gluetun
gluetun copied to clipboard
qdm12
Bug: IPv6 suddenly no longer working
Is this urgent?
No
Host OS
Ubuntu 24.04.2 LTS
CPU arch
x86_64
VPN service provider
AirVPN
What are you using to run the container
docker-compose
What is the version of Gluetun
Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)
What's the problem 🤔
Since today IPv6 is no longer working and I couldn't figure out why.
I did enable IPv6 in the docker daemon config with "ipv6": true (even though it worked without this option just fine until today), but it didn't help.
Executing ip -6 route inside a running gluetun container that only has an IPv4 address in WIREGUARD_ADDRESSES outputs nothing.
Executing docker run -it --rm alpine ip -6 route on the docker host outputs the following:
fdba:d5f3:d260::/64 dev eth0 metric 256
fe80::/64 dev eth0 metric 256
default via fdba:d5f3:d260::1 dev eth0 metric 1024
Executing docker run -it --rm --entrypoint ip qmcgaw/gluetun -6 route (which overrides the gluetun entry point and instead runs ip -6 route) on the docker host outputs the following:
fdba:d5f3:d260::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fdba:d5f3:d260::1 dev eth0 metric 1024 pref medium
So IPv6 is available inside docker containers and it looks to me that somehow gluetun "looses" the IPv6 route.
Share your logs (at least 10 lines)
========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================
Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)
🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2025-02-21T11:25:05+01:00 INFO [routing] default route found: interface eth0, gateway 172.21.0.1, assigned IP 172.21.0.2 and family v4
2025-02-21T11:25:05+01:00 INFO [routing] local ethernet link found: eth0
2025-02-21T11:25:05+01:00 INFO [routing] local ipnet found: 172.21.0.0/16
2025-02-21T11:25:05+01:00 INFO [firewall] enabling...
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --policy INPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --policy OUTPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --policy FORWARD DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --policy INPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --policy OUTPUT DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --policy FORWARD DROP
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append INPUT -i lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append INPUT -i lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -o lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o lo -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.21.0.2 -d 172.21.0.0/16 -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -d ff02::1:ff00:0/104 -j ACCEPT
2025-02-21T11:25:05+01:00 DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -d 172.21.0.0/16 -j ACCEPT
2025-02-21T11:25:05+01:00 INFO [firewall] enabled successfully
2025-02-21T11:25:05+01:00 INFO [storage] merging by most recent 20776 hardcoded servers and 20776 servers read from /gluetun/servers.json
2025-02-21T11:25:06+01:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
2025-02-21T11:25:06+01:00 ERROR VPN settings: Wireguard settings: interface address is IPv6 but IPv6 is not supported: address fd7d:x:x:x:x:x:x:x/128
2025-02-21T11:25:06+01:00 INFO Shutdown successful
Share your configuration
services:
gluetun:
image: qmcgaw/gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
environment:
- VPN_TYPE=wireguard
- TZ=Europe/Amsterdam
- WIREGUARD_IMPLEMENTATION=kernelspace
- VPN_SERVICE_PROVIDER=airvpn
- SERVER_COUNTRIES=X
- WIREGUARD_PRIVATE_KEY=X
- WIREGUARD_PRESHARED_KEY=X
- WIREGUARD_ADDRESSES=10.x.x.x/32,fd7d:x:x:x:x:x:x:x/128
- LOG_LEVEL=debug
ports:
- 8888:8888
volumes:
- /srv/docker-services/proxy/gluetun:/gluetun
sysctls:
- net.ipv6.conf.all.disable_ipv6=0
healthcheck:
retries: 10
interval: 5m
restart: unless-stopped
@qdm12 is more or less the only maintainer of this project and works on it in his free time. Please:
- do not ask for updates, be patient
- :+1: the issue to show your support instead of commenting @qdm12 usually checks issues at least once a week, if this is a new urgent bug, revert to an older tagged container image
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Just got this too after running system updates on Ubuntu 24.04.2 LTS last night. Along with those updates came docker-ce v28.0.0 (from v27.5.1, using official docker repo instead of ubuntu packages) and looking at the changelog here, it includes a good number of changes to networking. I can see numerous new issues on that repo related to v28 breaking networking for various containers. I can only assume this is the cause at first glance.
Still running Gluetun 3.39.1 myself. Probably gonna try downgrading to docker v27.5.1 soon.
@ioqy What docker-ce version are you running?
Can confirm it was docker v28.0.0 that broke it. Rolled back to v27.5.1 and everything works again.
You can do so (on ubuntu 24.04) with:
sudo apt install docker-ce=5:27.5.1-1~ubuntu.24.04~noble docker-ce-rootless-extras=5:27.5.1-1~ubuntu.24.04~noble docker-ce-cli=5:27.5.1-1~ubuntu.24.04~noble
Also put a hold on those package: sudo apt-mark hold docker-ce docker-ce-rootless-extras docker-ce-cli
I also held back docker-compose-plugin and docker-buildx-plugin for good measure, but that probably isn't required.
Hi, I can confirm that docker 28.0 has introduced a change that breaks ipv6 support on existing stacks. But it is still working if you do these steps :
- Stop your stack.
- Delete the network used by your stack.
- Relaunch your stack and the newly created network will have ipv6 support.
@nikos06 can you provide the commands? Because I have tried to do it, and it didn't work.
Does this require recreation of all the containers that are using an older network?
Use the command after deleting your existing docker network:
docker network create --ipv6 <network name>
This will enable ipv6 support to the newly created network, otherwise will be disabled by default. This solved the problem for me.
I use a docker-compose.yml file for gluetun, I did the following to get my config working on docker 28.0
- stop docker compose
- Install docker 28.0
- restart docker.service
- docker network prune (or docker network rm gluetun_default)
- docker network create --ipv6 gluetun_default --label com.docker.compose.network=default
- docker compose rm (BE CAREFUL! I used volumes for torrent configs so it doesn't affect me personally)
- docker compose up
What worked for me was defining the network like this with IPv6 subnet. Nothing else worked.
networks:
my_network:
enable_ipv6: true
ipam:
driver: default
config:
- subnet: 172.23.0.0/24
gateway: 172.23.0.1
- subnet: "fd00:dead:beef::/64"
gateway: "fd00:dead:beef::1"
This might be helpful to someone.