search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.43k stars 350 forks source link

Bug: gluetun connected container gui randomly becomes inaccessible #2480

Open inctiveo opened 1 week ago

inctiveo commented 1 week ago

Is this urgent?

No

Host OS

Synology DSM

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-08-25T07:04:32.409Z (commit 01fa993)

What's the problem 🤔

The containers running on the gluetun vpn network randomly become inaccessible after a matter of hours or days if I'm lucky. I have tried many different solutions by changing my docker compose file without success. There are never any errors in the logs for any containers that I can see, I'm lost here.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-08-25T07:04:32.409Z (commit 01fa993)

🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-09-11T16:07:07+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.32.1, assigned IP 192.168.32.2 and family v4
2024-09-11T16:07:07+01:00 INFO [routing] local ethernet link found: eth0
2024-09-11T16:07:07+01:00 INFO [routing] local ipnet found: 192.168.32.0/24
2024-09-11T16:07:07+01:00 INFO [firewall] enabling...
2024-09-11T16:07:07+01:00 INFO [firewall] enabled successfully
2024-09-11T16:07:09+01:00 INFO [storage] merging by most recent 20480 hardcoded servers and 20480 servers read from /gluetun/servers.json
2024-09-11T16:07:09+01:00 INFO Alpine version: 3.20.2
2024-09-11T16:07:09+01:00 INFO OpenVPN 2.5 version: 2.5.10
2024-09-11T16:07:09+01:00 INFO OpenVPN 2.6 version: 2.6.11
2024-09-11T16:07:09+01:00 INFO IPtables version: v1.8.10
2024-09-11T16:07:09+01:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: wireguard
|   |   |   └── Wireguard selection settings:
|   |   |       ├── Endpoint IP address: 146.70.179.18
|   |   |       ├── Endpoint port: 51820
|   |   |       └── Server public key: -------------redacted---------------
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use code for provider: protonvpn
|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
|   └── Wireguard settings:
|       ├── Private key: ----------redacted-----------
|       ├── Interface addresses:
|       |   └── 10.2.0.2/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   └── cloudflare
|       ├── Caching: yes
|       ├── IPv6: no
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── Outbound subnets:
|       ├── 192.168.30.0/24
|       ├── 192.168.31.0/24
|       ├── 192.168.32.0/24
|       ├── 172.30.0.0/24
|       └── 172.31.0.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1031
|   ├── Process GID: 65543
|   └── Timezone: Europe/London
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-09-11T16:07:09+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.32.1, assigned IP 192.168.32.2 and family v4
2024-09-11T16:07:09+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-09-11T16:07:09+01:00 INFO [firewall] setting allowed subnets...
2024-09-11T16:07:09+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.32.1, assigned IP 192.168.32.2 and family v4
2024-09-11T16:07:09+01:00 INFO [routing] adding route for 192.168.30.0/24
2024-09-11T16:07:09+01:00 INFO [routing] adding route for 192.168.31.0/24
2024-09-11T16:07:09+01:00 INFO [routing] adding route for 192.168.32.0/24
2024-09-11T16:07:09+01:00 INFO [routing] adding route for 172.30.0.0/24
2024-09-11T16:07:09+01:00 INFO [routing] adding route for 172.31.0.0/24
2024-09-11T16:07:09+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-09-11T16:07:09+01:00 INFO [http server] http server listening on [::]:8000
2024-09-11T16:07:09+01:00 INFO [firewall] allowing VPN connection...
2024-09-11T16:07:09+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-09-11T16:07:09+01:00 INFO [wireguard] Using available kernelspace implementation
2024-09-11T16:07:09+01:00 INFO [wireguard] Connecting to 146.70.179.18:51820
2024-09-11T16:07:09+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-09-11T16:07:09+01:00 INFO [dns] downloading hostnames and IP block lists
2024-09-11T16:07:14+01:00 INFO [healthcheck] healthy!
2024-09-11T16:07:15+01:00 INFO [dns] DNS server listening on [::]:53
2024-09-11T16:07:16+01:00 INFO [dns] ready
2024-09-11T16:07:16+01:00 INFO [ip getter] Public IP address is 146.70.179.20 (United Kingdom, England, London)
2024-09-11T16:07:17+01:00 INFO [vpn] You are running 1 commit behind the most recent latest
2024-09-11T16:07:17+01:00 INFO [port forwarding] starting
2024-09-11T16:07:17+01:00 INFO [port forwarding] gateway external IPv4 address is 146.70.179.20
2024-09-11T16:07:17+01:00 INFO [port forwarding] port forwarded is 42404
2024-09-11T16:07:17+01:00 INFO [firewall] setting allowed input port 42404 through interface tun0...
2024-09-11T16:07:17+01:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port

Share your configuration

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 5858:5858/tcp
      - 5959:5959/tcp
      - 6080:6080/tcp
      - 8080:8080/tcp
      - 9080:9080/tcp
      - 9696:9696/tcp
      - 52276-52277:52276-52277/tcp
      - 52276-52277:52276-52277/udp
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - WIREGUARD_ENDPOINT_IP=146.70.179.18
      - WIREGUARD_ENDPOINT_PORT=51820
      - WIREGUARD_PRIVATE_KEY=-------------redacted---------------
      - WIREGUARD_PUBLIC_KEY=-------------redacted---------------
      - WIREGUARD_ADDRESSES=10.2.0.2/32
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
      - FIREWALL_OUTBOUND_SUBNETS=192.168.30.0/24,192.168.31.0/24,192.168.32.0/24,172.30.0.0/24,172.31.0.0/24
      - UPDATER_PERIOD=24h
      - PUID=1031
      - PGID=65543
      - TZ=Europe/London
    volumes:
      - /volume1/docker/gluetun:/gluetun
      - /volume1/docker/gluetun/forwarded_port:/tmp/gluetun/forwarded_port
    network_mode: gluetun-bridge
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: always

  qbittorrent:
    image: linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - WEBUI_PORT=9080
      - PUID=1031
      - PGID=65543
      - TZ=Europe/London
      - UMASK=022
    volumes:
      - /volume1/docker/qbittorrent:/config
      - /volume1/data/torrents:/data/torrents
      - /volume1/data/media:/data/media
      - /volume1/data/library:/data/library
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  gluetun-qbittorrent-port-manager:
    image: snoringdragon/gluetun-qbittorrent-port-manager:latest
    container_name: qb-port-manager
    environment:
      - QBITTORRENT_SERVER=localhost
      - QBITTORRENT_PORT=9080
      - QBITTORRENT_USER=-------------redacted---------------
      - QBITTORRENT_PASS=-------------redacted---------------
      - PORT_FORWARDED=/tmp/gluetun/forwarded_port
    volumes:
      - /volume1/docker/gluetun:/tmp/gluetun
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  sabnzbd:
    image: linuxserver/sabnzbd:latest
    container_name: sabnzbd
    environment:
      - PUID=1031
      - PGID=65543
      - TZ=Europe/London
      - UMASK=022
    volumes:
      - /volume1/docker/sabnzbd:/config
      - /volume1/data/usenet:/data/usenet
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  soulseek:
    image: realies/soulseek:latest
    container_name: soulseek
    environment:
      - PUID=1031
      - PGID=65543
      - TZ=Europe/London
      - UMASK=022
    volumes:
      - /volume1/docker/soulseek/appdata:/data/.SoulseekQt
      - /volume1/docker/soulseek/logs:/data/Soulseek Chat Logs
      - /volume1/data/downloads/soulseek:/data/Soulseek Downloads
      - /volume1/data/media/music:/data/Soulseek Shared Folder
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  jdownloader-2:
    image: jlesage/jdownloader-2:latest
    container_name: jdownloader-2
    environment:
      - WEB_LISTENING_PORT=5858
      - VNC_LISTENING_PORT=5959
      - USER_ID=1031
      - GROUP_ID=65543
      - TZ=Europe/London
      - UMASK=022
    volumes:
      - /volume1/docker/jdownloader-2:/config
      - /volume1/data/downloads/jdownloader-2:/output
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  prowlarr:
    image: linuxserver/prowlarr:latest
    container_name: prowlarr
    environment:
      - PUID=1031
      - PGID=65543
      - TZ=Europe/London
      - UMASK=022
    volumes:
      - /volume1/docker/prowlarr:/config
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always
github-actions[bot] commented 1 week ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

dr3wballard commented 1 day ago

I believe I'm experiencing the same issue here. But with the lack of logs decided to hold off on creating an issue until I could investigate more.

I'm curious, if you docker exec into one of your containers that uses gluetun while it's having that issue does it show that the network interfaces were removed? For example when my containers are working properly I believe they have 3 network interfaces active, and when they are having an issue I've noticed that only the lo: interface is active.

Edit: Looks like this could be a related issue https://github.com/qdm12/gluetun/issues/2469

inctiveo commented 23 hours ago

I'll check the next time it happens which tends to be every other day. At the moment I manually redeploy to keep things working. I'm unsure if this is related but when I was running containers individually I never experienced this issue but I started using docker compose, as it does make my life easier but since doing so I've been having these issues with gluetun connected containers becoming inaccessible.

You're absolutely right, it seems to be a common issue if you check the recent comments on #405