Closed dmitry-t7ko closed 1 month ago
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
I also have a problem with protonvpn with port forwarding "on", running the latest version of gluetun.
Here are my logs:
| ├── Interface addresses:
| | └── 10.2.0.2/32
| ├── Allowed IPs:
| | ├── 0.0.0.0/0
| | └── ::/0
| └── Network interface: tun0
| └── MTU: 1400
├── DNS settings:
| ├── Keep existing nameserver(s): no
| ├── DNS server address to use: 127.0.0.1
| └── DNS over TLS settings:
| ├── Enabled: yes
| ├── Update period: every 24h0m0s
| ├── Unbound settings:
| | ├── Authoritative servers:
| | | └── cloudflare
| | ├── Caching: yes
| | ├── IPv6: no
| | ├── Verbosity level: 1
| | ├── Verbosity details level: 0
| | ├── Validation log level: 0
| | ├── System user: root
| | └── Allowed networks:
| | ├── 0.0.0.0/0
| | └── ::/0
| └── DNS filtering settings:
| ├── Block malicious: yes
| ├── Block ads: no
| ├── Block surveillance: no
| └── Blocked IP networks:
| ├── 127.0.0.1/8
| ├── 10.0.0.0/8
| ├── 172.16.0.0/12
| ├── 192.168.0.0/16
| ├── 169.254.0.0/16
| ├── ::1/128
| ├── fc00::/7
| ├── fe80::/10
| ├── ::ffff:127.0.0.1/104
| ├── ::ffff:10.0.0.0/104
| ├── ::ffff:169.254.0.0/112
| ├── ::ffff:172.16.0.0/108
| └── ::ffff:192.168.0.0/112
├── Firewall settings:
| └── Enabled: yes
├── Log settings:
| └── Log level: info
├── Health settings:
| ├── Server listening address: 127.0.0.1:9999
| ├── Target address: cloudflare.com:443
| ├── Duration to wait after success: 5s
| ├── Read header timeout: 100ms
| ├── Read timeout: 500ms
| └── VPN wait durations:
| ├── Initial duration: 6s
| └── Additional duration: 5s
├── Shadowsocks server settings:
| └── Enabled: no
├── HTTP proxy settings:
| └── Enabled: no
├── Control server settings:
| ├── Listening address: :8000
| └── Logging: yes
├── OS Alpine settings:
| ├── Process UID: 1000
| └── Process GID: 1000
├── Public IP settings:
| ├── Fetching: every 12h0m0s
| ├── IP file path: /tmp/gluetun/ip
| └── Public IP data API: ipinfo
└── Version settings:
└── Enabled: yes
2024-05-10T02:24:48Z INFO [routing] default route found: interface eth0, gateway 172.28.0.1, assigned IP 172.28.0.5 and family v4
2024-05-10T02:24:48Z INFO [routing] adding route for 0.0.0.0/0
2024-05-10T02:24:48Z INFO [firewall] setting allowed subnets...
2024-05-10T02:24:48Z INFO [routing] default route found: interface eth0, gateway 172.28.0.1, assigned IP 172.28.0.5 and family v4
2024-05-10T02:24:48Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-05-10T02:24:48Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-05-10T02:24:48Z INFO [http server] http server listening on [::]:8000
2024-05-10T02:24:48Z INFO [firewall] allowing VPN connection...
2024-05-10T02:24:48Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-05-10T02:24:48Z INFO [wireguard] Using available kernelspace implementation
2024-05-10T02:24:48Z INFO [wireguard] Connecting to [REDACTED]:51820
2024-05-10T02:24:48Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-05-10T02:24:48Z INFO [dns] downloading DNS over TLS cryptographic files
2024-05-10T02:24:56Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-05-10T02:24:56Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-05-10T02:24:56Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-05-10T02:24:56Z INFO [vpn] stopping
2024-05-10T02:24:56Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2024-05-10T02:24:56Z INFO [port forwarding] starting
2024-05-10T02:24:56Z ERROR [vpn] port forwarding for the first time: getting external IPv4 address: executing remote procedure call: writing to connection: write udp 172.28.0.5:60139->10.2.0.1:5351: write: operation not permitted
2024-05-10T02:24:56Z ERROR [ip getter] Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: write udp 172.28.0.5:47948->1.1.1.1:53: write: operation not permitted - retrying in 5s
2024-05-10T02:24:56Z INFO [vpn] starting
2024-05-10T02:24:56Z INFO [firewall] allowing VPN connection...
2024-05-10T02:24:56Z INFO [wireguard] Using available kernelspace implementation
2024-05-10T02:24:56Z INFO [wireguard] Connecting to 169.150.204.33:51820
2024-05-10T02:24:56Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-05-10T02:25:03Z WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-05-10T02:25:03Z INFO [dns] attempting restart in 10s
Downgrading to an earlier version didn't help.
I also saw that yesterday actually, it's due to nf_tables misbehaving (I reported the bug to the netfilter project) which is now the default backend for iptables since the upgrade to Alpine 3.19. I have a local fix which prefers using the legacy version of iptables (not using nf_tables). I'll push it later today, in the meantime use :v3.38
Actually the fix was pushed yesterday in commit ce642a6d8b079d9a8cf7959171e27ee8b95517d0 so just re-pull the latest image and it should be fixed. I'll close this assuming this is resolved.
Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.
This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.
Is this urgent?
Yes
Host OS
endeavouros
CPU arch
x86_64
VPN service provider
ProtonVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2024-05-09T14:36:40.530Z (commit ce642a6)
What's the problem 🤔
Marked urgent, because container shuts itself down.
Occasionally with proton vpn port forwarding setup (on either wireguard or openvpn), I see that container shut down after the following error:
This issue is intermittent, and usually appears within 5 minutes of starting container. All the other services connected via gluetun are rendered inaccessible.
My understanding is that port forwarding is being renewed on proton server every 60 seconds, and it that fails gluetun double-frees the iptables rule for the port being forwarded.
Note: I've been seeing other failures to connect to proton, which usually look like this:
and repeating. It might be related to me pulling a lot of data in short amount of time, and proton throttling me (even though running wireguard config on host - without port forwarding - seems to be ok). I'm not sure what to do with it yet, but I can try and provide more info if needed.
Share your logs (at least 10 lines)
Share your configuration