search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.48k stars 352 forks source link

Bug: cannot connect with mullvad #153

Closed bash-worth closed 4 years ago

bash-worth commented 4 years ago

cannot connect with mullvad

  1. Is this urgent?

    • [ ] Yes
    • [x] No

  2. What VPN service provider are you using?

    • [ ] PIA
    • [x] Mullvad
    • [ ] Windscribe

  3. What's the version of the program?

    See the line at the top of your logs

    Running version latest built on 2020-05-03T16:29:27Z (commit 89187b6)

  4. What are you using to run the container?

    • [ ] Docker run
    • [x] Docker Compose
    • [ ] Kubernetes
    • [ ] Docker stack
    • [ ] Docker swarm
    • [ ] Podman
    • [ ] Other:

  5. Extra information

Logs:

=========================================
============= PIA container =============
========== An exquisite mix of ==========
==== OpenVPN, Unbound, DNS over TLS, ====
===== Shadowsocks, Tinyproxy and Go =====
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================
Running version latest built on 2020-05-03T16:29:27Z (commit 89187b6)
📣  New HTTP control server, see https://github.com/qdm12/private-internet-access-docker#http-control-server
🔧  Need help? https://github.com/qdm12/private-internet-access-docker/issues/new
💻  Email? quentin.mcgaw@gmail.com
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2020-05-04T08:01:12.600Z    INFO    IPtables version: v1.8.3
2020-05-04T08:01:12.658Z    INFO    TinyProxy version: 1.10.0
2020-05-04T08:01:12.665Z    INFO    ShadowSocks version: 3.3.4
2020-05-04T08:01:12.672Z    INFO    OpenVPN version: 2.4.8
2020-05-04T08:01:12.678Z    INFO    Unbound version: 1.9.6
2020-05-04T08:01:12.679Z    INFO    Settings summary below:
OpenVPN settings:
|--Network protocol: udp
|--Verbosity level: 1
|--Run as root: no
|--Target IP address: <nil>
|--Custom cipher:
|--Custom auth algorithm:
Mullvad settings:
 |--User: [redacted]
 |--Country: germany
 |--City: frankfurt
 |--ISP: 31173
 |--Port:
System settings:
|--User ID: 1000
|--Group ID: 1000
|--Timezone:
|--IP Status filepath: /ip
DNS over TLS settings:
 |--DNS over TLS provider:
  |--cloudflare
 |--Caching: enabled
 |--Block malicious: enabled
 |--Block surveillance: disabled
 |--Block ads: disabled
 |--Allowed hostnames:
  |--
 |--Private addresses:
  |--127.0.0.1/8
  |--10.0.0.0/8
  |--172.16.0.0/12
  |--192.168.0.0/16
  |--169.254.0.0/16
  |--::1/128
  |--fc00::/7
  |--fe80::/10
  |--::ffff:0:0/96
 |--Verbosity level: 1/5
 |--Verbosity details level: 0/4
 |--Validation log level: 0/2
 |--IPv6 resolution: disabled
Firewall settings:
 |--Allowed subnets: 192.168.1.0/24, 10.0.0.0/8
TinyProxy settings: disabled
ShadowSocks settings: disabled
2020-05-04T08:01:12.681Z    INFO    openvpn configurator: checking for device /dev/net/tun
2020-05-04T08:01:12.682Z    INFO    openvpn configurator: writing auth file /etc/openvpn/auth.conf
2020-05-04T08:01:12.682Z    INFO    routing: detecting default network route
2020-05-04T08:01:12.683Z    INFO    routing: default route found: interface eth0, gateway 172.17.0.1, subnet 172.17.0.0/16
2020-05-04T08:01:12.683Z    INFO    firewall configurator: accepting all traffic
2020-05-04T08:01:12.691Z    INFO    Launching standard output merger
2020-05-04T08:01:12.692Z    INFO    routing: adding 192.168.1.0/24 as route via eth0
2020-05-04T08:01:12.695Z    INFO    routing: adding 10.0.0.0/8 as route via eth0
2020-05-04T08:01:12.697Z    INFO    firewall configurator: clearing all rules
2020-05-04T08:01:12.708Z    INFO    firewall configurator: blocking all traffic
2020-05-04T08:01:12.720Z    INFO    firewall configurator: creating general rules
2020-05-04T08:01:12.732Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.132 through eth0 on port udp 1197
2020-05-04T08:01:12.736Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.140 through eth0 on port udp 1197
2020-05-04T08:01:12.740Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.136 through eth0 on port udp 1197
2020-05-04T08:01:12.744Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.133 through eth0 on port udp 1197
2020-05-04T08:01:12.748Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.144 through eth0 on port udp 1197
2020-05-04T08:01:12.751Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.143 through eth0 on port udp 1197
2020-05-04T08:01:12.754Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.138 through eth0 on port udp 1197
2020-05-04T08:01:12.758Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.142 through eth0 on port udp 1197
2020-05-04T08:01:12.761Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.139 through eth0 on port udp 1197
2020-05-04T08:01:12.765Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.135 through eth0 on port udp 1197
2020-05-04T08:01:12.768Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.145 through eth0 on port udp 1197
2020-05-04T08:01:12.772Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.137 through eth0 on port udp 1197
2020-05-04T08:01:12.776Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.131 through eth0 on port udp 1197
2020-05-04T08:01:12.779Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.134 through eth0 on port udp 1197
2020-05-04T08:01:12.783Z    INFO    firewall configurator: allowing output traffic to VPN server 185.213.155.141 through eth0 on port udp 1197
2020-05-04T08:01:12.790Z    INFO    firewall configurator: accepting input and output traffic for 172.17.0.0/16
2020-05-04T08:01:12.796Z    INFO    firewall configurator: accepting input traffic through eth0 from 192.168.1.0/24 to 172.17.0.0/16
2020-05-04T08:01:12.799Z    INFO    firewall configurator: accepting output traffic through eth0 from 172.17.0.0/16 to 192.168.1.0/24
2020-05-04T08:01:12.803Z    INFO    firewall configurator: accepting input traffic through eth0 from 10.0.0.0/8 to 172.17.0.0/16
2020-05-04T08:01:12.806Z    INFO    firewall configurator: accepting output traffic through eth0 from 172.17.0.0/16 to 10.0.0.0/8
2020-05-04T08:01:12.810Z    INFO    openvpn: starting
2020-05-04T08:01:12.810Z    WARN    http server: restartOpenvpn function is not set, waiting...
2020-05-04T08:01:12.810Z    INFO    openvpn configurator: starting openvpn
2020-05-04T08:01:12.812Z    WARN    http server: restartUnbound function is not set, waiting...
2020-05-04T08:01:12.815Z    INFO    openvpn: Mon May  4 08:01:12 2020 OpenVPN 2.4.8 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb  7 2020
2020-05-04T08:01:12.815Z    INFO    openvpn: Mon May  4 08:01:12 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-05-04T08:01:12.821Z    INFO    openvpn: Mon May  4 08:01:12 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.213.155.134:1197
2020-05-04T08:01:12.821Z    INFO    openvpn: Mon May  4 08:01:12 2020 UDP link local: (not bound)
2020-05-04T08:01:12.822Z    INFO    openvpn: Mon May  4 08:01:12 2020 UDP link remote: [AF_INET]185.213.155.134:1197
2020-05-04T08:01:12.822Z    INFO    openvpn: Mon May  4 08:01:12 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2020-05-04T08:01:12.924Z    INFO    openvpn: Mon May  4 08:01:12 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
2020-05-04T08:01:12.924Z    INFO    openvpn: Mon May  4 08:01:12 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2020-05-04T08:01:12.924Z    INFO    openvpn: Mon May  4 08:01:12 2020 [de-fra-004.mullvad.net] Peer Connection Initiated with [AF_INET]185.213.155.134:1197
2020-05-04T08:01:19.011Z    INFO    openvpn: Mon May  4 08:01:19 2020 NOTE: setsockopt TCP_NODELAY=1 failed
2020-05-04T08:01:19.012Z    INFO    openvpn: Mon May  4 08:01:19 2020 TUN/TAP device tun0 opened
2020-05-04T08:01:19.013Z    INFO    openvpn: Mon May  4 08:01:19 2020 /sbin/ip link set dev tun0 up mtu 1500
2020-05-04T08:01:19.014Z    INFO    openvpn: Mon May  4 08:01:19 2020 /sbin/ip addr add dev tun0 10.11.0.8/16 broadcast 10.11.255.255
2020-05-04T08:01:19.016Z    INFO    openvpn: Mon May  4 08:01:19 2020 /sbin/ip -6 addr add fdda:d0d0:cafe:1197::1006/64 dev tun0
2020-05-04T08:01:19.018Z    INFO    openvpn: Mon May  4 08:01:19 2020 Linux ip -6 addr add failed: external program exited with error status: 2
2020-05-04T08:01:19.018Z    INFO    openvpn: Mon May  4 08:01:19 2020 Exiting due to fatal error
2020-05-04T08:01:19.078Z    ERROR   openvpn: exit status 1
2020-05-04T08:01:19.078Z    INFO    openvpn: starting
2020-05-04T08:01:19.078Z    INFO    openvpn configurator: starting openvpn
2020-05-04T08:01:19.078Z    ERROR   close |0: file already closed
2020-05-04T08:01:19.084Z    INFO    openvpn: Mon May  4 08:01:19 2020 OpenVPN 2.4.8 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb  7 2020
2020-05-04T08:01:19.085Z    INFO    openvpn: Mon May  4 08:01:19 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-05-04T08:01:19.091Z    INFO    openvpn: Mon May  4 08:01:19 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.213.155.135:1197
2020-05-04T08:01:19.091Z    INFO    openvpn: Mon May  4 08:01:19 2020 UDP link local: (not bound)
2020-05-04T08:01:19.091Z    INFO    openvpn: Mon May  4 08:01:19 2020 UDP link remote: [AF_INET]185.213.155.135:1197
2020-05-04T08:01:19.092Z    INFO    openvpn: Mon May  4 08:01:19 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2020-05-04T08:01:19.188Z    INFO    openvpn: Mon May  4 08:01:19 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
2020-05-04T08:01:19.189Z    INFO    openvpn: Mon May  4 08:01:19 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2020-05-04T08:01:19.189Z    INFO    openvpn: Mon May  4 08:01:19 2020 [de-fra-005.mullvad.net] Peer Connection Initiated with [AF_INET]185.213.155.135:1197
2020-05-04T08:01:25.688Z    INFO    openvpn: Mon May  4 08:01:25 2020 NOTE: setsockopt TCP_NODELAY=1 failed
2020-05-04T08:01:25.690Z    INFO    openvpn: Mon May  4 08:01:25 2020 TUN/TAP device tun0 opened
2020-05-04T08:01:25.691Z    INFO    openvpn: Mon May  4 08:01:25 2020 /sbin/ip link set dev tun0 up mtu 1500
2020-05-04T08:01:25.695Z    INFO    openvpn: Mon May  4 08:01:25 2020 /sbin/ip addr add dev tun0 10.11.0.7/16 broadcast 10.11.255.255
2020-05-04T08:01:25.700Z    INFO    openvpn: Mon May  4 08:01:25 2020 /sbin/ip -6 addr add fdda:d0d0:cafe:1197::1005/64 dev tun0
2020-05-04T08:01:25.705Z    INFO    openvpn: Mon May  4 08:01:25 2020 Linux ip -6 addr add failed: external program exited with error status: 2
2020-05-04T08:01:25.706Z    INFO    openvpn: Mon May  4 08:01:25 2020 Exiting due to fatal error
2020-05-04T08:01:25.768Z    ERROR   openvpn: exit status 1
2020-05-04T08:01:25.768Z    INFO    openvpn: starting
2020-05-04T08:01:25.768Z    ERROR   close |0: file already closed
2020-05-04T08:01:25.769Z    INFO    openvpn configurator: starting openvpn
2020-05-04T08:01:25.781Z    INFO    openvpn: Mon May  4 08:01:25 2020 OpenVPN 2.4.8 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Feb  7 2020
2020-05-04T08:01:25.781Z    INFO    openvpn: Mon May  4 08:01:25 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-05-04T08:01:25.790Z    INFO    openvpn: Mon May  4 08:01:25 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.213.155.131:1197
2020-05-04T08:01:25.790Z    INFO    openvpn: Mon May  4 08:01:25 2020 UDP link local: (not bound)
2020-05-04T08:01:25.790Z    INFO    openvpn: Mon May  4 08:01:25 2020 UDP link remote: [AF_INET]185.213.155.131:1197
2020-05-04T08:01:25.790Z    INFO    openvpn: Mon May  4 08:01:25 2020 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay
2020-05-04T08:01:25.895Z    INFO    openvpn: Mon May  4 08:01:25 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
2020-05-04T08:01:25.895Z    INFO    openvpn: Mon May  4 08:01:25 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2020-05-04T08:01:25.896Z    INFO    openvpn: Mon May  4 08:01:25 2020 [de-fra-001.mullvad.net] Peer Connection Initiated with [AF_INET]185.213.155.131:1197
2020-05-04T08:01:27.156Z    INFO    openvpn: Mon May  4 08:01:27 2020 AUTH: Received control message: AUTH_FAILED,[TOO_MANY_CONNECTIONS] This Mullvad account is already used by the maximum number of simultaneous connections
2020-05-04T08:01:27.156Z    INFO    openvpn: Mon May  4 08:01:27 2020 SIGUSR1[soft,auth-failure] received, process restarting
2020-05-04T08:01:37.157Z    INFO    openvpn: Mon May  4 08:01:37 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.213.155.131:1197
2020-05-04T08:01:37.157Z    INFO    openvpn: Mon May  4 08:01:37 2020 UDP link local: (not bound)
2020-05-04T08:01:37.158Z    INFO    openvpn: Mon May  4 08:01:37 2020 UDP link remote: [AF_INET]185.213.155.131:1197
2020-05-04T08:01:37.260Z    INFO    openvpn: Mon May  4 08:01:37 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
2020-05-04T08:01:37.261Z    INFO    openvpn: Mon May  4 08:01:37 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2020-05-04T08:01:37.261Z    INFO    openvpn: Mon May  4 08:01:37 2020 [de-fra-001.mullvad.net] Peer Connection Initiated with [AF_INET]185.213.155.131:1197
2020-05-04T08:01:38.451Z    INFO    openvpn: Mon May  4 08:01:38 2020 AUTH: Received control message: AUTH_FAILED,[TOO_MANY_CONNECTIONS] This Mullvad account is already used by the maximum number of simultaneous connections
2020-05-04T08:01:38.452Z    INFO    openvpn: Mon May  4 08:01:38 2020 SIGUSR1[soft,auth-failure] received, process restarting
...

Configuration file:

version: "3.7"
services:
  pia:
    build: https://github.com/qdm12/private-internet-access-docker.git
    image: qmcgaw/private-internet-access
    container_name: pia
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    network_mode: bridge
    init: true
    ports:
#      - 8888:8888/tcp
#      - 8388:8388/tcp
#      - 8388:8388/udp
      - 7878:7878
      - 6789:6789
      - 8989:8989
      - 9191:9191
#    command: --auth-nocache
    environment:
      - VPNSP=mullvad
      - USER=[redacted]
      - PASSWORD=
      - ENCRYPTION=
      - PROTOCOL=udp
      - COUNTRY=Germany
      - CITY=Frankfurt
      - ISP=31173
      - PORT=
#      - NONROOT=no
      - DOT=on
#      - BLOCK_MALICIOUS=on
#      - BLOCK_NSA=off
#      - UNBLOCK=
#      - FIREWALL=on
      - EXTRA_SUBNETS=192.168.1.0/24,10.0.0.0/8
#      - TINYPROXY=on
#      - TINYPROXY_LOG=Critical
#      - TINYPROXY_USER=
#      - TINYPROXY_PASSWORD=
#      - SHADOWSOCKS=on
#      - SHADOWSOCKS_LOG=on
#      - SHADOWSOCKS_PASSWORD=
    restart: always

Host OS: Raspbian buster

github-actions[bot] commented 4 years ago

Thanks for creating your first issue :+1: Feel free to use Slack if you just need some quick help or want to chat

qdm12 commented 4 years ago

Hi thanks for reporting.

The problem comes from IPv6 it seems:

/sbin/ip -6 addr add fdda:d0d0:cafe:1197::1006/64 dev tun0
Linux ip -6 addr add failed: external program exited with error status: 2
Exiting due to fatal error

Do you have IPv6 enabled in your network?

I also added in the latest build a few minutes ago (build):

bash-worth commented 4 years ago

Thanks for your response!

Adding the following to docker-compose.yml fixed the issue.

sysctls:
      - net.ipv6.conf.all.disable_ipv6=0

My bad for not checking the faq!

qdm12 commented 4 years ago

Well thanks for reminding me of it :smile: I completely forgot it myself despite having written it!