portmaster
portmaster copied to clipboard
safing
Cannot access wiki.safing.io with SPN enabled
What happened:
When trying to access wiki.safing.io (without cookies/cache?) it fails to establish a connection.
The connection in Portmaster shows Reason: the exit node reported an error: [ext] connection error
What did you expect to happen?: Access to the wiki page.
How did you reproduce it?:
- Enable SPN
- Open a browser in Private Mode, go to wiki.safing.io
- The error shows up.
- Now
Exclude.safing.ioinSPN Rulesand refresh - Suddenly we got access to the page
- Switch
.safing.iotoAllowinSPN Rulesand it works as expected while being routed trough the SPN.
Debug Information:
Version 2.0.25:
Portmaster 2.0.25
built with go1.24.7 (gc -cgo) for linux/amd64
at 2025-09-05T09:10:26Z
commit a66544959c689599ab118b34ffd94ea261aa86c9 (clean)
at 2025-09-05T08:17:28Z
from https://github.com/safing/portmaster.git
Licensed under the GPLv3 license.
Platform: arch "rolling":
System: arch linux (arch) "rolling"
Kernel: 6.17.4-arch2-1 x86_64
Unexpected Logs:
2025-10-24 13:23:46.116 WRN tes/module:288 ▶ 737 updates/Portmaster Binaries: cannot update: new index is older (time)
2025-10-24 13:31:53.006 WRN er/resolve:467 ▶ 697 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :30294->76.76.2.5:853: bind: address already in use
2025-10-24 13:35:15.566 WRN er/resolve:467 ▶ 040 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :41560->76.76.2.5:853: bind: address already in use
2025-10-24 14:03:33.161 WRN er/resolve:467 ▶ 691 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :30792->76.76.2.5:853: bind: address already in use
2025-10-24 14:10:07.835 WRN er/resolve:467 ▶ 507 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :52094->76.76.2.5:853: bind: address already in use
2025-10-24 14:23:46.095 WRN tes/module:288 ▶ 817 updates/Portmaster Binaries: cannot update: new index is older (time)
2025-10-24 14:34:53.006 WRN er/resolve:467 ▶ 938 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :12448->76.76.2.5:853: bind: address already in use
2025-10-24 14:42:23.102 WRN er/resolve:467 ▶ 694 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :38961->76.76.2.5:853: bind: address already in use
2025-10-24 14:47:23.011 WRN er/resolve:467 ▶ 269 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :20131->76.76.2.5:853: bind: address already in use
2025-10-24 15:08:06.601 WRN er/resolve:467 ▶ 582 resolver: query to dot://uncensored.freedns.controld.com:853#config failed: query failed: failed to connect to uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config): dial tcp :13164->76.76.2.5:853: bind: address already in use
251024 15:08:34.437 CURRENT TIME
Status: Online:
OnlineStatus: Online
CaptivePortal:
SPN: connected (module enabled):
HomeHubID: ZwxJfB4c1vugsntRqnsa67eueE42TapjMCsxzNQyqhVZf7
HomeHubName: nonornia
HomeHubIP: 194.68.32.90
Transport: http:80
Connected: 29h45m0s ago
---
Client: true
PublicHub: false
HubHasIPv4: false
HubHasIPv6: false
---
Map main:
Active Terminals: 8 Hubs
State Active: 47 Hubs
State AllowUnencrypted: 34 Hubs
State ConnectivityIssues: 1 Hubs
State HasRequiredInfo: 36 Hubs
State IsHomeHub: 1 Hubs
State Reachable: 47 Hubs
State Trusted: 32 Hubs
State UsageAsHomeDiscouraged: 17 Hubs
Resolvers: 8/8:
uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config)
dot://uncensored.freedns.controld.com:853#config
Failing: false
uncensored.freedns.controld.com (dot://uncensored.freedns.controld.com:853#config)
dot://uncensored.freedns.controld.com:853#config
Failing: false
Cloudflare (dot://cloudflare-dns.com:853#config)
dot://cloudflare-dns.com:853#config
Failing: false
Cloudflare (dot://cloudflare-dns.com:853#config)
dot://cloudflare-dns.com:853#config
Failing: false
192.168.50.1 (dns://192.168.50.1:53#system)
dns://192.168.50.1:53#system
Failing: false
2a01:799:16ad:a800::1 (dns://2a01:799:16ad:a800::1:53#system)
dns://2a01:799:16ad:a800::1:53#system
Failing: false
Config: 12:
core/expertiseLevel: developer
core/locale: en-GB
core/releaseChannel: beta
dns/nameservers: [redacted]
dns/noAssignedNameservers: true
dns/noInsecureProtocols: true
dns/noMulticastDNS: true
dns/useStaleCache: false
filter/lists: [TRAC MAL DECEP BAD UNBREAK]
history/enable: true
spn/enable: true
spn/use: false
Updates: beta (13):
Binaries Index: v2.0.25 from 2025-09-05 12:31:00.856184125 +0300 +0300
Intel Index: v20250930.11.57 from 2025-09-30 11:57:09.918621973 +0000 UTC
File Version Index SHA256
assets.zip 0.3.6 binaries ddd23c929272df9f44c28e3d087d662d24e34b0b9a4ddc0f28fed716b677e2eb
portmaster 2.0.25 binaries 09c2e6858a6373f9943d6ee5d84dc5229937f1a16a96b4571639d98ba4508ed4
portmaster-core 2.0.25 binaries 94364921f074ed317c5cb4d2a8e0861668ac6fb34998207b7b0b1175c41f0c44
portmaster.zip 2.0.25 binaries 0011176f80ba498a87a86ba782bdf7896f3e0289debb53e05b071a177ee96b23
main-intel.yaml 20250930.11.57 intel c73be8f0600af4500f5d3e6f8e354f5d96dba2ce37d59aa976306a8ea9e5bc6d
notifications.yaml 20250915.11.11 intel 8168f64860717712a9d0a00da876e84f03c34834b3a8e0e1dfa783a9c29f7235
news.yaml 20250812.8.58 intel fa64e8d0f2adc61093df516d4be68ad536c4de29fd9f7c2473311dbdaaa1f9c6
index.dsd 2025.4.14 intel 026325cc7af459251fb08dce0a6166aeece4c9b5a4b7d26e15f4f7d94e0e6e0e
base.dsdl 20250901.0.0 intel e094359579742a66d61761fc57cb6e97a4ef18dfa632e692b9d41fbc0578ff60
intermediate.dsdl 20250831.0.0 intel fe97067ec790deaf6ac7f911c3c771eb024e2fa75e3d0ad6099e3698a372b9f8
urgent.dsdl 20250831.21.0 intel fbaacbee9e500ba61450fb5f242c2be52130f32b3dab10271dfb2af45e9db1bf
geoipv4.mmdb 20250623.0.0 intel 1157da35a7c3d791853032f998b60bb778b700a37716150f18619c85196fe5ce
geoipv6.mmdb 20250623.0.0 intel 0fa07fada19f38c9e01925a3682d0d5abaa8298e22203ac43d04ffc1e553dfc9
Compatibility: IPTables Chains (36):
v4
filter
INPUT
FORWARD
OUTPUT
PORTMASTER-FILTER
nat
PREROUTING
INPUT
OUTPUT
POSTROUTING
PORTMASTER-REDIRECT
mangle
PREROUTING
INPUT
FORWARD
OUTPUT
POSTROUTING
PORTMASTER-INGEST-INPUT
PORTMASTER-INGEST-OUTPUT
raw
PREROUTING
OUTPUT
v6
filter
INPUT
FORWARD
OUTPUT
PORTMASTER-FILTER
nat
PREROUTING
INPUT
OUTPUT
POSTROUTING
PORTMASTER-REDIRECT
mangle
PREROUTING
INPUT
FORWARD
OUTPUT
POSTROUTING
PORTMASTER-INGEST-INPUT
PORTMASTER-INGEST-OUTPUT
raw
PREROUTING
OUTPUT
Worker Status: 2/81 (0?):
81 Workers: 2 running, 1240 waiting
# State Module Name Worker Func Current Line Extra Info
1 running API http request github.com/safing/portmaster/base/api.(*mainHandler).ServeHTTP.func1 github.com/safing/portmaster/service/debug.go:58
1 syscall Interception ebpf connection listener github.com/safing/portmaster/service/firewall/interception.startInterception.func1 github.com/safing/portmaster/service/firewall/interception/ebpf/connection_listener/worker.go:96
1 chan receive Resolver mdns handler github.com/safing/portmaster/service/resolver.listenToMDNS github.com/safing/portmaster/service/resolver/resolver-mdns.go:147
1 chan receive TerminalModule msg unit scheduler github.com/safing/portmaster/spn/unit.(*Scheduler).SlotScheduler github.com/safing/portmaster/spn/unit/scheduler.go:210
1076 select Network packet handler github.com/safing/portmaster/service/network.(*Connection).packetHandlerWorker github.com/safing/portmaster/service/network/connection_handler.go:113
20 select Crew connect op conn writer github.com/safing/portmaster/spn/crew.(*ConnectOp).connWriter github.com/safing/portmaster/spn/crew/op_connect.go:437
20 select Crew connect op flow handler github.com/safing/portmaster/spn/terminal.(*DuplexFlowQueue).FlowHandler github.com/safing/portmaster/spn/terminal/control_flow.go:242
8 select Docks expansion terminal flow queue github.com/safing/portmaster/spn/terminal.(*DuplexFlowQueue).FlowHandler github.com/safing/portmaster/spn/terminal/control_flow.go:242
8 select Docks expansion terminal handler github.com/safing/portmaster/spn/terminal.(*TerminalBase).Handler github.com/safing/portmaster/spn/terminal/terminal.go:260
8 select Docks expansion terminal sender github.com/safing/portmaster/spn/terminal.(*TerminalBase).Sender github.com/safing/portmaster/spn/terminal/terminal.go:387
3 select Rng feeder github.com/safing/portmaster/base/rng.(*Feeder).run github.com/safing/portmaster/base/rng/entropy.go:117
2 select API database api writer github.com/safing/portmaster/base/api.(*DatabaseWebsocketAPI).writer github.com/safing/portmaster/base/api/database.go:155
2 select Resolver dns client github.com/safing/portmaster/service/resolver.(*tcpResolverConn).handler github.com/safing/portmaster/service/resolver/resolver-tcp.go:310
2 select SluiceModule udp listener cleaner github.com/safing/portmaster/spn/sluice.(*UDPListener).cleaner github.com/safing/portmaster/spn/sluice/udp_listener.go:186
1 select Captain client manager github.com/safing/portmaster/spn/captain.clientManager github.com/safing/portmaster/spn/captain/client.go:184
1 select DNSMonitor systemd-resolver-event-listener github.com/safing/portmaster/service/firewall/interception/dnsmonitor.newListener.func1 github.com/safing/portmaster/service/firewall/interception/dnsmonitor/eventlistener_linux.go:74
1 select Docks crane controller terminal handler github.com/safing/portmaster/spn/terminal.(*TerminalBase).Handler github.com/safing/portmaster/spn/terminal/terminal.go:260
1 select Docks crane controller terminal sender github.com/safing/portmaster/spn/terminal.(*TerminalBase).Sender github.com/safing/portmaster/spn/terminal/terminal.go:387
1 select Docks crane handler github.com/safing/portmaster/spn/docks.(*Crane).handler github.com/safing/portmaster/spn/docks/crane.go:529
1 select Docks crane loader github.com/safing/portmaster/spn/docks.(*Crane).loader github.com/safing/portmaster/spn/docks/crane.go:688
1 select Docks crane terminal flow queue github.com/safing/portmaster/spn/terminal.(*DuplexFlowQueue).FlowHandler github.com/safing/portmaster/spn/terminal/control_flow.go:242
1 select Docks crane terminal handler github.com/safing/portmaster/spn/terminal.(*TerminalBase).Handler github.com/safing/portmaster/spn/terminal/terminal.go:260
1 select Docks crane terminal sender github.com/safing/portmaster/spn/terminal.(*TerminalBase).Sender github.com/safing/portmaster/spn/terminal/terminal.go:387
1 select Firewall bandwidth update handler github.com/safing/portmaster/service/firewall.bandwidthUpdateHandler github.com/safing/portmaster/service/firewall/packet_handler.go:838
1 select Firewall packet handler github.com/safing/portmaster/service/firewall.packetHandler github.com/safing/portmaster/service/firewall/packet_handler.go:823
1 select Interception ebpf bandwidth stats monitor github.com/safing/portmaster/service/firewall/interception.startInterception.func2 github.com/safing/portmaster/service/firewall/interception/ebpf/bandwidth/interface.go:108
1 select Interception nfqueue packet handler github.com/safing/portmaster/service/firewall/interception.StartNfqueueInterception.func1 github.com/safing/portmaster/service/firewall/interception/nfqueue_linux.go:334
1 select NetEnv monitor network changes github.com/safing/portmaster/service/netenv.monitorNetworkChanges github.com/safing/portmaster/service/netenv/network-change.go:52
1 select NetEnv monitor online status github.com/safing/portmaster/service/netenv.monitorOnlineStatus github.com/safing/portmaster/service/netenv/online-status.go:363
1 select NetQuery netquery connection feed handler github.com/safing/portmaster/service/netquery.(*NetQuery).Start.func2 github.com/safing/portmaster/service/netquery/manager.go:101
1 select NetQuery netquery connection feed listener github.com/safing/portmaster/service/netquery.(*NetQuery).Start.func1 github.com/safing/portmaster/service/netquery/module_api.go:194
1 select NetQuery netquery live db cleaner github.com/safing/portmaster/service/netquery.(*NetQuery).Start.func3 github.com/safing/portmaster/service/netquery/module_api.go:221
1 select Network clean connections github.com/safing/portmaster/service/network.connectionCleaner github.com/safing/portmaster/service/network/clean.go:39
1 select Network write open dns requests github.com/safing/portmaster/service/network.openDNSRequestWriter github.com/safing/portmaster/service/network/dns.go:182
1 select Notifications cleaner github.com/safing/portmaster/base/notifications.cleaner github.com/safing/portmaster/base/notifications/cleaner.go:14
1 select Profile clean active profiles github.com/safing/portmaster/service/profile.cleanActiveProfiles github.com/safing/portmaster/service/profile/active.go:59
1 select Profile update active profiles github.com/safing/portmaster/service/profile.start.startProfileUpdateChecker.func1 github.com/safing/portmaster/service/profile/database.go:57
1 select Resolver ip info delayed cache writer github.com/safing/portmaster/base/database.(*Interface).DelayedCacheWriter github.com/safing/portmaster/base/database/interface_cache.go:34
1 select Resolver mdns message handler github.com/safing/portmaster/service/resolver.listenToMDNS.func9 github.com/safing/portmaster/service/resolver/resolver-mdns.go:153
1 select Resolver name record delayed cache writer github.com/safing/portmaster/base/database.(*Interface).DelayedCacheWriter github.com/safing/portmaster/base/database/interface_cache.go:34
1 select Rng full feeder github.com/safing/portmaster/base/rng.fullFeeder github.com/safing/portmaster/base/rng/fullfeed.go:25
1 select Rng os rng feeder github.com/safing/portmaster/base/rng.osFeeder github.com/safing/portmaster/base/rng/osfeeder.go:27
1 select Rng tick rng feeder github.com/safing/portmaster/base/rng.tickFeeder github.com/safing/portmaster/base/rng/tickfeeder.go:63
1 select Status status publisher github.com/safing/portmaster/service/status.(*Status).statusPublisher github.com/safing/portmaster/service/status/status.go:55
1 select geoip geoip-updater github.com/safing/portmaster/service/intel/geoip.(*updateWorker).run github.com/safing/portmaster/service/intel/geoip/database.go:197
20 IO wait Crew connect op conn reader github.com/safing/portmaster/spn/crew.(*ConnectOp).connReader github.com/safing/portmaster/spn/crew/op_connect.go:355
2 IO wait API database api handler github.com/safing/portmaster/base/api.(*DatabaseWebsocketAPI).handler github.com/safing/portmaster/base/api/database.go:137
2 IO wait Resolver dns client reader github.com/safing/portmaster/service/resolver.(*tcpResolverConn).reader github.com/safing/portmaster/service/resolver/resolver-tcp.go:434
2 IO wait SluiceModule udp listener reader github.com/safing/portmaster/spn/sluice.(*UDPListener).reader github.com/safing/portmaster/spn/sluice/udp_listener.go:140
1 IO wait API http server github.com/safing/portmaster/base/api.serverManager.func1 github.com/safing/portmaster/base/api/router.go:92
1 IO wait API http server manager github.com/safing/portmaster/base/api.serverManager github.com/safing/portmaster/base/api/router.go:92
1 IO wait Docks crane unloader github.com/safing/portmaster/spn/docks.(*Crane).unloader github.com/safing/portmaster/spn/ships/ship.go:202
1 IO wait NameServer dns resolver github.com/safing/portmaster/service/nameserver.start.startListener.func5 github.com/safing/portmaster/service/nameserver/module.go:156
1 IO wait NameServer dns resolver github.com/safing/portmaster/service/nameserver.start.startListener.func6 github.com/safing/portmaster/service/nameserver/module.go:156
1 IO wait Resolver mdns udp4 unicast listener github.com/safing/portmaster/service/resolver.listenToMDNS.func3 github.com/safing/portmaster/service/resolver/resolver-mdns.go:343
1 IO wait Resolver mdns udp6 unicast listener github.com/safing/portmaster/service/resolver.listenToMDNS.func7 github.com/safing/portmaster/service/resolver/resolver-mdns.go:343
1 IO wait SluiceModule tcp4 sluice listener github.com/safing/portmaster/spn/sluice.(*Sluice).listenHandler github.com/safing/portmaster/spn/sluice/sluice.go:201
1 IO wait SluiceModule tcp6 sluice listener github.com/safing/portmaster/spn/sluice.(*Sluice).listenHandler github.com/safing/portmaster/spn/sluice/sluice.go:201
1 IO wait SluiceModule udp4 sluice listener github.com/safing/portmaster/spn/sluice.(*Sluice).listenHandler github.com/safing/portmaster/spn/sluice/sluice.go:201
1 IO wait SluiceModule udp6 sluice listener github.com/safing/portmaster/spn/sluice.(*Sluice).listenHandler github.com/safing/portmaster/spn/sluice/sluice.go:201
1 scheduled API clean api sessions github.com/safing/portmaster/base/api.cleanSessions repeated every 5m0s
1 scheduled Access update account github.com/safing/portmaster/spn/access.UpdateAccount delayed
1 scheduled Binary Updater update checker github.com/safing/portmaster/service/updates.(*Updater).updateCheckWorker repeated every 1h0m0s
1 scheduled Binary Updater upgrader github.com/safing/portmaster/service/updates.(*Updater).upgradeWorker created
1 scheduled Broadcasts broadcast notifier github.com/safing/portmaster/service/broadcasts.broadcastNotify repeated every 10m0s
1 scheduled Captain maintain public identity github.com/safing/portmaster/spn/captain.maintainPublicIdentity created
1 scheduled Captain maintain public status github.com/safing/portmaster/spn/captain.maintainPublicStatus created
1 scheduled Compat clean notify thresholds github.com/safing/portmaster/service/compat.cleanNotifyThreshold repeated every 1h0m0s
1 scheduled Compat compatibility self-check github.com/safing/portmaster/service/compat.selfcheckTaskFunc repeated every 5m0s
1 scheduled Crew sticky cleaner github.com/safing/portmaster/spn/crew.cleanStickyHubs repeated every 10m0s
1 scheduled CustomList update custom filter list github.com/safing/portmaster/service/intel/customlists.New.func1 repeated every 1m0s
1 scheduled DBModule basic maintenance github.com/safing/portmaster/base/database/dbmodule.maintainBasic repeated every 10m0s
1 scheduled DBModule record maintenance github.com/safing/portmaster/base/database/dbmodule.maintainRecords repeated every 1h0m0s
1 scheduled DBModule thorough maintenance github.com/safing/portmaster/base/database/dbmodule.maintainThorough repeated every 1h0m0s
1 scheduled Intel Updater update checker github.com/safing/portmaster/service/updates.(*Updater).updateCheckWorker repeated every 1h0m0s
1 scheduled Intel Updater upgrader github.com/safing/portmaster/service/updates.(*Updater).upgradeWorker created
1 scheduled Navigator update failing states github.com/safing/portmaster/spn/navigator.(*Map).updateFailingStates repeated every 1m0s
1 scheduled Navigator update states github.com/safing/portmaster/spn/navigator.(*Map).updateStates repeated every 1h0m0s
1 scheduled NetQuery network history cleaner delay github.com/safing/portmaster/service/netquery.(*NetQuery).Start.func4 repeated every 1h0m0s
1 scheduled Resolver check failing resolvers github.com/safing/portmaster/service/resolver.checkFailingResolvers delayed
1 scheduled Resolver suggest using stale cache github.com/safing/portmaster/service/resolver.suggestUsingStaleCacheTask on demand
Goroutine Stack
goroutine profile: total 1343
[Removed because of too many characters]
@gorkapernas Could you please check it on your side? I wasn’t able to reproduce the issue (tested on Windows using different browsers).
@gorkapernas Could you please check it on your side? I wasn’t able to reproduce the issue (tested on Windows using different browsers).
The issue is on my end too and isn't related to any browser since I have tried both Firefox and Chromium yet I get the same issue.
From my experience it's also a somewhat intermittent issue, since sometimes on rare occasions the Wiki is accessible through the SPN. There had been theories that it's something to do with the exit nodes, which would explain the error message as to why the connection failed, but that is the most information I could get from my end.
It is an IPv6 issue. Your system(s) want to access safing.io via its advertised IPv6 address, but the server does not respond to IPv6 requests. The server team is aware that some Safing servers have trouble with IPv6, though there is no ETA for a resolution.
A temporary solution involves disabling IPv6 on your system, though this might not be feasible in all cases.
A less intrusive option involves prioritizing IPv4 DNS. Prioritizing DNS might be available via the /etc/gai.conf file, though it depends on whether your Linux operating system supports this:
https://askubuntu.com/questions/32298/prefer-a-ipv4-dns-lookups-before-aaaaipv6-lookups
Edit the /etc/gai.conf file and uncomment the "precedence ::ffff:0:0/96 100" line to prefer IPv4:
# For sites which prefer IPv4 connections change the last line to
#
precedence ::ffff:0:0/96 100
No system or service reboots or restarts are required after editing and saving the /etc/gai.conf file. To undo this change, edit the file again to comment out that line.
