search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.55k stars 356 forks source link

Bug: ... server misbehaving #149

Closed frepke closed 4 years ago

frepke commented 4 years ago

  1. What VPN service provider are you using?

    • [x] PIA
    • [ ] Mullvad
    • [ ] Windscribe

  2. What's the version of the program?

    See the line at the top of your logs

    Running version latest built on 2020-04-29T01:22:44Z (commit b0ea739)

  3. What are you using to run the container?

    • [ ] Docker run
    • [x] Docker Compose
    • [ ] Kubernetes
    • [ ] Docker stack
    • [ ] Docker swarm
    • [ ] Podman
    • [ ] Other:

  4. What's wrong? (please share some of your logs, and maybe configuration)

After pulling the latest image, the container doesn't run any more. An error message appears: "server misbehaving" and then the container is starting again.

Logs

2020-04-29T10:17:48.575+0200    INFO    OpenVPN version: 2.4.8
2020-04-29T10:17:48.580+0200    INFO    Unbound version: 1.9.6
2020-04-29T10:17:48.583+0200    INFO    IPtables version: v1.8.3
2020-04-29T10:17:48.651+0200    INFO    TinyProxy version: 1.10.0
2020-04-29T10:17:48.656+0200    INFO    ShadowSocks version: 3.3.4
2020-04-29T10:17:48.656+0200    INFO    Settings summary below:
OpenVPN settings:
|--Network protocol: udp
|--Verbosity level: 1
|--Run as root: no
|--Target IP address: <nil>
|--Custom cipher: aes-256-gcm
|--Custom auth algorithm: 
PIA settings:
 |--User: [redacted]
 |--Password: [redacted]
 |--Region: uk london
 |--Encryption: strong
 |--Port forwarding: off
System settings:
|--User ID: 1000
|--Group ID: 100
|--Timezone: europe/amsterdam
|--IP Status filepath: /srv/dev-disk-by-label-NASinternalUSB1/vpn/ip
DNS over TLS settings:
 |--DNS over TLS provider:
  |--cloudflare
  |--quad9
 |--Caching: enabled
 |--Block malicious: enabled
 |--Block surveillance: enabled
 |--Block ads: enabled
 |--Allowed hostnames:
  |--
 |--Private addresses:
  |--127.0.0.1/8
  |--10.0.0.0/8
  |--172.16.0.0/12
  |--192.168.0.0/16
  |--169.254.0.0/16
  |--::1/128
  |--fc00::/7
  |--fe80::/10
  |--::ffff:0:0/96
 |--Verbosity level: 1/5
 |--Verbosity details level: 0/4
 |--Validation log level: 0/2
 |--IPv6 resolution: disabled
Firewall settings:
 |--Allowed subnets: 10.54.1.0/24
TinyProxy settings: disabled
ShadowSocks settings:
 |--Password: [redacted]
 |--Log: enabled
 |--Port: 8388
 |--Method: chacha20-ietf-poly1305

2020-04-29T10:17:48.658+0200    INFO    openvpn configurator: checking for device /dev/net/tun
2020-04-29T10:17:48.658+0200    WARN    TUN device is not available: open /dev/net/tun: no such file or directory
2020-04-29T10:17:48.658+0200    INFO    openvpn configurator: creating /dev/net/tun
2020-04-29T10:17:48.658+0200    INFO    openvpn configurator: /etc/openvpn/auth.conf already exists
2020-04-29T10:17:48.658+0200    INFO    routing: detecting default network route
2020-04-29T10:17:48.659+0200    INFO    routing: default route found: interface eth0, gateway 172.17.0.1, subnet 172.17.0.0/16
2020-04-29T10:17:48.659+0200    INFO    firewall configurator: accepting all traffic
2020-04-29T10:17:48.666+0200    INFO    dns configurator: using DNS address 1.1.1.1 internally
2020-04-29T10:17:48.667+0200    INFO    dns configurator: downloading root hints from https://raw.githubusercontent.com/qdm12/files/master/named.root.updated
2020-04-29T10:17:48.667+0200    INFO    Launching standard output merger
2020-04-29T10:17:48.884+0200    INFO    dns configurator: downloading root key from https://raw.githubusercontent.com/qdm12/files/master/root.key.updated
2020-04-29T10:17:48.890+0200    INFO    dns configurator: generating Unbound configuration
2020-04-29T10:17:49.608+0200    INFO    dns configurator: 144543 hostnames blocked overall
2020-04-29T10:17:49.608+0200    INFO    dns configurator: 260825 IP addresses blocked overall
2020-04-29T10:17:50.724+0200    INFO    dns configurator: starting unbound
2020-04-29T10:17:50.725+0200    INFO    dns configurator: using DNS address 127.0.0.1 internally
2020-04-29T10:17:50.725+0200    INFO    dns configurator: using DNS address 127.0.0.1 system wide
2020-04-29T10:17:51.028+0200    WARN    dns configurator: could not resolve github.com (try 1 of 10): lookup github.com on 10.54.1.1:53: read udp 127.0.0.1:46911->127.0.0.1:53: read: connection refused
2020-04-29T10:17:52.394+0200    INFO    unbound: [1588148272] unbound[21:0] notice: init module 0: validator
2020-04-29T10:17:52.395+0200    INFO    unbound: [1588148272] unbound[21:0] notice: init module 1: iterator
2020-04-29T10:17:52.851+0200    INFO    unbound: [1588148272] unbound[21:0] info: start of service (unbound 1.9.6).
2020-04-29T10:17:52.877+0200    INFO    unbound: [1588148272] unbound[21:0] info: generate keytag query _ta-4a5c-4f66. NULL IN
2020-04-29T10:17:53.653+0200    ERROR   lookup uk-london.privateinternetaccess.com on 10.54.1.1:53: server misbehaving

  1. Is this urgent?

    • [x] Yes
    • [ ] No
qdm12 commented 4 years ago

This is due to a domain being blocked in the malicious hostnames list, please set BLOCK_MALICIOUS=off for now, I'm still searching what is the domain to be unblocked.

qdm12 commented 4 years ago

Solved, it was because PIA subdomains IP addresses were blocked in the IP address block list.