Closed bl4ko closed 9 months ago
Can you run it with LOG_LEVEL=debug
? It would show how it's cleaning up after Wireguard fails.
However, I noticed the first time it tries to connect to Wireguard it directly fails with that particular line:
2023-12-02T10:21:03Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
Why is the ip rule existing on a fresh container? Or did you remove some logs before?
Today the error occured again on german location. Now seeing the debug.txt logs I think this is a selinux issue
$ sudo grep AVC /var/log/audit/audit.log | ausearch -i
type=AVC msg=audit(12/20/2023 15:47:27.644:166) : avc: denied { watch } for pid=1909 comm=gluetun-entrypo path=/run/wireguard/tun0.sock dev="overlay" ino=5905581338 scontext=system_u:system_r:container_t:s0:c521,c664 tcontext=system_u:object_r:container_file_t:s0:c521,c664 tclass=sock_file permissive=0
Did you figure it out in the end? That's kind of strange file exists
is the error if it's due to SELinux, I would expect rather a permission denied kind of error 🤔
Also happy new year!
Is this urgent?
None
Host OS
Rocky Linux
CPU arch
x86_64
VPN service provider
Surfshark
What are you using to run the container
Podman
What is the version of Gluetun
Running version latest built on 2023-11-08T10:11:52.918Z (commit 8318be3)
What's the problem 🤔
Sometimes container gets into an endless loop of adding IPv6 rule and failing with file exists . The problem is that to make container work again it has to be manually restarted via
compose down
andcompose up
commands.Share your logs (at least 10 lines)
Share your configuration