search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.69k stars 359 forks source link

Bug: Not able to connect to other service using service name #1820

Closed navilg closed 1 year ago

navilg commented 1 year ago

Is this urgent?

Yes

Host OS

Ubuntu 22.04

CPU arch

aarch64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

v3.35.0

What's the problem 🤔

I have a docker compose file with 3 services. One is vpn service using gluetun, another is radarr and third is prowlarr.

vpn service is using docker network my_network. prowlarr is behind vpn using network_mode: service:vpn. radarr is not behind VPN and using network my_network.

I am able to reach out to prowlarr from radarr container using url http://vpn:portofprowlarr But when I try to reach out to radarr from prowlarr container using url http://radarr:portofservice3, It fails to reach.

is there anyway to solve this ? Seems like container behind VPN is not able to connect to container which is not behind VPN.

Share your logs

NA
Will share post initial conversation

Share your configuration

version: "3.9"
name: media-stack
services:
  vpn:
    container_name: vpn
    image: qmcgaw/gluetun:v3.35.0
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=${VPN_SERVICE_PROVIDER:-protonvpn}
      - OPENVPN_USER=${OPENVPN_USER:-""}
      - OPENVPN_PASSWORD=${OPENVPN_PASSWORD:-""}
      - SERVER_COUNTRIES=${SERVER_COUNTRIES:-Netherlands}
    networks:
      - mynetwork
    ports:
    # prowlarr ports
      - 9696:9696
    restart: "unless-stopped"
  radarr:
    container_name: radarr
    image: lscr.io/linuxserver/radarr:4.7.5
    networks:
      - mynetwork
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    ports:
      - 7878:7878
    volumes:
      - radarr-config:/config
    restart: "unless-stopped"
  prowlarr:
    container_name: prowlarr
    image: linuxserver/prowlarr:1.6.3
    depends_on:               
      - vpn                   
    network_mode: service:vpn 
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=UTC
    volumes:
      - prowlarr-config:/config
    restart: unless-stopped

volumes:
  radarr-config:
  prowlarr-config:

networks:
  mynetwork:
    external: true
qdm12 commented 1 year ago

This is sort of by design, because the DNS goes through the VPN only, and does not use the Docker DNS (or DNS traffic would leak out the VPN). You can use ip addresses to reach out from a container behind Gluetun to another container in the same docker network as Gluetun.

You can also subscribe to #137 which may resolve this, by exclusively forwarding requests for names without a dot to the Docker DNS, and send the rest of the traffic through the VPN.