Bug: Stuck in an infinite loop on startup with ProtonVPN

[0xN1nja]

Is this urgent?

Yes

Host OS

Debian 12 Bookworm

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-11-10T10:21:49.567Z (commit 0374c14)

What's the problem 🤔

This is a very weird issue that I've been facing for the past month. I'm a free user of ProtonVPN, and I'm using gluetun for prowlarr.

The problem is that gluetun doesn't start properly; It happens randomly :/ sometimes it starts on the first try, but other times it gets stuck in an infinite loop. It always gets stuck at this step:

gluetun  | 2024-11-17T12:27:23+05:30 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.2.0.2:59343->1.1.1.1:53: i/o timeout, Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.2.0.2:59343->1.1.1.1:53: i/o timeout
gluetun  | 2024-11-17T12:27:23+05:30 INFO [dns] attempting restart in 20s
gluetun  | 2024-11-17T12:27:23+05:30 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: read udp 10.2.0.2:52190->1.1.1.1:53: i/o timeout
gluetun  | 2024-11-17T12:27:43+05:30 INFO [dns] downloading hostnames and IP block lists
gluetun  | 2024-11-17T12:27:58+05:30 WARN [dns] cannot update filter block lists: context deadline exceeded (Client.Timeout or context cancellation while reading body)
gluetun  | 2024-11-17T12:27:58+05:30 INFO [dns] attempting restart in 40s

Container is unable to access ipinfo.io; I can access it from my PC. I'm using adguardhome on my homelab.

Share your logs (at least 10 lines)

gluetun  | ========================================
gluetun  | ========================================
gluetun  | =============== gluetun ================
gluetun  | ========================================
gluetun  | =========== Made with ❤️ by ============
gluetun  | ======= https://github.com/qdm12 =======
gluetun  | ========================================
gluetun  | ========================================
gluetun  |
gluetun  | Running version latest built on 2024-11-10T10:21:49.567Z (commit 0374c14)
gluetun  |
gluetun  | 📣 All control server routes will become private by default after the v3.41.0 release
gluetun  |
gluetun  | 🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
gluetun  | 🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
gluetun  | 💻 Email? [email protected]
gluetun  | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
gluetun  | 2024-11-17T12:26:46+05:30 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
gluetun  | 2024-11-17T12:26:46+05:30 INFO [routing] local ethernet link found: eth0
gluetun  | 2024-11-17T12:26:46+05:30 INFO [routing] local ipnet found: 172.19.0.0/16
gluetun  | 2024-11-17T12:26:46+05:30 INFO [firewall] enabling...
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --policy INPUT DROP
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --policy OUTPUT DROP
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --policy FORWARD DROP
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --policy INPUT DROP
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --policy OUTPUT DROP
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --policy FORWARD DROP
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --append INPUT -i lo -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --append INPUT -i lo -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -o lo -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o lo -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --append INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 172.19.0.0/16 -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o eth0 -d ff02::1:ff00:0/104 -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 DEBUG [firewall] /sbin/iptables --append INPUT -i eth0 -d 172.19.0.0/16 -j ACCEPT
gluetun  | 2024-11-17T12:26:46+05:30 INFO [firewall] enabled successfully
gluetun  | 2024-11-17T12:26:47+05:30 INFO [storage] merging by most recent 20776 hardcoded servers and 20776 servers read from /gluetun/servers.json
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] IPv6 is not supported after searching 1 routes
gluetun  | 2024-11-17T12:26:48+05:30 INFO Alpine version: 3.20.3
gluetun  | 2024-11-17T12:26:48+05:30 INFO OpenVPN 2.5 version: 2.5.10
gluetun  | 2024-11-17T12:26:48+05:30 INFO OpenVPN 2.6 version: 2.6.11
gluetun  | 2024-11-17T12:26:48+05:30 INFO IPtables version: v1.8.10
gluetun  | 2024-11-17T12:26:48+05:30 INFO Settings summary:
gluetun  | ├── VPN settings:
gluetun  | |   ├── VPN provider settings:
gluetun  | |   |   ├── Name: protonvpn
gluetun  | |   |   └── Server selection settings:
gluetun  | |   |       ├── VPN type: wireguard
gluetun  | |   |       ├── Countries: netherlands
gluetun  | |   |       └── Wireguard selection settings:
gluetun  | |   └── Wireguard settings:
gluetun  | |       ├── Private key: iPP...1A=
gluetun  | |       ├── Interface addresses:
gluetun  | |       |   └── 10.2.0.2/32
gluetun  | |       ├── Allowed IPs:
gluetun  | |       |   ├── 0.0.0.0/0
gluetun  | |       |   └── ::/0
gluetun  | |       └── Network interface: tun0
gluetun  | |           └── MTU: 1320
gluetun  | ├── DNS settings:
gluetun  | |   ├── Keep existing nameserver(s): no
gluetun  | |   ├── DNS server address to use: 127.0.0.1
gluetun  | |   └── DNS over TLS settings:
gluetun  | |       ├── Enabled: yes
gluetun  | |       ├── Update period: every 24h0m0s
gluetun  | |       ├── Upstream resolvers:
gluetun  | |       |   └── cloudflare
gluetun  | |       ├── Caching: yes
gluetun  | |       ├── IPv6: no
gluetun  | |       └── DNS filtering settings:
gluetun  | |           ├── Block malicious: yes
gluetun  | |           ├── Block ads: no
gluetun  | |           ├── Block surveillance: no
gluetun  | |           └── Blocked IP networks:
gluetun  | |               ├── 127.0.0.1/8
gluetun  | |               ├── 10.0.0.0/8
gluetun  | |               ├── 172.16.0.0/12
gluetun  | |               ├── 192.168.0.0/16
gluetun  | |               ├── 169.254.0.0/16
gluetun  | |               ├── ::1/128
gluetun  | |               ├── fc00::/7
gluetun  | |               ├── fe80::/10
gluetun  | |               ├── ::ffff:127.0.0.1/104
gluetun  | |               ├── ::ffff:10.0.0.0/104
gluetun  | |               ├── ::ffff:169.254.0.0/112
gluetun  | |               ├── ::ffff:172.16.0.0/108
gluetun  | |               └── ::ffff:192.168.0.0/112
gluetun  | ├── Firewall settings:
gluetun  | |   ├── Enabled: yes
gluetun  | |   └── Outbound subnets:
gluetun  | |       └── 192.168.29.0/24
gluetun  | ├── Log settings:
gluetun  | |   └── Log level: debug
gluetun  | ├── Health settings:
gluetun  | |   ├── Server listening address: 127.0.0.1:9999
gluetun  | |   ├── Target address: cloudflare.com:443
gluetun  | |   ├── Duration to wait after success: 5s
gluetun  | |   ├── Read header timeout: 100ms
gluetun  | |   ├── Read timeout: 500ms
gluetun  | |   └── VPN wait durations:
gluetun  | |       ├── Initial duration: 6s
gluetun  | |       └── Additional duration: 5s
gluetun  | ├── Shadowsocks server settings:
gluetun  | |   └── Enabled: no
gluetun  | ├── HTTP proxy settings:
gluetun  | |   └── Enabled: no
gluetun  | ├── Control server settings:
gluetun  | |   ├── Listening address: :8000
gluetun  | |   ├── Logging: yes
gluetun  | |   └── Authentication file path: /gluetun/auth/config.toml
gluetun  | ├── Storage settings:
gluetun  | |   └── Filepath: /gluetun/servers.json
gluetun  | ├── OS Alpine settings:
gluetun  | |   ├── Process UID: 1000
gluetun  | |   ├── Process GID: 1000
gluetun  | |   └── Timezone: asia/kolkata
gluetun  | ├── Public IP settings:
gluetun  | |   ├── IP file path: /tmp/gluetun/ip
gluetun  | |   ├── Public IP data base API: ipinfo
gluetun  | |   └── Public IP data backup APIs:
gluetun  | |       ├── ifconfigco
gluetun  | |       ├── ip2location
gluetun  | |       └── cloudflare
gluetun  | └── Version settings:
gluetun  |     └── Enabled: yes
gluetun  | 2024-11-17T12:26:48+05:30 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -4 rule list
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -6 rule list
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -f 0 rule add from 172.19.0.2/32 lookup 200 pref 100
gluetun  | 2024-11-17T12:26:48+05:30 INFO [routing] adding route for 0.0.0.0/0
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.19.0.1 dev eth0 table 200
gluetun  | 2024-11-17T12:26:48+05:30 INFO [firewall] setting allowed subnets...
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -o eth0 -s 172.19.0.2 -d 192.168.29.0/24 -j ACCEPT
gluetun  | 2024-11-17T12:26:48+05:30 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
gluetun  | 2024-11-17T12:26:48+05:30 INFO [routing] adding route for 192.168.29.0/24
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [routing] ip route replace 192.168.29.0/24 via 172.19.0.1 dev eth0 table 199
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -4 rule list
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -6 rule list
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -f 0 rule add to 192.168.29.0/24 lookup 199 pref 99
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -4 rule list
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -6 rule list
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -f 0 rule add to 172.19.0.0/16 lookup 254 pref 98
gluetun  | 2024-11-17T12:26:48+05:30 INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun  | 2024-11-17T12:26:48+05:30 INFO [http server] http server listening on [::]:8000
gluetun  | 2024-11-17T12:26:48+05:30 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [wireguard] Wireguard server public key: /i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [wireguard] Wireguard client private key: iPP...1A=
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [wireguard] Wireguard pre-shared key: [not set]
gluetun  | 2024-11-17T12:26:48+05:30 INFO [firewall] allowing VPN connection...
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -d 185.159.156.91 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2024-11-17T12:26:48+05:30 INFO [wireguard] Using available kernelspace implementation
gluetun  | 2024-11-17T12:26:48+05:30 INFO [wireguard] Connecting to 185.159.156.91:51820
gluetun  | 2024-11-17T12:26:48+05:30 DEBUG [netlink] ip -f inet rule add lookup 51820 pref 101
gluetun  | 2024-11-17T12:26:48+05:30 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
gluetun  | 2024-11-17T12:26:48+05:30 INFO [dns] downloading hostnames and IP block lists
gluetun  | 2024-11-17T12:27:03+05:30 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
gluetun  | 2024-11-17T12:27:03+05:30 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun  | 2024-11-17T12:27:03+05:30 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun  | 2024-11-17T12:27:03+05:30 INFO [vpn] stopping
gluetun  | 2024-11-17T12:27:03+05:30 ERROR [vpn] getting public IP address information: context canceled
gluetun  | 2024-11-17T12:27:03+05:30 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [wireguard] closing controller client...
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [wireguard] removing IPv4 rule...
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [netlink] ip -f inet rule del lookup 51820 pref 101
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [wireguard] shutting down link...
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [wireguard] deleting link...
gluetun  | 2024-11-17T12:27:03+05:30 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
gluetun  | 2024-11-17T12:27:03+05:30 INFO [dns] attempting restart in 10s
gluetun  | 2024-11-17T12:27:03+05:30 INFO [vpn] starting
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [wireguard] Wireguard server public key: s2Eo2xDw/yvvLjltF8VJT84k+T1K1+veCEE9uKC6gjo=
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [wireguard] Wireguard client private key: iPP...1A=
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [wireguard] Wireguard pre-shared key: [not set]
gluetun  | 2024-11-17T12:27:03+05:30 INFO [firewall] allowing VPN connection...
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/iptables -t filter -L OUTPUT --line-numbers -n -v
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] found iptables chain rule matching "--delete OUTPUT -d 185.159.156.91 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT" at line number 5
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/iptables -t filter -D OUTPUT 5
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/iptables -t filter -L OUTPUT --line-numbers -n -v
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] found iptables chain rule matching "--delete OUTPUT -o tun0 -j ACCEPT" at line number 5
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/iptables -t filter -D OUTPUT 5
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/ip6tables -t filter -L OUTPUT --line-numbers -n -v
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] found iptables chain rule matching "--delete OUTPUT -o tun0 -j ACCEPT" at line number 4
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/ip6tables -t filter -D OUTPUT 4
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -d 212.92.104.225 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2024-11-17T12:27:03+05:30 INFO [wireguard] Using available kernelspace implementation
gluetun  | 2024-11-17T12:27:03+05:30 INFO [wireguard] Connecting to 212.92.104.225:51820
gluetun  | 2024-11-17T12:27:03+05:30 DEBUG [netlink] ip -f inet rule add lookup 51820 pref 101
gluetun  | 2024-11-17T12:27:03+05:30 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
gluetun  | 2024-11-17T12:27:13+05:30 INFO [dns] downloading hostnames and IP block lists
gluetun  | 2024-11-17T12:27:15+05:30 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
gluetun  | 2024-11-17T12:27:15+05:30 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun  | 2024-11-17T12:27:15+05:30 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun  | 2024-11-17T12:27:15+05:30 INFO [vpn] stopping
gluetun  | 2024-11-17T12:27:15+05:30 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [wireguard] closing controller client...
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [wireguard] removing IPv4 rule...
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [netlink] ip -f inet rule del lookup 51820 pref 101
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [wireguard] shutting down link...
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [wireguard] deleting link...
gluetun  | 2024-11-17T12:27:15+05:30 INFO [vpn] starting
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [wireguard] Wireguard server public key: r1tpadBs7JagseUeJgX+vLlQJJln4DcwFM3M9/IMUUg=
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [wireguard] Wireguard client private key: iPP...1A=
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [wireguard] Wireguard pre-shared key: [not set]
gluetun  | 2024-11-17T12:27:15+05:30 INFO [firewall] allowing VPN connection...
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/iptables -t filter -L OUTPUT --line-numbers -n -v
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] found iptables chain rule matching "--delete OUTPUT -d 212.92.104.225 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT" at line number 5
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/iptables -t filter -D OUTPUT 5
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/iptables -t filter -L OUTPUT --line-numbers -n -v
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] found iptables chain rule matching "--delete OUTPUT -o tun0 -j ACCEPT" at line number 5
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/iptables -t filter -D OUTPUT 5
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/ip6tables -t filter -L OUTPUT --line-numbers -n -v
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] found iptables chain rule matching "--delete OUTPUT -o tun0 -j ACCEPT" at line number 4
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/ip6tables -t filter -D OUTPUT 4
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -d 169.150.196.95 -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [firewall] /sbin/ip6tables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2024-11-17T12:27:15+05:30 INFO [wireguard] Using available kernelspace implementation
gluetun  | 2024-11-17T12:27:15+05:30 INFO [wireguard] Connecting to 169.150.196.95:51820
gluetun  | 2024-11-17T12:27:15+05:30 DEBUG [netlink] ip -f inet rule add lookup 51820 pref 101
gluetun  | 2024-11-17T12:27:15+05:30 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
gluetun  | 2024-11-17T12:27:22+05:30 INFO [healthcheck] healthy!
gluetun  | 2024-11-17T12:27:23+05:30 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.2.0.2:59343->1.1.1.1:53: i/o timeout, Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": dial tcp: lookup raw.githubusercontent.com on 1.1.1.1:53: read udp 10.2.0.2:59343->1.1.1.1:53: i/o timeout
gluetun  | 2024-11-17T12:27:23+05:30 INFO [dns] attempting restart in 20s
gluetun  | 2024-11-17T12:27:23+05:30 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: read udp 10.2.0.2:52190->1.1.1.1:53: i/o timeout
gluetun  | 2024-11-17T12:27:43+05:30 INFO [dns] downloading hostnames and IP block lists
gluetun  | 2024-11-17T12:27:58+05:30 WARN [dns] cannot update filter block lists: context deadline exceeded (Client.Timeout or context cancellation while reading body)
gluetun  | 2024-11-17T12:27:58+05:30 INFO [dns] attempting restart in 40s
gluetun  | 2024-11-17T12:28:16+05:30 DEBUG [healthcheck] unhealthy: running TLS handshake: context deadline exceeded
gluetun  | 2024-11-17T12:28:18+05:30 INFO [healthcheck] healthy!
gluetun  | 2024-11-17T12:28:31+05:30 DEBUG [healthcheck] unhealthy: running TLS handshake: context deadline exceeded
gluetun  | 2024-11-17T12:28:33+05:30 INFO [healthcheck] healthy!
gluetun  | 2024-11-17T12:28:38+05:30 INFO [dns] downloading hostnames and IP block lists
gluetun  | 2024-11-17T12:28:40+05:30 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
gluetun  | 2024-11-17T12:28:41+05:30 INFO [healthcheck] healthy!
gluetun  | 2024-11-17T12:28:49+05:30 DEBUG [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
gluetun  | 2024-11-17T12:28:49+05:30 INFO [healthcheck] healthy!
gluetun  | 2024-11-17T12:28:53+05:30 WARN [dns] cannot update filter block lists: context deadline exceeded (Client.Timeout or context cancellation while reading body), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
gluetun  | 2024-11-17T12:28:53+05:30 INFO [dns] attempting restart in 1m20s

Share your configuration

gluetun:
  image: qmcgaw/gluetun
  container_name: gluetun
  restart: unless-stopped
  volumes:
    - ${MEDIA_DIR}/gluetun:/gluetun
  devices:
    - /dev/net/tun:/dev/net/tun
  cap_add:
    - NET_ADMIN
  ports:
    - 8888:8888/tcp
    - 8388:8388/tcp
    - 8388:8388/udp
    - 9696:9696
    - 6767:6767
  environment:
    - VPN_SERVICE_PROVIDER=protonvpn
    - FIREWALL_OUTBOUND_SUBNETS=192.168.29.0/24
    - VPN_TYPE=wireguard
    - WIREGUARD_PRIVATE_KEY=${WIREGUARD_PRIVATE_KEY}
    - SERVER_COUNTRIES=Netherlands
    - TZ=${TZ}
    - LOG_LEVEL=DEBUG

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[qdm12]

Sorry I cannot help much in this situation, except:

1. Try what's proposed in 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2. Try lowering your MTU, for example WIREGUARD_MTU=1100, although I doubt that would solve it
3. Refer to Bug: vpn constantly restarts due to being unhealthy #2154

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.