search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.52k stars 355 forks source link

Bug: endless loop of adding IPv6 rule and failing with file exists #1991

Closed bl4ko closed 9 months ago

bl4ko commented 10 months ago

Is this urgent?

None

Host OS

Rocky Linux

CPU arch

x86_64

VPN service provider

Surfshark

What are you using to run the container

Podman

What is the version of Gluetun

Running version latest built on 2023-11-08T10:11:52.918Z (commit 8318be3)

What's the problem 🤔

Sometimes container gets into an endless loop of adding IPv6 rule and failing with file exists . The problem is that to make container work again it has to be manually restarted via compose down and compose up commands.

Share your logs (at least 10 lines)

DEBUG GLUTUN

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2023-11-08T10:11:52.918Z (commit 8318be3)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-12-02T10:21:01Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.10 and family v4
2023-12-02T10:21:01Z INFO [routing] local ethernet link found: eth0
2023-12-02T10:21:01Z INFO [routing] local ipnet found: 172.18.0.0/16
2023-12-02T10:21:01Z INFO [routing] local ipnet found: fe80::/64
2023-12-02T10:21:02Z INFO [firewall] enabling...
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --policy INPUT DROP
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --policy OUTPUT DROP
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --policy FORWARD DROP
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --policy INPUT DROP
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --policy OUTPUT DROP
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --policy FORWARD DROP
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --append INPUT -i lo -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append INPUT -i lo -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --append OUTPUT -o lo -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o lo -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --append OUTPUT -o eth0 -s 172.18.0.10 -d 172.18.0.0/16 -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o eth0 -s fe80::3440:3bff:fe47:b8f0 -d fe80::/64 -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] iptables-nft --append INPUT -i eth0 -d 172.18.0.0/16 -j ACCEPT
2023-12-02T10:21:02Z DEBUG [firewall] ip6tables-nft --append INPUT -i eth0 -d fe80::/64 -j ACCEPT
2023-12-02T10:21:02Z INFO [firewall] enabled successfully
2023-12-02T10:21:02Z INFO [storage] merging by most recent 17689 hardcoded servers and 17689 servers read from /gluetun/servers.json
2023-12-02T10:21:03Z INFO Alpine version: 3.18.4
2023-12-02T10:21:03Z INFO OpenVPN 2.5 version: 2.5.8
2023-12-02T10:21:03Z INFO OpenVPN 2.6 version: 2.6.5
2023-12-02T10:21:03Z INFO Unbound version: 1.17.1
2023-12-02T10:21:03Z INFO IPtables version: v1.8.9
2023-12-02T10:21:03Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: surfshark
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Countries: slovenia
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: uJU...30=
|       ├── Interface addresses:
|       |   └── 10.14.0.2/16
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 0
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── Debug mode: on
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2023-12-02T10:21:03Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.10 and family v4
2023-12-02T10:21:03Z DEBUG [routing] ip rule add from 172.18.0.10/32 lookup 200 pref 100
2023-12-02T10:21:03Z INFO [routing] adding route for 0.0.0.0/0
2023-12-02T10:21:03Z DEBUG [routing] ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
2023-12-02T10:21:03Z INFO [firewall] setting allowed subnets...
2023-12-02T10:21:03Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.10 and family v4
2023-12-02T10:21:03Z DEBUG [routing] ip rule add to 172.18.0.0/16 lookup 254 pref 98
2023-12-02T10:21:03Z DEBUG [routing] ip rule add to fe80::/64 lookup 254 pref 98
2023-12-02T10:21:03Z INFO [dns] using plaintext DNS at address 1.1.1.1
2023-12-02T10:21:03Z INFO [http server] http server listening on [::]:8000
2023-12-02T10:21:03Z INFO [healthcheck] listening on 127.0.0.1:9999
2023-12-02T10:21:03Z INFO [firewall] allowing VPN connection...
2023-12-02T10:21:03Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.40 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:21:03Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:03Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:03Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:21:03Z INFO [wireguard] Connecting to 195.158.249.40:51820
2023-12-02T10:21:03Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:21:03Z INFO [vpn] retrying in 15s
2023-12-02T10:21:09Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:21:18Z INFO [firewall] allowing VPN connection...
2023-12-02T10:21:18Z DEBUG [firewall] iptables-nft --delete OUTPUT -d 195.158.249.40 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:21:18Z DEBUG [firewall] iptables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:18Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:18Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.59 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:21:18Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:18Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:18Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:21:18Z INFO [wireguard] Connecting to 195.158.249.59:51820
2023-12-02T10:21:18Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:21:18Z INFO [vpn] retrying in 30s
2023-12-02T10:21:20Z INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:21:36Z INFO [healthcheck] program has been unhealthy for 16s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:21:48Z INFO [firewall] allowing VPN connection...
2023-12-02T10:21:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -d 195.158.249.59 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:21:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:48Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:48Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.38 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:21:48Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:48Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:21:48Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:21:48Z INFO [wireguard] Connecting to 195.158.249.38:51820
2023-12-02T10:21:48Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:21:48Z INFO [vpn] retrying in 1m0s
2023-12-02T10:21:57Z INFO [healthcheck] program has been unhealthy for 21s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:22:23Z INFO [healthcheck] program has been unhealthy for 26s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:22:48Z INFO [firewall] allowing VPN connection...
2023-12-02T10:22:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -d 195.158.249.38 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:22:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:22:48Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:22:48Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.46 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:22:48Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:22:48Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:22:48Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:22:48Z INFO [wireguard] Connecting to 195.158.249.46:51820
2023-12-02T10:22:48Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:22:48Z INFO [vpn] retrying in 2m0s
2023-12-02T10:22:54Z INFO [healthcheck] program has been unhealthy for 31s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:23:30Z INFO [healthcheck] program has been unhealthy for 36s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:24:11Z INFO [healthcheck] program has been unhealthy for 41s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:24:48Z INFO [firewall] allowing VPN connection...
2023-12-02T10:24:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -d 195.158.249.46 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:24:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:24:48Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:24:48Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.38 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:24:48Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:24:48Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:24:48Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:24:48Z INFO [wireguard] Connecting to 195.158.249.38:51820
2023-12-02T10:24:48Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:24:48Z INFO [vpn] retrying in 4m0s
2023-12-02T10:24:57Z INFO [healthcheck] program has been unhealthy for 46s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:25:48Z INFO [healthcheck] program has been unhealthy for 51s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:26:44Z INFO [healthcheck] program has been unhealthy for 56s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:27:45Z INFO [healthcheck] program has been unhealthy for 1m1s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:28:48Z INFO [firewall] allowing VPN connection...
2023-12-02T10:28:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -d 195.158.249.38 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:28:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:28:48Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:28:48Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.59 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:28:48Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:28:48Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:28:48Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:28:48Z INFO [wireguard] Connecting to 195.158.249.59:51820
2023-12-02T10:28:48Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:28:48Z INFO [vpn] retrying in 8m0s
2023-12-02T10:28:51Z INFO [healthcheck] program has been unhealthy for 1m6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:30:02Z INFO [healthcheck] program has been unhealthy for 1m11s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:31:18Z INFO [healthcheck] program has been unhealthy for 1m16s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:32:39Z INFO [healthcheck] program has been unhealthy for 1m21s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:34:05Z INFO [healthcheck] program has been unhealthy for 1m26s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:35:36Z INFO [healthcheck] program has been unhealthy for 1m31s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:36:48Z INFO [firewall] allowing VPN connection...
2023-12-02T10:36:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -d 195.158.249.59 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:36:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:36:48Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:36:48Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.46 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:36:48Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:36:48Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:36:48Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:36:48Z INFO [wireguard] Connecting to 195.158.249.46:51820
2023-12-02T10:36:48Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:36:48Z INFO [vpn] retrying in 16m0s
2023-12-02T10:37:12Z INFO [healthcheck] program has been unhealthy for 1m36s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:38:53Z INFO [healthcheck] program has been unhealthy for 1m41s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:40:39Z INFO [healthcheck] program has been unhealthy for 1m46s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:42:30Z INFO [healthcheck] program has been unhealthy for 1m51s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:44:26Z INFO [healthcheck] program has been unhealthy for 1m56s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:46:27Z INFO [healthcheck] program has been unhealthy for 2m1s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:48:33Z INFO [healthcheck] program has been unhealthy for 2m6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:50:44Z INFO [healthcheck] program has been unhealthy for 2m11s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:52:48Z INFO [firewall] allowing VPN connection...
2023-12-02T10:52:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -d 195.158.249.46 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:52:48Z DEBUG [firewall] iptables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:52:48Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:52:48Z DEBUG [firewall] iptables-nft --append OUTPUT -d 195.158.249.48 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2023-12-02T10:52:48Z DEBUG [firewall] iptables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:52:48Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2023-12-02T10:52:48Z INFO [wireguard] Using available kernelspace implementation
2023-12-02T10:52:48Z INFO [wireguard] Connecting to 195.158.249.48:51820
2023-12-02T10:52:48Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2023-12-02T10:52:48Z INFO [vpn] retrying in 32m0s
2023-12-02T10:53:00Z INFO [healthcheck] program has been unhealthy for 2m16s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:55:21Z INFO [healthcheck] program has been unhealthy for 2m21s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T10:57:47Z INFO [healthcheck] program has been unhealthy for 2m26s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:00:18Z INFO [healthcheck] program has been unhealthy for 2m31s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:02:54Z INFO [healthcheck] program has been unhealthy for 2m36s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:05:35Z INFO [healthcheck] program has been unhealthy for 2m41s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:08:21Z INFO [healthcheck] program has been unhealthy for 2m46s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:11:12Z INFO [healthcheck] program has been unhealthy for 2m51s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:14:08Z INFO [healthcheck] program has been unhealthy for 2m56s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:17:09Z INFO [healthcheck] program has been unhealthy for 3m1s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2023-12-02T11:20:15Z INFO [healthcheck] program has been unhealthy for 3m6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)

Share your configuration

services:
  vpn:
    container_name: vpn
    image: docker.io/qmcgaw/gluetun:latest
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=surfshark
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=${WIREGUARD_KEY}
      - WIREGUARD_ADDRESSES=${WIREGUARD_ADDRESSES}
      - SERVER_COUNTRIES=Slovenia
      - FIREWALL_DEBUG=on
      - DOT_VERBOSITY=0
    networks:
      - media_network
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8080:8080
      - 6881:6881
      - 6881:6881/udp
      - 9696:9696
    restart: "unless-stopped"

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    depends_on:
      - vpn
    network_mode: service:vpn 
    restart: "unless-stopped"

  prowlarr:
    image: lscr.io/linuxserver/prowlarr:latest
    depends_on:
      - vpn
    network_mode: service:vpn
    restart: unless-stopped

networks:
  media_network:
    external: true
qdm12 commented 9 months ago

Can you run it with LOG_LEVEL=debug? It would show how it's cleaning up after Wireguard fails.

However, I noticed the first time it tries to connect to Wireguard it directly fails with that particular line:

2023-12-02T10:21:03Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists

Why is the ip rule existing on a fresh container? Or did you remove some logs before?

bl4ko commented 9 months ago

Today the error occured again on german location. Now seeing the debug.txt logs I think this is a selinux issue

$ sudo grep AVC /var/log/audit/audit.log | ausearch -i
type=AVC msg=audit(12/20/2023 15:47:27.644:166) : avc:  denied  { watch } for  pid=1909 comm=gluetun-entrypo path=/run/wireguard/tun0.sock dev="overlay" ino=5905581338 scontext=system_u:system_r:container_t:s0:c521,c664 tcontext=system_u:object_r:container_file_t:s0:c521,c664 tclass=sock_file permissive=0
qdm12 commented 9 months ago

Did you figure it out in the end? That's kind of strange file exists is the error if it's due to SELinux, I would expect rather a permission denied kind of error 🤔 Also happy new year!