search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.35k stars 349 forks source link

Bug: Requests getting blocked on Gluetun #2038

Open WINOFFRG opened 8 months ago

WINOFFRG commented 8 months ago

Is this urgent?

Yes

Host OS

Ubuntu LTS v20

CPU arch

x86_64

VPN service provider

Custom

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-01-01T18:24:19.221Z (commit c826707)

What's the problem πŸ€”

I am using Gluetun becasue the service which I am trying to access on server get's blocked because of country/region. For the same, I have a custom OpenVPN config which allows my IP to get unblocked. So, on local environment if I connect to the VPN and make HTTP request to the endpoint, It works fine. However, when running gluetun in proxy mode and forwarding the same HTTP request to that proxy container, the request somehow gets blocked. I have verified that no extra headers are being sent and there is no change in request data. The same is not just happening with OpenVPN but with VPN Providers like Surfshark or Proton as well.

Note the HTTP Code 475 in logs, The exact same request works when I am running the same OpenVPN config on desktop via Connect and make the HTTP request via application.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-01-01T18:24:19.221Z (commit c826707)

πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new
πŸ› Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-01-08T23:12:13Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-01-08T23:12:13Z INFO [routing] local ethernet link found: eth0
2024-01-08T23:12:13Z INFO [routing] local ipnet found: 172.18.0.0/16
2024-01-08T23:12:13Z INFO [firewall] enabling...
2024-01-08T23:12:13Z INFO [firewall] enabled successfully
2024-01-08T23:12:14Z INFO [storage] creating /gluetun/servers.json with 17743 hardcoded servers
2024-01-08T23:12:14Z INFO Alpine version: 3.18.5
2024-01-08T23:12:14Z INFO OpenVPN 2.5 version: 2.5.8
2024-01-08T23:12:14Z INFO OpenVPN 2.6 version: 2.6.8
2024-01-08T23:12:14Z INFO Unbound version: 1.17.1
2024-01-08T23:12:14Z INFO IPtables version: v1.8.9
2024-01-08T23:12:14Z INFO Settings summary:
β”œβ”€β”€ VPN settings:
|   β”œβ”€β”€ VPN provider settings:
|   |   β”œβ”€β”€ Name: custom
|   |   └── Server selection settings:
|   |       β”œβ”€β”€ VPN type: wireguard
|   |       └── Wireguard selection settings:
|   |           β”œβ”€β”€ Endpoint IP address: 185.159.157.82
|   |           β”œβ”€β”€ Endpoint port: 51820
|   |           └── Server public key: QnqJI0C2xQZrKfZLrBaCHa2h3TZ9CBt6sCuzg3ue4X4=
|   └── Wireguard settings:
|       β”œβ”€β”€ Private key: gBd...Fw=
|       β”œβ”€β”€ Interface addresses:
|       |   └── 10.2.0.2/32
|       β”œβ”€β”€ Allowed IPs:
|       |   β”œβ”€β”€ 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Unbound settings:
|       |   β”œβ”€β”€ Authoritative servers:
|       |   |   └── cloudflare
|       |   β”œβ”€β”€ Caching: yes
|       |   β”œβ”€β”€ IPv6: no
|       |   β”œβ”€β”€ Verbosity level: 1
|       |   β”œβ”€β”€ Verbosity details level: 0
|       |   β”œβ”€β”€ Validation log level: 0
|       |   β”œβ”€β”€ System user: root
|       |   └── Allowed networks:
|       |       β”œβ”€β”€ 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: yes
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   └── Enabled: yes
β”œβ”€β”€ Log settings:
|   └── Log level: INFO
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: cloudflare.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   β”œβ”€β”€ Enabled: yes
|   β”œβ”€β”€ Listening address: :8888
|   β”œβ”€β”€ User: 
|   β”œβ”€β”€ Password: [not set]
|   β”œβ”€β”€ Stealth mode: yes
|   β”œβ”€β”€ Log: yes
|   β”œβ”€β”€ Read header timeout: 1s
|   └── Read timeout: 3s
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: :8000
|   └── Logging: yes
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1000
|   └── Process GID: 1000
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2024-01-08T23:12:14Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-01-08T23:12:14Z INFO [routing] adding route for 0.0.0.0/0
2024-01-08T23:12:14Z INFO [firewall] setting allowed subnets...
2024-01-08T23:12:14Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-01-08T23:12:14Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-01-08T23:12:14Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-01-08T23:12:14Z INFO [http proxy] listening on :8888
2024-01-08T23:12:14Z INFO [http server] http server listening on [::]:8000
2024-01-08T23:12:14Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-01-08T23:12:14Z INFO [firewall] allowing VPN connection...
2024-01-08T23:12:14Z INFO [wireguard] Using available kernelspace implementation
2024-01-08T23:12:14Z INFO [wireguard] Connecting to 185.159.157.82:51820
2024-01-08T23:12:14Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-01-08T23:12:14Z INFO [dns] downloading DNS over TLS cryptographic files
2024-01-08T23:12:16Z INFO [healthcheck] healthy!
2024-01-08T23:12:22Z INFO [dns] downloading hostnames and IP block lists
2024-01-08T23:12:30Z INFO [dns] init module 0: validator
2024-01-08T23:12:30Z INFO [dns] init module 1: iterator
2024-01-08T23:12:30Z INFO [dns] start of service (unbound 1.17.1).
2024-01-08T23:12:32Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-01-08T23:12:35Z INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-01-08T23:12:36Z INFO [dns] ready
2024-01-08T23:12:38Z INFO [healthcheck] healthy!
2024-01-08T23:12:39Z INFO [vpn] You are running on the bleeding edge of latest!
2024-01-08T23:12:42Z INFO [ip getter] Public IP address is MASKED_IP (India, Delhi, New Delhi)
2024-01-08T23:12:55Z INFO [http proxy] 172.18.0.1:34774 475  POST MASKED_URL

Share your configuration

version: "3"
services:
  protonvpn-in-proxy:
    image: qmcgaw/gluetun
    container_name: in-proxy
    devices:
      - /dev/net/tun:/dev/net/tun
    cap_add:
      - NET_ADMIN
    ports:
      - 7200:8888/tcp
    volumes:
      - ./data/wg-IN-1.conf:/gluetun/wireguard/wg0.conf
    environment:
      - HTTPPROXY=ON
      - HTTPPROXY_STEALTH=on
      - HTTPPROXY_LOG=on
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
shuplenkov commented 7 months ago

Have the same issue

casudo commented 6 months ago

Same here.