Bug: Shadowsocks server exited after some time

[prostopasta]

Is this urgent?

Yes

Host OS

Windows 11 Pro 22H2

CPU arch

x86_64

VPN service provider

Cyberghost

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2023-10-07T13:26:08.155Z (commit 1c43a1d)

What's the problem 🤔

After start during same day within 2-3 hrs shadowsocks server suddenly stopped, after checking the recent logs only found server just exited both TCP and UDP. Also do not see anymore ports 8388 tcp/udp listening in container:

/ # netstat -ntlp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.11:40421 0.0.0.0: LISTEN - tcp 0 0 127.0.0.1:9999 0.0.0.0: LISTEN 1/gluetun-entrypoin tcp 0 0 0.0.0.0:53 0.0.0.0: LISTEN - tcp 0 0 0.0.0.0:53 0.0.0.0: LISTEN - tcp 0 0 :::8000 ::: LISTEN 1/gluetun-entrypoin tcp 0 0 :::8888 ::: LISTEN 1/gluetun-entrypoin

Not sure how is it possible to get some more logs/details, I'm newbie with Docker containers.

Anyway, I have proposal for quick fix possible here - will it be possible to add some additional tests if port 8388 tcp/udp is listening if not then need to set health to unhealty and restart just the failed service itself only (proxy, ss, etc)

Thanks for your great product and much appreciate quick fix!

Share your logs (at least 10 lines)

2023-10-23T18:52:14+04:00 INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2023-10-23T18:52:14+04:00 INFO [routing] local ethernet link found: eth0
2023-10-23T18:52:14+04:00 INFO [routing] local ipnet found: 172.21.0.0/16
2023-10-23T18:52:14+04:00 INFO [firewall] enabling...
2023-10-23T18:52:14+04:00 INFO [firewall] enabled successfully
2023-10-23T18:52:15+04:00 INFO [storage] merging by most recent 17689 hardcoded servers and 17689 servers read from /gluetun/servers.json
2023-10-23T18:52:15+04:00 INFO Alpine version: 3.18.4
2023-10-23T18:52:15+04:00 INFO OpenVPN 2.5 version: 2.5.8
2023-10-23T18:52:15+04:00 INFO OpenVPN 2.6 version: 2.6.5
2023-10-23T18:52:15+04:00 INFO Unbound version: 1.17.1
2023-10-23T18:52:15+04:00 INFO IPtables version: v1.8.9
2023-10-23T18:52:15+04:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: cyberghost
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Countries: ###
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: TCP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Ciphers: [chacha20-poly1305]
|       ├── Auth: sha256
|       ├── Client crt: MII...g==
|       ├── Client key: MII...Ss=
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: nonrootuser
|       └── Verbosity level: 3
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: yes
|           ├── Block surveillance: yes
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   ├── Enabled: yes
|   ├── Listening address: :8388
|   ├── Cipher: chacha20-ietf-poly1305
|   ├── Password: [set]
|   └── Log addresses: yes
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :8888
|   ├── User: 
|   ├── Password: [not set]
|   ├── Stealth mode: yes
|   ├── Log: yes
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: asia/dubai
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
├── Server data updater settings:
|   ├── Update period: 12h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: cyberghost
└── Version settings:
    └── Enabled: yes
2023-10-23T18:52:15+04:00 INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2023-10-23T18:52:15+04:00 INFO [routing] adding route for 0.0.0.0/0
2023-10-23T18:52:15+04:00 INFO [firewall] setting allowed subnets...
2023-10-23T18:52:15+04:00 INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2023-10-23T18:52:15+04:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-10-23T18:52:15+04:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2023-10-23T18:52:15+04:00 INFO [http proxy] listening on :8888
2023-10-23T18:52:15+04:00 INFO [http server] http server listening on [::]:8000
2023-10-23T18:52:15+04:00 INFO [healthcheck] listening on 127.0.0.1:9999
2023-10-23T18:52:15+04:00 INFO [firewall] allowing VPN connection...
2023-10-23T18:52:15+04:00 INFO [shadowsocks] listening TCP on [::]:8388
2023-10-23T18:52:15+04:00 INFO [shadowsocks] listening UDP on [::]:8388
2023-10-23T18:52:15+04:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: TCP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Ciphers: [chacha20-poly1305]
|       ├── Auth: sha256
|       ├── Client crt: MII...g==
|       ├── Client key: MII...Ss=
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: nonrootuser
|       └── Verbosity level: 3
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: yes
|           ├── Block surveillance: yes
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   ├── Enabled: yes
|   ├── Listening address: :8388
|   ├── Cipher: chacha20-ietf-poly1305
|   ├── Password: [set]
|   └── Log addresses: yes
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :8888
|   ├── User: 
|   ├── Password: [not set]
|   ├── Stealth mode: yes
|   ├── Log: yes
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: asia/dubai
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
├── Server data updater settings:
|   ├── Update period: 12h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: cyberghost
└── Version settings:
    └── Enabled: yes
2023-10-23T18:52:15+04:00 INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2023-10-23T18:52:15+04:00 INFO [routing] adding route for 0.0.0.0/0
2023-10-23T18:52:15+04:00 INFO [firewall] setting allowed subnets...
2023-10-23T18:52:15+04:00 INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2023-10-23T18:52:15+04:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-10-23T18:52:15+04:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2023-10-23T18:52:15+04:00 INFO [http proxy] listening on :8888
2023-10-23T18:52:15+04:00 INFO [http server] http server listening on [::]:8000
2023-10-23T18:52:15+04:00 INFO [healthcheck] listening on 127.0.0.1:9999
2023-10-23T18:52:15+04:00 INFO [firewall] allowing VPN connection...
2023-10-23T18:52:15+04:00 INFO [shadowsocks] listening TCP on [::]:8388
2023-10-23T18:52:15+04:00 INFO [shadowsocks] listening UDP on [::]:8388
2023-10-23T18:52:15+04:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022

... (here below all errors received for shadowsocks)

2023-10-23T18:54:25+04:00 ERROR [shadowsocks] connection from 172.21.0.1:54208: connecting to target address 1.1.1.1:53: dial tcp 1.1.1.1:53: connect: connection timed out
2023-10-23T19:36:23+04:00 ERROR [shadowsocks] connection from 172.21.0.1:52676: reading target address: EOF
2023-10-23T19:38:22+04:00 ERROR [shadowsocks] connection from 172.21.0.1:50734: connecting to target address 172.19.0.2:853: dial tcp 172.19.0.2:853: connect: connection timed out
2023-10-23T19:38:56+04:00 ERROR [shadowsocks] connection from 172.21.0.1:50542: reading target address: EOF
2023-10-23T19:40:50+04:00 ERROR [shadowsocks] connection from 172.21.0.1:46596: connecting to target address 52.232.209.85:443: dial tcp 52.232.209.85:443: connect: connection timed out
2023-10-23T19:44:51+04:00 ERROR [shadowsocks] connection from 172.21.0.1:45584: connecting to target address 40.70.161.7:443: dial tcp 40.70.161.7:443: connect: connection timed out
2023-10-23T19:49:43+04:00 ERROR [shadowsocks] connection from 172.21.0.1:37190: reading target address: EOF
2023-10-23T20:08:57+04:00 ERROR [shadowsocks] connection from 172.21.0.1:36850: reading target address: EOF
2023-10-23T20:15:03+04:00 ERROR [shadowsocks] connection from 172.21.0.1:60634: connecting to target address 10.1.1.101:8009: dial tcp 10.1.1.101:8009: connect: connection timed out
2023-10-23T20:15:19+04:00 ERROR [shadowsocks] connection from 172.21.0.1:58626: connecting to target address 10.1.1.101:8009: dial tcp 10.1.1.101:8009: connect: connection timed out
2023-10-23T20:15:34+04:00 ERROR [shadowsocks] connection from 172.21.0.1:53604: connecting to target address 10.1.1.101:8009: dial tcp 10.1.1.101:8009: connect: connection timed out
2023-10-23T20:15:44+04:00 ERROR [shadowsocks] connection from 172.21.0.1:44394: connecting to target address 10.1.1.101:8009: dial tcp 10.1.1.101:8009: connect: connection timed out
2023-10-23T20:16:27+04:00 ERROR [shadowsocks] connection from 172.21.0.1:60684: reading target address: EOF
2023-10-23T20:17:27+04:00 ERROR [shadowsocks] connection from 172.21.0.1:36486: connecting to target address 10.1.1.101:8009: dial tcp 10.1.1.101:8009: connect: connection timed out

... (and some most recent logs just before server exited)

2023-10-23T20:27:22+04:00 INFO [shadowsocks] TCP proxying 172.21.0.1:44920 to 1.1.1.1:53
2023-10-23T20:27:23+04:00 INFO [shadowsocks] UDP proxying 172.21.0.1:41649 to 74.125.8.72:443
2023-10-23T20:27:24+04:00 INFO [shadowsocks] TCP proxying 172.21.0.1:44922 to 74.125.8.72:443
2023-10-23T20:27:26+04:00 INFO [shadowsocks] UDP proxying 172.21.0.1:35086 to 104.110.191.24:443
2023-10-23T20:27:40+04:00 INFO [shadowsocks] UDP server exited
2023-10-23T20:27:40+04:00 INFO [shadowsocks] TCP server exited
2023-10-23T20:27:40+04:00 ERROR [shadowsocks] connection from 172.21.0.1:41649: reading packet: repeated salt detected: possible replay attack, dropping the packet
2023-10-23T20:27:40+04:00 INFO [shadowsocks] retrying in 10s

... (server is stopped now and no ports 8388 listen)

Share your configuration

version: "3"
services:
  gluetun:
    image: ghcr.io/qdm12/gluetun:latest
    container_name: gluetun
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - ./gluetun:/gluetun
      - VPN_SERVICE_PROVIDER=cyberghost
      - VPN_TYPE=openvpn
      - OPENVPN_PROTOCOL=tcp
      - OPENVPN_VERBOSITY=3
      - OPENVPN_CIPHERS=CHACHA20-POLY1305
      - OPENVPN_ROOT=no
      - OPENVPN_AUTH=sha256
      - OPENVPN_USER=###
      - OPENVPN_PASSWORD=###
      - SERVER_COUNTRIES=###
      - SHADOWSOCKS=on
      - SHADOWSOCKS_LOG=on
      - SHADOWSOCKS_PASSWORD=###
      - HTTPPROXY=on
      - HTTPPROXY_LOG=on
      - HTTPPROXY_STEALTH=on
      - BLOCK_SURVEILLANCE=on
      - BLOCK_ADS=on
      - UPDATER_PERIOD=12h

[prostopasta]

Updating here. I find out that issue only happened with one app while YouTube is running. So, if no one else having similar issues, I suggest closing this issue as very rare to occur.

Also, I implemented the following workaround by restarting the container in case of HTTP Proxy or Shadowsocks server stopped for any reasons. Hope it will help to resolve the issue for anyone else having similar issues.

Add the healthcheck like this to your docker-compose.yml file:

            test: netstat -tunpl | grep -E "(8388|8888)" | [ `wc -l` == 3 ] || kill 1
            interval: 10s
            retries: 2
            start_period: 60s
            timeout: 1s

Basically, this shell command counts the number of lines in your output for listen ports 8388/udp, 8388/tcp, 8888/tcp and if number is less than 3 it will stop the container. You need to make sure you have added the restart: always or restart: unless-stopped

[qdm12]

That's a bug in my shadowsocks server code, when it encounters reading packet: repeated salt detected: possible replay attack, dropping the packet, it considers it as a fatal error and exits, which it shouldn't. This is fixed in Gluetun in commit 26e1c92841d3184a6b353a2e180d337106338f2d and it should also now log out the fatal error in case one of the server (like UDP server) crashes. Please ideally try your app again to check if it works out 😉

[blixten85]

I am getting this too! The http proxy works with my browser tho, but the shadowsocks (socks5) does not work with my qbittorrent client. I am getting tons of these EOF.

2024-06-05T12:31:34+02:00 ERROR [shadowsocks] connection from 172.18.0.1:60448: reading target address: unexpected EOF 2024-06-05T12:36:20+02:00 ERROR [shadowsocks] connection from 172.18.0.1:56096: reading target address: unexpected EOF

2024-06-05T12:30:47+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-06-05T12:30:47+02:00 INFO [routing] local ethernet link found: eth0
2024-06-05T12:30:47+02:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-06-05T12:30:47+02:00 INFO [firewall] enabling...
2024-06-05T12:30:47+02:00 INFO [firewall] enabled successfully
2024-06-05T12:30:48+02:00 INFO [storage] merging by most recent 19425 hardcoded servers and 19425 servers read from /gluetun/servers.json
2024-06-05T12:30:49+02:00 INFO Alpine version: 3.19.1
2024-06-05T12:30:49+02:00 INFO OpenVPN 2.5 version: 2.5.8
2024-06-05T12:30:49+02:00 INFO OpenVPN 2.6 version: 2.6.8
2024-06-05T12:30:49+02:00 INFO Unbound version: 1.20.0
2024-06-05T12:30:49+02:00 INFO IPtables version: v1.8.10
2024-06-05T12:30:49+02:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       └── OpenVPN server selection settings:
|   |           ├── Protocol: UDP
|   |           └── Custom configuration file: /gluetun/custom.conf
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Custom configuration file: /gluetun/custom.conf
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   ├── Enabled: yes
|   ├── Listening address: :8388
|   ├── Cipher: chacha20-ietf-poly1305
|   ├── Password: [set]
|   └── Log addresses: no
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :8888
|   ├── User:
|   ├── Password: [not set]
|   ├── Stealth mode: no
|   ├── Log: no
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Europe/Stockholm
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-06-05T12:30:49+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-06-05T12:30:49+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-05T12:30:49+02:00 INFO [firewall] setting allowed subnets...
2024-06-05T12:30:49+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-06-05T12:30:49+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-06-05T12:30:49+02:00 INFO [http proxy] listening on :8888
2024-06-05T12:30:49+02:00 INFO [http server] http server listening on [::]:8000
2024-06-05T12:30:49+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-05T12:30:49+02:00 INFO [firewall] allowing VPN connection...
2024-06-05T12:30:49+02:00 INFO [shadowsocks] listening TCP on [::]:8388
2024-06-05T12:30:49+02:00 INFO [shadowsocks] listening UDP on [::]:8388
2024-06-05T12:30:49+02:00 INFO [openvpn] DEPRECATED OPTION: --cipher set to 'aes-256-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-06-05T12:30:49+02:00 INFO [openvpn] OpenVPN 2.6.8 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-05T12:30:49+02:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-05T12:30:49+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]85.24.253.34:1198
2024-06-05T12:30:49+02:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-05T12:30:49+02:00 INFO [openvpn] UDPv4 link remote: [AF_INET]85.24.253.34:1198
2024-06-05T12:30:49+02:00 INFO [openvpn] [integrityvpn] Peer Connection Initiated with [AF_INET]85.24.253.34:1198
2024-06-05T12:30:49+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.8)
2024-06-05T12:30:49+02:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-05T12:30:49+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1400
2024-06-05T12:30:49+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-05T12:30:49+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.251.24.198/24
2024-06-05T12:30:49+02:00 INFO [openvpn] UID set to nonrootuser
2024-06-05T12:30:49+02:00 INFO [openvpn] Initialization Sequence Completed
2024-06-05T12:30:49+02:00 INFO [healthcheck] healthy!
2024-06-05T12:30:49+02:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-06-05T12:30:50+02:00 INFO [dns] downloading hostnames and IP block lists
2024-06-05T12:30:55+02:00 INFO [dns] init module 0: validator
2024-06-05T12:30:55+02:00 INFO [dns] init module 1: iterator
2024-06-05T12:30:55+02:00 INFO [dns] start of service (unbound 1.20.0).
2024-06-05T12:30:55+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-05T12:30:55+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-05T12:30:55+02:00 INFO [dns] ready
2024-06-05T12:30:55+02:00 INFO [ip getter] Public IP address is 85.24.253.35 (Sweden, Stockholm, Stockholm)
2024-06-05T12:30:56+02:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-06-05T12:31:34+02:00 ERROR [shadowsocks] connection from 172.18.0.1:60448: reading target address: unexpected EOF

docker run -d \
    --name=gluetun \
    --sysctl net.ipv6.conf.all.disable_ipv6=1 \
    --cap-add NET_ADMIN \
    --device /dev/net/tun:/dev/net/tun \
    -p 8888:8888/tcp \
    -p 8388:8388/tcp \
    -p 8388:8388/udp \
    -v /storage/.config/dockers/gluetun/config:/gluetun \
    -e HTTPPROXY=on \
    -e HTTPPROXY_LISTENING_ADDRESS=:8888 \
    -e SHADOWSOCKS=on \
    -e SHADOWSOCKS_LISTENING_ADDRESS=:8388 \
    -e SHADOWSOCKS_PASSWORD=password \
    -e SHADOWSOCKS_CIPHER=chacha20-ietf-poly1305 \
    -e DOT_IPV6=false \
    -e VPN_SERVICE_PROVIDER=custom \
    -e VPN_TYPE=openvpn \
    -e OPENVPN_USER=user \
    -e OPENVPN_PASSWORD=password \
    -e OPENVPN_CUSTOM_CONFIG=/gluetun/custom.conf \
    -e TZ=Europe/Stockholm \
    -e UPDATER_PERIOD=24h \
    --restart unless-stopped \
    --network lsio \
    qmcgaw/gluetun