search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
6.69k stars 330 forks source link

Bug: OpenVPN tried to add an IP route which already exists (RTNETLINK answers: File exists) #2315

Closed qw3r7yju4 closed 2 weeks ago

qw3r7yju4 commented 2 weeks ago

Is this urgent?

No

Host OS

Unraid 6.12.8

CPU arch

x86_64

VPN service provider

ExpressVPN

What are you using to run the container

Unraid

What is the version of Gluetun

Latest Docker

What's the problem πŸ€”

VPN is dead constantly reconnecting and failing to add routes

Share your logs (at least 10 lines)

2024-06-07T20:34:50-04:00 INFO [healthcheck] program has been unhealthy for 36s: restarting VPN
2024-06-07T20:34:50-04:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-07T20:34:50-04:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-06-07T20:34:50-04:00 INFO [vpn] stopping
2024-06-07T20:34:50-04:00 INFO [vpn] starting
2024-06-07T20:34:50-04:00 INFO [firewall] allowing VPN connection...
2024-06-07T20:34:50-04:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
2024-06-07T20:34:50-04:00 INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-06-07T20:34:50-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]191.101.177.213:1195
2024-06-07T20:34:50-04:00 INFO [openvpn] UDP link local: (not bound)
2024-06-07T20:34:50-04:00 INFO [openvpn] UDP link remote: [AF_INET]191.101.177.213:1195
2024-06-07T20:34:50-04:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1553', remote='link-mtu 1606'
2024-06-07T20:34:50-04:00 WARN [openvpn] 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2024-06-07T20:34:50-04:00 WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2024-06-07T20:34:50-04:00 INFO [openvpn] [Server-10781-0a] Peer Connection Initiated with [AF_INET]191.101.177.213:1195
2024-06-07T20:34:51-04:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-07T20:34:51-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-07T20:34:51-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-07T20:34:51-04:00 INFO [openvpn] /sbin/ip addr add dev tun0 local 10.169.27.137 peer 10.169.27.138
2024-06-07T20:34:51-04:00 ERROR [openvpn] OpenVPN tried to add an IP route which already exists (RTNETLINK answers: File exists)
2024-06-07T20:34:51-04:00 WARN [openvpn] Previous error details: Linux route add command failed: external program exited with error status: 2
2024-06-07T20:34:51-04:00 INFO [openvpn] UID set to nonrootuser
2024-06-07T20:34:51-04:00 INFO [openvpn] Initialization Sequence Completed
2024-06-07T20:35:06-04:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

Share your configuration

docker run
  -d
  --name='gluetunvpn'
  --net='bridge'
  -e TZ="America/New_York"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Mediaserver"
  -e HOST_CONTAINERNAME="gluetunvpn"
  -e 'TZ'='America/New_York'
  -e 'VPN_SERVICE_PROVIDER'='expressvpn'
  -e 'VPN_TYPE'='openvpn'
  -e 'VPN_INTERFACE'='tun0'
  -e 'VPN_ENDPOINT_PORT'=''
  -e 'VPN_ENDPOINT_IP'=''
  -e 'OPENVPN_PROTOCOL'='udp'
  -e 'OPENVPN_USER'='username'
  -e 'OPENVPN_PASSWORD'='password'
  -e 'OPENVPN_VERSION'='2.5'
  -e 'OPENVPN_VERBOSITY'='1'
  -e 'OPENVPN_FLAGS'=''
  -e 'OPENVPN_CIPHERS'=''
  -e 'OPENVPN_AUTH'=''
  -e 'OPENVPN_PROCESS_USER'='no'
  -e 'OPENVPN_IPV6'='off'
  -e 'OPENVPN_CUSTOM_CONFIG'=''
  -e 'WIREGUARD_IMPLEMENTATION'='auto'
  -e 'WIREGUARD_PRIVATE_KEY'=''
  -e 'WIREGUARD_PRESHARED_KEY'=''
  -e 'WIREGUARD_PUBLIC_KEY'=''
  -e 'WIREGUARD_ADDRESSES'=''
  -e 'SERVER_REGIONS'=''
  -e 'SERVER_COUNTRIES'='USA'
  -e 'SERVER_CITIES'='Miami'
  -e 'SERVER_NAMES'=''
  -e 'SERVER_HOSTNAMES'=''
  -e 'FIREWALL'='on'
  -e 'FIREWALL_VPN_INPUT_PORTS'=''
  -e 'FIREWALL_INPUT_PORTS'=''
  -e 'FIREWALL_OUTBOUND_SUBNETS'='192.168.1.0/24'
  -e 'FIREWALL_DEBUG'='off'
  -e 'LOG_LEVEL'='info'
  -e 'DOT'='on'
  -e 'DOT_PROVIDERS'='cloudflare'
  -e 'DOT_PRIVATE_ADDRESS'='127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:7f00:1/104,::ffff:a00:0/104,::ffff:a9fe:0/112,::ffff:ac10:0/108,::ffff:c0a8:0/112'
  -e 'DOT_VERBOSITY'='1'
  -e 'DOT_VERBOSITY_DETAILS'='0'
  -e 'DOT_VALIDATION_LOGLEVEL'='0'
  -e 'DOT_CACHING'='on'
  -e 'DOT_IPV6'='off'
  -e 'BLOCK_MALICIOUS'='on'
  -e 'BLOCK_SURVEILLANCE'='off'
  -e 'BLOCK_ADS'='off'
  -e 'UNBLOCK'=''
  -e 'DNS_UPDATE_PERIOD'='24h'
  -e 'DNS_ADDRESS'=''
  -e 'DNS_KEEP_NAMESERVER'='on'
  -e 'HTTPPROXY'='off'
  -e 'HTTPPROXY_LOG'='off'
  -e 'HTTPPROXY_USER'=''
  -e 'HTTPPROXY_PASSWORD'=''
  -e 'HTTPPROXY_STEALTH'='off'
  -e 'SHADOWSOCKS'='off'
  -e 'SHADOWSOCKS_LOG'='off'
  -e ':8388'=':38388'
  -e 'SHADOWSOCKS_PASSWORD'=''
  -e 'SHADOWSOCKS_CIPHER'='chacha20-ietf-poly1305'
  -e 'HEALTH_SERVER_ADDRESS'='127.0.0.1:9999'
  -e 'HEALTH_TARGET_ADDRESS'='github.com:443'
  -e 'HEALTH_VPN_DURATION_INITIAL'='6s'
  -e 'HEALTH_VPN_DURATION_ADDITION'='5s'
  -e 'UPDATER_PERIOD'='0'
  -e 'PUBLICIP_FILE'='/gluetun/ip'
  -e 'PUBLICIP_PERIOD'='12h'
  -e 'VERSION_INFORMATION'='on'
  -e 'HTTP_CONTROL_SERVER_LOG'='on'
  -e 'PUID'='1000'
  -e 'PGID'='1000'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8000]'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/qdm12/gluetun/master/doc/logo_256.png'
  -p '38888:8888/tcp'
  -p '8113:8080/tcp'
  -p '8000:8000/tcp'
  -v '/mnt/user/appdata/gluetun':'/gluetun':'rw'
  --cap-add=NET_ADMIN
  --restart always 'qmcgaw/gluetun'
812a7c9d42a9e718c53752c1bba887962db83819d2acbba1b0dc29edb8ddcb41
github-actions[bot] commented 2 weeks ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

jflad17 commented 2 weeks ago

I have the same issue with PIA. I downgraded to v3.35.0 and that seems to work a lot better now.

qw3r7yju4 commented 2 weeks ago

I have the same issue with PIA. I downgraded to v3.35.0 and that seems to work a lot better now.

Just tried roll back. No joy.

jflad17 commented 2 weeks ago

I have the same issue with PIA. I downgraded to v3.35.0 and that seems to work a lot better now.

Just tried roll back. No joy.

To the same version I did? When I reverted to I think v3.37.0 it still had the issue.

qw3r7yju4 commented 2 weeks ago

Tried Changing Server Cities from Miami to Atlanta. Couldn't get a connection would constantly restart failing the same place. I switched back to Miami and pulled this log:

2024-06-10T16:38:05-04:00 INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2024-06-10T16:38:05-04:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-10T16:38:05-04:00 INFO [firewall] setting allowed subnets...
2024-06-10T16:38:05-04:00 INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.2 and family v4
2024-06-10T16:38:05-04:00 INFO [routing] adding route for 192.168.1.0/24
2024-06-10T16:38:05-04:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-06-10T16:38:05-04:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2024-06-10T16:38:05-04:00 INFO [http server] http server listening on [::]:8000
2024-06-10T16:38:05-04:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-10T16:38:05-04:00 INFO [firewall] allowing VPN connection...
2024-06-10T16:38:05-04:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2024-06-10T16:38:05-04:00 INFO [openvpn] library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2024-06-10T16:38:05-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]191.101.177.225:1195
2024-06-10T16:38:05-04:00 INFO [openvpn] UDP link local: (not bound)
2024-06-10T16:38:05-04:00 INFO [openvpn] UDP link remote: [AF_INET]191.101.177.225:1195
2024-06-10T16:38:05-04:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1553', remote='link-mtu 1606'
2024-06-10T16:38:05-04:00 WARN [openvpn] 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2024-06-10T16:38:05-04:00 WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2024-06-10T16:38:05-04:00 INFO [openvpn] [Server-10780-0a] Peer Connection Initiated with [AF_INET]191.101.177.225:1195
2024-06-10T16:38:06-04:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-10T16:38:06-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-10T16:38:06-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-10T16:38:06-04:00 INFO [openvpn] /sbin/ip addr add dev tun0 local 10.162.242.93 peer 10.162.242.94
2024-06-10T16:38:06-04:00 INFO [openvpn] UID set to nonrootuser
2024-06-10T16:38:06-04:00 INFO [openvpn] Initialization Sequence Completed
2024-06-10T16:38:06-04:00 INFO [dns over tls] downloading DNS over TLS cryptographic files
2024-06-10T16:38:11-04:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun/wiki/Healthcheck)
2024-06-10T16:38:11-04:00 INFO [vpn] stopping
2024-06-10T16:38:11-04:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled
2024-06-10T16:38:11-04:00 INFO [vpn] starting
2024-06-10T16:38:11-04:00 INFO [firewall] allowing VPN connection...
2024-06-10T16:38:11-04:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2024-06-10T16:38:11-04:00 INFO [openvpn] library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2024-06-10T16:38:11-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]191.101.177.213:1195
2024-06-10T16:38:11-04:00 INFO [openvpn] UDP link local: (not bound)
2024-06-10T16:38:11-04:00 INFO [openvpn] UDP link remote: [AF_INET]191.101.177.213:1195
2024-06-10T16:38:11-04:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1553', remote='link-mtu 1606'
2024-06-10T16:38:11-04:00 WARN [openvpn] 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2024-06-10T16:38:11-04:00 WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2024-06-10T16:38:11-04:00 INFO [openvpn] [Server-10781-0a] Peer Connection Initiated with [AF_INET]191.101.177.213:1195
2024-06-10T16:38:12-04:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-10T16:38:12-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-10T16:38:12-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-10T16:38:12-04:00 INFO [openvpn] /sbin/ip addr add dev tun0 local 10.169.46.133 peer 10.169.46.134
2024-06-10T16:38:12-04:00 INFO [openvpn] UID set to nonrootuser
2024-06-10T16:38:12-04:00 INFO [openvpn] Initialization Sequence Completed
2024-06-10T16:38:21-04:00 WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-06-10T16:38:21-04:00 INFO [dns over tls] attempting restart in 10s
2024-06-10T16:38:23-04:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (see https://github.com/qdm12/gluetun/wiki/Healthcheck)
2024-06-10T16:38:23-04:00 INFO [vpn] stopping
2024-06-10T16:38:23-04:00 INFO [vpn] starting
2024-06-10T16:38:23-04:00 INFO [firewall] allowing VPN connection...
2024-06-10T16:38:23-04:00 INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2024-06-10T16:38:23-04:00 INFO [openvpn] library versions: OpenSSL 3.1.1 30 May 2023, LZO 2.10
2024-06-10T16:38:23-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]191.101.177.225:1195
2024-06-10T16:38:23-04:00 INFO [openvpn] UDP link local: (not bound)
2024-06-10T16:38:23-04:00 INFO [openvpn] UDP link remote: [AF_INET]191.101.177.225:1195
2024-06-10T16:38:23-04:00 WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1553', remote='link-mtu 1606'
2024-06-10T16:38:23-04:00 WARN [openvpn] 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'
2024-06-10T16:38:23-04:00 WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2024-06-10T16:38:23-04:00 INFO [openvpn] [Server-10780-0a] Peer Connection Initiated with [AF_INET]191.101.177.225:1195
2024-06-10T16:38:24-04:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-06-10T16:38:24-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-06-10T16:38:24-04:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-06-10T16:38:24-04:00 INFO [openvpn] /sbin/ip addr add dev tun0 local 10.162.242.97 peer 10.162.242.98
2024-06-10T16:38:24-04:00 ERROR [openvpn] OpenVPN tried to add an IP route which already exists (RTNETLINK answers: File exists)
2024-06-10T16:38:24-04:00 WARN [openvpn] Previous error details: Linux route add command failed: external program exited with error status: 2
2024-06-10T16:38:24-04:00 INFO [openvpn] UID set to nonrootuser
2024-06-10T16:38:24-04:00 INFO [openvpn] Initialization Sequence Completed
2024-06-10T16:38:31-04:00 INFO [dns over tls] downloading DNS over TLS cryptographic files
qw3r7yju4 commented 2 weeks ago

I have the same issue with PIA. I downgraded to v3.35.0 and that seems to work a lot better now.

Just tried roll back. No joy.

To the same version I did? When I reverted to I think v3.37.0 it still had the issue.

Yep Rolled to 3.35.0

Obama-chan commented 2 weeks ago

I tried reverting to v3.35.0 yesterday, it didn't work at first but now it is after I left the Gluetun container alone overnight.

qw3r7yju4 commented 2 weeks ago

I tried reverting to v3.35.0 yesterday, it didn't work at first but now it is after I left the Gluetun container alone overnight.

Same here. I'm not touching it. Lol

qdm12 commented 2 weeks ago

OpenVPN tried to add an IP route which already exists (RTNETLINK answers: File exists) is fine, and just a consequence of openvpn restarting. Nothing to worry about.

For other people having unhealthy-restart-loop issues:

Read the logs:

2024-06-07T20:34:50-04:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-06-07T20:34:50-04:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION

And if this doesn't solve it, go to #2154

If you have a definitive fix for your situation, feel free to open a new issue.

github-actions[bot] commented 2 weeks ago

Closed issues are NOT monitored, so commenting here is likely to be not seen. If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project which became too popular to monitor issues closed.