search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.52k stars 355 forks source link

Bug: When DOT is enable gluetun can't resolve domain, "unblock" parameters seems not to work #2170

Closed k-matti closed 6 months ago

k-matti commented 6 months ago

Is this urgent?

No

Host OS

Unraid

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

Unraid

What is the version of Gluetun

2024-03-07T12:32:25.391Z (commit 3254fc8)

What's the problem πŸ€”

When DOT is on: 1 When DOT Is off: 3

Setting Unblock parameters does nothing: 2

Share your logs (at least 10 lines)

root@Tower:~# docker logs GluetunVPN
========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-03-07T12:32:25.391Z (commit 3254fc8)

πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new
πŸ› Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-03-20T10:35:57+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.0.1, assigned IP 192.168.0.22 and family v4
2024-03-20T10:35:57+01:00 INFO [routing] local ethernet link found: eth0
2024-03-20T10:35:57+01:00 INFO [routing] local ipnet found: 192.168.0.0/24
2024-03-20T10:35:57+01:00 INFO [firewall] enabling...
2024-03-20T10:35:57+01:00 INFO [firewall] enabled successfully
2024-03-20T10:35:57+01:00 INFO [storage] merging by most recent 17820 hardcoded servers and 17820 servers read from /gluetun/servers.json
2024-03-20T10:35:57+01:00 INFO Alpine version: 3.18.6
2024-03-20T10:35:57+01:00 INFO OpenVPN 2.5 version: 2.5.8
2024-03-20T10:35:57+01:00 INFO OpenVPN 2.6 version: 2.6.8
2024-03-20T10:35:57+01:00 INFO Unbound version: 1.19.1
2024-03-20T10:35:57+01:00 INFO IPtables version: v1.8.9
2024-03-20T10:35:57+01:00 INFO Settings summary:
β”œβ”€β”€ VPN settings:
|   β”œβ”€β”€ VPN provider settings:
|   |   β”œβ”€β”€ Name: airvpn
|   |   └── Server selection settings:
|   |       β”œβ”€β”€ VPN type: wireguard
|   |       β”œβ”€β”€ Countries: germany
|   |       β”œβ”€β”€ Cities: frankfurt
|   |       β”œβ”€β”€ Server names: veritate
|   |       └── Wireguard selection settings:
|   |           └── Endpoint port: 1637
|   └── Wireguard settings:
|       β”œβ”€β”€ Private key: kKQ...2Y=
|       β”œβ”€β”€ Pre-shared key: nwl...NY=
|       β”œβ”€β”€ Interface addresses:
|       |   └── 10.172.156.123/32
|       β”œβ”€β”€ Allowed IPs:
|       |   β”œβ”€β”€ 0.0.0.0/0
|       |   └── ::/0
|       β”œβ”€β”€ Network interface: wg0
|       |   └── MTU: 1400
|       └── Implementation: kernelspace
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Unbound settings:
|       |   β”œβ”€β”€ Authoritative servers:
|       |   |   └── cloudflare
|       |   β”œβ”€β”€ Caching: no
|       |   β”œβ”€β”€ IPv6: no
|       |   β”œβ”€β”€ Verbosity level: 1
|       |   β”œβ”€β”€ Verbosity details level: 0
|       |   β”œβ”€β”€ Validation log level: 0
|       |   β”œβ”€β”€ System user: root
|       |   └── Allowed networks:
|       |       β”œβ”€β”€ 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: no
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           β”œβ”€β”€ Allowed hosts:
|           |   └── ntfy.*****.cloud
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   β”œβ”€β”€ Enabled: yes
|   └── VPN input ports:
|       └── 7239
β”œβ”€β”€ Log settings:
|   └── Log level: INFO
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: github.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   └── Enabled: no
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: :8000
|   └── Logging: yes
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1000
|   β”œβ”€β”€ Process GID: 1000
|   └── Timezone: europe/warsaw
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ Fetching: every 12h0m0s
|   β”œβ”€β”€ IP file path: /gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-03-20T10:35:57+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.0.1, assigned IP 192.168.0.22 and family v4
2024-03-20T10:35:57+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-03-20T10:35:57+01:00 INFO [firewall] setting allowed subnets...
2024-03-20T10:35:57+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.0.1, assigned IP 192.168.0.22 and family v4
2024-03-20T10:35:57+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-03-20T10:35:57+01:00 INFO [http server] http server listening on [::]:8000
2024-03-20T10:35:57+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-03-20T10:35:57+01:00 INFO [firewall] allowing VPN connection...
2024-03-20T10:35:57+01:00 INFO [wireguard] Connecting to 178.162.204.222:1637
2024-03-20T10:35:57+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-03-20T10:35:57+01:00 INFO [firewall] setting allowed input port 7239 through interface wg0...
2024-03-20T10:35:57+01:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-03-20T10:35:58+01:00 INFO [healthcheck] healthy!
2024-03-20T10:35:59+01:00 INFO [dns] downloading hostnames and IP block lists
2024-03-20T10:36:00+01:00 INFO [dns] init module 0: validator
2024-03-20T10:36:00+01:00 INFO [dns] init module 1: iterator
2024-03-20T10:36:00+01:00 INFO [dns] start of service (unbound 1.19.1).
2024-03-20T10:36:00+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-03-20T10:36:00+01:00 INFO [dns] ready
2024-03-20T10:36:00+01:00 INFO [vpn] You are running 5 commits behind the most recent latest
2024-03-20T10:36:00+01:00 INFO [ip getter] Public IP address is 178.162.204.238 (Germany, Hesse, Frankfurt am Main)

Share your configuration

No response

k-matti commented 6 months ago

Found temporary solution: remove 192.168.0.0/16 from DOT_PRIVATE_ADDRESS

Would be great to add new option to exclude single IPs for DOT_PRIVATE_ADDRESS

What is UNBLOCK parameter for then?

github-actions[bot] commented 6 months ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.