search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.71k stars 331 forks source link

Family Not Supported By Protocol #2213

Closed StudentOf33 closed 2 months ago

StudentOf33 commented 2 months ago

Is this urgent?

No

Host OS

Ubuntu 22.04 (WSL2 Host)

CPU arch

x86_64

VPN service provider

Private Internet Access

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-04-02T14:51:42.917Z (commit 9821007)

What's the problem πŸ€”

I am having a strange issue that I cannot seem to figure out while running Gluetun under Ubuntu 22.04 on WSL2. I originally had my configuration working flawlessly with Docker Desktop installed, but have since removed it in favor of Portainer and native Docker Engine installed to the Ubuntu host.

I've ensured that IPv6 is enabled via /etc/docker/daemon.json is enabled along with ip6tables, but I am not entirely sure that is the root cause of the issue. What is strange is that as soon as I reinstall Docker Desktop and execute this same configuration, it connects to PIA without issue and works as intended. I believe this may be related to my Ubuntu host in WSL2, but cannot seem to pinpoint this issue. Any help would be greatly appreciated!

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-04-02T14:51:42.917Z (commit 9821007)

πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new
πŸ› Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-04-06T21:56:10-04:00 WARN You are using the old environment variable HTTPPROXY_LOG, please consider changing it to HTTPPROXY_LOG
2024-04-06T21:56:10-04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-04-06T21:56:10-04:00 INFO [routing] local ethernet link found: eth0
2024-04-06T21:56:10-04:00 INFO [routing] local ipnet found: 172.19.0.0/16
2024-04-06T21:56:10-04:00 INFO [routing] local ipnet found: fe80::/64
2024-04-06T21:56:10-04:00 INFO [routing] local ipnet found: ff00::/8
2024-04-06T21:56:10-04:00 INFO [firewall] enabling...
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -s fe80::42:acff:fe13:2 -d fe80::/64 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -s fe80::42:acff:fe13:2 -d ff00::/8 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append INPUT -i eth0 -d fe80::/64 -j ACCEPT
2024-04-06T21:56:10-04:00 DEBUG [firewall] ip6tables --append INPUT -i eth0 -d ff00::/8 -j ACCEPT
2024-04-06T21:56:10-04:00 INFO [firewall] enabled successfully
2024-04-06T21:56:11-04:00 INFO [storage] merging by most recent 19476 hardcoded servers and 19456 servers read from /gluetun/servers.json
2024-04-06T21:56:11-04:00 INFO [storage] Using private internet access servers from file which are 43 days more recent
2024-04-06T21:56:11-04:00 INFO Alpine version: 3.18.6
2024-04-06T21:56:11-04:00 INFO OpenVPN 2.5 version: 2.5.8
2024-04-06T21:56:11-04:00 INFO OpenVPN 2.6 version: 2.6.8
2024-04-06T21:56:11-04:00 INFO Unbound version: 1.19.3
2024-04-06T21:56:11-04:00 INFO IPtables version: v1.8.9
2024-04-06T21:56:11-04:00 INFO Settings summary:
β”œβ”€β”€ VPN settings:
|   β”œβ”€β”€ VPN provider settings:
|   |   β”œβ”€β”€ Name: private internet access
|   |   └── Server selection settings:
|   |       β”œβ”€β”€ VPN type: openvpn
|   |       β”œβ”€β”€ Regions: US East
|   |       └── OpenVPN server selection settings:
|   |           β”œβ”€β”€ Protocol: UDP
|   |           └── Private Internet Access encryption preset: strong
|   └── OpenVPN settings:
|       β”œβ”€β”€ OpenVPN version: 2.5
|       β”œβ”€β”€ User: [set]
|       β”œβ”€β”€ Password: [set]
|       β”œβ”€β”€ Private Internet Access encryption preset: strong
|       β”œβ”€β”€ Network interface: tun0
|       β”œβ”€β”€ Run OpenVPN as: root
|       └── Verbosity level: 1
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Unbound settings:
|       |   β”œβ”€β”€ Authoritative servers:
|       |   |   └── cloudflare
|       |   β”œβ”€β”€ Caching: yes
|       |   β”œβ”€β”€ IPv6: no
|       |   β”œβ”€β”€ Verbosity level: 1
|       |   β”œβ”€β”€ Verbosity details level: 0
|       |   β”œβ”€β”€ Validation log level: 0
|       |   β”œβ”€β”€ System user: root
|       |   └── Allowed networks:
|       |       β”œβ”€β”€ 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: yes
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   β”œβ”€β”€ Enabled: yes
|   └── Debug mode: on
β”œβ”€β”€ Log settings:
|   └── Log level: info
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: cloudflare.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   └── Enabled: no
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: localhost:8001
|   └── Logging: yes
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1000
|   β”œβ”€β”€ Process GID: 1000
|   └── Timezone: America/New_York
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ Fetching: every 12h0m0s
|   β”œβ”€β”€ IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
β”œβ”€β”€ Server data updater settings:
|   β”œβ”€β”€ Update period: 24h0m0s
|   β”œβ”€β”€ DNS address: 1.1.1.1:53
|   β”œβ”€β”€ Minimum ratio: 0.8
|   └── Providers to update: private internet access
└── Version settings:
    └── Enabled: yes
2024-04-06T21:56:11-04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-04-06T21:56:11-04:00 DEBUG [routing] ip rule add from 172.19.0.2/32 lookup 200 pref 100
2024-04-06T21:56:11-04:00 INFO [routing] adding route for 0.0.0.0/0
2024-04-06T21:56:11-04:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-04-06T21:56:11-04:00 INFO [firewall] setting allowed subnets...
2024-04-06T21:56:11-04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-04-06T21:56:11-04:00 DEBUG [routing] ip rule add to 172.19.0.0/16 lookup 254 pref 98
2024-04-06T21:56:11-04:00 DEBUG [routing] ip rule add to fe80::/64 lookup 254 pref 98
2024-04-06T21:56:11-04:00 INFO [routing] routing cleanup...
2024-04-06T21:56:11-04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-04-06T21:56:11-04:00 INFO [routing] deleting route for 0.0.0.0/0
2024-04-06T21:56:11-04:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-04-06T21:56:11-04:00 DEBUG [routing] ip rule del from 172.19.0.2/32 lookup 200 pref 100
2024-04-06T21:56:11-04:00 ERROR adding local rules: adding rule: fe80::/64: adding rule ip rule 98: from all to fe80::/64 table 254: address family not supported by protocol
2024-04-06T21:56:11-04:00 INFO Shutdown successful

Share your configuration

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    hostname: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - /mnt/f/Apps/Gluetun:/gluetun
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER=private internet access
      - VPN_TYPE=openvpn
      - HTTP_CONTROL_SERVER_ADDRESS=localhost:8001
      # OpenVPN:
      - OPENVPN_USER=$USER
      - OPENVPN_PASSWORD=$PASS
      - FIREWALL_DEBUG=on
      # Wireguard:
      # - WIREGUARD_PRIVATE_KEY=wOEI9rqqbDwnN8/Bpp22sVz48T71vJ4fYmFWujulwUU=
      # - WIREGUARD_ADDRESSES=10.64.222.21/32
      # Timezone for accurate log times
      - TZ=America/New_York
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h
      - SERVER_REGIONS=US East
github-actions[bot] commented 2 months ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

Starstrike commented 2 months ago

I'm having this same error, using Wireguard/Windscribe with Docker Desktop 4.29 for Windows.

2024-04-08 13:30:05 2024-04-08T13:30:05-04:00 ERROR adding local rules: adding rule: fe80::/64: adding rule ip rule 98: from all to fe80::/64 table 254: address family not supported by protocol
2024-04-08 13:30:05 2024-04-08T13:30:05-04:00 INFO Shutdown successful

Update: Restarted PC, updated WSL2 to 2.1.5 (I was behind apparently and Windows Update wasn't picking it up despite me having the toggle set to update other MS products), now Gluetun connected properly without issue.

StudentOf33 commented 2 months ago

I'm having this same error, using Wireguard/Windscribe with Docker Desktop 4.29 for Windows.

2024-04-08 13:30:05 2024-04-08T13:30:05-04:00 ERROR adding local rules: adding rule: fe80::/64: adding rule ip rule 98: from all to fe80::/64 table 254: address family not supported by protocol
2024-04-08 13:30:05 2024-04-08T13:30:05-04:00 INFO Shutdown successful

Update: Restarted PC, updated WSL2 to 2.1.5 (I was behind apparently and Windows Update wasn't picking it up despite me having the toggle set to update other MS products), now Gluetun connected properly without issue.

This also corrected my issue as well! Thank you @Starstrike for the update and assistance! Never would have thought that it was an issue with the WSL2 version.

github-actions[bot] commented 2 months ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.