gluetun
gluetun copied to clipboard
Published
20 hours ago •
qdm12
qdm12
Bug: TLS handshake timeout
Is this urgent?
No response
Host OS
CentOS Streams 8
CPU arch
x86_64
VPN service provider
Private Internet Access
What are you using to run the container
Kubernetes
What is the version of Gluetun
3.31.1
What's the problem 🤔
There seems to be an issue with TLS / DNS
I can curl https://1.1.1.1 (if I add a 2nd container with curl)
But I cannot curl any https:// website with a FQDN
Share your logs
2022-09-18T11:28:53Z INFO [routing] default route found: interface eth0, gateway 10.42.0.1 and assigned IP 10.42.0.49
2022-09-18T11:28:53Z INFO [routing] local ethernet link found: eth0
2022-09-18T11:28:53Z INFO [routing] local ipnet found: 10.42.0.0/24
2022-09-18T11:28:53Z INFO [firewall] enabling...
2022-09-18T11:28:53Z INFO [firewall] enabled successfully
2022-09-18T11:28:53Z INFO [storage] creating /gluetun/servers.json with 11434 hardcoded servers
2022-09-18T11:28:53Z INFO Alpine version: 3.16.2
2022-09-18T11:28:53Z INFO OpenVPN 2.4 version: 2.4.12
2022-09-18T11:28:53Z INFO OpenVPN 2.5 version: 2.5.6
2022-09-18T11:28:53Z INFO Unbound version: 1.15.0
2022-09-18T11:28:53Z INFO IPtables version: v1.8.8
2022-09-18T11:28:53Z INFO Settings summary:
├── VPN settings:
| ├── VPN provider settings:
| | ├── Name: private internet access
| | └── Server selection settings:
| | ├── VPN type: openvpn
| | ├── Regions: region
| | └── OpenVPN server selection settings:
| | ├── Protocol: UDP
| | └── Private Internet Access encryption preset: strong
| └── OpenVPN settings:
| ├── OpenVPN version: 2.5
| ├── User: [set]
| ├── Password: [set]
| ├── Private Internet Access encryption preset: strong
| ├── Tunnel IPv6: no
| ├── Network interface: tun0
| ├── Run OpenVPN as: root
| └── Verbosity level: 1
├── DNS settings:
| ├── DNS server address to use: 127.0.0.1
| ├── Keep existing nameserver(s): no
| └── DNS over TLS settings:
| ├── Enabled: yes
| ├── Update period: every 24h0m0s
| ├── Unbound settings:
| | ├── Authoritative servers:
| | | └── cloudflare
| | ├── Caching: yes
| | ├── IPv6: no
| | ├── Verbosity level: 1
| | ├── Verbosity details level: 0
| | ├── Validation log level: 0
| | ├── System user: root
| | └── Allowed networks:
| | ├── 0.0.0.0/0
| | └── ::/0
| └── DNS filtering settings:
| ├── Block malicious: yes
| ├── Block ads: no
| ├── Block surveillance: no
| └── Blocked IP networks:
| ├── 127.0.0.1/8
| ├── 10.0.0.0/8
| ├── 172.16.0.0/12
| ├── 192.168.0.0/16
| ├── 169.254.0.0/16
| ├── ::1/128
| ├── fc00::/7
| ├── fe80::/10
| ├── ::ffff:7f00:1/104
| ├── ::ffff:a00:0/104
| ├── ::ffff:a9fe:0/112
| ├── ::ffff:ac10:0/108
| └── ::ffff:c0a8:0/112
├── Firewall settings:
| └── Enabled: yes
├── Log settings:
| └── Log level: INFO
├── Health settings:
| ├── Server listening address: 127.0.0.1:9999
| ├── Target address: cloudflare.com:443
| ├── Read header timeout: 100ms
| ├── Read timeout: 500ms
| └── VPN wait durations:
| ├── Initial duration: 6s
| └── Additional duration: 5s
├── Shadowsocks server settings:
| └── Enabled: no
├── HTTP proxy settings:
| └── Enabled: no
├── Control server settings:
| ├── Listening address: :8000
| └── Logging: yes
├── OS Alpine settings:
| ├── Process UID: 1000
| └── Process GID: 1000
├── Public IP settings:
| ├── Fetching: every 12h0m0s
| └── IP file path: /tmp/gluetun/ip
└── Version settings:
└── Enabled: yes
2022-09-18T11:28:53Z INFO [routing] default route found: interface eth0, gateway 10.42.0.1 and assigned IP 10.42.0.49
2022-09-18T11:28:53Z INFO [routing] adding route for 0.0.0.0/0
2022-09-18T11:28:53Z INFO [firewall] setting allowed subnets...
2022-09-18T11:28:53Z INFO [routing] default route found: interface eth0, gateway 10.42.0.1 and assigned IP 10.42.0.49
2022-09-18T11:28:53Z INFO [pprof] http server listening on [::]:6060
2022-09-18T11:28:53Z INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2022-09-18T11:28:53Z INFO [http server] http server listening on [::]:8000
2022-09-18T11:28:53Z INFO [healthcheck] listening on 127.0.0.1:9999
2022-09-18T11:28:53Z INFO [firewall] allowing VPN connection...
2022-09-18T11:28:53Z INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
2022-09-18T11:28:53Z INFO [openvpn] library versions: OpenSSL 1.1.1q 5 Jul 2022, LZO 2.10
2022-09-18T11:28:53Z INFO [openvpn] CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
2022-09-18T11:28:53Z INFO [openvpn] MIIDWDCC...g+RTtsA=
2022-09-18T11:28:53Z INFO [openvpn] -----END X509 CRL-----
2022-09-18T11:28:53Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]154.6.1.203:1197
2022-09-18T11:28:53Z INFO [openvpn] UDP link local: (not bound)
2022-09-18T11:28:53Z INFO [openvpn] UDP link remote: [AF_INET]154.6.1.203:1197
2022-09-18T11:28:53Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1554'
2022-09-18T11:28:53Z WARN [openvpn] 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
2022-09-18T11:28:53Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2022-09-18T11:28:53Z INFO [openvpn] [melbourne427] Peer Connection Initiated with [AF_INET]154.6.1.203:1197
2022-09-18T11:28:53Z INFO [openvpn] TUN/TAP device tun0 opened
2022-09-18T11:28:53Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2022-09-18T11:28:53Z INFO [openvpn] /sbin/ip link set dev tun0 up
2022-09-18T11:28:53Z INFO [openvpn] /sbin/ip addr add dev tun0 10.14.110.20/24
2022-09-18T11:28:53Z INFO [openvpn] UID set to nonrootuser
2022-09-18T11:28:53Z INFO [openvpn] Initialization Sequence Completed
2022-09-18T11:28:53Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-09-18T11:28:54Z INFO [healthcheck] healthy!
2022-09-18T11:29:04Z WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": net/http: TLS handshake timeout
2022-09-18T11:29:04Z INFO [dns over tls] attempting restart in 10s
2022-09-18T11:29:14Z INFO [dns over tls] downloading DNS over TLS cryptographic files
2022-09-18T11:29:14Z ERROR [ip getter] Get "https://ipinfo.io/": net/http: TLS handshake timeout
2022-09-18T11:29:14Z INFO [ip getter] retrying in 5s
2022-09-18T11:29:14Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": net/http: TLS handshake timeout
2022-09-18T11:29:24Z WARN [dns over tls] cannot update files: Get "https://www.internic.net/domain/named.root": net/http: TLS handshake timeout
2022-09-18T11:29:24Z INFO [dns over tls] attempting restart in 20s
2022-09-18T11:29:29Z ERROR [ip getter] Get "https://ipinfo.io/": net/http: TLS handshake timeout
2022-09-18T11:29:29Z INFO [ip getter] retrying in 5s
2022-09-18T11:29:44Z ERROR [ip getter] Get "https://ipinfo.io/": net/http: TLS handshake timeout
2022-09-18T11:29:44Z INFO [ip getter] retrying in 5s
2022-09-18T11:29:44Z INFO [dns over tls] downloading DNS over TLS cryptographic files
Share your configuration
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: appname
run: pia-and-dl
name: pia-and-dl
namespace: namespacename
spec:
replicas: 1
selector:
matchLabels:
app: appname
run: pia-and-dl
template:
metadata:
labels:
app: appname
run: pia-and-dl
spec:
containers:
- name: pia
env:
- name: DOT
value: 'off'
- name: BLOCK_MALICIOUS
value: 'off'
- name: VPN_SERVICE_PROVIDER
value: "private internet access"
- name: SERVER_REGIONS
value: "xxx"
- name: OPENVPN_IPV6
value: 'off'
- name: OPENVPN_USER
value: xxx
- name: OPENVPN_PASSWORD
value: xxx
image: qmcgaw/gluetun:v3.31.1
ports:
- containerPort: 8888
- containerPort: 8388
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
volumeMounts:
- mountPath: /dev/net/tun
name: dev-net-tun
- name: tools
image: praqma/network-multitool:latest
