Bug: Renewing Port Restart Gluetun Container using ProtonVPN

[asen23]

Is this urgent?

Yes

Host OS

Fedora Linux 40 (Server Edition)

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)

What's the problem 🤔

Whenever the port change it crash the container and restart it causing my other service that depends on gluetun to lose connection. I think it is the same problem with #2274

here is the triggering crash

ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 33982 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp --dport 33982 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1

i also saw other error/warn log but im not sure how related

2024-06-01T13:34:52+07:00 ERROR [vpn] port forwarding for the first time: getting external IPv4 address: executing remote procedure call: writing to connection: write udp 10.23.0.4:52873->10.23.0.1:5351: write: operation not permitted
2024-06-01T14:19:29+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNR]: Host is unreachable (fd=4,code=113)
2024-06-01T14:55:10+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-01T14:56:12+07:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024-06-01T15:00:07+07:00 WARN [dns] DNS is not working: after 10 tries: lookup github.com on 127.0.0.1:53: server misbehaving
2024-06-01T15:00:32+07:00 WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

also some unrelated issue, it sometimes take a long time to connect so i added start_period to prevent timeout when starting docker compose

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-06-01T14:55:05+07:00 INFO [routing] default route found: interface eth0, gateway 172.28.0.1, assigned IP 172.28.0.2 and family v4
2024-06-01T14:55:05+07:00 INFO [routing] local ethernet link found: eth0
2024-06-01T14:55:05+07:00 INFO [routing] local ipnet found: 172.28.0.0/16
2024-06-01T14:55:05+07:00 INFO [firewall] enabling...
2024-06-01T14:55:05+07:00 INFO [firewall] enabled successfully
2024-06-01T14:55:05+07:00 INFO [storage] merging by most recent 19425 hardcoded servers and 19425 servers read from /gluetun/servers.json
2024-06-01T14:55:05+07:00 INFO Alpine version: 3.19.1
2024-06-01T14:55:05+07:00 INFO OpenVPN 2.5 version: 2.5.8
2024-06-01T14:55:05+07:00 INFO OpenVPN 2.6 version: 2.6.8
2024-06-01T14:55:05+07:00 INFO Unbound version: 1.20.0
2024-06-01T14:55:05+07:00 INFO IPtables version: v1.8.10
2024-06-01T14:55:05+07:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Countries: Singapore
|   |   |   └── OpenVPN server selection settings:
|   |   |       └── Protocol: UDP
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use port forwarding code for current provider
|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: M...JP
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Asia/Jakarta
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-06-01T14:55:05+07:00 INFO [routing] default route found: interface eth0, gateway 172.28.0.1, assigned IP 172.28.0.2 and family v4
2024-06-01T14:55:05+07:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-01T14:55:05+07:00 INFO [firewall] setting allowed subnets...
2024-06-01T14:55:05+07:00 INFO [routing] default route found: interface eth0, gateway 172.28.0.1, assigned IP 172.28.0.2 and family v4
2024-06-01T14:55:05+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-06-01T14:55:05+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-06-01T14:55:05+07:00 INFO [http server] http server listening on [::]:8000
2024-06-01T14:55:05+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-01T14:55:05+07:00 INFO [firewall] allowing VPN connection...
2024-06-01T14:55:05+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-01T14:55:05+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-01T14:55:05+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.199.194:1194
2024-06-01T14:55:05+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-01T14:55:05+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]103.107.199.194:1194
2024-06-01T14:55:10+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-01T14:55:11+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-01T14:55:11+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-01T14:55:11+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-01T14:55:11+07:00 INFO [vpn] stopping
2024-06-01T14:55:11+07:00 INFO [vpn] starting
2024-06-01T14:55:11+07:00 INFO [firewall] allowing VPN connection...
2024-06-01T14:55:11+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-01T14:55:11+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-01T14:55:11+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.198.210:1194
2024-06-01T14:55:11+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-01T14:55:11+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]103.107.198.210:1194
2024-06-01T14:55:22+07:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-06-01T14:55:22+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-01T14:55:22+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-01T14:55:22+07:00 INFO [vpn] stopping
2024-06-01T14:55:22+07:00 INFO [vpn] starting
2024-06-01T14:55:22+07:00 INFO [firewall] allowing VPN connection...
2024-06-01T14:55:22+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-01T14:55:22+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-01T14:55:22+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.56:1194
2024-06-01T14:55:22+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-01T14:55:22+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.56:1194
2024-06-01T14:55:26+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-01T14:55:33+07:00 INFO [openvpn] [node-in-06.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.56:1194
2024-06-01T14:55:35+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-06-01T14:55:35+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-01T14:55:35+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-01T14:55:35+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-01T14:55:35+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.21.0.3/16
2024-06-01T14:55:35+07:00 INFO [openvpn] UID set to nonrootuser
2024-06-01T14:55:35+07:00 INFO [openvpn] Initialization Sequence Completed
2024-06-01T14:55:35+07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-06-01T14:55:36+07:00 INFO [healthcheck] healthy!
2024-06-01T14:55:49+07:00 INFO [dns] downloading hostnames and IP block lists
2024-06-01T14:55:54+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-01T14:55:57+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-01T14:55:57+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-01T14:55:57+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-01T14:55:57+07:00 INFO [vpn] stopping
2024-06-01T14:55:57+07:00 ERROR [vpn] getting public IP address information: context canceled
2024-06-01T14:55:57+07:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2024-06-01T14:55:57+07:00 INFO [port forwarding] starting
2024-06-01T14:55:57+07:00 ERROR [vpn] port forwarding for the first time: getting external IPv4 address: executing remote procedure call: writing to connection: write udp 10.21.0.3:46140->10.21.0.1:5351: write: operation not permitted
2024-06-01T14:55:57+07:00 INFO [vpn] starting
2024-06-01T14:55:57+07:00 INFO [firewall] allowing VPN connection...
2024-06-01T14:55:57+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-01T14:55:57+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-01T14:55:57+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.187:1194
2024-06-01T14:55:57+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-01T14:55:57+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.187:1194
2024-06-01T14:55:59+07:00 WARN [dns] Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.21.0.3:48639->1.1.1.1:53: i/o timeout
2024-06-01T14:55:59+07:00 WARN [dns] Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.21.0.3:48639->1.1.1.1:53: i/o timeout
2024-06-01T14:55:59+07:00 INFO [dns] init module 0: validator
2024-06-01T14:55:59+07:00 INFO [dns] init module 1: iterator
2024-06-01T14:55:59+07:00 INFO [dns] start of service (unbound 1.20.0).
2024-06-01T14:56:02+07:00 INFO [openvpn] [node-sg-14.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.187:1194
2024-06-01T14:56:02+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-06-01T14:56:02+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-01T14:56:02+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-01T14:56:02+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-01T14:56:02+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.20.0.5/16
2024-06-01T14:56:02+07:00 INFO [openvpn] UID set to nonrootuser
2024-06-01T14:56:02+07:00 INFO [openvpn] Initialization Sequence Completed
2024-06-01T14:56:05+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-01T14:56:07+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-01T14:56:12+07:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-06-01T14:56:12+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-01T14:56:12+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-01T14:56:12+07:00 INFO [vpn] stopping
2024-06-01T14:56:12+07:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024-06-01T14:56:12+07:00 INFO [port forwarding] starting
2024-06-01T14:56:12+07:00 INFO [vpn] starting
2024-06-01T14:56:12+07:00 INFO [firewall] allowing VPN connection...
2024-06-01T14:56:12+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-01T14:56:12+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-01T14:56:12+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.199.162:1194
2024-06-01T14:56:12+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-01T14:56:12+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]103.107.199.162:1194
2024-06-01T14:56:12+07:00 INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-06-01T14:56:12+07:00 ERROR [vpn] port forwarding for the first time: getting external IPv4 address: executing remote procedure call: writing to connection: write udp 10.20.0.5:41699->10.20.0.1:5351: write: network is unreachable
2024-06-01T14:56:14+07:00 INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-06-01T14:56:14+07:00 INFO [dns] ready
2024-06-01T14:56:18+07:00 INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-06-01T14:56:26+07:00 INFO [openvpn] read UDPv4 [ECONNREFUSED]: Connection refused (fd=4,code=111)
2024-06-01T14:56:32+07:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-06-01T14:56:32+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-01T14:56:32+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-01T14:56:32+07:00 INFO [vpn] stopping
2024-06-01T14:56:32+07:00 INFO [vpn] starting
2024-06-01T14:56:32+07:00 INFO [firewall] allowing VPN connection...
2024-06-01T14:56:32+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-01T14:56:32+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-01T14:56:32+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.57:1194
2024-06-01T14:56:32+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-01T14:56:32+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.57:1194
2024-06-01T14:56:35+07:00 INFO [openvpn] [node-de-18.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.57:1194
2024-06-01T14:56:37+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-06-01T14:56:37+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-01T14:56:37+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-01T14:56:37+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-01T14:56:37+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.25.0.3/16
2024-06-01T14:56:37+07:00 INFO [openvpn] UID set to nonrootuser
2024-06-01T14:56:37+07:00 INFO [openvpn] Initialization Sequence Completed
2024-06-01T14:56:38+07:00 INFO [ip getter] Public IP address is 149.88.19.227 (Germany, Hesse, Frankfurt am Main)
2024-06-01T14:56:38+07:00 INFO [port forwarding] starting
2024-06-01T14:56:39+07:00 INFO [port forwarding] gateway external IPv4 address is 149.88.19.227
2024-06-01T14:56:40+07:00 INFO [healthcheck] healthy!
2024-06-01T14:56:40+07:00 INFO [port forwarding] port forwarded is 49115
2024-06-01T14:56:40+07:00 INFO [firewall] setting allowed input port 49115 through interface tun0...
2024-06-01T14:56:40+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-06-01T14:56:49+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-01T14:56:52+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-01T14:56:53+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-01T14:56:53+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-01T14:56:53+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-01T14:56:53+07:00 INFO [vpn] stopping
2024-06-01T14:56:53+07:00 INFO [port forwarding] stopping
2024-06-01T14:56:53+07:00 INFO [firewall] removing allowed port 49115...
2024-06-01T14:56:53+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 49115 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp --dport 49115 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
2024-06-01T14:56:53+07:00 INFO dns ticker: terminated ✔️
2024-06-01T14:56:53+07:00 INFO http server: terminated ✔️
2024-06-01T14:56:53+07:00 INFO updater ticker: terminated ✔️
2024-06-01T14:56:53+07:00 INFO control: terminated ✔️
2024-06-01T14:56:53+07:00 INFO updater: terminated ✔️
2024-06-01T14:56:53+07:00 INFO tickers: terminated ✔️
2024-06-01T14:56:53+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms ⚠️
2024-06-01T14:56:54+07:00 WARN vpn: goroutine shutdown timed out: after 1s ⚠️
2024-06-01T14:56:54+07:00 INFO shadowsocks proxy: terminated ✔️
2024-06-01T14:56:54+07:00 INFO http proxy: terminated ✔️
2024-06-01T14:56:55+07:00 INFO unbound: terminated ✔️
2024-06-01T14:56:55+07:00 INFO other: terminated ✔️
2024-06-01T14:56:55+07:00 INFO [routing] routing cleanup...
2024-06-01T14:56:55+07:00 INFO [routing] default route found: interface eth0, gateway 172.28.0.1, assigned IP 172.28.0.2 and family v4
2024-06-01T14:56:55+07:00 INFO [routing] deleting route for 0.0.0.0/0
2024-06-01T14:56:55+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
2024-06-01T14:56:55+07:00 INFO Shutdown successful

Share your configuration

gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8080:8080/tcp
      - 8000:8000/tcp
    restart: unless-stopped
    healthcheck:
      start_period: 5m
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=openvpn
      - OPENVPN_USER=[REDACTED]+pmp
      - OPENVPN_PASSWORD=[REDACTED]
      - SERVER_COUNTRIES=Singapore
      - VPN_PORT_FORWARDING=on
      - TZ=Asia/Jakarta

[github-actions[bot]]

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

• do not ask for updates, be patient
• :+1: the issue to show your support instead of commenting @qdm12 usually checks issues at least once a week, if this is a new urgent bug, revert to an older tagged container image

[qdm12]

Can you run with LOG_LEVEL=debug and report back what logs you get? I'm failing to see how this can happen in the code so debug logs showing the iptables commands ran by Gluetun would help me!

[asen23]

Funny enough when i tried to repro the problem, i just wont trigger by itself anymore? then i noticed that to repro the issue, the vpn must be allowed to port forward once then the connection must be unhealthy. So i ran it until it successfully port forwarded and then i disconnected the machine from internet and the bug triggers, anyway here is the log

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-05-18T18:08:57.405Z (commit 4218dba)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-06-18T13:05:41+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:05:41+07:00 INFO [routing] local ethernet link found: eth0
2024-06-18T13:05:41+07:00 INFO [routing] local ipnet found: 172.29.0.0/16
2024-06-18T13:05:42+07:00 INFO [firewall] enabling...
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.29.0.2 -d 172.29.0.0/16 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.29.0.0/16 -j ACCEPT
2024-06-18T13:05:42+07:00 INFO [firewall] enabled successfully
2024-06-18T13:05:42+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
2024-06-18T13:05:42+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2024-06-18T13:05:42+07:00 INFO Alpine version: 3.19.1
2024-06-18T13:05:42+07:00 INFO OpenVPN 2.5 version: 2.5.8
2024-06-18T13:05:42+07:00 INFO OpenVPN 2.6 version: 2.6.8
2024-06-18T13:05:42+07:00 INFO Unbound version: 1.20.0
2024-06-18T13:05:42+07:00 INFO IPtables version: v1.8.10
2024-06-18T13:05:42+07:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Countries: Singapore
|   |   |   └── OpenVPN server selection settings:
|   |   |       └── Protocol: UDP
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use port forwarding code for current provider
|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: M...JP
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: debug
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Asia/Jakarta
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-06-18T13:05:42+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:05:42+07:00 DEBUG [routing] ip rule add from 172.29.0.2/32 lookup 200 pref 100
2024-06-18T13:05:42+07:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-18T13:05:42+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.29.0.1 dev eth0 table 200
2024-06-18T13:05:42+07:00 INFO [firewall] setting allowed subnets...
2024-06-18T13:05:42+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:05:42+07:00 DEBUG [routing] ip rule add to 172.29.0.0/16 lookup 254 pref 98
2024-06-18T13:05:42+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-06-18T13:05:42+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-06-18T13:05:42+07:00 INFO [http server] http server listening on [::]:8000
2024-06-18T13:05:42+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-18T13:05:42+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.139 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:42+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:42+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:05:42+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:05:42+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.139:1194
2024-06-18T13:05:42+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:05:42+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.139:1194
2024-06-18T13:05:48+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-18T13:05:48+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:05:48+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:05:48+07:00 INFO [vpn] stopping
2024-06-18T13:05:48+07:00 INFO [vpn] starting
2024-06-18T13:05:48+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 185.159.157.139 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --append OUTPUT -d 103.107.198.242 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:48+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:05:48+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:05:48+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.198.242:1194
2024-06-18T13:05:48+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:05:48+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]103.107.198.242:1194
2024-06-18T13:05:59+07:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-06-18T13:05:59+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:05:59+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:05:59+07:00 INFO [vpn] stopping
2024-06-18T13:05:59+07:00 INFO [vpn] starting
2024-06-18T13:05:59+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 103.107.198.242 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --append OUTPUT -d 103.107.199.162 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:05:59+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:05:59+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:05:59+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]103.107.199.162:1194
2024-06-18T13:05:59+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:05:59+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]103.107.199.162:1194
2024-06-18T13:06:02+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-18T13:06:14+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-06-18T13:06:15+07:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-06-18T13:06:15+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:06:15+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:06:15+07:00 INFO [vpn] stopping
2024-06-18T13:06:15+07:00 INFO [vpn] starting
2024-06-18T13:06:15+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 103.107.199.162 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.187 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:15+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:06:15+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:06:15+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.187:1194
2024-06-18T13:06:15+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:06:15+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.187:1194
2024-06-18T13:06:18+07:00 INFO [openvpn] [node-sg-14.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.187:1194
2024-06-18T13:06:25+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-06-18T13:06:25+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-18T13:06:25+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-18T13:06:25+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-18T13:06:25+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.19.0.3/16
2024-06-18T13:06:25+07:00 INFO [openvpn] UID set to nonrootuser
2024-06-18T13:06:25+07:00 INFO [openvpn] Initialization Sequence Completed
2024-06-18T13:06:25+07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-06-18T13:06:27+07:00 INFO [healthcheck] healthy!
2024-06-18T13:06:35+07:00 INFO [dns] downloading hostnames and IP block lists
2024-06-18T13:06:47+07:00 INFO [dns] init module 0: validator
2024-06-18T13:06:47+07:00 INFO [dns] init module 1: iterator
2024-06-18T13:06:47+07:00 INFO [dns] start of service (unbound 1.20.0).
2024-06-18T13:06:48+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-06-18T13:06:50+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-18T13:06:50+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-18T13:06:54+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-18T13:06:54+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:06:54+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:06:54+07:00 INFO [vpn] stopping
2024-06-18T13:06:54+07:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024-06-18T13:06:54+07:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2024-06-18T13:06:54+07:00 INFO [port forwarding] starting
2024-06-18T13:06:54+07:00 ERROR [vpn] port forwarding for the first time: getting external IPv4 address: executing remote procedure call: writing to connection: write udp 172.29.0.2:37105->10.19.0.1:5351: write: operation not permitted
2024-06-18T13:06:54+07:00 INFO [vpn] starting
2024-06-18T13:06:54+07:00 INFO [firewall] allowing VPN connection...
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 185.159.157.187 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --append OUTPUT -d 37.19.201.130 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-06-18T13:06:54+07:00 INFO [openvpn] OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-06-18T13:06:54+07:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-18T13:06:54+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]37.19.201.130:1194
2024-06-18T13:06:54+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-06-18T13:06:54+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]37.19.201.130:1194
2024-06-18T13:06:54+07:00 INFO [openvpn] [node-sg-14.protonvpn.net] Peer Connection Initiated with [AF_INET]37.19.201.130:1194
2024-06-18T13:06:55+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-06-18T13:06:55+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-18T13:06:55+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-18T13:06:55+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-18T13:06:55+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.23.0.8/16
2024-06-18T13:06:55+07:00 INFO [openvpn] UID set to nonrootuser
2024-06-18T13:06:55+07:00 INFO [openvpn] Initialization Sequence Completed
2024-06-18T13:06:56+07:00 INFO [healthcheck] healthy!
2024-06-18T13:07:00+07:00 INFO [dns] ready
2024-06-18T13:07:01+07:00 INFO [ip getter] Public IP address is 37.19.201.135 (Singapore, Singapore, Singapore)
2024-06-18T13:07:01+07:00 INFO [port forwarding] starting
2024-06-18T13:07:01+07:00 INFO [port forwarding] gateway external IPv4 address is 37.19.201.135
2024-06-18T13:07:01+07:00 INFO [port forwarding] port forwarded is 35931
2024-06-18T13:07:01+07:00 INFO [firewall] setting allowed input port 35931 through interface tun0...
2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-06-18T13:07:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:07:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:08:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:08:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:09:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:09:16+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:10:01+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:10:01+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:10:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:10:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:11:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:11:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:12:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:12:16+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:13:01+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:13:01+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:13:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:13:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:14:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:14:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:15:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:15:16+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:16:01+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:16:01+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:16:46+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:16:46+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:17:31+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:17:31+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:18:16+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:18:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:19:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:19:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:19:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:19:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:20:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:20:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:21:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:21:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:22:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:22:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:22:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:22:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:23:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:23:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:24:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:24:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:25:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:25:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:25:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:25:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:26:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:26:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:27:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:27:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:28:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:28:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:28:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:28:47+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:29:32+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:29:32+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:30:17+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:30:17+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:31:02+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:31:02+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:31:47+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:31:48+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:32:33+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:32:33+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:33:18+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:33:18+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:34:03+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:34:03+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:34:48+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-06-18T13:34:48+07:00 DEBUG [port forwarding] port forwarded 35931 maintained
2024-06-18T13:34:59+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.133.229:443: i/o timeout
2024-06-18T13:34:59+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNR]: Host is unreachable (fd=4,code=113)
2024-06-18T13:35:02+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-06-18T13:35:02+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-06-18T13:35:05+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-06-18T13:35:05+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-18T13:35:05+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-18T13:35:05+07:00 INFO [vpn] stopping
2024-06-18T13:35:05+07:00 INFO [port forwarding] stopping
2024-06-18T13:35:05+07:00 INFO [firewall] removing allowed port 35931...
2024-06-18T13:35:05+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:35:05+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 35931 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
2024-06-18T13:35:05+07:00 INFO dns ticker: terminated ✔️
2024-06-18T13:35:05+07:00 INFO updater ticker: terminated ✔️
2024-06-18T13:35:05+07:00 INFO http server: terminated ✔️
2024-06-18T13:35:05+07:00 INFO control: terminated ✔️
2024-06-18T13:35:05+07:00 INFO updater: terminated ✔️
2024-06-18T13:35:05+07:00 INFO tickers: terminated ✔️
2024-06-18T13:35:05+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms ⚠️
2024-06-18T13:35:06+07:00 WARN vpn: goroutine shutdown timed out: after 1s ⚠️
2024-06-18T13:35:06+07:00 INFO shadowsocks proxy: terminated ✔️
2024-06-18T13:35:06+07:00 INFO http proxy: terminated ✔️
2024-06-18T13:35:06+07:00 INFO unbound: terminated ✔️
2024-06-18T13:35:06+07:00 INFO other: terminated ✔️
2024-06-18T13:35:06+07:00 INFO [routing] routing cleanup...
2024-06-18T13:35:06+07:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-06-18T13:35:06+07:00 INFO [routing] deleting route for 0.0.0.0/0
2024-06-18T13:35:06+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.29.0.1 dev eth0 table 200
2024-06-18T13:35:06+07:00 DEBUG [routing] ip rule del from 172.29.0.2/32 lookup 200 pref 100
2024-06-18T13:35:06+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
2024-06-18T13:35:06+07:00 INFO Shutdown successful

Notes

• Also i can reproduce this issue in v3.38.0
• As you can see i only put singapore server but it sometimes connected to german server? is this known issue?

[qdm12]

Thanks for finding more information on how to reproduce it! 👍 So this looks like an iptables bug. Clearly the last iptables instructions were:

2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
2024-06-18T13:07:01+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp --dport 35931 -j ACCEPT
...
2024-06-18T13:35:05+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp --dport 35931 -j ACCEPT

And the last instruction SHOULD delete the rule, since it's present.

I suspect 73832d8b49fa62feef678a5b48d85f321728f452 solves this, can you try pulling the latest image and check again if it works? Thanks!!! 👍

[asen23]

So first i tried it on my main pc and it works, but i noticed it used iptables-legacy rather than iptables. My server which has the issue still crashed when disconnected and i attached the log but they are mostly the same as before. I'm curious tho what influence choosing between iptables-legacy or iptables.

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-07-26T11:43:10.213Z (commit 73832d8)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-07-26T19:30:20+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:30:20+07:00 INFO [routing] local ethernet link found: eth0
2024-07-26T19:30:20+07:00 INFO [routing] local ipnet found: 172.19.0.0/16
2024-07-26T19:30:20+07:00 INFO [firewall] enabling...
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT
2024-07-26T19:30:20+07:00 INFO [firewall] enabled successfully
2024-07-26T19:30:20+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
2024-07-26T19:30:20+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2024-07-26T19:30:20+07:00 INFO Alpine version: 3.19.3
2024-07-26T19:30:20+07:00 INFO OpenVPN 2.5 version: 2.5.10
2024-07-26T19:30:20+07:00 INFO OpenVPN 2.6 version: 2.6.11
2024-07-26T19:30:20+07:00 INFO Unbound version: 1.20.0
2024-07-26T19:30:20+07:00 INFO IPtables version: v1.8.10
2024-07-26T19:30:20+07:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Countries: Singapore
|   |   |   └── OpenVPN server selection settings:
|   |   |       └── Protocol: UDP
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use port forwarding code for current provider
|   |       ├── Forwarded port file path: /tmp/gluetun/forwarded_port
|   |       └── Credentials:
|   |           ├── Username: [username]+pmp
|   |           └── Password: M...JP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: M...JP
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: debug
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Asia/Jakarta
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-07-26T19:30:20+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:30:20+07:00 DEBUG [routing] ip rule add from 172.19.0.2/32 lookup 200 pref 100
2024-07-26T19:30:20+07:00 INFO [routing] adding route for 0.0.0.0/0
2024-07-26T19:30:20+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-26T19:30:20+07:00 INFO [firewall] setting allowed subnets...
2024-07-26T19:30:20+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:30:20+07:00 DEBUG [routing] ip rule add to 172.19.0.0/16 lookup 254 pref 98
2024-07-26T19:30:20+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-07-26T19:30:20+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-07-26T19:30:20+07:00 INFO [http server] http server listening on [::]:8000
2024-07-26T19:30:20+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-07-26T19:30:20+07:00 INFO [firewall] allowing VPN connection...
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.56 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-07-26T19:30:20+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-07-26T19:30:20+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-07-26T19:30:20+07:00 INFO [openvpn] library versions: OpenSSL 3.1.6 4 Jun 2024, LZO 2.10
2024-07-26T19:30:20+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.56:1194
2024-07-26T19:30:20+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-07-26T19:30:20+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.56:1194
2024-07-26T19:30:22+07:00 INFO [openvpn] [node-in-06.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.56:1194
2024-07-26T19:30:23+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-07-26T19:30:23+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-07-26T19:30:23+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-07-26T19:30:23+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-07-26T19:30:23+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.23.0.2/16
2024-07-26T19:30:23+07:00 INFO [openvpn] UID set to nonrootuser
2024-07-26T19:30:23+07:00 INFO [openvpn] Initialization Sequence Completed
2024-07-26T19:30:23+07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-07-26T19:30:24+07:00 INFO [healthcheck] healthy!
2024-07-26T19:30:26+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-07-26T19:30:27+07:00 INFO [healthcheck] healthy!
2024-07-26T19:30:30+07:00 INFO [dns] downloading hostnames and IP block lists
2024-07-26T19:30:38+07:00 INFO [dns] init module 0: validator
2024-07-26T19:30:38+07:00 INFO [dns] init module 1: iterator
2024-07-26T19:30:38+07:00 INFO [dns] start of service (unbound 1.20.0).
2024-07-26T19:30:40+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-26T19:30:40+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-26T19:30:40+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-07-26T19:30:43+07:00 INFO [healthcheck] healthy!
2024-07-26T19:30:45+07:00 INFO [http server] 200 GET /portforwarded wrote 11B to [::1]:55774 in 47.072µs
2024-07-26T19:30:52+07:00 INFO [dns] ready
2024-07-26T19:30:55+07:00 INFO [http server] 200 GET /portforwarded wrote 11B to [::1]:32878 in 7.361µs
2024-07-26T19:30:55+07:00 INFO [ip getter] Public IP address is 146.70.142.84 (Singapore, Singapore, Singapore)
2024-07-26T19:30:58+07:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-07-26T19:30:58+07:00 INFO [port forwarding] starting
2024-07-26T19:30:58+07:00 INFO [port forwarding] gateway external IPv4 address is 146.70.142.84
2024-07-26T19:30:59+07:00 INFO [port forwarding] port forwarded is 61717
2024-07-26T19:30:59+07:00 INFO [firewall] setting allowed input port 61717 through interface tun0...
2024-07-26T19:30:59+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp -m udp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp -m udp --dport 61717 -j ACCEPT
2024-07-26T19:30:59+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-07-26T19:31:05+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:37068 in 14.022µs
2024-07-26T19:31:44+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-07-26T19:31:44+07:00 DEBUG [port forwarding] port forwarded 61717 maintained
2024-07-26T19:32:00+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.133.229:443: i/o timeout
2024-07-26T19:32:03+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNR]: Host is unreachable (fd=4,code=113)
2024-07-26T19:32:05+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:45408 in 12.926µs
2024-07-26T19:32:06+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-07-26T19:32:06+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-07-26T19:32:06+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-07-26T19:32:06+07:00 INFO [vpn] stopping
2024-07-26T19:32:06+07:00 INFO [port forwarding] stopping
2024-07-26T19:32:06+07:00 INFO [firewall] removing allowed port 61717...
2024-07-26T19:32:06+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT
2024-07-26T19:32:06+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 61717 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 61717 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
2024-07-26T19:32:06+07:00 INFO dns ticker: terminated ✔️
2024-07-26T19:32:06+07:00 INFO updater ticker: terminated ✔️
2024-07-26T19:32:06+07:00 INFO http server: terminated ✔️
2024-07-26T19:32:06+07:00 INFO control: terminated ✔️
2024-07-26T19:32:06+07:00 INFO updater: terminated ✔️
2024-07-26T19:32:06+07:00 INFO tickers: terminated ✔️
2024-07-26T19:32:06+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-26T19:32:06+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-26T19:32:06+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms ⚠️
2024-07-26T19:32:07+07:00 WARN vpn: goroutine shutdown timed out: after 1s ⚠️
2024-07-26T19:32:07+07:00 INFO shadowsocks proxy: terminated ✔️
2024-07-26T19:32:07+07:00 INFO http proxy: terminated ✔️
2024-07-26T19:32:07+07:00 INFO unbound: terminated ✔️
2024-07-26T19:32:07+07:00 INFO other: terminated ✔️
2024-07-26T19:32:07+07:00 INFO [routing] routing cleanup...
2024-07-26T19:32:07+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-26T19:32:07+07:00 INFO [routing] deleting route for 0.0.0.0/0
2024-07-26T19:32:07+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-26T19:32:07+07:00 DEBUG [routing] ip rule del from 172.19.0.2/32 lookup 200 pref 100
2024-07-26T19:32:07+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
2024-07-26T19:32:07+07:00 INFO Shutdown successful

[qdm12]

On your server, can you try

docker run -it --rm --cap-add=NET_ADMIN alpine:3.19
apk add iptables iptables-legacy
iptables-legacy -A OUTPUT -o abcde -j DROP
exit

What error do you get? Ideally it would be nice for it to work, I'm not sure why the legacy iptables would not work.

The problem is that iptables uses the nft kernel module (like iptables-nft) from Alpine 3.19, instead of the legacy one as before 3.19, and it turns out the Alpine package for iptables-nft (and so iptables) is buggy (hence your error). Funnily, Alpine 3.20 has that bug fixed with iptables-nft (and iptables), so we'll switch back to using iptables (aka iptables-nft) when upgrading to Alpine 3.20. But for now we just upgraded from 3.18 to 3.19, so we'll stick to 3.19 and workaround that buggy iptables (to avoid breaking more things and cut a working release!).

[asen23]

Here is the output

iptables v1.8.10 (legacy): can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

[qdm12]

Welp... In the end, I just decided to bump it to Alpine 3.20 in 9807d5f8f5ce178e355c27e3c5ef5d6e4f6449bc and use iptables-nft in ddbfdc9f148a8e940cddc7da7be0fe6e9961f84f since there might be other problems on machines not supporting iptables-legacy like yours. I would say it's worth the trouble to upgrade and push back the next release.

Can you try it on both your machines to check if it works fine? This is in the latest image, built today 2024-07-28.

[asen23]

Uhh now it crashed on my pc lol, it seems iptables really hate deleting udp rule

gluetun-1  | ========================================
gluetun-1  | ========================================
gluetun-1  | =============== gluetun ================
gluetun-1  | ========================================
gluetun-1  | =========== Made with ❤️ by ============
gluetun-1  | ======= https://github.com/qdm12 =======
gluetun-1  | ========================================
gluetun-1  | ========================================
gluetun-1  | 
gluetun-1  | Running version latest built on 2024-07-28T14:31:52.048Z (commit ddbfdc9)
gluetun-1  | 
gluetun-1  | 🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
gluetun-1  | 🐛 Bug? https://github.com/qdm12/gluetun/issues/new
gluetun-1  | ✨ New feature? https://github.com/qdm12/gluetun/issues/new
gluetun-1  | ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
gluetun-1  | 💻 Email? quentin.mcgaw@gmail.com
gluetun-1  | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
gluetun-1  | 2024-07-28T21:55:05+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1  | 2024-07-28T21:55:05+07:00 INFO [routing] local ethernet link found: eth0
gluetun-1  | 2024-07-28T21:55:05+07:00 INFO [routing] local ipnet found: 172.18.0.0/16
gluetun-1  | 2024-07-28T21:55:05+07:00 INFO [firewall] enabling...
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --policy INPUT DROP
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.18.0.2 -d 172.18.0.0/16 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.18.0.0/16 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:05+07:00 INFO [firewall] enabled successfully
gluetun-1  | 2024-07-28T21:55:05+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
gluetun-1  | 2024-07-28T21:55:06+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO Alpine version: 3.20.2
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO OpenVPN 2.5 version: 2.5.10
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO OpenVPN 2.6 version: 2.6.11
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO Unbound version: 1.20.0
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO IPtables version: v1.8.10
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO Settings summary:
gluetun-1  | ├── VPN settings:
gluetun-1  | |   ├── VPN provider settings:
gluetun-1  | |   |   ├── Name: protonvpn
gluetun-1  | |   |   ├── Server selection settings:
gluetun-1  | |   |   |   ├── VPN type: openvpn
gluetun-1  | |   |   |   ├── Countries: Singapore
gluetun-1  | |   |   |   └── OpenVPN server selection settings:
gluetun-1  | |   |   |       └── Protocol: UDP
gluetun-1  | |   |   └── Automatic port forwarding settings:
gluetun-1  | |   |       ├── Redirection listening port: disabled
gluetun-1  | |   |       ├── Use port forwarding code for current provider
gluetun-1  | |   |       ├── Forwarded port file path: /tmp/gluetun/forwarded_port
gluetun-1  | |   |       └── Credentials:
gluetun-1  | |   |           ├── Username: [username]+pmp
gluetun-1  | |   |           └── Password: M...JP
gluetun-1  | |   └── OpenVPN settings:
gluetun-1  | |       ├── OpenVPN version: 2.6
gluetun-1  | |       ├── User: [set]
gluetun-1  | |       ├── Password: M...JP
gluetun-1  | |       ├── Network interface: tun0
gluetun-1  | |       ├── Run OpenVPN as: root
gluetun-1  | |       └── Verbosity level: 1
gluetun-1  | ├── DNS settings:
gluetun-1  | |   ├── Keep existing nameserver(s): no
gluetun-1  | |   ├── DNS server address to use: 127.0.0.1
gluetun-1  | |   └── DNS over TLS settings:
gluetun-1  | |       ├── Enabled: yes
gluetun-1  | |       ├── Update period: every 24h0m0s
gluetun-1  | |       ├── Unbound settings:
gluetun-1  | |       |   ├── Authoritative servers:
gluetun-1  | |       |   |   └── cloudflare
gluetun-1  | |       |   ├── Caching: yes
gluetun-1  | |       |   ├── IPv6: no
gluetun-1  | |       |   ├── Verbosity level: 1
gluetun-1  | |       |   ├── Verbosity details level: 0
gluetun-1  | |       |   ├── Validation log level: 0
gluetun-1  | |       |   ├── System user: root
gluetun-1  | |       |   └── Allowed networks:
gluetun-1  | |       |       ├── 0.0.0.0/0
gluetun-1  | |       |       └── ::/0
gluetun-1  | |       └── DNS filtering settings:
gluetun-1  | |           ├── Block malicious: yes
gluetun-1  | |           ├── Block ads: no
gluetun-1  | |           ├── Block surveillance: no
gluetun-1  | |           └── Blocked IP networks:
gluetun-1  | |               ├── 127.0.0.1/8
gluetun-1  | |               ├── 10.0.0.0/8
gluetun-1  | |               ├── 172.16.0.0/12
gluetun-1  | |               ├── 192.168.0.0/16
gluetun-1  | |               ├── 169.254.0.0/16
gluetun-1  | |               ├── ::1/128
gluetun-1  | |               ├── fc00::/7
gluetun-1  | |               ├── fe80::/10
gluetun-1  | |               ├── ::ffff:127.0.0.1/104
gluetun-1  | |               ├── ::ffff:10.0.0.0/104
gluetun-1  | |               ├── ::ffff:169.254.0.0/112
gluetun-1  | |               ├── ::ffff:172.16.0.0/108
gluetun-1  | |               └── ::ffff:192.168.0.0/112
gluetun-1  | ├── Firewall settings:
gluetun-1  | |   └── Enabled: yes
gluetun-1  | ├── Log settings:
gluetun-1  | |   └── Log level: debug
gluetun-1  | ├── Health settings:
gluetun-1  | |   ├── Server listening address: 127.0.0.1:9999
gluetun-1  | |   ├── Target address: cloudflare.com:443
gluetun-1  | |   ├── Duration to wait after success: 5s
gluetun-1  | |   ├── Read header timeout: 100ms
gluetun-1  | |   ├── Read timeout: 500ms
gluetun-1  | |   └── VPN wait durations:
gluetun-1  | |       ├── Initial duration: 6s
gluetun-1  | |       └── Additional duration: 5s
gluetun-1  | ├── Shadowsocks server settings:
gluetun-1  | |   └── Enabled: no
gluetun-1  | ├── HTTP proxy settings:
gluetun-1  | |   └── Enabled: no
gluetun-1  | ├── Control server settings:
gluetun-1  | |   ├── Listening address: :8000
gluetun-1  | |   └── Logging: yes
gluetun-1  | ├── OS Alpine settings:
gluetun-1  | |   ├── Process UID: 1000
gluetun-1  | |   ├── Process GID: 1000
gluetun-1  | |   └── Timezone: Asia/Jakarta
gluetun-1  | ├── Public IP settings:
gluetun-1  | |   ├── Fetching: every 12h0m0s
gluetun-1  | |   ├── IP file path: /tmp/gluetun/ip
gluetun-1  | |   └── Public IP data API: ipinfo
gluetun-1  | └── Version settings:
gluetun-1  |     └── Enabled: yes
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1  | 2024-07-28T21:55:06+07:00 DEBUG [routing] ip rule add from 172.18.0.2/32 lookup 200 pref 100
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [routing] adding route for 0.0.0.0/0
gluetun-1  | 2024-07-28T21:55:06+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [firewall] setting allowed subnets...
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1  | 2024-07-28T21:55:06+07:00 DEBUG [routing] ip rule add to 172.18.0.0/16 lookup 254 pref 98
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [http server] http server listening on [::]:8000
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [firewall] allowing VPN connection...
gluetun-1  | 2024-07-28T21:55:06+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.140 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:06+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:06+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.140:1194
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun-1  | 2024-07-28T21:55:06+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.140:1194
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [vpn] stopping
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [vpn] starting
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [firewall] allowing VPN connection...
gluetun-1  | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --delete OUTPUT -d 185.159.157.140 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:12+07:00 DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.58 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:12+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:12+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.58:1194
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.58:1194
gluetun-1  | 2024-07-28T21:55:12+07:00 INFO [openvpn] [node-de-19.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.58:1194
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.21.0.3/16
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [openvpn] UID set to nonrootuser
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [openvpn] Initialization Sequence Completed
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [dns] downloading DNS over TLS cryptographic files
gluetun-1  | 2024-07-28T21:55:13+07:00 INFO [healthcheck] healthy!
gluetun-1  | 2024-07-28T21:55:16+07:00 INFO [dns] downloading hostnames and IP block lists
gluetun-1  | 2024-07-28T21:55:22+07:00 INFO [dns] init module 0: validator
gluetun-1  | 2024-07-28T21:55:22+07:00 INFO [dns] init module 1: iterator
gluetun-1  | 2024-07-28T21:55:22+07:00 INFO [dns] start of service (unbound 1.20.0).
gluetun-1  | 2024-07-28T21:55:23+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
gluetun-1  | 2024-07-28T21:55:23+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
gluetun-1  | 2024-07-28T21:55:26+07:00 INFO [dns] ready
gluetun-1  | 2024-07-28T21:55:28+07:00 INFO [ip getter] Public IP address is 149.88.19.242 (Germany, Hesse, Frankfurt am Main)
gluetun-1  | 2024-07-28T21:55:29+07:00 INFO [vpn] You are running on the bleeding edge of latest!
gluetun-1  | 2024-07-28T21:55:29+07:00 INFO [port forwarding] starting
gluetun-1  | 2024-07-28T21:55:30+07:00 INFO [port forwarding] gateway external IPv4 address is 149.88.19.242
gluetun-1  | 2024-07-28T21:55:30+07:00 INFO [port forwarding] port forwarded is 33328
gluetun-1  | 2024-07-28T21:55:30+07:00 INFO [firewall] setting allowed input port 33328 through interface tun0...
gluetun-1  | 2024-07-28T21:55:30+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:30+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:30+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:30+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT
gluetun-1  | 2024-07-28T21:55:30+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
gluetun-1  | 2024-07-28T21:56:15+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
gluetun-1  | 2024-07-28T21:56:15+07:00 DEBUG [port forwarding] port forwarded 33328 maintained
gluetun-1  | 2024-07-28T21:57:00+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
gluetun-1  | 2024-07-28T21:57:01+07:00 DEBUG [port forwarding] port forwarded 33328 maintained
gluetun-1  | 2024-07-28T21:57:32+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1  | 2024-07-28T21:57:33+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1  | 2024-07-28T21:57:34+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.133.229:443: i/o timeout
gluetun-1  | 2024-07-28T21:57:34+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1  | 2024-07-28T21:57:35+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO [vpn] stopping
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO [port forwarding] stopping
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO [firewall] removing allowed port 33328...
gluetun-1  | 2024-07-28T21:57:40+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1  | 2024-07-28T21:57:40+07:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp -m tcp --dport 33328 -j ACCEPT
gluetun-1  | 2024-07-28T21:57:40+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT
gluetun-1  | 2024-07-28T21:57:40+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 33328 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p udp -m udp --dport 33328 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO dns ticker: terminated ✔️
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO updater ticker: terminated ✔️
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO http server: terminated ✔️
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO control: terminated ✔️
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO updater: terminated ✔️
gluetun-1  | 2024-07-28T21:57:40+07:00 INFO tickers: terminated ✔️
gluetun-1  | 2024-07-28T21:57:40+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms ⚠️
gluetun-1  | 2024-07-28T21:57:41+07:00 WARN vpn: goroutine shutdown timed out: after 1s ⚠️
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO shadowsocks proxy: terminated ✔️
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO http proxy: terminated ✔️
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO unbound: terminated ✔️
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO other: terminated ✔️
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO [routing] routing cleanup...
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO [routing] deleting route for 0.0.0.0/0
gluetun-1  | 2024-07-28T21:57:41+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
gluetun-1  | 2024-07-28T21:57:41+07:00 DEBUG [routing] ip rule del from 172.18.0.2/32 lookup 200 pref 100
gluetun-1  | 2024-07-28T21:57:41+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
gluetun-1  | 2024-07-28T21:57:41+07:00 INFO Shutdown successful
gluetun-1 exited with code 0

and as expected is the same thing in my server

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-07-28T14:31:52.048Z (commit ddbfdc9)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-07-28T22:04:45+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:04:45+07:00 INFO [routing] local ethernet link found: eth0
2024-07-28T22:04:45+07:00 INFO [routing] local ipnet found: 172.19.0.0/16
2024-07-28T22:04:45+07:00 INFO [firewall] enabling...
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --policy INPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --policy OUTPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --policy FORWARD DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --policy INPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --policy OUTPUT DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --policy FORWARD DROP
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append INPUT -i lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append INPUT -i lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -o lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o lo -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT
2024-07-28T22:04:45+07:00 INFO [firewall] enabled successfully
2024-07-28T22:04:45+07:00 INFO [storage] creating /gluetun/servers.json with 19425 hardcoded servers
2024-07-28T22:04:45+07:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2024-07-28T22:04:45+07:00 INFO Alpine version: 3.20.2
2024-07-28T22:04:45+07:00 INFO OpenVPN 2.5 version: 2.5.10
2024-07-28T22:04:45+07:00 INFO OpenVPN 2.6 version: 2.6.11
2024-07-28T22:04:45+07:00 INFO Unbound version: 1.20.0
2024-07-28T22:04:45+07:00 INFO IPtables version: v1.8.10
2024-07-28T22:04:45+07:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Countries: Singapore
|   |   |   └── OpenVPN server selection settings:
|   |   |       └── Protocol: UDP
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use port forwarding code for current provider
|   |       ├── Forwarded port file path: /tmp/gluetun/forwarded_port
|   |       └── Credentials:
|   |           ├── Username: [username]+pmp
|   |           └── Password: M...JP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.6
|       ├── User: [set]
|       ├── Password: M...JP
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: debug
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Asia/Jakarta
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-07-28T22:04:45+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:04:45+07:00 DEBUG [routing] ip rule add from 172.19.0.2/32 lookup 200 pref 100
2024-07-28T22:04:45+07:00 INFO [routing] adding route for 0.0.0.0/0
2024-07-28T22:04:45+07:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-28T22:04:45+07:00 INFO [firewall] setting allowed subnets...
2024-07-28T22:04:45+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:04:45+07:00 DEBUG [routing] ip rule add to 172.19.0.0/16 lookup 254 pref 98
2024-07-28T22:04:45+07:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-07-28T22:04:45+07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-07-28T22:04:45+07:00 INFO [http server] http server listening on [::]:8000
2024-07-28T22:04:45+07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-07-28T22:04:45+07:00 INFO [firewall] allowing VPN connection...
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -d 185.159.157.58 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2024-07-28T22:04:45+07:00 DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-07-28T22:04:45+07:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-07-28T22:04:45+07:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-07-28T22:04:45+07:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.159.157.58:1194
2024-07-28T22:04:45+07:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-07-28T22:04:45+07:00 INFO [openvpn] UDPv4 link remote: [AF_INET]185.159.157.58:1194
2024-07-28T22:04:46+07:00 INFO [openvpn] [node-de-19.protonvpn.net] Peer Connection Initiated with [AF_INET]185.159.157.58:1194
2024-07-28T22:04:48+07:00 INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-07-28T22:04:48+07:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-07-28T22:04:48+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-07-28T22:04:48+07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-07-28T22:04:48+07:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.22.0.3/16
2024-07-28T22:04:48+07:00 INFO [openvpn] UID set to nonrootuser
2024-07-28T22:04:48+07:00 INFO [openvpn] Initialization Sequence Completed
2024-07-28T22:04:48+07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-07-28T22:04:48+07:00 INFO [healthcheck] healthy!
2024-07-28T22:04:51+07:00 INFO [dns] downloading hostnames and IP block lists
2024-07-28T22:04:59+07:00 INFO [dns] init module 0: validator
2024-07-28T22:04:59+07:00 INFO [dns] init module 1: iterator
2024-07-28T22:04:59+07:00 INFO [dns] start of service (unbound 1.20.0).
2024-07-28T22:05:00+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-28T22:05:00+07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-07-28T22:05:01+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-07-28T22:05:02+07:00 INFO [dns] ready
2024-07-28T22:05:02+07:00 INFO [healthcheck] healthy!
2024-07-28T22:05:04+07:00 INFO [ip getter] Public IP address is 149.88.24.9 (Germany, Hesse, Frankfurt am Main)
2024-07-28T22:05:05+07:00 INFO [http server] 200 GET /portforwarded wrote 11B to [::1]:40456 in 47.066µs
2024-07-28T22:05:06+07:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-07-28T22:05:06+07:00 INFO [port forwarding] starting
2024-07-28T22:05:06+07:00 INFO [port forwarding] gateway external IPv4 address is 149.88.24.9
2024-07-28T22:05:07+07:00 INFO [port forwarding] port forwarded is 41140
2024-07-28T22:05:07+07:00 INFO [firewall] setting allowed input port 41140 through interface tun0...
2024-07-28T22:05:07+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 DEBUG [firewall] iptables --append INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 DEBUG [firewall] ip6tables --append INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT
2024-07-28T22:05:07+07:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-07-28T22:05:15+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:56148 in 13.492µs
2024-07-28T22:05:52+07:00 DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
2024-07-28T22:05:52+07:00 DEBUG [port forwarding] port forwarded 41140 maintained
2024-07-28T22:06:11+07:00 INFO [openvpn] read UDPv4 [EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH|EHOSTUNREACH]: Host is unreachable (fd=4,code=113)
2024-07-28T22:06:13+07:00 DEBUG [healthcheck] unhealthy: dialing: dial tcp4 104.16.132.229:443: i/o timeout
2024-07-28T22:06:14+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-28T22:06:14+07:00 INFO [openvpn] read UDPv4 [ENETUNREACH]: Network unreachable (fd=4,code=101)
2024-07-28T22:06:15+07:00 INFO [http server] 200 GET /portforwarded wrote 15B to [::1]:46562 in 13.215µs
2024-07-28T22:06:19+07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-07-28T22:06:19+07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-07-28T22:06:19+07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-07-28T22:06:19+07:00 INFO [vpn] stopping
2024-07-28T22:06:19+07:00 INFO [port forwarding] stopping
2024-07-28T22:06:19+07:00 INFO [firewall] removing allowed port 41140...
2024-07-28T22:06:19+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:06:19+07:00 DEBUG [firewall] ip6tables --delete INPUT -i tun0 -p tcp -m tcp --dport 41140 -j ACCEPT
2024-07-28T22:06:19+07:00 DEBUG [firewall] iptables --delete INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT
2024-07-28T22:06:19+07:00 ERROR port forwarding loop crashed: stopping previous service: blocking previous port in firewall: removing allowed port 41140 on interface tun0: command failed: "iptables --delete INPUT -i tun0 -p udp -m udp --dport 41140 -j ACCEPT": iptables: Bad rule (does a matching rule exist in that chain?).: exit status 1
2024-07-28T22:06:19+07:00 INFO http server: terminated ✔️
2024-07-28T22:06:19+07:00 INFO dns ticker: terminated ✔️
2024-07-28T22:06:19+07:00 INFO updater ticker: terminated ✔️
2024-07-28T22:06:19+07:00 INFO control: terminated ✔️
2024-07-28T22:06:19+07:00 INFO updater: terminated ✔️
2024-07-28T22:06:19+07:00 INFO tickers: terminated ✔️
2024-07-28T22:06:20+07:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms ⚠️
2024-07-28T22:06:21+07:00 WARN vpn: goroutine shutdown timed out: after 1s ⚠️
2024-07-28T22:06:21+07:00 INFO shadowsocks proxy: terminated ✔️
2024-07-28T22:06:21+07:00 INFO http proxy: terminated ✔️
2024-07-28T22:06:21+07:00 INFO unbound: terminated ✔️
2024-07-28T22:06:21+07:00 INFO other: terminated ✔️
2024-07-28T22:06:21+07:00 INFO [routing] routing cleanup...
2024-07-28T22:06:21+07:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024-07-28T22:06:21+07:00 INFO [routing] deleting route for 0.0.0.0/0
2024-07-28T22:06:21+07:00 DEBUG [routing] ip route delete 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
2024-07-28T22:06:21+07:00 DEBUG [routing] ip rule del from 172.19.0.2/32 lookup 200 pref 100
2024-07-28T22:06:21+07:00 ERROR ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms; vpn: goroutine shutdown timed out: after 1s
2024-07-28T22:06:21+07:00 INFO Shutdown successful

[qdm12]

Duplicate of #2334 but let's keep it opened just in case. I'm about to do a v3.39.0 release, and will jump in fixing this (remove iptables rules by line number) right after.

[qdm12]

Is this solved using the latest image? Now that other related issues are solved. Thanks!

[asen23]

Sorry for the delay, but i can confirm the latest version doesn't crash anymore when the connection is dropped. I don't need to manually restart my container anymore when the internet does disconnect.

[jgramling17]

I am using v3.39.0 and am still seeing the same error as @asen23

[qdm12]

@jgramling17 that's expected, it's only fixed in the latest image. I'm fixing 1 or 2 last things before doing a v3.39.1 bugfix release containing that bugfix.

[jgramling17]

@jgramling17 that's expected, it's only fixed in the latest image. I'm fixing 1 or 2 last things before doing a v3.39.1 bugfix release containing that bugfix.

Thank you, I ended up figuring it out. Thank you for your patience and contributions to this project ❤️