search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.07k stars 373 forks source link

Bug: Gluetun breaks Kasm workspaces #2567

Open EliasGagnef opened 2 weeks ago

EliasGagnef commented 2 weeks ago

Is this urgent?

None

Host OS

TrueNAS Scale + Portainer

CPU arch

None

VPN service provider

Private Internet Access

What are you using to run the container

Portainer

What is the version of Gluetun

Running version latest built on 2024-10-28T09:25:35.847Z (commit f1f3472)

What's the problem πŸ€”

The Kasm containers DNS gets blocked by Gluetun, more info in my other issue

Share your logs (at least 10 lines)

|       β”œβ”€β”€ Private Internet Access encryption preset: strong
|       β”œβ”€β”€ Network interface: tun0
|       β”œβ”€β”€ Run OpenVPN as: root
|       └── Verbosity level: 1
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Upstream resolvers:
|       |   └── cloudflare
|       β”œβ”€β”€ Caching: yes
|       β”œβ”€β”€ IPv6: no
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: yes
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   └── Enabled: yes
β”œβ”€β”€ Log settings:
|   └── Log level: info
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: cloudflare.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   └── Enabled: no
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: :8000
|   β”œβ”€β”€ Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
β”œβ”€β”€ Storage settings:
|   └── Filepath: /gluetun/servers.json
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1000
|   └── Process GID: 1000
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ IP file path: /tmp/gluetun/ip
|   β”œβ”€β”€ Public IP data base API: ipinfo
|   └── Public IP data backup APIs:
|       β”œβ”€β”€ ifconfigco
|       β”œβ”€β”€ ip2location
|       └── cloudflare
└── Version settings:
    └── Enabled: yes
2024-11-04T16:42:14Z INFO [routing] default route found: interface eth0, gateway 172.16.3.1, assigned IP 172.16.3.4 and family v4
2024-11-04T16:42:14Z INFO [routing] adding route for 0.0.0.0/0
2024-11-04T16:42:14Z INFO [firewall] setting allowed subnets...
2024-11-04T16:42:14Z INFO [routing] default route found: interface eth0, gateway 172.16.3.1, assigned IP 172.16.3.4 and family v4
2024-11-04T16:42:14Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-11-04T16:42:14Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-11-04T16:42:14Z INFO [http server] http server listening on [::]:8000
2024-11-04T16:42:14Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-11-04T16:42:14Z INFO [firewall] allowing VPN connection...
2024-11-04T16:42:14Z INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-11-04T16:42:14Z INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2024-11-04T16:42:14Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]212.112.19.25:1197
2024-11-04T16:42:14Z INFO [openvpn] UDPv4 link local: (not bound)
2024-11-04T16:42:14Z INFO [openvpn] UDPv4 link remote: [AF_INET]212.112.19.25:1197
2024-11-04T16:42:14Z INFO [openvpn] [stockholm407] Peer Connection Initiated with [AF_INET]212.112.19.25:1197
2024-11-04T16:42:14Z INFO [openvpn] TUN/TAP device tun0 opened
2024-11-04T16:42:14Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-11-04T16:42:14Z INFO [openvpn] /sbin/ip link set dev tun0 up
2024-11-04T16:42:14Z INFO [openvpn] /sbin/ip addr add dev tun0 10.7.110.169/24
2024-11-04T16:42:14Z INFO [openvpn] UID set to nonrootuser
2024-11-04T16:42:14Z INFO [openvpn] Initialization Sequence Completed
2024-11-04T16:42:14Z INFO [dns] downloading hostnames and IP block lists
2024-11-04T16:42:14Z INFO [healthcheck] healthy!
2024-11-04T16:42:15Z INFO [dns] DNS server listening on [::]:53
2024-11-04T16:42:16Z INFO [dns] ready
2024-11-04T16:42:16Z INFO [ip getter] Public IP address is 212.112.19.25 (Sweden, Stockholm, MΓ€rsta - source: ipinfo)
2024-11-04T16:42:16Z INFO [vpn] You are running on the bleeding edge of latest!
2024-11-04T16:42:16Z INFO [port forwarding] starting
2024-11-04T16:42:16Z INFO [port forwarding] Found saved forwarded port data for port 42994
2024-11-04T16:42:16Z INFO [port forwarding] Port forwarded data expires in 51 days
2024-11-04T16:42:16Z INFO [port forwarding] port forwarded is 42994
2024-11-04T16:42:16Z INFO [firewall] setting allowed input port 42994 through interface tun0...
2024-11-04T16:42:16Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port

Share your configuration

kasm:
    image: lscr.io/linuxserver/kasm:latest
    container_name: kasm
    privileged: true
    network_mode: "service:gluetun"
    environment:
      - KASM_PORT=3003

    volumes:
      - /mnt/Pool One/appstuff/kasm5:/opt

    restart: unless-stopped

And the ports 3000 and 3003 mapped in Gluetun:
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    volumes:
      - /mnt/Pool One/appstuff/glueman:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=private internet access
      - OPENVPN_USER=
      - OPENVPN_PASSWORD=
      - SERVER_REGIONS=SE Stockholm
      - VPN_PORT_FORWARDING=on
      - PORT_FORWARD_ONLY=true
    ports:
      - 8080:8080
      - 6881:6881
      - 6881:6881/udp
      - 8989:8989
      - 7878:7878
      - 9696:9696
      - 6767:6767
      - 9000:9000
      - 2121:8081
      - "${PORT:-8191}:8191"
      - 3000:3000
      - 3003:3003
github-actions[bot] commented 2 weeks ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please: