search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.34k stars 348 forks source link

Bug: Gluetun locks up raspberry pi 3b+ #1746

Open Bush-cat opened 1 year ago

Bush-cat commented 1 year ago

Is this urgent?

No

Host OS

Raspberry Pi OS Lite (11 bullseye 64-Bit)

CPU arch

aarch64

VPN service provider

TorGuard

What are you using to run the container

Portainer

What is the version of Gluetun

Running version latest built on 2023-06-30T18:14:43.045Z (commit 8ad16cd)

What's the problem 🤔

When starting gluetun sometimes the container locks up the raspberry pi completely (doesn't respond from ssh, ping or portainer webui for days - requires a manual poweroff), sometimes this happens after 2h, sometimes 30min and sometimes when starting the container.

Share your logs

bc@serber:~ $ tail -f /var/log/syslog
Jul 14 15:19:54 serber systemd[1]: run-docker-runtime\x2drunc-moby-cafb1bc6c5a8805f945390fec148edd39393d84601f79a32471d7b952e6eee00-runc.v2AY7S.mount: Succeeded.
Jul 14 15:19:54 serber systemd[631]: run-docker-runtime\x2drunc-moby-cafb1bc6c5a8805f945390fec148edd39393d84601f79a32471d7b952e6eee00-runc.v2AY7S.mount: Succeeded.
Jul 14 15:19:54 serber systemd[1]: Started libcontainer container cafb1bc6c5a8805f945390fec148edd39393d84601f79a32471d7b952e6eee00.
Jul 14 15:19:55 serber dhcpcd[623]: vethd23b0d5: carrier lost
Jul 14 15:19:55 serber avahi-daemon[366]: Interface vethd23b0d5.IPv6 no longer relevant for mDNS.
Jul 14 15:19:55 serber avahi-daemon[366]: Leaving mDNS multicast group on interface vethd23b0d5.IPv6 with address fe80::6ab:4857:696a:c4c.
Jul 14 15:19:56 serber avahi-daemon[366]: Withdrawing address record for fe80::6ab:4857:696a:c4c on vethd23b0d5.
Jul 14 15:19:56 serber kernel: [  208.272899] br-296d985c5291: port 2(veth5367a7a) entered disabled state
Jul 14 15:19:56 serber kernel: [  208.274556] eth0: renamed from vethd23b0d5
Jul 14 15:19:56 serber kernel: [  208.302584] br-296d985c5291: port 2(veth5367a7a) entered blocking state
Jul 14 15:19:56 serber kernel: [  208.302619] br-296d985c5291: port 2(veth5367a7a) entered forwarding state
Jul 14 15:19:56 serber dhcpcd[623]: vethd23b0d5: deleting address fe80::6ab:4857:696a:c4c
Jul 14 15:19:56 serber dhcpcd[623]: vethd23b0d5: removing interface
Jul 14 15:19:56 serber dhcpcd[623]: veth5367a7a: carrier lost
Jul 14 15:19:56 serber dhcpcd[623]: veth5367a7a: deleting address fe80::c91c:c1c2:40e8:31a3
Jul 14 15:19:56 serber avahi-daemon[366]: Withdrawing address record for fe80::c91c:c1c2:40e8:31a3 on veth5367a7a.
Jul 14 15:19:56 serber avahi-daemon[366]: Leaving mDNS multicast group on interface veth5367a7a.IPv6 with address fe80::c91c:c1c2:40e8:31a3.
Jul 14 15:19:56 serber avahi-daemon[366]: Joining mDNS multicast group on interface veth5367a7a.IPv6 with address fe80::d0b6:1eff:feef:8af0.
Jul 14 15:19:56 serber containerd[479]: time="2023-07-14T15:19:56.694410566+02:00" level=warning msg="error from *cgroupsv2.Manager.EventChan" error="failed to add inotify watch for \"/sys/fs/cgroup/system.slice/docker-cafb1bc6c5a8805f945390fec148edd39393d84601f79a32471d7b952e6eee00.scope/memory.events\": no such file or directory"
Jul 14 15:19:56 serber dhcpcd[623]: veth5367a7a: carrier acquired
Jul 14 15:19:56 serber dhcpcd[623]: veth5367a7a: IAID 1e:ef:8a:f0
Jul 14 15:19:57 serber dhcpcd[623]: veth5367a7a: soliciting a DHCP lease
Jul 14 15:19:57 serber dhcpcd[623]: veth5367a7a: soliciting an IPv6 router
Jul 14 15:20:02 serber dhcpcd[623]: veth5367a7a: probing for an IPv4LL address

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - VPN_SERVICE_PROVIDER=torguard
      - OPENVPN_USER=...
      - OPENVPN_PASSWORD=...
      - SERVER_COUNTRIES=Switzerland
      - OPENVPN_CIPHER=AES-128-CBC
Bush-cat commented 1 year ago

Oddly this only happens when gluetun is running, couldn't get many logs but any other software can run for days, I tried increasing the swap from 100mb to 1024mb but temperature and memory size don't show as a problem in htop, the powersupply is stable too

qdm12 commented 1 year ago

Are you sure it's running in a docker bridged network? If it's running on the host network, it would block off everything with the firewall. Maybe worth checking your host firewall (i.e. iptables -nvL)

Also try accessing your rpi through a usb keyboard + hdmi cable, when it locks up, this should help you debug what is going on.

Jafalex commented 1 year ago

Hi, any luck? Same issue here, but with a different container.

yacevedo commented 10 months ago

I am also finding that gluetun can't complete successfully on the raspberry pi 3b+. Is the 1 GD ram an issue?

Using wireguard, the furthest I'm able to get to is "[ip getter] Public IP address is XXX" before it hangs.

Merichbier commented 6 months ago

Same issue here. From what I can see, gluetun is eating all the CPU resources and that's when everything is hanged on. Don't know how to proceed..

saai63 commented 1 month ago

Similar problem on my Raspberry 3B+. TailScale works fine on the same device though. Before you ask, I had disabled TailScale before trying to run gluetun.

qdm12 commented 1 month ago

Have you tried setting BLOCK_MALICIOUS=off? That can use quite a bit of ram, maybe that's why? 🤔