Bug: wireguard - adding ipv6 rule: file exists

Ttfgggf commented 3 days ago

Is this urgent?

None

Host OS

Fedora 40

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

Podman

What is the version of Gluetun

Running version latest built on 2024-10-11T18:31:08.386Z (commit abe9dcb)

What's the problem 🤔

The problem is a similar to one to https://github.com/qdm12/gluetun/issues/1991. I made a change to my Podman Quadlet file and it stopped working although it was working before.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-10-11T18:31:08.386Z (commit abe9dcb)

📣 All control server routes will become private by default after the v3.41.0 release

🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-13T23:14:43+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.68 and family v4
2024-10-13T23:14:43+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::44 and family v6
2024-10-13T23:14:43+01:00 INFO [routing] local ethernet link found: eth0
2024-10-13T23:14:43+01:00 INFO [routing] local ipnet found: 10.30.0.0/24
2024-10-13T23:14:43+01:00 INFO [routing] local ipnet found: fd38:753:6ed4:4540::/64
2024-10-13T23:14:43+01:00 INFO [routing] local ipnet found: fe80::/64
2024-10-13T23:15:58+01:00 INFO [firewall] enabling...
2024-10-13T23:15:59+01:00 INFO [firewall] enabled successfully
2024-10-13T23:15:59+01:00 INFO [storage] merging by most recent 20553 hardcoded servers and 20553 servers read from /gluetun/servers.json
2024-10-13T23:15:59+01:00 INFO Alpine version: 3.20.3
2024-10-13T23:15:59+01:00 INFO OpenVPN 2.5 version: 2.5.10
2024-10-13T23:15:59+01:00 INFO OpenVPN 2.6 version: 2.6.11
2024-10-13T23:15:59+01:00 INFO IPtables version: v1.8.10
2024-10-13T23:15:59+01:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: airvpn
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Cities: London
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: #Blanked
|       ├── Pre-shared key: #Blanked
|       ├── Interface addresses:
|       |   ├── 10.182.169.209/32
|       |   └── fd7d:76ee:e68f:a993:d3e0:138a:9151:3c9a/128
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   ├── cloudflare
|       |   └── quad9
|       ├── Caching: yes
|       ├── IPv6: yes
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── VPN input ports:
|   |   ├── 12636
|   |   └── 32400
|   └── Outbound subnets:
|       └── 10.0.0.0/8
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   ├── Enabled: yes
|   ├── Listening address: :8388
|   ├── Cipher: chacha20-ietf-poly1305
|   ├── Password: [not set]
|   └── Log addresses: no
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :8888
|   ├── User: 
|   ├── Password: [not set]
|   ├── Stealth mode: no
|   ├── Log: no
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1002
|   └── Timezone: Europe/London
├── Public IP settings:
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
├── Server data updater settings:
|   ├── Update period: 24h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: airvpn
└── Version settings:
    └── Enabled: yes
2024-10-13T23:15:59+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.68 and family v4
2024-10-13T23:15:59+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::44 and family v6
2024-10-13T23:15:59+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-10-13T23:15:59+01:00 INFO [routing] adding route for ::/0
2024-10-13T23:15:59+01:00 INFO [firewall] setting allowed subnets...
2024-10-13T23:15:59+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.68 and family v4
2024-10-13T23:15:59+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::44 and family v6
2024-10-13T23:15:59+01:00 INFO [routing] adding route for 10.0.0.0/8
2024-10-13T23:15:59+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-13T23:15:59+01:00 INFO [http proxy] listening on :8888
2024-10-13T23:15:59+01:00 INFO [http server] http server listening on [::]:8000
2024-10-13T23:15:59+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-13T23:15:59+01:00 INFO [firewall] allowing VPN connection...
2024-10-13T23:15:59+01:00 INFO [shadowsocks] listening TCP on [::]:8388
2024-10-13T23:15:59+01:00 INFO [shadowsocks] listening UDP on [::]:8388
2024-10-13T23:15:59+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-13T23:15:59+01:00 INFO [wireguard] Connecting to [IPV6 Address Here]:1637
2024-10-13T23:15:59+01:00 ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-13T23:15:59+01:00 INFO [vpn] retrying in 15s
2024-10-13T23:16:05+01:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-10-13T23:16:05+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:16:05+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:16:14+01:00 INFO [firewall] allowing VPN connection...
2024-10-13T23:16:14+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-13T23:16:14+01:00 INFO [wireguard] Connecting to [2001:ac8:31:254:6a6c:3102:80b:f49c]:1637
2024-10-13T23:16:14+01:00 ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-13T23:16:14+01:00 INFO [vpn] retrying in 30s
2024-10-13T23:16:19+01:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-10-13T23:16:19+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:16:19+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:16:35+01:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-10-13T23:16:35+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:16:35+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:16:44+01:00 INFO [firewall] allowing VPN connection...
2024-10-13T23:16:44+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-13T23:16:44+01:00 INFO [wireguard] Connecting to [IPV6 Address Here]:1637
2024-10-13T23:16:44+01:00 ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-13T23:16:44+01:00 INFO [vpn] retrying in 1m0s
2024-10-13T23:16:56+01:00 INFO [healthcheck] program has been unhealthy for 21s: restarting VPN
2024-10-13T23:16:56+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:16:56+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:17:22+01:00 INFO [healthcheck] program has been unhealthy for 26s: restarting VPN
2024-10-13T23:17:22+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:17:22+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:17:44+01:00 INFO [firewall] allowing VPN connection...
2024-10-13T23:17:44+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-13T23:17:44+01:00 INFO [wireguard] Connecting to [IPV6 Address Here]:1637
2024-10-13T23:17:44+01:00 ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-13T23:17:44+01:00 INFO [vpn] retrying in 2m0s
2024-10-13T23:17:53+01:00 INFO [healthcheck] program has been unhealthy for 31s: restarting VPN
2024-10-13T23:17:53+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:17:53+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:18:29+01:00 INFO [healthcheck] program has been unhealthy for 36s: restarting VPN
2024-10-13T23:18:29+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:18:29+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:19:10+01:00 INFO [healthcheck] program has been unhealthy for 41s: restarting VPN
2024-10-13T23:19:10+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:19:10+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:19:44+01:00 INFO [firewall] allowing VPN connection...
2024-10-13T23:19:44+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-13T23:19:44+01:00 INFO [wireguard] Connecting to [IPV6 Address Here]:1637
2024-10-13T23:19:44+01:00 ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-13T23:19:44+01:00 INFO [vpn] retrying in 4m0s
2024-10-13T23:19:56+01:00 INFO [healthcheck] program has been unhealthy for 46s: restarting VPN
2024-10-13T23:19:56+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:19:56+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:20:47+01:00 INFO [healthcheck] program has been unhealthy for 51s: restarting VPN
2024-10-13T23:20:47+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:20:47+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:21:43+01:00 INFO [healthcheck] program has been unhealthy for 56s: restarting VPN
2024-10-13T23:21:43+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:21:43+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:22:44+01:00 INFO [healthcheck] program has been unhealthy for 1m1s: restarting VPN
2024-10-13T23:22:44+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:22:44+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:23:44+01:00 INFO [firewall] allowing VPN connection...
2024-10-13T23:23:44+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-13T23:23:44+01:00 INFO [wireguard] Connecting to IPV4 Address Here:1637
2024-10-13T23:23:44+01:00 ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-13T23:23:44+01:00 INFO [vpn] retrying in 8m0s
2024-10-13T23:23:50+01:00 INFO [healthcheck] program has been unhealthy for 1m6s: restarting VPN
2024-10-13T23:23:50+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:23:50+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:25:01+01:00 INFO [healthcheck] program has been unhealthy for 1m11s: restarting VPN
2024-10-13T23:25:01+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:25:01+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:26:17+01:00 INFO [healthcheck] program has been unhealthy for 1m16s: restarting VPN
2024-10-13T23:26:17+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:26:17+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:27:38+01:00 INFO [healthcheck] program has been unhealthy for 1m21s: restarting VPN
2024-10-13T23:27:38+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:27:38+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:29:04+01:00 INFO [healthcheck] program has been unhealthy for 1m26s: restarting VPN
2024-10-13T23:29:04+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:29:04+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:30:35+01:00 INFO [healthcheck] program has been unhealthy for 1m31s: restarting VPN
2024-10-13T23:30:35+01:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-13T23:30:35+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-13T23:31:44+01:00 INFO [firewall] allowing VPN connection...
2024-10-13T23:31:44+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-13T23:31:44+01:00 INFO [wireguard] Connecting to [2001:ac8:31:362::2]:1637
2024-10-13T23:31:44+01:00 ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-13T23:31:44+01:00 INFO [vpn] retrying in 16m0s

Share your configuration

[Unit]

Description=Gluetun (VPN Connection Container)

[Container]

Image=ghcr.io/qdm12/gluetun:latest

#Network=network1forpodman

Sysctl=net.ipv6.conf.all.disable_ipv6=0

#PublishPort=8888:8888/tcp
#PublishPort=[::]:8888:8888/tcp
#PublishPort=8388:8388/tcp
#PublishPort=[::]:8388:8388/tcp
#PublishPort=8388:8388/udp
#PublishPort=[::]:8388:8388/udp

Pod=thepodforpodman.pod

AutoUpdate=registry

ContainerName=gluetun

#HostName=gluetun

AddCapability=NET_ADMIN

AddDevice=/dev/net/tun:/dev/net/tun

Volume=/hosting/services/podman/gluetun/config:/gluetun:Z

Secret=airvpnwireguardprivatekey,type=mount,uid=1000,gid=1002,target=airvpnwireguardprivatekey
Secret=airvpnwireguardpresharedkey,type=mount,uid=1000,gid=1002,target=airvpnwireguardpresharedkey
Secret=airvpnwireguardaddresses,type=mount,uid=1000,gid=1002,target=airvpnwireguardaddresses

Environment=VPN_SERVICE_PROVIDER=airvpn
Environment=VPN_TYPE=wireguard
Environment=WIREGUARD_PRIVATE_KEY_SECRETFILE=/run/secrets/airvpnwireguardprivatekey
Environment=WIREGUARD_PRESHARED_KEY_SECRETFILE=/run/secrets/airvpnwireguardpresharedkey
Environment=WIREGUARD_ADDRESSES_SECRETFILE=/run/secrets/airvpnwireguardaddresses
Environment=SERVER_CITIES=London
Environment=FIREWALL_VPN_INPUT_PORTS=12636,32400
Environment=TZ=Europe/London
Environment=DOT_PROVIDERS=cloudflare,quad9
Environment=UPDATER_PERIOD=24h
Environment=HTTPPROXY=on
Environment=SHADOWSOCKS=on
Environment=DOT_IPV6=on
Environment=FIREWALL_OUTBOUND_SUBNETS=10.0.0.0/8
#Environment=WIREGUARD_ALLOWED_IPS=10.0.0.0/8,::/0

Environment=PGID=1002
Environment=PUID=1000

[Service]
Restart=always
TimeoutStartSec=900

[Install]
WantedBy=default.target

github-actions[bot] commented 3 days ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

do not ask for updates, be patient
:+1: the issue to show your support instead of commenting @qdm12 usually checks issues at least once a week, if this is a new urgent bug, revert to an older tagged container image

aminerachyd commented 3 days ago

Same issue found recently, can't trace exactly when it started, but I'm getting the same logs. I'm running gluetun on a Kubernetes pod, using Mullvad VPN with gluetun version 3.38 (and 3.39.1 recently) with Wireguard configuration

qdm12 commented 2 days ago

Oddly it seems that ipv6 rule exists before Gluetun does anything, not too sure why, let's try to find why first.

Can you report the logs running with LOG_LEVEL=debug?
Can you report the output from running the command ip -6 rule within Gluetun
Important: can you report the output from running the command ip -6 rule within an alpine:3.20 container with NET_ADMIN privileges? With dumb docker run that would be docker run --rm --cap-add NET_ADMIN alpine:3.20 ip -6 rule

PS: in case this cannot be fixed, I can change the code to consider "file exists" as yep it has been created ok, but I would prefer to understand the root cause if possible since this isn't normal behavior really. Also I'm inclined to think this is a host system/kernel problem, since other users are running gluetun with ipv6 just fine.

qdm12 commented 2 days ago

I went the extra yard (not mile yet 😄) to have an image tag pr-2526 to run (see #2526) - can you please run it? It should log at the info level all the rules in case it fails to add a rule with error file exists.

Ttfgggf commented 2 days ago

I went the extra yard (not mile yet 😄) to have an image tag pr-2526 to run (see #2526) - can you please run it? It should log at the info level all the rules in case it fails to add a rule with error file exists.

Cool. Let me give it a go.

Ttfgggf commented 2 days ago

Result of LOG_LEVEL=debug


========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version pr-2526 built on 2024-10-15T14:07:19.546Z (commit a8399fd)

📣 All control server routes will become private by default after the v3.41.0 release

🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-15T17:14:07+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.145 and family v4
2024-10-15T17:14:07+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::184 and family v6
2024-10-15T17:14:07+01:00 INFO [routing] local ethernet link found: eth0
2024-10-15T17:14:07+01:00 INFO [routing] local ipnet found: 10.30.0.0/24
2024-10-15T17:14:07+01:00 INFO [routing] local ipnet found: fd38:753:6ed4:4540::/64
2024-10-15T17:14:07+01:00 INFO [routing] local ipnet found: fe80::/64
2024-10-15T17:14:07+01:00 INFO [firewall] enabling...
2024-10-15T17:14:07+01:00 INFO [firewall] enabled successfully
2024-10-15T17:14:08+01:00 INFO [storage] merging by most recent 20553 hardcoded servers and 20553 servers read from /gluetun/servers.json
2024-10-15T17:14:08+01:00 INFO Alpine version: 3.20.3
2024-10-15T17:14:08+01:00 INFO OpenVPN 2.5 version: 2.5.10
2024-10-15T17:14:08+01:00 INFO OpenVPN 2.6 version: 2.6.11
2024-10-15T17:14:08+01:00 INFO IPtables version: v1.8.10
2024-10-15T17:14:08+01:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: airvpn
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Cities: London
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: #Blanked
|       ├── Pre-shared key: #Blanked
|       ├── Interface addresses:
|       |   ├── 10.182.169.209/32
|       |   └── fd7d:76ee:e68f:a993:d3e0:138a:9151:3c9a/128
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   ├── cloudflare
|       |   └── quad9
|       ├── Caching: yes
|       ├── IPv6: yes
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── VPN input ports:
|   |   ├── 12636
|   |   └── 32400
|   └── Outbound subnets:
|       └── 10.0.0.0/8
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   ├── Enabled: yes
|   ├── Listening address: :8388
|   ├── Cipher: chacha20-ietf-poly1305
|   ├── Password: [not set]
|   └── Log addresses: no
├── HTTP proxy settings:
|   ├── Enabled: yes
|   ├── Listening address: :8888
|   ├── User: 
|   ├── Password: [not set]
|   ├── Stealth mode: no
|   ├── Log: no
|   ├── Read header timeout: 1s
|   └── Read timeout: 3s
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1002
|   └── Timezone: Europe/London
├── Public IP settings:
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
├── Server data updater settings:
|   ├── Update period: 24h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: airvpn
└── Version settings:
    └── Enabled: yes
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.145 and family v4
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::184 and family v6
2024-10-15T17:14:08+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-10-15T17:14:08+01:00 INFO [routing] adding route for ::/0
2024-10-15T17:14:08+01:00 INFO [firewall] setting allowed subnets...
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.145 and family v4
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::184 and family v6
2024-10-15T17:14:08+01:00 INFO [routing] adding route for 10.0.0.0/8
2024-10-15T17:14:08+01:00 INFO [http proxy] listening on :8888
2024-10-15T17:14:08+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-15T17:14:08+01:00 INFO [http server] http server listening on [::]:8000
2024-10-15T17:14:08+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-15T17:14:08+01:00 INFO [firewall] allowing VPN connection...
2024-10-15T17:14:08+01:00 INFO [shadowsocks] listening TCP on [::]:8388
2024-10-15T17:14:08+01:00 INFO [shadowsocks] listening UDP on [::]:8388
2024-10-15T17:14:08+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-15T17:14:08+01:00 INFO [wireguard] Connecting to 217.138.195.18:1637
2024-10-15T17:14:08+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-10-15T17:14:08+01:00 INFO [firewall] setting allowed input port 12636 through interface tun0...
2024-10-15T17:14:08+01:00 INFO [firewall] setting allowed input port 32400 through interface tun0...
2024-10-15T17:14:08+01:00 INFO [dns] downloading hostnames and IP block lists
2024-10-15T17:14:09+01:00 INFO [dns] DNS server listening on [::]:53
2024-10-15T17:14:09+01:00 INFO [dns] ready
2024-10-15T17:14:09+01:00 INFO [healthcheck] healthy!
2024-10-15T17:14:09+01:00 INFO [ip getter] Public IP address is 217.138.195.19 (United Kingdom, England, London)
2024-10-15T17:14:10+01:00 INFO [vpn] There is a new release v3.39.1 (v3.39.1) created 15 days ago
2024-10-15T17:14:23+01:00 INFO [healthcheck] healthy!
2024-10-15T17:18:01+01:00 INFO [healthcheck] healthy!

Result of ip -6 rule within the container command

/ # ip -6 rule
0:      from all lookup local
98:     from all to fd38:753:6ed4:4540::/64 lookup main
98:     from all to fe80::/64 lookup main
100:    from fd38:753:6ed4:4540::184 lookup 200
101:    not from all fwmark 0xca6c lookup 51820
32766:  from all lookup main
/ #

Result of podman run --rm --cap-add NET_ADMIN alpine:3.20 ip -6 rule

root@example:/etc/containers/systemd# podman run --rm --cap-add NET_ADMIN alpine:3.20 ip -6 rule
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:3.20...
Getting image source signatures
Copying blob 43c4264eed91 skipped: already exists  
Copying config 91ef0af61f done   | 
Writing manifest to image destination
0:      from all lookup local 
32766:  from all lookup main 
root@example:/etc/containers/systemd#

Ttfgggf commented 2 days ago

I went the extra yard (not mile yet 😄) to have an image tag pr-2526 to run (see #2526) - can you please run it? It should log at the info level all the rules in case it fails to add a rule with error file exists.

Just to add to the above info. At the moment while Gluetun isn't connected to the rest of the containers that I am running on Fedora there is a VPN connected to the Host of the containers via opnSENSE Wireguard Selective Routing. So maybe that is affecting the containers . Additionally, I run ULAs IPv6 Addresses internally on my LAN. So that is why you may see it is successful in the logs, but I am not 100% sure if that will affect it.

qdm12 commented 2 days ago

@Ttfgggf Wait I'm a bit confused, why is the container not crashing in the last logs you shared with the error [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists on the first try, and it seems to succeed?

Ttfgggf commented 1 day ago

@Ttfgggf Wait I'm a bit confused, why is the container not crashing in the last logs you shared with the error [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists on the first try, and it seems to succeed?

Not sure to be honest, but it has crashed. Could SELinux be affecting it?

Right now nothing is connected to the gluetun container. But there is another AirVPN connection to the machine hosting gluetun is using in the meantime. With a Local ULA for IPV6 and an IPV4 address.

leovanalphen commented 1 day ago

I'm running into the same issue. Tried to run pr-2526 image but get the same behavior. Logs:

2024-10-16T12:40:43.054436502Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard client private key: cL5...Fg=
2024-10-16T12:40:43.054439721Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-10-16T12:40:43.054442233Z 2024-10-16T12:40:43Z INFO [firewall] allowing VPN connection...
2024-10-16T12:40:43.054516338Z 2024-10-16T12:40:43Z INFO [wireguard] Using available kernelspace implementation
2024-10-16T12:40:43.055384038Z 2024-10-16T12:40:43Z INFO [wireguard] Connecting to 138.199.6.179:51820
2024-10-16T12:40:43.055658450Z 2024-10-16T12:40:43Z INFO [wireguard] existing rules are:
2024-10-16T12:40:43.055665878Z ip rule 0: from all to all table 255
2024-10-16T12:40:43.055670121Z ip rule 98: from all to fe80::/64 table 254
2024-10-16T12:40:43.055672327Z ip rule 101: from all to all table 51820
2024-10-16T12:40:43.055674562Z ip rule 32766: from all to all table 254
2024-10-16T12:40:43.055676924Z 2024-10-16T12:40:43Z DEBUG [wireguard] closing controller client...
2024-10-16T12:40:43.055682765Z 2024-10-16T12:40:43Z DEBUG [wireguard] shutting down link...
2024-10-16T12:40:43.055703579Z 2024-10-16T12:40:43Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-16T12:40:43.055724206Z 2024-10-16T12:40:43Z INFO [vpn] retrying in 30s
2024-10-16T12:40:43.093039887Z 2024-10-16T12:40:43Z DEBUG [wireguard] deleting link...
2024-10-16T12:40:07.475309839Z ========================================
2024-10-16T12:40:07.475336998Z ========================================
2024-10-16T12:40:07.475341192Z =============== gluetun ================
2024-10-16T12:40:07.475343569Z ========================================
2024-10-16T12:40:07.475345760Z =========== Made with ❤️ by ============
2024-10-16T12:40:07.475347916Z ======= https://github.com/qdm12 =======
2024-10-16T12:40:07.475350059Z ========================================
2024-10-16T12:40:07.475352178Z ========================================
2024-10-16T12:40:07.475354210Z 
2024-10-16T12:40:07.475357138Z Running version pr-2526 built on 2024-10-15T14:07:19.546Z (commit a8399fd)
2024-10-16T12:40:07.475359160Z 
2024-10-16T12:40:07.475362047Z 📣 All control server routes will become private by default after the v3.41.0 release
2024-10-16T12:40:07.475363996Z 
2024-10-16T12:40:07.475366138Z 🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
2024-10-16T12:40:07.475368290Z 🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
2024-10-16T12:40:07.475370567Z 💻 Email? quentin.mcgaw@gmail.com
2024-10-16T12:40:07.475372812Z 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-16T12:40:07.475545163Z 2024-10-16T12:40:07Z WARN You are using the old environment variable UID, please consider changing it to PUID
2024-10-16T12:40:07.475549196Z 2024-10-16T12:40:07Z WARN You are using the old environment variable GID, please consider changing it to PGID
2024-10-16T12:40:07.477295887Z 2024-10-16T12:40:07Z INFO [routing] default route found: interface eth0, gateway 172.16.0.202, assigned IP 172.16.0.205 and family v4
2024-10-16T12:40:07.477574440Z 2024-10-16T12:40:07Z INFO [routing] local ethernet link found: eth0
2024-10-16T12:40:07.477639200Z 2024-10-16T12:40:07Z INFO [routing] local ipnet found: 172.16.0.202/32
2024-10-16T12:40:07.477757490Z 2024-10-16T12:40:07Z INFO [routing] local ipnet found: fe80::/64
2024-10-16T12:40:27.577557050Z 2024-10-16T12:40:27Z INFO [firewall] enabling...
2024-10-16T12:40:27.577677306Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --policy INPUT DROP
2024-10-16T12:40:27.601631469Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --policy OUTPUT DROP
2024-10-16T12:40:27.625594992Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --policy FORWARD DROP
2024-10-16T12:40:27.629280065Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --policy INPUT DROP
2024-10-16T12:40:27.682107799Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --policy OUTPUT DROP
2024-10-16T12:40:27.705764923Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --policy FORWARD DROP
2024-10-16T12:40:27.709618319Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append INPUT -i lo -j ACCEPT
2024-10-16T12:40:27.714585041Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i lo -j ACCEPT
2024-10-16T12:40:27.720091815Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o lo -j ACCEPT
2024-10-16T12:40:27.728740546Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o lo -j ACCEPT
2024-10-16T12:40:27.731549164Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.734377519Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.737391650Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.740272251Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.742068981Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.16.0.205 -d 172.16.0.202/32 -j ACCEPT
2024-10-16T12:40:27.743828602Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -d ff02::1:ff00:0/104 -j ACCEPT
2024-10-16T12:40:27.745657961Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -s fe80::3819:6eff:fe64:cc42 -d fe80::/64 -j ACCEPT
2024-10-16T12:40:27.747117175Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -d 172.16.0.202/32 -j ACCEPT
2024-10-16T12:40:27.748374386Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -d fe80::/64 -j ACCEPT
2024-10-16T12:40:27.749710005Z 2024-10-16T12:40:27Z INFO [firewall] enabled successfully
2024-10-16T12:40:27.955901978Z 2024-10-16T12:40:27Z INFO [storage] creating /gluetun/servers.json with 20553 hardcoded servers
2024-10-16T12:40:28.033473187Z 2024-10-16T12:40:28Z DEBUG [netlink] IPv6 is supported by link eth0
2024-10-16T12:40:28.033575378Z 2024-10-16T12:40:28Z INFO Alpine version: 3.20.3
2024-10-16T12:40:28.035868623Z 2024-10-16T12:40:28Z INFO OpenVPN 2.5 version: 2.5.10
2024-10-16T12:40:28.037733866Z 2024-10-16T12:40:28Z INFO OpenVPN 2.6 version: 2.6.11
2024-10-16T12:40:28.038451984Z 2024-10-16T12:40:28Z INFO IPtables version: v1.8.10
2024-10-16T12:40:28.038589555Z 2024-10-16T12:40:28Z INFO Settings summary:
2024-10-16T12:40:28.038596343Z ├── VPN settings:
2024-10-16T12:40:28.038600122Z |   ├── VPN provider settings:
2024-10-16T12:40:28.038603151Z |   |   ├── Name: custom
2024-10-16T12:40:28.038606214Z |   |   ├── Server selection settings:
2024-10-16T12:40:28.038609564Z |   |   |   ├── VPN type: wireguard
2024-10-16T12:40:28.038612933Z |   |   |   └── Wireguard selection settings:
2024-10-16T12:40:28.038616449Z |   |   |       ├── Endpoint IP address: 138.199.6.179
2024-10-16T12:40:28.038619903Z |   |   |       ├── Endpoint port: 51820
2024-10-16T12:40:28.038623168Z |   |   |       └── Server public key: +WRsjA7z/PQqasrqiUVo3Tug+go7W2DXjO2p3TTeagk=
2024-10-16T12:40:28.038626714Z |   |   └── Automatic port forwarding settings:
2024-10-16T12:40:28.038630194Z |   |       ├── Redirection listening port: disabled
2024-10-16T12:40:28.038633233Z |   |       ├── Use code for provider: protonvpn
2024-10-16T12:40:28.038636044Z |   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
2024-10-16T12:40:28.038638716Z |   └── Wireguard settings:
2024-10-16T12:40:28.038641311Z |       ├── Private key: cL5...Fg=
2024-10-16T12:40:28.038644038Z |       ├── Interface addresses:
2024-10-16T12:40:28.038646682Z |       |   └── 10.2.0.2/32
2024-10-16T12:40:28.038649510Z |       ├── Allowed IPs:
2024-10-16T12:40:28.038652354Z |       |   ├── 0.0.0.0/0
2024-10-16T12:40:28.038656719Z |       |   └── ::/0
2024-10-16T12:40:28.038659686Z |       └── Network interface: tun0
2024-10-16T12:40:28.038662651Z |           └── MTU: 1400
2024-10-16T12:40:28.038665406Z ├── DNS settings:
2024-10-16T12:40:28.038668362Z |   ├── Keep existing nameserver(s): no
2024-10-16T12:40:28.038671884Z |   ├── DNS server address to use: 127.0.0.1
2024-10-16T12:40:28.038675050Z |   └── DNS over TLS settings:
2024-10-16T12:40:28.038677993Z |       ├── Enabled: yes
2024-10-16T12:40:28.038681455Z |       ├── Update period: every 24h0m0s
2024-10-16T12:40:28.038684780Z |       ├── Upstream resolvers:
2024-10-16T12:40:28.038687843Z |       |   └── cloudflare
2024-10-16T12:40:28.038695877Z |       ├── Caching: yes
2024-10-16T12:40:28.038698987Z |       ├── IPv6: no
2024-10-16T12:40:28.038702180Z |       └── DNS filtering settings:
2024-10-16T12:40:28.038708668Z |           ├── Block malicious: yes
2024-10-16T12:40:28.038712058Z |           ├── Block ads: no
2024-10-16T12:40:28.038714927Z |           ├── Block surveillance: no
2024-10-16T12:40:28.038717729Z |           └── Blocked IP networks:
2024-10-16T12:40:28.038720353Z |               ├── 127.0.0.1/8
2024-10-16T12:40:28.038723228Z |               ├── 10.0.0.0/8
2024-10-16T12:40:28.038726070Z |               ├── 172.16.0.0/12
2024-10-16T12:40:28.038728823Z |               ├── 192.168.0.0/16
2024-10-16T12:40:28.038731755Z |               ├── 169.254.0.0/16
2024-10-16T12:40:28.038734725Z |               ├── ::1/128
2024-10-16T12:40:28.038737657Z |               ├── fc00::/7
2024-10-16T12:40:28.038740423Z |               ├── fe80::/10
2024-10-16T12:40:28.038742918Z |               ├── ::ffff:127.0.0.1/104
2024-10-16T12:40:28.038745493Z |               ├── ::ffff:10.0.0.0/104
2024-10-16T12:40:28.038748076Z |               ├── ::ffff:169.254.0.0/112
2024-10-16T12:40:28.038750667Z |               ├── ::ffff:172.16.0.0/108
2024-10-16T12:40:28.038753436Z |               └── ::ffff:192.168.0.0/112
2024-10-16T12:40:28.038756341Z ├── Firewall settings:
2024-10-16T12:40:28.038759277Z |   ├── Enabled: yes
2024-10-16T12:40:28.038762089Z |   ├── Debug mode: on
2024-10-16T12:40:28.038764762Z |   ├── Input ports:
2024-10-16T12:40:28.038767305Z |   |   ├── 10095
2024-10-16T12:40:28.038770159Z |   |   └── 8000
2024-10-16T12:40:28.038773185Z |   └── Outbound subnets:
2024-10-16T12:40:28.038776015Z |       ├── 172.16.0.0/16
2024-10-16T12:40:28.038779017Z |       └── 172.17.0.0/16
2024-10-16T12:40:28.038782095Z ├── Log settings:
2024-10-16T12:40:28.038785046Z |   └── Log level: debug
2024-10-16T12:40:28.038787992Z ├── Health settings:
2024-10-16T12:40:28.038792991Z |   ├── Server listening address: 127.0.0.1:9999
2024-10-16T12:40:28.038796287Z |   ├── Target address: cloudflare.com:443
2024-10-16T12:40:28.038799258Z |   ├── Duration to wait after success: 5s
2024-10-16T12:40:28.038802301Z |   ├── Read header timeout: 100ms
2024-10-16T12:40:28.038806017Z |   ├── Read timeout: 500ms
2024-10-16T12:40:28.038808993Z |   └── VPN wait durations:
2024-10-16T12:40:28.038812102Z |       ├── Initial duration: 6s
2024-10-16T12:40:28.038814936Z |       └── Additional duration: 5s
2024-10-16T12:40:28.038818052Z ├── Shadowsocks server settings:
2024-10-16T12:40:28.038820943Z |   └── Enabled: no
2024-10-16T12:40:28.038823767Z ├── HTTP proxy settings:
2024-10-16T12:40:28.038826739Z |   ├── Enabled: yes
2024-10-16T12:40:28.038829842Z |   ├── Listening address: :8888
2024-10-16T12:40:28.038832665Z |   ├── User: 
2024-10-16T12:40:28.038835716Z |   ├── Password: [not set]
2024-10-16T12:40:28.038838612Z |   ├── Stealth mode: no
2024-10-16T12:40:28.038841537Z |   ├── Log: yes
2024-10-16T12:40:28.038844443Z |   ├── Read header timeout: 1s
2024-10-16T12:40:28.038847414Z |   └── Read timeout: 3s
2024-10-16T12:40:28.038850375Z ├── Control server settings:
2024-10-16T12:40:28.038853355Z |   ├── Listening address: :8000
2024-10-16T12:40:28.038856388Z |   ├── Logging: yes
2024-10-16T12:40:28.038862438Z |   └── Authentication file path: /gluetun/auth/config.toml
2024-10-16T12:40:28.038865754Z ├── Storage settings:
2024-10-16T12:40:28.038869069Z |   └── Filepath: /gluetun/servers.json
2024-10-16T12:40:28.038871985Z ├── OS Alpine settings:
2024-10-16T12:40:28.038875241Z |   ├── Process UID: 568
2024-10-16T12:40:28.038879264Z |   ├── Process GID: 568
2024-10-16T12:40:28.038882507Z |   └── Timezone: UTC
2024-10-16T12:40:28.038885904Z ├── Public IP settings:
2024-10-16T12:40:28.038889179Z |   ├── IP file path: /tmp/gluetun/ip
2024-10-16T12:40:28.038892462Z |   └── Public IP data API: ipinfo
2024-10-16T12:40:28.038895946Z └── Version settings:
2024-10-16T12:40:28.038899294Z     └── Enabled: yes
2024-10-16T12:40:28.039164873Z 2024-10-16T12:40:28Z INFO [routing] default route found: interface eth0, gateway 172.16.0.202, assigned IP 172.16.0.205 and family v4
2024-10-16T12:40:28.039171383Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add from 172.16.0.205/32 lookup 200 pref 100
2024-10-16T12:40:28.039232590Z 2024-10-16T12:40:28Z INFO [routing] adding route for 0.0.0.0/0
2024-10-16T12:40:28.039241883Z 2024-10-16T12:40:28Z DEBUG [routing] ip route replace 0.0.0.0/0 via 172.16.0.202 dev eth0 table 200
2024-10-16T12:40:28.039382167Z 2024-10-16T12:40:28Z INFO [firewall] setting allowed subnets...
2024-10-16T12:40:28.039388337Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.16.0.205 -d 172.16.0.0/16 -j ACCEPT
2024-10-16T12:40:28.040234521Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.16.0.205 -d 172.17.0.0/16 -j ACCEPT
2024-10-16T12:40:28.041291363Z 2024-10-16T12:40:28Z INFO [routing] default route found: interface eth0, gateway 172.16.0.202, assigned IP 172.16.0.205 and family v4
2024-10-16T12:40:28.041308073Z 2024-10-16T12:40:28Z INFO [routing] adding route for 172.16.0.0/16
2024-10-16T12:40:28.041311255Z 2024-10-16T12:40:28Z DEBUG [routing] ip route replace 172.16.0.0/16 via 172.16.0.202 dev eth0 table 199
2024-10-16T12:40:28.041358829Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to 172.16.0.0/16 lookup 199 pref 99
2024-10-16T12:40:28.041446216Z 2024-10-16T12:40:28Z INFO [routing] adding route for 172.17.0.0/16
2024-10-16T12:40:28.041505755Z 2024-10-16T12:40:28Z DEBUG [routing] ip route replace 172.17.0.0/16 via 172.16.0.202 dev eth0 table 199
2024-10-16T12:40:28.041582738Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to 172.17.0.0/16 lookup 199 pref 99
2024-10-16T12:40:28.041659446Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to 172.16.0.202/32 lookup 254 pref 98
2024-10-16T12:40:28.041707241Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to fe80::/64 lookup 254 pref 98
2024-10-16T12:40:28.041759895Z 2024-10-16T12:40:28Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-10-16T12:40:28.041824104Z 2024-10-16T12:40:28Z INFO [firewall] setting allowed input port 10095 through interface eth0...
2024-10-16T12:40:28.041901668Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p tcp -m tcp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.042711709Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p tcp -m tcp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.043483668Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p udp -m udp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.044403791Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p udp -m udp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.045285475Z 2024-10-16T12:40:28Z INFO [firewall] setting allowed input port 8000 through interface eth0...
2024-10-16T12:40:28.045313821Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p tcp -m tcp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.046422281Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p tcp -m tcp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.047249981Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p udp -m udp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.048083846Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p udp -m udp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.049122377Z 2024-10-16T12:40:28Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-16T12:40:28.049212872Z 2024-10-16T12:40:28Z INFO [http proxy] listening on :8888
2024-10-16T12:40:28.049405362Z 2024-10-16T12:40:28Z INFO [http server] http server listening on [::]:8000
2024-10-16T12:40:28.049414840Z 2024-10-16T12:40:28Z DEBUG [wireguard] Wireguard server public key: +WRsjA7z/PQqasrqiUVo3Tug+go7W2DXjO2p3TTeagk=
2024-10-16T12:40:28.049417592Z 2024-10-16T12:40:28Z DEBUG [wireguard] Wireguard client private key: cL5...Fg=
2024-10-16T12:40:28.049419755Z 2024-10-16T12:40:28Z DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-10-16T12:40:28.049422238Z 2024-10-16T12:40:28Z INFO [firewall] allowing VPN connection...
2024-10-16T12:40:28.049428220Z 2024-10-16T12:40:28Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-16T12:40:28.049550163Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -d 138.199.6.179 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2024-10-16T12:40:28.051185445Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o tun0 -j ACCEPT
2024-10-16T12:40:28.052130172Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-10-16T12:40:28.053264417Z 2024-10-16T12:40:28Z INFO [wireguard] Using available kernelspace implementation
2024-10-16T12:40:28.053876589Z 2024-10-16T12:40:28Z INFO [wireguard] Connecting to 138.199.6.179:51820
2024-10-16T12:40:28.054214008Z 2024-10-16T12:40:28Z INFO [wireguard] existing rules are:
2024-10-16T12:40:28.054222099Z ip rule 0: from all to all table 255
2024-10-16T12:40:28.054224930Z ip rule 98: from all to fe80::/64 table 254
2024-10-16T12:40:28.054227106Z ip rule 101: from all to all table 51820
2024-10-16T12:40:28.054230360Z ip rule 32766: from all to all table 254
2024-10-16T12:40:28.054244294Z 2024-10-16T12:40:28Z DEBUG [wireguard] closing controller client...
2024-10-16T12:40:28.054287950Z 2024-10-16T12:40:28Z DEBUG [wireguard] shutting down link...
2024-10-16T12:40:28.054321183Z 2024-10-16T12:40:28Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-16T12:40:28.054325582Z 2024-10-16T12:40:28Z INFO [vpn] retrying in 15s
2024-10-16T12:40:28.093583668Z 2024-10-16T12:40:28Z DEBUG [wireguard] deleting link...
2024-10-16T12:40:34.049663697Z 2024-10-16T12:40:34Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-10-16T12:40:34.049685918Z 2024-10-16T12:40:34Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-16T12:40:34.049689653Z 2024-10-16T12:40:34Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-16T12:40:36.804952765Z 2024-10-16T12:40:36Z WARN [http server] route GET /v1/openvpn/portforwarded is unprotected by default, please set up authentication following the documentation at https://github.com/qdm12/gluetun-wiki/setup/advanced/control-server.md#authentication since this will become no longer publicly accessible after release v3.40.
2024-10-16T12:40:36.804979028Z 2024-10-16T12:40:36Z DEBUG [http server] access to route GET /v1/openvpn/portforwarded authorized for role public
2024-10-16T12:40:36.804990115Z 2024-10-16T12:40:36Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.16.0.122:54690 in 43.884µs
2024-10-16T12:40:43.054412189Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard server public key: +WRsjA7z/PQqasrqiUVo3Tug+go7W2DXjO2p3TTeagk=
2024-10-16T12:40:43.054436502Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard client private key: cL5...Fg=
2024-10-16T12:40:43.054439721Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-10-16T12:40:43.054442233Z 2024-10-16T12:40:43Z INFO [firewall] allowing VPN connection...
2024-10-16T12:40:43.054516338Z 2024-10-16T12:40:43Z INFO [wireguard] Using available kernelspace implementation
2024-10-16T12:40:43.055384038Z 2024-10-16T12:40:43Z INFO [wireguard] Connecting to 138.199.6.179:51820
2024-10-16T12:40:43.055658450Z 2024-10-16T12:40:43Z INFO [wireguard] existing rules are:
2024-10-16T12:40:43.055665878Z ip rule 0: from all to all table 255
2024-10-16T12:40:43.055670121Z ip rule 98: from all to fe80::/64 table 254
2024-10-16T12:40:43.055672327Z ip rule 101: from all to all table 51820
2024-10-16T12:40:43.055674562Z ip rule 32766: from all to all table 254
2024-10-16T12:40:43.055676924Z 2024-10-16T12:40:43Z DEBUG [wireguard] closing controller client...
2024-10-16T12:40:43.055682765Z 2024-10-16T12:40:43Z DEBUG [wireguard] shutting down link...
2024-10-16T12:40:43.055703579Z 2024-10-16T12:40:43Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists

With provider:custom is fails straight away, when I set the provider to protonvpn the VPN connects, everything works for between 5 tot 20 minutes. Qbittorrent can download with 200mbps in that time, then the VPN becomes unhealthy, restarts and 'bootloops' with the same iptables file exists error from which it never recovers (unless i manually restart the pod, then it works again for sometime before it fails again).

qdm12 / gluetun