Closed DTM450 closed 1 month ago
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
For now use this workaround: https://github.com/qdm12/gluetun/issues/2247#issuecomment-2084722666
In the meantime, could you report what command is ran using LOG_LEVEL=debug
? It should log the ip rule add
command fiddling with fe80::/64
. Then you could try figure out why it doesn't work with a test container:
docker run -it --rm --cap-add=NET_ADMIN alpine:3.19
# List ip routes, possibly showing fe80::/64
ip route
# Run ip rule and check it works?
ip rule <...>
Here is LOG_LEVEL=debug output
Running version v3.37.0 built on 2024-01-02T00:01:06.245Z (commit c826707)
🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-05-03T01:50:01Z INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2024-05-03T01:50:01Z INFO [routing] local ethernet link found: eth0
2024-05-03T01:50:01Z INFO [routing] local ipnet found: 172.21.0.0/29
2024-05-03T01:50:01Z INFO [routing] local ipnet found: fe80::/64
2024-05-03T01:50:01Z INFO [routing] local ipnet found: ff00::/8
2024-05-03T01:50:01Z INFO [firewall] enabling...
2024-05-03T01:50:01Z DEBUG [firewall] iptables --policy INPUT DROP
2024-05-03T01:50:01Z DEBUG [firewall] iptables --policy OUTPUT DROP
2024-05-03T01:50:01Z DEBUG [firewall] iptables --policy FORWARD DROP
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --policy INPUT DROP
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-05-03T01:50:01Z DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.21.0.2 -d 172.21.0.0/29 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -s fe80::42:acff:fe15:2 -d fe80::/64 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -s fe80::42:acff:fe15:2 -d ff00::/8 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.21.0.0/29 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -d fe80::/64 -j ACCEPT
2024-05-03T01:50:01Z DEBUG [firewall] ip6tables --append INPUT -i eth0 -d ff00::/8 -j ACCEPT
2024-05-03T01:50:01Z INFO [firewall] enabled successfully
2024-05-03T01:50:01Z INFO [storage] merging by most recent 17743 hardcoded servers and 17743 servers read from /gluetun/servers.json
2024-05-03T01:50:01Z DEBUG [netlink] IPv6 is supported by link lo
2024-05-03T01:50:01Z INFO Alpine version: 3.18.5
2024-05-03T01:50:01Z INFO OpenVPN 2.5 version: 2.5.8
2024-05-03T01:50:01Z INFO OpenVPN 2.6 version: 2.6.8
2024-05-03T01:50:01Z INFO Unbound version: 1.17.1
2024-05-03T01:50:01Z INFO IPtables version: v1.8.9
2024-05-03T01:50:01Z INFO Settings summary:
SNIP
Can you run it with the latest image (please re-pull it, recent changes may fix your problem eventually)? This shows v3.37.0 works fine, have you tried v3.38?
Currently running latest docker image (Running version latest built on 2024-05-16T18:53:33.528Z (commit 19a9ac9)) and Running Docker Desktop Version 4.30.0 and everything appears to be working correctly
Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.
This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.
Is this urgent?
None
Host OS
Windows 10 Pro 22H2 19045.4355
CPU arch
x86_64
VPN service provider
ProtonVPN
What are you using to run the container
Portainer
What is the version of Gluetun
Running version latest built on 2024-04-29T19:26:36.969Z (commit 72e2e4b)
What's the problem 🤔
After updating Docker Desktop to v4.29.0 from v4.28.0 I have been getting an error: ERROR adding local rules: adding rule: fe80::/64: adding rule ip rule 98: from all to fe80::/64 table 254: address family not supported by protocol
This has stopped me from being able to use Gluetun as it shuts down the container
Share your logs (at least 10 lines)
Share your configuration