Closed ezekieldas closed 2 months ago
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
I have multiple Gluetun instances running in my environment. I've left one running with the image noted above and it just barfed. Full log is attached. Other instances are using qmcgaw/gluetun:v3
and doing fine.
Here's a snippet with debug on:
2024-04-09T00:41:56Z INFO [http server] 200 GET /ip wrote 270B to 10.10.10.1:60436 in 44.788µs
2024-04-09T00:43:11Z INFO [vpn] stopping
2024-04-09T00:43:11Z DEBUG [wireguard] closing controller client...
2024-04-09T00:43:11Z DEBUG [wireguard] removing IPv4 rule...
2024-04-09T00:43:11Z DEBUG [wireguard] shutting down link...
2024-04-09T00:43:11Z DEBUG [wireguard] deleting link...
2024-04-09T00:43:11Z INFO [http server] 200 PUT /status wrote 22B to 10.10.10.1:39312 in 132.8803ms
2024-04-09T00:43:11Z INFO [vpn] starting
2024-04-09T00:43:11Z INFO [firewall] allowing VPN connection...
2024-04-09T00:43:11Z DEBUG [firewall] iptables --delete OUTPUT -d 198.54.131.130 -o eth0 -p udp -m udp --dport 2049 -j ACCEPT
2024-04-09T00:43:11Z DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-04-09T00:43:11Z DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
2024-04-09T00:43:11Z DEBUG [firewall] iptables --append OUTPUT -d 45.134.140.143 -o eth0 -p udp -m udp --dport 2049 -j ACCEPT
2024-04-09T00:43:11Z DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-04-09T00:43:11Z DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
2024-04-09T00:43:11Z ERROR [openvpn] No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-pass
2024-04-09T00:43:11Z INFO [openvpn] Use --help for more information.
2024-04-09T00:43:11Z ERROR [vpn] exit status 1
2024-04-09T00:43:11Z INFO [vpn] retrying in 15s
You'll see alot of:
2024-04-08T22:12:18Z ERROR [http proxy] 10.10.10.1:45312 http://la.speedtest.clouvider.net/backend/garbage.php?ckSize=100: body copy error: write tcp 10.10.10.2:8888->10.10.10.1:45312: write: broken pipe
in this log. I'm used to this and it comes up regularly in normal, non-disrupted operation. I run automated speed tests every so often.
10.144.666.666/32
is fuzzing. I'd be happy to provide more details/test.
The problem is really just an OpenVPN problem:
No client-side authentication method is specified. You must use either --cert/--key, --pkcs12, or --auth-user-pass
I just ran Mullvad+Openvpn successfully with the latest image, are you sure it's not a configuration error? The configuration you shared indicates VPN_TYPE=wireguard
but the logs indicate it's running OpenVPN, so there is already a mismatch there 🤔
I'm unsure how to match up current tags with commit 7b4befc.
I've had v3 running since the time I mentioned this. I just tested with latest, gluetun:test, gluetun:v3.38, v3.37 and was unable to reproduce.
What I recall from the event on Apr 8 inspiring this report is a restart of multiple containers with the exact configuration shown above. All containers then failed with the logs included earlier. Confidence is very high this wasn't a configuration issue.
Since this can't be reproduced at this time, I'd be fine with closing the issue. However, I'd really like to know if there's a practical means of following a commit id (ie, 7b4befc) to a digest reference, specific image tag, or whatever was 'latest' at that time. This has been an ongoing knowledge gap of mine that I'd like to address.
If you could show me how to do that I'd be happy to test against that image. If no reproducer, then I'll close in spite of the mysterious nature.
It was likely due to a large settings refactoring I've done starting with https://github.com/qdm12/gluetun/commit/ecc80a5a9e3f5ba8c3096eb47c9ed8544a7e8867 about a month ago. It should be all fixed up now given there is no directly related issue report about it for now. If it's working now, let's just move on and close this, since that was on the latest image and it's now fixed (this would different if it would be a tagged "more-stable" image such as :v3.38
).
I'm unsure how to match up current tags with commit https://github.com/qdm12/gluetun/commit/7b4befce61a56d945c3558188d79a856ba22880a. This has been an ongoing knowledge gap of mine that I'd like to address.
The git commit is injected as a docker build argument from the automated build system and is set in the Gluetun Go program at compilation time (here), and is also set as a the org.opencontainers.image.revision
Docker image label (here).
Now you can filter your local Docker images with
docker images --filter "label=org.opencontainers.image.revision=7b4befce61a56d945c3558188d79a856ba22880a"
Note the revision has to be the full git commit hash digest, not just the first 7 characters.
Although I have no idea how to find that image on Gchr or docker hub once it's deleted locally, I would even say it's likely impossible at this time. But it's still re-buildable too! For example:
docker build -t qmcgaw/gluetun https://github.com/qdm12/gluetun.git#7b4befce61a56d945c3558188d79a856ba22880a
Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.
This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.
Is this urgent?
Yes
Host OS
Ubuntu 22.04.4
CPU arch
x86_64
VPN service provider
Mullvad
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2024-04-08T07:43:05.096Z (commit 7b4befc)
What's the problem 🤔
I'm near certain this is a new bug. I have no openvpn configuration. I can't spot it exactly (go weakling here) but there are references to openvpn here: 7b4befc
qmcgaw/gluetun:latest (note digest match):
https://hub.docker.com/layers/qmcgaw/gluetun/latest/images/sha256-bfcf38ffbfbb2f5668e9f718e461b013ca6917129df34ae7a76ad5343fcf35fe?context=explore
I just turned on
LOG_LEVEL=debug
to get more details. Will update when available.Also, will determine if there's a tag to use to avoid this. Could be
qmcgaw/gluetun:v3
Share your logs (at least 10 lines)
Share your configuration