gluetun icon indicating copy to clipboard operation
gluetun copied to clipboard

Published 20 hours ago β€’ verified publisher icon qdm12

Bug: openvpn `ip -6 addr` and error `RTNETLINK answers: Permission denied`

Open Scotty1928 opened this issue 5 months ago β€’ 11 comments

Is this urgent?

No

Host OS

Synology DSM 7.1.1

CPU arch

x86_64

VPN service provider

PrivateVPN

What are you using to run the container

Portainer

What is the version of Gluetun

Running version latest built on 2024-08-25T07:04:32.409Z (commit 01fa993)

What's the problem πŸ€”

Since a few hours my gluetun is unable to connect to my VPN provider (Perfect Privacy, not available in form Dropdown!!!). FAQ healthcheck and update provider list have been checked and done already. Update seems to be successful as per β€žlast editedβ€œ of that json file on host.

Seems related to RTNETLINK issue as per the logs. Unsure on how to solve this

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❀️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-08-25T07:04:32.409Z (commit 01fa993)

πŸ”§ Need help? β˜• Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
πŸ› Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
πŸ’» Email? [email protected]
πŸ’° Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-08-31T13:18:37+02:00 INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.8 and family v4
2024-08-31T13:18:37+02:00 INFO [routing] local ethernet link found: eth0
2024-08-31T13:18:37+02:00 INFO [routing] local ipnet found: 172.17.0.0/16
2024-08-31T13:18:37+02:00 INFO [firewall] enabling...
2024-08-31T13:18:37+02:00 INFO [firewall] enabled successfully
2024-08-31T13:18:38+02:00 INFO [storage] merging by most recent 20480 hardcoded servers and 20475 servers read from /gluetun/servers.json
2024-08-31T13:18:38+02:00 INFO [storage] Using perfect privacy servers from file which are 498 days more recent
2024-08-31T13:18:39+02:00 INFO Alpine version: 3.20.2
2024-08-31T13:18:39+02:00 INFO OpenVPN 2.5 version: 2.5.10
2024-08-31T13:18:39+02:00 INFO OpenVPN 2.6 version: 2.6.11
2024-08-31T13:18:39+02:00 INFO IPtables version: v1.8.10
2024-08-31T13:18:39+02:00 INFO Settings summary:
β”œβ”€β”€ VPN settings:
|   β”œβ”€β”€ VPN provider settings:
|   |   β”œβ”€β”€ Name: perfect privacy
|   |   └── Server selection settings:
|   |       β”œβ”€β”€ VPN type: openvpn
|   |       β”œβ”€β”€ Cities: Amsterdam
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: UDP
|   └── OpenVPN settings:
|       β”œβ”€β”€ OpenVPN version: 2.6
|       β”œβ”€β”€ User: [set]
|       β”œβ”€β”€ Password: [set]
|       β”œβ”€β”€ Network interface: tun0
|       β”œβ”€β”€ Run OpenVPN as: root
|       └── Verbosity level: 1
β”œβ”€β”€ DNS settings:
|   β”œβ”€β”€ Keep existing nameserver(s): no
|   β”œβ”€β”€ DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       β”œβ”€β”€ Enabled: yes
|       β”œβ”€β”€ Update period: every 24h0m0s
|       β”œβ”€β”€ Upstream resolvers:
|       |   └── cloudflare
|       β”œβ”€β”€ Caching: yes
|       β”œβ”€β”€ IPv6: no
|       └── DNS filtering settings:
|           β”œβ”€β”€ Block malicious: yes
|           β”œβ”€β”€ Block ads: no
|           β”œβ”€β”€ Block surveillance: no
|           └── Blocked IP networks:
|               β”œβ”€β”€ 127.0.0.1/8
|               β”œβ”€β”€ 10.0.0.0/8
|               β”œβ”€β”€ 172.16.0.0/12
|               β”œβ”€β”€ 192.168.0.0/16
|               β”œβ”€β”€ 169.254.0.0/16
|               β”œβ”€β”€ ::1/128
|               β”œβ”€β”€ fc00::/7
|               β”œβ”€β”€ fe80::/10
|               β”œβ”€β”€ ::ffff:127.0.0.1/104
|               β”œβ”€β”€ ::ffff:10.0.0.0/104
|               β”œβ”€β”€ ::ffff:169.254.0.0/112
|               β”œβ”€β”€ ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
β”œβ”€β”€ Firewall settings:
|   └── Enabled: yes
β”œβ”€β”€ Log settings:
|   └── Log level: info
β”œβ”€β”€ Health settings:
|   β”œβ”€β”€ Server listening address: 127.0.0.1:9999
|   β”œβ”€β”€ Target address: cloudflare.com:443
|   β”œβ”€β”€ Duration to wait after success: 5s
|   β”œβ”€β”€ Read header timeout: 100ms
|   β”œβ”€β”€ Read timeout: 500ms
|   └── VPN wait durations:
|       β”œβ”€β”€ Initial duration: 6s
|       └── Additional duration: 5s
β”œβ”€β”€ Shadowsocks server settings:
|   └── Enabled: no
β”œβ”€β”€ HTTP proxy settings:
|   └── Enabled: no
β”œβ”€β”€ Control server settings:
|   β”œβ”€β”€ Listening address: :8000
|   └── Logging: yes
β”œβ”€β”€ Storage settings:
|   └── Filepath: /gluetun/servers.json
β”œβ”€β”€ OS Alpine settings:
|   β”œβ”€β”€ Process UID: 1000
|   β”œβ”€β”€ Process GID: 1000
|   └── Timezone: Europe/Berlin
β”œβ”€β”€ Public IP settings:
|   β”œβ”€β”€ Fetching: every 12h0m0s
|   β”œβ”€β”€ IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
β”œβ”€β”€ Server data updater settings:
|   β”œβ”€β”€ Update period: 24h0m0s
|   β”œβ”€β”€ DNS address: 1.1.1.1:53
|   β”œβ”€β”€ Minimum ratio: 0.8
|   └── Providers to update: perfect privacy
└── Version settings:
    └── Enabled: yes
2024-08-31T13:18:39+02:00 INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.8 and family v4
2024-08-31T13:18:39+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-08-31T13:18:39+02:00 INFO [firewall] setting allowed subnets...
2024-08-31T13:18:39+02:00 INFO [routing] default route found: interface eth0, gateway 172.17.0.1, assigned IP 172.17.0.8 and family v4
2024-08-31T13:18:39+02:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-08-31T13:18:39+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-08-31T13:18:39+02:00 INFO [http server] http server listening on [::]:8000
2024-08-31T13:18:39+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-08-31T13:18:39+02:00 INFO [firewall] allowing VPN connection...
2024-08-31T13:18:39+02:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-31T13:18:39+02:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-31T13:18:39+02:00 WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-08-31T13:18:39+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]95.211.95.233:443
2024-08-31T13:18:39+02:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-08-31T13:18:39+02:00 INFO [openvpn] UDPv4 link remote: [AF_INET]95.211.95.233:443
2024-08-31T13:18:39+02:00 INFO [openvpn] [Server_amsterdam.perfect-privacy.com] Peer Connection Initiated with [AF_INET]95.211.95.233:443
2024-08-31T13:18:40+02:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-08-31T13:18:40+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:18:40+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:18:40+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.0.51.248/24
2024-08-31T13:18:40+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:18:40+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:18:40+02:00 INFO [openvpn] /sbin/ip -6 addr add fdbf:1d37:bbe0:0:3:3:0:f8/112 dev tun0
2024-08-31T13:18:40+02:00 ERROR [openvpn] RTNETLINK answers: Permission denied
2024-08-31T13:18:40+02:00 INFO [openvpn] Linux ip -6 addr add failed: external program exited with error status: 2
2024-08-31T13:18:40+02:00 INFO [openvpn] Exiting due to fatal error
2024-08-31T13:18:40+02:00 ERROR [vpn] exit status 1
2024-08-31T13:18:40+02:00 INFO [vpn] retrying in 15s
2024-08-31T13:18:45+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2024-08-31T13:18:45+02:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-31T13:18:45+02:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-31T13:18:55+02:00 INFO [firewall] allowing VPN connection...
2024-08-31T13:18:55+02:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-31T13:18:55+02:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-31T13:18:55+02:00 WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-08-31T13:18:55+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]95.168.167.236:443
2024-08-31T13:18:55+02:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-08-31T13:18:55+02:00 INFO [openvpn] UDPv4 link remote: [AF_INET]95.168.167.236:443
2024-08-31T13:18:55+02:00 INFO [openvpn] [Server_amsterdam.perfect-privacy.com] Peer Connection Initiated with [AF_INET]95.168.167.236:443
2024-08-31T13:18:56+02:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-08-31T13:18:56+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:18:56+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:18:56+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.5.209.64/24
2024-08-31T13:18:56+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:18:56+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:18:56+02:00 INFO [openvpn] /sbin/ip -6 addr add fdbf:1d37:bbe0:0:93:1:0:40/112 dev tun0
2024-08-31T13:18:56+02:00 ERROR [openvpn] RTNETLINK answers: Permission denied
2024-08-31T13:18:56+02:00 INFO [openvpn] Linux ip -6 addr add failed: external program exited with error status: 2
2024-08-31T13:18:56+02:00 INFO [openvpn] Exiting due to fatal error
2024-08-31T13:18:56+02:00 ERROR [vpn] exit status 1
2024-08-31T13:18:56+02:00 INFO [vpn] retrying in 15s
2024-08-31T13:19:06+02:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024-08-31T13:19:06+02:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-31T13:19:06+02:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-31T13:19:11+02:00 INFO [firewall] allowing VPN connection...
2024-08-31T13:19:11+02:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-31T13:19:11+02:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-31T13:19:11+02:00 WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-08-31T13:19:11+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]37.48.94.1:443
2024-08-31T13:19:11+02:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-08-31T13:19:11+02:00 INFO [openvpn] UDPv4 link remote: [AF_INET]37.48.94.1:443
2024-08-31T13:19:27+02:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN
2024-08-31T13:19:27+02:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-31T13:19:27+02:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024-08-31T13:19:27+02:00 INFO [vpn] stopping
2024-08-31T13:19:27+02:00 INFO [vpn] starting
2024-08-31T13:19:27+02:00 INFO [firewall] allowing VPN connection...
2024-08-31T13:19:27+02:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-31T13:19:27+02:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-31T13:19:27+02:00 WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-08-31T13:19:27+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]95.168.167.236:443
2024-08-31T13:19:27+02:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-08-31T13:19:27+02:00 INFO [openvpn] UDPv4 link remote: [AF_INET]95.168.167.236:443
2024-08-31T13:19:27+02:00 INFO [openvpn] [Server_amsterdam.perfect-privacy.com] Peer Connection Initiated with [AF_INET]95.168.167.236:443
2024-08-31T13:19:27+02:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-08-31T13:19:27+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:19:28+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:19:28+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.5.209.73/24
2024-08-31T13:19:28+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:19:28+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:19:28+02:00 INFO [openvpn] /sbin/ip -6 addr add fdbf:1d37:bbe0:0:93:1:0:49/112 dev tun0
2024-08-31T13:19:28+02:00 INFO [openvpn] Linux ip -6 addr add failed: external program exited with error status: 2
2024-08-31T13:19:28+02:00 ERROR [openvpn] RTNETLINK answers: Permission denied
2024-08-31T13:19:28+02:00 INFO [openvpn] Exiting due to fatal error
2024-08-31T13:19:28+02:00 ERROR [vpn] exit status 1
2024-08-31T13:19:28+02:00 INFO [vpn] retrying in 15s
2024-08-31T13:19:43+02:00 INFO [firewall] allowing VPN connection...
2024-08-31T13:19:43+02:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-08-31T13:19:43+02:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024-08-31T13:19:43+02:00 WARN [openvpn] No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
2024-08-31T13:19:43+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]95.211.95.244:443
2024-08-31T13:19:43+02:00 INFO [openvpn] UDPv4 link local: (not bound)
2024-08-31T13:19:43+02:00 INFO [openvpn] UDPv4 link remote: [AF_INET]95.211.95.244:443
2024-08-31T13:19:43+02:00 INFO [openvpn] [Server_amsterdam.perfect-privacy.com] Peer Connection Initiated with [AF_INET]95.211.95.244:443
2024-08-31T13:19:44+02:00 INFO [openvpn] TUN/TAP device tun0 opened
2024-08-31T13:19:44+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:19:44+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:19:44+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.0.64.50/24
2024-08-31T13:19:44+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-08-31T13:19:44+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
2024-08-31T13:19:44+02:00 INFO [openvpn] /sbin/ip -6 addr add fdbf:1d37:bbe0:0:4::32/112 dev tun0
2024-08-31T13:19:44+02:00 ERROR [openvpn] RTNETLINK answers: Permission denied
2024-08-31T13:19:44+02:00 INFO [openvpn] Linux ip -6 addr add failed: external program exited with error status: 2
2024-08-31T13:19:44+02:00 INFO [openvpn] Exiting due to fatal error
2024-08-31T13:19:44+02:00 ERROR [vpn] exit status 1
2024-08-31T13:19:44+02:00 INFO [vpn] retrying in 15s
2024-08-31T13:19:48+02:00 INFO [healthcheck] program has been unhealthy for 21s: restarting VPN
2024-08-31T13:19:48+02:00 INFO [healthcheck] πŸ‘‰ See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024-08-31T13:19:48+02:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION

Share your configuration

version: "3.8"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8090:8090 # port for app web ui
      - 6881:6881 # port for app data
    volumes:
      - /volume/for/container/configs/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=perfect privacy
      - VPN_TYPE=openvpn
      - OPENVPN_USER=redacted-user
      - OPENVPN_PASSWORD=redacted-password
      - SERVER_CITIES=Amsterdam
      - UPDATER_PERIOD=24h     # update provider list
      - UPDATER_VPN_SERVICE_PROVIDERS=perfect privacy
      - TZ=Europe/Berlin
    network_mode: bridge
    restart: always
#    privileged: true
#    devices:
#      - /dev/net/tun:/dev/net/tun
#    command: update -enduser -providers "perfect privacy"     # Force update of list

Scotty1928 avatar Aug 31 '24 11:08 Scotty1928