search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.69k stars 359 forks source link

Bug: outbound subnet is public: 172.50.0.0/16 #2083

Closed soxfor closed 8 months ago

soxfor commented 8 months ago

Is this urgent?

None

Host OS

Ubuntu 22.04

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-01-29T18:29:14.880Z (commit 6b9c775)

What's the problem πŸ€”

Startup failing since commit 6b9c775 Perhaps another class of priv. subnet space is missing? 172.16.0.0 to 172.31.255.255

Share your logs (at least 10 lines)

Running version latest built on 2024-01-29T18:29:14.880Z (commit 6b9c775)

πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new
πŸ› Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-01-30T11:49:58Z INFO [routing] default route found: interface eth0, gateway 172.50.0.1, assigned IP 172.50.0.254 and family v4
2024-01-30T11:49:58Z INFO [routing] local ethernet link found: eth0
2024-01-30T11:49:58Z INFO [routing] local ipnet found: 172.50.0.0/24
2024-01-30T11:49:58Z INFO [firewall] enabling...
2024-01-30T11:49:58Z INFO [firewall] enabled successfully
2024-01-30T11:49:58Z INFO [storage] merging by most recent 17743 hardcoded servers and 17743 servers read from /gluetun/servers.json
2024-01-30T11:49:59Z ERROR firewall settings: outbound subnet is public: 172.50.0.0/16

Share your configuration

version: "3"
services:
  protonvpn:
    image: ghcr.io/qdm12/gluetun:latest
    container_name: protonvpn
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - /ztank/docker-volumes/protonvpn-vol0:/gluetun
      - /ztank/docker-volumes/protonvpn-vol0/iptables/post-rules.txt:/iptables/post-rules.txt
    environment:
      - SHADOWSOCKS=on
      - SHADOWSOCKS_PASSWORD=**
      - HTTPPROXY=on
      - HTTPPROXY_STEALTH=on
      - HTTPPROXY_USER=**
      - HTTPPROXY_PASSWORD=**
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      #- FIREWALL_VPN_INPUT_PORTS=
      - FIREWALL_OUTBOUND_SUBNETS=172.50.0.0/16
      - VPN_ENDPOINT_IP=**
      - VPN_ENDPOINT_PORT=**
      - WIREGUARD_PUBLIC_KEY=**
      - WIREGUARD_PRIVATE_KEY=**
      - WIREGUARD_ADDRESSES=10.2.0.2/32
    ports:
      - 6501:6501/tcp
      - 7474:7474/tcp
      - 8080:8080/tcp
      - 8388:8388/tcp
      - 8388:8388/udp
      - 8888:8888/tcp
    networks:
      external:
        ipv4_address: 172.50.0.254
    labels:
      - com.centurylinklabs.watchtower.monitor-only=true
soxfor commented 8 months ago