gluetun icon indicating copy to clipboard operation
gluetun copied to clipboard
verified publisher icon qdm12

AirVPN IPv6 OpenVPN `write UDPv6 []: Address not available (fd=3,code=99)`

Open mikul9 opened this issue 1 year ago • 10 comments

Is this urgent?

No

Host OS

DSM 7.21 (Synology)

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

docker run

What is the version of Gluetun

Running version latest built on 2024-08-25T07:04:32.409Z (commit 01fa993)

What's the problem 🤔

Failure to connect to AirVPN after update to the latest version. The problem persists with the firewall disabled. Moving back to pr-2285 works.

Share your logs (at least 10 lines)

Stuck in this loop:

2024/09/05 11:00:22	stdout	2024-09-05T11:00:22-04:00 INFO [firewall] removing allowed port 13482...
2024/09/05 11:00:22	stdout	2024-09-05T11:00:22-04:00 INFO [vpn] stopping
2024/09/05 11:00:22	stdout	2024-09-05T11:00:22-04:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024/09/05 11:00:22	stdout	2024-09-05T11:00:22-04:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024/09/05 11:00:22	stdout	2024-09-05T11:00:22-04:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN
2024/09/05 11:00:18	stdout	2024-09-05T11:00:18-04:00 INFO [openvpn] write UDPv6 []: Address not available (fd=3,code=99)
2024/09/05 11:00:13	stdout	2024-09-05T11:00:13-04:00 INFO [openvpn] write UDPv6 []: Address not available (fd=3,code=99)
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [openvpn] write UDPv6 []: Address not available (fd=3,code=99)
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [openvpn] UDPv6 link remote: [AF_INET6]2001:ac8:40:8:6e2e:89db:741:eecb:1194
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [openvpn] UDPv6 link local: (not bound)
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:ac8:40:8:6e2e:89db:741:eecb:1194
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [openvpn] library versions: OpenSSL 3.3.1 4 Jun 2024, LZO 2.10
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [firewall] allowing VPN connection...
2024/09/05 11:00:11	stdout	2024-09-05T11:00:11-04:00 INFO [vpn] starting

Share your configuration

gluetun:
    image: qmcgaw/gluetun:latest   
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp 
      - 8388:8388/tcp 
      - 8388:8388/udp 
      - 8090:8090/tcp
    volumes:
      - /volume1/docker/gluetun:/gluetun
    environment:
      - PUID=1030 
      - PGID=65526 
      - TZ=America/New_York 
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=openvpn  
      - OPENVPN_USER=UserName
      - OPENVPN_PASSWORD=PaSsWoRd
      - HTTPPROXY=off 
      - SHADOWSOCKS=off 
      - FIREWALL_OUTBOUND_SUBNETS=181.20.0.0/16,192.168.1.0/24 
      - FIREWALL_VPN_INPUT_PORTS=12462 
      - UPDATER_PERIOD=24h
    network_mode: synobridge
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: always

mikul9 avatar Sep 05 '24 16:09 mikul9

@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:

  • do not ask for updates, be patient
  • :+1: the issue to show your support instead of commenting @qdm12 usually checks issues at least once a week, if this is a new urgent bug, revert to an older tagged container image

github-actions[bot] avatar Sep 05 '24 16:09 github-actions[bot]

Having the exact same issue here with openvpn connections on airvpn. Wireguard connections on airvpn continue to work just fine on the latest image.

caballinger avatar Sep 14 '24 14:09 caballinger

This is due to Openvpn trying to use IPv6, and your Docker setup probably doesn't support it. It could also be due to the upgrade from openvpn 2.5 to 2.6.

  1. If you run with LOG_LEVEL=debug, what IPv6 relevant lines do you get (for example IPv6 is supported by link ....)?
  2. What happens if you run image qmcgaw/gluetun:v3.39.0 with OPENVPN_VERSION=2.5?
  3. What happens if you run image qmcgaw/gluetun:v3.38.1?

also please use v3.x.x tagged images, not pr-2285. I have no idea what that image tag (for PR #2285) and it's hard for me to debug.

qdm12 avatar Sep 18 '24 11:09 qdm12

qmcgaw/gluetun:v3.39.0 with OPENVPN_VERSION=2.5: Same issue qmcgaw/gluetun:v3.38.1 without OPENVPN_VERSION=2.5: Working Related error in log:

2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] Exiting due to fatal error
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] Linux ip -6 addr add failed: external program exited with error status: 2
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 ERROR [openvpn] RTNETLINK answers: Permission denied
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] /sbin/ip -6 addr add fde6:7a:7d20:1b7a::10ab/64 dev tun0
2024/09/20 13:07:47,stdout,2024-09-20T13:07:47-07:00 INFO [openvpn] /sbin/ip link set dev tun0 up

caballinger avatar Sep 20 '24 19:09 caballinger

Confirmed that qmcgaw/gluetun:v3.38.1 is working.

mikul9 avatar Sep 23 '24 14:09 mikul9

I have had the same issue with the last few updates. When ever I go back to 3.39 and even the new 3.39.1 it works. With each pull of latest it does the udpv6 error. I tried to add a environment variable to stop it from using ip6 but that didn't seem to help.

KindaWrks avatar Oct 05 '24 16:10 KindaWrks

Same issue, i go back to V3.38.0 and no problems anymore.

VonPuffelen avatar Oct 08 '24 07:10 VonPuffelen

Hi, I have the exact same issue with v3.40, it works with v3.39.1 and previous.

olivier0013 avatar Apr 01 '25 10:04 olivier0013

It has been 7 months, and this is still a problem. Except now 3.38.1 is exhibiting the same symptom.

mikul9 avatar Apr 21 '25 02:04 mikul9

Same issue here with AirVPN, but v3.40 nor v3.39.1 is solving it for me. I need to go back to v3.38.0 to get rid of it.

Otherwise, I am forced to disable ipv6 with net.ipv6.conf.all.disable_ipv6=1

Oh, and btw i can trigger this issue no matter which version i am using while restarting the service with the api like docker exec Gluetun /usr/bin/wget -qO- --method=PUT --body-data='{"status":"restart"}' --header='x-api-key: API-KEY' http://127.0.0.1:8000/v1/vpn/status

This issue does not occur when i restart the docker container in a more classic way: docker restart Gluetun

Edit: Nope, still not working. Doesn't matter which version i am trying. The error also occurs sometimes with a normal docker restart Gluetun. But right now, my setups seems to work if i

  • put the container into host mode (not bridge)
  • disable DOT (DOT=off ). Otherwise i get port related errors while using DOT in host mode.

Edit 2: Nah, gluetun in host mode is stupid, this will lead into firewall issues and will mess up my network

Staubgeborener avatar Aug 26 '25 19:08 Staubgeborener