Closed stry8993 closed 1 year ago
@stry8993
Just a thought, but you might try simplifying your configuration down to the essentials, and then add back to see which optional setting is causing you problems. I've been using AirVPN with Gluetun for a while now, and it's been really good. I mostly use OpenVPN, but have used Wireguard often as well.
Here's a minimum configuration you can try, based on your docker-compose above:
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
ports:
- 8090:8090 # port for qbittorrent
environment:
- PUID=1029
- PGID=100
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=------------------------------------------XWc=
- WIREGUARD_PRESHARED_KEY=---------------------------------------DQ=
- WIREGUARD_ADDRESSES=10.151.xxx.xx/32
- SERVER_CITIES=Vancouver
- TZ=America/[Redacted]
volumes:
- /volume1/docker/gluetun:/gluetun
restart: unless-stopped
If you want to add your forwarded port back in, that needs to be the same port assigned to you by AirVPN for the server group you're using. So if 47109 is your AirVPN assigned port, that's the port you open using FIREWALL_VPN_INPUT_PORTS, and also use as your incoming port in your torrent client.
Hey there, thanks for getting back to me. That is, indeed, what I started out with. What you're seeing now is where I've arrived/stopped at trying to figure out whats going on. I looked at the wiki and based the config from that, and have since attempted to change things based on little bits of info I could gleam, here and there.
As soon as it tries to do the healthcheck from cloudflare.com via port 443 it just times out on the i/o. I tried 1.1.1.1 to no avail.
On Wed, Aug 30, 2023 at 7:30β―PM Scott Ueland @.***> wrote:
@stry8993 https://github.com/stry8993
Just a thought, but you might try simplifying your configuration down to the essentials, and then add back to see which optional setting is causing you problems. I've been using AirVPN with Gluetun for a while now, and it's been really good. I mostly use OpenVPN, but have used Wireguard often as well.
Here's a minimum configuration you can try, based on your docker-compose above:
services: gluetun: image: qmcgaw/gluetun:latest container_name: gluetun cap_add:
- NET_ADMIN devices:
- /dev/net/tun:/dev/net/tun ports:
- 8090:8090 # port for qbittorrent environment:
- PUID=1029
- PGID=100
- VPN_SERVICE_PROVIDER=airvpn
- VPN_TYPE=wireguard
- WIREGUARD_PRIVATE_KEY=------------------------------------------XWc=
- WIREGUARD_PRESHARED_KEY=---------------------------------------DQ=
- WIREGUARD_ADDRESSES=10.151.xxx.xx/32
- SERVER_CITIES=Vancouver
- TZ=America/[Redacted] volumes:
- /volume1/docker/gluetun:/gluetun restart: unless-stopped
If you want to add your forwarded port back in, that needs to be the same port assigned to you by AirVPN for the server group you're using. So if 47109 is your AirVPN assigned port, that's the port you open using FIREWALL_VPN_INPUT_PORTS, and also use as your incoming port in your torrent client.
β Reply to this email directly, view it on GitHub https://github.com/qdm12/gluetun/issues/1832#issuecomment-1700195142, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACDX3R3WM3F676CB3ENWG4DXX7SMHANCNFSM6AAAAAA4FHIBPI . You are receiving this because you were mentioned.Message ID: @.***>
I gave that a shot. And... well.... no luck. Same issue.
@bnhf
I've been using AirVPN with Gluetun for a while now, and it's been really good. I mostly use OpenVPN, but have used Wireguard often as well.
And you've never had this cloudflare i/o timeout with Wireguard ?
@stry8993
No problems with Cloudflare timeouts -- really no problems at all with either OpenVPN or Wireguard on AirVPN. You might try an OpenVPN config, as a sanity check. In fact, if you're using a decent x86_64 based host, there's very little speed difference between the two. Wireguard is no doubt better on ARM or other low-end processors.
Just restarted my stack to see if anything has changed, and all looks per usual (this is OpenVPN):
========================================
========================================
=============== gluetun ================
========================================
=========== Made with β€οΈ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2023-08-11T11:08:54.752Z (commit e556871)
π§ Need help? https://github.com/qdm12/gluetun/discussions/new
π Bug? https://github.com/qdm12/gluetun/issues/new
β¨ New feature? https://github.com/qdm12/gluetun/issues/new
β Discussion? https://github.com/qdm12/gluetun/discussions/new
π» Email? quentin.mcgaw@gmail.com
π° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-08-30T20:24:43-06:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2023-08-30T20:24:43-06:00 INFO [routing] local ethernet link found: eth0
2023-08-30T20:24:43-06:00 INFO [routing] local ipnet found: 172.22.0.0/16
2023-08-30T20:24:43-06:00 INFO [firewall] enabling...
2023-08-30T20:24:43-06:00 INFO [firewall] enabled successfully
2023-08-30T20:24:43-06:00 INFO [storage] merging by most recent 17692 hardcoded servers and 17692 servers read from /gluetun/servers.json
2023-08-30T20:24:43-06:00 INFO Alpine version: 3.18.3
2023-08-30T20:24:43-06:00 INFO OpenVPN 2.5 version: 2.5.8
2023-08-30T20:24:43-06:00 INFO OpenVPN 2.6 version: 2.6.5
2023-08-30T20:24:43-06:00 INFO Unbound version: 1.17.1
2023-08-30T20:24:43-06:00 INFO IPtables version: v1.8.9
2023-08-30T20:24:43-06:00 INFO Settings summary:
βββ VPN settings:
| βββ VPN provider settings:
| | βββ Name: airvpn
| | βββ Server selection settings:
| | βββ VPN type: openvpn
| | βββ Countries: canada
| | βββ OpenVPN server selection settings:
| | βββ Protocol: UDP
| βββ OpenVPN settings:
| βββ OpenVPN version: 2.5
| βββ User: [not set]
| βββ Password: [not set]
| βββ Ciphers: [aes-256-gcm]
| βββ Client crt: MII...A==
| βββ Client key: MII...gM=
| βββ Network interface: tun0
| βββ Run OpenVPN as: root
| βββ Verbosity level: 1
βββ DNS settings:
| βββ Keep existing nameserver(s): no
| βββ DNS server address to use: 127.0.0.1
| βββ DNS over TLS settings:
| βββ Enabled: yes
| βββ Update period: every 24h0m0s
| βββ Unbound settings:
| | βββ Authoritative servers:
| | | βββ cloudflare
| | βββ Caching: yes
| | βββ IPv6: no
| | βββ Verbosity level: 1
| | βββ Verbosity details level: 0
| | βββ Validation log level: 0
| | βββ System user: root
| | βββ Allowed networks:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ DNS filtering settings:
| βββ Block malicious: yes
| βββ Block ads: no
| βββ Block surveillance: no
| βββ Allowed hosts:
| | βββ [redacted]
| βββ Blocked IP networks:
| βββ 127.0.0.1/8
| βββ 10.0.0.0/8
| βββ 172.16.0.0/12
| βββ 192.168.0.0/16
| βββ 169.254.0.0/16
| βββ ::1/128
| βββ fc00::/7
| βββ fe80::/10
| βββ ::ffff:127.0.0.1/104
| βββ ::ffff:10.0.0.0/104
| βββ ::ffff:169.254.0.0/112
| βββ ::ffff:172.16.0.0/108
| βββ ::ffff:192.168.0.0/112
βββ Firewall settings:
| βββ Enabled: yes
| βββ VPN input ports:
| βββ [redacted]
βββ Log settings:
| βββ Log level: INFO
βββ Health settings:
| βββ Server listening address: 127.0.0.1:9999
| βββ Target address: cloudflare.com:443
| βββ Duration to wait after success: 5s
| βββ Read header timeout: 100ms
| βββ Read timeout: 500ms
| βββ VPN wait durations:
| βββ Initial duration: 6s
| βββ Additional duration: 5s
βββ Shadowsocks server settings:
| βββ Enabled: no
βββ HTTP proxy settings:
| βββ Enabled: no
βββ Control server settings:
| βββ Listening address: :8000
| βββ Logging: yes
βββ OS Alpine settings:
| βββ Process UID: 1000
| βββ Process GID: 1000
| βββ Timezone: us/mountain
βββ Public IP settings:
| βββ Fetching: every 12h0m0s
| βββ IP file path: /tmp/gluetun/ip
βββ Version settings:
βββ Enabled: yes
2023-08-30T20:24:43-06:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2023-08-30T20:24:43-06:00 INFO [routing] adding route for 0.0.0.0/0
2023-08-30T20:24:43-06:00 INFO [firewall] setting allowed subnets...
2023-08-30T20:24:43-06:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2023-08-30T20:24:43-06:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2023-08-30T20:24:43-06:00 INFO [http server] http server listening on [::]:8000
2023-08-30T20:24:43-06:00 INFO [healthcheck] listening on 127.0.0.1:9999
2023-08-30T20:24:43-06:00 INFO [firewall] allowing VPN connection...
2023-08-30T20:24:43-06:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
2023-08-30T20:24:43-06:00 INFO [openvpn] library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-08-30T20:24:43-06:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET][redacted]
2023-08-30T20:24:43-06:00 INFO [openvpn] UDP link local: (not bound)
2023-08-30T20:24:43-06:00 INFO [openvpn] UDP link remote: [AF_INET][redacted]
2023-08-30T20:24:43-06:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1602'
2023-08-30T20:24:43-06:00 WARN [openvpn] 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2023-08-30T20:24:43-06:00 INFO [openvpn] [Alya] Peer Connection Initiated with [AF_INET][redacted]
2023-08-30T20:24:46-06:00 INFO [openvpn] TUN/TAP device tun0 opened
2023-08-30T20:24:46-06:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2023-08-30T20:24:46-06:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2023-08-30T20:24:46-06:00 INFO [openvpn] /sbin/ip addr add dev tun0 [redacted]
2023-08-30T20:24:46-06:00 INFO [openvpn] UID set to nonrootuser
2023-08-30T20:24:46-06:00 INFO [openvpn] Initialization Sequence Completed
2023-08-30T20:24:46-06:00 INFO [firewall] setting allowed input port [redacted} through interface tun0...
2023-08-30T20:24:46-06:00 INFO [dns] downloading DNS over TLS cryptographic files
2023-08-30T20:24:47-06:00 INFO [dns] downloading hostnames and IP block lists
2023-08-30T20:24:47-06:00 INFO [healthcheck] healthy!
2023-08-30T20:24:51-06:00 INFO [dns] init module 0: validator
2023-08-30T20:24:51-06:00 INFO [dns] init module 1: iterator
2023-08-30T20:24:51-06:00 INFO [dns] start of service (unbound 1.17.1).
2023-08-30T20:24:51-06:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-08-30T20:24:51-06:00 INFO [dns] ready
2023-08-30T20:24:52-06:00 INFO [vpn] You are running 1 commit behind the most recent latest
2023-08-30T20:24:52-06:00 INFO [ip getter] Public IP address is [redacted] (Canada, Ontario, Toronto)
Good point, I'll give that a shot (OpenVPN)
On Wed, Aug 30, 2023 at 8:34β―PM Scott Ueland @.***> wrote:
@stry8993 https://github.com/stry8993
No problems with Cloudflare timeouts -- really no problems at all with either OpenVPN or Wireguard on AirVPN. You might try an OpenVPN config, as a sanity check. In fact, if you're using a decent x86_64 processor based host, there's very little speed difference between the two. Wireguard is no doubt better on ARM or other low-end processors.
Just restarted my stack to see if anything has changed, and all looks per usual (this is OpenVPN):
=============================================================================================== gluetun =================================================================== Made with β€οΈ by =================== https://github.com/qdm12 =======================================================================================Running version latest built on 2023-08-11T11:08:54.752Z (commit e556871)π§ Need help? https://github.com/qdm12/gluetun/discussions/newπ Bug? https://github.com/qdm12/gluetun/issues/newβ¨ New feature? https://github.com/qdm12/gluetun/issues/newβ Discussion? https://github.com/qdm12/gluetun/discussions/newπ» Email? @.***π° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm122023-08-30T20:24:43-06:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v42023-08-30T20:24:43-06:00 INFO [routing] local ethernet link found: eth02023-08-30T20:24:43-06:00 INFO [routing] local ipnet found: 172.22.0.0/162023-08-30T20:24:43-06:00 INFO [firewall] enabling...2023-08-30T20:24:43-06:00 INFO [firewall] enabled successfully2023-08-30T20:24:43-06:00 INFO [storage] merging by most recent 17692 hardcoded servers and 17692 servers read from /gluetun/servers.json2023-08-30T20:24:43-06:00 INFO Alpine version: 3.18.32023-08-30T20:24:43-06:00 INFO OpenVPN 2.5 version: 2.5.82023-08-30T20:24:43-06:00 INFO OpenVPN 2.6 version: 2.6.52023-08-30T20:24:43-06:00 INFO Unbound version: 1.17.12023-08-30T20:24:43-06:00 INFO IPtables version: v1.8.92023-08-30T20:24:43-06:00 INFO Settings summary:βββ VPN settings:| βββ VPN provider settings:| | βββ Name: airvpn| | βββ Server selection settings:| | βββ VPN type: openvpn| | βββ Countries: canada| | βββ OpenVPN server selection settings:| | βββ Protocol: UDP| βββ OpenVPN settings:| βββ OpenVPN version: 2.5| βββ User: [not set]| βββ Password: [not set]| βββ Ciphers: [aes-256-gcm]| βββ Client crt: MII...A==| βββ Client key: MII...gM=| βββ Network interface: tun0| βββ Run OpenVPN as: root| βββ Verbosity level: 1βββ DNS settings:| βββ Keep existing nameserver(s): no| βββ DNS server address to use: 127.0.0.1| βββ DNS over TLS settings:| βββ Enabled: yes| βββ Update period: every 24h0m0s| βββ Unbound settings:| | βββ Authoritative servers:| | | βββ cloudflare| | βββ Caching: yes| | βββ IPv6: no| | βββ Verbosity level: 1| | βββ Verbosity details level: 0| | βββ Validation log level: 0| | βββ System user: root| | βββ Allowed networks:| | βββ 0.0.0.0/0| | βββ ::/0| βββ DNS filtering settings:| βββ Block malicious: yes| βββ Block ads: no| βββ Block surveillance: no| βββ Allowed hosts:| | βββ [redacted]| βββ Blocked IP networks:| βββ 127.0.0.1/8| βββ 10.0.0.0/8| βββ 172.16.0.0/12| βββ 192.168.0.0/16| βββ 169.254.0.0/16| βββ ::1/128| βββ fc00::/7| βββ fe80::/10| βββ ::ffff:127.0.0.1/104| βββ ::ffff:10.0.0.0/104| βββ ::ffff:169.254.0.0/112| βββ ::ffff:172.16.0.0/108| βββ ::ffff:192.168.0.0/112βββ Firewall settings:| βββ Enabled: yes| βββ VPN input ports:| βββ [redacted]βββ Log settings:| βββ Log level: INFOβββ Health settings:| βββ Server listening address: 127.0.0.1:9999| βββ Target address: cloudflare.com:443| βββ Duration to wait after success: 5s| βββ Read header timeout: 100ms| βββ Read timeout: 500ms| βββ VPN wait durations:| βββ Initial duration: 6s| βββ Additional duration: 5sβββ Shadowsocks server settings:| βββ Enabled: noβββ HTTP proxy settings:| βββ Enabled: noβββ Control server settings:| βββ Listening address: :8000| βββ Logging: yesβββ OS Alpine settings:| βββ Process UID: 1000| βββ Process GID: 1000| βββ Timezone: us/mountainβββ Public IP settings:| βββ Fetching: every 12h0m0s| βββ IP file path: /tmp/gluetun/ipβββ Version settings: βββ Enabled: yes2023-08-30T20:24:43-06:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v42023-08-30T20:24:43-06:00 INFO [routing] adding route for 0.0.0.0/02023-08-30T20:24:43-06:00 INFO [firewall] setting allowed subnets...2023-08-30T20:24:43-06:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v42023-08-30T20:24:43-06:00 INFO [dns] using plaintext DNS at address 1.1.1.12023-08-30T20:24:43-06:00 INFO [http server] http server listening on [::]:80002023-08-30T20:24:43-06:00 INFO [healthcheck] listening on 127.0.0.1:99992023-08-30T20:24:43-06:00 INFO [firewall] allowing VPN connection...2023-08-30T20:24:43-06:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 20222023-08-30T20:24:43-06:00 INFO [openvpn] library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.102023-08-30T20:24:43-06:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET][redacted]2023-08-30T20:24:43-06:00 INFO [openvpn] UDP link local: (not bound)2023-08-30T20:24:43-06:00 INFO [openvpn] UDP link remote: [AF_INET][redacted]2023-08-30T20:24:43-06:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1550', remote='link-mtu 1602'2023-08-30T20:24:43-06:00 WARN [openvpn] 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'2023-08-30T20:24:43-06:00 INFO [openvpn] [Alya] Peer Connection Initiated with [AF_INET][redacted]2023-08-30T20:24:46-06:00 INFO [openvpn] TUN/TAP device tun0 opened2023-08-30T20:24:46-06:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 15002023-08-30T20:24:46-06:00 INFO [openvpn] /sbin/ip link set dev tun0 up2023-08-30T20:24:46-06:00 INFO [openvpn] /sbin/ip addr add dev tun0 [redacted]2023-08-30T20:24:46-06:00 INFO [openvpn] UID set to nonrootuser2023-08-30T20:24:46-06:00 INFO [openvpn] Initialization Sequence Completed2023-08-30T20:24:46-06:00 INFO [firewall] setting allowed input port [redacted} through interface tun0...2023-08-30T20:24:46-06:00 INFO [dns] downloading DNS over TLS cryptographic files2023-08-30T20:24:47-06:00 INFO [dns] downloading hostnames and IP block lists2023-08-30T20:24:47-06:00 INFO [healthcheck] healthy!2023-08-30T20:24:51-06:00 INFO [dns] init module 0: validator2023-08-30T20:24:51-06:00 INFO [dns] init module 1: iterator2023-08-30T20:24:51-06:00 INFO [dns] start of service (unbound 1.17.1).2023-08-30T20:24:51-06:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN2023-08-30T20:24:51-06:00 INFO [dns] ready2023-08-30T20:24:52-06:00 INFO [vpn] You are running 1 commit behind the most recent latest2023-08-30T20:24:52-06:00 INFO [ip getter] Public IP address is [redacted] (Canada, Ontario, Toronto)
β Reply to this email directly, view it on GitHub https://github.com/qdm12/gluetun/issues/1832#issuecomment-1700285217, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACDX3R52H6BKOJDEEPGNYXTXX7Z3DANCNFSM6AAAAAA4FHIBPI . You are receiving this because you were mentioned.Message ID: @.***>
I've been using OpenVPN within Gluetun, and it's the same. I keep on getting those annoying unhealthy timeout. I raised this issue several times, and I only got responses like "it doesn't affect anything." The worst part is that you cannot stop the health check. I'm just going to stop using Gluetun and move to the OpenVPN docker directly. I feel that Gluetun has so many unnecessary stuff in it.
@bnhf Thanks for the help! π
@stry8993 from the logs you show, for example:
2023/08/30 17:14:57 stdout 2023-08-30T17:14:57-06:00 INFO [healthcheck] healthy!
2023/08/30 17:14:56 stdout 2023-08-30T17:14:56-06:00 INFO [healthcheck] unhealthy: dialing: dial tcp4 104.16.132.229:443: i/o timeout
2023/08/30 17:14:37 stdout 2023-08-30T17:14:37-06:00 INFO [healthcheck] healthy!
2023/08/30 17:14:36 stdout 2023-08-30T17:14:36-06:00 INFO [healthcheck] unhealthy: dialing: dial tcp4 104.16.133.229:443: i/o timeout
The VPN is not affected at all by this healthcheck. The VPN is only affected if the healthcheck fails for 6 seconds, and gets restarted (and of course this is logged if it happens).
Now, you see things around, your speeds are going down at the same time the healthcheck fails BECAUSE of your connectivity (wifi? ISP dropping packets? VPN server unstable?). It's not the healthcheck that causes your connectivity to fail. You can read more on the healthcheck at https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
@doctorttt It might be worth reading up instead of complaining without knowing how it works. You can adjust periods of the healthcheck, see https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/healthcheck.md although your VPN might just be dead for hours without internally restarting. It's not allowed to disable it since it provides critical auto-healing which is required due to how Docker networking works (can't simply restart the container once connection fails, like most containers do). Anyway all this should be detailed in the FAQ page linked above.
Closing this since this is not a bug at all, simply a log due to bad connectivity (external factor) and cannot do anything to prevent this from happening (check your local network, reach out to the VPN provider, change VPN server etc.).
Is this urgent?
None
Host OS
Synology DSM 7.2
CPU arch
x86_64
VPN service provider
AirVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2023-08-24T09:09:29.123Z (commit 1ac031e)
What's the problem π€
No matter what I've done, correct setup, changing things that made sense to me, here and there, it is always giving me
[healthcheck] unhealthy: dialing: dial tcp4 104.16.132.229:443: i/o timeout
It seems like it can't reach cloudflare? But, I don't enough about gluetun's inner workings to be able to say either way.
Speeds will be fine, and then bottom out, and thats what I get. And then it just keeps on doing it over and over and over again, no matter what I do, or change, or try.
I've added relevant bits to the YAML from the conf from AirVPN, removed them, nothing.
It does work, for the most part, but the healthcheck bit doesn't seem to be, and brings the whole things throughput right down until it bottoms out.
Share your logs
Share your configuration