wireguard] Using available kernelspace implementation
gluetun_1  | 2023-01-26T01:17:59Z INFO [wireguard] Connecting to 20.219.142.49:51820
gluetun_1  | 2023-01-26T01:17:59Z INFO [wireguard] Wireguard is up
gluetun_1  | 2023-01-26T01:18:03Z INFO [dns over tls] downloading DNS over TLS cryptographic files
gluetun_1  | 2023-01-26T01:18:03Z WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: write udp 10.13.13.2:46172->1.1.1.1:53: write: required key not available
gluetun_1  | 2023-01-26T01:18:03Z INFO [dns over tls] attempting restart in 20s
gluetun_1  | 2023-01-26T01:18:03Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 10.13.13.2:57685->1.1.1.1:53: write: required key not available
gluetun_1  | 2023-01-26T01:18:03Z INFO [ip getter] retrying in 5s
^CGracefully stopping... (press Ctrl+C again to force)
Stopping deploy_gluetun_1   ... done

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun:latest
    cap_add:
      - NET_ADMIN
    environment:
      - PGID=1000
      - PUID=1000
      - VPN_TYPE=wireguard
      - VPN_SERVICE_PROVIDER=custom
      - VPN_ENDPOINT_IP=20.2.142.49
      - VPN_ENDPOINT_PORT=51820
      - WIREGUARD_PUBLIC_KEY=
      - WIREGUARD_PRIVATE_KEY=
      - WIREGUARD_PRESHARED_KEY=
      - WIREGUARD_ADDRESSES=10.13.13.2/32
    ports:
      - "0.0.0.0:8080:80/tcp"   # <-- ports go here, not below
serialpotato commented 1 year ago

same issue with vpn-unlimited. Not able to connect at all.

ActuallyCloud commented 1 year ago

Also having this issue on the latest build.

db00t commented 1 year ago

Same her. VPN Works with client but not with Gluetun.

frepke commented 1 year ago

Same her. VPN Works with client but not with Gluetun.

How does your compose-file looks like?

Personally I've no issues with SurfShark and Gluetun.

qdm12 commented 1 year ago

@serialpotato Let's not mix everything. VPN Unlimited is broken on the latest build using openvpn (NOT WIREGUARD!) due to VPN unlimited having generated their certificates using bad/unsecured algorithms (and Gluetun bumped openssl+openvpn recently). I'm working on a workaround, there is an issue opened for that.

@ActuallyCloud @db00t With a custom provider AND wireguard as well?? If not, your comments are out of scope.

@frepke thanks for the input, works well with openvpn and wireguard on mullvad for me as well.

@tushardhadiwal have you tried re-pulling the latest image? Since this is a custom provider, this can be due to the wireguard server or your host firewall or your keys being invalid. Closing this since it's not a bug but a user issue. Feel free to continue discussing here if you want though.