search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.13k stars 373 forks source link

Bug: dns over tls timing out on latest image (TLS handshake) #2533

Open Dreadwolf91 opened 1 month ago

Dreadwolf91 commented 1 month ago

Is this urgent?

No

Host OS

Ubuntu 64-bit

CPU arch

x86_64

VPN service provider

Surfshark

What are you using to run the container

docker-compose

What is the version of Gluetun

v3.39.1

What's the problem πŸ€”

When using the latest image i get no internet connection. I don't know what the exact problem is but when i use for example v3.39.0 everything works fine.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-09-29T18:12:41.313Z (commit 7ebbaf4)

πŸ“£ All control server routes will become private by default after the v3.41.0 release

πŸ”§ Need help? β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
πŸ› Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-10-20T23:58:07+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
2024-10-20T23:58:07+02:00 INFO [routing] local ethernet link found: eth0
2024-10-20T23:58:07+02:00 INFO [routing] local ipnet found: 172.20.0.0/16
2024-10-20T23:58:07+02:00 INFO [firewall] enabling...
2024-10-20T23:58:07+02:00 INFO [firewall] enabled successfully
2024-10-20T23:58:07+02:00 INFO [storage] merging by most recent 20553 hardcoded servers and 18299 servers read from /gluetun/servers.json
2024-10-20T23:58:07+02:00 INFO Alpine version: 3.20.3
2024-10-20T23:58:07+02:00 INFO OpenVPN 2.5 version: 2.5.10
2024-10-20T23:58:07+02:00 INFO OpenVPN 2.6 version: 2.6.11
2024-10-20T23:58:07+02:00 INFO IPtables version: v1.8.10
2024-10-20T23:58:07+02:00 INFO Settings summary:
β”œβ”€β”€ VPN settings:
|   β”œβ”€β”€ VPN provider settings:
|   |   β”œβ”€β”€ Name: surfshark
|   |   └── Server selection settings:
|   |       β”œβ”€β”€ VPN type: openvpn
|   |       β”œβ”€β”€ Countries: Switzerland, Spain, Slovakia, Slovenia
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       β”œβ”€β”€ OpenVPN version: 2.6
|       β”œβ”€β”€ User: [set]
|       β”œβ”€β”€ Password: [set]
|       β”œβ”€β”€ Network interface: tun0
|       β”œβ”€β”€ Run OpenVPN as: root
|       └── Verbosity level: 1
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Upstream resolvers:
|       |   └── cloudflare
|       β”œβ”€β”€ Caching: yes
|       β”œβ”€β”€ IPv6: no
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: yes
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   └── Enabled: yes
β”œβ”€β”€ Log settings:
|   └── Log level: info
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: cloudflare.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   └── Enabled: no
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: :8000
|   β”œβ”€β”€ Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
β”œβ”€β”€ Storage settings:
|   └── Filepath: /gluetun/servers.json
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1000
|   β”œβ”€β”€ Process GID: 1000
|   └── Timezone: redacted
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ Fetching: every 12h0m0s
|   β”œβ”€β”€ IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
β”œβ”€β”€ Server data updater settings:
|   β”œβ”€β”€ Update period: 24h0m0s
|   β”œβ”€β”€ DNS address: 1.1.1.1:53
|   β”œβ”€β”€ Minimum ratio: 0.8
|   └── Providers to update: surfshark
└── Version settings:
    └── Enabled: yes
2024-10-20T23:58:07+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
2024-10-20T23:58:07+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-10-20T23:58:07+02:00 INFO [firewall] setting allowed subnets...
2024-10-20T23:58:07+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
2024-10-20T23:58:07+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-10-20T23:58:07+02:00 INFO [http server] http server listening on [::]:8000
2024-10-20T23:58:07+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-10-20T23:58:07+02:00 INFO [firewall] allowing VPN connection...
2024-10-20T23:58:07+02:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-10-20T23:58:07+02:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-10-20T23:58:07+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]89.37.95.212:1194
2024-10-20T23:58:07+02:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-10-20T23:58:07+02:00 INFO [openvpn] UDPv4 link remote: [AF_INET]89.37.95.212:1194
2024-10-20T23:58:08+02:00 INFO [openvpn] [es-mad-v055.prod.surfshark.com] Peer Connection Initiated with [AF_INET]89.37.95.212:1194
2024-10-20T23:58:09+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.6.11)
2024-10-20T23:58:09+02:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-10-20T23:58:09+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-10-20T23:58:09+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-10-20T23:58:09+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.8.8.6/24
2024-10-20T23:58:09+02:00 INFO [openvpn] UID set to nonrootuser
2024-10-20T23:58:09+02:00 INFO [openvpn] Initialization Sequence Completed
2024-10-20T23:58:09+02:00 INFO [dns] downloading hostnames and IP block lists
2024-10-20T23:58:09+02:00 INFO [healthcheck] healthy!
2024-10-20T23:58:24+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), context deadline exceeded (Client.Timeout or context cancellation while reading body)
2024-10-20T23:58:24+02:00 INFO [dns] attempting restart in 10s
2024-10-20T23:58:25+02:00 INFO [ip getter] Public IP address is 89.37.95.213 (Spain, Madrid, Madrid)
2024-10-20T23:58:34+02:00 INFO [dns] downloading hostnames and IP block lists
2024-10-20T23:58:40+02:00 ERROR [vpn] cannot get version information: context deadline exceeded (Client.Timeout or context cancellation while reading body)
2024-10-20T23:58:49+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-10-20T23:58:49+02:00 INFO [dns] attempting restart in 20s
2024-10-20T23:59:09+02:00 INFO [dns] downloading hostnames and IP block lists
2024-10-20T23:59:24+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-10-20T23:59:24+02:00 INFO [dns] attempting restart in 40s
2024-10-21T00:00:04+02:00 INFO [dns] downloading hostnames and IP block lists
2024-10-21T00:00:19+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-10-21T00:00:19+02:00 INFO [dns] attempting restart in 1m20s
2024-10-21T00:01:39+02:00 INFO [dns] downloading hostnames and IP block lists
2024-10-21T00:01:49+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": net/http: TLS handshake timeout, Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": net/http: TLS handshake timeout
2024-10-21T00:01:49+02:00 INFO [dns] attempting restart in 2m40s
2024-10-21T00:04:29+02:00 INFO [dns] downloading hostnames and IP block lists
2024-10-21T00:04:39+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": net/http: TLS handshake timeout, Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": net/http: TLS handshake timeout
...

Share your configuration

gluetun:
    env_file:
      - ../.env-global
    image: qmcgaw/gluetun
    container_name: gluetun

    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8085:8085
      - 5800:5800
      - 8989:8989
      - 7878:7878
      - 9696:9696
      - 6767:6767

    volumes:
      - ./gluetun/:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=surfshark
      - VPN_TYPE=openvpn
      - OPENVPN_USER=${OPENVPN_USER}
      - OPENVPN_PASSWORD=${OPENVPN_PASSWORD}
      - SERVER_COUNTRIES=Switzerland,Spain,Slovakia,Slovenia
      - UPDATER_PERIOD=24h
    restart: unless-stopped
floriegl commented 1 week ago

Not 100% sure if the issue should already be fixed by "latest image now default MTU is 1320", but I get a lot of warnings in regard to DoT with the current latest. The log message is not exactly the same as it also includes for request IN AAAA #####.#####.#####. (always the same domain, but the container using it doesn't use many domains anyway).

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-11-18T09:49:16.711Z (commit 68ddbfc)

...
2024-11-20T19:04:31Z INFO [wireguard] Connecting to #####:51820
2024-11-20T19:04:31Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-20T19:04:31Z INFO [dns] downloading hostnames and IP block lists
2024-11-20T19:04:31Z INFO [healthcheck] healthy!
2024-11-20T19:04:35Z INFO [dns] DNS server listening on [::]:53
2024-11-20T19:04:35Z INFO [dns] ready
2024-11-20T19:04:36Z INFO [ip getter] Public IP address is ##### (##### - source: ipinfo)
2024-11-20T19:04:36Z INFO [vpn] You are running on the bleeding edge of latest!
2024-11-20T19:14:37Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:57930->1.1.1.1:853: i/o timeout
2024-11-20T19:15:32Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:39940->1.0.0.1:853: i/o timeout
2024-11-20T19:16:10Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:56266->1.1.1.1:853: i/o timeout
2024-11-20T19:16:12Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34022->1.0.0.1:853: i/o timeout
2024-11-20T19:16:12Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34036->1.0.0.1:853: i/o timeout
2024-11-20T19:16:14Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34040->1.0.0.1:853: i/o timeout
2024-11-20T19:16:14Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34044->1.0.0.1:853: i/o timeout
2024-11-20T19:16:15Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:51970->1.1.1.1:853: i/o timeout
2024-11-20T19:16:17Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34054->1.0.0.1:853: i/o timeout
2024-11-20T19:16:18Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:51980->1.1.1.1:853: i/o timeout
2024-11-20T19:26:15Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34416->1.1.1.1:853: i/o timeout
2024-11-20T19:44:30Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:38986->1.1.1.1:853: i/o timeout
2024-11-20T19:49:26Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34176->1.1.1.1:853: i/o timeout
2024-11-20T19:49:29Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34190->1.1.1.1:853: i/o timeout
2024-11-20T19:49:29Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49004->1.0.0.1:853: i/o timeout
2024-11-20T19:49:31Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:44968->1.0.0.1:853: i/o timeout
2024-11-20T19:49:31Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:44976->1.0.0.1:853: i/o timeout
2024-11-20T19:49:32Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:51668->1.1.1.1:853: i/o timeout
2024-11-20T19:49:34Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:51682->1.1.1.1:853: i/o timeout
2024-11-20T21:48:35Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:40646->1.1.1.1:853: i/o timeout
2024-11-20T21:57:42Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:60050->1.1.1.1:853: i/o timeout
2024-11-20T22:25:09Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:35200->1.1.1.1:853: i/o timeout
2024-11-20T22:25:12Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49590->1.1.1.1:853: i/o timeout
2024-11-20T22:25:12Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49594->1.1.1.1:853: i/o timeout
2024-11-20T22:25:12Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49606->1.1.1.1:853: i/o timeout
2024-11-20T22:25:14Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:48276->1.0.0.1:853: i/o timeout
2024-11-20T22:25:14Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49614->1.1.1.1:853: i/o timeout
2024-11-20T22:25:14Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49630->1.1.1.1:853: i/o timeout
2024-11-20T22:25:15Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:48286->1.0.0.1:853: i/o timeout
2024-11-20T22:25:15Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49642->1.1.1.1:853: i/o timeout
2024-11-20T22:25:16Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:48292->1.0.0.1:853: i/o timeout
2024-11-20T22:25:17Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:48308->1.0.0.1:853: i/o timeout
2024-11-20T22:25:17Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49650->1.1.1.1:853: i/o timeout
2024-11-20T22:25:18Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:48326->1.0.0.1:853: i/o timeout
2024-11-20T22:25:19Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:48342->1.0.0.1:853: i/o timeout
2024-11-20T22:25:21Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:56226->1.1.1.1:853: i/o timeout
2024-11-20T22:39:49Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:34724->1.0.0.1:853: i/o timeout
2024-11-20T23:08:21Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:57352->1.0.0.1:853: i/o timeout
2024-11-20T23:32:48Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:49660->1.0.0.1:853: i/o timeout
2024-11-20T23:33:32Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:41662->1.1.1.1:853: i/o timeout
2024-11-20T23:35:00Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:37228->1.0.0.1:853: i/o timeout
2024-11-20T23:35:02Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:37238->1.0.0.1:853: i/o timeout
2024-11-20T23:35:13Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:45028->1.0.0.1:853: i/o timeout
2024-11-20T23:35:17Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:45134->1.0.0.1:853: i/o timeout
2024-11-20T23:35:40Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:52262->1.1.1.1:853: i/o timeout
2024-11-20T23:35:40Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:39504->1.0.0.1:853: i/o timeout
2024-11-20T23:35:42Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:39508->1.0.0.1:853: i/o timeout
2024-11-20T23:35:42Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:36384->1.1.1.1:853: i/o timeout
2024-11-20T23:41:23Z WARN [dns] exchanging over tls connection for request IN AAAA #####.#####.#####.: read tcp 10.5.0.2:32950->1.1.1.1:853: i/o timeout

docker-compose.yml:

services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=#####
      - SERVER_COUNTRIES=#####
qdm12 commented 6 days ago

@floriegl

  1. Can you try, replacing thatdomain.com with that domain: docker run --rm alpine:3.20 /bin/sh -c "apk add knot-utils && kdig -t AAAA -d @1.1.1.1 +tls-ca +tls-host=cloudflare-dns.com thatdomain.com" to check if it works? Maybe it's just cloudflare dropping the query? πŸ€”
  2. When this happens, can you try (assuming gluetun container name is gluetun): docker exec gluetun nslookup github.com to check if dns resolution works for github.com? The healthcheck should fail is DNS resolution stops working, but the DNS caching might make it still work for some time, despite DNS being no longer functional πŸ€”
  3. (EDIT) also check your MTU with docker exec gluetun ip link to be sure, it should be mtu 1320 on the tun0 line
sirjmann92 commented 5 days ago

Also seeing this issue with airvpn. MTU on tun0 is 1320, for all three of my gluetun containers.