Open Ttfgggf opened 3 days ago
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
Same issue found recently, can't trace exactly when it started, but I'm getting the same logs. I'm running gluetun on a Kubernetes pod, using Mullvad VPN with gluetun version 3.38 (and 3.39.1 recently) with Wireguard configuration
Oddly it seems that ipv6 rule exists before Gluetun does anything, not too sure why, let's try to find why first.
LOG_LEVEL=debug
?ip -6 rule
within Gluetunip -6 rule
within an alpine:3.20
container with NET_ADMIN privileges? With dumb docker run that would be docker run --rm --cap-add NET_ADMIN alpine:3.20 ip -6 rule
PS: in case this cannot be fixed, I can change the code to consider "file exists" as yep it has been created ok, but I would prefer to understand the root cause if possible since this isn't normal behavior really. Also I'm inclined to think this is a host system/kernel problem, since other users are running gluetun with ipv6 just fine.
I went the extra yard (not mile yet π) to have an image tag pr-2526
to run (see #2526) - can you please run it? It should log at the info level all the rules in case it fails to add a rule with error file exists
.
I went the extra yard (not mile yet π) to have an image tag
pr-2526
to run (see #2526) - can you please run it? It should log at the info level all the rules in case it fails to add a rule with errorfile exists
.
Cool. Let me give it a go.
Result of LOG_LEVEL=debug
========================================
=============== gluetun ================
========================================
=========== Made with β€οΈ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version pr-2526 built on 2024-10-15T14:07:19.546Z (commit a8399fd)
π£ All control server routes will become private by default after the v3.41.0 release
π§ Need help? β Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
π Bug? β¨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
π» Email? quentin.mcgaw@gmail.com
π° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-15T17:14:07+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.145 and family v4
2024-10-15T17:14:07+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::184 and family v6
2024-10-15T17:14:07+01:00 INFO [routing] local ethernet link found: eth0
2024-10-15T17:14:07+01:00 INFO [routing] local ipnet found: 10.30.0.0/24
2024-10-15T17:14:07+01:00 INFO [routing] local ipnet found: fd38:753:6ed4:4540::/64
2024-10-15T17:14:07+01:00 INFO [routing] local ipnet found: fe80::/64
2024-10-15T17:14:07+01:00 INFO [firewall] enabling...
2024-10-15T17:14:07+01:00 INFO [firewall] enabled successfully
2024-10-15T17:14:08+01:00 INFO [storage] merging by most recent 20553 hardcoded servers and 20553 servers read from /gluetun/servers.json
2024-10-15T17:14:08+01:00 INFO Alpine version: 3.20.3
2024-10-15T17:14:08+01:00 INFO OpenVPN 2.5 version: 2.5.10
2024-10-15T17:14:08+01:00 INFO OpenVPN 2.6 version: 2.6.11
2024-10-15T17:14:08+01:00 INFO IPtables version: v1.8.10
2024-10-15T17:14:08+01:00 INFO Settings summary:
βββ VPN settings:
| βββ VPN provider settings:
| | βββ Name: airvpn
| | βββ Server selection settings:
| | βββ VPN type: wireguard
| | βββ Cities: London
| | βββ Wireguard selection settings:
| βββ Wireguard settings:
| βββ Private key: #Blanked
| βββ Pre-shared key: #Blanked
| βββ Interface addresses:
| | βββ 10.182.169.209/32
| | βββ fd7d:76ee:e68f:a993:d3e0:138a:9151:3c9a/128
| βββ Allowed IPs:
| | βββ 0.0.0.0/0
| | βββ ::/0
| βββ Network interface: tun0
| βββ MTU: 1400
βββ DNS settings:
| βββ Keep existing nameserver(s): no
| βββ DNS server address to use: 127.0.0.1
| βββ DNS over TLS settings:
| βββ Enabled: yes
| βββ Update period: every 24h0m0s
| βββ Upstream resolvers:
| | βββ cloudflare
| | βββ quad9
| βββ Caching: yes
| βββ IPv6: yes
| βββ DNS filtering settings:
| βββ Block malicious: yes
| βββ Block ads: no
| βββ Block surveillance: no
| βββ Blocked IP networks:
| βββ 127.0.0.1/8
| βββ 10.0.0.0/8
| βββ 172.16.0.0/12
| βββ 192.168.0.0/16
| βββ 169.254.0.0/16
| βββ ::1/128
| βββ fc00::/7
| βββ fe80::/10
| βββ ::ffff:127.0.0.1/104
| βββ ::ffff:10.0.0.0/104
| βββ ::ffff:169.254.0.0/112
| βββ ::ffff:172.16.0.0/108
| βββ ::ffff:192.168.0.0/112
βββ Firewall settings:
| βββ Enabled: yes
| βββ VPN input ports:
| | βββ 12636
| | βββ 32400
| βββ Outbound subnets:
| βββ 10.0.0.0/8
βββ Log settings:
| βββ Log level: info
βββ Health settings:
| βββ Server listening address: 127.0.0.1:9999
| βββ Target address: cloudflare.com:443
| βββ Duration to wait after success: 5s
| βββ Read header timeout: 100ms
| βββ Read timeout: 500ms
| βββ VPN wait durations:
| βββ Initial duration: 6s
| βββ Additional duration: 5s
βββ Shadowsocks server settings:
| βββ Enabled: yes
| βββ Listening address: :8388
| βββ Cipher: chacha20-ietf-poly1305
| βββ Password: [not set]
| βββ Log addresses: no
βββ HTTP proxy settings:
| βββ Enabled: yes
| βββ Listening address: :8888
| βββ User:
| βββ Password: [not set]
| βββ Stealth mode: no
| βββ Log: no
| βββ Read header timeout: 1s
| βββ Read timeout: 3s
βββ Control server settings:
| βββ Listening address: :8000
| βββ Logging: yes
| βββ Authentication file path: /gluetun/auth/config.toml
βββ Storage settings:
| βββ Filepath: /gluetun/servers.json
βββ OS Alpine settings:
| βββ Process UID: 1000
| βββ Process GID: 1002
| βββ Timezone: Europe/London
βββ Public IP settings:
| βββ IP file path: /tmp/gluetun/ip
| βββ Public IP data API: ipinfo
βββ Server data updater settings:
| βββ Update period: 24h0m0s
| βββ DNS address: 1.1.1.1:53
| βββ Minimum ratio: 0.8
| βββ Providers to update: airvpn
βββ Version settings:
βββ Enabled: yes
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.145 and family v4
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::184 and family v6
2024-10-15T17:14:08+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-10-15T17:14:08+01:00 INFO [routing] adding route for ::/0
2024-10-15T17:14:08+01:00 INFO [firewall] setting allowed subnets...
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway 10.30.0.1, assigned IP 10.30.0.145 and family v4
2024-10-15T17:14:08+01:00 INFO [routing] default route found: interface eth0, gateway fd38:753:6ed4:4540::1, assigned IP fd38:753:6ed4:4540::184 and family v6
2024-10-15T17:14:08+01:00 INFO [routing] adding route for 10.0.0.0/8
2024-10-15T17:14:08+01:00 INFO [http proxy] listening on :8888
2024-10-15T17:14:08+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-15T17:14:08+01:00 INFO [http server] http server listening on [::]:8000
2024-10-15T17:14:08+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-15T17:14:08+01:00 INFO [firewall] allowing VPN connection...
2024-10-15T17:14:08+01:00 INFO [shadowsocks] listening TCP on [::]:8388
2024-10-15T17:14:08+01:00 INFO [shadowsocks] listening UDP on [::]:8388
2024-10-15T17:14:08+01:00 INFO [wireguard] Using available kernelspace implementation
2024-10-15T17:14:08+01:00 INFO [wireguard] Connecting to 217.138.195.18:1637
2024-10-15T17:14:08+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-10-15T17:14:08+01:00 INFO [firewall] setting allowed input port 12636 through interface tun0...
2024-10-15T17:14:08+01:00 INFO [firewall] setting allowed input port 32400 through interface tun0...
2024-10-15T17:14:08+01:00 INFO [dns] downloading hostnames and IP block lists
2024-10-15T17:14:09+01:00 INFO [dns] DNS server listening on [::]:53
2024-10-15T17:14:09+01:00 INFO [dns] ready
2024-10-15T17:14:09+01:00 INFO [healthcheck] healthy!
2024-10-15T17:14:09+01:00 INFO [ip getter] Public IP address is 217.138.195.19 (United Kingdom, England, London)
2024-10-15T17:14:10+01:00 INFO [vpn] There is a new release v3.39.1 (v3.39.1) created 15 days ago
2024-10-15T17:14:23+01:00 INFO [healthcheck] healthy!
2024-10-15T17:18:01+01:00 INFO [healthcheck] healthy!
/ # ip -6 rule
0: from all lookup local
98: from all to fd38:753:6ed4:4540::/64 lookup main
98: from all to fe80::/64 lookup main
100: from fd38:753:6ed4:4540::184 lookup 200
101: not from all fwmark 0xca6c lookup 51820
32766: from all lookup main
/ #
root@example:/etc/containers/systemd# podman run --rm --cap-add NET_ADMIN alpine:3.20 ip -6 rule
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:3.20...
Getting image source signatures
Copying blob 43c4264eed91 skipped: already exists
Copying config 91ef0af61f done |
Writing manifest to image destination
0: from all lookup local
32766: from all lookup main
root@example:/etc/containers/systemd#
I went the extra yard (not mile yet π) to have an image tag
pr-2526
to run (see #2526) - can you please run it? It should log at the info level all the rules in case it fails to add a rule with errorfile exists
.
Just to add to the above info. At the moment while Gluetun isn't connected to the rest of the containers that I am running on Fedora there is a VPN connected to the Host of the containers via opnSENSE Wireguard Selective Routing. So maybe that is affecting the containers . Additionally, I run ULAs IPv6 Addresses internally on my LAN. So that is why you may see it is successful in the logs, but I am not 100% sure if that will affect it.
@Ttfgggf Wait I'm a bit confused, why is the container not crashing in the last logs you shared with the error [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
on the first try, and it seems to succeed?
@Ttfgggf Wait I'm a bit confused, why is the container not crashing in the last logs you shared with the error
[vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
on the first try, and it seems to succeed?
Not sure to be honest, but it has crashed. Could SELinux be affecting it?
Right now nothing is connected to the gluetun container. But there is another AirVPN connection to the machine hosting gluetun is using in the meantime. With a Local ULA for IPV6 and an IPV4 address.
I'm running into the same issue. Tried to run pr-2526 image but get the same behavior. Logs:
2024-10-16T12:40:43.054436502Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard client private key: cL5...Fg=
2024-10-16T12:40:43.054439721Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-10-16T12:40:43.054442233Z 2024-10-16T12:40:43Z INFO [firewall] allowing VPN connection...
2024-10-16T12:40:43.054516338Z 2024-10-16T12:40:43Z INFO [wireguard] Using available kernelspace implementation
2024-10-16T12:40:43.055384038Z 2024-10-16T12:40:43Z INFO [wireguard] Connecting to 138.199.6.179:51820
2024-10-16T12:40:43.055658450Z 2024-10-16T12:40:43Z INFO [wireguard] existing rules are:
2024-10-16T12:40:43.055665878Z ip rule 0: from all to all table 255
2024-10-16T12:40:43.055670121Z ip rule 98: from all to fe80::/64 table 254
2024-10-16T12:40:43.055672327Z ip rule 101: from all to all table 51820
2024-10-16T12:40:43.055674562Z ip rule 32766: from all to all table 254
2024-10-16T12:40:43.055676924Z 2024-10-16T12:40:43Z DEBUG [wireguard] closing controller client...
2024-10-16T12:40:43.055682765Z 2024-10-16T12:40:43Z DEBUG [wireguard] shutting down link...
2024-10-16T12:40:43.055703579Z 2024-10-16T12:40:43Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-16T12:40:43.055724206Z 2024-10-16T12:40:43Z INFO [vpn] retrying in 30s
2024-10-16T12:40:43.093039887Z 2024-10-16T12:40:43Z DEBUG [wireguard] deleting link...
2024-10-16T12:40:07.475309839Z ========================================
2024-10-16T12:40:07.475336998Z ========================================
2024-10-16T12:40:07.475341192Z =============== gluetun ================
2024-10-16T12:40:07.475343569Z ========================================
2024-10-16T12:40:07.475345760Z =========== Made with β€οΈ by ============
2024-10-16T12:40:07.475347916Z ======= https://github.com/qdm12 =======
2024-10-16T12:40:07.475350059Z ========================================
2024-10-16T12:40:07.475352178Z ========================================
2024-10-16T12:40:07.475354210Z
2024-10-16T12:40:07.475357138Z Running version pr-2526 built on 2024-10-15T14:07:19.546Z (commit a8399fd)
2024-10-16T12:40:07.475359160Z
2024-10-16T12:40:07.475362047Z π£ All control server routes will become private by default after the v3.41.0 release
2024-10-16T12:40:07.475363996Z
2024-10-16T12:40:07.475366138Z π§ Need help? β Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
2024-10-16T12:40:07.475368290Z π Bug? β¨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
2024-10-16T12:40:07.475370567Z π» Email? quentin.mcgaw@gmail.com
2024-10-16T12:40:07.475372812Z π° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-16T12:40:07.475545163Z 2024-10-16T12:40:07Z WARN You are using the old environment variable UID, please consider changing it to PUID
2024-10-16T12:40:07.475549196Z 2024-10-16T12:40:07Z WARN You are using the old environment variable GID, please consider changing it to PGID
2024-10-16T12:40:07.477295887Z 2024-10-16T12:40:07Z INFO [routing] default route found: interface eth0, gateway 172.16.0.202, assigned IP 172.16.0.205 and family v4
2024-10-16T12:40:07.477574440Z 2024-10-16T12:40:07Z INFO [routing] local ethernet link found: eth0
2024-10-16T12:40:07.477639200Z 2024-10-16T12:40:07Z INFO [routing] local ipnet found: 172.16.0.202/32
2024-10-16T12:40:07.477757490Z 2024-10-16T12:40:07Z INFO [routing] local ipnet found: fe80::/64
2024-10-16T12:40:27.577557050Z 2024-10-16T12:40:27Z INFO [firewall] enabling...
2024-10-16T12:40:27.577677306Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --policy INPUT DROP
2024-10-16T12:40:27.601631469Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --policy OUTPUT DROP
2024-10-16T12:40:27.625594992Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --policy FORWARD DROP
2024-10-16T12:40:27.629280065Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --policy INPUT DROP
2024-10-16T12:40:27.682107799Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --policy OUTPUT DROP
2024-10-16T12:40:27.705764923Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --policy FORWARD DROP
2024-10-16T12:40:27.709618319Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append INPUT -i lo -j ACCEPT
2024-10-16T12:40:27.714585041Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i lo -j ACCEPT
2024-10-16T12:40:27.720091815Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o lo -j ACCEPT
2024-10-16T12:40:27.728740546Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o lo -j ACCEPT
2024-10-16T12:40:27.731549164Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.734377519Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.737391650Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.740272251Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2024-10-16T12:40:27.742068981Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.16.0.205 -d 172.16.0.202/32 -j ACCEPT
2024-10-16T12:40:27.743828602Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -d ff02::1:ff00:0/104 -j ACCEPT
2024-10-16T12:40:27.745657961Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -s fe80::3819:6eff:fe64:cc42 -d fe80::/64 -j ACCEPT
2024-10-16T12:40:27.747117175Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -d 172.16.0.202/32 -j ACCEPT
2024-10-16T12:40:27.748374386Z 2024-10-16T12:40:27Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -d fe80::/64 -j ACCEPT
2024-10-16T12:40:27.749710005Z 2024-10-16T12:40:27Z INFO [firewall] enabled successfully
2024-10-16T12:40:27.955901978Z 2024-10-16T12:40:27Z INFO [storage] creating /gluetun/servers.json with 20553 hardcoded servers
2024-10-16T12:40:28.033473187Z 2024-10-16T12:40:28Z DEBUG [netlink] IPv6 is supported by link eth0
2024-10-16T12:40:28.033575378Z 2024-10-16T12:40:28Z INFO Alpine version: 3.20.3
2024-10-16T12:40:28.035868623Z 2024-10-16T12:40:28Z INFO OpenVPN 2.5 version: 2.5.10
2024-10-16T12:40:28.037733866Z 2024-10-16T12:40:28Z INFO OpenVPN 2.6 version: 2.6.11
2024-10-16T12:40:28.038451984Z 2024-10-16T12:40:28Z INFO IPtables version: v1.8.10
2024-10-16T12:40:28.038589555Z 2024-10-16T12:40:28Z INFO Settings summary:
2024-10-16T12:40:28.038596343Z βββ VPN settings:
2024-10-16T12:40:28.038600122Z | βββ VPN provider settings:
2024-10-16T12:40:28.038603151Z | | βββ Name: custom
2024-10-16T12:40:28.038606214Z | | βββ Server selection settings:
2024-10-16T12:40:28.038609564Z | | | βββ VPN type: wireguard
2024-10-16T12:40:28.038612933Z | | | βββ Wireguard selection settings:
2024-10-16T12:40:28.038616449Z | | | βββ Endpoint IP address: 138.199.6.179
2024-10-16T12:40:28.038619903Z | | | βββ Endpoint port: 51820
2024-10-16T12:40:28.038623168Z | | | βββ Server public key: +WRsjA7z/PQqasrqiUVo3Tug+go7W2DXjO2p3TTeagk=
2024-10-16T12:40:28.038626714Z | | βββ Automatic port forwarding settings:
2024-10-16T12:40:28.038630194Z | | βββ Redirection listening port: disabled
2024-10-16T12:40:28.038633233Z | | βββ Use code for provider: protonvpn
2024-10-16T12:40:28.038636044Z | | βββ Forwarded port file path: /tmp/gluetun/forwarded_port
2024-10-16T12:40:28.038638716Z | βββ Wireguard settings:
2024-10-16T12:40:28.038641311Z | βββ Private key: cL5...Fg=
2024-10-16T12:40:28.038644038Z | βββ Interface addresses:
2024-10-16T12:40:28.038646682Z | | βββ 10.2.0.2/32
2024-10-16T12:40:28.038649510Z | βββ Allowed IPs:
2024-10-16T12:40:28.038652354Z | | βββ 0.0.0.0/0
2024-10-16T12:40:28.038656719Z | | βββ ::/0
2024-10-16T12:40:28.038659686Z | βββ Network interface: tun0
2024-10-16T12:40:28.038662651Z | βββ MTU: 1400
2024-10-16T12:40:28.038665406Z βββ DNS settings:
2024-10-16T12:40:28.038668362Z | βββ Keep existing nameserver(s): no
2024-10-16T12:40:28.038671884Z | βββ DNS server address to use: 127.0.0.1
2024-10-16T12:40:28.038675050Z | βββ DNS over TLS settings:
2024-10-16T12:40:28.038677993Z | βββ Enabled: yes
2024-10-16T12:40:28.038681455Z | βββ Update period: every 24h0m0s
2024-10-16T12:40:28.038684780Z | βββ Upstream resolvers:
2024-10-16T12:40:28.038687843Z | | βββ cloudflare
2024-10-16T12:40:28.038695877Z | βββ Caching: yes
2024-10-16T12:40:28.038698987Z | βββ IPv6: no
2024-10-16T12:40:28.038702180Z | βββ DNS filtering settings:
2024-10-16T12:40:28.038708668Z | βββ Block malicious: yes
2024-10-16T12:40:28.038712058Z | βββ Block ads: no
2024-10-16T12:40:28.038714927Z | βββ Block surveillance: no
2024-10-16T12:40:28.038717729Z | βββ Blocked IP networks:
2024-10-16T12:40:28.038720353Z | βββ 127.0.0.1/8
2024-10-16T12:40:28.038723228Z | βββ 10.0.0.0/8
2024-10-16T12:40:28.038726070Z | βββ 172.16.0.0/12
2024-10-16T12:40:28.038728823Z | βββ 192.168.0.0/16
2024-10-16T12:40:28.038731755Z | βββ 169.254.0.0/16
2024-10-16T12:40:28.038734725Z | βββ ::1/128
2024-10-16T12:40:28.038737657Z | βββ fc00::/7
2024-10-16T12:40:28.038740423Z | βββ fe80::/10
2024-10-16T12:40:28.038742918Z | βββ ::ffff:127.0.0.1/104
2024-10-16T12:40:28.038745493Z | βββ ::ffff:10.0.0.0/104
2024-10-16T12:40:28.038748076Z | βββ ::ffff:169.254.0.0/112
2024-10-16T12:40:28.038750667Z | βββ ::ffff:172.16.0.0/108
2024-10-16T12:40:28.038753436Z | βββ ::ffff:192.168.0.0/112
2024-10-16T12:40:28.038756341Z βββ Firewall settings:
2024-10-16T12:40:28.038759277Z | βββ Enabled: yes
2024-10-16T12:40:28.038762089Z | βββ Debug mode: on
2024-10-16T12:40:28.038764762Z | βββ Input ports:
2024-10-16T12:40:28.038767305Z | | βββ 10095
2024-10-16T12:40:28.038770159Z | | βββ 8000
2024-10-16T12:40:28.038773185Z | βββ Outbound subnets:
2024-10-16T12:40:28.038776015Z | βββ 172.16.0.0/16
2024-10-16T12:40:28.038779017Z | βββ 172.17.0.0/16
2024-10-16T12:40:28.038782095Z βββ Log settings:
2024-10-16T12:40:28.038785046Z | βββ Log level: debug
2024-10-16T12:40:28.038787992Z βββ Health settings:
2024-10-16T12:40:28.038792991Z | βββ Server listening address: 127.0.0.1:9999
2024-10-16T12:40:28.038796287Z | βββ Target address: cloudflare.com:443
2024-10-16T12:40:28.038799258Z | βββ Duration to wait after success: 5s
2024-10-16T12:40:28.038802301Z | βββ Read header timeout: 100ms
2024-10-16T12:40:28.038806017Z | βββ Read timeout: 500ms
2024-10-16T12:40:28.038808993Z | βββ VPN wait durations:
2024-10-16T12:40:28.038812102Z | βββ Initial duration: 6s
2024-10-16T12:40:28.038814936Z | βββ Additional duration: 5s
2024-10-16T12:40:28.038818052Z βββ Shadowsocks server settings:
2024-10-16T12:40:28.038820943Z | βββ Enabled: no
2024-10-16T12:40:28.038823767Z βββ HTTP proxy settings:
2024-10-16T12:40:28.038826739Z | βββ Enabled: yes
2024-10-16T12:40:28.038829842Z | βββ Listening address: :8888
2024-10-16T12:40:28.038832665Z | βββ User:
2024-10-16T12:40:28.038835716Z | βββ Password: [not set]
2024-10-16T12:40:28.038838612Z | βββ Stealth mode: no
2024-10-16T12:40:28.038841537Z | βββ Log: yes
2024-10-16T12:40:28.038844443Z | βββ Read header timeout: 1s
2024-10-16T12:40:28.038847414Z | βββ Read timeout: 3s
2024-10-16T12:40:28.038850375Z βββ Control server settings:
2024-10-16T12:40:28.038853355Z | βββ Listening address: :8000
2024-10-16T12:40:28.038856388Z | βββ Logging: yes
2024-10-16T12:40:28.038862438Z | βββ Authentication file path: /gluetun/auth/config.toml
2024-10-16T12:40:28.038865754Z βββ Storage settings:
2024-10-16T12:40:28.038869069Z | βββ Filepath: /gluetun/servers.json
2024-10-16T12:40:28.038871985Z βββ OS Alpine settings:
2024-10-16T12:40:28.038875241Z | βββ Process UID: 568
2024-10-16T12:40:28.038879264Z | βββ Process GID: 568
2024-10-16T12:40:28.038882507Z | βββ Timezone: UTC
2024-10-16T12:40:28.038885904Z βββ Public IP settings:
2024-10-16T12:40:28.038889179Z | βββ IP file path: /tmp/gluetun/ip
2024-10-16T12:40:28.038892462Z | βββ Public IP data API: ipinfo
2024-10-16T12:40:28.038895946Z βββ Version settings:
2024-10-16T12:40:28.038899294Z βββ Enabled: yes
2024-10-16T12:40:28.039164873Z 2024-10-16T12:40:28Z INFO [routing] default route found: interface eth0, gateway 172.16.0.202, assigned IP 172.16.0.205 and family v4
2024-10-16T12:40:28.039171383Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add from 172.16.0.205/32 lookup 200 pref 100
2024-10-16T12:40:28.039232590Z 2024-10-16T12:40:28Z INFO [routing] adding route for 0.0.0.0/0
2024-10-16T12:40:28.039241883Z 2024-10-16T12:40:28Z DEBUG [routing] ip route replace 0.0.0.0/0 via 172.16.0.202 dev eth0 table 200
2024-10-16T12:40:28.039382167Z 2024-10-16T12:40:28Z INFO [firewall] setting allowed subnets...
2024-10-16T12:40:28.039388337Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.16.0.205 -d 172.16.0.0/16 -j ACCEPT
2024-10-16T12:40:28.040234521Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.16.0.205 -d 172.17.0.0/16 -j ACCEPT
2024-10-16T12:40:28.041291363Z 2024-10-16T12:40:28Z INFO [routing] default route found: interface eth0, gateway 172.16.0.202, assigned IP 172.16.0.205 and family v4
2024-10-16T12:40:28.041308073Z 2024-10-16T12:40:28Z INFO [routing] adding route for 172.16.0.0/16
2024-10-16T12:40:28.041311255Z 2024-10-16T12:40:28Z DEBUG [routing] ip route replace 172.16.0.0/16 via 172.16.0.202 dev eth0 table 199
2024-10-16T12:40:28.041358829Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to 172.16.0.0/16 lookup 199 pref 99
2024-10-16T12:40:28.041446216Z 2024-10-16T12:40:28Z INFO [routing] adding route for 172.17.0.0/16
2024-10-16T12:40:28.041505755Z 2024-10-16T12:40:28Z DEBUG [routing] ip route replace 172.17.0.0/16 via 172.16.0.202 dev eth0 table 199
2024-10-16T12:40:28.041582738Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to 172.17.0.0/16 lookup 199 pref 99
2024-10-16T12:40:28.041659446Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to 172.16.0.202/32 lookup 254 pref 98
2024-10-16T12:40:28.041707241Z 2024-10-16T12:40:28Z DEBUG [routing] ip rule add to fe80::/64 lookup 254 pref 98
2024-10-16T12:40:28.041759895Z 2024-10-16T12:40:28Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-10-16T12:40:28.041824104Z 2024-10-16T12:40:28Z INFO [firewall] setting allowed input port 10095 through interface eth0...
2024-10-16T12:40:28.041901668Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p tcp -m tcp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.042711709Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p tcp -m tcp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.043483668Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p udp -m udp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.044403791Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p udp -m udp --dport 10095 -j ACCEPT
2024-10-16T12:40:28.045285475Z 2024-10-16T12:40:28Z INFO [firewall] setting allowed input port 8000 through interface eth0...
2024-10-16T12:40:28.045313821Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p tcp -m tcp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.046422281Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p tcp -m tcp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.047249981Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -p udp -m udp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.048083846Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append INPUT -i eth0 -p udp -m udp --dport 8000 -j ACCEPT
2024-10-16T12:40:28.049122377Z 2024-10-16T12:40:28Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-16T12:40:28.049212872Z 2024-10-16T12:40:28Z INFO [http proxy] listening on :8888
2024-10-16T12:40:28.049405362Z 2024-10-16T12:40:28Z INFO [http server] http server listening on [::]:8000
2024-10-16T12:40:28.049414840Z 2024-10-16T12:40:28Z DEBUG [wireguard] Wireguard server public key: +WRsjA7z/PQqasrqiUVo3Tug+go7W2DXjO2p3TTeagk=
2024-10-16T12:40:28.049417592Z 2024-10-16T12:40:28Z DEBUG [wireguard] Wireguard client private key: cL5...Fg=
2024-10-16T12:40:28.049419755Z 2024-10-16T12:40:28Z DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-10-16T12:40:28.049422238Z 2024-10-16T12:40:28Z INFO [firewall] allowing VPN connection...
2024-10-16T12:40:28.049428220Z 2024-10-16T12:40:28Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-16T12:40:28.049550163Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -d 138.199.6.179 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
2024-10-16T12:40:28.051185445Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/iptables --append OUTPUT -o tun0 -j ACCEPT
2024-10-16T12:40:28.052130172Z 2024-10-16T12:40:28Z DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o tun0 -j ACCEPT
2024-10-16T12:40:28.053264417Z 2024-10-16T12:40:28Z INFO [wireguard] Using available kernelspace implementation
2024-10-16T12:40:28.053876589Z 2024-10-16T12:40:28Z INFO [wireguard] Connecting to 138.199.6.179:51820
2024-10-16T12:40:28.054214008Z 2024-10-16T12:40:28Z INFO [wireguard] existing rules are:
2024-10-16T12:40:28.054222099Z ip rule 0: from all to all table 255
2024-10-16T12:40:28.054224930Z ip rule 98: from all to fe80::/64 table 254
2024-10-16T12:40:28.054227106Z ip rule 101: from all to all table 51820
2024-10-16T12:40:28.054230360Z ip rule 32766: from all to all table 254
2024-10-16T12:40:28.054244294Z 2024-10-16T12:40:28Z DEBUG [wireguard] closing controller client...
2024-10-16T12:40:28.054287950Z 2024-10-16T12:40:28Z DEBUG [wireguard] shutting down link...
2024-10-16T12:40:28.054321183Z 2024-10-16T12:40:28Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
2024-10-16T12:40:28.054325582Z 2024-10-16T12:40:28Z INFO [vpn] retrying in 15s
2024-10-16T12:40:28.093583668Z 2024-10-16T12:40:28Z DEBUG [wireguard] deleting link...
2024-10-16T12:40:34.049663697Z 2024-10-16T12:40:34Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-10-16T12:40:34.049685918Z 2024-10-16T12:40:34Z INFO [healthcheck] π See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-10-16T12:40:34.049689653Z 2024-10-16T12:40:34Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-10-16T12:40:36.804952765Z 2024-10-16T12:40:36Z WARN [http server] route GET /v1/openvpn/portforwarded is unprotected by default, please set up authentication following the documentation at https://github.com/qdm12/gluetun-wiki/setup/advanced/control-server.md#authentication since this will become no longer publicly accessible after release v3.40.
2024-10-16T12:40:36.804979028Z 2024-10-16T12:40:36Z DEBUG [http server] access to route GET /v1/openvpn/portforwarded authorized for role public
2024-10-16T12:40:36.804990115Z 2024-10-16T12:40:36Z INFO [http server] 200 GET /portforwarded wrote 11B to 172.16.0.122:54690 in 43.884Β΅s
2024-10-16T12:40:43.054412189Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard server public key: +WRsjA7z/PQqasrqiUVo3Tug+go7W2DXjO2p3TTeagk=
2024-10-16T12:40:43.054436502Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard client private key: cL5...Fg=
2024-10-16T12:40:43.054439721Z 2024-10-16T12:40:43Z DEBUG [wireguard] Wireguard pre-shared key: [not set]
2024-10-16T12:40:43.054442233Z 2024-10-16T12:40:43Z INFO [firewall] allowing VPN connection...
2024-10-16T12:40:43.054516338Z 2024-10-16T12:40:43Z INFO [wireguard] Using available kernelspace implementation
2024-10-16T12:40:43.055384038Z 2024-10-16T12:40:43Z INFO [wireguard] Connecting to 138.199.6.179:51820
2024-10-16T12:40:43.055658450Z 2024-10-16T12:40:43Z INFO [wireguard] existing rules are:
2024-10-16T12:40:43.055665878Z ip rule 0: from all to all table 255
2024-10-16T12:40:43.055670121Z ip rule 98: from all to fe80::/64 table 254
2024-10-16T12:40:43.055672327Z ip rule 101: from all to all table 51820
2024-10-16T12:40:43.055674562Z ip rule 32766: from all to all table 254
2024-10-16T12:40:43.055676924Z 2024-10-16T12:40:43Z DEBUG [wireguard] closing controller client...
2024-10-16T12:40:43.055682765Z 2024-10-16T12:40:43Z DEBUG [wireguard] shutting down link...
2024-10-16T12:40:43.055703579Z 2024-10-16T12:40:43Z ERROR [vpn] adding IPv6 rule: adding rule ip rule 101: from all to all table 51820: file exists
With provider:custom is fails straight away, when I set the provider to protonvpn the VPN connects, everything works for between 5 tot 20 minutes. Qbittorrent can download with 200mbps in that time, then the VPN becomes unhealthy, restarts and 'bootloops' with the same iptables file exists error from which it never recovers (unless i manually restart the pod, then it works again for sometime before it fails again).
Is this urgent?
None
Host OS
Fedora 40
CPU arch
x86_64
VPN service provider
AirVPN
What are you using to run the container
Podman
What is the version of Gluetun
Running version latest built on 2024-10-11T18:31:08.386Z (commit abe9dcb)
What's the problem π€
The problem is a similar to one to https://github.com/qdm12/gluetun/issues/1991. I made a change to my Podman Quadlet file and it stopped working although it was working before.
Share your logs (at least 10 lines)
Share your configuration