search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.81k stars 333 forks source link

Bug: Slow upload speeds when using wireguard protocol #1885

Closed Lokilicious closed 9 months ago

Lokilicious commented 9 months ago

Is this urgent?

No

Host OS

No response

CPU arch

x86_64

VPN service provider

Surfshark

What are you using to run the container

docker-compose

What is the version of Gluetun

latest

What's the problem 🤔

I have qbittorrent running via gluetun(surfshark), when using the wireguard protocol i get minimal upload speeds (1-5kb/s) yet when switching to the openvpn protocol i can upload at full speeds.

Download speeds are fine in both cases.

Share your logs (at least 10 lines)

2023-09-27T13:38:36.928505183Z ========================================
2023-09-27T13:38:36.928571237Z ========================================
2023-09-27T13:38:36.928575667Z =============== gluetun ================
2023-09-27T13:38:36.928577576Z ========================================
2023-09-27T13:38:36.928579387Z =========== Made with ❤️ by ============
2023-09-27T13:38:36.928583303Z ======= https://github.com/qdm12 =======
2023-09-27T13:38:36.928585104Z ========================================
2023-09-27T13:38:36.928586883Z ========================================
2023-09-27T13:38:36.928588673Z 
2023-09-27T13:38:36.928590532Z Running version latest built on 2023-09-24T16:54:36.207Z (commit 9b00763)
2023-09-27T13:38:36.928592398Z 
2023-09-27T13:38:36.928594375Z 🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
2023-09-27T13:38:36.928596312Z 🐛 Bug? https://github.com/qdm12/gluetun/issues/new
2023-09-27T13:38:36.928598159Z ✨ New feature? https://github.com/qdm12/gluetun/issues/new
2023-09-27T13:38:36.928600018Z ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
2023-09-27T13:38:36.928601831Z 💻 Email? quentin.mcgaw@gmail.com
2023-09-27T13:38:36.928603725Z 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-09-27T13:38:36.929158864Z 2023-09-27T13:38:36Z INFO [routing] default route found: interface eth0, gateway 192.168.0.1, assigned IP 192.168.0.2 and family v4
2023-09-27T13:38:36.929177143Z 2023-09-27T13:38:36Z INFO [routing] local ethernet link found: eth0
2023-09-27T13:38:36.929183005Z 2023-09-27T13:38:36Z INFO [routing] local ipnet found: 192.168.0.0/20
2023-09-27T13:38:36.948622424Z 2023-09-27T13:38:36Z INFO [firewall] enabling...
2023-09-27T13:38:37.035433362Z 2023-09-27T13:38:37Z INFO [firewall] enabled successfully
2023-09-27T13:38:37.381929550Z 2023-09-27T13:38:37Z INFO [storage] creating /gluetun/servers.json with 17689 hardcoded servers
2023-09-27T13:38:37.517521513Z 2023-09-27T13:38:37Z INFO Alpine version: 3.18.3
2023-09-27T13:38:37.527366389Z 2023-09-27T13:38:37Z INFO OpenVPN 2.5 version: 2.5.8
2023-09-27T13:38:37.539483893Z 2023-09-27T13:38:37Z INFO OpenVPN 2.6 version: 2.6.5
2023-09-27T13:38:37.543297833Z 2023-09-27T13:38:37Z INFO Unbound version: 1.17.1
2023-09-27T13:38:37.544083249Z 2023-09-27T13:38:37Z INFO IPtables version: v1.8.9
2023-09-27T13:38:37.544279311Z 2023-09-27T13:38:37Z INFO Settings summary:
2023-09-27T13:38:37.544295363Z ├── VPN settings:
2023-09-27T13:38:37.544300658Z |   ├── VPN provider settings:
2023-09-27T13:38:37.544303088Z |   |   ├── Name: surfshark
2023-09-27T13:38:37.544305056Z |   |   └── Server selection settings:
2023-09-27T13:38:37.544307614Z |   |       ├── VPN type: wireguard
2023-09-27T13:38:37.544329816Z |   |       ├── Countries: netherlands
2023-09-27T13:38:37.544332941Z |   |       └── Wireguard selection settings:
2023-09-27T13:38:37.544335315Z |   └── Wireguard settings:
2023-09-27T13:38:37.544337635Z |       ├── Private key: YK/...FQ=
2023-09-27T13:38:37.544340396Z |       ├── Interface addresses:
2023-09-27T13:38:37.544342871Z |       |   └── 10.14.0.2/16
2023-09-27T13:38:37.544345307Z |       ├── Allowed IPs:
2023-09-27T13:38:37.544348090Z |       |   ├── 0.0.0.0/0
2023-09-27T13:38:37.544350985Z |       |   └── ::/0
2023-09-27T13:38:37.544353809Z |       └── Network interface: tun0
2023-09-27T13:38:37.544356962Z |           └── MTU: 1400
2023-09-27T13:38:37.544359562Z ├── DNS settings:
2023-09-27T13:38:37.544362410Z |   ├── Keep existing nameserver(s): no
2023-09-27T13:38:37.544364997Z |   ├── DNS server address to use: 127.0.0.1
2023-09-27T13:38:37.544367793Z |   └── DNS over TLS settings:
2023-09-27T13:38:37.544370396Z |       ├── Enabled: yes
2023-09-27T13:38:37.544373083Z |       ├── Update period: every 24h0m0s
2023-09-27T13:38:37.544376523Z |       ├── Unbound settings:
2023-09-27T13:38:37.544379986Z |       |   ├── Authoritative servers:
2023-09-27T13:38:37.544382822Z |       |   |   └── cloudflare
2023-09-27T13:38:37.544385520Z |       |   ├── Caching: yes
2023-09-27T13:38:37.544388407Z |       |   ├── IPv6: no
2023-09-27T13:38:37.544390840Z |       |   ├── Verbosity level: 1
2023-09-27T13:38:37.544393899Z |       |   ├── Verbosity details level: 0
2023-09-27T13:38:37.544396847Z |       |   ├── Validation log level: 0
2023-09-27T13:38:37.544399230Z |       |   ├── System user: root
2023-09-27T13:38:37.544401919Z |       |   └── Allowed networks:
2023-09-27T13:38:37.544404697Z |       |       ├── 0.0.0.0/0
2023-09-27T13:38:37.544407151Z |       |       └── ::/0
2023-09-27T13:38:37.544409551Z |       └── DNS filtering settings:
2023-09-27T13:38:37.544411795Z |           ├── Block malicious: yes
2023-09-27T13:38:37.544414267Z |           ├── Block ads: no
2023-09-27T13:38:37.544416701Z |           ├── Block surveillance: no
2023-09-27T13:38:37.544419259Z |           └── Blocked IP networks:
2023-09-27T13:38:37.544421924Z |               ├── 127.0.0.1/8
2023-09-27T13:38:37.544424712Z |               ├── 10.0.0.0/8
2023-09-27T13:38:37.544427767Z |               ├── 172.16.0.0/12
2023-09-27T13:38:37.544430427Z |               ├── 192.168.0.0/16
2023-09-27T13:38:37.544439287Z |               ├── 169.254.0.0/16
2023-09-27T13:38:37.544442227Z |               ├── ::1/128
2023-09-27T13:38:37.544444513Z |               ├── fc00::/7
2023-09-27T13:38:37.544446873Z |               ├── fe80::/10
2023-09-27T13:38:37.544449140Z |               ├── ::ffff:127.0.0.1/104
2023-09-27T13:38:37.544451473Z |               ├── ::ffff:10.0.0.0/104
2023-09-27T13:38:37.544454348Z |               ├── ::ffff:169.254.0.0/112
2023-09-27T13:38:37.544456975Z |               ├── ::ffff:172.16.0.0/108
2023-09-27T13:38:37.544461410Z |               └── ::ffff:192.168.0.0/112
2023-09-27T13:38:37.544464053Z ├── Firewall settings:
2023-09-27T13:38:37.544466636Z |   └── Enabled: yes
2023-09-27T13:38:37.544469279Z ├── Log settings:
2023-09-27T13:38:37.544471703Z |   └── Log level: INFO
2023-09-27T13:38:37.544473921Z ├── Health settings:
2023-09-27T13:38:37.544476255Z |   ├── Server listening address: 127.0.0.1:9999
2023-09-27T13:38:37.544478755Z |   ├── Target address: cloudflare.com:443
2023-09-27T13:38:37.544481169Z |   ├── Duration to wait after success: 5s
2023-09-27T13:38:37.544483848Z |   ├── Read header timeout: 100ms
2023-09-27T13:38:37.544486502Z |   ├── Read timeout: 500ms
2023-09-27T13:38:37.544489156Z |   └── VPN wait durations:
2023-09-27T13:38:37.544491675Z |       ├── Initial duration: 6s
2023-09-27T13:38:37.544494498Z |       └── Additional duration: 5s
2023-09-27T13:38:37.544497246Z ├── Shadowsocks server settings:
2023-09-27T13:38:37.544499801Z |   └── Enabled: no
2023-09-27T13:38:37.544502359Z ├── HTTP proxy settings:
2023-09-27T13:38:37.544505051Z |   └── Enabled: no
2023-09-27T13:38:37.544507447Z ├── Control server settings:
2023-09-27T13:38:37.544509842Z |   ├── Listening address: :8000
2023-09-27T13:38:37.544512350Z |   └── Logging: yes
2023-09-27T13:38:37.544514702Z ├── OS Alpine settings:
2023-09-27T13:38:37.544516862Z |   ├── Process UID: 1000
2023-09-27T13:38:37.544519168Z |   └── Process GID: 1000
2023-09-27T13:38:37.544521373Z ├── Public IP settings:
2023-09-27T13:38:37.544524029Z |   ├── Fetching: every 12h0m0s
2023-09-27T13:38:37.544526785Z |   └── IP file path: /tmp/gluetun/ip
2023-09-27T13:38:37.544529379Z └── Version settings:
2023-09-27T13:38:37.544531920Z     └── Enabled: yes
2023-09-27T13:38:37.549254613Z 2023-09-27T13:38:37Z INFO [routing] default route found: interface eth0, gateway 192.168.0.1, assigned IP 192.168.0.2 and family v4
2023-09-27T13:38:37.549640942Z 2023-09-27T13:38:37Z INFO [routing] adding route for 0.0.0.0/0
2023-09-27T13:38:37.549821341Z 2023-09-27T13:38:37Z INFO [firewall] setting allowed subnets...
2023-09-27T13:38:37.550030904Z 2023-09-27T13:38:37Z INFO [routing] default route found: interface eth0, gateway 192.168.0.1, assigned IP 192.168.0.2 and family v4
2023-09-27T13:38:37.550161318Z 2023-09-27T13:38:37Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-09-27T13:38:37.550510359Z 2023-09-27T13:38:37Z INFO [dns] using plaintext DNS at address 1.1.1.1
2023-09-27T13:38:37.550935960Z 2023-09-27T13:38:37Z INFO [http server] http server listening on [::]:8000
2023-09-27T13:38:37.551105239Z 2023-09-27T13:38:37Z INFO [healthcheck] listening on 127.0.0.1:9999
2023-09-27T13:38:37.552818177Z 2023-09-27T13:38:37Z INFO [firewall] allowing VPN connection...
2023-09-27T13:38:37.561190990Z 2023-09-27T13:38:37Z INFO [wireguard] Using available kernelspace implementation
2023-09-27T13:38:37.562380771Z 2023-09-27T13:38:37Z INFO [wireguard] Connecting to 146.70.175.75:51820
2023-09-27T13:38:37.562756665Z 2023-09-27T13:38:37Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2023-09-27T13:38:37.661917963Z 2023-09-27T13:38:37Z INFO [dns] downloading DNS over TLS cryptographic files
2023-09-27T13:38:38.629795363Z 2023-09-27T13:38:38Z INFO [healthcheck] healthy!
2023-09-27T13:38:40.613589676Z 2023-09-27T13:38:40Z INFO [dns] downloading hostnames and IP block lists
2023-09-27T13:38:46.630872043Z 2023-09-27T13:38:46Z INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2023-09-27T13:38:51.081784967Z 2023-09-27T13:38:51Z INFO [dns] init module 0: validator
2023-09-27T13:38:51.081819270Z 2023-09-27T13:38:51Z INFO [dns] init module 1: iterator
2023-09-27T13:38:51.141757587Z 2023-09-27T13:38:51Z INFO [dns] start of service (unbound 1.17.1).
2023-09-27T13:38:51.376152258Z 2023-09-27T13:38:51Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-09-27T13:38:51.376221624Z 2023-09-27T13:38:51Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-09-27T13:38:51.831746839Z 2023-09-27T13:38:51Z INFO [dns] ready
2023-09-27T13:38:51.908973876Z 2023-09-27T13:38:51Z INFO [healthcheck] healthy!
2023-09-27T13:38:52.333437778Z 2023-09-27T13:38:52Z INFO [ip getter] Public IP address is 146.70.175.76 (Netherlands, North Holland, Amsterdam)
2023-09-27T13:38:52.355792505Z 2023-09-27T13:38:52Z INFO [vpn] You are running 1 commit behind the most recent latest

Share your configuration

version: '3'
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=surfshark
      - OPENVPN_USER=*
      - OPENVPN_PASSWORD=*
      - VPN_TYPE=openvpn
      #- VPN_TYPE=wireguard
      #- WIREGUARD_PRIVATE_KEY=*
      #- WIREGUARD_ADDRESSES=*
      - SERVER_COUNTRIES=Netherlands
      - NET_LOCAL=192.168.178.0/24
      - ALLOWED_IPS=0.0.0.0/1
    restart: unless-stopped
    ports:
      - 5800:5800 #Jdownloader
      - 8080:8080 #qBittorrent
      - 8000:8000 #gluetun
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Vienna
      - WEBUI_PORT=8080
    volumes:
      - ./config/qbittorrent:/config
      - /media/storage/downloads/torrent:/downloads
    depends_on:
      - gluetun
    network_mode: service:gluetun
    restart: unless-stopped
  jdownloader2:
    image: jlesage/jdownloader-2:latest
    container_name: jdownloader2
    environment:
      - PUID=1000
      - PGID=100
      - TZ=Europe/Vienna
    restart: unless-stopped
    volumes:
      - /media/storage/downloads/jdownloader:/output
      - ./config/jdownloader:/config
    network_mode: service:gluetun
    depends_on:
      - gluetun
  alpine_empty:
    image: alpine/curl:latest
    container_name: alpine
    command: tail -F anything
    depends_on:
      - gluetun
    network_mode: service:gluetun
    restart: always
Friday13th87 commented 9 months ago

This is not a container nor wireguard issue, its an issue of your vpn provider. i assume you have bad upload speeds while ussing qbittorrent? surfshark doesnt has the possibility of port forwarding, so this will never change. i am getting nearly 1gbit up and down with this wireguard container.

you didnt even made a real speedtest like for example docker run -it --rm --net=container:gluetun tianon/speedtest

this will show you the current speed through the container...

Lokilicious commented 9 months ago

I get that but how can this be a issue with surfshark when i use surfshark in both cases (openvpn and wireguard) and the issue only shows up with wireguard 🤔

Speedtests actually show that upload speeds are the same across both protocols, so you are right that its not a problem with gluetun or wireshark.

Confusion still remains though 😆

qdm12 commented 9 months ago

The Wireguard server could be overloaded, especially since I would guess all Surfshark native apps use Wireguard servers under the hood (unless it's the same machine for both protocols, I can't tell that). Also speedtest will vary depending on the server you are reaching (usually the furthest way the slower the bandwidth). Feel free to reach out to Surfshark about this I guess. Closing this since it's not a 'gluetun bug'.

EDIT: Thanks @Friday13th87 for your answer! 👍

vineethvijay commented 4 months ago

I'm not sure how this actually fixed the same issue I had. There is no logical explanation, but just posting for additional eyes on this.

I had passed - FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16 to the gluetun environment to make internal comms to some other containers inside and outside VPN work. That CIDR range is for the containers outside my VPN btw. The above changes made were intended only for the container inter connectivity, which was a problem before.

After this change, I have started noticing that speeds from downloaders(qbit..) skyrocketed!!

For a moment I thought I'm not on VPN. But I have checked through curl ipinfo.io. and looks okay.