search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.16k stars 375 forks source link

AirVPN IPv6 OpenVPN `write UDPv6 []: Address not available (fd=3,code=99)` #2467

Open mikul9 opened 2 months ago

mikul9 commented 2 months ago

Is this urgent?

No

Host OS

DSM 7.21 (Synology)

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

docker run

What is the version of Gluetun

Running version latest built on 2024-08-25T07:04:32.409Z (commit 01fa993)

What's the problem 🤔

Failure to connect to AirVPN after update to the latest version. The problem persists with the firewall disabled. Moving back to pr-2285 works.

Share your logs (at least 10 lines)

Stuck in this loop:

2024/09/05 11:00:22 stdout  2024-09-05T11:00:22-04:00 INFO [firewall] removing allowed port 13482...
2024/09/05 11:00:22 stdout  2024-09-05T11:00:22-04:00 INFO [vpn] stopping
2024/09/05 11:00:22 stdout  2024-09-05T11:00:22-04:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024/09/05 11:00:22 stdout  2024-09-05T11:00:22-04:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024/09/05 11:00:22 stdout  2024-09-05T11:00:22-04:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024/09/05 11:00:18 stdout  2024-09-05T11:00:18-04:00 INFO [openvpn] write UDPv6 []: Address not available (fd=3,code=99)
2024/09/05 11:00:13 stdout  2024-09-05T11:00:13-04:00 INFO [openvpn] write UDPv6 []: Address not available (fd=3,code=99)
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [openvpn] write UDPv6 []: Address not available (fd=3,code=99)
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [openvpn] UDPv6 link remote: [AF_INET6]2001:ac8:40:8:6e2e:89db:741:eecb:1194
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [openvpn] UDPv6 link local: (not bound)
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:ac8:40:8:6e2e:89db:741:eecb:1194
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [firewall] allowing VPN connection...
2024/09/05 11:00:11 stdout  2024-09-05T11:00:11-04:00 INFO [vpn] starting

Share your configuration

gluetun:
    image: qmcgaw/gluetun:latest   
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp 
      - 8388:8388/tcp 
      - 8388:8388/udp 
      - 8090:8090/tcp
    volumes:
      - /volume1/docker/gluetun:/gluetun
    environment:
      - PUID=1030 
      - PGID=65526 
      - TZ=America/New_York 
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=openvpn  
      - OPENVPN_USER=UserName
      - OPENVPN_PASSWORD=PaSsWoRd
      - HTTPPROXY=off 
      - SHADOWSOCKS=off 
      - FIREWALL_OUTBOUND_SUBNETS=181.20.0.0/16,192.168.1.0/24 
      - FIREWALL_VPN_INPUT_PORTS=12462 
      - UPDATER_PERIOD=24h
    network_mode: synobridge
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: always
github-actions[bot] commented 2 months ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

caballinger commented 2 months ago

Having the exact same issue here with openvpn connections on airvpn. Wireguard connections on airvpn continue to work just fine on the latest image.

qdm12 commented 2 months ago

This is due to Openvpn trying to use IPv6, and your Docker setup probably doesn't support it. It could also be due to the upgrade from openvpn 2.5 to 2.6.

  1. If you run with LOG_LEVEL=debug, what IPv6 relevant lines do you get (for example IPv6 is supported by link ....)?
  2. What happens if you run image qmcgaw/gluetun:v3.39.0 with OPENVPN_VERSION=2.5?
  3. What happens if you run image qmcgaw/gluetun:v3.38.1?

also please use v3.x.x tagged images, not pr-2285. I have no idea what that image tag (for PR #2285) and it's hard for me to debug.

caballinger commented 2 months ago

qmcgaw/gluetun:v3.39.0 with OPENVPN_VERSION=2.5: Same issue qmcgaw/gluetun:v3.38.1 without OPENVPN_VERSION=2.5: Working Related error in log:

2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] Exiting due to fatal error
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] Linux ip -6 addr add failed: external program exited with error status: 2
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 ERROR [openvpn] RTNETLINK answers: Permission denied
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] /sbin/ip -6 addr add fde6:7a:7d20:1b7a::10ab/64 dev tun0
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] /sbin/ip link set dev tun0 up
mikul9 commented 2 months ago

Confirmed that qmcgaw/gluetun:v3.38.1 is working.

KindaWrks commented 1 month ago

I have had the same issue with the last few updates. When ever I go back to 3.39 and even the new 3.39.1 it works. With each pull of latest it does the udpv6 error. I tried to add a environment variable to stop it from using ip6 but that didn't seem to help.

VonPuffelen commented 1 month ago

Same issue, i go back to V3.38.0 and no problems anymore.