Closed clemone210 closed 8 months ago
EDIT: I changed "container:vpn" to "service:vpn" and restarted the containers. Instead of resuming all the qbit torrents at once I did them in batches. It has been 5 hours and I have not had a Gluetun crash and my port is still open.
EDIT2: Overnight Gluetun crashed and ports closed
I am also using Proton VPN (wireguard) and Gluetun.
I recently had to restart my gluetun container that had been active for ~2 months (working great). After restarting the container I am now experiencing some port forwarding problems.
I start the gluetun, qbittorrent and qbittorrent-natmap. For the first 10 minutes or so everything works; the port is open. Then gluetun crashes and the port closes after gluetun reconnects. If I manually restart all containers the port is open again.
Crash Code:
2024-01-04T22:39:38Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-01-04T22:39:38Z DEBUG [port forwarding] port forwarded 43785 maintained
2024-01-04T22:39:53Z INFO [healthcheck] unhealthy: dialing: dial tcp4 104.16.132.229:443: i/o timeout
2024-01-04T22:40:01Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2024-01-04T22:40:01Z INFO [vpn] stopping
2024-01-04T22:40:01Z INFO [port forwarding] stopping
2024-01-04T22:40:01Z INFO [firewall] removing allowed port *******
2024-01-04T22:40:01Z DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 43785 -j ACCEPT
2024-01-04T22:40:01Z DEBUG [firewall] ip6tables-nft --delete INPUT -i tun0 -p tcp --dport 43785 -j ACCEPT
2024-01-04T22:40:01Z DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp --dport 43785 -j ACCEPT
2024-01-04T22:40:01Z DEBUG [firewall] ip6tables-nft --delete INPUT -i tun0 -p udp --dport 43785 -j ACCEPT
2024-01-04T22:40:01Z INFO [port forwarding] removing port file /tmp/gluetun/forwarded_port
2024-01-04T22:40:01Z DEBUG [wireguard] closing controller client...
2024-01-04T22:40:01Z DEBUG [wireguard] removing IPv6 rule...
2024-01-04T22:40:01Z DEBUG [wireguard] removing IPv4 rule...
2024-01-04T22:40:01Z DEBUG [wireguard] shutting down link...
2024-01-04T22:40:01Z DEBUG [wireguard] deleting link...
2024-01-04T22:40:01Z INFO [vpn] starting
2024-01-04T22:40:01Z DEBUG [wireguard] Wireguard server public key: *******
2024-01-04T22:40:01Z DEBUG [wireguard] Wireguard client private key: ICu...1c=
2024-01-04T22:40:01Z DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-01-04T22:40:01Z INFO [firewall] allowing VPN connection...
2024-01-04T22:40:01Z INFO [wireguard] Using available kernelspace implementation
2024-01-04T22:40:01Z INFO [wireguard] Connecting to ****
2024-01-04T22:40:01Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-01-04T22:40:01Z INFO [port forwarding] starting
2024-01-04T22:40:01Z INFO [healthcheck] healthy!
2024-01-04T22:40:01Z INFO [port forwarding] gateway external IPv4 address is *******
2024-01-04T22:40:02Z INFO [port forwarding] port forwarded is
2024-01-04T22:40:02Z INFO [firewall] setting allowed input port 43785 through interface tun0...
2024-01-04T22:40:02Z DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 43785 -j ACCEPT
2024-01-04T22:40:02Z DEBUG [firewall] ip6tables-nft --append INPUT -i tun0 -p tcp --dport 43785 -j ACCEPT
2024-01-04T22:40:02Z DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 43785 -j ACCEPT
2024-01-04T22:40:02Z DEBUG [firewall] ip6tables-nft --append INPUT -i tun0 -p udp --dport 43785 -j ACCEPT
2024-01-04T22:40:02Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-01-04T22:40:02Z INFO [ip getter] Public IP address is *******
2024-01-04T22:40:47Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-01-04T22:40:47Z DEBUG [port forwarding] port forwarded 43785 maintained
Docker Compose
vpn:
container_name: vpn
image: qmcgaw/gluetun:latest
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
volumes:
- /config/gluetun/config:/gluetun
- /config/gluetun/tmp:/tmp/gluetun
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
- VPN_ENDPOINT_IP=
- VPN_ENDPOINT_PORT=
- WIREGUARD_PUBLIC_KEY=
- WIREGUARD_PRIVATE_KEY=
- WIREGUARD_ADDRESSES=
- WIREGUARD_ALLOWED_IPS=
- FIREWALL_OUTBOUND_SUBNETS=
- VPN_PORT_FORWARDING=on
- VPN_PORT_FORWARDING_PROVIDER=protonvpn
- LOG_LEVEL=debug
restart: unless-stopped
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=3000
- PGID=568
- TZ=US/Boise
- WEBUI_PORT=10095
restart: unless-stopped
network_mode: container:vpn
qbittorrent-natmap:
image: ghcr.io/soxfor/qbittorrent-natmap:latest
container_name: qbittorrent-natmap
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- TZ=America/Boise
- QBITTORRENT_SERVER=192.168.100.5
- QBITTORRENT_PORT=10095
- QBITTORRENT_USER=admin
- QBITTORRENT_PASS=adminadmin
- VPN_CT_NAME=vpn
- VPN_IF_NAME=tun0
- CHECK_INTERVAL=300
- NAT_LEASE_LIFETIME=300
depends_on:
vpn:
condition: service_healthy
qbittorrent:
condition: service_started
network_mode: container:vpn
@Stetsed I have been testing the port using a simple Python script. I wasn't convinced that toggling qbits binding ipaddress would matter because I thought the python script that only uses port and ipaddress of the vpn would be independent from qbit.
Turns out I was wrong. I manually toggled the ip address binding and my port is now open.
fixed on my end.
What was the solution here @clemone210?
What was the solution here @clemone210?
With the latest version, I do not have any error or interruption.
A hopefully helpful note for anyone looking over this issue report in the future:
Using nc -zvw10 <ip> <port>
to test, you can confirm that even within the torrent client container itself, the torrent client listening port on the tun0 adapter would not respond, even though Gluetun was forwarding and working as usual.
As soon as the configured IP in the torrent client is changed, (whether to the tun0 address or to 0.0.0.0, or to something else and back to it's original setting), the torrent client would start responding on that port; sometimes not for long however. Restarting the torrent client container would resolve the issue 100% until a VPN disconnection occurs.
A final note is that LinuxServer.io's Transmission torrent client container doesn't seem to have this issue; it survives VPN restarts for me and keeps listening without needing restarts. As far as I can tell, Gluetun and Proton VPN appear to be working great, and the port listening issue lies with the torrent clients.
As soon as the configured IP in the torrent client is changed, (whether to the tun0 address or to 0.0.0.0, or to something else and back to it's original setting), the torrent client would start responding on that port; sometimes not for long however. Restarting the torrent client container would resolve the issue 100% until a VPN disconnection occurs.
@kainzilla, thanks for recapping -- is there a fix for the quoted part above? I notice when it loses connection, I too can get it to resume if I restart the containers, or, if I change the network interface in qBittorrent (like from "any" to "tun") and click "save".
The port updating script I use simply updates the port:
https://codeberg.org/TechnoSam/qbittorrent-gluetun-port-update
However, I see another that fully restarts the qbittorrent container when the port changes:
https://github.com/royborgen/qbt_port_update
That said, the issue I'm having is not when the port changes. The port from ProtonVPN might not change for many days, but I still have this issue where qBittorrent becomes unconnectable until restarting the container or toggling the network interface in the qBittorrent advanced menu.
It seems like the ideal situation would be something that checked for connectability (nc -zvw10 <ip> <port>
) and restarted if it wasn't connectable.
It seems like the ideal situation would be something that checked for connectability (
nc -zvw10 <ip> <port>
) and restarted if it wasn't connectable.
I have two solutions for you:
I think the bug in question is in the torrent clients, as opposed to anything Gluetun is doing - and I suspect it might be a libtorrent
bug as both qBittorrent and Deluge use it, and they both experience the issue.
Regarding the script above - it's meant to be used with LinuxServer.io's containers (see the page for links), because their containers have a super-easy way to drop in add-on scripts like that. I have a gluetun-delay script that delays the torrent client startups that works with the same LinuxServer.io containers also.
Is this urgent?
No
Host OS
Ubuntu
CPU arch
x86_64
VPN service provider
ProtonVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
latest docker image
What's the problem 🤔
I use gluetun to connect plex to protonvpn with OpenVPN + port forwarding.
When starting the container everything works. The container gets a opened port ad uses this to allow remote access.
Somehow after a few minutes (10-15min) the port connection is not possible anymore. Within Plex, no remote access is possible anymore. After restarting gluetun and Plex there will be a new port which is used and it works again.
Anything I can provide in order to resolve this?
Share your logs (at least 10 lines)
Share your configuration