Bug: app trying to open ipv6 route even when ipv6 disabled/unsupported.

[hugalafutro]

Is this urgent?: No

Host OS (approximate answer is fine too): Ubuntu 20.04

CPU arch or device name: amd64

What VPN provider are you using: PIA

What are you using to run your container?: Docker Compose

What is the version of the program

Running version latest built on 2021-04-21T00:59:04Z (commit 62982fa)

What's the problem 🤔

It tries to add ipv6 route despite PIA not supporting ipv6 and setting OPENVPN_IPV6=off (which i'm led to believe is the default, but I tried to set it to off anyway to no avail). Not rly an issue to functionality, just shouldn't be happening if I understand things correctly.

Share your logs... (careful to remove in example tokens)

pia_gluetun     | 2021/04/24 00:06:40 WARN openvpn: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
pia_gluetun     | 2021/04/24 00:06:40 INFO openvpn: add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
pia_gluetun     | 2021/04/24 00:06:40 ERROR openvpn: RTNETLINK answers: Permission denied
pia_gluetun     | 2021/04/24 00:06:40 INFO openvpn: ERROR: Linux route -6 add command failed: external program exited with error status: 2

[qdm12]

I believe this is options pushed by PIA servers. The configuration used on our side is generated with https://github.com/qdm12/gluetun/blob/master/internal/provider/piav4.go#L154 and there is no ipv6 option. It seems that warning got introduced with the upgrade to openvpn 2.5.0 as well, but I can't really find something. I'll try to add 'pull filters' to ignore ipv6 options from their server I'll let you know when a test image is up, thanks!

[ChuckNozzle]

I have the same issue.

[BrodyStone21]

Same issue through Cyberghost. I think that this is an OpenVPN issue and not an issue with Gluetun, since I was getting the same output from barebones OpenVPN on my system before I configured Gluetun.

[qdm12]

Commit af358f777b4d423386427c6cea973613b55262a8 should fix the behavior on :latest image.

As long as you leave OPENVPN_IPV6=off (the default), you won't see those warnings anymore.

I'll close the issue assuming it's now fixed, but feel free to let me know if it works or not for you! Thanks!

[tomoliveri]

I'm seeing the same issue on the latest release. OPENVPN_IPV6 set to off....

2022-09-13T10:44:06Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]154.6.151.54:1197
2022-09-13T10:44:06Z INFO [openvpn] UDP link local: (not bound)
2022-09-13T10:44:06Z INFO [openvpn] UDP link remote: [AF_INET]<IP>
2022-09-13T10:44:06Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1554'
2022-09-13T10:44:06Z WARN [openvpn] 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2022-09-13T10:44:06Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2022-09-13T10:44:06Z INFO [openvpn] [melbourne429] Peer Connection Initiated with [AF_INET]<IP>
2022-09-13T10:44:06Z INFO [openvpn] sitnl_send: rtnl: generic error (-101): Network unreachable
2022-09-13T10:44:06Z INFO [openvpn] TUN/TAP device tun0 opened
2022-09-13T10:44:06Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-09-13T10:44:06Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-09-13T10:44:06Z INFO [openvpn] /sbin/ip addr add dev tun0<IP>
**2022-09-13T10:44:06Z WARN [openvpn] OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.**
2022-09-13T10:44:06Z INFO [openvpn] add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
2022-09-13T10:44:06Z INFO [openvpn] UID set to nonrootuser
2022-09-13T10:44:06Z INFO [openvpn] Initialization Sequence Completed
2022-09-13T10:44:06Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-09-13T10:44:07Z INFO [healthcheck] healthy!
2022-09-13T10:44:16Z WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": net/http: TLS handshake timeout
2022-09-13T10:44:16Z INFO [dns over tls] attempting restart in 10s
2022-09-13T10:44:26Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-09-13T10:44:26Z ERROR [ip getter] Get "https://ipinfo.io/": net/http: TLS handshake timeout
2022-09-13T10:44:26Z INFO [ip getter] retrying in 5s
2022-09-13T10:44:26Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": net/http: TLS handshake timeout
2022-09-13T10:44:37Z WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": net/http: TLS handshake timeout
2022-09-13T10:44:37Z INFO [dns over tls] attempting restart in 20s
2022-09-13T10:44:41Z ERROR [ip getter] Get "https://ipinfo.io/": net/http: TLS handshake timeout
2022-09-13T10:44:41Z INFO [ip getter] retrying in 5s

Any suggestions?

[qdm12]

https://github.com/qdm12/gluetun/commit/5ddd703f6ab746c029cbd8b58466c8eae822bda5 did some ipv6 changes. IPv6 client support is now auto-detected, and OPENVPN_IPV6 no longer does anything. Now the problem was coming from the openvpn configuration generated adding tun-ipv6 as soon as ipv6 would be supported. But I just learnt now that tun-ipv6 is meant to be pushed from the OpenVPN server if it supports assigning an IPv6 address to the client, so 6a5aa8eddb94003445db5e60b94fb05ac4a5979c changes that to NOT be added even if IPv6 is supported on your machine. That should fix the latest image (and future release v3.32.0), feel free to let me know if it works/doesn't 😉 !