search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.38k stars 349 forks source link

Bug: adding containers to gluetun breaks existing networking of these containers (without network_mode: "service:gluetun" networking is working) #2412

Open distributev opened 4 weeks ago

distributev commented 4 weeks ago

Is this urgent?

No

Host OS

No response

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

latest qmcgaw/gluetun docker image

What's the problem 🤔

Thank you for your work on gluetun.

gluetun would be useful but I cannot seem to get it working.

This would not work.

    network_mode: "service:gluetun"
    networks:
      - bridge_current_host_cross_containers_net

This would work

    networks:
      - bridge_current_host_cross_containers_net

As soon as I add network_mode: "service:gluetun" to services gluetun would start to work (as expected) but existing networks become broken (not expected).

Because of that I cannot get containers which are using gluetun to connect to existing database services which are part of the bridge_current_host_cross_containers_net or to any other service which is part of bridge_current_host_cross_containers_net

I did run the command docket network inspect bridge_current_host_cross_containers_net and none of the services for which I added network_mode: "service:gluetun" are listed there (and because of that I cannot get connectivity between them).

I tried having gluetun on its separate network but nothing seems to work.

I also tried making gluetun part of the existing bridge_current_host_cross_containers_net but it does not work also.

It is like we I am forced to choose either

  1. Either use a VPN when accessing the internet (network_mode: "service:gluetun")
  2. Either be able to connect to your database

Both in the same time are not possible and this does not make sense. It should be allowed to use a VPN and to connect to a database both in the same time.

Did anybody encounter the same? How to overcome this situation and have services to use both a VPN for external internet connectivity and to also be able to connect to docker services (databases) running on the same docker network locally?

Share your logs (at least 10 lines)

[Symbol(kRejectNonStandardBodyWrites)]: false,
      [Symbol(kUniqueHeaders)]: null
    },
    _currentUrl: 'https://ifconfig.me/',
    [Symbol(kCapture)]: false
  },
  cause: Error: getaddrinfo ENOTFOUND my-db-service
      at GetAddrInfoReqWrap.onlookup [as oncomplete] (node:dns:107:26) {
    errno: -3008,
    code: 'ENOTFOUND',
    syscall: 'getaddrinfo',
    hostname: 'my-db-service'
  }
}

Share your configuration

my-db-service:
  networks:
    - bridge_current_host_cross_containers_net

//if I remove network_mode: "service:gluetun" I can connect to the dababase but cannot use the VPN
//If I add network_mode: "service:gluetun" I can use the VPN but cannot connect to database
my-service
  depends-on:
    - my-db-service 
  network_mode: "service:gluetun"
  networks:
    - bridge_current_host_cross_containers_net

gluetun:
  networks:
    - bridge_current_host_cross_containers_net

networks:
  bridge_current_host_cross_containers_net:
    driver: bridge
    external: true
github-actions[bot] commented 4 weeks ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please: