Open Leon-075 opened 1 year ago
No
openmediavault 6.5.0
x86_64
AirVPN
Portainer
Running version latest built on 2023-07-18T15:57:47.027Z (commit abe2ace)
example1.com is not reachable.
Let's test with usenetserver.com.
ping usenetserver.com ping: bad address 'usenetserver.com'
same result with nslookup or browsing.
usenetserver.com is reachable without any problem.
DOT_PROVIDERS=cloudfare DOT_PROVIDERS=quad9,cloudfare DOT_PROVIDERS=cloudfare,quad9
With 2 different domain names which aren't reachable even with UNBLOCK option. But can be reach when BLOCK_MALICIOUS=off
How important is it to have BLOCK_MALICIOUS=on for security reasons?
2023-07-19T03:51:58+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4 2023-07-19T03:51:58+02:00 INFO [routing] local ethernet link found: eth0 2023-07-19T03:51:58+02:00 INFO [routing] local ipnet found: 172.20.0.0/16 2023-07-19T03:51:58+02:00 INFO [firewall] enabling... 2023-07-19T03:51:58+02:00 INFO [firewall] enabled successfully 2023-07-19T03:51:59+02:00 INFO [storage] merging by most recent 17657 hardcoded servers and 17633 servers read from /gluetun/servers.json 2023-07-19T03:51:59+02:00 INFO [storage] Using airvpn servers from file which are 110 days more recent 2023-07-19T03:51:59+02:00 INFO Alpine version: 3.18.2 2023-07-19T03:51:59+02:00 INFO OpenVPN 2.5 version: 2.5.8 2023-07-19T03:51:59+02:00 INFO OpenVPN 2.6 version: 2.6.5 2023-07-19T03:51:59+02:00 INFO Unbound version: 1.17.1 2023-07-19T03:51:59+02:00 INFO IPtables version: v1.8.9 2023-07-19T03:51:59+02:00 INFO Settings summary: ├── VPN settings: | ├── VPN provider settings: | | ├── Name: airvpn | | └── Server selection settings: | | ├── VPN type: wireguard | | ├── Countries: belgium, switzerland, netherlands | | └── Wireguard selection settings: | └── Wireguard settings: | ├── Private key: [redacted] | ├── Pre-shared key: [redacted] | ├── Interface addresses: | | └── [redacted] | ├── Allowed IPs: | | ├── 0.0.0.0/0 | | └── ::/0 | └── Network interface: tun0 | └── MTU: 1320 ├── DNS settings: | ├── DNS server address to use: 127.0.0.1 | ├── Keep existing nameserver(s): no | └── DNS over TLS settings: | ├── Enabled: yes | ├── Update period: every 24h0m0s | ├── Unbound settings: | | ├── Authoritative servers: | | | └── cloudflare | | ├── Caching: yes | | ├── IPv6: no | | ├── Verbosity level: 1 | | ├── Verbosity details level: 0 | | ├── Validation log level: 0 | | ├── System user: root | | └── Allowed networks: | | ├── 0.0.0.0/0 | | └── ::/0 | └── DNS filtering settings: | ├── Block malicious: yes | ├── Block ads: no | ├── Block surveillance: no | ├── Allowed hosts: | | └── [redacted] | └── Blocked IP networks: | ├── 127.0.0.1/8 | ├── 10.0.0.0/8 | ├── 172.16.0.0/12 | ├── 192.168.0.0/16 | ├── 169.254.0.0/16 | ├── ::1/128 | ├── fc00::/7 | ├── fe80::/10 | ├── ::ffff:127.0.0.1/104 | ├── ::ffff:10.0.0.0/104 | ├── ::ffff:169.254.0.0/112 | ├── ::ffff:172.16.0.0/108 | └── ::ffff:192.168.0.0/112 ├── Firewall settings: | ├── Enabled: yes | └── VPN input ports: | ├── [redacted] | └── [redacted] ├── Log settings: | └── Log level: INFO ├── Health settings: | ├── Server listening address: 127.0.0.1:9999 | ├── Target address: cloudflare.com:443 | ├── Duration to wait after success: 5s | ├── Read header timeout: 100ms | ├── Read timeout: 500ms | └── VPN wait durations: | ├── Initial duration: 30s | └── Additional duration: 5s ├── Shadowsocks server settings: | └── Enabled: no ├── HTTP proxy settings: | └── Enabled: no ├── Control server settings: | ├── Listening address: :8000 | └── Logging: yes ├── OS Alpine settings: | ├── Process UID: 1001 | ├── Process GID: 100 | └── Timezone: europe/paris ├── Public IP settings: | ├── Fetching: every 12h0m0s | └── IP file path: /tmp/gluetun/ip ├── Server data updater settings: | ├── Update period: 72h0m0s | ├── DNS address: 1.1.1.1:53 | ├── Minimum ratio: 0.8 | └── Providers to update: airvpn └── Version settings: └── Enabled: yes 2023-07-19T03:51:59+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4 2023-07-19T03:51:59+02:00 INFO [routing] adding route for 0.0.0.0/0 2023-07-19T03:51:59+02:00 INFO [firewall] setting allowed subnets... 2023-07-19T03:51:59+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4 2023-07-19T03:51:59+02:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1 2023-07-19T03:51:59+02:00 INFO [http server] http server listening on [::]:8000 2023-07-19T03:51:59+02:00 INFO [healthcheck] listening on 127.0.0.1:9999 2023-07-19T03:51:59+02:00 INFO [firewall] allowing VPN connection... 2023-07-19T03:51:59+02:00 INFO [wireguard] Using available kernelspace implementation 2023-07-19T03:51:59+02:00 INFO [wireguard] Connecting to [redacted] 2023-07-19T03:51:59+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working. 2023-07-19T03:51:59+02:00 INFO [firewall] setting allowed input port [redacted] through interface tun0... 2023-07-19T03:51:59+02:00 INFO [firewall] setting allowed input port [redacted] through interface tun0... 2023-07-19T03:51:59+02:00 INFO [dns over tls] downloading DNS over TLS cryptographic files 2023-07-19T03:52:00+02:00 INFO [healthcheck] healthy! 2023-07-19T03:52:00+02:00 INFO [dns over tls] downloading hostnames and IP block lists 2023-07-19T03:52:04+02:00 INFO [dns over tls] init module 0: validator 2023-07-19T03:52:04+02:00 INFO [dns over tls] init module 1: iterator 2023-07-19T03:52:05+02:00 INFO [dns over tls] start of service (unbound 1.17.1). 2023-07-19T03:52:05+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN 2023-07-19T03:52:05+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN 2023-07-19T03:52:05+02:00 INFO [dns over tls] ready 2023-07-19T03:52:05+02:00 INFO [ip getter] Public IP address is [redacted] 2023-07-19T03:52:05+02:00 INFO [vpn] You are running 1 commit behind the most recent latest
No response
I got it to work by setting DNS_ADDRESS=1.1.1.1
DNS_ADDRESS=1.1.1.1
Is this urgent?
No
Host OS
openmediavault 6.5.0
CPU arch
x86_64
VPN service provider
AirVPN
What are you using to run the container
Portainer
What is the version of Gluetun
Running version latest built on 2023-07-18T15:57:47.027Z (commit abe2ace)
What's the problem 🤔
When BLOCK_MALICIOUS=on & UNBLOCK=example1.com
example1.com is not reachable.
Let's test with usenetserver.com.
same result with nslookup or browsing.
When BLOCK_MALICIOUS=off
usenetserver.com is reachable without any problem.
Tested with:
DOT_PROVIDERS=cloudfare DOT_PROVIDERS=quad9,cloudfare DOT_PROVIDERS=cloudfare,quad9
With 2 different domain names which aren't reachable even with UNBLOCK option. But can be reach when BLOCK_MALICIOUS=off
How important is it to have BLOCK_MALICIOUS=on for security reasons?
Share your logs
Share your configuration
No response