search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.44k stars 350 forks source link

Bug: cannot add address to wireguard interface: permission denied: when adding address to link tun0 #1768

Closed mangotango69202 closed 1 year ago

mangotango69202 commented 1 year ago

Is this urgent?

No

Host OS

Ubuntu 22.04

CPU arch

aarch64

VPN service provider

Custom

What are you using to run the container

docker run

What is the version of Gluetun

Running version latest built on 2023-07-27T10:36:04.313Z (commit 9024912)

What's the problem 🤔

getting error cannot add address to wireguard interface: permission denied: when adding address 2606:4700:110:827d:5dfe:4ce1:e6c9:d358/128 to link tun0

i have a ipv6 address and can ping6 google.com

Share your logs

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2023-07-27T10:36:04.313Z (commit 9024912)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-07-28T09:08:24Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2023-07-28T09:08:24Z INFO [routing] default route found: interface eth0, gateway fd12:3456:789a:1::1, assigned IP fd12:3456:789a:1:0:242:ac11:2 and family v6
2023-07-28T09:08:24Z INFO [routing] local ethernet link found: eth0
2023-07-28T09:08:24Z INFO [routing] local ipnet found: 172.17.0.0/16
2023-07-28T09:08:24Z INFO [routing] local ipnet found: fd12:3456:789a:1::/64
2023-07-28T09:08:24Z INFO [routing] local ipnet found: fe80::/64
2023-07-28T09:08:24Z INFO [firewall] enabling...
2023-07-28T09:08:24Z INFO [firewall] enabled successfully
2023-07-28T09:08:24Z INFO [storage] creating /gluetun/servers.json with 17692 hardcoded servers
2023-07-28T09:08:25Z INFO Alpine version: 3.18.2
2023-07-28T09:08:25Z INFO OpenVPN 2.5 version: 2.5.8
2023-07-28T09:08:25Z INFO OpenVPN 2.6 version: 2.6.5
2023-07-28T09:08:25Z INFO Unbound version: 1.17.1
2023-07-28T09:08:25Z INFO IPtables version: v1.8.9
2023-07-28T09:08:25Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Target IP address: 2606:4700:d0::a29f:c001
|   |       └── Wireguard selection settings:
|   |           ├── Endpoint IP address: 2606:4700:d0::a29f:c001
|   |           ├── Endpoint port: 2408
|   |           └── Server public key: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
|   └── Wireguard settings:
|       ├── Private key: sLM...F4=
|       ├── Interface addresses:
|       |   └── 2606:4700:110:827d:5dfe:4ce1:e6c9:d358/128
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1280
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2023-07-28T09:08:25Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2023-07-28T09:08:25Z INFO [routing] default route found: interface eth0, gateway fd12:3456:789a:1::1, assigned IP fd12:3456:789a:1:0:242:ac11:2 and family v6
2023-07-28T09:08:25Z INFO [routing] adding route for 0.0.0.0/0
2023-07-28T09:08:25Z INFO [routing] adding route for ::/0
2023-07-28T09:08:25Z INFO [firewall] setting allowed subnets...
2023-07-28T09:08:25Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2023-07-28T09:08:25Z INFO [routing] default route found: interface eth0, gateway fd12:3456:789a:1::1, assigned IP fd12:3456:789a:1:0:242:ac11:2 and family v6
2023-07-28T09:08:25Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-07-28T09:08:25Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2023-07-28T09:08:25Z INFO [http server] http server listening on [::]:8000
2023-07-28T09:08:25Z INFO [firewall] allowing VPN connection...
2023-07-28T09:08:25Z INFO [healthcheck] listening on 127.0.0.1:9999
2023-07-28T09:08:25Z INFO [wireguard] Using available kernelspace implementation
2023-07-28T09:08:25Z ERROR [vpn] cannot add address to wireguard interface: permission denied: when adding address 2606:4700:110:827d:5dfe:4ce1:e6c9:d358/128 to link tun0
2023-07-28T09:08:25Z INFO [vpn] retrying in 15s
^C
2023-07-28T09:08:27Z WARN Caught OS signal interrupt, shutting down
2023-07-28T09:08:27Z INFO dns ticker: terminated ✔️
2023-07-28T09:08:27Z INFO updater ticker: terminated ✔️
2023-07-28T09:08:27Z INFO http server: terminated ✔️
2023-07-28T09:08:27Z INFO control: terminated ✔️
2023-07-28T09:08:27Z INFO updater: terminated ✔️
2023-07-28T09:08:27Z INFO public IP: terminated ✔️
2023-07-28T09:08:27Z INFO tickers: terminated ✔️
2023-07-28T09:08:27Z INFO HTTP health server: terminated ✔️
2023-07-28T09:08:27Z INFO vpn: terminated ✔️
2023-07-28T09:08:27Z INFO port forwarding: terminated ✔️
2023-07-28T09:08:27Z INFO shadowsocks proxy: terminated ✔️
2023-07-28T09:08:27Z INFO public IP: terminated ✔️
2023-07-28T09:08:27Z INFO http proxy: terminated ✔️
2023-07-28T09:08:27Z INFO unbound: terminated ✔️
2023-07-28T09:08:27Z INFO other: terminated ✔️
2023-07-28T09:08:27Z INFO [routing] routing cleanup...
2023-07-28T09:08:27Z INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2023-07-28T09:08:27Z INFO [routing] default route found: interface eth0, gateway fd12:3456:789a:1::1, assigned IP fd12:3456:789a:1:0:242:ac11:2 and family v6
2023-07-28T09:08:27Z INFO [routing] deleting route for 0.0.0.0/0
2023-07-28T09:08:27Z INFO [routing] deleting route for ::/0
2023-07-28T09:08:27Z INFO Shutdown successful

Share your configuration

docker run -it --rm --cap-add=NET_ADMIN -e VPN_SERVICE_PROVIDER=custom -e VPN_TYPE=wireguard -e VPN_ENDPOINT_IP="2606:4700:d0::a29f:c001" -e VPN_ENDPOINT_PORT=2408 -e WIREGUARD_MTU=1280 -e WIREGUARD_PUBLIC_KEY="bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=" -e WIREGUARD_PRIVATE_KEY="xxxx" -e WIREGUARD_ADDRESSES="2606:4700:110:827d:5dfe:4ce1:e6c9:d358/128" qmcgaw/gluetun
therealthingy commented 1 year ago

Adding

    sysctls:
        - net.ipv6.conf.all.disable_ipv6=0

to the gluetun container fixed the issue for me