search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.03k stars 371 forks source link

Bug: Wireguard NordVPN connection leaked my IP address #1908

Closed mylogon341 closed 11 months ago

mylogon341 commented 1 year ago

Is this urgent?

No

Host OS

Debian 11 Bullseye

CPU arch

x86_64

VPN service provider

NordVPN

What are you using to run the container

Other

What is the version of Gluetun

Running version latest built on 2023-08-24T09:09:29.123Z (commit 1ac031e)

What's the problem 🤔

I received an email from my ISP with the following opening paragraph

We have become aware that you or an individual utilising your IP address has been using our service for the purpose of DMCA/Copyright abuse. Please see details below: Content Item Time Stamp 2023-10-06T16:25:48Z

and then went on to specify an actual torrent that was processed through my qBittorrent client, which is routing through glueton. Thankfully, they were kind enough to provide a timestamp so that I was able to go back through my logs.

I have checked my client ip address via sites such as http://checkmyip.torrentprivacy.com and they do show that is is not my WAN IP, so I'm guessing the wireguard connection has failed and began to expose my real ip address at some point.

Share your logs (at least 10 lines)

2023-10-06T13:59:34Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2023-10-06T13:59:34Z INFO [healthcheck] healthy!
2023-10-06T13:59:37Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 127.0.0.1:53: read udp 127.0.0.1:46638->127.0.0.1:53: i/o timeout
2023-10-06T13:59:37Z INFO [ip getter] retrying in 5s
2023-10-06T13:59:42Z INFO [ip getter] Public IP address is 176.227.242.182 (United Kingdom, England, London)
2023-10-06T14:49:36Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T15:51:00Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T16:51:07Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T17:52:35Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T18:54:13Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T19:54:22Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T20:54:23Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T22:00:13Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T22:52:54Z INFO [healthcheck] unhealthy: dialing: dial tcp4 104.16.132.229:443: i/o timeout
2023-10-06T22:53:02Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-10-06T22:53:02Z INFO [vpn] stopping
2023-10-06T22:53:02Z INFO [vpn] starting

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    restart: unless-stopped
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8080:8080
      - 6881:6881
      - 6881:6881/udp
      - 9696:9696
    environment:
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=<key>
      - SERVER_COUNTRIES=United Kingdom
  qbittorrent:
    image: linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: "service:gluetun"
    environment:
      - PUID=0
      - PGID=0
      - TZ=Etc/UTC
      - WEBUI_PORT=8080
    volumes:
      - /syms/config/qbittorrent:/config
      - /syms/downloads/torrent:/downloads
      - /syms/downloads/watch:/watch
    restart: unless-stopped
  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    container_name: prowlarr
    network_mode: "service:gluetun"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Etc/UTC
    volumes:
      - /syms/config/prowlarr:/config
    restart: unless-stopped
qdm12 commented 1 year ago

I'm guessing the wireguard connection has failed and began to expose my real ip address at some point.

Gluetun only allows connections to the VPN server (ip_address:port) ever (except for the first 15 milliseconds at program start, since configuring the firewall is not instantaneous). You can check this by checking firewall rules setup with LOG_LEVEL=debug. If it gets unhealthy, the VPN restarts internally, and the firewall updates the ip_address:port allowed from the older one to the newer one: https://github.com/qdm12/gluetun/blob/1c43a1d55bf38c85651e8a6b74e12026116f1545/internal/firewall/vpn.go#L10

On top of this, the timestamp you mention 2023-10-06T16:25:48Z is between the two log lines

2023-10-06T15:51:00Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-10-06T16:51:07Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN

So there is definitely no unhealthiness or VPN failing, it's just standard working behavior. Are you sure you were'nt running a torrent client on another machine, or restarted the qbitorrent container without going through Gluetun?

ralienpp commented 11 months ago

@mylogon341 - any news about this?

mylogon341 commented 11 months ago

I've not received anymore emails from my isp so I can imagine it's maybe not an issue. It's hard to tell what happened in that instance but since then I've been extra careful to not let any containers join other networks and have been a lot more strict with automation by moving all my containers and networking to docker compose files rather than doing it all manually via portainer, which is just heaps easier anyway.