search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.99k stars 368 forks source link

Bug: Looping on start `healthcheck: program has been unhealthy for 10s: restarting VPN` #821

Closed jtowe1 closed 2 years ago

jtowe1 commented 2 years ago

Is this urgent?

No

Host OS

unRaid 6.9.2

CPU arch

x86_64

VPN service provider

ExpressVPN

What are you using to run the container

Other

What is the version of Gluetun

v3.27.0

What's the problem πŸ€”

When looking at the logs, I see this repeating

2022/01/26 14:48:16 INFO healthcheck: program has been unhealthy for 25s: restarting VPN
2022/01/26 14:48:16 INFO vpn: stopping
2022/01/26 14:48:16 INFO vpn: starting
2022/01/26 14:48:16 INFO firewall: setting VPN connection through firewall...
2022/01/26 14:48:16 INFO openvpn: OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022/01/26 14:48:16 INFO openvpn: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022/01/26 14:48:16 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]193.56.116.4:1195
2022/01/26 14:48:16 INFO openvpn: UDP link local: (not bound)
2022/01/26 14:48:16 INFO openvpn: UDP link remote: [AF_INET]193.56.116.4:1195
2022/01/26 14:48:16 INFO healthcheck: program has been unhealthy for 25s: restarting VPN
2022/01/26 14:48:16 INFO vpn: stopping
2022/01/26 14:48:16 INFO vpn: starting
2022/01/26 14:48:16 INFO firewall: setting VPN connection through firewall...
2022/01/26 14:48:16 INFO openvpn: OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022/01/26 14:48:16 INFO openvpn: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022/01/26 14:48:16 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]193.56.116.4:1195
2022/01/26 14:48:16 INFO openvpn: UDP link local: (not bound)
2022/01/26 14:48:16 INFO openvpn: UDP link remote: [AF_INET]193.56.116.4:1195

Share your logs

ErrorWarningSystemArrayLogin

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version v3.27.0 built on 2022-01-23T15:18:52.634Z (commit 55e609c)

πŸ”§ Need help? https://github.com/qdm12/gluetun/discussions/new
πŸ› Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new
πŸ’» Email? quentin.mcgaw@gmail.com
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2022/01/26 14:51:09 INFO storage: merging by most recent 11100 hardcoded servers and 11100 servers read from /gluetun/servers.json
2022/01/26 14:51:09 INFO Alpine version: 3.15.0

2022/01/26 14:51:09 INFO OpenVPN 2.4 version: 2.4.11

2022/01/26 14:51:09 INFO OpenVPN 2.5 version: 2.5.4

2022/01/26 14:51:09 INFO Unbound version: 1.13.2

2022/01/26 14:51:09 INFO IPtables version: v1.8.7

2022/01/26 14:51:09 INFO Settings summary:
β”œβ”€β”€ VPN settings:
| β”œβ”€β”€ VPN provider settings:
| | β”œβ”€β”€ Name: expressvpn
| | └── Server selection settings:
| | β”œβ”€β”€ VPN type: openvpn
| | β”œβ”€β”€ Countries: usa
| | β”œβ”€β”€ Cities: atlanta
| | └── OpenVPN server selection settings:
| | └── Protocol: UDP
| └── OpenVPN settings:
| β”œβ”€β”€ OpenVPN version: 2.5

| β”œβ”€β”€ User: [set]
| β”œβ”€β”€ Password: [set]
| β”œβ”€β”€ Tunnel IPv6: no
| β”œβ”€β”€ Network interface: tun0
| β”œβ”€β”€ Run OpenVPN as: root
| └── Verbosity level: 1
β”œβ”€β”€ DNS settings:
| β”œβ”€β”€ DNS server address to use: 127.0.0.1
| β”œβ”€β”€ Keep existing nameserver(s): yes
| └── DNS over TLS settings:
| β”œβ”€β”€ Enabled: yes
| β”œβ”€β”€ Update period: every 24h0m0s
| β”œβ”€β”€ Unbound settings:
| | β”œβ”€β”€ Authoritative servers:
| | | └── cloudflare
| | β”œβ”€β”€ Caching: yes
| | β”œβ”€β”€ IPv6: no
| | β”œβ”€β”€ Verbosity level: 1
| | β”œβ”€β”€ Verbosity details level: 0
| | β”œβ”€β”€ Validation log level: 0
| | β”œβ”€β”€ System user: root
| | └── Allowed networks:
| | β”œβ”€β”€ 0.0.0.0/0
| | └── ::/0
| └── DNS filtering settings:
| β”œβ”€β”€ Block malicious: yes
| β”œβ”€β”€ Block ads: no
| β”œβ”€β”€ Block surveillance: no
| └── Blocked IP networks:
| β”œβ”€β”€ 127.0.0.1/8
| β”œβ”€β”€ 10.0.0.0/8
| β”œβ”€β”€ 172.16.0.0/12
| β”œβ”€β”€ 192.168.0.0/16
| β”œβ”€β”€ 169.254.0.0/16
| β”œβ”€β”€ ::1/128
| β”œβ”€β”€ fc00::/7
| β”œβ”€β”€ fe80::/10
| β”œβ”€β”€ ::ffff:7f00:1/104
| β”œβ”€β”€ ::ffff:a00:0/104
| β”œβ”€β”€ ::ffff:a9fe:0/112
| β”œβ”€β”€ ::ffff:ac10:0/108
| └── ::ffff:c0a8:0/112
β”œβ”€β”€ Firewall settings:
| └── Enabled: yes
β”œβ”€β”€ Log settings:
| └── Log level: INFO
β”œβ”€β”€ Health settings:
| β”œβ”€β”€ Server listening address: 127.0.0.1:9999
| β”œβ”€β”€ Address to ping: github.com
| └── VPN wait durations:
| β”œβ”€β”€ Initial duration: 5s
| └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
| └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
| └── Enabled: no
β”œβ”€β”€ Control server settings:
| β”œβ”€β”€ Listening port: 8000
| └── Logging: yes
β”œβ”€β”€ OS Alpine settings:
| β”œβ”€β”€ Process UID: 1000
| β”œβ”€β”€ Process GID: 1000
| └── Timezone: America/New_York
β”œβ”€β”€ Public IP settings:
| β”œβ”€β”€ Fetching: every 12h0m0s
| └── IP file path: /gluetun/ip
└── Version settings:

└── Enabled: yes
2022/01/26 14:51:09 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2022/01/26 14:51:09 INFO routing: local ethernet link found: gretap0
2022/01/26 14:51:09 INFO routing: local ethernet link found: erspan0
2022/01/26 14:51:09 INFO routing: local ethernet link found: eth0
2022/01/26 14:51:09 INFO routing: local ipnet found: 172.17.0.0/16
2022/01/26 14:51:09 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2022/01/26 14:51:09 INFO routing: adding route for 0.0.0.0/0
2022/01/26 14:51:09 INFO firewall: firewall disabled, only updating allowed subnets internal list
2022/01/26 14:51:09 INFO routing: default route found: interface eth0, gateway 172.17.0.1
2022/01/26 14:51:09 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2022/01/26 14:51:09 INFO firewall: enabling...
2022/01/26 14:51:10 INFO firewall: enabled successfully
2022/01/26 14:51:10 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2022/01/26 14:51:10 INFO healthcheck: listening on 127.0.0.1:9999
2022/01/26 14:51:10 INFO http server: listening on :8000
2022/01/26 14:51:10 INFO firewall: setting VPN connection through firewall...
2022/01/26 14:51:10 INFO openvpn: OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022/01/26 14:51:10 INFO openvpn: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022/01/26 14:51:10 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]193.56.116.4:1195
2022/01/26 14:51:10 INFO openvpn: UDP link local: (not bound)
2022/01/26 14:51:10 INFO openvpn: UDP link remote: [AF_INET]193.56.116.4:1195
2022/01/26 14:51:15 INFO healthcheck: program has been unhealthy for 5s: restarting VPN
2022/01/26 14:51:15 INFO vpn: stopping
2022/01/26 14:51:15 INFO vpn: starting
2022/01/26 14:51:15 INFO firewall: setting VPN connection through firewall...
2022/01/26 14:51:15 INFO openvpn: OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022/01/26 14:51:15 INFO openvpn: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022/01/26 14:51:15 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]193.56.116.20:1195
2022/01/26 14:51:15 INFO openvpn: UDP link local: (not bound)
2022/01/26 14:51:15 INFO openvpn: UDP link remote: [AF_INET]193.56.116.20:1195
2022/01/26 14:51:25 INFO healthcheck: program has been unhealthy for 10s: restarting VPN
2022/01/26 14:51:25 INFO vpn: stopping
2022/01/26 14:51:25 INFO vpn: starting
2022/01/26 14:51:25 INFO firewall: setting VPN connection through firewall...
2022/01/26 14:51:25 INFO openvpn: OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022/01/26 14:51:25 INFO openvpn: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022/01/26 14:51:25 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]193.56.116.20:1195
2022/01/26 14:51:25 INFO openvpn: UDP link local: (not bound)
2022/01/26 14:51:25 INFO openvpn: UDP link remote: [AF_INET]193.56.116.20:1195
2022/01/26 14:51:25 INFO healthcheck: program has been unhealthy for 10s: restarting VPN
2022/01/26 14:51:25 INFO vpn: stopping
2022/01/26 14:51:25 INFO vpn: starting
2022/01/26 14:51:25 INFO firewall: setting VPN connection through firewall...
2022/01/26 14:51:25 INFO openvpn: OpenVPN 2.5.4 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 15 2021
2022/01/26 14:51:25 INFO openvpn: library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022/01/26 14:51:25 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]193.56.116.20:1195
2022/01/26 14:51:25 INFO openvpn: UDP link local: (not bound)
2022/01/26 14:51:25 INFO openvpn: UDP link remote: [AF_INET]193.56.116.20:1195

### Share your configuration

```yml
The unRaid template creates the container with this (credentials redacted)

/usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker create --name='GluetunVPN' --net='bridge' -e TZ="America/Los_Angeles" -e HOST_OS="Unraid" -e 'TZ'='America/New_York' -e 'VPNSP'='expressvpn' -e 'VPN_TYPE'='openvpn' -e 'OPENVPN_PROTOCOL'='udp' -e 'OPENVPN_USER'='*****@email.com' -e 'OPENVPN_PASSWORD'='**********' -e 'OPENVPN_VERSION'='2.5' -e 'OPENVPN_VERBOSITY'='1' -e 'OPENVPN_FLAGS'='' -e 'OPENVPN_CIPHER'='' -e 'OPENVPN_AUTH'='' -e 'OPENVPN_ROOT'='no' -e 'OPENVPN_TARGET_IP'='' -e 'OPENVPN_IPV6'='off' -e 'OPENVPN_CUSTOM_CONFIG'='' -e 'OPENVPN_INTERFACE'='tun0' -e 'OPENVPN_PORT'='' -e 'WIREGUARD_PRIVATE_KEY'='' -e 'WIREGUARD_PRESHARED_KEY'='' -e 'WIREGUARD_PUBLIC_KEY'='' -e 'WIREGUARD_ADDRESS'='' -e 'WIREGUARD_ENDPOINT_IP'='' -e 'WIREGUARD_ENDPOINT_PORT'='51820' -e 'WIREGUARD_INTERFACE'='wg0' -e 'REGION'='' -e 'COUNTRY'='USA' -e 'CITY'='Atlanta' -e 'SERVER_HOSTNAME'='' -e 'FIREWALL'='on' -e 'FIREWALL_VPN_INPUT_PORTS'='' -e 'FIREWALL_INPUT_PORTS'='' -e 'FIREWALL_OUTBOUND_SUBNETS'='' -e 'FIREWALL_DEBUG'='off' -e 'LOG_LEVEL'='info' -e 'DOT'='on' -e 'DOT_PROVIDERS'='cloudflare' -e 'DOT_PRIVATE_ADDRESS'='127.0.0.1/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,169.254.0.0/16,::1/128,fc00::/7,fe80::/10,::ffff:7f00:1/104,::ffff:a00:0/104,::ffff:a9fe:0/112,::ffff:ac10:0/108,::ffff:c0a8:0/112' -e 'DOT_VERBOSITY'='1' -e 'DOT_VERBOSITY_DETAILS'='0' -e 'DOT_VALIDATION_LOGLEVEL'='0' -e 'DOT_CACHING'='on' -e 'DOT_IPV6'='off' -e 'BLOCK_MALICIOUS'='on' -e 'BLOCK_SURVEILLANCE'='off' -e 'BLOCK_ADS'='off' -e 'UNBLOCK'='' -e 'DNS_UPDATE_PERIOD'='24h' -e 'DNS_PLAINTEXT_ADDRESS'='' -e 'DNS_KEEP_NAMESERVER'='on' -e 'HTTPPROXY'='off' -e 'HTTPPROXY_LOG'='off' -e 'HTTPPROXY_USER'='' -e 'HTTPPROXY_PASSWORD'='' -e 'HTTPPROXY_STEALTH'='off' -e 'SHADOWSOCKS'='off' -e 'SHADOWSOCKS_LOG'='off' -e ':8388'=':8388' -e 'SHADOWSOCKS_PASSWORD'='' -e 'SHADOWSOCKS_CIPHER'='chacha20-ietf-poly1305' -e 'HEALTH_SERVER_ADDRESS'='127.0.0.1:9999' -e 'HEALTH_ADDRESS_TO_PING'='github.com' -e 'HEALTH_VPN_DURATION_INITIAL'='6s' -e 'HEALTH_VPN_DURATION_ADDITION'='5s' -e 'UPDATER_PERIOD'='0' -e 'PUBLICIP_FILE'='/gluetun/ip' -e 'PUBLICIP_PERIOD'='12h' -e 'VERSION_INFORMATION'='on' -e 'HTTP_CONTROL_SERVER_LOG'='on' -e 'PUID'='1000' -e 'PGID'='1000' -p '8888:8888/tcp' -p '8000:8000/tcp' -v '/mnt/user/appdata/gluetun':'/gluetun':'rw' --cap-add=NET_ADMIN --restart always 'qmcgaw/gluetun:latest'
a0f67e51a6b4fb387fb8436213a9c9c1f6c5119cfc7940b35b72b1ecb4f9914e
qdm12 commented 2 years ago

It doesn't seem to connect at all to the vpn server. Try with another server filter option, maybe the atlanta server ip address changed.

jtowe1 commented 2 years ago

It doesn't seem to connect at all to the vpn server. Try with another server filter option, maybe the atlanta server ip address changed.

That might be the case, when I change it to Chicago it connects

2022/01/26 17:18:11 INFO healthcheck: healthy!
2022/01/26 17:18:11 INFO healthcheck: healthy!
qdm12 commented 2 years ago

On the latest image, I just pushed a change so that if you set UPDATER_PERIOD=48h it will automatically update server information for your vpn provider. That might take care of the outdated servers data. Then you would have to reboot the container for now since you cannot live patch the settings (yet!).

qdm12 commented 2 years ago

ExpressVPN server data built-in gluetun was updated in 15800fd4ffb066f8d069a362383c5b6b36c1a7e7 so that should fix the issue.