search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
8.16k stars 375 forks source link

Bug: VPN cannot add route for destination ::/0: ... : no such device #2597

Open Eoin-ONeill-Yokai opened 1 week ago

Eoin-ONeill-Yokai commented 1 week ago

Is this urgent?

None

Host OS

Fedora CoreOS

CPU arch

x86_64

VPN service provider

NordVPN

What are you using to run the container

Podman

What is the version of Gluetun

Running version latest built on 2024-11-18T09:49:16.711Z (commit 68ddbfc)

What's the problem 🤔

Seems to me that it can't write to the tunnel device for IPv6, which causes an infinite fail loop on first boot. Having said that, I'm not positive it isn't a configuration issue yet. Any help or advice from someone who got this working in a podman environment would be helpful!

Other possible issues:

Share your logs (at least 10 lines)

gluetun  | 2024-11-23T23:48:31-08:00 INFO [routing] default route found: interface eth0, gateway 10.89.1.1, assigned IP 10.89.1.13 and family v4
gluetun  | 2024-11-23T23:48:31-08:00 INFO [routing] adding route for 0.0.0.0/0
gluetun  | 2024-11-23T23:48:31-08:00 INFO [firewall] setting allowed subnets...
gluetun  | 2024-11-23T23:48:31-08:00 INFO [routing] default route found: interface eth0, gateway 10.89.1.1, assigned IP 10.89.1.13 and family v4
gluetun  | 2024-11-23T23:48:31-08:00 INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun  | 2024-11-23T23:48:31-08:00 INFO [http server] http server listening on [::]:8000
gluetun  | 2024-11-23T23:48:31-08:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun  | 2024-11-23T23:48:31-08:00 INFO [firewall] allowing VPN connection...
gluetun  | 2024-11-23T23:48:31-08:00 INFO [wireguard] Using available kernelspace implementation
gluetun  | 2024-11-23T23:48:31-08:00 INFO [wireguard] Connecting to 138.199.42.236:51820
gluetun  | 2024-11-23T23:48:31-08:00 ERROR [vpn] cannot add route for interface: adding route for destination ::/0: adding route for link tun0, destination ::/0 and table 51820: no such device
gluetun  | 2024-11-23T23:48:31-08:00 INFO [vpn] retrying in 15s
gluetun  | 2024-11-23T23:48:37-08:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 1.1.1.1:53: write udp 10.89.1.13:38411->1.1.1.1:53: write: operation not permitted)
gluetun  | 2024-11-23T23:48:37-08:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun  | 2024-11-23T23:48:37-08:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION

^ Basically this on loop, but I imagine that first error is probably the source of the problem.

Share your configuration

services:
  gluetun:
    image: ghcr.io/qdm12/gluetun
    container_name: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - MKNOD # < Unsure about the necessity of this
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - ./gluetun:/gluetun:z
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=wireguard
      # OpenVPN:
      # - OPENVPN_USER=
      # - OPENVPN_PASSWORD=
      # Wireguard:
      - WIREGUARD_PRIVATE_KEY=NopeNope:)
      - WIREGUARD_MTU=1000
      - SERVER_COUNTRIES=United States,Ireland
      # Timezone for accurate log times
      - TZ=America/Los_Angeles
      - LOG_LEVEL=debug
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h
    networks:
      - isolated
    restart: unless-stopped
    healthcheck:
      test: "ping -c 1 google.com || exit 1"
      timeout: 2s
      retries: 3
    security_opt:
      - label=disable # Also unsure about the necessity of this
github-actions[bot] commented 1 week ago

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please: