search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.07k stars 373 forks source link

Bug: Forwarded port unreachable after an internal vpn restart #2515

Open mat926 opened 1 month ago

mat926 commented 1 month ago

Is this urgent?

None

Host OS

No response

CPU arch

None

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version v3.39.1 built on 2024-09-29T18:16:23.495Z (commit 67ae5f5)

What's the problem πŸ€”

My forwarded port is unconnectable after a few hours of running the container.

At first when I start the container I check to see the IP and port are open https://www.yougetsignal.com/tools/open-ports/ and it says it's open. But after I leave the container running for 12+ hours, I check it again and the port is closed or timed out.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version v3.39.1 built on 2024-09-29T18:16:23.495Z (commit 67ae5f5)

πŸ“£ All control server routes will become private by default after the v3.41.0 release

πŸ”§ Need help? β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
πŸ› Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-07T18:30:00-07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-10-07T18:30:00-07:00 INFO [routing] local ethernet link found: eth0
2024-10-07T18:30:00-07:00 INFO [routing] local ipnet found: 172.18.0.0/16
2024-10-07T18:30:01-07:00 INFO [firewall] enabling...
2024-10-07T18:30:01-07:00 INFO [firewall] enabled successfully
2024-10-07T18:30:02-07:00 INFO [storage] merging by most recent 20478 hardcoded servers and 20478 servers read from /gluetun/servers.json
2024-10-07T18:30:03-07:00 INFO Alpine version: 3.20.3
2024-10-07T18:30:03-07:00 INFO OpenVPN 2.5 version: 2.5.10
2024-10-07T18:30:03-07:00 INFO OpenVPN 2.6 version: 2.6.11
2024-10-07T18:30:03-07:00 INFO Unbound version: 1.20.0
2024-10-07T18:30:03-07:00 INFO IPtables version: v1.8.10
2024-10-07T18:30:03-07:00 INFO Settings summary:
β”œβ”€β”€ VPN settings:
|   β”œβ”€β”€ VPN provider settings:
|   |   β”œβ”€β”€ Name: custom
|   |   β”œβ”€β”€ Server selection settings:
|   |   |   β”œβ”€β”€ VPN type: wireguard
|   |   |   └── Wireguard selection settings:
|   |   |       β”œβ”€β”€ Endpoint IP address: [redacted]
|   |   |       β”œβ”€β”€ Endpoint port: 51820
|   |   |       └── Server public key: hrpCDkmnfP/gvsvxAI113SMGs/h/e/fAVJv108kypH8=
|   |   └── Automatic port forwarding settings:
|   |       β”œβ”€β”€ Redirection listening port: disabled
|   |       β”œβ”€β”€ Use code for provider: protonvpn
|   |       └── Forwarded port file path: /gluetun/forwarded_port.txt
|   └── Wireguard settings:
|       β”œβ”€β”€ Private key: 8Iw...3Q=
|       β”œβ”€β”€ Interface addresses:
|       |   └── 10.2.0.2/32
|       β”œβ”€β”€ Allowed IPs:
|       |   β”œβ”€β”€ 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Unbound settings:
|       |   β”œβ”€β”€ Authoritative servers:
|       |   |   └── cloudflare
|       |   β”œβ”€β”€ Caching: yes
|       |   β”œβ”€β”€ IPv6: no
|       |   β”œβ”€β”€ Verbosity level: 1
|       |   β”œβ”€β”€ Verbosity details level: 0
|       |   β”œβ”€β”€ Validation log level: 0
|       |   β”œβ”€β”€ System user: root
|       |   └── Allowed networks:
|       |       β”œβ”€β”€ 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: yes
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   β”œβ”€β”€ Enabled: yes
|   └── Outbound subnets:
|       β”œβ”€β”€ 172.18.0.0/16
|       └── 192.168.0.0/24
β”œβ”€β”€ Log settings:
|   └── Log level: info
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: cloudflare.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   └── Enabled: no
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: :8000
|   β”œβ”€β”€ Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1027
|   β”œβ”€β”€ Process GID: 65536
|   └── Timezone: America/Phoenix
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ Fetching: every 12h0m0s
|   β”œβ”€β”€ IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-10-07T18:30:03-07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-10-07T18:30:03-07:00 INFO [routing] adding route for 0.0.0.0/0
2024-10-07T18:30:03-07:00 INFO [firewall] setting allowed subnets...
2024-10-07T18:30:03-07:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4
2024-10-07T18:30:03-07:00 INFO [routing] adding route for 172.18.0.0/16
2024-10-07T18:30:03-07:00 INFO [routing] adding route for 192.168.0.0/24
2024-10-07T18:30:03-07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-07T18:30:03-07:00 INFO [http server] http server listening on [::]:8000
2024-10-07T18:30:03-07:00 INFO [firewall] allowing VPN connection...
2024-10-07T18:30:03-07:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-07T18:30:03-07:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024-10-07T18:30:03-07:00 INFO [wireguard] Connecting to [redacted]:51820
2024-10-07T18:30:03-07:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-10-07T18:30:03-07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-10-07T18:30:03-07:00 INFO [healthcheck] healthy!
2024-10-07T18:30:04-07:00 INFO [dns] downloading hostnames and IP block lists
2024-10-07T18:30:11-07:00 INFO [dns] init module 0: validator
2024-10-07T18:30:11-07:00 INFO [dns] init module 1: iterator
2024-10-07T18:30:11-07:00 INFO [dns] start of service (unbound 1.20.0).
2024-10-07T18:30:12-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-07T18:30:12-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-07T18:30:12-07:00 INFO [dns] ready
2024-10-07T18:30:12-07:00 INFO [healthcheck] healthy!
2024-10-07T18:30:12-07:00 INFO [ip getter] Public IP address is [redacted] (United States, California, Los Angeles)
2024-10-07T18:30:13-07:00 INFO [vpn] You are running the latest release v3.39.1
2024-10-07T18:30:13-07:00 INFO [port forwarding] starting
2024-10-07T18:30:13-07:00 INFO [port forwarding] gateway external IPv4 address is [redacted]
2024-10-07T18:30:13-07:00 INFO [port forwarding] port forwarded is 46792
2024-10-07T18:30:13-07:00 INFO [firewall] setting allowed input port 46792 through interface tun0...
2024-10-07T18:30:13-07:00 INFO [port forwarding] writing port file /gluetun/forwarded_port.txt
2024-10-07T19:22:59-07:00 INFO [healthcheck] healthy!
2024-10-07T19:23:11-07:00 INFO [healthcheck] healthy!
2024-10-07T19:23:23-07:00 INFO [healthcheck] healthy!
2024-10-07T19:28:04-07:00 INFO [healthcheck] healthy!
2024-10-07T19:30:38-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-07T20:28:05-07:00 INFO [healthcheck] healthy!
2024-10-07T20:32:31-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-07T21:33:16-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-07T22:33:50-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-07T23:34:02-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-07T23:54:56-07:00 INFO [healthcheck] healthy!
2024-10-08T00:00:29-07:00 INFO [healthcheck] healthy!
2024-10-08T00:01:23-07:00 INFO [healthcheck] healthy!
2024-10-08T00:34:04-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T01:34:24-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T01:36:55-07:00 INFO [healthcheck] healthy!
2024-10-08T02:01:30-07:00 INFO [healthcheck] healthy!
2024-10-08T02:01:53-07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-10-08T02:01:53-07:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-08T02:01:53-07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-08T02:01:53-07:00 INFO [vpn] stopping
2024-10-08T02:02:01-07:00 INFO [port forwarding] stopping
2024-10-08T02:02:05-07:00 INFO [firewall] removing allowed port 46792...
2024-10-08T02:02:28-07:00 INFO [port forwarding] removing port file /gluetun/forwarded_port.txt
2024-10-08T02:02:33-07:00 INFO [vpn] starting
2024-10-08T02:02:33-07:00 INFO [firewall] allowing VPN connection...
2024-10-08T02:02:34-07:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024-10-08T02:02:36-07:00 INFO [wireguard] Connecting to [redacted]:51820
2024-10-08T02:02:36-07:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-10-08T02:02:37-07:00 INFO [healthcheck] healthy!
2024-10-08T02:02:44-07:00 INFO [ip getter] Public IP address is [redacted] (United States, California, Los Angeles)
2024-10-08T02:02:44-07:00 INFO [port forwarding] starting
2024-10-08T02:02:44-07:00 INFO [port forwarding] gateway external IPv4 address is [redacted]
2024-10-08T02:02:44-07:00 INFO [port forwarding] port forwarded is 46792
2024-10-08T02:02:44-07:00 INFO [firewall] setting allowed input port 46792 through interface tun0...
2024-10-08T02:02:46-07:00 INFO [port forwarding] writing port file /gluetun/forwarded_port.txt
2024-10-08T02:34:35-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T03:04:04-07:00 INFO [healthcheck] healthy!
2024-10-08T03:31:24-07:00 INFO [healthcheck] healthy!
2024-10-08T03:34:53-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T04:36:20-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T05:40:39-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T06:42:36-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T07:42:39-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T08:44:22-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T09:44:43-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T10:46:31-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T11:46:37-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T12:46:42-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T13:46:47-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T14:02:37-07:00 INFO [ip getter] Public IP address is [redacted] (United States, California, Los Angeles)
2024-10-08T14:46:52-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T15:46:57-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T16:47:02-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T17:47:07-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T18:30:03-07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-10-08T18:30:04-07:00 INFO [dns] downloading hostnames and IP block lists
2024-10-08T18:30:06-07:00 INFO [dns] stopping
2024-10-08T18:30:06-07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-08T18:30:06-07:00 INFO [dns] starting
2024-10-08T18:30:06-07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-10-08T18:30:06-07:00 INFO [dns] downloading hostnames and IP block lists
2024-10-08T18:30:14-07:00 INFO [dns] init module 0: validator
2024-10-08T18:30:14-07:00 INFO [dns] init module 1: iterator
2024-10-08T18:30:14-07:00 INFO [dns] start of service (unbound 1.20.0).
2024-10-08T18:30:14-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T18:30:14-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T18:30:14-07:00 INFO [dns] ready
2024-10-08T18:30:14-07:00 INFO [healthcheck] healthy!
2024-10-08T19:37:31-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T20:40:29-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T21:41:21-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T22:41:31-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-08T23:42:14-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T00:42:36-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T01:43:25-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T02:02:38-07:00 INFO [ip getter] Public IP address is [redacted] (United States, California, Los Angeles)
2024-10-09T02:44:34-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T03:44:41-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T04:26:26-07:00 INFO [healthcheck] healthy!
2024-10-09T04:27:41-07:00 INFO [healthcheck] healthy!
2024-10-09T04:45:56-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T05:46:15-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T06:48:12-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T07:48:17-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T08:48:22-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T09:48:27-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T10:48:32-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T11:48:37-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T12:48:42-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T13:48:47-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T14:02:37-07:00 INFO [ip getter] Public IP address is [redacted] (United States, California, Los Angeles)
2024-10-09T14:48:52-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T15:48:57-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T16:49:02-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T17:49:07-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T18:30:14-07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-10-09T18:30:15-07:00 INFO [dns] downloading hostnames and IP block lists
2024-10-09T18:30:16-07:00 INFO [dns] stopping
2024-10-09T18:30:16-07:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-09T18:30:16-07:00 INFO [dns] starting
2024-10-09T18:30:16-07:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-10-09T18:30:17-07:00 INFO [dns] downloading hostnames and IP block lists
2024-10-09T18:30:24-07:00 INFO [dns] init module 0: validator
2024-10-09T18:30:24-07:00 INFO [dns] init module 1: iterator
2024-10-09T18:30:24-07:00 INFO [dns] start of service (unbound 1.20.0).
2024-10-09T18:30:24-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T18:30:24-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T18:30:25-07:00 INFO [healthcheck] healthy!
2024-10-09T18:30:25-07:00 INFO [dns] ready
2024-10-09T19:32:14-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T20:32:24-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T21:32:34-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T22:01:01-07:00 INFO [healthcheck] healthy!
2024-10-09T22:32:44-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-09T23:32:55-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-10T00:01:24-07:00 INFO [healthcheck] healthy!
2024-10-10T00:33:05-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-10T01:33:15-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-10T02:02:39-07:00 INFO [ip getter] Public IP address is [redacted] (United States, California, Los Angeles)
2024-10-10T02:03:57-07:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-10-10T02:03:57-07:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-10T02:03:57-07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-10T02:03:57-07:00 INFO [vpn] stopping
2024-10-10T02:04:26-07:00 INFO [port forwarding] stopping
2024-10-10T02:06:36-07:00 INFO [firewall] removing allowed port 46792...
2024-10-10T02:07:19-07:00 ERROR [wireguard] peer(hrpC…ypH8) - Failed to derive keypair: invalid state for keypair derivation: handshakeZeroed
2024-10-10T02:07:19-07:00 ERROR [wireguard] peer(hrpC…ypH8) - Failed to create response message: handshake initiation must be consumed first
2024-10-10T02:07:21-07:00 ERROR [wireguard] peer(hrpC…ypH8) - Failed to derive keypair: invalid state for keypair derivation: handshakeZeroed
2024-10-10T02:07:35-07:00 INFO [port forwarding] removing port file /gluetun/forwarded_port.txt
2024-10-10T02:08:04-07:00 INFO [vpn] starting
2024-10-10T02:08:05-07:00 INFO [firewall] allowing VPN connection...
2024-10-10T02:08:06-07:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024-10-10T02:08:21-07:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-10-10T02:08:21-07:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-10T02:08:21-07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-10T02:08:21-07:00 INFO [vpn] stopping
2024-10-10T02:08:21-07:00 INFO [wireguard] Connecting to [redacted]:51820
2024-10-10T02:08:23-07:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-10-10T02:33:23-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-10T03:33:28-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-10T04:33:29-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-10-10T05:33:31-07:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN

Share your configuration

services:
  gluetun:
    image: qmcgaw/gluetun:v3 
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8090:8090 # port for qbittorrent
      - 8000:8000/tcp # port for control server
    volumes:
      - /volume1/docker/gluetun:/gluetun
    environment:
      - PUID=1027
      - PGID=65536
      #OpenVPN:
      #- VPN_SERVICE_PROVIDER=protonvpn
      #- VPN_TYPE=openvpn
      #- OPENVPN_USER=user
      #- OPENVPN_PASSWORD=pass
      #Wireguard:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn

      - FREE_ONLY=off
      - TZ=America/Phoenix
      - HTTPPROXY=off #change to on if you wish to enable
      - SHADOWSOCKS=off #change to on if you wish to enable
      - FIREWALL_OUTBOUND_SUBNETS=172.18.0.0/16,192.168.0.0/24 #change this in line with your subnet see note on guide.
      - VPN_PORT_FORWARDING=on
      - UPDATER_PERIOD=24h
      - VPN_PORT_FORWARDING_STATUS_FILE=/gluetun/forwarded_port.txt
      # - FIREWALL_VPN_INPUT_PORTS=6881 
      #- LOG_LEVEL=debug
      #- FIREWALL=off
    network_mode: gluetun
    restart: unless-stopped
github-actions[bot] commented 1 month ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

RogueOneEcho commented 1 month ago

I'm also seeing this issue with Proton VPN

ThickPeep commented 1 month ago

Also getting this issue using ProtonVPN on unraid, with the wireguard configuration. Deployed the container with docker compose, not from the app store

jimbobjonesbob commented 1 month ago

get this too. if you restart qbit it usually works again (same port)

qdm12 commented 1 month ago

if you restart qbit it usually works again (same port)

Yep that's the thing. Not really a gluetun bug, it's just some programs (qbittorrent) fails to reconnect when the VPN restarts internally "auto-heals". Other torrent clients (I think transmission) do reconnect fine on a vpn internal restart, so it's likely a problem with qbittorrent.

Regarding the wireguard error messages

2024-10-10T02:07:19-07:00 ERROR [wireguard] peer(hrpC…ypH8) - Failed to derive keypair: invalid state for keypair derivation: handshakeZeroed
2024-10-10T02:07:19-07:00 ERROR [wireguard] peer(hrpC…ypH8) - Failed to create response message: handshake initiation must be consumed first
2024-10-10T02:07:21-07:00 ERROR [wireguard] peer(hrpC…ypH8) - Failed to derive keypair: invalid state for keypair derivation: handshakeZeroed

I have never seen those, any idea why this happens? Or was it just a one-off error?

mat926 commented 1 month ago

Restarting the qbittorrent container would not work. But I think I see the problem in the log. During the internal vpn restart, it removes the port file forwarded_port.txt , but it does not recreate it after reconnecting. My other container for changing the qbittorrent port fails because that file doesn't exist.

I have no idea why I'm getting those wireguard error messages. It seems to be a one-off error since I don't see it in the recent logs aren't showing that.