Open asen23 opened 3 months ago
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
Can you run with LOG_LEVEL=debug
and report back what logs you get? I'm failing to see how this can happen in the code so debug logs showing the iptables commands ran by Gluetun would help me!
Funny enough when i tried to repro the problem, i just wont trigger by itself anymore? then i noticed that to repro the issue, the vpn must be allowed to port forward once then the connection must be unhealthy. So i ran it until it successfully port forwarded and then i disconnected the machine from internet and the bug triggers, anyway here is the log
========================================
========================================
=============== gluetun ================
========================================
=========== Made with โค๏ธ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)
๐ง Need help? https://github.com/qdm12/gluetun/discussions/new
๐ Bug? https://github.com/qdm12/gluetun/issues/new
โจ New feature? https://github.com/qdm12/gluetun/issues/new
โ Discussion? https://github.com/qdm12/gluetun/discussions/new
๐ป Email? quentin.mcgaw@gmail.com
๐ฐ Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-06-18T13:05:41+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:05:41+07:00 INFO [routing] local ethernet link found: eth0
2024-06-18T13:05:41+07:00 INFO [routing] local ipnet found: 172.29.0.0/16
2024-06-18T13:05:42+07:00 INFO [firewall] enabling...
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.29.0.2 -d 172.29.0.0/16 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.29.0.0/16 -j ACCEPT
2024-06-18T13:05:42+07:00 INFO [firewall] enabled successfully
2024-06-18T13:05:42+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
2024-06-18T13:05:42+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2024-06-18T13:05:42+07:00 INFO Alpine version: 3.19.1
2024-06-18T13:05:42+07:00 INFO OpenVPN 2.5 version: 2.5.8
2024-06-18T13:05:42+07:00 INFO OpenVPN 2.6 version: 2.6.8
2024-06-18T13:05:42+07:00 INFO Unbound version: 1.20.0
2024-06-18T13:05:42+07:00 INFO IPtables version: v1.8.10
2024-06-18T13:05:42+07:00 INFO Settings summary:
โโโ VPN settings:
| โโโ VPN provider settings:
| | โโโ Name: protonvpn
| | โโโ Server selection settings:
| | | โโโ VPN type: openvpn
| | | โโโ Countries: Singapore
| | | โโโ OpenVPN server selection settings:
| | | โโโ Protocol: UDP
| | โโโ Automatic port forwarding settings:
| | โโโ Redirection listening port: disabled
| | โโโ Use port forwarding code for current provider
| | โโโ Forwarded port file path: /tmp/gluetun/forwarded_port
| โโโ OpenVPN settings:
| โโโ OpenVPN version: 2.6
| โโโ User: [set]
| โโโ Password: M...JP
| โโโ Network interface: tun0
| โโโ Run OpenVPN as: root
| โโโ Verbosity level: 1
โโโ DNS settings:
| โโโ Keep existing nameserver(s): no
| โโโ DNS server address to use: 127.0.0.1
| โโโ DNS over TLS settings:
| โโโ Enabled: yes
| โโโ Update period: every 24h0m0s
| โโโ Unbound settings:
| | โโโ Authoritative servers:
| | | โโโ cloudflare
| | โโโ Caching: yes
| | โโโ IPv6: no
| | โโโ Verbosity level: 1
| | โโโ Verbosity details level: 0
| | โโโ Validation log level: 0
| | โโโ System user: root
| | โโโ Allowed networks:
| | โโโ 0.0.0.0/0
| | โโโ ::/0
| โโโ DNS filtering settings:
| โโโ Block malicious: yes
| โโโ Block ads: no
| โโโ Block surveillance: no
| โโโ Blocked IP networks:
| โโโ 127.0.0.1/8
| โโโ 10.0.0.0/8
| โโโ 172.16.0.0/12
| โโโ 192.168.0.0/16
| โโโ 169.254.0.0/16
| โโโ ::1/128
| โโโ fc00::/7
| โโโ fe80::/10
| โโโ ::ffff:127.0.0.1/104
| โโโ ::ffff:10.0.0.0/104
| โโโ ::ffff:169.254.0.0/112
| โโโ ::ffff:172.16.0.0/108
| โโโ ::ffff:192.168.0.0/112
โโโ Firewall settings:
| โโโ Enabled: yes
โโโ Log settings:
| โโโ Log level: debug
โโโ Health settings:
| โโโ Server listening address: 127.0.0.1:9999
| โโโ Target address: cloudflare.com:443
| โโโ Duration to wait after success: 5s
| โโโ Read header timeout: 100ms
| โโโ Read timeout: 500ms
| โโโ VPN wait durations:
| โโโ Initial duration: 6s
| โโโ Additional duration: 5s
โโโ Shadowsocks server settings:
| โโโ Enabled: no
โโโ HTTP proxy settings:
| โโโ Enabled: no
โโโ Control server settings:
| โโโ Listening address: :8000
| โโโ Logging: yes
โโโ OS Alpine settings:
| โโโ Process UID: 1000
| โโโ Process GID: 1000
| โโโ Timezone: Asia/Jakarta
โโโ Public IP settings:
| โโโ Fetching: every 12h0m0s
| โโโ IP file path: /tmp/gluetun/ip
| โโโ Public IP data API: ipinfo
โโโ Version settings:
โโโ Enabled: yes
2024-06-18T13:05:42+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:05:42+07:00 DEBUG [routing] ip rule add from 172.29.0.2/32 lookup 200 pref 100
2024-06-18T13:05:42+07:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-18T13:05:42+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.29.0.1 dev eth0 table 200
2024-06-18T13:05:42+07:00 INFO [firewall] setting allowed subnets...
2024-06-18T13:05:42+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:05:42+07:00 DEBUG [routing] ip rule add to 172.29.0.0/16 lookup 254 pref 98
2024-06-18T13:05:42+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-06-18T13:05:42+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-06-18T13:05:42+07:00 INFO [http server] http server listening on [::]:8000
2024-06-18T13:05:42+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-18T13:05:42+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.139 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:42+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:05:42+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:05:42+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.139:1194
2024-06-18T13:05:42+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:05:42+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.139:1194
2024-06-18T13:05:48+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-18T13:05:48+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:05:48+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:05:48+07:00 INFO [vpn] stopping
2024-06-18T13:05:48+07:00 INFO [vpn] starting
2024-06-18T13:05:48+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 185.159.157.139 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --append OUTPUT -d 103.107.198.242 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:05:48+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:05:48+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.198.242:1194
2024-06-18T13:05:48+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:05:48+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]103.107.198.242:1194
2024-06-18T13:05:59+07:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-06-18T13:05:59+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:05:59+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:05:59+07:00 INFO [vpn] stopping
2024-06-18T13:05:59+07:00 INFO [vpn] starting
2024-06-18T13:05:59+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 103.107.198.242 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --append OUTPUT -d 103.107.199.162 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:05:59+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:05:59+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.199.162:1194
2024-06-18T13:05:59+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:05:59+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]103.107.199.162:1194
2024-06-18T13:06:02+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-18T13:06:14+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-18T13:06:15+07:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-06-18T13:06:15+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:06:15+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:06:15+07:00 INFO [vpn] stopping
2024-06-18T13:06:15+07:00 INFO [vpn] starting
2024-06-18T13:06:15+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 103.107.199.162 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.187 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:06:15+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:06:15+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.187:1194
2024-06-18T13:06:15+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:06:15+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.187:1194
2024-06-18T13:06:18+07:00 INFO [openvpn] [node-sg-14.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.187:1194
2024-06-18T13:06:25+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-06-18T13:06:25+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-18T13:06:25+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-18T13:06:25+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-18T13:06:25+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.19.0.3/16
2024-06-18T13:06:25+07:00 INFO [openvpn] UID set to nonrootuser
2024-06-18T13:06:25+07:00 INFO [openvpn] Initialization Sequence Completed
2024-06-18T13:06:25+07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-06-18T13:06:27+07:00 INFO [healthcheck] healthy!
2024-06-18T13:06:35+07:00 INFO [dns] downloading hostnames and IP block lists
2024-06-18T13:06:47+07:00 INFO [dns] init module 0: validator
2024-06-18T13:06:47+07:00 INFO [dns] init module 1: iterator
2024-06-18T13:06:47+07:00 INFO [dns] start of service (unbound 1.20.0).
2024-06-18T13:06:48+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-06-18T13:06:50+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-18T13:06:50+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-18T13:06:54+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-18T13:06:54+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:06:54+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:06:54+07:00 INFO [vpn] stopping
2024-06-18T13:06:54+07:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024-06-18T13:06:54+07:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2024-06-18T13:06:54+07:00 INFO [port forwarding] starting
2024-06-18T13:06:54+07:00 ERROR [vpn] port forwarding for the first time: getting external IPv4 address: executing remote procedure call: writing to connection: write udp 172.29.0.2:37105->10.19.0.1:5351: write: operation not permitted
2024-06-18T13:06:54+07:00 INFO [vpn] starting
2024-06-18T13:06:54+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 185.159.157.187 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --append OUTPUT -d 37.19.201.130 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:06:54+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:06:54+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]37.19.201.130:1194
2024-06-18T13:06:54+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:06:54+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]37.19.201.130:1194
2024-06-18T13:06:54+07:00 INFO [openvpn] [node-sg-14.protonvpn.net] Peer Connection Initiated with [AF_INET]37.19.201.130:1194
2024-06-18T13:06:55+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-06-18T13:06:55+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-18T13:06:55+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-18T13:06:55+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-18T13:06:55+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.23.0.8/16
2024-06-18T13:06:55+07:00 INFO [openvpn] UID set to nonrootuser
2024-06-18T13:06:55+07:00 INFO [openvpn] Initialization Sequence Completed
2024-06-18T13:06:56+07:00 INFO [healthcheck] healthy!
2024-06-18T13:07:00+07:00 INFO [dns] ready
2024-06-18T13:07:01+07:00 INFO [ip getter] Public IP address is 37.19.201.135 (Singapore, Singapore, Singapore)
2024-06-18T13:07:01+07:00 INFO [port forwarding] starting
2024-06-18T13:07:01+07:00 INFO [port forwarding] gateway external IPv4 address is 37.19.201.135
2024-06-18T13:07:01+07:00 INFO [port forwarding] port forwarded is 35931
2024-06-18T13:07:01+07:00 INFO [firewall] setting allowed input port 35931 through interface tun0...
2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-06-18T13:07:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:07:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:08:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:08:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:09:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:09:16+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:10:01+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:10:01+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:10:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:10:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:11:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:11:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:12:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:12:16+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:13:01+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:13:01+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:13:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:13:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:14:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:14:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:15:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:15:16+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:16:01+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:16:01+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:16:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:16:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:17:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:17:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:18:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:18:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:19:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:19:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:19:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:19:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:20:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:20:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:21:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:21:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:22:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:22:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:22:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:22:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:23:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:23:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:24:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:24:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:25:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:25:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:25:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:25:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:26:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:26:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:27:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:27:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:28:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:28:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:28:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:28:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:29:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:29:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:30:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:30:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:31:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:31:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:31:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:31:48+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:32:33+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:32:33+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:33:18+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:33:18+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:34:03+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:34:03+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:34:48+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:34:48+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:34:59+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.133.229:443: i/o timeout
2024-06-18T13:34:59+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNR]: Host is unreachable (fd=4,code=113)
2024-06-18T13:35:02+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-06-18T13:35:02+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-06-18T13:35:05+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-18T13:35:05+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:35:05+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:35:05+07:00 INFO [vpn] stopping
2024-06-18T13:35:05+07:00 INFO [port forwarding] stopping
2024-06-18T13:35:05+07:00 INFO [firewall] removing allowed port 35931...
2024-06-18T13:35:05+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:35:05+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 35931 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
2024-06-18T13:35:05+07:00 INFO dns ticker: terminated โ๏ธ
2024-06-18T13:35:05+07:00 INFO updater ticker: terminated โ๏ธ
2024-06-18T13:35:05+07:00 INFO http server: terminated โ๏ธ
2024-06-18T13:35:05+07:00 INFO control: terminated โ๏ธ
2024-06-18T13:35:05+07:00 INFO updater: terminated โ๏ธ
2024-06-18T13:35:05+07:00 INFO tickers: terminated โ๏ธ
2024-06-18T13:35:05+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms โ ๏ธ
2024-06-18T13:35:06+07:00 WARN vpn: goroutine shutdown timed out: after 1s โ ๏ธ
2024-06-18T13:35:06+07:00 INFO shadowsocks proxy: terminated โ๏ธ
2024-06-18T13:35:06+07:00 INFO http proxy: terminated โ๏ธ
2024-06-18T13:35:06+07:00 INFO unbound: terminated โ๏ธ
2024-06-18T13:35:06+07:00 INFO other: terminated โ๏ธ
2024-06-18T13:35:06+07:00 INFO [routing] routing cleanup...
2024-06-18T13:35:06+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:35:06+07:00 INFO [routing] deleting route for 0.0.0.0/0
2024-06-18T13:35:06+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.29.0.1 dev eth0 table 200
2024-06-18T13:35:06+07:00 DEBUG [routing] ip rule del from 172.29.0.2/32 lookup 200 pref 100
2024-06-18T13:35:06+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
2024-06-18T13:35:06+07:00 INFO Shutdown successful
Notes
Thanks for finding more information on how to reproduce it! ๐ So this looks like an iptables bug. Clearly the last iptables instructions were:
2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
...
2024-06-18T13:35:05+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
And the last instruction SHOULD delete the rule, since it's present.
I suspect 73832d8b49fa62feef678a5b48d85f321728f452 solves this, can you try pulling the latest image and check again if it works? Thanks!!! ๐
So first i tried it on my main pc and it works, but i noticed it used iptables-legacy rather than iptables. My server which has the issue still crashed when disconnected and i attached the log but they are mostly the same as before. I'm curious tho what influence choosing between iptables-legacy or iptables.
========================================
========================================
=============== gluetun ================
========================================
=========== Made with โค๏ธ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2024-07-26T11:43:10.213Z (commit 73832d8)
๐ง Need help? https://github.com/qdm12/gluetun/discussions/new
๐ Bug? https://github.com/qdm12/gluetun/issues/new
โจ New feature? https://github.com/qdm12/gluetun/issues/new
โ Discussion? https://github.com/qdm12/gluetun/discussions/new
๐ป Email? quentin.mcgaw@gmail.com
๐ฐ Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-07-26T19:30:20+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:30:20+07:00 INFO [routing] local ethernet link found: eth0
2024-07-26T19:30:20+07:00 INFO [routing] local ipnet found: 172.19.0.0/16
2024-07-26T19:30:20+07:00 INFO [firewall] enabling...
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT
2024-07-26T19:30:20+07:00 INFO [firewall] enabled successfully
2024-07-26T19:30:20+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
2024-07-26T19:30:20+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2024-07-26T19:30:20+07:00 INFO Alpine version: 3.19.3
2024-07-26T19:30:20+07:00 INFO OpenVPN 2.5 version: 2.5.10
2024-07-26T19:30:20+07:00 INFO OpenVPN 2.6 version: 2.6.11
2024-07-26T19:30:20+07:00 INFO Unbound version: 1.20.0
2024-07-26T19:30:20+07:00 INFO IPtables version: v1.8.10
2024-07-26T19:30:20+07:00 INFO Settings summary:
โโโ VPN settings:
| โโโ VPN provider settings:
| | โโโ Name: protonvpn
| | โโโ Server selection settings:
| | | โโโ VPN type: openvpn
| | | โโโ Countries: Singapore
| | | โโโ OpenVPN server selection settings:
| | | โโโ Protocol: UDP
| | โโโ Automatic port forwarding settings:
| | โโโ Redirection listening port: disabled
| | โโโ Use port forwarding code for current provider
| | โโโ Forwarded port file path: /tmp/gluetun/forwarded_port
| | โโโ Credentials:
| | โโโ Username: [username]+pmp
| | โโโ Password: M...JP
| โโโ OpenVPN settings:
| โโโ OpenVPN version: 2.6
| โโโ User: [set]
| โโโ Password: M...JP
| โโโ Network interface: tun0
| โโโ Run OpenVPN as: root
| โโโ Verbosity level: 1
โโโ DNS settings:
| โโโ Keep existing nameserver(s): no
| โโโ DNS server address to use: 127.0.0.1
| โโโ DNS over TLS settings:
| โโโ Enabled: yes
| โโโ Update period: every 24h0m0s
| โโโ Unbound settings:
| | โโโ Authoritative servers:
| | | โโโ cloudflare
| | โโโ Caching: yes
| | โโโ IPv6: no
| | โโโ Verbosity level: 1
| | โโโ Verbosity details level: 0
| | โโโ Validation log level: 0
| | โโโ System user: root
| | โโโ Allowed networks:
| | โโโ 0.0.0.0/0
| | โโโ ::/0
| โโโ DNS filtering settings:
| โโโ Block malicious: yes
| โโโ Block ads: no
| โโโ Block surveillance: no
| โโโ Blocked IP networks:
| โโโ 127.0.0.1/8
| โโโ 10.0.0.0/8
| โโโ 172.16.0.0/12
| โโโ 192.168.0.0/16
| โโโ 169.254.0.0/16
| โโโ ::1/128
| โโโ fc00::/7
| โโโ fe80::/10
| โโโ ::ffff:127.0.0.1/104
| โโโ ::ffff:10.0.0.0/104
| โโโ ::ffff:169.254.0.0/112
| โโโ ::ffff:172.16.0.0/108
| โโโ ::ffff:192.168.0.0/112
โโโ Firewall settings:
| โโโ Enabled: yes
โโโ Log settings:
| โโโ Log level: debug
โโโ Health settings:
| โโโ Server listening address: 127.0.0.1:9999
| โโโ Target address: cloudflare.com:443
| โโโ Duration to wait after success: 5s
| โโโ Read header timeout: 100ms
| โโโ Read timeout: 500ms
| โโโ VPN wait durations:
| โโโ Initial duration: 6s
| โโโ Additional duration: 5s
โโโ Shadowsocks server settings:
| โโโ Enabled: no
โโโ HTTP proxy settings:
| โโโ Enabled: no
โโโ Control server settings:
| โโโ Listening address: :8000
| โโโ Logging: yes
โโโ OS Alpine settings:
| โโโ Process UID: 1000
| โโโ Process GID: 1000
| โโโ Timezone: Asia/Jakarta
โโโ Public IP settings:
| โโโ Fetching: every 12h0m0s
| โโโ IP file path: /tmp/gluetun/ip
| โโโ Public IP data API: ipinfo
โโโ Version settings:
โโโ Enabled: yes
2024-07-26T19:30:20+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:30:20+07:00 DEBUG [routing] ip rule add from 172.19.0.2/32 lookup 200 pref 100
2024-07-26T19:30:20+07:00 INFO [routing] adding route for 0.0.0.0/0
2024-07-26T19:30:20+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-26T19:30:20+07:00 INFO [firewall] setting allowed subnets...
2024-07-26T19:30:20+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:30:20+07:00 DEBUG [routing] ip rule add to 172.19.0.0/16 lookup 254 pref 98
2024-07-26T19:30:20+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-07-26T19:30:20+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-07-26T19:30:20+07:00 INFO [http server] http server listening on [::]:8000
2024-07-26T19:30:20+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-07-26T19:30:20+07:00 INFO [firewall] allowing VPN connection...
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.56 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-07-26T19:30:20+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-07-26T19:30:20+07:00 INFO [openvpn] library versions: OpenSSL 3.1.6 4 Jun 2024, LZO 2.10
2024-07-26T19:30:20+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.56:1194
2024-07-26T19:30:20+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-07-26T19:30:20+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.56:1194
2024-07-26T19:30:22+07:00 INFO [openvpn] [node-in-06.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.56:1194
2024-07-26T19:30:23+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-07-26T19:30:23+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-07-26T19:30:23+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-07-26T19:30:23+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-07-26T19:30:23+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.23.0.2/16
2024-07-26T19:30:23+07:00 INFO [openvpn] UID set to nonrootuser
2024-07-26T19:30:23+07:00 INFO [openvpn] Initialization Sequence Completed
2024-07-26T19:30:23+07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-07-26T19:30:24+07:00 INFO [healthcheck] healthy!
2024-07-26T19:30:26+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-07-26T19:30:27+07:00 INFO [healthcheck] healthy!
2024-07-26T19:30:30+07:00 INFO [dns] downloading hostnames and IP block lists
2024-07-26T19:30:38+07:00 INFO [dns] init module 0: validator
2024-07-26T19:30:38+07:00 INFO [dns] init module 1: iterator
2024-07-26T19:30:38+07:00 INFO [dns] start of service (unbound 1.20.0).
2024-07-26T19:30:40+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-26T19:30:40+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-26T19:30:40+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-07-26T19:30:43+07:00 INFO [healthcheck] healthy!
2024-07-26T19:30:45+07:00 INFO [http server] 200 GET /portforwarded wrote 11B to [::1]:55774 in 47.072ยตs
2024-07-26T19:30:52+07:00 INFO [dns] ready
2024-07-26T19:30:55+07:00 INFO [http server] 200 GET /portforwarded wrote 11B to [::1]:32878 in 7.361ยตs
2024-07-26T19:30:55+07:00 INFO [ip getter] Public IP address is 146.70.142.84 (Singapore, Singapore, Singapore)
2024-07-26T19:30:58+07:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-07-26T19:30:58+07:00 INFO [port forwarding] starting
2024-07-26T19:30:58+07:00 INFO [port forwarding] gateway external IPv4 address is 146.70.142.84
2024-07-26T19:30:59+07:00 INFO [port forwarding] port forwarded is 61717
2024-07-26T19:30:59+07:00 INFO [firewall] setting allowed input port 61717 through interface tun0...
2024-07-26T19:30:59+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp -m udp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp -m udp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-07-26T19:31:05+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:37068 in 14.022ยตs
2024-07-26T19:31:44+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-07-26T19:31:44+07:00 DEBUG [port forwarding] port forwarded 61717 maintained
2024-07-26T19:32:00+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.133.229:443: i/o timeout
2024-07-26T19:32:03+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNR]: Host is unreachable (fd=4,code=113)
2024-07-26T19:32:05+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:45408 in 12.926ยตs
2024-07-26T19:32:06+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-07-26T19:32:06+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-07-26T19:32:06+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-07-26T19:32:06+07:00 INFO [vpn] stopping
2024-07-26T19:32:06+07:00 INFO [port forwarding] stopping
2024-07-26T19:32:06+07:00 INFO [firewall] removing allowed port 61717...
2024-07-26T19:32:06+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT
2024-07-26T19:32:06+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 61717 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
2024-07-26T19:32:06+07:00 INFO dns ticker: terminated โ๏ธ
2024-07-26T19:32:06+07:00 INFO updater ticker: terminated โ๏ธ
2024-07-26T19:32:06+07:00 INFO http server: terminated โ๏ธ
2024-07-26T19:32:06+07:00 INFO control: terminated โ๏ธ
2024-07-26T19:32:06+07:00 INFO updater: terminated โ๏ธ
2024-07-26T19:32:06+07:00 INFO tickers: terminated โ๏ธ
2024-07-26T19:32:06+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-26T19:32:06+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-26T19:32:06+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms โ ๏ธ
2024-07-26T19:32:07+07:00 WARN vpn: goroutine shutdown timed out: after 1s โ ๏ธ
2024-07-26T19:32:07+07:00 INFO shadowsocks proxy: terminated โ๏ธ
2024-07-26T19:32:07+07:00 INFO http proxy: terminated โ๏ธ
2024-07-26T19:32:07+07:00 INFO unbound: terminated โ๏ธ
2024-07-26T19:32:07+07:00 INFO other: terminated โ๏ธ
2024-07-26T19:32:07+07:00 INFO [routing] routing cleanup...
2024-07-26T19:32:07+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:32:07+07:00 INFO [routing] deleting route for 0.0.0.0/0
2024-07-26T19:32:07+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-26T19:32:07+07:00 DEBUG [routing] ip rule del from 172.19.0.2/32 lookup 200 pref 100
2024-07-26T19:32:07+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
2024-07-26T19:32:07+07:00 INFO Shutdown successful
On your server, can you try
docker run -it --rm --cap-add=NET_ADMIN alpine:3.19
apk add iptables iptables-legacy
iptables-legacy -A OUTPUT -o abcde -j DROP
exit
What error do you get? Ideally it would be nice for it to work, I'm not sure why the legacy iptables would not work.
The problem is that iptables
uses the nft kernel module (like iptables-nft
) from Alpine 3.19, instead of the legacy one as before 3.19, and it turns out the Alpine package for iptables-nft (and so iptables) is buggy (hence your error). Funnily, Alpine 3.20 has that bug fixed with iptables-nft (and iptables), so we'll switch back to using iptables
(aka iptables-nft
) when upgrading to Alpine 3.20. But for now we just upgraded from 3.18 to 3.19, so we'll stick to 3.19 and workaround that buggy iptables (to avoid breaking more things and cut a working release!).
Here is the output
iptables v1.8.10 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Welp...
In the end, I just decided to bump it to Alpine 3.20 in 9807d5f8f5ce178e355c27e3c5ef5d6e4f6449bc and use iptables-nft
in ddbfdc9f148a8e940cddc7da7be0fe6e9961f84f since there might be other problems on machines not supporting iptables-legacy like yours. I would say it's worth the trouble to upgrade and push back the next release.
Can you try it on both your machines to check if it works fine? This is in the latest image, built today 2024-07-28.
Uhh now it crashed on my pc lol, it seems iptables really hate deleting udp rule
gluetun-1 | ========================================
gluetun-1 | ========================================
gluetun-1 | =============== gluetun ================
gluetun-1 | ========================================
gluetun-1 | =========== Made with โค๏ธ by ============
gluetun-1 | ======= https://github.com/qdm12 =======
gluetun-1 | ========================================
gluetun-1 | ========================================
gluetun-1 |
gluetun-1 | Running version latest built on 2024-07-28T14:31:52.048Z (commit ddbfdc9)
gluetun-1 |
gluetun-1 | ๐ง Need help? https://github.com/qdm12/gluetun/discussions/new
gluetun-1 | ๐ Bug? https://github.com/qdm12/gluetun/issues/new
gluetun-1 | โจ New feature? https://github.com/qdm12/gluetun/issues/new
gluetun-1 | โ Discussion? https://github.com/qdm12/gluetun/discussions/new
gluetun-1 | ๐ป Email? quentin.mcgaw@gmail.com
gluetun-1 | ๐ฐ Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
gluetun-1 | 2024-07-28T21:55:05+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1 | 2024-07-28T21:55:05+07:00 INFO [routing] local ethernet link found: eth0
gluetun-1 | 2024-07-28T21:55:05+07:00 INFO [routing] local ipnet found: 172.18.0.0/16
gluetun-1 | 2024-07-28T21:55:05+07:00 INFO [firewall] enabling...
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --policy INPUT DROP
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.18.0.2 -d 172.18.0.0/16 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.18.0.0/16 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:05+07:00 INFO [firewall] enabled successfully
gluetun-1 | 2024-07-28T21:55:05+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
gluetun-1 | 2024-07-28T21:55:06+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO Alpine version: 3.20.2
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO OpenVPN 2.5 version: 2.5.10
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO OpenVPN 2.6 version: 2.6.11
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO Unbound version: 1.20.0
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO IPtables version: v1.8.10
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO Settings summary:
gluetun-1 | โโโ VPN settings:
gluetun-1 | | โโโ VPN provider settings:
gluetun-1 | | | โโโ Name: protonvpn
gluetun-1 | | | โโโ Server selection settings:
gluetun-1 | | | | โโโ VPN type: openvpn
gluetun-1 | | | | โโโ Countries: Singapore
gluetun-1 | | | | โโโ OpenVPN server selection settings:
gluetun-1 | | | | โโโ Protocol: UDP
gluetun-1 | | | โโโ Automatic port forwarding settings:
gluetun-1 | | | โโโ Redirection listening port: disabled
gluetun-1 | | | โโโ Use port forwarding code for current provider
gluetun-1 | | | โโโ Forwarded port file path: /tmp/gluetun/forwarded_port
gluetun-1 | | | โโโ Credentials:
gluetun-1 | | | โโโ Username: [username]+pmp
gluetun-1 | | | โโโ Password: M...JP
gluetun-1 | | โโโ OpenVPN settings:
gluetun-1 | | โโโ OpenVPN version: 2.6
gluetun-1 | | โโโ User: [set]
gluetun-1 | | โโโ Password: M...JP
gluetun-1 | | โโโ Network interface: tun0
gluetun-1 | | โโโ Run OpenVPN as: root
gluetun-1 | | โโโ Verbosity level: 1
gluetun-1 | โโโ DNS settings:
gluetun-1 | | โโโ Keep existing nameserver(s): no
gluetun-1 | | โโโ DNS server address to use: 127.0.0.1
gluetun-1 | | โโโ DNS over TLS settings:
gluetun-1 | | โโโ Enabled: yes
gluetun-1 | | โโโ Update period: every 24h0m0s
gluetun-1 | | โโโ Unbound settings:
gluetun-1 | | | โโโ Authoritative servers:
gluetun-1 | | | | โโโ cloudflare
gluetun-1 | | | โโโ Caching: yes
gluetun-1 | | | โโโ IPv6: no
gluetun-1 | | | โโโ Verbosity level: 1
gluetun-1 | | | โโโ Verbosity details level: 0
gluetun-1 | | | โโโ Validation log level: 0
gluetun-1 | | | โโโ System user: root
gluetun-1 | | | โโโ Allowed networks:
gluetun-1 | | | โโโ 0.0.0.0/0
gluetun-1 | | | โโโ ::/0
gluetun-1 | | โโโ DNS filtering settings:
gluetun-1 | | โโโ Block malicious: yes
gluetun-1 | | โโโ Block ads: no
gluetun-1 | | โโโ Block surveillance: no
gluetun-1 | | โโโ Blocked IP networks:
gluetun-1 | | โโโ 127.0.0.1/8
gluetun-1 | | โโโ 10.0.0.0/8
gluetun-1 | | โโโ 172.16.0.0/12
gluetun-1 | | โโโ 192.168.0.0/16
gluetun-1 | | โโโ 169.254.0.0/16
gluetun-1 | | โโโ ::1/128
gluetun-1 | | โโโ fc00::/7
gluetun-1 | | โโโ fe80::/10
gluetun-1 | | โโโ ::ffff:127.0.0.1/104
gluetun-1 | | โโโ ::ffff:10.0.0.0/104
gluetun-1 | | โโโ ::ffff:169.254.0.0/112
gluetun-1 | | โโโ ::ffff:172.16.0.0/108
gluetun-1 | | โโโ ::ffff:192.168.0.0/112
gluetun-1 | โโโ Firewall settings:
gluetun-1 | | โโโ Enabled: yes
gluetun-1 | โโโ Log settings:
gluetun-1 | | โโโ Log level: debug
gluetun-1 | โโโ Health settings:
gluetun-1 | | โโโ Server listening address: 127.0.0.1:9999
gluetun-1 | | โโโ Target address: cloudflare.com:443
gluetun-1 | | โโโ Duration to wait after success: 5s
gluetun-1 | | โโโ Read header timeout: 100ms
gluetun-1 | | โโโ Read timeout: 500ms
gluetun-1 | | โโโ VPN wait durations:
gluetun-1 | | โโโ Initial duration: 6s
gluetun-1 | | โโโ Additional duration: 5s
gluetun-1 | โโโ Shadowsocks server settings:
gluetun-1 | | โโโ Enabled: no
gluetun-1 | โโโ HTTP proxy settings:
gluetun-1 | | โโโ Enabled: no
gluetun-1 | โโโ Control server settings:
gluetun-1 | | โโโ Listening address: :8000
gluetun-1 | | โโโ Logging: yes
gluetun-1 | โโโ OS Alpine settings:
gluetun-1 | | โโโ Process UID: 1000
gluetun-1 | | โโโ Process GID: 1000
gluetun-1 | | โโโ Timezone: Asia/Jakarta
gluetun-1 | โโโ Public IP settings:
gluetun-1 | | โโโ Fetching: every 12h0m0s
gluetun-1 | | โโโ IP file path: /tmp/gluetun/ip
gluetun-1 | | โโโ Public IP data API: ipinfo
gluetun-1 | โโโ Version settings:
gluetun-1 | โโโ Enabled: yes
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1 | 2024-07-28T21:55:06+07:00 DEBUG [routing] ip rule add from 172.18.0.2/32 lookup 200 pref 100
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [routing] adding route for 0.0.0.0/0
gluetun-1 | 2024-07-28T21:55:06+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [firewall] setting allowed subnets...
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1 | 2024-07-28T21:55:06+07:00 DEBUG [routing] ip rule add to 172.18.0.0/16 lookup 254 pref 98
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [http server] http server listening on [::]:8000
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [firewall] allowing VPN connection...
gluetun-1 | 2024-07-28T21:55:06+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.140 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:06+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:06+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.140:1194
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun-1 | 2024-07-28T21:55:06+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.140:1194
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [vpn] stopping
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [vpn] starting
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [firewall] allowing VPN connection...
gluetun-1 | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 185.159.157.140 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:12+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.58 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:12+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.58:1194
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.58:1194
gluetun-1 | 2024-07-28T21:55:12+07:00 INFO [openvpn] [node-de-19.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.58:1194
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.21.0.3/16
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [openvpn] UID set to nonrootuser
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [openvpn] Initialization Sequence Completed
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [dns] downloading DNS over TLS cryptographic files
gluetun-1 | 2024-07-28T21:55:13+07:00 INFO [healthcheck] healthy!
gluetun-1 | 2024-07-28T21:55:16+07:00 INFO [dns] downloading hostnames and IP block lists
gluetun-1 | 2024-07-28T21:55:22+07:00 INFO [dns] init module 0: validator
gluetun-1 | 2024-07-28T21:55:22+07:00 INFO [dns] init module 1: iterator
gluetun-1 | 2024-07-28T21:55:22+07:00 INFO [dns] start of service (unbound 1.20.0).
gluetun-1 | 2024-07-28T21:55:23+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
gluetun-1 | 2024-07-28T21:55:23+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
gluetun-1 | 2024-07-28T21:55:26+07:00 INFO [dns] ready
gluetun-1 | 2024-07-28T21:55:28+07:00 INFO [ip getter] Public IP address is 149.88.19.242 (Germany, Hesse, Frankfurt am Main)
gluetun-1 | 2024-07-28T21:55:29+07:00 INFO [vpn] You are running on the bleeding edge of latest!
gluetun-1 | 2024-07-28T21:55:29+07:00 INFO [port forwarding] starting
gluetun-1 | 2024-07-28T21:55:30+07:00 INFO [port forwarding] gateway external IPv4 address is 149.88.19.242
gluetun-1 | 2024-07-28T21:55:30+07:00 INFO [port forwarding] port forwarded is 33328
gluetun-1 | 2024-07-28T21:55:30+07:00 INFO [firewall] setting allowed input port 33328 through interface tun0...
gluetun-1 | 2024-07-28T21:55:30+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:30+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:30+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:30+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT
gluetun-1 | 2024-07-28T21:55:30+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
gluetun-1 | 2024-07-28T21:56:15+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
gluetun-1 | 2024-07-28T21:56:15+07:00 DEBUG [port forwarding] port forwarded 33328 maintained
gluetun-1 | 2024-07-28T21:57:00+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
gluetun-1 | 2024-07-28T21:57:01+07:00 DEBUG [port forwarding] port forwarded 33328 maintained
gluetun-1 | 2024-07-28T21:57:32+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1 | 2024-07-28T21:57:33+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1 | 2024-07-28T21:57:34+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.133.229:443: i/o timeout
gluetun-1 | 2024-07-28T21:57:34+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1 | 2024-07-28T21:57:35+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO [vpn] stopping
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO [port forwarding] stopping
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO [firewall] removing allowed port 33328...
gluetun-1 | 2024-07-28T21:57:40+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1 | 2024-07-28T21:57:40+07:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1 | 2024-07-28T21:57:40+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT
gluetun-1 | 2024-07-28T21:57:40+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 33328 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO dns ticker: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO updater ticker: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO http server: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO control: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO updater: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:40+07:00 INFO tickers: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:40+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms โ ๏ธ
gluetun-1 | 2024-07-28T21:57:41+07:00 WARN vpn: goroutine shutdown timed out: after 1s โ ๏ธ
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO shadowsocks proxy: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO http proxy: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO unbound: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO other: terminated โ๏ธ
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO [routing] routing cleanup...
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO [routing] deleting route for 0.0.0.0/0
gluetun-1 | 2024-07-28T21:57:41+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
gluetun-1 | 2024-07-28T21:57:41+07:00 DEBUG [routing] ip rule del from 172.18.0.2/32 lookup 200 pref 100
gluetun-1 | 2024-07-28T21:57:41+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
gluetun-1 | 2024-07-28T21:57:41+07:00 INFO Shutdown successful
gluetun-1 exited with code 0
and as expected is the same thing in my server
========================================
========================================
=============== gluetun ================
========================================
=========== Made with โค๏ธ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2024-07-28T14:31:52.048Z (commit ddbfdc9)
๐ง Need help? https://github.com/qdm12/gluetun/discussions/new
๐ Bug? https://github.com/qdm12/gluetun/issues/new
โจ New feature? https://github.com/qdm12/gluetun/issues/new
โ Discussion? https://github.com/qdm12/gluetun/discussions/new
๐ป Email? quentin.mcgaw@gmail.com
๐ฐ Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-07-28T22:04:45+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:04:45+07:00 INFO [routing] local ethernet link found: eth0
2024-07-28T22:04:45+07:00 INFO [routing] local ipnet found: 172.19.0.0/16
2024-07-28T22:04:45+07:00 INFO [firewall] enabling...
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT
2024-07-28T22:04:45+07:00 INFO [firewall] enabled successfully
2024-07-28T22:04:45+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
2024-07-28T22:04:45+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2024-07-28T22:04:45+07:00 INFO Alpine version: 3.20.2
2024-07-28T22:04:45+07:00 INFO OpenVPN 2.5 version: 2.5.10
2024-07-28T22:04:45+07:00 INFO OpenVPN 2.6 version: 2.6.11
2024-07-28T22:04:45+07:00 INFO Unbound version: 1.20.0
2024-07-28T22:04:45+07:00 INFO IPtables version: v1.8.10
2024-07-28T22:04:45+07:00 INFO Settings summary:
โโโ VPN settings:
| โโโ VPN provider settings:
| | โโโ Name: protonvpn
| | โโโ Server selection settings:
| | | โโโ VPN type: openvpn
| | | โโโ Countries: Singapore
| | | โโโ OpenVPN server selection settings:
| | | โโโ Protocol: UDP
| | โโโ Automatic port forwarding settings:
| | โโโ Redirection listening port: disabled
| | โโโ Use port forwarding code for current provider
| | โโโ Forwarded port file path: /tmp/gluetun/forwarded_port
| | โโโ Credentials:
| | โโโ Username: [username]+pmp
| | โโโ Password: M...JP
| โโโ OpenVPN settings:
| โโโ OpenVPN version: 2.6
| โโโ User: [set]
| โโโ Password: M...JP
| โโโ Network interface: tun0
| โโโ Run OpenVPN as: root
| โโโ Verbosity level: 1
โโโ DNS settings:
| โโโ Keep existing nameserver(s): no
| โโโ DNS server address to use: 127.0.0.1
| โโโ DNS over TLS settings:
| โโโ Enabled: yes
| โโโ Update period: every 24h0m0s
| โโโ Unbound settings:
| | โโโ Authoritative servers:
| | | โโโ cloudflare
| | โโโ Caching: yes
| | โโโ IPv6: no
| | โโโ Verbosity level: 1
| | โโโ Verbosity details level: 0
| | โโโ Validation log level: 0
| | โโโ System user: root
| | โโโ Allowed networks:
| | โโโ 0.0.0.0/0
| | โโโ ::/0
| โโโ DNS filtering settings:
| โโโ Block malicious: yes
| โโโ Block ads: no
| โโโ Block surveillance: no
| โโโ Blocked IP networks:
| โโโ 127.0.0.1/8
| โโโ 10.0.0.0/8
| โโโ 172.16.0.0/12
| โโโ 192.168.0.0/16
| โโโ 169.254.0.0/16
| โโโ ::1/128
| โโโ fc00::/7
| โโโ fe80::/10
| โโโ ::ffff:127.0.0.1/104
| โโโ ::ffff:10.0.0.0/104
| โโโ ::ffff:169.254.0.0/112
| โโโ ::ffff:172.16.0.0/108
| โโโ ::ffff:192.168.0.0/112
โโโ Firewall settings:
| โโโ Enabled: yes
โโโ Log settings:
| โโโ Log level: debug
โโโ Health settings:
| โโโ Server listening address: 127.0.0.1:9999
| โโโ Target address: cloudflare.com:443
| โโโ Duration to wait after success: 5s
| โโโ Read header timeout: 100ms
| โโโ Read timeout: 500ms
| โโโ VPN wait durations:
| โโโ Initial duration: 6s
| โโโ Additional duration: 5s
โโโ Shadowsocks server settings:
| โโโ Enabled: no
โโโ HTTP proxy settings:
| โโโ Enabled: no
โโโ Control server settings:
| โโโ Listening address: :8000
| โโโ Logging: yes
โโโ OS Alpine settings:
| โโโ Process UID: 1000
| โโโ Process GID: 1000
| โโโ Timezone: Asia/Jakarta
โโโ Public IP settings:
| โโโ Fetching: every 12h0m0s
| โโโ IP file path: /tmp/gluetun/ip
| โโโ Public IP data API: ipinfo
โโโ Version settings:
โโโ Enabled: yes
2024-07-28T22:04:45+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:04:45+07:00 DEBUG [routing] ip rule add from 172.19.0.2/32 lookup 200 pref 100
2024-07-28T22:04:45+07:00 INFO [routing] adding route for 0.0.0.0/0
2024-07-28T22:04:45+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-28T22:04:45+07:00 INFO [firewall] setting allowed subnets...
2024-07-28T22:04:45+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:04:45+07:00 DEBUG [routing] ip rule add to 172.19.0.0/16 lookup 254 pref 98
2024-07-28T22:04:45+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-07-28T22:04:45+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-07-28T22:04:45+07:00 INFO [http server] http server listening on [::]:8000
2024-07-28T22:04:45+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-07-28T22:04:45+07:00 INFO [firewall] allowing VPN connection...
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.58 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-07-28T22:04:45+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-07-28T22:04:45+07:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-07-28T22:04:45+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.58:1194
2024-07-28T22:04:45+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-07-28T22:04:45+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.58:1194
2024-07-28T22:04:46+07:00 INFO [openvpn] [node-de-19.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.58:1194
2024-07-28T22:04:48+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-07-28T22:04:48+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-07-28T22:04:48+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-07-28T22:04:48+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-07-28T22:04:48+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.22.0.3/16
2024-07-28T22:04:48+07:00 INFO [openvpn] UID set to nonrootuser
2024-07-28T22:04:48+07:00 INFO [openvpn] Initialization Sequence Completed
2024-07-28T22:04:48+07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-07-28T22:04:48+07:00 INFO [healthcheck] healthy!
2024-07-28T22:04:51+07:00 INFO [dns] downloading hostnames and IP block lists
2024-07-28T22:04:59+07:00 INFO [dns] init module 0: validator
2024-07-28T22:04:59+07:00 INFO [dns] init module 1: iterator
2024-07-28T22:04:59+07:00 INFO [dns] start of service (unbound 1.20.0).
2024-07-28T22:05:00+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-28T22:05:00+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-28T22:05:01+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-07-28T22:05:02+07:00 INFO [dns] ready
2024-07-28T22:05:02+07:00 INFO [healthcheck] healthy!
2024-07-28T22:05:04+07:00 INFO [ip getter] Public IP address is 149.88.24.9 (Germany, Hesse, Frankfurt am Main)
2024-07-28T22:05:05+07:00 INFO [http server] 200 GET /portforwarded wrote 11B to [::1]:40456 in 47.066ยตs
2024-07-28T22:05:06+07:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-07-28T22:05:06+07:00 INFO [port forwarding] starting
2024-07-28T22:05:06+07:00 INFO [port forwarding] gateway external IPv4 address is 149.88.24.9
2024-07-28T22:05:07+07:00 INFO [port forwarding] port forwarded is 41140
2024-07-28T22:05:07+07:00 INFO [firewall] setting allowed input port 41140 through interface tun0...
2024-07-28T22:05:07+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-07-28T22:05:15+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:56148 in 13.492ยตs
2024-07-28T22:05:52+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-07-28T22:05:52+07:00 DEBUG [port forwarding] port forwarded 41140 maintained
2024-07-28T22:06:11+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-07-28T22:06:13+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.132.229:443: i/o timeout
2024-07-28T22:06:14+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-28T22:06:14+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-28T22:06:15+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:46562 in 13.215ยตs
2024-07-28T22:06:19+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-07-28T22:06:19+07:00 INFO [healthcheck] ๐ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-07-28T22:06:19+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-07-28T22:06:19+07:00 INFO [vpn] stopping
2024-07-28T22:06:19+07:00 INFO [port forwarding] stopping
2024-07-28T22:06:19+07:00 INFO [firewall] removing allowed port 41140...
2024-07-28T22:06:19+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:06:19+07:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:06:19+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT
2024-07-28T22:06:19+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 41140 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
2024-07-28T22:06:19+07:00 INFO http server: terminated โ๏ธ
2024-07-28T22:06:19+07:00 INFO dns ticker: terminated โ๏ธ
2024-07-28T22:06:19+07:00 INFO updater ticker: terminated โ๏ธ
2024-07-28T22:06:19+07:00 INFO control: terminated โ๏ธ
2024-07-28T22:06:19+07:00 INFO updater: terminated โ๏ธ
2024-07-28T22:06:19+07:00 INFO tickers: terminated โ๏ธ
2024-07-28T22:06:20+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms โ ๏ธ
2024-07-28T22:06:21+07:00 WARN vpn: goroutine shutdown timed out: after 1s โ ๏ธ
2024-07-28T22:06:21+07:00 INFO shadowsocks proxy: terminated โ๏ธ
2024-07-28T22:06:21+07:00 INFO http proxy: terminated โ๏ธ
2024-07-28T22:06:21+07:00 INFO unbound: terminated โ๏ธ
2024-07-28T22:06:21+07:00 INFO other: terminated โ๏ธ
2024-07-28T22:06:21+07:00 INFO [routing] routing cleanup...
2024-07-28T22:06:21+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:06:21+07:00 INFO [routing] deleting route for 0.0.0.0/0
2024-07-28T22:06:21+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-28T22:06:21+07:00 DEBUG [routing] ip rule del from 172.19.0.2/32 lookup 200 pref 100
2024-07-28T22:06:21+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
2024-07-28T22:06:21+07:00 INFO Shutdown successful
Duplicate of #2334 but let's keep it opened just in case. I'm about to do a v3.39.0 release, and will jump in fixing this (remove iptables rules by line number) right after.
Is this solved using the latest image? Now that other related issues are solved. Thanks!
Sorry for the delay, but i can confirm the latest version doesn't crash anymore when the connection is dropped. I don't need to manually restart my container anymore when the internet does disconnect.
I am using v3.39.0 and am still seeing the same error as @asen23
@jgramling17 that's expected, it's only fixed in the latest image. I'm fixing 1 or 2 last things before doing a v3.39.1 bugfix release containing that bugfix.
@jgramling17 that's expected, it's only fixed in the latest image. I'm fixing 1 or 2 last things before doing a v3.39.1 bugfix release containing that bugfix.
Thank you, I ended up figuring it out. Thank you for your patience and contributions to this project โค๏ธ
Is this urgent?
Yes
Host OS
Fedora Linux 40 (Server Edition)
CPU arch
x86_64
VPN service provider
ProtonVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)
What's the problem ๐ค
Whenever the port change it crash the container and restart it causing my other service that depends on gluetun to lose connection. I think it is the same problem with #2274
here is the triggering crash
i also saw other error/warn log but im not sure how related
also some unrelated issue, it sometimes take a long time to connect so i added start_period to prevent timeout when starting docker compose
Share your logs (at least 10 lines)
Share your configuration