Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: DNS over TLS becomes unstable after being healthy (dialing tls server... context deadline exceeded) #2584

Closed
KhaledMostafaME opened this issue Nov 13, 2024 · 12 comments

Comments

@KhaledMostafaME
Copy link

Is this urgent?

None

Host OS

Synology Docker

CPU arch

None

VPN service provider

AirVPN

What are you using to run the container

docker run

What is the version of Gluetun

Running version latest built on 2024-11-10T10:21:49.567Z (commit 0374c14)

What's the problem 🤔

Getting several errors leading to unhealthy state

  • WARN [dns] dialing tls server for request IN A www.limetorrents.lol.: context deadline exceeded
  • ERROR [vpn] starting port forwarding service: getting VPN local gateway IP: VPN local gateway IP address not found: in 17 routes
  • ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
  • ERROR [vpn] waiting for DNS to be ready: context canceled
  • INFO [healthcheck] program has been unhealthy for 41s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 1.1.1.1:53: read udp 10.2.0.2:58132->1.1.1.1:53: i/o timeout)
  • ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 127.0.0.1:53: read udp 127.0.0.1:60481->127.0.0.1:53: i/o timeout

Share your logs (at least 10 lines)

2024/11/13 13:51:53	stdout	2024-11-13T13:51:53+04:00 WARN [dns] dialing tls server for request IN A dbapp.autoenterprises.co.uk.: context deadline exceeded
2024/11/13 13:51:53	stdout	2024-11-13T13:51:53+04:00 WARN [dns] dialing tls server for request IN AAAA dbapp.autoenterprises.co.uk.: context deadline exceeded
2024/11/13 13:50:50	stdout	2024-11-13T13:50:50+04:00 WARN [dns] dialing tls server for request IN A www.limetorrents.lol.: context deadline exceeded
2024/11/13 13:50:50	stdout	2024-11-13T13:50:50+04:00 WARN [dns] dialing tls server for request IN A www.arabp2p.net.: context deadline exceeded
2024/11/13 13:50:49	stdout	2024-11-13T13:50:49+04:00 WARN [dns] dialing tls server for request IN AAAA ebb.la.: context deadline exceeded
2024/11/13 13:50:49	stdout	2024-11-13T13:50:49+04:00 INFO [vpn] stopping
2024/11/13 13:50:49	stdout	2024-11-13T13:50:49+04:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024/11/13 13:50:49	stdout	2024-11-13T13:50:49+04:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024/11/13 13:50:49	stdout	2024-11-13T13:50:49+04:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024/11/13 13:50:40	stdout	2024-11-13T13:50:40+04:00 WARN [dns] dialing tls server for request IN HTTPS cloudflare-dns.com.: context deadline exceeded
2024/11/13 13:50:39	stdout	2024-11-13T13:50:39+04:00 WARN [dns] dialing tls server for request IN A www.arabp2p.net.: context deadline exceeded
2024/11/13 13:50:39	stdout	2024-11-13T13:50:39+04:00 INFO [port forwarding] starting
2024/11/13 13:50:20	stdout	2024-11-13T13:50:20+04:00 WARN [dns] dialing tls server for request IN AAAA bvarf.tracker.sh.: context deadline exceeded
2024/11/13 13:50:20	stdout	2024-11-13T13:50:20+04:00 WARN [dns] dialing tls server for request IN A p2p.publictracker.xyz.: context deadline exceeded
2024/11/13 13:50:18	stdout	2024-11-13T13:50:18+04:00 WARN [dns] dialing tls server for request IN AAAA solidtorrents.to.: context deadline exceeded
2024/11/13 13:50:18	stdout	2024-11-13T13:50:18+04:00 WARN [dns] dialing tls server for request IN A solidtorrents.to.: context deadline exceeded
2024/11/13 13:50:18	stdout	2024-11-13T13:50:18+04:00 WARN [dns] dialing tls server for request IN A p2p.publictracker.xyz.: context deadline exceeded
2024/11/13 13:50:18	stdout	2024-11-13T13:50:18+04:00 WARN [dns] dialing tls server for request IN AAAA p2p.publictracker.xyz.: context deadline exceeded
2024/11/13 13:50:17	stdout	2024-11-13T13:50:17+04:00 WARN [dns] dialing tls server for request IN A cloudflare.com.: context deadline exceeded
2024/11/13 13:50:17	stdout	2024-11-13T13:50:17+04:00 WARN [dns] dialing tls server for request IN AAAA noorderpoort.nl.: context deadline exceeded
2024/11/13 13:50:17	stdout	2024-11-13T13:50:17+04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/11/13 13:50:17	stdout	2024-11-13T13:50:17+04:00 INFO [wireguard] Connecting to REMOVED:51820
2024/11/13 13:50:17	stdout	2024-11-13T13:50:17+04:00 INFO [wireguard] Using available kernelspace implementation
2024/11/13 13:50:17	stdout	2024-11-13T13:50:17+04:00 INFO [firewall] allowing VPN connection...
2024/11/13 13:50:17	stdout	2024-11-13T13:50:17+04:00 INFO [vpn] starting
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 INFO [port forwarding] removing port file /tmp/gluetun/forwarded_port
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 INFO [firewall] removing allowed port 49486...
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 INFO [port forwarding] stopping
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 INFO [vpn] stopping
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 WARN [dns] dialing tls server for request IN AAAA ebb.la.: context deadline exceeded
2024/11/13 13:50:16	stdout	2024-11-13T13:50:16+04:00 WARN [dns] dialing tls server for request IN AAAA solidtorrents.to.: context deadline exceeded
2024/11/13 13:50:10	stdout	2024-11-13T13:50:10+04:00 WARN [dns] dialing tls server for request IN A www.limetorrents.lol.: context deadline exceeded
2024/11/13 13:50:10	stdout	2024-11-13T13:50:10+04:00 WARN [dns] dialing tls server for request IN AAAA tmskins.com.: context deadline exceeded
2024/11/13 13:50:10	stdout	2024-11-13T13:50:10+04:00 WARN [dns] dialing tls server for request IN A tracker.filemail.com.: context deadline exceeded
2024/11/13 13:50:10	stdout	2024-11-13T13:50:10+04:00 WARN [dns] dialing tls server for request IN AAAA tracker.filemail.com.: context deadline exceeded
2024/11/13 13:49:25	stdout	2024-11-13T13:49:25+04:00 INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024/11/13 13:49:25	stdout	2024-11-13T13:49:25+04:00 INFO [firewall] setting allowed input port 49486 through interface tun0...
2024/11/13 13:49:25	stdout	2024-11-13T13:49:25+04:00 INFO [port forwarding] port forwarded is 49486
2024/11/13 13:49:25	stdout	2024-11-13T13:49:25+04:00 INFO [port forwarding] gateway external IPv4 address is REMOVED
2024/11/13 13:49:25	stdout	2024-11-13T13:49:25+04:00 INFO [port forwarding] starting
2024/11/13 13:49:25	stdout	2024-11-13T13:49:25+04:00 INFO [vpn] You are running 1 commit behind the most recent latest
2024/11/13 13:49:24	stdout	2024-11-13T13:49:24+04:00 INFO [ip getter] Public IP address is REMOVED (France, Provence-Alpes-Côte d'Azur, Marseille - source: ipinfo)
2024/11/13 13:49:22	stdout	2024-11-13T13:49:22+04:00 INFO [dns] ready
2024/11/13 13:49:22	stdout	2024-11-13T13:49:22+04:00 INFO [dns] DNS server listening on [::]:53
2024/11/13 13:49:20	stdout	2024-11-13T13:49:20+04:00 INFO [healthcheck] healthy!
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [dns] downloading hostnames and IP block lists
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [wireguard] Connecting to REMOVED:51820
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [wireguard] Using available kernelspace implementation
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [shadowsocks] listening UDP on [::]:8388
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [shadowsocks] listening TCP on [::]:8388
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [firewall] allowing VPN connection...
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [http proxy] listening on :8888
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [http server] http server listening on [::]:8000
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [routing] adding route for 172.19.0.0/24
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [routing] adding route for 192.168.70.0/24
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [routing] adding route for 192.168.1.0/24
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [routing] adding route for 172.20.0.0/16
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [firewall] setting allowed subnets...
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [routing] adding route for 0.0.0.0/0
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024/11/13 13:49:14	stdout	    └── Enabled: yes
2024/11/13 13:49:14	stdout	└── Version settings:
2024/11/13 13:49:14	stdout	|   └── Providers to update: protonvpn
2024/11/13 13:49:14	stdout	|   ├── Minimum ratio: 0.8
2024/11/13 13:49:14	stdout	|   ├── DNS address: 1.1.1.1:53
2024/11/13 13:49:14	stdout	|   ├── Update period: 2h0m0s
2024/11/13 13:49:14	stdout	├── Server data updater settings:
2024/11/13 13:49:14	stdout	|       └── cloudflare
2024/11/13 13:49:14	stdout	|       ├── ip2location
2024/11/13 13:49:14	stdout	|       ├── ifconfigco
2024/11/13 13:49:14	stdout	|   └── Public IP data backup APIs:
2024/11/13 13:49:14	stdout	|   ├── Public IP data base API: ipinfo
2024/11/13 13:49:14	stdout	|   ├── IP file path: /tmp/gluetun/ip
2024/11/13 13:49:14	stdout	├── Public IP settings:
2024/11/13 13:49:14	stdout	|   └── Timezone: asia/dubai
2024/11/13 13:49:14	stdout	|   ├── Process GID: 65536
2024/11/13 13:49:14	stdout	|   ├── Process UID: 1032
2024/11/13 13:49:14	stdout	├── OS Alpine settings:
2024/11/13 13:49:14	stdout	|   └── Filepath: /gluetun/servers.json
2024/11/13 13:49:14	stdout	├── Storage settings:
2024/11/13 13:49:14	stdout	|   └── Authentication file path: /gluetun/auth/config.toml
2024/11/13 13:49:14	stdout	|   ├── Logging: yes
2024/11/13 13:49:14	stdout	|   ├── Listening address: :8000
2024/11/13 13:49:14	stdout	├── Control server settings:
2024/11/13 13:49:14	stdout	|   └── Read timeout: 3s
2024/11/13 13:49:14	stdout	|   ├── Read header timeout: 1s
2024/11/13 13:49:14	stdout	|   ├── Log: no
2024/11/13 13:49:14	stdout	|   ├── Stealth mode: no
2024/11/13 13:49:14	stdout	|   ├── Password: [not set]
2024/11/13 13:49:14	stdout	|   ├── User: 
2024/11/13 13:49:14	stdout	|   ├── Listening address: :8888
2024/11/13 13:49:14	stdout	|   ├── Enabled: yes
2024/11/13 13:49:14	stdout	├── HTTP proxy settings:
2024/11/13 13:49:14	stdout	|   └── Log addresses: no
2024/11/13 13:49:14	stdout	|   ├── Password: [not set]
2024/11/13 13:49:14	stdout	|   ├── Cipher: chacha20-ietf-poly1305
2024/11/13 13:49:14	stdout	|   ├── Listening address: :8388
2024/11/13 13:49:14	stdout	|   ├── Enabled: yes
2024/11/13 13:49:14	stdout	├── Shadowsocks server settings:
2024/11/13 13:49:14	stdout	|       └── Additional duration: 5s
2024/11/13 13:49:14	stdout	|       ├── Initial duration: 6s
2024/11/13 13:49:14	stdout	|   └── VPN wait durations:
2024/11/13 13:49:14	stdout	|   ├── Read timeout: 500ms
2024/11/13 13:49:14	stdout	|   ├── Read header timeout: 100ms
2024/11/13 13:49:14	stdout	|   ├── Duration to wait after success: 5s
2024/11/13 13:49:14	stdout	|   ├── Target address: cloudflare.com:443
2024/11/13 13:49:14	stdout	|   ├── Server listening address: 127.0.0.1:9999
2024/11/13 13:49:14	stdout	├── Health settings:
2024/11/13 13:49:14	stdout	|   └── Log level: info
2024/11/13 13:49:14	stdout	├── Log settings:
2024/11/13 13:49:14	stdout	|       └── 172.19.0.0/24
2024/11/13 13:49:14	stdout	|       ├── 192.168.70.0/24
2024/11/13 13:49:14	stdout	|       ├── 192.168.1.0/24
2024/11/13 13:49:14	stdout	|       ├── 172.20.0.0/16
2024/11/13 13:49:14	stdout	|   └── Outbound subnets:
2024/11/13 13:49:14	stdout	|   ├── Enabled: yes
2024/11/13 13:49:14	stdout	├── Firewall settings:
2024/11/13 13:49:14	stdout	|               └── ::ffff:192.168.0.0/112
2024/11/13 13:49:14	stdout	|               ├── ::ffff:172.16.0.0/108
2024/11/13 13:49:14	stdout	|               ├── ::ffff:169.254.0.0/112
2024/11/13 13:49:14	stdout	|               ├── ::ffff:10.0.0.0/104
2024/11/13 13:49:14	stdout	|               ├── ::ffff:127.0.0.1/104
2024/11/13 13:49:14	stdout	|               ├── fe80::/10
2024/11/13 13:49:14	stdout	|               ├── fc00::/7
2024/11/13 13:49:14	stdout	|               ├── ::1/128
2024/11/13 13:49:14	stdout	|               ├── 169.254.0.0/16
2024/11/13 13:49:14	stdout	|               ├── 192.168.0.0/16
2024/11/13 13:49:14	stdout	|               ├── 172.16.0.0/12
2024/11/13 13:49:14	stdout	|               ├── 10.0.0.0/8
2024/11/13 13:49:14	stdout	|               ├── 127.0.0.1/8
2024/11/13 13:49:14	stdout	|           └── Blocked IP networks:
2024/11/13 13:49:14	stdout	|           ├── Block surveillance: no
2024/11/13 13:49:14	stdout	|           ├── Block ads: no
2024/11/13 13:49:14	stdout	|           ├── Block malicious: yes
2024/11/13 13:49:14	stdout	|       └── DNS filtering settings:
2024/11/13 13:49:14	stdout	|       ├── IPv6: no
2024/11/13 13:49:14	stdout	|       ├── Caching: yes
2024/11/13 13:49:14	stdout	|       |   └── cloudflare
2024/11/13 13:49:14	stdout	|       ├── Upstream resolvers:
2024/11/13 13:49:14	stdout	|       ├── Update period: every 24h0m0s
2024/11/13 13:49:14	stdout	|       ├── Enabled: yes
2024/11/13 13:49:14	stdout	|   └── DNS over TLS settings:
2024/11/13 13:49:14	stdout	|   ├── DNS server address to use: 127.0.0.1
2024/11/13 13:49:14	stdout	|   ├── Keep existing nameserver(s): no
2024/11/13 13:49:14	stdout	├── DNS settings:
2024/11/13 13:49:14	stdout	|           └── MTU: 1320
2024/11/13 13:49:14	stdout	|       └── Network interface: tun0
2024/11/13 13:49:14	stdout	|       |   └── ::/0
2024/11/13 13:49:14	stdout	|       |   ├── 0.0.0.0/0
2024/11/13 13:49:14	stdout	|       ├── Allowed IPs:
2024/11/13 13:49:14	stdout	|       |   └── 10.2.0.2/32
2024/11/13 13:49:14	stdout	|       ├── Interface addresses:
2024/11/13 13:49:14	stdout	|       ├── Private key: MLB...mE=
2024/11/13 13:49:14	stdout	|   └── Wireguard settings:
2024/11/13 13:49:14	stdout	|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
2024/11/13 13:49:14	stdout	|   |       ├── Use code for provider: protonvpn
2024/11/13 13:49:14	stdout	|   |       ├── Redirection listening port: disabled
2024/11/13 13:49:14	stdout	|   |   └── Automatic port forwarding settings:
2024/11/13 13:49:14	stdout	|   |   |   └── Wireguard selection settings:
2024/11/13 13:49:14	stdout	|   |   |   ├── Port forwarding only servers: yes
2024/11/13 13:49:14	stdout	|   |   |   ├── Countries: united arab emirates
2024/11/13 13:49:14	stdout	|   |   |   ├── VPN type: wireguard
2024/11/13 13:49:14	stdout	|   |   ├── Server selection settings:
2024/11/13 13:49:14	stdout	|   |   ├── Name: protonvpn
2024/11/13 13:49:14	stdout	|   ├── VPN provider settings:
2024/11/13 13:49:14	stdout	├── VPN settings:
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO Settings summary:
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO IPtables version: v1.8.10
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO OpenVPN 2.6 version: 2.6.11
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO OpenVPN 2.5 version: 2.5.10
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO Alpine version: 3.20.3
2024/11/13 13:49:14	stdout	2024-11-13T13:49:14+04:00 INFO [storage] merging by most recent 20776 hardcoded servers and 20776 servers read from /gluetun/servers.json
2024/11/13 13:49:13	stdout	2024-11-13T13:49:13+04:00 INFO [firewall] enabled successfully
2024/11/13 13:49:13	stdout	2024-11-13T13:49:13+04:00 INFO [firewall] enabling...
2024/11/13 13:49:13	stdout	2024-11-13T13:49:13+04:00 INFO [routing] local ipnet found: 172.19.0.0/16
2024/11/13 13:49:13	stdout	2024-11-13T13:49:13+04:00 INFO [routing] local ethernet link found: eth0
2024/11/13 13:49:13	stdout	2024-11-13T13:49:13+04:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4
2024/11/13 13:49:13	stdout	💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024/11/13 13:49:13	stdout	💻 Email? [email protected]
2024/11/13 13:49:13	stdout	🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
2024/11/13 13:49:13	stdout	🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
2024/11/13 13:49:13	stdout	
2024/11/13 13:49:13	stdout	📣 All control server routes will become private by default after the v3.41.0 release
2024/11/13 13:49:13	stdout	
2024/11/13 13:49:13	stdout	Running version latest built on 2024-11-10T10:21:49.567Z (commit 0374c14)
2024/11/13 13:49:13	stdout	
2024/11/13 13:49:13	stdout	========================================
2024/11/13 13:49:13	stdout	========================================
2024/11/13 13:49:13	stdout	======= https://github.com/qdm12 =======
2024/11/13 13:49:13	stdout	=========== Made with ❤️ by ============
2024/11/13 13:49:13	stdout	========================================
2024/11/13 13:49:13	stdout	=============== gluetun ================
2024/11/13 13:49:13	stdout	========================================
2024/11/13 13:49:13	stdout	========================================


2024/11/13 13:56:18	stdout	2024-11-13T13:56:18+04:00 ERROR [vpn] starting port forwarding service: getting VPN local gateway IP: VPN local gateway IP address not found: in 17 routes
2024/11/13 13:56:18	stdout	2024-11-13T13:56:18+04:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024/11/13 13:56:18	stdout	2024-11-13T13:56:18+04:00 ERROR [vpn] waiting for DNS to be ready: context canceled
2024/11/13 13:56:18	stdout	2024-11-13T13:56:18+04:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024/11/13 13:56:06	stdout	2024-11-13T13:56:06+04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/11/13 13:56:05	stdout	2024-11-13T13:56:05+04:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024/11/13 13:55:10	stdout	2024-11-13T13:55:10+04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/11/13 13:55:10	stdout	2024-11-13T13:55:10+04:00 ERROR [vpn] starting port forwarding service: getting VPN local gateway IP: VPN local gateway IP address not found: in 17 routes
2024/11/13 13:55:10	stdout	2024-11-13T13:55:10+04:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2024/11/13 13:55:10	stdout	2024-11-13T13:55:10+04:00 ERROR [vpn] waiting for DNS to be ready: context canceled
2024/11/13 13:55:10	stdout	2024-11-13T13:55:10+04:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024/11/13 13:54:50	stdout	2024-11-13T13:54:50+04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/11/13 13:54:49	stdout	2024-11-13T13:54:49+04:00 ERROR [vpn] starting port forwarding service: getting VPN assigned IP address: network interface tun0 not found: route ip+net: no such network interface
2024/11/13 13:54:49	stdout	2024-11-13T13:54:49+04:00 ERROR [vpn] getting public IP address information: context canceled
2024/11/13 13:54:49	stdout	2024-11-13T13:54:49+04:00 ERROR [vpn] waiting for DNS to be ready: context canceled
2024/11/13 13:54:49	stdout	2024-11-13T13:54:49+04:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024/11/13 13:54:37	stdout	2024-11-13T13:54:37+04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024/11/13 13:54:37	stdout	2024-11-13T13:54:37+04:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2024/11/13 13:53:45	stdout	2024-11-13T13:53:45+04:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.

Share your configuration

version: "3" 
services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN

# I was adding ports for all the containers here, but it's no longer accepting the port as it says it's already in use!!!

    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - PUID=1032 # Your UID
      - PGID=65536 # Your GID
      - TZ=Asia/Dubai # Your timezone
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=removed
      - SERVER_COUNTRIES=United Arab Emirates
      - DOT=off #disable tls
      - PORT_FORWARD_ONLY=on
      - VPN_PORT_FORWARDING=on # Enable port forwarding
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
      - UPDATER_PERIOD=2h
      - HTTPPROXY=on # Enable HTTP Proxy
      - SHADOWSOCKS=on # Enable Shadowsocks Proxy
      - HTTPPROXY_LOG=off
      - FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.1.0/24,192.168.70.0/24,172.19.0.0/24
    volumes:
      - /volume1/docker/gluetun:/gluetun
    restart: always

  speedtest-tracker:
    image: lscr.io/linuxserver/speedtest-tracker:latest
    container_name: speedtest-tracker
    environment:
      - PUID=1032  # Your UID
      - PGID=65536  # Your GID
      - APP_KEY=removed
      - DB_CONNECTION=sqlite
      - APP_TIMEZONE=Asia/Dubai # Your timezone
      - DISPLAY_TIMEZONE=Asia/Dubai
    volumes:
      - /volume1/docker/speedtest-tracker:/config
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    restart: always

  qbittorrent:
    image: linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1032 #CHANGE_TO_YOUR_UID
      - PGID=65536 #CHANGE_TO_YOUR_GID
      - TZ=Asia/Dubai #CHANGE_TO_YOUR_TZ
      - WEBUI_PORT=8090
      - UMASK=022
    volumes:
      - /volume1/docker/qbittorrent:/config
      - /volume1/Downloads:/Downloads
      - /volume1/Downloads/incomplete:/incomplete
      - /volume1/Media:/Media
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
#    logging:
#      driver: none
    restart: always

  linuxserver-prowlarr:
    image: linuxserver/prowlarr:latest
    container_name: prowlarr
    environment:
      - PUID=1032 #CHANGE_TO_YOUR_UID
      - PGID=65536 #CHANGE_TO_YOUR_GID
      - TZ=Asia/Dubai #CHANGE_TO_YOUR_TZ
      - UMASK=022
    volumes:
      - /volume1/docker/prowlarr:/config
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  flaresolverr:
    image: flaresolverr/flaresolverr:latest
    container_name: flaresolverr
    environment:
      - TZ=Asia/Dubai #CHANGE_TO_YOUR_TZ
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  firefox:
    image: linuxserver/firefox:latest
    container_name: firefox
    environment:
      - PUID=1032 #CHANGE_TO_YOUR_UID
      - PGID=65536 #CHANGE_TO_YOUR_GID
      - TZ=Asia/Dubai #CHANGE_TO_YOUR_TZ
      - WEBUI_PORT=3000
    volumes:
      - /volume1/docker/firefox:/home/seluser/Downloads
    network_mode: service:gluetun
    depends_on:
      gluetun:
        condition: service_healthy
    security_opt:
      - no-new-privileges:true
    restart: always

  qbittorrent-natmap:
    image: ghcr.io/soxfor/qbittorrent-natmap:latest
    container_name: qbittorrent-natmap

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TZ=Asia/Dubai #CHANGE_TO_YOUR_TZ
      - QBITTORRENT_SERVER=127.0.0.1
      - QBITTORRENT_PORT=8090
      - QBITTORRENT_USER=removed
      - QBITTORRENT_PASS=removed
       - VPN_GATEWAY=10.2.0.1
       - VPN_CT_NAME=gluetun
       - VPN_IF_NAME=tun0
       - CHECK_INTERVAL=300
       - NAT_LEASE_LIFETIME=300
    network_mode: service:gluetun
    depends_on:
      qbittorrent:
        condition: service_started
      gluetun:
        condition: service_healthy
    restart: always
Copy link
Contributor

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

@qdm12
Copy link
Owner

qdm12 commented Nov 13, 2024

Does it work with :v3.39.1? Does it work with the latest image if for example you set WIREGUARD_MTU=1200?

@qdm12 qdm12 changed the title Bug: Proton VPN Unstable on Wireguard Getting TLS Errors and Port Forwarding Error leading to unhealthy Bug: DNS over TLS becomes unstable after being healthy (dialing tls server... context deadline exceeded) Nov 13, 2024
@KhaledMostafaME
Copy link
Author

KhaledMostafaME commented Nov 14, 2024

Does it work with :v3.39.1? Does it work with the latest image if for example you set WIREGUARD_MTU=1200?

No it doesn't work well for both, I've tested as well on v3.39 and on different vpn servers and getting the same issues,

@qdm12
Copy link
Owner

qdm12 commented Nov 15, 2024

Does it work if you turn off DNS over TLS with DOT=off?

@KhaledMostafaME
Copy link
Author

KhaledMostafaME commented Nov 17, 2024

Does it work if you turn off DNS over TLS with DOT=off?

I have tested it did work for some time and after that I got the following errors

ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": dial tcp: lookup api.github.com on 1.1.1.1:53: read udp 10.2.0.2:48332->1.1.1.1:53: i/o timeout

ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": dial tcp: lookup ipinfo.io on 1.1.1.1:53: read udp 10.2.0.2:38083->1.1.1.1:53: i/o timeout

ERROR [vpn] waiting for DNS to be ready: DNS is not working: after 10 tries: lookup github.com on 1.1.1.1:53: read udp 10.2.0.2:52097->1.1.1.1:53: i/o timeout

@0xN1nja
Copy link

0xN1nja commented Nov 19, 2024

@KhaledMostafaME same

@qdm12
Copy link
Owner

qdm12 commented Nov 21, 2024

Ok so the problem isn't due to DNS over TLS, nor the newer DNS forwarding code in the latest image, since plaintext DNS doesn't work as well. It might just be an unreliable VPN connection, try other VPN servers. Closing this since there is really nothing else I can do on my side/not a Gluetun bug, thanks for your understanding!

@qdm12 qdm12 closed this as not planned Won't fix, can't repro, duplicate, stale Nov 21, 2024
Copy link
Contributor

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

@bazmattaz
Copy link

@KhaledMostafaME did you figure this out? I have the same issue with Gluetun and ProtonVPN

@0xN1nja
Copy link

0xN1nja commented Dec 30, 2024

@bazmattaz if you're on free plan, add FREE_ONLY=on to gluetun's environment section

@bazmattaz
Copy link

bazmattaz commented Dec 30, 2024

@0xN1nja are you referring to the free version of ProtonVPN? No i'm using the paid version adding FREE_ONLY=on doesn't work for me.

@bazmattaz
Copy link

bazmattaz commented Dec 31, 2024

In case anyone else comes across this error using ProtonVPN. I found a solution to this which sadly doesn't use Gluetun. I setup Protonwire and have my other apps using the VPN through the Protonwire container. If you need port forwarding there is a great thread here where a guy creates a script which prints the forwarded port in the logs.

I tried so hard to get Gluetun working - even trying multiple different servers but kept getting the same issue. Protonwire worked straight away.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

4 participants