PrivateVPN native port forwarding

[nigelluz]

I am sorry for my english level, maybe i cant express what i mean accurately. I hope that the app can be support native port forwarding for PrivateVPN.

For this, I got the port forwarding API method and found out it by sending emails to official support team.

Some openvpn config: https://ovpnstorage.privatevpn.com/

Port forwarding api: https://connect.pvdatanet.com/v3/Api/port?ip[]= that will return a json format result

When connecting to a Dedicated IP server it will be port forwarded to all the ports, else it will provide a port randomly.

[sakaljurgis]

I was able to get the port open with FIREWALL=off env setting. And set the port setting in transmission with above provided port forwarding api url.

I am able to reach this port (from another device) via my isp directly or while connected to other vpn service, but unable when connected to PrivateVPN. Maybe this has something to do with private vpn blocking access due to their ip-leak-vulnerability-when-using-port-forward but not certain

Also not really sure if this brings any security concerns.

Edit 06-May-2024: FIREWALL=off does bring security concerns since it disables firewall, this means your other containers in the same gluetun network will be able to access internet or be reached directly e.g. through eth0 interface instead of tun0 (vpn).

To workaround this issue you'll need to get your open port from above mentioned link https://connect.pvdatanet.com/v3/Api/port?ip[]= and set it in the gluetun container via iptables, e.g. if port is 12345:

docker exec gluetun /sbin/iptables -A INPUT -i tun0 -p tcp --dport 12345 -j ACCEPT
docker exec gluetun /sbin/iptables -A INPUT -i tun0 -p udp --dport 12345 -j ACCEPT

to check if port was added

docker exec gluetun /sbin/iptables -L -v

[qdm12]

This can be automated (similarly to Private Internet Access and ProtonVPN port forwarding). Please try image qmcgaw/gluetun:pr-2285 😉 and set VPN_PORT_FORWARDING=on.

Also, what's the response you get when requesting from a "Dedicated IP server"? I'm especially curious about what the status gives? Because for now Gluetun searches for the specific port in the status text, but I'm not sure how to handle "all ports" responses.

[sakaljurgis]

this is good news actually, thank you :) here are responses: dedicated ip response: {"status":"ALL","supported":true} standard response: {"status":"Port 61593 UDP\/TCP","supported":true}

unfortunately currently i don't have a chance to test this out

[NorseJedi]

This can be automated (similarly to Private Internet Access and ProtonVPN port forwarding). Please try image qmcgaw/gluetun:pr-2285 😉 and set VPN_PORT_FORWARDING=on.

I just tried this, but unfortunately it doesn't work. I get this error:

ERROR [vpn] port forwarding for the first time: port forwarding not supported: for server IP X.X.X.X

X.X.X.X being the public IP I get on the VPN. I'm assuming that this is the IP sent to the pvdatanet.com API endpoint. The IP that needs to be used in that URL however is the internal address assigned to the tun0 interface, not the public address.

Anyway, in case it may be helpful, I'm sharing how I've made this sort of work using a cronjob that runs a script every 5 minutes. The script just checks if the port has changed since last time it was run, and adds the firewall rules as well as updates the forwarded port in Transmission. Method shamelessly nicked from here: https://github.com/haugene/vpn-configs-contrib/blob/main/openvpn/privatevpn/update-port.sh

#!/bin/bash
source /path/to/envfile # Only necessary for Transmission if using authentication, must contain the variable TR_AUTH=username:password (or just change $TR_AUTH to username:password in the docker exec-command below if you're comfortable with putting auth-info in a script)
PORTFILE=/path/to/portfile.txt # A textfile to store the forwarded port

if [ ! -f $PORTFILE ]; then
    echo 0 > $PORTFILE
fi

LAST_PORT=$(cat $PORTFILE)
TUN_ADDR=$(docker exec gluetun ip address show dev tun0 | grep 'inet\b' | awk '{print $2}' | cut -d/ -f1)
PORT_RESPONSE=$(curl -s -f "https://connect.pvdatanet.com/v3/Api/port?ip%5B%5D=$TUN_ADDR")
CURRENT_PORT=$(echo "$PORT_RESPONSE" | grep -oe 'Port [0-9]*' | awk '{print $2}' | cut -d/ -f1)

if [ $LAST_PORT != $CURRENT_PORT ]; then
    # Store the new port
    echo $CURRENT_PORT > $PORTFILE

    # Remove the old port firewall rules (if they exist, otherwise this will print errors, but I don't care)
    docker exec gluetun /sbin/iptables-legacy -D INPUT -i tun0 -p tcp --dport $LAST_PORT -j ACCEPT
    docker exec gluetun /sbin/iptables-legacy -D INPUT -i tun0 -p udp --dport $LAST_PORT -j ACCEPT

    # Add the new port to the firewall
    docker exec gluetun /sbin/iptables-legacy -A INPUT -i tun0 -p tcp --dport $CURRENT_PORT -j ACCEPT
    docker exec gluetun /sbin/iptables-legacy -A INPUT -i tun0 -p udp --dport $CURRENT_PORT -j ACCEPT

    # Update the port in Transmission (just remove "-n $TR_AUTH" if not using authentication)
    docker exec transmission transmission-remote localhost:9091 -n $TR_AUTH -p $CURRENT_PORT
fi

It's not pretty, but it gets the job done until a more streamlined solution is possible ;)

[qdm12]

I'm assuming that this is the IP sent to the pvdatanet.com API endpoint. The IP that needs to be used in that URL however is the internal address assigned to the tun0 interface, not the public address.

Correct, and yes that was the mistake! Changed in 5cc29a7fe04a6c023a94a8e21ee59ce8c6f71cc4 to use the internal vpn ip address. Can you please re-pull the image and see if it works now?

as well as updates the forwarded port in Transmission

That is definitely something I'm starting to think would be a great addition for torrent clients built-in Gluetun, to update their port. Deluge, transmission, qbittorent to name a few.

[Silversurfer79]

Im using this via docker, is there a build I can help test with? Im really keen to get this up and running.

[Silversurfer79]

This is looking very promising. Im getting this error using the suggested build and using these ports in my yaml and Transmission.

ports:

• 51820:51820
• 51820:51820/udp

Log 2024-08-15T10:12:14+02:00 INFO [port forwarding] starting 2024-08-15T10:12:14+02:00 ERROR [vpn] port forwarding for the first time: custom port forwarding obtention is not supported: for privatevpn

At least the containers health now.

I hope this helps.

[sakaljurgis]

This is looking very promising. Im getting this error using the suggested build and using these ports in my yaml and Transmission.

I think this is expected as you should not set the port yourself, but rather use the one that is assigned by PrivateVPN.

[Silversurfer79]

This is looking very promising. Im getting this error using the suggested build and using these ports in my yaml and Transmission.

I think this is expected as you should not set the port yourself, but rather use the one that is assigned by PrivateVPN.

If so, then how does Gluten know what port to use? So far we have to specifiy the ports, is there a variable that gets the ports and adds it to Transmission? What am i missing here?

[sakaljurgis]

This is looking very promising. Im getting this error using the suggested build and using these ports in my yaml and Transmission.

I think this is expected as you should not set the port yourself, but rather use the one that is assigned by PrivateVPN.

If so, then how does Gluten know what port to use? So far we have to specifiy the ports, is there a variable that gets the ports and adds it to Transmission? What am i missing here?

I think that currently it doesn't add anyting to transmission. Proceed smth like this: Gluetun starts and gets the open port from pvpn and opens it in the firewall. Then, you get the port from gluetun control server (there is an edpoint to read forwarded port) manual. Add that port in transmission network settings (and see closed red turning to open green)

[Silversurfer79]

I dont know what any of that means manual. It makes no refrence on how to connect to the container. The best I can do is connect via the Container console in Portainer.

Any chnage the port can just be noted in the Log please? I think this would make sense to 99% of people reading this.

[qdm12]

port forwarding for the first time: custom port forwarding obtention is not supported: for privatevpn

This is fixed now, can you please repull the image and check it works?

[qdm12]

@Silversurfer79 see https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/vpn-port-forwarding.md PrivateVPN is still undocumented for now since I'm waiting to see if it works on the pull request image first. What @sakaljurgis said is correct.

[Silversurfer79]

HI again, The container now fails outright,

[NorseJedi]

Apologies for not testing this again before now. The IP-address used in the check now seems to be correct, but it still doesn't work.

This is the relevant output (at least everything I think is relevant):

2024-08-16T13:01:21+02:00 INFO [port forwarding] starting
2024-08-16T13:01:21+02:00 ERROR [vpn] starting port forwarding service: port forwarding for the first time: port forwarded not found: in status "Port 61527 UDP/TCP"

If I run the following command manually (xxx.xxx.xxx.xxx being the tun0 IP): curl -s -f "https://connect.pvdatanet.com/v3/Api/port?ip%5B%5D=xxx.xxx.xxx.xxx" The result output is: {"status":"Port 61527 UDP\/TCP","supported":true}

I assume there's something wrong in parsing the output since the error message includes the status from the output.

[NorseJedi]

HI again, The container now fails outright

You have to use the image from the PR where Port Forwarding for PrivateVPN is being worked on, not the latest release.

In other words, instead of qmcgaw/gluetun (or qmcgaw/gluetun:latest), use qmcgaw/gluetun:pr-2285

But as per my previous comment, Port Forwarding doesn't currently work.

[qdm12]

Thanks @NorseJedi - fixed in b692bdd32f0bfd70a71ede09c0c775bf93dc151e to extract the port properly. It should work now I hope 😉

[NorseJedi]

Great, getting closer :) Or rather, it actually does work now, but the log still shows an error:

2024-08-16T13:48:49+02:00 INFO [port forwarding] port forwarded is 61527
2024-08-16T13:48:48+02:00 INFO [port forwarding] starting
2024-08-16T13:48:48+02:00 INFO [vpn] There is a new release v3.39.0 (v3.39.0) created 7 days ago
2024-08-16T13:48:48+02:00 ERROR [vpn] getting public IP address information: fetching information: too many requests sent for this month from https://ipinfo.io/: 403 403 Forbidden
2024-08-16T13:48:49+02:00 INFO [firewall] setting allowed input port 61527 through interface tun0...
2024-08-16T13:48:49+02:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-08-16T13:48:49+02:00 ERROR [vpn] starting port forwarding service: %!w(<nil>)

The ipinfo.io error probably isn't relevant for this, but the second error is a bit confusing. I assume this is related to the VPN_PORT_FORWARDING_PROVIDER setting, but I have not set this in my configuration (as I understand it, that's only used for some Wireguard setups).

[Silversurfer79]

port forwarding for the first time: custom port forwarding obtention is not supported: for privatevpn

This is fixed now, can you please repull the image and check it works?

I just want to say thanks so much for the effort here! Its really appricated!

Sorry, I miss understood. I pulled the lastest version not gluetun:pr-2285.

This now works, port open.

[Silversurfer79]

So, two things, is there any way the port can be static (as it comes from the VPN Provider I guess not)? If I reboot either Gluetun or Transmission it will change I guess (this is the case, just checked). So, these means manually checking and setting this port each time or update Transmission dynamically?

[qdm12]

but the second error is a bit confusing

Fixed in c35c3da73921eabae77927cab1b905e4f280436e - just an error wrap I thought would be nice (for all providers), but it turned out I forgot to check if there was no error (hence the ugly %!w(<nil>))

So two things, is there any way the port can be static?

See https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/port-forwarding.md you could use VPN_PORT_FORWARDING_LISTENING_PORT although I'm not sure with torrent clients, since you would need to broadcast the forwarded port to peers I think, so this becomes useless. You would need a script to synchronize Transmission with Gluetun, you can either use a container to do that (google it, I think there are some), or, if you can wait a few days, I would suggest to wait for #2399 and run your script to update Transmission. We could even bundle commonly used scripts in the Gluetun image, eventually.

[Silversurfer79]

but the second error is a bit confusing

Fixed in c35c3da - just an error wrap I thought would be nice (for all providers), but it turned out I forgot to check if there was no error (hence the ugly %!w(<nil>))

So two things, is there any way the port can be static?

See https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/port-forwarding.md you could use VPN_PORT_FORWARDING_LISTENING_PORT although I'm not sure with torrent clients, since you would need to broadcast the forwarded port to peers I think, so this becomes useless. You would need a script to synchronize Transmission with Gluetun, you can either use a container to do that (google it, I think there are some), or, if you can wait a few days, I would suggest to wait for #2399 and run your script to update Transmission. We could even bundle commonly used scripts in the Gluetun image, eventually.

VPN_PORT_FORWARDING_LISTENING_PORT - failed with the follow error:

[qdm12]

@Silversurfer79 please create a discussion since this is now off topic. Also please copy paste your log instead of screenshots, so that I can copy paste some of the error message, that would help 😉 Marking your last and this comment as off-topic.

[qdm12]

Merging this in the latest image, thanks for checking it works @NorseJedi @Silversurfer79 ! Wiki updated as well.

[github-actions[bot]]

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.

[teopost]

@Silversurfer79 please can you share your docker compose ? I've tried various tests but I can't get it to work.

[Silversurfer79]

@Silversurfer79 please can you share your docker compose ? I've tried various tests but I can't get it to work.

You must use this Image: image: qmcgaw/gluetun:pr-2285

version: "3" services: gluetun: image: qmcgaw/gluetun:pr-2285 container_name: Gluetun cap_add:

• NET_ADMIN devices:
• /dev/net/tun:/dev/net/tun ports:
• 8889:8888/tcp # HTTP proxy
• 8388:8388/tcp # Shadowsocks
• 8388:8388/udp # Shadowsocks
• 3001:3000/tcp # Firefox
• 8999:8000/tcp
• 9091:9091 # Transmission UI environment:
• VPN_SERVICE_PROVIDER=privatevpn
• VPN_TYPE=openvpn
• OPENVPN_USER=EMAIL
• OPENVPN_PASSWORD=PASSWORD
• TZ=Africa/Johannesburg
• VPN_PORT_FORWARDING=ON volumes:
• /vol1/docker/gluetun:/gluetun restart: unless-stopped

[NorseJedi]

You must use this Image: image: qmcgaw/gluetun:pr-2285

Not anymore :) It was added to the latest release yesterday, so using qmcgaw/gluetun:latest now works and should probably be used instead (if you continue using the pr-2285 version you probably won't get any future updates or bugfixes). I switched just after it was added yesterday and can confirm that it works.

[teopost]

Thanks @Silversurfer79 , It works... now there's only one problem left to solve. The port changes every time I restart the container. I need to find a way to update the port in Transmission!

[NorseJedi]

I need to find a way to update the port in Transmission!

If you run them both in Docker, you can use this script and run it at intervals through cron (I run it every 30 minutes). It's not a very sophisticated script, but it gets the job done. All it does is run the port-test in Transmission and update the port if it's not open.

#!/bin/bash
GT_CONTAINER=gluetun # Gluetun container name
TR_CONTAINER=transmission # Transmission container name
TR_PORT=9091 # Transmission RPC-port
TR_AUTH=username:password # Transmission RPC username and password

PORT_OPEN=$(docker exec $TR_CONTAINER transmission-remote localhost:$TR_PORT -n $TR_AUTH -pt)
PORT_OPEN=${PORT_OPEN##* }

if [[ $PORT_OPEN != "Yes" ]]; then
    CURRENT_PORT=$(docker exec $GT_CONTAINER cat /tmp/gluetun/forwarded_port)
    docker exec $TR_CONTAINER transmission-remote localhost:$TR_PORT -n $TR_AUTH -p $CURRENT_PORT
fi

Note that this is only tested with the official gluetun image and the lscr.io/linuxserver/transmission Transmission image, but I doubt it matters.

[teopost]

I'll try it right away. Thank you!

[teopost]

It works! Thanks

[Silversurfer79]

Thanks @Silversurfer79 , It works... now there's only one problem left to solve. The port changes every time I restart the container. I need to find a way to update the port in Transmission!

Im glad this is woirking for you. Dont forget to use the advise

You must use this Image: image: qmcgaw/gluetun:pr-2285

Not anymore :) It was added to the latest release yesterday, so using qmcgaw/gluetun:latest now works and should probably be used instead (if you continue using the pr-2285 version you probably won't get any future updates or bugfixes). I switched just after it was added yesterday and can confirm that it works.

[teopost]

Maybe there's still an issue. Every time I start the container, I get these errors I don't think it's a problem with Gluetun. It's not consistent. Does it happen to you?"

docker compose logs  gluetun -f
gluetun  | ========================================
gluetun  | ========================================
gluetun  | =============== gluetun ================
gluetun  | ========================================
gluetun  | =========== Made with ❤️ by ============
gluetun  | ======= https://github.com/qdm12 =======
gluetun  | ========================================
gluetun  | ========================================
gluetun  |
gluetun  | Running version latest built on 2024-08-17T10:04:18.061Z (commit 897a9d7)
gluetun  |
gluetun  | 🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
gluetun  | 🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
gluetun  | 💻 Email? quentin.mcgaw@gmail.com
gluetun  | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
gluetun  | 2024-08-17T16:21:14Z INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.4 and family v4
gluetun  | 2024-08-17T16:21:14Z INFO [routing] local ethernet link found: eth0
gluetun  | 2024-08-17T16:21:14Z INFO [routing] local ipnet found: 172.22.0.0/16
gluetun  | 2024-08-17T16:21:14Z INFO [firewall] enabling...
gluetun  | 2024-08-17T16:21:15Z INFO [firewall] enabled successfully
gluetun  | 2024-08-17T16:21:22Z INFO [storage] merging by most recent 20615 hardcoded servers and 20615 servers read from /gluetun/servers.json
gluetun  | 2024-08-17T16:21:24Z INFO Alpine version: 3.20.2
gluetun  | 2024-08-17T16:21:24Z INFO OpenVPN 2.5 version: 2.5.10
gluetun  | 2024-08-17T16:21:24Z INFO OpenVPN 2.6 version: 2.6.11
gluetun  | 2024-08-17T16:21:24Z INFO Unbound version: 1.20.0
gluetun  | 2024-08-17T16:21:24Z INFO IPtables version: v1.8.10
gluetun  | 2024-08-17T16:21:24Z INFO Settings summary:
gluetun  | ├── VPN settings:
gluetun  | |   ├── VPN provider settings:
gluetun  | |   |   ├── Name: privatevpn
gluetun  | |   |   ├── Server selection settings:
gluetun  | |   |   |   ├── VPN type: openvpn
gluetun  | |   |   |   └── OpenVPN server selection settings:
gluetun  | |   |   |       └── Protocol: UDP
gluetun  | |   |   └── Automatic port forwarding settings:
gluetun  | |   |       ├── Redirection listening port: disabled
gluetun  | |   |       ├── Use port forwarding code for current provider
gluetun  | |   |       ├── Forwarded port file path: /tmp/gluetun/forwarded_port
gluetun  | |   |       └── Credentials:
gluetun  | |   |           ├── Username: username@gmail.com
gluetun  | |   |           └── Password: [set]
gluetun  | |   └── OpenVPN settings:
gluetun  | |       ├── OpenVPN version: 2.6
gluetun  | |       ├── User: [set]
gluetun  | |       ├── Password: [set]
gluetun  | |       ├── Network interface: tun0
gluetun  | |       ├── Run OpenVPN as: root
gluetun  | |       └── Verbosity level: 1
gluetun  | ├── DNS settings:
gluetun  | |   ├── Keep existing nameserver(s): no
gluetun  | |   ├── DNS server address to use: 127.0.0.1
gluetun  | |   └── DNS over TLS settings:
gluetun  | |       ├── Enabled: yes
gluetun  | |       ├── Update period: every 24h0m0s
gluetun  | |       ├── Unbound settings:
gluetun  | |       |   ├── Authoritative servers:
gluetun  | |       |   |   └── cloudflare
gluetun  | |       |   ├── Caching: yes
gluetun  | |       |   ├── IPv6: no
gluetun  | |       |   ├── Verbosity level: 1
gluetun  | |       |   ├── Verbosity details level: 0
gluetun  | |       |   ├── Validation log level: 0
gluetun  | |       |   ├── System user: root
gluetun  | |       |   └── Allowed networks:
gluetun  | |       |       ├── 0.0.0.0/0
gluetun  | |       |       └── ::/0
gluetun  | |       └── DNS filtering settings:
gluetun  | |           ├── Block malicious: yes
gluetun  | |           ├── Block ads: no
gluetun  | |           ├── Block surveillance: no
gluetun  | |           └── Blocked IP networks:
gluetun  | |               ├── 127.0.0.1/8
gluetun  | |               ├── 10.0.0.0/8
gluetun  | |               ├── 172.16.0.0/12
gluetun  | |               ├── 192.168.0.0/16
gluetun  | |               ├── 169.254.0.0/16
gluetun  | |               ├── ::1/128
gluetun  | |               ├── fc00::/7
gluetun  | |               ├── fe80::/10
gluetun  | |               ├── ::ffff:127.0.0.1/104
gluetun  | |               ├── ::ffff:10.0.0.0/104
gluetun  | |               ├── ::ffff:169.254.0.0/112
gluetun  | |               ├── ::ffff:172.16.0.0/108
gluetun  | |               └── ::ffff:192.168.0.0/112
gluetun  | ├── Firewall settings:
gluetun  | |   └── Enabled: yes
gluetun  | ├── Log settings:
gluetun  | |   └── Log level: info
gluetun  | ├── Health settings:
gluetun  | |   ├── Server listening address: 127.0.0.1:9999
gluetun  | |   ├── Target address: cloudflare.com:443
gluetun  | |   ├── Duration to wait after success: 5s
gluetun  | |   ├── Read header timeout: 100ms
gluetun  | |   ├── Read timeout: 500ms
gluetun  | |   └── VPN wait durations:
gluetun  | |       ├── Initial duration: 6s
gluetun  | |       └── Additional duration: 5s
gluetun  | ├── Shadowsocks server settings:
gluetun  | |   └── Enabled: no
gluetun  | ├── HTTP proxy settings:
gluetun  | |   ├── Enabled: yes
gluetun  | |   ├── Listening address: :8888
gluetun  | |   ├── User:
gluetun  | |   ├── Password: [not set]
gluetun  | |   ├── Stealth mode: no
gluetun  | |   ├── Log: no
gluetun  | |   ├── Read header timeout: 1s
gluetun  | |   └── Read timeout: 3s
gluetun  | ├── Control server settings:
gluetun  | |   ├── Listening address: :8000
gluetun  | |   └── Logging: yes
gluetun  | ├── OS Alpine settings:
gluetun  | |   ├── Process UID: 1000
gluetun  | |   └── Process GID: 1000
gluetun  | ├── Public IP settings:
gluetun  | |   ├── Fetching: every 12h0m0s
gluetun  | |   ├── IP file path: /tmp/gluetun/ip
gluetun  | |   └── Public IP data API: ipinfo
gluetun  | └── Version settings:
gluetun  |     └── Enabled: yes
gluetun  | 2024-08-17T16:21:24Z INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.4 and family v4
gluetun  | 2024-08-17T16:21:24Z INFO [routing] adding route for 0.0.0.0/0
gluetun  | 2024-08-17T16:21:24Z INFO [firewall] setting allowed subnets...
gluetun  | 2024-08-17T16:21:24Z INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.4 and family v4
gluetun  | 2024-08-17T16:21:24Z INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun  | 2024-08-17T16:21:24Z INFO [http proxy] listening on :8888
gluetun  | 2024-08-17T16:21:24Z INFO [http server] http server listening on [::]:8000
gluetun  | 2024-08-17T16:21:24Z INFO [firewall] allowing VPN connection...
gluetun  | 2024-08-17T16:21:24Z INFO [healthcheck] listening on 127.0.0.1:9999
gluetun  | 2024-08-17T16:21:24Z INFO [openvpn] OpenVPN 2.6.11 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun  | 2024-08-17T16:21:24Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
gluetun  | 2024-08-17T16:21:24Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.156.174.179:1194
gluetun  | 2024-08-17T16:21:24Z INFO [openvpn] UDPv4 link local: (not bound)
gluetun  | 2024-08-17T16:21:24Z INFO [openvpn] UDPv4 link remote: [AF_INET]185.156.174.179:1194
gluetun  | 2024-08-17T16:21:24Z INFO [openvpn] [PrivateVPN] Peer Connection Initiated with [AF_INET]185.156.174.179:1194
gluetun  | 2024-08-17T16:21:25Z INFO [openvpn] TUN/TAP device tun0 opened
gluetun  | 2024-08-17T16:21:25Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun  | 2024-08-17T16:21:25Z INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun  | 2024-08-17T16:21:25Z INFO [openvpn] /sbin/ip addr add dev tun0 10.35.14.2/23
gluetun  | 2024-08-17T16:21:26Z INFO [openvpn] UID set to nonrootuser
gluetun  | 2024-08-17T16:21:26Z INFO [openvpn] Initialization Sequence Completed
gluetun  | 2024-08-17T16:21:26Z INFO [dns] downloading DNS over TLS cryptographic files
gluetun  | 2024-08-17T16:21:26Z INFO [healthcheck] healthy!
gluetun  | 2024-08-17T16:21:27Z INFO [dns] downloading hostnames and IP block lists
gluetun  | 2024-08-17T16:21:55Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun  | 2024-08-17T16:21:55Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun  | 2024-08-17T16:21:55Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun  | 2024-08-17T16:21:55Z INFO [vpn] stopping
gluetun  | 2024-08-17T16:21:55Z ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
gluetun  | 2024-08-17T16:21:55Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
gluetun  | 2024-08-17T16:21:55Z INFO [port forwarding] starting
gluetun  | 2024-08-17T16:21:55Z INFO [vpn] starting
gluetun  | 2024-08-17T16:21:55Z INFO [firewall] allowing VPN connection...
gluetun  | 2024-08-17T16:21:56Z INFO [openvpn] OpenVPN 2.6.11 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun  | 2024-08-17T16:21:56Z INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
gluetun  | 2024-08-17T16:21:56Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]217.212.240.92:1194
gluetun  | 2024-08-17T16:21:56Z INFO [openvpn] UDPv4 link local: (not bound)
gluetun  | 2024-08-17T16:21:56Z INFO [openvpn] UDPv4 link remote: [AF_INET]217.212.240.92:1194
gluetun  | 2024-08-17T16:21:56Z INFO [openvpn] [PrivateVPN] Peer Connection Initiated with [AF_INET]217.212.240.92:1194
gluetun  | 2024-08-17T16:21:57Z INFO [openvpn] TUN/TAP device tun0 opened
gluetun  | 2024-08-17T16:21:57Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun  | 2024-08-17T16:21:57Z INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun  | 2024-08-17T16:21:57Z INFO [openvpn] /sbin/ip addr add dev tun0 10.35.14.53/23
gluetun  | 2024-08-17T16:21:57Z INFO [openvpn] UID set to nonrootuser
gluetun  | 2024-08-17T16:21:57Z INFO [openvpn] Initialization Sequence Completed
gluetun  | 2024-08-17T16:22:05Z INFO [dns] init module 0: validator
gluetun  | 2024-08-17T16:22:05Z INFO [dns] init module 1: iterator
gluetun  | 2024-08-17T16:22:05Z INFO [dns] start of service (unbound 1.20.0).
gluetun  | 2024-08-17T16:22:05Z INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
gluetun  | 2024-08-17T16:22:05Z INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
gluetun  | 2024-08-17T16:22:05Z INFO [healthcheck] healthy!
gluetun  | 2024-08-17T16:22:05Z INFO [ip getter] Public IP address is 217.212.240.67 (Italy, Lombardy, Milan)
gluetun  | 2024-08-17T16:22:06Z INFO [port forwarding] port forwarded is 61512
gluetun  | 2024-08-17T16:22:06Z INFO [firewall] setting allowed input port 61512 through interface tun0...
gluetun  | 2024-08-17T16:22:06Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
gluetun  | 2024-08-17T16:22:06Z INFO [port forwarding] stopping
gluetun  | 2024-08-17T16:22:06Z INFO [firewall] removing allowed port 61512...
gluetun  | 2024-08-17T16:22:06Z ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 61512 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 61512 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
gluetun  | 2024-08-17T16:22:06Z INFO http server: terminated ✔️
gluetun  | 2024-08-17T16:22:06Z INFO dns ticker: terminated ✔️
gluetun  | 2024-08-17T16:22:06Z INFO updater ticker: terminated ✔️
gluetun  | 2024-08-17T16:22:06Z INFO control: terminated ✔️
gluetun  | 2024-08-17T16:22:06Z INFO updater: terminated ✔️
gluetun  | 2024-08-17T16:22:06Z INFO tickers: terminated ✔️
gluetun  | 2024-08-17T16:22:06Z INFO HTTP health server: terminated ✔️
gluetun  | 2024-08-17T16:22:06Z INFO [dns] falling back on plaintext DNS at address 1.1.1.1
gluetun  | 2024-08-17T16:22:06Z WARN [dns] DNS is not working: after 10 tries: lookup github.com on 127.0.0.1:53: read udp 127.0.0.1:39948->127.0.0.1:53: i/o timeout
gluetun  | 2024-08-17T16:22:06Z INFO [dns] attempting restart in 10s
gluetun  | 2024-08-17T16:22:07Z WARN vpn: goroutine shutdown timed out: after 1s ⚠️
gluetun  | 2024-08-17T16:22:07Z INFO shadowsocks proxy: terminated ✔️
gluetun  | 2024-08-17T16:22:07Z INFO [dns] downloading DNS over TLS cryptographic files
gluetun  | 2024-08-17T16:22:07Z INFO unbound: terminated ✔️
gluetun  | 2024-08-17T16:22:07Z WARN other: group shutdown timed out: 1 out of 3 goroutines: http proxy: goroutine shutdown timed out: after 400ms ⚠️
gluetun  | 2024-08-17T16:22:07Z INFO [routing] routing cleanup...
gluetun  | 2024-08-17T16:22:07Z INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.4 and family v4
gluetun  | 2024-08-17T16:22:07Z INFO [routing] deleting route for 0.0.0.0/0
gluetun  | 2024-08-17T16:22:07Z ERROR ordered shutdown timed out: vpn: goroutine shutdown timed out: after 1s; other: group shutdown timed out: 1 out of 3 goroutines: http proxy: goroutine shutdown timed out: after 400ms
gluetun  | 2024-08-17T16:22:07Z INFO Shutdown successful
gluetun exited with code 0

I would like to highlight the following errors in particular:

gluetun  | 2024-08-17T16:21:55Z ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
gluetun  | 2024-08-17T16:21:55Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
...
gluetun  | 2024-08-17T16:22:06Z ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 61512 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 61512 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
...
gluetun  | 2024-08-17T16:22:07Z ERROR ordered shutdown timed out: vpn: goroutine shutdown timed out: after 1s; other: group shutdown timed out: 1 out of 3 goroutines: http proxy: goroutine shutdown timed out: after 400ms

[Silversurfer79]

@teopost post ur compose file, your email address is also in the log.

I dont get that error.

[teopost]

the compose is this:

  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8091:8000/tcp
      - 8888:8888/tcp
      - 8388:8388/tcp
      - 8388:8388/udp
      - "0.0.0.0:9091:9091/tcp" 
    volumes:
      - ${ROOT_CONFIG}/gluetun-config:/gluetun
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - HTTPPROXY=on
      - VPN_SERVICE_PROVIDER=privatevpn
      - VPN_TYPE=openvpn
      - OPENVPN_USER=<username>
      - OPENVPN_PASSWORD=<password>
      - SERVER_COUNTRIES=Netherlands
      - HEALTH_VPN_DURATION_INITIAL=10s
      - VPN_PORT_FORWARDING=on
    restart: unless-stopped
    networks:
      - internal

I've done several tests, and it seems the problem isn't consistent. It occurs when I recreate the container using:

docker compose up -d --force-recreate

I've also noticed that some errors change when the value of SERVER_COUNTRIES is changed.

PS: The email address in the log file is a fake

[Silversurfer79]

Id suggest removting these and trying again, neither are needed and may cause issues.

The server list is pulled from the web from the last update and the health check is done from what I have seen auomatically at times anyway.

• SERVER_COUNTRIES=Netherlands
• HEALTH_VPN_DURATION_INITIAL=10s