Closed Th0masDB closed 2 years ago
qdm12
commented
2 years ago Hi there, that's a strange issue. It's due to your OS/docker setup/kernel not allowing to add a route.
Can you try
docker run -it --rm --cap-add=NET_ADMIN alpine:3.15 ip routeIf it works, try
docker run -it --rm --cap-add=NET_ADMIN alpine:3.15 ip route add default 0.0.0.0/0 dev eth0What error do you get if any?
Th0masDB
commented
2 years ago I get this error:
qdm12
commented
2 years ago Sorry the second one was a bad command from me. So the first one works that's good. Also sorry for the delay answering.
Anyway, I digged in the code, this comes from the Wireguard code. I have some code to detect if the container supports IPv6, and it looks like it does, so it tries to add the route for IPv6 destination ::/0 and that's where it fails.
I have pushed 7fd45cf17f53e007022d77ad5827e1c1d09c39e2 for the latest image, you can enable debug logs with LOG_LEVEL=debug (and also don't forget to docker pull qmcgaw/gluetun). What we're looking for is the logs starting from Checking for IPv6 support.... Then it should debug log all the interfaces with their IPv6 routes. Please share what you get, so I can fix the checking for IPv6 support. Thanks!
darovic
commented
2 years ago I believe I am experiencing the same problem after the most recent unRAID OS update. My log is attached (it's the raw file from the server, so it is in json format - I have redacted the client private key from the output, but it is correct). log-json.log
qdm12
commented
2 years ago @darovic it looks like both lo (local loopback) and eth0 have ipv6 routes, so I'm not sure why adding ipv6 routes is denied permission...
How about
docker run --rm --cap-add=NET_ADMIN alpine:3.15 ip -6 addrwhat's the result?
If nothing is obvious, I'll just make it log out the error and continue execution.
darovic
commented
2 years ago root@Imhotep:~# docker run --rm --cap-add=NET_ADMIN alpine:3.15 ip -6 addr
Unable to find image 'alpine:3.15' locally
3.15: Pulling from library/alpine
df9b9388f04a: Already exists
Digest: sha256:4edbd2beb5f78b1014028f4fbb99f3237d9561100b6881aabbf5acce2c4f9454
Status: Downloaded newer image for alpine:3.15
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
40: eth0@if41: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 state UP
inet6 fd17::242:ac11:2/64 scope global flags 02
valid_lft forever preferred_lft forever
inet6 fe80::42:acff:fe11:2/64 scope link tentative
valid_lft forever preferred_lft forevereb18eaf0a9f953109b1079ab4c957844ee0d395d now logs out an error line linking back to this issue, but execution continues. I'm not 100% sure IPv6 would or would not leak out of Wireguard, so feel free to test it with the latest image. If you ever find a fix please report it here obviously. I'll close the issue for now since there is an ugly-but-working work-around in place.
Is this urgent?
No
Host OS
Unraid 6.10.0
CPU arch
x86_64
VPN service provider
Custom
What are you using to run the container
Other
What is the version of Gluetun
Running version v3.29.0 built on 2022-05-11T23:16:02.058Z (commit e32d251)
What's the problem 🤔
The conainer is unhealthy because:
cannot add route for interface: cannot add route {Ifindex: 9 Dst: ::/0 Src: <nil> Gw: <nil> Flags: [] Table: 51820 Realm: 0}: permission deniedShare your logs
Share your configuration
No response
EDIT
I did check if my password, username etc were correct. I have ProtonVPN.