search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.35k stars 348 forks source link

Bug: iptables segmentation fault v1.8.9 + v1.4.21 #1852

Closed ohniceman closed 1 month ago

ohniceman commented 12 months ago

Is this urgent?

Yes

Host OS

QNAP QTS 5.1.1.2491

CPU arch

armv7l

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version v3.35.0 built on 2023-06-28T13:06:38.000Z (commit 44bc60b)

What's the problem πŸ€”

On v3.35.0 I encountered: ERROR no iptables supported found: errors encountered are: iptables-nft: (signal: segmentation fault); iptables: (signal: segmentation fault) as seen in the logs when running on my QNAP host.

I tested error to not be present on v3.34.3. I tested error to not be present on a Windows Host.

Symptom looks similar to: #1062 Per @qdm12's comment running docker run -it --rm alpine:3.18 apk add iptables iptables -L exit Yields no stdout.

Share your logs

Running version v3.35.0 built on 2023-06-28T13:06:38.000Z (commit 44bc60b)
πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new
πŸ› Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-09-09T18:31:35+10:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2023-09-09T18:31:35+10:00 INFO [routing] local ethernet link found: eth0
2023-09-09T18:31:35+10:00 INFO [routing] local ipnet found: 172.29.0.0/22
2023-09-09T18:31:35+10:00 ERROR no iptables supported found: errors encountered are: iptables-nft:  (signal: segmentation fault); iptables:  (signal: segmentation fault)
2023-09-09T18:31:35+10:00 INFO Shutdown successful

Share your configuration

version: "3"
services:
  gluetun:
    container_name: gluetun
    restart: always
    image: qmcgaw/gluetun:v3.35.0
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - /share/Container/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=openvpn
      - OPENVPN_USER=###
      - OPENVPN_PASSWORD=N###
      - SERVER_COUNTRIES=Singapore
      - TZ=###
      #- VPN_PORT_FORWARDING=on
      #- VPN_PORT_FORWARDING_PROVIDER=protonvpn
ohniceman commented 12 months ago

After seeing the following provide no output. docker run -it --rm alpine:3.18 apk add iptables iptables -L exit I noted that from 3.34.3 > 3.35.0 alpine was changed from 3.17 to 3.18. I ran the above commands on alpine 3.17 instead, and i got an output!

So I substituted the ARG ALPINE_VERSION=3.18 ARG GO_ALPINE_VERSION=3.18 arguments from 3.18 to 3.17 and rebuilt the docker image and deployed.

It works!

So it seems the QNAP OS 5.1.1.2491 is not friendly with alpine 3.18. Now I am not a developer or programmer so I am not sure of the repercussions of this change or if this will break anything else, so I will await your reply for a more suitable solution.

ohniceman commented 12 months ago

Also tried the above with earlier versions of alpine 3.18; 3.18.0, 3.18.2, all show the same symptoms. Symptom is likely caused by a change between alpine 3.17.5 and 3.18.0.

qdm12 commented 12 months ago

What do you get from:

docker run -it --rm alpine:3.18
apk add iptables
iptables -L
echo $?
exit

What's the code?

Usually (signal: segmentation fault) means there is something terribly wrong with iptables. And on your host, what do you get from iptables --version?

Sticking to Alpine 3.17 isn't too bad, it's just that your Openvpn version will be stuck on Openvpn 2.5 and Openvpn 2.6 won't be available.

ohniceman commented 11 months ago

Thanks for your response!

As seen in the photo, on 3.18 there is no output. iptables version: v1.4.21

image

qdm12 commented 11 months ago

echo $? should had logged an exit code such as 0, 1 or another number. A bit strange nothing is 'echoed'.

iptables v1.4.21 is 10 years old (link), would it be possible that you update it? πŸ€” Maybe via a qnap system upgrade?

qdm12 commented 4 months ago

Hi there, did you figure it out in the end? Thanks!

qdm12 commented 1 month ago

Closing due to inactivity

github-actions[bot] commented 1 month ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.