Bug: tun0 is gone

[olvier]

Is this urgent?

Yes

Host OS

Synology DSM Version: 7.1.1-42962 Update 4

CPU arch

x86_64

VPN service provider

Custom

What are you using to run the container

docker run

What is the version of Gluetun

latest: 3.33

What's the problem 🤔

tun0 is gone

worked for "years" now and total happy with it. ifconfig just shows eth0 and lo. tun0 in synology is existent.

Any idea?

Share your logs

2023-04-17T19:31:48Z INFO OpenVPN 2.4 version: 2.4.12
2023-04-17T19:31:48Z INFO OpenVPN 2.5 version: 2.5.8
2023-04-17T19:31:48Z INFO Unbound version: 1.17.1
2023-04-17T19:31:48Z INFO IPtables version: v1.8.8
2023-04-17T19:31:48Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: perfect privacy
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Cities: rotterdam
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   └── Enabled: no
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2023-04-17T19:31:48Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.8
2023-04-17T19:31:48Z INFO [routing] adding route for 0.0.0.0/0
2023-04-17T19:31:48Z INFO [firewall] firewall disabled, only updating allowed subnets internal list
2023-04-17T19:31:48Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1 and assigned IP 172.17.0.8
2023-04-17T19:31:48Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-04-17T19:31:48Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2023-04-17T19:31:48Z INFO [http server] http server listening on [::]:8000
2023-04-17T19:31:48Z INFO [healthcheck] listening on 127.0.0.1:9999
2023-04-17T19:31:48Z INFO [firewall] firewall disabled, only updating internal VPN connection
2023-04-17T19:31:48Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2023-04-17T19:31:48Z INFO [openvpn] library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-04-17T19:31:48Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-04-17T19:31:48Z WARN [openvpn] Your certificate has expired!
2023-04-17T19:31:48Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]31.xxx.xxx.xxx:443
2023-04-17T19:31:48Z INFO [openvpn] UDP link local: (not bound)
2023-04-17T19:31:48Z INFO [openvpn] UDP link remote: [AF_INET]31.xxx.xxx.xxx:443
2023-04-17T19:31:48Z INFO [healthcheck] healthy!

2023-04-17T19:36:49Z INFO [firewall] firewall disabled, only updating internal VPN connection
2023-04-17T19:36:49Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2023-04-17T19:36:49Z INFO [openvpn] library versions: OpenSSL 3.0.8 7 Feb 2023, LZO 2.10
2023-04-17T19:36:49Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-04-17T19:36:49Z WARN [openvpn] Your certificate has expired!
2023-04-17T19:36:49Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]31.xxx.xxx.xxx:443
2023-04-17T19:36:49Z INFO [openvpn] UDP link local: (not bound)
2023-04-17T19:36:49Z INFO [openvpn] UDP link remote: [AF_INET]31.xxx.xxx.xxx:443
2023-04-17T19:37:49Z WARN [openvpn] TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
🚒🚒🚒🚒🚒🚨🚨🚨🚨🚨🚨🚒🚒🚒🚒🚒
That error usually happens because either:
1. The VPN server IP address you are trying to connect to is no longer valid 🔌
   Update your server information using https://github.com/qdm12/gluetun/wiki/Updating-Servers
2. The VPN server crashed 💥, try changing your VPN servers filtering options such as SERVER_REGIONS
3. Your Internet connection is not working 🤯, ensure it works
4. Something else ➡️ https://github.com/qdm12/gluetun/issues/new/choose
2023-04-17T19:37:49Z INFO [openvpn] TLS Error: TLS handshake failed
2023-04-17T19:37:49Z INFO [openvpn] SIGTERM received, sending exit notification to peer
2023-04-17T19:37:49Z INFO [openvpn] SIGTERM[soft,tls-error] received, process exiting
2023-04-17T19:37:49Z INFO [vpn] retrying in 15s

Share your configuration

docker run -d \
--name=vpn_qmcgaw-gluetun \
--cap-add=NET_ADMIN \
-e VPN_SERVICE_PROVIDER="perfect privacy" \
-e OPENVPN_USER=pp9999999 -e OPENVPN_PASSWORD=PASSWORD \
-e SERVER_CITIES=Rotterdam \
-e FIREWALL=off \
-l telegram-notifier.monitor=false \
-p 32xxx:32xxx \
-p 33xxx:33xxx \
-p 34xxx:34xxx \
qmcgaw/gluetun

noW, for testing, added
--device /dev/net/tun \
or
--device /dev/net/tun:/dev/net/tun \
both w/o any better result

[qdm12]

tun0 in synology is existent.

You meant is non existant right?

Anyway, your problem is most likely due to:

2023-04-17T19:36:49Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-04-17T19:36:49Z WARN [openvpn] Your certificate has expired!

Gluetun only goes as healthy! because the firewall is off, so it uses your network without going through the not-working vpn tunnel.

[olvier]

tun0 in synology is existent.

You meant is non existant right?

In synology host its existant, in docker-container not

Anyway, your problem is most likely due to:

2023-04-17T19:36:49Z WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2023-04-17T19:36:49Z WARN [openvpn] Your certificate has expired!

yeah, im following the issue #1527 and waiting for a solution :)

Gluetun only goes as healthy! because the firewall is off, so it uses your network without going through the not-working vpn tunnel.

did this, because otherwise i didn't become connectable, if i'm remembering right