search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.52k stars 355 forks source link

Bug: [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 192.168.160.2:38205->1.1.1.1:53: write: operation not permitted #2125

Closed Sephiphi closed 5 months ago

Sephiphi commented 7 months ago

Is this urgent?

No

Host OS

Debian Bookworm

CPU arch

x86_64

VPN service provider

Mullvad

What are you using to run the container

Portainer

What is the version of Gluetun

Running version latest built on 2024-02-21T17:01:05.694Z (commit a20695f)

What's the problem 🤔

Hello, My VPN container doesn't want to start.

I always have a "write: operation not permitted" error during write udp tentatives. Currently these 3 errors are preventing my container to launch correctly :

WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: write udp 192.168.160.2:39263->1.1.1.1:53: write: operation not permitted

ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": dial tcp: lookup api.github.com on 1.1.1.1:53: write udp 192.168.160.2:41382->1.1.1.1:53: write: operation not permitted

ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 192.168.160.2:38205->1.1.1.1:53: write: operation not permitted - retrying in 5s

Thank you for your help.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-02-21T17:01:05.694Z (commit a20695f)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-02-24T01:01:28+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.160.1, assigned IP 192.168.160.2 and family v4
2024-02-24T01:01:28+01:00 INFO [routing] local ethernet link found: eth0
2024-02-24T01:01:28+01:00 INFO [routing] local ipnet found: 192.168.160.0/20
2024-02-24T01:01:28+01:00 INFO [firewall] enabling...
2024-02-24T01:01:28+01:00 INFO [firewall] enabled successfully
2024-02-24T01:01:29+01:00 INFO [storage] merging by most recent 17820 hardcoded servers and 17820 servers read from /gluetun/servers.json
2024-02-24T01:01:29+01:00 INFO Alpine version: 3.18.6
2024-02-24T01:01:29+01:00 INFO OpenVPN 2.5 version: 2.5.8
2024-02-24T01:01:29+01:00 INFO OpenVPN 2.6 version: 2.6.8
2024-02-24T01:01:29+01:00 INFO Unbound version: 1.19.1
2024-02-24T01:01:29+01:00 INFO IPtables version: v1.8.9
2024-02-24T01:01:29+01:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: mullvad
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Cities: vienna
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: 8Fa...W4=
|       ├── Interface addresses:
|       |   └── 10.69.229.46/32
|       ├── Allowed IPs:
|       |   └── 192.168.2.0/24
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: europe/paris
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
├── Server data updater settings:
|   ├── Update period: 24h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: mullvad
└── Version settings:
    └── Enabled: yes
2024-02-24T01:01:29+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.160.1, assigned IP 192.168.160.2 and family v4
2024-02-24T01:01:29+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-02-24T01:01:29+01:00 INFO [firewall] setting allowed subnets...
2024-02-24T01:01:29+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.160.1, assigned IP 192.168.160.2 and family v4
2024-02-24T01:01:29+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-02-24T01:01:29+01:00 INFO [http server] http server listening on [::]:8000
2024-02-24T01:01:29+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-02-24T01:01:29+01:00 INFO [firewall] allowing VPN connection...
2024-02-24T01:01:29+01:00 INFO [wireguard] Using available kernelspace implementation
2024-02-24T01:01:29+01:00 INFO [wireguard] Connecting to 146.70.116.130:51820
2024-02-24T01:01:29+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-02-24T01:01:29+01:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-02-24T01:01:29+01:00 WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: write udp 192.168.160.2:39263->1.1.1.1:53: write: operation not permitted
2024-02-24T01:01:29+01:00 INFO [dns] attempting restart in 10s
2024-02-24T01:01:29+01:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": dial tcp: lookup api.github.com on 1.1.1.1:53: write udp 192.168.160.2:41382->1.1.1.1:53: write: operation not permitted
2024-02-24T01:01:29+01:00 ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 192.168.160.2:38205->1.1.1.1:53: write: operation not permitted - retrying in 5s

Share your configuration

version: "3"
services:
  vpn:
    image: qmcgaw/gluetun:latest
    container_name: vpn
    privileged: true
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - net_admin
    devices:
      - /dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8088:8088/tcp # qbittorrent UI
      - 51820:51820/tcp
      - 51820:51820/udp
    volumes:
      - /opt/gluetun:/gluetun
    environment:

      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      # Wireguard:
      - WIREGUARD_PRIVATE_KEY=XXXXXXXXX
      - WIREGUARD_ADDRESSES=10.69.229.46/32
      - WIREGUARD_ALLOWED_IPS=192.168.2.0/24
      - SERVER_CITIES=Vienna
      #- HEALTH_ADDRESS_TO_PING=1.1.1.1
      # Timezone for accurate log times
      - TZ=Europe/Paris
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h

  qbittorrent:
    image: linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: service:vpn
    environment:
      - WEBUI_PORT=8088
      - PUID=1000
      - PGID=1000
      - UMASK=002
    volumes:
      - qbittorrent_config:/config
      - downloads:/downloads
    #depends_on:
    #  - vpn
    restart: always
volumes:
    qbittorrent_config:
      external: true
      name: qbittorrent_config
    downloads:
      driver_opts:
        type: cifs    
        device: //192.168.2.13/downloads
        o: username=XXXXXXX,password=XXXXXXX,vers=3.0,uid=1000,gid=1000,iocharset=utf8
kristof-mattei commented 7 months ago

Same issue here. Noticed no releases lately of the docker container. I wonder if something else on my server changed.

qdm12 commented 6 months ago

That's probably just the firewall blocking it, because the VPN connection doesn't work. Don't you get the internal healthcheck trying to restart the VPN connection? 🤔

qdm12 commented 5 months ago

Closing due to inactivity, and also have a look #2154 if you still have the problem.

Also for future readers, there "3 errors" are not the cause, but the consequence of the VPN not working and the firewall blocking them correctly.

github-actions[bot] commented 5 months ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.