Bug: Can't reach containers on gluetun's network after around 6h

[FrenchGithubUser]

Is this urgent?

None

Host OS

Debian 12

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2023-09-28T14:05:11.407Z (commit d4df872)

What's the problem 🤔

Gluetun runs fine with other containers on its network for multiple hours (around 6h, conatainers can communicate with each other on the same docker network, and from outside of the docker network), then the containers on the same network can not be reached anymore.

For example, with qbittorrent, I get this error from the container qbittorrent-port-forward-gluetun-server (2 containers on the same docker network): curl: (56) Recv failure: Connection reset by peer

Or from swag (accessing qbittorrent's webui with it, so 1 container on another docker network trying to access gluetun's network) : failed (104: Connection reset by peer) while reading response header from upstream, client: xx.xx.xx.xx, server: qbittorrent.*, request: "GET / HTTP/2.0", upstream:...

I don't know anything about gluetun's code but it sounds like a firewall issue.

Also, from what I see on some trackers' website, it seems like the torrents stop being seeded, not all at once, over multiple hours.

Restarting gluetun (and the other containers) solves the issue

Edit : I restarted the container, it has now been 13h without any issue

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2023-09-28T14:05:11.407Z (commit d4df872)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-10-04T15:42:59Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.6 and family v4
2023-10-04T15:42:59Z INFO [routing] local ethernet link found: eth0
2023-10-04T15:42:59Z INFO [routing] local ipnet found: 172.19.0.0/16
2023-10-04T15:42:59Z INFO [firewall] enabling...
2023-10-04T15:42:59Z INFO [firewall] enabled successfully
2023-10-04T15:43:00Z INFO [storage] merging by most recent 17689 hardcoded servers and 17689 servers read from /gluetun/servers.json
2023-10-04T15:43:00Z INFO Alpine version: 3.18.3
2023-10-04T15:43:00Z INFO OpenVPN 2.5 version: 2.5.8
2023-10-04T15:43:00Z INFO OpenVPN 2.6 version: 2.6.5
2023-10-04T15:43:00Z INFO Unbound version: 1.17.1
2023-10-04T15:43:00Z INFO IPtables version: v1.8.9
2023-10-04T15:43:00Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Countries: france
|   |   |   └── OpenVPN server selection settings:
|   |   |       └── Protocol: TCP
|   |   └── Automatic port forwarding settings:
|   |       ├── Use port forwarding code for current provider
|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: Yop...pmp
|       ├── Password: 7d...Fh
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8001
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2023-10-04T15:43:00Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.6 and family v4
2023-10-04T15:43:00Z INFO [routing] adding route for 0.0.0.0/0
2023-10-04T15:43:00Z INFO [firewall] setting allowed subnets...
2023-10-04T15:43:00Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.6 and family v4
2023-10-04T15:43:00Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-10-04T15:43:00Z INFO [http server] http server listening on [::]:8001
2023-10-04T15:43:00Z INFO [firewall] allowing VPN connection...
2023-10-04T15:43:00Z INFO [dns] using plaintext DNS at address 1.1.1.1
2023-10-04T15:43:00Z INFO [healthcheck] listening on 127.0.0.1:9999
2023-10-04T15:43:00Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2023-10-04T15:43:00Z INFO [openvpn] library versions: OpenSSL 3.1.3 19 Sep 2023, LZO 2.10
2023-10-04T15:43:00Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]188.241.83.98:443
2023-10-04T15:43:00Z INFO [openvpn] Attempting to establish TCP connection with [AF_INET]188.241.83.98:443 [nonblock]
2023-10-04T15:43:06Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-10-04T15:43:06Z INFO [vpn] stopping
2023-10-04T15:43:06Z ERROR [vpn] stopping port forwarding: interface not set
2023-10-04T15:43:06Z INFO [vpn] starting
2023-10-04T15:43:06Z INFO [firewall] allowing VPN connection...
2023-10-04T15:43:06Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2023-10-04T15:43:06Z INFO [openvpn] library versions: OpenSSL 3.1.3 19 Sep 2023, LZO 2.10
2023-10-04T15:43:06Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.148:443
2023-10-04T15:43:06Z INFO [openvpn] Attempting to establish TCP connection with [AF_INET]185.159.157.148:443 [nonblock]
2023-10-04T15:43:07Z INFO [openvpn] TCP connection established with [AF_INET]185.159.157.148:443
2023-10-04T15:43:07Z INFO [openvpn] TCP_CLIENT link local: (not bound)
2023-10-04T15:43:07Z INFO [openvpn] TCP_CLIENT link remote: [AF_INET]185.159.157.148:443
2023-10-04T15:43:08Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1635', remote='link-mtu 1636'
2023-10-04T15:43:08Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2023-10-04T15:43:08Z INFO [openvpn] [node-us-220.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.148:443
2023-10-04T15:43:10Z INFO [openvpn] TUN/TAP device tun0 opened
2023-10-04T15:43:10Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2023-10-04T15:43:10Z INFO [openvpn] /sbin/ip link set dev tun0 up
2023-10-04T15:43:10Z INFO [openvpn] /sbin/ip addr add dev tun0 10.81.0.7/16
2023-10-04T15:43:10Z INFO [openvpn] UID set to nonrootuser
2023-10-04T15:43:10Z INFO [openvpn] Initialization Sequence Completed
2023-10-04T15:43:10Z INFO [dns] downloading DNS over TLS cryptographic files
2023-10-04T15:43:11Z INFO [healthcheck] healthy!
2023-10-04T15:43:17Z INFO [dns] downloading hostnames and IP block lists
2023-10-04T15:43:24Z INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2023-10-04T15:43:26Z INFO [dns] init module 0: validator
2023-10-04T15:43:26Z INFO [dns] init module 1: iterator
2023-10-04T15:43:26Z INFO [dns] start of service (unbound 1.17.1).
2023-10-04T15:43:26Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-04T15:43:26Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-04T15:43:28Z INFO [dns] ready
2023-10-04T15:43:28Z INFO [healthcheck] healthy!
2023-10-04T15:43:29Z INFO [vpn] You are running on the bleeding edge of latest!
2023-10-04T15:43:29Z INFO [port forwarding] starting
2023-10-04T15:43:29Z INFO [port forwarding] gateway external IPv4 address is 154.47.25.201
2023-10-04T15:43:29Z INFO [port forwarding] port forwarded is 63279
2023-10-04T15:43:29Z INFO [firewall] setting allowed input port 63279 through interface tun0...
2023-10-04T15:43:29Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2023-10-04T15:43:29Z INFO [ip getter] Public IP address is 154.47.25.201 (United States, Illinois, Chicago)
2023-10-04T15:50:00Z INFO [http server] 200 GET /portforwarded wrote 15B to 172.19.0.1:44086 in 74.956µs
2023-10-04T16:00:00Z INFO [http server] 200 GET /portforwarded wrote 15B to 172.19.0.1:46238 in 15.782µs

Share your configuration

version: "3"
services:
  gluetun:
    container_name: gluetun
    image: qmcgaw/gluetun
    stop_grace_period: 1m
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - OPENVPN_USER=******+pmp
      - OPENVPN_PASSWORD=*******
      - SERVER_COUNTRIES=France
      - VPN_PORT_FORWARDING=on
      - OPENVPN_PROTOCOL=tcp
      - HTTP_CONTROL_SERVER_ADDRESS=:8001
    volumes:
      - /home/boxer/docker_volumes/gluetun/:/tmp/gluetun
    ports:
      - 8888:8888
      - 8001:8001
      # qbittorrent ports :
      - 8091:8091
      - 6881:6881
      - 6881:6881/udp
    restart: unless-stopped

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    stop_grace_period: 1m
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
      - WEBUI_PORT=8091
    volumes:
      - /home/*****/docker_volumes/qbittorrent/config/:/config
      - /mnt/mergeddrives/:/mnt/mergeddrives/
    network_mode: service:gluetun
    restart: unless-stopped

  qbittorrent-port-forward-gluetun-server:
    image: mjmeli/qbittorrent-port-forward-gluetun-server
    container_name: qbittorrent-port-forward-gluetun-server
    restart: unless-stopped
    environment:
      - QBT_USERNAME=*******
      - QBT_PASSWORD=*******
      - QBT_ADDR=http://192.168.1.189:8091
      - GTN_ADDR=http://192.168.1.189:8001

[foorschtbar]

Do you find a soltions? i had the same problem :(