ddns-updater
ddns-updater copied to clipboard
Published
20 hours ago •
qdm12
qdm12
Please add Tucows/Enom
-
What's the feature? Please add the Tucows/Enom domain / DNS provider please!
-
Extra information? If you need anything from that site, I can provide some help!
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
- do not ask for updates, be patient
- :+1: the issue to show your support instead of commenting @qdm12 usually checks issues at least once a week, if this is a new urgent bug, revert to an older tagged container image
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I have a similar (and probably related) bug. Also using Surfshark. For me though, explicitly setting it to version 3.39.1 works but setting it to the latest seems to make it break.
gluetun | 2024-10-20T23:54:47-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:38422->1.0.0.1:853: i/o timeout
gluetun | 2024-10-20T23:54:47-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:51636->1.1.1.1:853: i/o timeout
...
gluetun | 2024-10-20T23:54:53-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:38580->1.0.0.1:853: i/o timeout
gluetun | 2024-10-20T23:54:53-07:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 127.0.0.1:53: server misbehaving
gluetun | 2024-10-20T23:54:53-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:51770->1.1.1.1:853: i/o timeout
gluetun | 2024-10-20T23:54:53-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:51784->1.1.1.1:853: i/o timeout
...
gluetun | 2024-10-20T23:54:56-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:44474->1.0.0.1:853: i/o timeout
gluetun | 2024-10-20T23:54:56-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:44760->1.1.1.1:853: i/o timeout
gluetun | 2024-10-20T23:54:57-07:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
gluetun | 2024-10-20T23:54:57-07:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun | 2024-10-20T23:54:57-07:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun | 2024-10-20T23:54:57-07:00 INFO [vpn] stopping
gluetun | 2024-10-20T23:54:57-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:44476->1.0.0.1:853: i/o timeout
gluetun | 2024-10-20T23:54:57-07:00 INFO [vpn] starting
gluetun | 2024-10-20T23:54:57-07:00 INFO [firewall] allowing VPN connection...
gluetun | 2024-10-20T23:54:57-07:00 INFO [wireguard] Using available kernelspace implementation
gluetun | 2024-10-20T23:54:57-07:00 INFO [wireguard] Connecting to ###########
gluetun | 2024-10-20T23:54:57-07:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
gluetun | 2024-10-20T23:54:57-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:44776->1.1.1.1:853: i/o timeout
gluetun | 2024-10-20T23:54:57-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:44490->1.0.0.1:853: i/o timeout
...
gluetun | 2024-10-20T23:55:05-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:46218->1.0.0.1:853: i/o timeout
gluetun | 2024-10-20T23:55:05-07:00 WARN [dns] exchanging over DoT connection: read tcp 10.14.0.2:43486->1.1.1.1:853: i/o timeout
gluetun | 2024-10-20T23:55:05-07:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 127.0.0.1:53: server misbehaving
I have a similar (and probably related) bug. Also using Surfshark. For me though, explicitly setting it to version 3.39.1 works but
I have the same issue too
I have the same issue too
Same issue for me with Surfshark/wireguard
But when I run the latest, my log says You are running 2 commits behind the most recent latest
When I run v3.39.1, the log says You are running the latest release v3.39.1
Same issue with ProtonVPN / Wireguard,
trying many version but always got : ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io
@qdm12 Please can you help me ? I don't have another container with VPN or something else ... I've read all the issues but find nothing to help me. My log :
<html><body>
<!--StartFragment-->
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
-- | -- | --
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [wireguard] Connecting to 149.102.245.156:51820
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [firewall] allowing VPN connection...
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [vpn] starting
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [vpn] stopping
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024/10/25 01:27:48 | stdout | 2024-10-25T01:27:48+02:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024/10/25 01:27:46 | stdout | 2024-10-25T01:27:46+02:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: read udp 10.2.0.2:34579->1.1.1.1:53: i/o timeout
2024/10/25 01:27:45 | stdout | 2024-10-25T01:27:45+02:00 INFO [dns] downloading hostnames and IP block lists
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [dns] attempting restart in 10s
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.2.0.2:44404->1.1.1.1:53: i/o timeout, Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.2.0.2:44404->1.1.1.1:53: i/o timeout
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [wireguard] Connecting to 149.102.245.156:51820
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [firewall] allowing VPN connection...
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [vpn] starting
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [vpn] stopping
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024/10/25 01:27:35 | stdout | 2024-10-25T01:27:35+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [dns] downloading hostnames and IP block lists
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [wireguard] Connecting to 149.102.245.156:51820
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [wireguard] Using userspace implementation since Kernel support does not exist
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [firewall] allowing VPN connection...
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [http server] http server listening on [::]:8000
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [firewall] setting allowed subnets...
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [routing] adding route for 0.0.0.0/0
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2024/10/25 01:27:25 | stdout | └── Enabled: yes
2024/10/25 01:27:25 | stdout | └── Version settings:
2024/10/25 01:27:25 | stdout | \| └── cloudflare
2024/10/25 01:27:25 | stdout | \| ├── ip2location
2024/10/25 01:27:25 | stdout | \| ├── ifconfigco
2024/10/25 01:27:25 | stdout | \| └── Public IP data backup APIs:
2024/10/25 01:27:25 | stdout | \| ├── Public IP data base API: ipinfo
2024/10/25 01:27:25 | stdout | \| ├── IP file path: /tmp/gluetun/ip
2024/10/25 01:27:25 | stdout | ├── Public IP settings:
2024/10/25 01:27:25 | stdout | \| └── Timezone: Europe/Paris
2024/10/25 01:27:25 | stdout | \| ├── Process GID: 1000
2024/10/25 01:27:25 | stdout | \| ├── Process UID: 1000
2024/10/25 01:27:25 | stdout | ├── OS Alpine settings:
2024/10/25 01:27:25 | stdout | \| └── Filepath: /gluetun/servers.json
2024/10/25 01:27:25 | stdout | ├── Storage settings:
2024/10/25 01:27:25 | stdout | \| └── Authentication file path: /gluetun/auth/config.toml
2024/10/25 01:27:25 | stdout | \| ├── Logging: yes
2024/10/25 01:27:25 | stdout | \| ├── Listening address: :8000
2024/10/25 01:27:25 | stdout | ├── Control server settings:
2024/10/25 01:27:25 | stdout | \| └── Enabled: no
2024/10/25 01:27:25 | stdout | ├── HTTP proxy settings:
2024/10/25 01:27:25 | stdout | \| └── Enabled: no
2024/10/25 01:27:25 | stdout | ├── Shadowsocks server settings:
2024/10/25 01:27:25 | stdout | \| └── Additional duration: 5s
2024/10/25 01:27:25 | stdout | \| ├── Initial duration: 6s
2024/10/25 01:27:25 | stdout | \| └── VPN wait durations:
2024/10/25 01:27:25 | stdout | \| ├── Read timeout: 500ms
2024/10/25 01:27:25 | stdout | \| ├── Read header timeout: 100ms
2024/10/25 01:27:25 | stdout | \| ├── Duration to wait after success: 5s
2024/10/25 01:27:25 | stdout | \| ├── Target address: cloudflare.com:443
2024/10/25 01:27:25 | stdout | \| ├── Server listening address: 127.0.0.1:9999
2024/10/25 01:27:25 | stdout | ├── Health settings:
2024/10/25 01:27:25 | stdout | \| └── Log level: info
2024/10/25 01:27:25 | stdout | ├── Log settings:
2024/10/25 01:27:25 | stdout | \| └── Enabled: yes
2024/10/25 01:27:25 | stdout | ├── Firewall settings:
2024/10/25 01:27:25 | stdout | \| └── ::ffff:192.168.0.0/112
2024/10/25 01:27:25 | stdout | \| ├── ::ffff:172.16.0.0/108
2024/10/25 01:27:25 | stdout | \| ├── ::ffff:169.254.0.0/112
2024/10/25 01:27:25 | stdout | \| ├── ::ffff:10.0.0.0/104
2024/10/25 01:27:25 | stdout | \| ├── ::ffff:127.0.0.1/104
2024/10/25 01:27:25 | stdout | \| ├── fe80::/10
2024/10/25 01:27:25 | stdout | \| ├── fc00::/7
2024/10/25 01:27:25 | stdout | \| ├── ::1/128
2024/10/25 01:27:25 | stdout | \| ├── 169.254.0.0/16
2024/10/25 01:27:25 | stdout | \| ├── 192.168.0.0/16
2024/10/25 01:27:25 | stdout | \| ├── 172.16.0.0/12
2024/10/25 01:27:25 | stdout | \| ├── 10.0.0.0/8
2024/10/25 01:27:25 | stdout | \| ├── 127.0.0.1/8
2024/10/25 01:27:25 | stdout | \| └── Blocked IP networks:
2024/10/25 01:27:25 | stdout | \| ├── Block surveillance: no
2024/10/25 01:27:25 | stdout | \| ├── Block ads: no
2024/10/25 01:27:25 | stdout | \| ├── Block malicious: yes
2024/10/25 01:27:25 | stdout | \| └── DNS filtering settings:
2024/10/25 01:27:25 | stdout | \| ├── IPv6: no
2024/10/25 01:27:25 | stdout | \| ├── Caching: yes
2024/10/25 01:27:25 | stdout | \| \| └── cloudflare
2024/10/25 01:27:25 | stdout | \| ├── Upstream resolvers:
2024/10/25 01:27:25 | stdout | \| ├── Update period: every 24h0m0s
2024/10/25 01:27:25 | stdout | \| ├── Enabled: yes
2024/10/25 01:27:25 | stdout | \| └── DNS over TLS settings:
2024/10/25 01:27:25 | stdout | \| ├── DNS server address to use: 127.0.0.1
2024/10/25 01:27:25 | stdout | \| ├── Keep existing nameserver(s): no
2024/10/25 01:27:25 | stdout | ├── DNS settings:
2024/10/25 01:27:25 | stdout | \| └── MTU: 1420
2024/10/25 01:27:25 | stdout | \| └── Network interface: tun0
2024/10/25 01:27:25 | stdout | \| \| └── ::/0
2024/10/25 01:27:25 | stdout | \| \| ├── 0.0.0.0/0
2024/10/25 01:27:25 | stdout | \| ├── Allowed IPs:
2024/10/25 01:27:25 | stdout | \| \| └── 10.2.0.2/32
2024/10/25 01:27:25 | stdout | \| ├── Interface addresses:
2024/10/25 01:27:25 | stdout | \| ├── Private key: aK1...nA=
2024/10/25 01:27:25 | stdout | \| └── Wireguard settings:
2024/10/25 01:27:25 | stdout | \| \| └── Server public key: =
2024/10/25 01:27:25 | stdout | \| \| ├── Endpoint port: 51820
2024/10/25 01:27:25 | stdout | \| \| ├── Endpoint IP address: 149.102.245.156
2024/10/25 01:27:25 | stdout | \| \| └── Wireguard selection settings:
2024/10/25 01:27:25 | stdout | \| \| ├── Target IP address: 149.102.245.156
2024/10/25 01:27:25 | stdout | \| \| ├── VPN type: wireguard
2024/10/25 01:27:25 | stdout | \| \| └── Server selection settings:
2024/10/25 01:27:25 | stdout | \| \| ├── Name: custom
2024/10/25 01:27:25 | stdout | \| ├── VPN provider settings:
2024/10/25 01:27:25 | stdout | ├── VPN settings:
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO Settings summary:
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO IPtables version: v1.8.10
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO OpenVPN 2.6 version: 2.6.11
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO OpenVPN 2.5 version: 2.5.10
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO Alpine version: 3.20.3
2024/10/25 01:27:25 | stdout | 2024-10-25T01:27:25+02:00 INFO [storage] merging by most recent 20553 hardcoded servers and 20480 servers read from /gluetun/servers.json
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 INFO [firewall] enabled successfully
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 INFO [firewall] enabling...
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 INFO [routing] local ipnet found: 172.22.0.0/16
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 INFO [routing] local ethernet link found: eth0
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 WARN You are using the old environment variable VPN_ENDPOINT_PORT, please consider changing it to WIREGUARD_ENDPOINT_PORT
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 WARN You are using the old environment variable VPN_ENDPOINT_IP, please consider changing it to WIREGUARD_ENDPOINT_IP
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 WARN You are using the old environment variable VPN_ENDPOINT_PORT, please consider changing it to OPENVPN_ENDPOINT_PORT
2024/10/25 01:27:24 | stdout | 2024-10-25T01:27:24+02:00 WARN You are using the old environment variable VPN_ENDPOINT_IP, please consider changing it to OPENVPN_ENDPOINT_IP
2024/10/25 01:27:24 | stdout | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024/10/25 01:27:24 | stdout | 💻 Email? [email protected]
2024/10/25 01:27:24 | stdout | 🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
2024/10/25 01:27:24 | stdout | 🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
2024/10/25 01:27:24 | stdout |
2024/10/25 01:27:24 | stdout | 📣 All control server routes will become private by default after the v3.41.0 release
2024/10/25 01:27:24 | stdout |
2024/10/25 01:27:24 | stdout | Running version latest built on 2024-10-19T13:24:28.444Z (commit a61302f)
2024/10/25 01:27:24 | stdout |
2024/10/25 01:27:24 | stdout | ========================================
2024/10/25 01:27:24 | stdout | ========================================
2024/10/25 01:27:24 | stdout | ======= https://github.com/qdm12 =======
2024/10/25 01:27:24 | stdout | =========== Made with ❤️ by ============
2024/10/25 01:27:24 | stdout | ========================================
2024/10/25 01:27:24 | stdout | =============== gluetun ================
2024/10/25 01:27:24 | stdout | ========================================
2024/10/25 01:27:24 | stdout | ========================================
Thank you in advance
@screamjojo you can try to solve the problem by yourself for now. Try a specific version tag instead of the latest tag (image: ghcr.io/qdm12/gluetun:v3.39.1 is working for me). When you don't have time to check a changelog, or check the container log, it's probably not advisable to run with the latest tag all the time because it's always possible that somethings broke (because @qdm12 does everything at his own and he simply cannot check everything after every change he makes).
I don't think you check your logs often, otherwise those warning should have your attention and should be solved allready to:
WARN You are using the old environment variable VPN_ENDPOINT_PORT, please consider changing it to WIREGUARD_ENDPOINT_PORT
WARN You are using the old environment variable VPN_ENDPOINT_IP, please consider changing it to WIREGUARD_ENDPOINT_IP
WARN You are using the old environment variable VPN_ENDPOINT_PORT, please consider changing it to OPENVPN_ENDPOINT_PORT
WARN You are using the old environment variable VPN_ENDPOINT_IP, please consider changing it to OPENVPN_ENDPOINT_IP
So, you could solve your problem by changing the version and wait for @qdm12 to solve the problem in a later update.
kr., Patrick
Hello @frepke , as I say I already try many versions inclunding v3.39.1 but not working. But thanks for your help.
Hello there, thanks @frepke for the help! By the way @frepke are you using surfshark as well? Does it work for both v3.39.1 and the latest image?
The v3.39.1 should closely work the same as v3.39.0, but the latest image has substantial changes especially the dns server/forwarder is completely changed, so that could be a reason? Maybe try with DOT=off on the latest image?
Regarding
But when I run the latest, my log says You are running 2 commits behind the most recent latest
This happens when the last commits are not triggering an image build, for example documentation or development setup commits. I could eventually fix it, but it does rarely happen 😉
Ps: Also just rechecked it works fine on my side with Mullvad wireguard for the sake of narrowing this down
@screamjojo this is about surfshark, so hiding your comments. Your issue is rather generic, you can refer to #2154 or open another issue. Make sure you also try steps described on the wiki page linked in your logs.
Edit: marking this comment as off topic too.
Yeah, still using Surfshark (unfortunately AdguardVPN isn't working with Gluetun 😔)
- v3.39.1 is running with DOT=on and DOT=off
- latest is only running when DOT=off
If I have to check/test something, let me know 😉
I'm having the same issue with Surfshark - v3.39 tag works fine, beyond does not and I get the same. Using Wireguard as the protocol.
Reading all this all over again, there seem to be 2 issues, most likely unrelated:
@Dreadwolf91
These two errors
context deadline exceeded (Client.Timeout exceeded while awaiting headers), context deadline exceeded (Client.Timeout or context cancellation while reading body) net/http: TLS handshake timeout
Despite the VPN connection actually working to get the public IP address and the TCP dial to cloudflare.com (aka health check):
2024-10-20T23:58:09+02:00 INFO [healthcheck] healthy!
2024-10-20T23:58:24+02:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), context deadline exceeded (Client.Timeout or context cancellation while reading body)
2024-10-20T23:58:24+02:00 INFO [dns] attempting restart in 10s
2024-10-20T23:58:25+02:00 INFO [ip getter] Public IP address is 89.37.95.213 (Spain, Madrid, Madrid)
I've seen this behavior, and it's most likely due to your MTU, so either try:
- fiddling with
OPENVPN_MSSFIX(see openvpn mssfix option) - move to use Wireguard, and, maybe, fiddle with
WIREGUARD_MTU
Also please double check if you can make it work with the image tag :v3.39 (and not v3.29 as you mentioned).
This is very unrelated to the other issue below, and has near 100% chance nothing to do with the DNS forwarder code.
@epic0421 @haitham506 @frepke @the-jeffski (and more to come likely):
It looks like your error is really just/mostly exchanging over DoT connection: read tcp localip:localport->1.0.0.1:853: i/o timeout for example, indicating the Cloudflare (1.1.1.1 and 1.0.0.1) DNS server just doesn't reply back over dns over tls for whatever reason.
Now a few things on this:
- The new DNS forwarder is quite verbose on i/o timeout errors, whereas the previous (unbound) would not log them out.
- On my side (mullvad+wireguard) I spoke a bit too fast saying it was working fine. It does in a way, but does internally restart the VPN quite a bit (4 times in 24 hours). Is this the problem you face as well? Or is it always failing and never able to setup a connection at all?
PS: what you can try is the following to see if it works outside the custom DNS forwarder code:
docker exec gluetun apk add knot-utils
docker exec kdig -d @1.1.1.1 +tls-ca +tls-host=cloudflare-dns.com github.com
This would run a DNS over TLS query to cloudflare (1.1.1.1) to resolve github.com: does this work when gluetun fails to resolve things?
For me, with DOT=on with v3.39.1, it's not possible to setup a connection at all.
For me, v3.39.1 works fine (DOT on/off). Latest fails to establish a connection and spams that error message repeatedly when DOT is on.
Actually now that I am testing it further, the connection does get established and is initially healthy, but becomes unhealthy very quickly, and then becomes healthy about a minute later. That error message keeps getting spammed though.
ver tls connection: read tcp 10.14.0.2:50528->1.0.0.1:853: i/o timeout
gluetun | 2024-11-02T12:28:54-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:50540->1.0.0.1:853: i/o timeout
gluetun | 2024-11-02T12:28:54-07:00 ERROR [dns] stopping DoT server: stopping DNS udp server: context deadline exceeded
gluetun | 2024-11-02T12:28:54-07:00 INFO [dns] falling back on plaintext DNS at address 1.1.1.1
gluetun | 2024-11-02T12:28:54-07:00 WARN [dns] DNS is not working: after 10 tries: lookup github.com on 127.0.0.1:53: server misbehaving
gluetun | 2024-11-02T12:28:54-07:00 INFO [dns] attempting restart in 10s
gluetun | 2024-11-02T12:28:54-07:00 INFO [ip getter] Public IP address is ##### (####### - source: ipinfo)
gluetun | 2024-11-02T12:28:55-07:00 INFO [vpn] You are running on the bleeding edge of latest!
gluetun | 2024-11-02T12:28:56-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:50960->1.1.1.1:853: i/o timeout
gluetun | 2024-11-02T12:28:58-07:00 INFO [healthcheck] healthy!
gluetun | 2024-11-02T12:29:04-07:00 INFO [dns] downloading hostnames and IP block lists
gluetun | 2024-11-02T12:29:05-07:00 INFO [dns] DNS server listening on [::]:53
gluetun | 2024-11-02T12:29:07-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:34758->1.1.1.1:853: i/o timeout
gluetun | 2024-11-02T12:29:07-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:34744->1.1.1.1:853: i/o timeout
At the end, it does this and then the error messages stop. It then starts doing it again, making the container unhealthy and the cycle repeats.
gluetun | 2024-11-02T12:30:33-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:51990->1.0.0.1:853: i/o timeout
gluetun | 2024-11-02T12:30:33-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:51984->1.0.0.1:853: i/o timeout
gluetun | 2024-11-02T12:30:34-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:46982->1.1.1.1:853: i/o timeout
gluetun | 2024-11-02T12:30:35-07:00 ERROR [dns] stopping DoT server: stopping DNS udp server: context deadline exceeded
gluetun | 2024-11-02T12:30:35-07:00 INFO [dns] falling back on plaintext DNS at address 1.1.1.1
gluetun | 2024-11-02T12:30:35-07:00 WARN [dns] DNS is not working: after 10 tries: lookup github.com on 127.0.0.1:53: server misbehaving
gluetun | 2024-11-02T12:30:35-07:00 INFO [dns] attempting restart in 20s
gluetun | 2024-11-02T12:30:36-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:51998->1.0.0.1:853: i/o timeout
gluetun | 2024-11-02T12:30:39-07:00 INFO [healthcheck] healthy!
gluetun | 2024-11-02T12:30:55-07:00 INFO [dns] downloading hostnames and IP block lists
gluetun | 2024-11-02T12:30:55-07:00 INFO [dns] DNS server listening on [::]:53
gluetun | 2024-11-02T12:30:57-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:32772->1.0.0.1:853: i/o timeout
gluetun | 2024-11-02T12:30:57-07:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:32768->1.0.0.1:853: i/o timeout
The connection gets established (healthy) and than becomes (unhealthy) after seconds, it restarted 6 times after that it stayed connected but the dns errors keeps showing up but not spammed.
:latest
========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2024-10-28T09:25:35.847Z (commit f1f3472)
📣 All control server routes will become private by default after the v3.41.0 release
🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-11-02T22:56:18+00:00 INFO [routing] default route found: interface eth0, gateway 172.27.0.1, assigned IP 172.27.0.2 and family v4
2024-11-02T22:56:18+00:00 INFO [routing] local ethernet link found: eth0
2024-11-02T22:56:18+00:00 INFO [routing] local ipnet found: 172.27.0.0/16
2024-11-02T22:56:19+00:00 INFO [firewall] enabling...
2024-11-02T22:56:19+00:00 INFO [firewall] enabled successfully
2024-11-02T22:56:20+00:00 INFO [storage] creating /gluetun/servers.json with 20553 hardcoded servers
2024-11-02T22:56:21+00:00 INFO Alpine version: 3.20.3
2024-11-02T22:56:21+00:00 INFO OpenVPN 2.5 version: 2.5.10
2024-11-02T22:56:21+00:00 INFO OpenVPN 2.6 version: 2.6.11
2024-11-02T22:56:21+00:00 INFO IPtables version: v1.8.10
2024-11-02T22:56:21+00:00 INFO Settings summary:
├── VPN settings:
| ├── VPN provider settings:
| | ├── Name: surfshark
| | └── Server selection settings:
| | ├── VPN type: wireguard
| | ├── Countries: ####
| | └── Wireguard selection settings:
| └── Wireguard settings:
| ├── Private key: #####
| ├── Interface addresses:
| | └── 10.14.0.2/16
| ├── Allowed IPs:
| | ├── 0.0.0.0/0
| | └── ::/0
| └── Network interface: tun0
| └── MTU: 1420
├── DNS settings:
| ├── Keep existing nameserver(s): no
| ├── DNS server address to use: 127.0.0.1
| └── DNS over TLS settings:
| ├── Enabled: yes
| ├── Update period: every 24h0m0s
| ├── Upstream resolvers:
| | ├── cloudflare
| | ├── google
| | └── quad9
| ├── Caching: yes
| ├── IPv6: no
| └── DNS filtering settings:
| ├── Block malicious: yes
| ├── Block ads: no
| ├── Block surveillance: no
| └── Blocked IP networks:
| ├── 127.0.0.1/8
| ├── 10.0.0.0/8
| ├── 172.16.0.0/12
| ├── 192.168.0.0/16
| ├── 169.254.0.0/16
| ├── ::1/128
| ├── fc00::/7
| ├── fe80::/10
| ├── ::ffff:127.0.0.1/104
| ├── ::ffff:10.0.0.0/104
| ├── ::ffff:169.254.0.0/112
| ├── ::ffff:172.16.0.0/108
| └── ::ffff:192.168.0.0/112
├── Firewall settings:
| └── Enabled: yes
├── Log settings:
| └── Log level: info
├── Health settings:
| ├── Server listening address: 127.0.0.1:9999
| ├── Target address: cloudflare.com:443
| ├── Duration to wait after success: 5s
| ├── Read header timeout: 100ms
| ├── Read timeout: 500ms
| └── VPN wait durations:
| ├── Initial duration: 6s
| └── Additional duration: 5s
├── Shadowsocks server settings:
| └── Enabled: no
├── HTTP proxy settings:
| └── Enabled: no
├── Control server settings:
| ├── Listening address: :8000
| ├── Logging: yes
| └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
| └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
| ├── Process UID: 1000
| ├── Process GID: 1000
| └── Timezone: ####
├── Public IP settings:
| ├── IP file path: /tmp/gluetun/ip
| ├── Public IP data base API: ipinfo
| └── Public IP data backup APIs:
| ├── ifconfigco
| ├── ip2location
| └── cloudflare
├── Server data updater settings:
| ├── Update period: 24h0m0s
| ├── DNS address: 1.1.1.1:53
| ├── Minimum ratio: 0.8
| └── Providers to update: surfshark
└── Version settings:
└── Enabled: yes
2024-11-02T22:56:21+00:00 INFO [routing] default route found: interface eth0, gateway 172.27.0.1, assigned IP 172.27.0.2 and family v4
2024-11-02T22:56:21+00:00 INFO [routing] adding route for 0.0.0.0/0
2024-11-02T22:56:21+00:00 INFO [firewall] setting allowed subnets...
2024-11-02T22:56:21+00:00 INFO [routing] default route found: interface eth0, gateway 172.27.0.1, assigned IP 172.27.0.2 and family v4
2024-11-02T22:56:21+00:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-11-02T22:56:21+00:00 INFO [http server] http server listening on [::]:8000
2024-11-02T22:56:21+00:00 INFO [firewall] allowing VPN connection...
2024-11-02T22:56:21+00:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-11-02T22:56:21+00:00 INFO [wireguard] Using available kernelspace implementation
2024-11-02T22:56:21+00:00 INFO [wireguard] Connecting to ####:51820
2024-11-02T22:56:21+00:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-02T22:56:21+00:00 INFO [dns] downloading hostnames and IP block lists
2024-11-02T22:56:21+00:00 INFO [healthcheck] healthy!
2024-11-02T22:56:24+00:00 INFO [dns] DNS server listening on [::]:53
2024-11-02T22:56:26+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:49004->149.112.112.112:853: i/o timeout
2024-11-02T22:56:26+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:59252->1.0.0.1:853: i/o timeout
...
2024-11-02T22:56:33+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:58824->1.0.0.1:853: i/o timeout
2024-11-02T22:56:34+00:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-11-02T22:56:34+00:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-02T22:56:34+00:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-02T22:56:34+00:00 INFO [vpn] stopping
2024-11-02T22:56:34+00:00 ERROR [vpn] getting public IP address information: context canceled
2024-11-02T22:56:34+00:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2024-11-02T22:56:34+00:00 INFO [vpn] starting
2024-11-02T22:56:34+00:00 INFO [firewall] allowing VPN connection...
2024-11-02T22:56:34+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:45652->8.8.8.8:853: i/o timeout
2024-11-02T22:56:34+00:00 INFO [wireguard] Using available kernelspace implementation
2024-11-02T22:56:34+00:00 INFO [wireguard] Connecting to ####:51820
2024-11-02T22:56:34+00:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-02T22:56:36+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:58832->1.0.0.1:853: i/o timeout
2024-11-02T22:56:36+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:50044->8.8.4.4:853: i/o timeout
...
2024-11-02T22:56:39+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:57626->1.1.1.1:853: i/o timeout
2024-11-02T22:56:39+00:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 127.0.0.1:53: server misbehaving
2024-11-02T22:56:40+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:50080->8.8.4.4:853: i/o timeout
...
2024-11-02T22:56:49+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:37400->1.1.1.1:853: i/o timeout
2024-11-02T22:56:49+00:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-11-02T22:56:49+00:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-02T22:56:49+00:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-02T22:56:49+00:00 INFO [vpn] stopping
2024-11-02T22:56:49+00:00 INFO [vpn] starting
2024-11-02T22:56:49+00:00 INFO [firewall] allowing VPN connection...
2024-11-02T22:56:49+00:00 INFO [wireguard] Using available kernelspace implementation
2024-11-02T22:56:49+00:00 INFO [wireguard] Connecting to ####:51820
2024-11-02T22:56:49+00:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-02T22:56:50+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:47620->8.8.4.4:853: i/o timeout
...
2024-11-02T22:56:53+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:57584->1.0.0.1:853: i/o timeout
2024-11-02T22:56:53+00:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 127.0.0.1:53: server misbehaving
2024-11-02T22:56:55+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:42446->8.8.8.8:853: i/o timeout
...
2024-11-02T22:57:08+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:55996->8.8.8.8:853: i/o timeout
2024-11-02T22:57:08+00:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-11-02T22:57:08+00:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-11-02T22:57:08+00:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-11-02T22:57:08+00:00 INFO [vpn] stopping
2024-11-02T22:57:08+00:00 INFO [vpn] starting
2024-11-02T22:57:08+00:00 INFO [firewall] allowing VPN connection...
2024-11-02T22:57:08+00:00 INFO [wireguard] Using available kernelspace implementation
2024-11-02T22:57:08+00:00 INFO [wireguard] Connecting to ####:51820
2024-11-02T22:57:08+00:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-11-02T22:57:08+00:00 WARN [dns] exchanging over dns over tls connection: read tcp 10.14.0.2:54496->9.9.9.9:853: i/o timeout
...
Thanks for the reply, my homelab is currently out of order because of some infrastructure changes im making here at home, once its back in action in a couple of days i will do what you propose
@Dreadwolf91 in my case lowering WIREGUARD_MTU from the default 1400 to 1320 fixed it. For Openvpn, you could try OPENVPN_MSSFIX=1320 I think (not exactly the same as the WIREGUARD_MTU but it should work). I'm also running over Wifi right now, so it may be related to that.
Now, I also noticed the error came up in v3.39.x releases, it's just that a block list failed update would be logged as warning and not considered as "failed to setup the dns server" thing, unlike in the latest image. Before it was just an (obscure) warning logged:
WARN [dns] context deadline exceeded (Client.Timeout or context cancellation while reading body)
And now it's
WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": net/http: TLS handshake timeout, Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": net/http: TLS handshake timeout
Plus an attempt to re-setup the DNS server completely.
Others: please try lowering your MTU (WIREGUARD_MTU or OPENVPN_MSSFIX) to see if it helps??
WIREGUARD_MTU=1320 also works for me on latest. I was able to raise it to 1370 without any issues.
That's a pretty strange fix, given it was working fine with an MTU of 1400 (for wireguard) with Unbound. Also my bad, this two issues I was previously separating look related in the end!!
Plaintext DNS (aka DOT=off) most likely works fine because it uses a lot less data (just UDP traffic without all the TLS stuff). I'll dig into my DNS code and how to deal with fragmentation (for the curious it's these few lines), most likely end up asking on forums because I have no idea right now 😄 At least we have a workaround (lower the MTU).
Maybe this is nonsense (if so, @qdm12, please delete this comment) , but is it possible to make an automatic MTU adjuster:
package main
import (
"context"
"crypto/tls"
"fmt"
"net"
"os/exec"
"strconv"
"strings"
"time"
)
func findOptimalMTU(serverAddress string) int {
minMTU, maxMTU := 1200, 1500 // Typical VPN MTU range; adjust as needed
for minMTU <= maxMTU {
midMTU := (minMTU + maxMTU) / 2
if isMTUSupported(serverAddress, midMTU) {
minMTU = midMTU + 1 // Try larger MTU
} else {
maxMTU = midMTU - 1 // Try smaller MTU
}
}
return maxMTU
}
func isMTUSupported(serverAddress string, mtu int) bool {
// Runs a ping command with the specified MTU
// Adjust the command for your system if necessary
cmd := exec.Command("ping", serverAddress, "-c", "1", "-M", "do", "-s", strconv.Itoa(mtu-28))
output, err := cmd.CombinedOutput()
if err != nil {
return false
}
return strings.Contains(string(output), "1 packets transmitted, 1 received")
}
func dialWithOptimalMTU(ctx context.Context, serverAddress, serverName string) (*tls.Conn, error) {
// Step 1: Find optimal MTU
optimalMTU := findOptimalMTU(serverAddress)
fmt.Printf("Optimal MTU found: %d\n", optimalMTU)
// Step 2: Configure network dialer with MTU if necessary
// This example doesn’t apply MTU directly to the connection, as Go’s net package does not support direct MTU settings
// Alternative libraries may be required for true MTU control on dialed connections
dialer := &net.Dialer{Timeout: 10 * time.Second}
conn, err := dialer.DialContext(ctx, "tcp", serverAddress)
if err != nil {
return nil, err
}
// Step 3: Wrap connection with TLS
tlsConf := &tls.Config{
MinVersion: tls.VersionTLS12,
ServerName: serverName,
}
return tls.Client(conn, tlsConf), nil
}
func main() {
ctx := context.Background()
serverAddress := "example.com:443" // Replace with actual server address
serverName := "example.com" // Replace with actual server name
conn, err := dialWithOptimalMTU(ctx, serverAddress, serverName)
if err != nil {
fmt.Println("Failed to connect:", err)
return
}
defer conn.Close()
fmt.Println("Connection successful with optimal MTU")
}
@frepke I thought about it like 10 minutes ago 😄 That would be a nice addition, even without that bug we are facing. We could do this as soon as the VPN is up and restart the VPN (with the same exact settings, only the MTU changed), that would be cool but would require quite a bit of code changes.
Anyway, before jumping into this (btw nice code!), I would prefer (ideally, if possibly at all) to understand why Unbound was okay communicating with DNS over TLS fine but the new Go code (really just TCP dial with TLS 🤷) doesn't make it, both with the same MTU. Since I cannot reproduce the exact error you have (the i/o timeout ones), can you run a :latest Gluetun container, DOT=off, MTU left to its default (1400) and then, once the VPN is up, run the commands:
docker exec gluetun apk add knot-utils
docker exec gluetun kdig -d @1.1.1.1 +tls-ca +tls-host=cloudflare-dns.com github.com
To see if it works (and also how long it takes??? - the read timeout now is setup to 2 seconds, maybe that's too low)
Add gluetun to second command
docker exec gluetun apk add knot-utils docker exec gluetun kdig -d @1.1.1.1 +tls-ca +tls-host=cloudflare-dns.com github.com
;; DEBUG: TLS, imported 147 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG: #1, C=US,ST=California,L=San Francisco,O=Cloudflare\, Inc.,CN=cloudflare-dns.com
;; DEBUG: SHA-256 PIN: 4pqQ+yl3lAtRvKdoCCUR8iDmA53I+cJ7orgBLiF08kQ=
;; DEBUG: #2, C=US,O=DigiCert Inc,CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
;; DEBUG: SHA-256 PIN: Wec45nQiFwKvHtuHxSAMGkt19k+uPSw9JlEkxhvYPHk=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is trusted.
;; TLS session (TLS1.3)-(ECDHE-X25519)-(ECDSA-SECP256R1-SHA256)-(AES-256-GCM)
;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 60370
;; Flags: qr rd ra; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 1
;; EDNS PSEUDOSECTION:
;; Version: 0; flags: ; UDP size: 1232 B; ext-rcode: NOERROR
;; PADDING: 409 B
;; QUESTION SECTION:
;; github.com. IN A
;; ANSWER SECTION:
github.com. 19 IN A 20.26.156.215
;; Received 468 B
;; Time 2024-11-03 12:48:00 CET
;; From 1.1.1.1@853(TLS) in 62.2 ms
Well that's disappointing for me 😄 Meaning the error likely lies in my DNS over TLS implementation somewhere (although, on the other hand, I've been using it for years without issue, but also not through a VPN client).
I pushed in the latest image ddd3876f922ce8bc8151eab2c31ec1e38f7239a7 which notably changes:
- Maybe this helps: DNS over TLS dialer uses tls.Dialer instead of wrapping connection with tls.Client - probably not though.
- A DNS exchange errors contain the request question in their context
I would be curious what DNS queries are failing in your logs, now that 2. logs out the DNS request question that failed. The latest image should be built now 😉 Feel free to re-pull and retry (again with the default MTU).
Now with tag :latest, DOT=on and default MTU:
gluetun | 2024-11-03T18:00:23+01:00 INFO [routing] adding route for 0.0.0.0/0
gluetun | 2024-11-03T18:00:23+01:00 INFO [firewall] setting allowed subnets...
gluetun | 2024-11-03T18:00:23+01:00 INFO [routing] default route found: interface eth0, gateway 172.27.0.1, assigned IP 172.27.0.2 and family v4
gluetun | 2024-11-03T18:00:23+01:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
gluetun | 2024-11-03T18:00:23+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun | 2024-11-03T18:00:23+01:00 INFO [http server] http server listening on [::]:8000
gluetun | 2024-11-03T18:00:23+01:00 INFO [firewall] allowing VPN connection...
gluetun | 2024-11-03T18:00:23+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun | 2024-11-03T18:00:23+01:00 INFO [wireguard] Using available kernelspace implementation
gluetun | 2024-11-03T18:00:23+01:00 INFO [wireguard] Connecting to 146.70.175.75:51820
gluetun | 2024-11-03T18:00:23+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
gluetun | 2024-11-03T18:00:23+01:00 INFO [dns] downloading hostnames and IP block lists
gluetun | 2024-11-03T18:00:25+01:00 INFO [healthcheck] healthy!
gluetun | 2024-11-03T18:00:25+01:00 INFO [dns] DNS server listening on [::]:53
gluetun | 2024-11-03T18:00:31+01:00 WARN [dns] dialing tls server for request IN A github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:31+01:00 WARN [dns] dialing tls server for request IN AAAA github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:35+01:00 WARN [dns] dialing tls server for request IN A dht.libtorrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:35+01:00 WARN [dns] dialing tls server for request IN AAAA dht.libtorrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:35+01:00 WARN [dns] dialing tls server for request IN A download.deluge-torrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:35+01:00 WARN [dns] dialing tls server for request IN AAAA download.deluge-torrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:36+01:00 WARN [dns] dialing tls server for request IN A github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:36+01:00 WARN [dns] dialing tls server for request IN AAAA github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:37+01:00 WARN [dns] dialing tls server for request IN A dht.libtorrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:37+01:00 WARN [dns] dialing tls server for request IN AAAA dht.libtorrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:37+01:00 WARN [dns] dialing tls server for request IN A download.deluge-torrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:37+01:00 WARN [dns] dialing tls server for request IN AAAA download.deluge-torrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:40+01:00 WARN [dns] dialing tls server for request IN A dht.aelitis.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:40+01:00 WARN [dns] dialing tls server for request IN AAAA dht.aelitis.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:40+01:00 WARN [dns] dialing tls server for request IN A dht.libtorrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:40+01:00 WARN [dns] dialing tls server for request IN A download.deluge-torrent.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:41+01:00 WARN [dns] dialing tls server for request IN A github.com.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:00:41+01:00 WARN [dns] dialing tls server for request IN AAAA github.com.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:00:41+01:00 WARN [dns] dialing tls server for request IN A api.ipify.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:42+01:00 WARN [dns] dialing tls server for request IN AAAA dht.aelitis.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:42+01:00 WARN [dns] dialing tls server for request IN A dht.aelitis.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:45+01:00 WARN [dns] dialing tls server for request IN A dht.transmissionbt.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:45+01:00 WARN [dns] dialing tls server for request IN AAAA dht.transmissionbt.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:45+01:00 WARN [dns] dialing tls server for request IN A dht.aelitis.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:46+01:00 WARN [dns] dialing tls server for request IN A github.com.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:00:46+01:00 WARN [dns] dialing tls server for request IN AAAA github.com.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:00:46+01:00 WARN [dns] dialing tls server for request IN A api.ipify.org.: context deadline exceeded
gluetun | 2024-11-03T18:00:47+01:00 WARN [dns] dialing tls server for request IN A dht.transmissionbt.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:47+01:00 WARN [dns] dialing tls server for request IN AAAA dht.transmissionbt.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:50+01:00 WARN [dns] dialing tls server for request IN AAAA router.utorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:50+01:00 WARN [dns] dialing tls server for request IN A router.utorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:50+01:00 WARN [dns] dialing tls server for request IN A dht.transmissionbt.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:50+01:00 WARN [dns] dialing tls server for request IN AAAA dht.transmissionbt.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:51+01:00 WARN [dns] dialing tls server for request IN A api.ipify.org.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:00:51+01:00 WARN [dns] dialing tls server for request IN AAAA github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:51+01:00 WARN [dns] dialing tls server for request IN A github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:52+01:00 WARN [dns] dialing tls server for request IN AAAA router.utorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:52+01:00 WARN [dns] dialing tls server for request IN A router.utorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:55+01:00 WARN [dns] dialing tls server for request IN AAAA router.utorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:55+01:00 WARN [dns] dialing tls server for request IN AAAA router.bittorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:55+01:00 WARN [dns] dialing tls server for request IN A router.bittorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:56+01:00 WARN [dns] dialing tls server for request IN A api.ipify.org.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:00:56+01:00 WARN [dns] dialing tls server for request IN AAAA github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:56+01:00 WARN [dns] dialing tls server for request IN A github.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:57+01:00 WARN [dns] dialing tls server for request IN A router.bittorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:00:57+01:00 WARN [dns] dialing tls server for request IN AAAA router.bittorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:01:00+01:00 WARN [dns] dialing tls server for request IN A router.bitcomet.com.: context deadline exceeded
gluetun | 2024-11-03T18:01:00+01:00 WARN [dns] dialing tls server for request IN AAAA router.bitcomet.com.: context deadline exceeded
gluetun | 2024-11-03T18:01:00+01:00 WARN [dns] dialing tls server for request IN AAAA router.bittorrent.com.: context deadline exceeded
gluetun | 2024-11-03T18:01:01+01:00 WARN [dns] dialing tls server for request IN AAAA github.com.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:01:01+01:00 WARN [dns] dialing tls server for request IN A github.com.fritz.box.: context deadline exceeded
gluetun | 2024-11-03T18:01:02+01:00 WARN [dns] dialing tls server for request IN AAAA router.bitcomet.com.: context deadline exceeded
gluetun | 2024-11-03T18:01:02+01:00 WARN [dns] dialing tls server for request IN A router.bitcomet.com.: context deadline exceeded