gluetun icon indicating copy to clipboard operation
gluetun copied to clipboard

Published 20 hours ago β€’ verified publisher icon qdm12

Bug: Gluetun Crashes Ubuntu 24.04 Network

Open Silun opened this issue 9 months ago β€’ 3 comments

Is this urgent?

Yes

Host OS

Ubuntu 24.04

CPU arch

x86_64

VPN service provider

Windscribe

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-12-27T20:18:46.989Z (commit 61b053f)

What's the problem πŸ€”

The host runs docker from the official repo. On first run, it connects just fine. An attached qB container starts some download, proving that the connection is truly available. After some seconds, the connection suddenly breaks. The whole docker host loses network connectivity, I get alerts that my server is down, my SSH sessions disconnect, and after about a minute the server comes back online. From this point on, gluetun is not able to connect any more and the container stays unhealthy, even after compose down / up. At some point it will start working again, maybe after a reboot (but not always), or after a certain amount of time has passed. I have found no rhyme or reason yet.

Some additional info:

  • The same problem applies to :v3
  • Another host running Ubuntu 22.04 and docker from Ubuntu's repos does not need the /dev/net/tun line in the docker compose, it just works without it. Other than this, the compose file on that host is the same, except for caddy labels which shouldn't matter. The problem does not appear there, so I believe the config file is fine.

The log excerpt is from start to shutdown of the described scene.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2024-12-27T20:18:46.989Z (commit 61b053f)
πŸ”§ Need help? β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
πŸ› Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
πŸ’» Email? [email protected]
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2025-01-15T13:13:27+01:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.6 and family v4
2025-01-15T13:13:27+01:00 INFO [routing] local ethernet link found: eth0
2025-01-15T13:13:27+01:00 INFO [routing] local ipnet found: 172.18.0.0/16
2025-01-15T13:13:27+01:00 INFO [firewall] enabling...
2025-01-15T13:13:27+01:00 INFO [firewall] enabled successfully
2025-01-15T13:13:29+01:00 INFO [storage] merging by most recent 20776 hardcoded servers and 20776 servers read from /gluetun/servers.json
2025-01-15T13:13:29+01:00 INFO Alpine version: 3.20.3
2025-01-15T13:13:29+01:00 INFO OpenVPN 2.5 version: 2.5.10
2025-01-15T13:13:29+01:00 INFO OpenVPN 2.6 version: 2.6.11
2025-01-15T13:13:29+01:00 INFO IPtables version: v1.8.10
2025-01-15T13:13:29+01:00 INFO Settings summary:
β”œβ”€β”€ VPN settings:
|   β”œβ”€β”€ VPN provider settings:
|   |   β”œβ”€β”€ Name: windscribe
|   |   └── Server selection settings:
|   |       β”œβ”€β”€ VPN type: wireguard
|   |       β”œβ”€β”€ Regions: switzerland
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       β”œβ”€β”€ Private key: 2KA...lM=
|       β”œβ”€β”€ Pre-shared key: GUD...rE=
|       β”œβ”€β”€ Interface addresses:
|       |   └── 100.77.137.145/32
|       β”œβ”€β”€ Allowed IPs:
|       |   β”œβ”€β”€ 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1320
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Upstream resolvers:
|       |   └── cloudflare
|       β”œβ”€β”€ Caching: yes
|       β”œβ”€β”€ IPv6: no
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: yes
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   β”œβ”€β”€ Enabled: yes
|   └── VPN input ports:
|       └── 10218
β”œβ”€β”€ Log settings:
|   └── Log level: info
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: cloudflare.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   └── Enabled: no
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: :8000
|   β”œβ”€β”€ Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
β”œβ”€β”€ Storage settings:
|   └── Filepath: /gluetun/servers.json
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1000
|   β”œβ”€β”€ Process GID: 1000
|   └── Timezone: europe/berlin
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ IP file path: /tmp/gluetun/ip
|   └── Public IP data base API: ipinfo (token [set])
β”œβ”€β”€ Server data updater settings:
|   β”œβ”€β”€ Update period: 24h0m0s
|   β”œβ”€β”€ DNS address: 1.1.1.1:53
|   β”œβ”€β”€ Minimum ratio: 0.8
|   └── Providers to update: windscribe
└── Version settings:
    └── Enabled: yes
2025-01-15T13:13:29+01:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.6 and family v4
2025-01-15T13:13:29+01:00 INFO [routing] adding route for 0.0.0.0/0
2025-01-15T13:13:29+01:00 INFO [firewall] setting allowed subnets...
2025-01-15T13:13:29+01:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.6 and family v4
2025-01-15T13:13:29+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2025-01-15T13:13:29+01:00 INFO [http server] http server listening on [::]:8000
2025-01-15T13:13:29+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2025-01-15T13:13:29+01:00 INFO [firewall] allowing VPN connection...
2025-01-15T13:13:29+01:00 INFO [wireguard] Using available kernelspace implementation
2025-01-15T13:13:29+01:00 INFO [wireguard] Connecting to 84.17.53.3:1194
2025-01-15T13:13:29+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-01-15T13:13:29+01:00 INFO [firewall] setting allowed input port 10218 through interface tun0...
2025-01-15T13:13:29+01:00 INFO [dns] downloading hostnames and IP block lists
2025-01-15T13:13:39+01:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2025-01-15T13:13:39+01:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2025-01-15T13:13:39+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2025-01-15T13:13:39+01:00 INFO [vpn] stopping
2025-01-15T13:13:39+01:00 INFO [firewall] removing allowed port 10218...
2025-01-15T13:13:39+01:00 ERROR [vpn] getting public IP address information: context canceled
2025-01-15T13:13:39+01:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2025-01-15T13:13:39+01:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 100.77.137.145:59784->1.1.1.1:53: i/o timeout, Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 100.77.137.145:59784->1.1.1.1:53: i/o timeout
2025-01-15T13:13:39+01:00 INFO [dns] attempting restart in 10s
2025-01-15T13:13:39+01:00 INFO [vpn] starting
2025-01-15T13:13:39+01:00 INFO [firewall] allowing VPN connection...
2025-01-15T13:13:39+01:00 INFO [wireguard] Using available kernelspace implementation
2025-01-15T13:13:39+01:00 INFO [wireguard] Connecting to 84.17.53.3:1194
2025-01-15T13:13:39+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-01-15T13:13:40+01:00 INFO [firewall] setting allowed input port 10218 through interface tun0...
2025-01-15T13:13:40+01:00 INFO [healthcheck] healthy!
2025-01-15T13:13:40+01:00 INFO [ip getter] Public IP address is 84.17.53.8 (Switzerland, Zurich, ZΓΌrich - source: ipinfo)
2025-01-15T13:13:49+01:00 INFO [dns] downloading hostnames and IP block lists
2025-01-15T13:13:51+01:00 INFO [dns] DNS server listening on [::]:53
2025-01-15T13:13:52+01:00 INFO [dns] ready
2025-01-15T13:15:09+01:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4 104.16.133.229:443: i/o timeout)
2025-01-15T13:15:09+01:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2025-01-15T13:15:09+01:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2025-01-15T13:15:09+01:00 INFO [vpn] stopping
2025-01-15T13:15:09+01:00 INFO [firewall] removing allowed port 10218...
2025-01-15T13:15:09+01:00 INFO [vpn] starting
2025-01-15T13:15:09+01:00 INFO [firewall] allowing VPN connection...
2025-01-15T13:15:09+01:00 INFO [wireguard] Using available kernelspace implementation
2025-01-15T13:15:09+01:00 INFO [wireguard] Connecting to 169.150.197.163:1194
2025-01-15T13:15:09+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-01-15T13:15:09+01:00 INFO [firewall] setting allowed input port 10218 through interface tun0...
2025-01-15T13:15:14+01:00 WARN [dns] dialing tls server for request IN AAAA ipinfo.io.: dial tcp 1.1.1.1:853: i/o timeout
2025-01-15T13:15:14+01:00 WARN [dns] dialing tls server for request IN A ipinfo.io.: dial tcp 1.0.0.1:853: i/o timeout
2025-01-15T13:15:19+01:00 WARN [dns] dialing tls server for request IN A ipinfo.io.: dial tcp 1.0.0.1:853: i/o timeout
2025-01-15T13:15:19+01:00 WARN [dns] dialing tls server for request IN AAAA ipinfo.io.: dial tcp 1.1.1.1:853: i/o timeout
2025-01-15T13:15:19+01:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 127.0.0.1:53: read udp 127.0.0.1:45533->127.0.0.1:53: i/o timeout
2025-01-15T13:15:20+01:00 WARN Caught OS signal terminated, shutting down
2025-01-15T13:15:20+01:00 INFO updater ticker: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO dns ticker: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO http server: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO control: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO updater: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO tickers: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 WARN HTTP health server: goroutine shutdown timed out: after 400ms ⚠️
2025-01-15T13:15:20+01:00 INFO [firewall] removing allowed port 10218...
2025-01-15T13:15:20+01:00 INFO vpn: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO shadowsocks proxy: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO http proxy: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO dns: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO other: terminated βœ”οΈ
2025-01-15T13:15:20+01:00 INFO [routing] routing cleanup...
2025-01-15T13:15:20+01:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.6 and family v4
2025-01-15T13:15:20+01:00 INFO [routing] deleting route for 0.0.0.0/0
2025-01-15T13:15:20+01:00 WARN Shutdown failed: ordered shutdown timed out: HTTP health server: goroutine shutdown timed out: after 400ms

Share your configuration

services:
  gluetun:
    image: ghcr.io/qdm12/gluetun
    container_name: gluetun
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8085:8085/tcp # qB WebUI
    labels:
      caddy: #CENSORED#
      caddy.reverse_proxy: "{{upstreams 8085}}"
    environment:
      - FIREWALL_VPN_INPUT_PORTS=10218
      - VPN_SERVICE_PROVIDER=windscribe
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=#CENSORED#
      - WIREGUARD_ADDRESSES=#CENSORED#
      - WIREGUARD_PRESHARED_KEY=#CENSORED#
      - SERVER_REGIONS=Switzerland
      - TZ=Europe/Berlin
      - UPDATER_PERIOD=24h
      - PUBLICIP_API=ipinfo
      - PUBLICIP_API_TOKEN=#CENSORED#


  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: "service:gluetun"
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - WEBUI_PORT=8085
      - TORRENTING_PORT=10218
    volumes:
      - ./qbittorrent/appdata:/config
      - ./qbittorrent/downloads:/downloads
    restart: unless-stopped
    depends_on:
      - gluetun
    healthcheck:
      test: ["CMD", "ping", "-c", "1", "1.1.1.1"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 10s


networks:
  default:
    external: true
    name: reverse-proxied

Silun avatar Jan 15 '25 13:01 Silun