Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Gluetun over docker-compose has no networking, but regular docker does! #2583

Closed
neogenix opened this issue Nov 12, 2024 · 3 comments
Closed

Bug: Gluetun over docker-compose has no networking, but regular docker does! #2583

neogenix opened this issue Nov 12, 2024 · 3 comments

Comments

@neogenix
Copy link

neogenix commented Nov 12, 2024
edited by qdm12
Loading

Is this urgent?

None

Host OS

Debian Unstable

CPU arch

x86_64

VPN service provider

NordVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

latest, v3, 3.39, 3.39.1

What's the problem 🤔

This might be similar to #2154, but don't want to hop in there to make that bug even more messy :D

I've tried to run Gluetun over docker-compose, and docker run, both of which boot fine, but over docker-compose the instance does not have network connectivity, and just restarts constantly. I've tried the following troubleshooting:

  • Tried the native version of docker that comes with Debian Unstable, as well as installed the stable version from upstream docker (rebooted between each) [No Difference]
  • Tried adding/removing all the various configurations within docker-compose [No Difference]
  • Tried adding local subnets to firewall [No Difference]
  • Tried increasing/decreasing timeouts, changed DNS servers, disabled DOT, increased verbosity on logging (nothing visible) [No Difference]
  • Tried to upgrade/downgrade the docker image version [No Difference]
  • Tried unrelated (nginx) instances in a new docker-compose [Alternative Images Work Fine]
  • Tried both Wireguard and OpenVPN, both work on docker run, neither work on Docker compose (as well as TCP / UDP) [No Difference]
  • Tried different tun devices (tun1, tun0) [No Difference]
  • Tried setting the wireguard MTU, as well as setting NET_RAW [No Difference]
  • Tried manually updating servers and setting update time / etc... [No Difference]

Docker Run Line:

docker run -v xxx:/gluetun -e VPN_SERVICE_PROVIDER=nordvpn -e VPN_TYPE=wireguard -e WIREGUARD_PRIVATE_KEY=xxx -e TZ=America/New_York --cap-add=NET_ADMIN qmcgaw/gluetun:latest

Docker Compose yml:

version: "3.8"

services:
  gluetun:
    image: qmcgaw/gluetun:v3
    container_name: gluetun

    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun

    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks

    volumes:
      - xxx:/gluetun

    environment:
      # VPN
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=wireguard
      - SERVER_COUNTRIES=United States

      # WireGuard
      - WIREGUARD_PRIVATE_KEY=xxx

      # Timezone for accurate log times
      - TZ=America/New_York

      # Server list updater
      - UPDATER_VPN_SERVICE_PROVIDERS=nordvpn
      - UPDATER_PERIOD=12h

      # Firewall
      - FIREWALL_DEBUG=yes

      # Logging
      - LOG_LEVEL=debug

Share your logs (at least 10 lines)

Creating gluetun ... done
Attaching to gluetun
gluetun    | ========================================
gluetun    | ========================================
gluetun    | =============== gluetun ================                                                                                                                                                                                       gluetun    | ========================================                                                                                                                                                                                       gluetun    | =========== Made with ❤️ by ============
gluetun    | ======= https://github.com/qdm12 =======
gluetun    | ========================================
gluetun    | ========================================
gluetun    |                                                                                                                                                                                                                                gluetun    | Running version v3.39.1 built on 2024-09-29T18:16:23.495Z (commit 67ae5f5)
gluetun    |
gluetun    | 📣 All control server routes will become private by default after the v3.41.0 release                                                                                                                                          gluetun    |
gluetun    | 🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
gluetun    | 🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose                                                                                                                                                     gluetun    | 💻 Email? [email protected]
gluetun    | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12                                                                                                                                                     gluetun    | 2024-11-12T12:49:49-05:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
gluetun    | 2024-11-12T12:49:49-05:00 INFO [routing] local ethernet link found: eth0
gluetun    | 2024-11-12T12:49:49-05:00 INFO [routing] local ipnet found: 172.19.0.0/16                                                                                                                                                      gluetun    | 2024-11-12T12:49:49-05:00 INFO [firewall] enabling...
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --policy INPUT DROP                                                                                                                                                  gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --policy OUTPUT DROP
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --policy FORWARD DROP
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --policy INPUT DROP
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --policy OUTPUT DROP
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --policy FORWARD DROP
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --append INPUT -i lo -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --append INPUT -i lo -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -o lo -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o lo -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -d ff02::1:ff/104 -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT
gluetun    | 2024-11-12T12:49:49-05:00 INFO [firewall] enabled successfully
gluetun    | 2024-11-12T12:49:50-05:00 INFO [storage] merging by most recent 20478 hardcoded servers and 22232 servers read from /gluetun/servers.json
gluetun    | 2024-11-12T12:49:50-05:00 INFO [storage] Using ipvanish servers from file which are 885 days more recent
gluetun    | 2024-11-12T12:49:50-05:00 INFO [storage] Using nordvpn servers from file which are 234 days more recent
gluetun    | 2024-11-12T12:49:50-05:00 INFO [storage] Using privado servers from file which are 187 days more recent
gluetun    | 2024-11-12T12:49:50-05:00 INFO [storage] Using private internet access servers from file which are 176 days more recent
gluetun    | 2024-11-12T12:49:50-05:00 DEBUG [netlink] IPv6 is not supported after searching 1 routes
gluetun    | 2024-11-12T12:49:50-05:00 INFO Alpine version: 3.20.3
gluetun    | 2024-11-12T12:49:50-05:00 INFO OpenVPN 2.5 version: 2.5.10
gluetun    | 2024-11-12T12:49:50-05:00 INFO OpenVPN 2.6 version: 2.6.11
gluetun    | 2024-11-12T12:49:50-05:00 INFO Unbound version: 1.20.0
gluetun    | 2024-11-12T12:49:50-05:00 INFO IPtables version: v1.8.10
gluetun    | 2024-11-12T12:49:50-05:00 INFO Settings summary:
gluetun    | ├── VPN settings:
gluetun    | |   ├── VPN provider settings:
gluetun    | |   |   ├── Name: nordvpn
gluetun    | |   |   └── Server selection settings:
gluetun    | |   |       ├── VPN type: openvpn
gluetun    | |   |       ├── Countries: United States
gluetun    | |   |       └── OpenVPN server selection settings:
gluetun    | |   |           └── Protocol: UDP
gluetun    | |   └── OpenVPN settings:
gluetun    | |       ├── OpenVPN version: 2.6
gluetun    | |       ├── User: [set]
gluetun    | |       ├── Password: [set]
gluetun    | |       ├── Network interface: tun0
gluetun    | |       ├── Run OpenVPN as: root
gluetun    | |       └── Verbosity level: 1
gluetun    | ├── DNS settings:
gluetun    | |   ├── Keep existing nameserver(s): no
gluetun    | |   ├── DNS server address to use: 127.0.0.1
gluetun    | |   └── DNS over TLS settings:
gluetun    | |       ├── Enabled: yes
gluetun    | |       ├── Update period: every 24h0m0s
gluetun    | |       ├── Unbound settings:
gluetun    | |       |   ├── Authoritative servers:
gluetun    | |       |   |   └── cloudflare
gluetun    | |       |   ├── Caching: yes
gluetun    | |       |   ├── IPv6: no
gluetun    | |       |   ├── Verbosity level: 1
gluetun    | |       |   ├── Verbosity details level: 0
gluetun    | |       |   ├── Validation log level: 0
gluetun    | |       |   ├── System user: root
gluetun    | |       |   └── Allowed networks:
gluetun    | |       |       ├── 0.0.0.0/0
gluetun    | |       |       └── ::/0
gluetun    | |       └── DNS filtering settings:
gluetun    | |           ├── Block malicious: yes
gluetun    | |           ├── Block ads: no
gluetun    | |           ├── Block surveillance: no
gluetun    | |           └── Blocked IP networks:
gluetun    | |               ├── 127.0.0.1/8
gluetun    | |               ├── 10.0.0.0/8
gluetun    | |               ├── 172.16.0.0/12
gluetun    | |               ├── 192.168.0.0/16
gluetun    | |               ├── 169.254.0.0/16
gluetun    | |               ├── ::1/128
gluetun    | |               ├── fc00::/7
gluetun    | |               ├── fe80::/10
gluetun    | |               ├── ::ffff:127.0.0.1/104
gluetun    | |               ├── ::ffff:10.0.0.0/104
gluetun    | |               ├── ::ffff:169.254.0.0/112
gluetun    | |               ├── ::ffff:172.16.0.0/108
gluetun    | |               └── ::ffff:192.168.0.0/112
gluetun    | ├── Firewall settings:
gluetun    | |   ├── Enabled: yes
gluetun    | |   └── Debug mode: on
gluetun    | ├── Log settings:
gluetun    | |   └── Log level: debug
gluetun    | ├── Health settings:
gluetun    | |   ├── Server listening address: 127.0.0.1:9999
gluetun    | |   ├── Target address: cloudflare.com:443
gluetun    | |   ├── Duration to wait after success: 5s
gluetun    | |   ├── Read header timeout: 100ms
gluetun    | |   ├── Read timeout: 500ms
gluetun    | |   └── VPN wait durations:
gluetun    | |       ├── Initial duration: 6s                                                                                                                                                                             12:49:50 [25/1879]gluetun    | |       └── Additional duration: 5s
gluetun    | ├── Shadowsocks server settings:
gluetun    | |   ├── Enabled: yes
gluetun    | |   ├── Listening address: :8388
gluetun    | |   ├── Cipher: chacha20-ietf-poly1305
gluetun    | |   ├── Password: [not set]
gluetun    | |   └── Log addresses: no
gluetun    | ├── HTTP proxy settings:
gluetun    | |   ├── Enabled: yes
gluetun    | |   ├── Listening address: :8888
gluetun    | |   ├── User:
gluetun    | |   ├── Password: [not set]
gluetun    | |   ├── Stealth mode: no
gluetun    | |   ├── Log: no
gluetun    | |   ├── Read header timeout: 1s
gluetun    | |   └── Read timeout: 3s
gluetun    | ├── Control server settings:
gluetun    | |   ├── Listening address: :8000
gluetun    | |   ├── Logging: yes
gluetun    | |   └── Authentication file path: /gluetun/auth/config.toml
gluetun    | ├── OS Alpine settings:
gluetun    | |   ├── Process UID: 1000
gluetun    | |   ├── Process GID: 1000
gluetun    | |   └── Timezone: America/New_York
gluetun    | ├── Public IP settings:
gluetun    | |   ├── Fetching: every 12h0m0s
gluetun    | |   ├── IP file path: /tmp/gluetun/ip
gluetun    | |   └── Public IP data API: ipinfo
gluetun    | ├── Server data updater settings:
gluetun    | |   ├── Update period: 12h0m0s
gluetun    | |   ├── DNS address: 1.1.1.1:53
gluetun    | |   ├── Minimum ratio: 0.8
gluetun    | |   └── Providers to update: nordvpn
gluetun    | └── Version settings:
gluetun    |     └── Enabled: yes
gluetun    | 2024-11-12T12:49:50-05:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
gluetun    | 2024-11-12T12:49:50-05:00 DEBUG [routing] ip rule add from 172.19.0.2/32 lookup 200 pref 100
gluetun    | 2024-11-12T12:49:50-05:00 INFO [routing] adding route for 0.0.0.0/0
gluetun    | 2024-11-12T12:49:50-05:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
gluetun    | 2024-11-12T12:49:50-05:00 INFO [firewall] setting allowed subnets...
gluetun    | 2024-11-12T12:49:50-05:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
gluetun    | 2024-11-12T12:49:50-05:00 DEBUG [routing] ip rule add to 172.19.0.0/16 lookup 254 pref 98
gluetun    | 2024-11-12T12:49:50-05:00 INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun    | 2024-11-12T12:49:50-05:00 INFO [http proxy] listening on :8888
gluetun    | 2024-11-12T12:49:50-05:00 INFO [http server] http server listening on [::]:8000
gluetun    | 2024-11-12T12:49:50-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun    | 2024-11-12T12:49:50-05:00 INFO [firewall] allowing VPN connection...
gluetun    | 2024-11-12T12:49:50-05:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -d 145.14.135.79 -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
gluetun    | 2024-11-12T12:49:50-05:00 INFO [shadowsocks] listening TCP on [::]:8388
gluetun    | 2024-11-12T12:49:50-05:00 INFO [shadowsocks] listening UDP on [::]:8388
gluetun    | 2024-11-12T12:49:50-05:00 DEBUG [firewall] /sbin/iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun    | 2024-11-12T12:49:50-05:00 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun    | 2024-11-12T12:49:50-05:00 INFO [openvpn] OpenVPN 2.6.11 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
gluetun    | 2024-11-12T12:49:50-05:00 INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
gluetun    | 2024-11-12T12:49:50-05:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]145.14.135.79:1194
gluetun    | 2024-11-12T12:49:50-05:00 INFO [openvpn] UDPv4 link local: (not bound)
gluetun    | 2024-11-12T12:49:50-05:00 INFO [openvpn] UDPv4 link remote: [AF_INET]145.14.135.79:1194
gluetun    | 2024-11-12T12:49:56-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun    | 2024-11-12T12:49:56-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun    | 2024-11-12T12:49:56-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun    | 2024-11-12T12:49:56-05:00 INFO [vpn] stopping



### Share your configuration

_No response_
@github-actions GitHub Actions
Copy link
Contributor

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

@qdm12
Copy link
Owner

qdm12 commented Nov 13, 2024

From your logs it really looks like there is just no network at all available to Gluetun.

Have you tried setting

    network_mode: bridge

in your docker-compose.yml? By default docker run commands run in the bridge network, but docker-compose creates a docker network per docker-compose.yml, maybe that's a reason 🤔

Tried unrelated (nginx) instances in a new docker-compose [Alternative Images Work Fine]

Nginx only really receives traffic, let's try to see if we can reach the Internet, for example (from the top of my head, should be valid):

services:
  test:
    image: alpine:3.20
    command: wget -qO- https://ipinfo.io/ip && sleep 10

I'm going to close the issue because it's clearly due to your docker-compose setup or your host firewall (check your host firewall perhaps i.e. ufw etc.?), and not a Gluetun bug 😉 Thank you for your understanding and hopefully the above points you in the right direction.

@qdm12 qdm12 closed this as not planned Won't fix, can't repro, duplicate, stale Nov 13, 2024
@github-actions GitHub Actions
Copy link
Contributor

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@neogenix @qdm12