search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.71k stars 331 forks source link

Bug: Container hangs when downloading DOT files. #2222

Closed ckallungal closed 2 months ago

ckallungal commented 2 months ago

Is this urgent?

Yes

Host OS

Synology DSM

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

v3.38.0 built on 2024-03-25T15:53:33.983Z (commit b3ceece)

What's the problem 🤔

The container is unable to fully start due to it failing at the process of downloading DOT crypt files. Tried multiple versions and different systems but came up with the same error. The container was working normally till yesterday but since then unable to get the container to start. Tried multiple servers from VPN provider and multiple versions of the image but it all hangs when getting the the DOT files step. Also tried spinning up another container on a different host, same issue. Unsure of any further troubleshooting steps to try to fix the issue.

Any further assistance would be much appreciated

Thank You

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version v3.38.0 built on 2024-03-25T15:53:33.983Z (commit b3ceece)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-04-13T12:39:27-05:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.4 and family v4
2024-04-13T12:39:27-05:00 INFO [routing] local ethernet link found: eth0
2024-04-13T12:39:27-05:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-04-13T12:39:27-05:00 INFO [firewall] enabling...
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.18.0.4 -d 172.18.0.0/16 -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-04-13T12:39:27-05:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.18.0.0/16 -j ACCEPT
2024-04-13T12:39:27-05:00 INFO [firewall] enabled successfully
2024-04-13T12:39:28-05:00 INFO [storage] merging by most recent 19476 hardcoded servers and 19476 servers read from /gluetun/servers.json
2024-04-13T12:39:29-05:00 DEBUG [netlink] IPv6 is not supported after searching 2 routes
2024-04-13T12:39:29-05:00 INFO Alpine version: 3.18.6
2024-04-13T12:39:29-05:00 INFO OpenVPN 2.5 version: 2.5.8
2024-04-13T12:39:29-05:00 INFO OpenVPN 2.6 version: 2.6.8
2024-04-13T12:39:29-05:00 INFO Unbound version: 1.19.3
2024-04-13T12:39:29-05:00 INFO IPtables version: v1.8.9
2024-04-13T12:39:29-05:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: airvpn
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Server names: vulpecula
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: gJI...0k=
|       ├── Pre-shared key: YA9...9k=
|       ├── Interface addresses:
|       |   └── 10.180.201.176/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── VPN input ports:
|   |   ├── 10359
|   |   └── 56755
|   └── Outbound subnets:
|       ├── 172.18.0.0/16
|       └── 10.0.0.0/24
├── Log settings:
|   └── Log level: DEBUG
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   ├── Enabled: yes
|   ├── Listening address: :8388
|   ├── Cipher: chacha20-ietf-poly1305
|   ├── Password: [not set]
|   └── Log addresses: no
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :8888
|   ├── User: 
|   ├── Password: [not set]
|   ├── Stealth mode: no
|   ├── Log: no
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1027
|   ├── Process GID: 100
|   └── Timezone: america/chicago
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-04-13T12:39:29-05:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.4 and family v4
2024-04-13T12:39:29-05:00 DEBUG [routing] ip rule add from 172.18.0.4/32 lookup 200 pref 100
2024-04-13T12:39:29-05:00 INFO [routing] adding route for 0.0.0.0/0
2024-04-13T12:39:29-05:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
2024-04-13T12:39:29-05:00 INFO [firewall] setting allowed subnets...
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.18.0.4 -d 172.18.0.0/16 -j ACCEPT
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.18.0.4 -d 10.0.0.0/24 -j ACCEPT
2024-04-13T12:39:29-05:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.4 and family v4
2024-04-13T12:39:29-05:00 INFO [routing] adding route for 172.18.0.0/16
2024-04-13T12:39:29-05:00 DEBUG [routing] ip route replace 172.18.0.0/16 via 172.18.0.1 dev eth0 table 199
2024-04-13T12:39:29-05:00 DEBUG [routing] ip rule add to 172.18.0.0/16 lookup 199 pref 99
2024-04-13T12:39:29-05:00 INFO [routing] adding route for 10.0.0.0/24
2024-04-13T12:39:29-05:00 DEBUG [routing] ip route replace 10.0.0.0/24 via 172.18.0.1 dev eth0 table 199
2024-04-13T12:39:29-05:00 DEBUG [routing] ip rule add to 10.0.0.0/24 lookup 199 pref 99
2024-04-13T12:39:29-05:00 DEBUG [routing] ip rule add to 172.18.0.0/16 lookup 254 pref 98
2024-04-13T12:39:29-05:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-04-13T12:39:29-05:00 INFO [http proxy] listening on :8888
2024-04-13T12:39:29-05:00 INFO [http server] http server listening on [::]:8000
2024-04-13T12:39:29-05:00 DEBUG [wireguard] Wireguard server public key: PyLCuig+hk=
2024-04-13T12:39:29-05:00 DEBUG [wireguard] Wireguard client private key: gJI...0k=
2024-04-13T12:39:29-05:00 DEBUG [wireguard] Wireguard pre-shared key: YA9...9k=
2024-04-13T12:39:29-05:00 INFO [firewall] allowing VPN connection...
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append OUTPUT -d 199.249.230.1 -o eth0 -p udp -m udp --dport 1637 -j ACCEPT
2024-04-13T12:39:29-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-04-13T12:39:29-05:00 INFO [shadowsocks] listening UDP on [::]:8388
2024-04-13T12:39:29-05:00 INFO [shadowsocks] listening TCP on [::]:8388
2024-04-13T12:39:29-05:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-04-13T12:39:29-05:00 INFO [wireguard] Using available kernelspace implementation
2024-04-13T12:39:29-05:00 INFO [wireguard] Connecting to 199.249.230.1:1637
2024-04-13T12:39:29-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-04-13T12:39:29-05:00 INFO [firewall] setting allowed input port 10359 through interface tun0...
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:29-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:29-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:29-05:00 INFO [firewall] setting allowed input port 56755 through interface tun0...
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:29-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:29-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:29-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:29-05:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-04-13T12:39:37-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-04-13T12:39:37-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-04-13T12:39:37-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-04-13T12:39:37-05:00 INFO [vpn] stopping
2024-04-13T12:39:37-05:00 INFO [firewall] removing allowed port 10359...
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 INFO [firewall] removing allowed port 56755...
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [wireguard] closing controller client...
2024-04-13T12:39:37-05:00 DEBUG [wireguard] removing IPv4 rule...
2024-04-13T12:39:37-05:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled
2024-04-13T12:39:37-05:00 DEBUG [wireguard] shutting down link...
2024-04-13T12:39:37-05:00 ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 172.18.0.4:52101->1.1.1.1:53: write: operation not permitted - retrying in 5s
2024-04-13T12:39:37-05:00 DEBUG [wireguard] deleting link...
2024-04-13T12:39:37-05:00 INFO [vpn] starting
2024-04-13T12:39:37-05:00 DEBUG [wireguard] Wireguard server public key: PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=
2024-04-13T12:39:37-05:00 DEBUG [wireguard] Wireguard client private key: gJI...0k=
2024-04-13T12:39:37-05:00 DEBUG [wireguard] Wireguard pre-shared key: YA9...9k=
2024-04-13T12:39:37-05:00 INFO [firewall] allowing VPN connection...
2024-04-13T12:39:37-05:00 INFO [wireguard] Using available kernelspace implementation
2024-04-13T12:39:37-05:00 INFO [wireguard] Connecting to 199.249.230.1:1637
2024-04-13T12:39:37-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-04-13T12:39:37-05:00 INFO [firewall] setting allowed input port 10359 through interface tun0...
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:37-05:00 INFO [firewall] setting allowed input port 56755 through interface tun0...
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:37-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:39-05:00 WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: read udp 10.180.201.176:41166->1.1.1.1:53: i/o timeout
2024-04-13T12:39:39-05:00 INFO [dns] attempting restart in 10s
2024-04-13T12:39:48-05:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-04-13T12:39:48-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-04-13T12:39:48-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-04-13T12:39:48-05:00 INFO [vpn] stopping
2024-04-13T12:39:48-05:00 INFO [firewall] removing allowed port 10359...
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 INFO [firewall] removing allowed port 56755...
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [wireguard] closing controller client...
2024-04-13T12:39:48-05:00 DEBUG [wireguard] removing IPv4 rule...
2024-04-13T12:39:48-05:00 DEBUG [wireguard] shutting down link...
2024-04-13T12:39:48-05:00 DEBUG [wireguard] deleting link...
2024-04-13T12:39:48-05:00 INFO [vpn] starting
2024-04-13T12:39:48-05:00 DEBUG [wireguard] Wireguard server public key: PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=
2024-04-13T12:39:48-05:00 DEBUG [wireguard] Wireguard client private key: gJI...0k=
2024-04-13T12:39:48-05:00 DEBUG [wireguard] Wireguard pre-shared key: YA9...9k=
2024-04-13T12:39:48-05:00 INFO [firewall] allowing VPN connection...
2024-04-13T12:39:48-05:00 INFO [wireguard] Using available kernelspace implementation
2024-04-13T12:39:48-05:00 INFO [wireguard] Connecting to 199.249.230.1:1637
2024-04-13T12:39:48-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-04-13T12:39:48-05:00 INFO [firewall] setting allowed input port 10359 through interface tun0...
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:39:48-05:00 INFO [firewall] setting allowed input port 56755 through interface tun0...
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:48-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:39:49-05:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-04-13T12:39:52-05:00 ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: read udp 10.180.201.176:58711->1.1.1.1:53: i/o timeout - retrying in 10s
2024-04-13T12:39:59-05:00 WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp: lookup www.internic.net on 1.1.1.1:53: read udp 10.180.201.176:35367->1.1.1.1:53: i/o timeout
2024-04-13T12:39:59-05:00 INFO [dns] attempting restart in 20s
2024-04-13T12:40:04-05:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-04-13T12:40:04-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-04-13T12:40:04-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-04-13T12:40:04-05:00 INFO [vpn] stopping
2024-04-13T12:40:04-05:00 INFO [firewall] removing allowed port 10359...
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 INFO [firewall] removing allowed port 56755...
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [wireguard] closing controller client...
2024-04-13T12:40:04-05:00 DEBUG [wireguard] removing IPv4 rule...
2024-04-13T12:40:04-05:00 DEBUG [wireguard] shutting down link...
2024-04-13T12:40:04-05:00 DEBUG [wireguard] deleting link...
2024-04-13T12:40:04-05:00 INFO [vpn] starting
2024-04-13T12:40:04-05:00 DEBUG [wireguard] Wireguard server public key: PyLCXAQT8KkM4T+dUsOQfn+Ub3pGxfGlxkIApuig+hk=
2024-04-13T12:40:04-05:00 DEBUG [wireguard] Wireguard client private key: gJI...0k=
2024-04-13T12:40:04-05:00 DEBUG [wireguard] Wireguard pre-shared key: YA9...9k=
2024-04-13T12:40:04-05:00 INFO [firewall] allowing VPN connection...
2024-04-13T12:40:04-05:00 INFO [wireguard] Using available kernelspace implementation
2024-04-13T12:40:04-05:00 INFO [wireguard] Connecting to 199.249.230.1:1637
2024-04-13T12:40:04-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-04-13T12:40:04-05:00 INFO [firewall] setting allowed input port 10359 through interface tun0...
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 10359 -j ACCEPT
2024-04-13T12:40:04-05:00 INFO [firewall] setting allowed input port 56755 through interface tun0...
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 56755 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:40:04-05:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 56755 -j ACCEPT
2024-04-13T12:40:12-05:00 ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: read udp 10.180.201.176:36900->1.1.1.1:53: i/o timeout - retrying in 20s
2024-04-13T12:40:19-05:00 INFO [dns] downloading DNS over TLS cryptographic files

Share your configuration

version: "3.8"
services:
  gluetun:
    image: qmcgaw/gluetun:v3.38.0
    container_name: gluetun
    logging:
      driver: json-file
      options:
        max-file: 10
        max-size: 200k
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8235:8000/tcp # HTTP control server
      - 8080:8080 # port for qbittorrent
      - 8070:8070 # port for qbittorrent-tv
    volumes:
      - /volume3/docker/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=gJ0k=
      - WIREGUARD_PRESHARED_KEY=YAk=
      - WIREGUARD_ADDRESSES=10.180.201.176/32
      - SERVER_NAMES=Vulpecula
      - FIREWALL_VPN_INPUT_PORTS=10359,56755
      - TZ=America/Chicago
      - PUID=1027
      - PGID=100
      - HTTPPROXY=on #change to off if you don't wish to enable
      - SHADOWSOCKS=on #change to off if you don't wish to enable
      - FIREWALL_OUTBOUND_SUBNETS=172.18.0.0/16,10.0.0.0/24 #change this in line with your subnet see note on guide
    networks:
     kalserver:
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:4.5.4
    container_name: qbittorrent
    logging:
      driver: json-file
      options:
        max-file: 10
        max-size: 200k
    environment:
      - PUID=1027
      - PGID=100
      - UMASK=002
      - WEBUI_PORT=8080
      - TZ=America/Chicago
    volumes:
      - /volume3/docker/qbittorrent:/config
      - /volume1/data:/data
    network_mode: service:gluetun # run on the vpn network
    security_opt:
      - no-new-privileges:true
    depends_on:
      gluetun:
       condition: service_healthy
    restart: unless-stopped

networks:
     kalserver:
      external: true
github-actions[bot] commented 2 months ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

ckallungal commented 2 months ago

Hello, found out this is an issue with the VPN provider.

github-actions[bot] commented 2 months ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.

aidangilmore commented 1 month ago

I'm having the same issue, could you elaborate about the issue with the VPN provider?

ckallungal commented 1 month ago

I'm having the same issue, could you elaborate about the issue with the VPN provider?

My specific issue was because AIRVPN changed the IP addresses for their servers in Dallas. Since Gluetun hasn't updated that information in the servers.json file that it references for fetching providers information it doesn't go past that step. I was able to fix the issue by choosing a different location that matched the list.