Bug: AirVPN Fails to connect if you specify SERVER_COUNTRIES or SERVER_CITIES

[Sciencentistguy]

Is this urgent?

No

Host OS

NixOS

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

3.40

What's the problem 🤔

Requesting specific servers seems to break the connection. Uncommenting either the SERVER_CITIES or SERVER_COUNTRIES (or both) in the provided docker-compose file causes the vpn to fail to connect, as seen in the logs. Uncommenting them both it works, but of course that means I can only request Europe servers meaning my connection is slower than it used to be when London worked.

Share your logs (at least 10 lines)

tunnel-1  | ========================================
tunnel-1  | =============== gluetun ================
tunnel-1  | ========================================
tunnel-1  | =========== Made with ❤️ by ============
tunnel-1  | ======= https://github.com/qdm12 =======
tunnel-1  | ========================================
tunnel-1  | ========================================
tunnel-1  |
tunnel-1  | Running version v3.40.0 built on 2024-12-25T22:01:25.675Z (commit e890c50)
tunnel-1  |
tunnel-1  | 🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
tunnel-1  | 🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
tunnel-1  | 💻 Email? [email protected]
tunnel-1  | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
tunnel-1  | 2025-01-21T09:25:25Z INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
tunnel-1  | 2025-01-21T09:25:25Z INFO [routing] local ethernet link found: eth0
tunnel-1  | 2025-01-21T09:25:25Z INFO [routing] local ipnet found: 172.20.0.0/16
tunnel-1  | 2025-01-21T09:25:25Z INFO [firewall] enabling...
tunnel-1  | 2025-01-21T09:25:25Z INFO [firewall] enabled successfully
tunnel-1  | 2025-01-21T09:25:26Z INFO [storage] merging by most recent 20776 hardcoded servers and 20776 servers read from /gluetun/servers.json
tunnel-1  | 2025-01-21T09:25:26Z INFO Alpine version: 3.20.3
tunnel-1  | 2025-01-21T09:25:26Z INFO OpenVPN 2.5 version: 2.5.10
tunnel-1  | 2025-01-21T09:25:26Z INFO OpenVPN 2.6 version: 2.6.11
tunnel-1  | 2025-01-21T09:25:26Z INFO IPtables version: v1.8.10
tunnel-1  | 2025-01-21T09:25:26Z INFO Settings summary:
tunnel-1  | ├── VPN settings:
tunnel-1  | |   ├── VPN provider settings:
tunnel-1  | |   |   ├── Name: airvpn
tunnel-1  | |   |   └── Server selection settings:
tunnel-1  | |   |       ├── VPN type: wireguard
tunnel-1  | |   |       ├── Cities: london
tunnel-1  | |   |       └── Wireguard selection settings:
tunnel-1  | |   └── Wireguard settings:
tunnel-1  | |       ├── Private key: SAP...GI=
tunnel-1  | |       ├── Pre-shared key: wcm...Nc=
tunnel-1  | |       ├── Interface addresses:
tunnel-1  | |       |   └── 10.183.111.234/32
tunnel-1  | |       ├── Allowed IPs:
tunnel-1  | |       |   ├── 0.0.0.0/0
tunnel-1  | |       |   └── ::/0
tunnel-1  | |       └── Network interface: tun0
tunnel-1  | |           └── MTU: 1320
tunnel-1  | ├── DNS settings:
tunnel-1  | |   ├── Keep existing nameserver(s): no
tunnel-1  | |   ├── DNS server address to use: 127.0.0.1
tunnel-1  | |   └── DNS over TLS settings:
tunnel-1  | |       ├── Enabled: yes
tunnel-1  | |       ├── Update period: every 24h0m0s
tunnel-1  | |       ├── Upstream resolvers:
tunnel-1  | |       |   └── cloudflare
tunnel-1  | |       ├── Caching: yes
tunnel-1  | |       ├── IPv6: no
tunnel-1  | |       └── DNS filtering settings:
tunnel-1  | |           ├── Block malicious: yes
tunnel-1  | |           ├── Block ads: no
tunnel-1  | |           ├── Block surveillance: no
tunnel-1  | |           └── Blocked IP networks:
tunnel-1  | |               ├── 127.0.0.1/8
tunnel-1  | |               ├── 10.0.0.0/8
tunnel-1  | |               ├── 172.16.0.0/12
tunnel-1  | |               ├── 192.168.0.0/16
tunnel-1  | |               ├── 169.254.0.0/16
tunnel-1  | |               ├── ::1/128
tunnel-1  | |               ├── fc00::/7
tunnel-1  | |               ├── fe80::/10
tunnel-1  | |               ├── ::ffff:127.0.0.1/104
tunnel-1  | |               ├── ::ffff:10.0.0.0/104
tunnel-1  | |               ├── ::ffff:169.254.0.0/112
tunnel-1  | |               ├── ::ffff:172.16.0.0/108
tunnel-1  | |               └── ::ffff:192.168.0.0/112
tunnel-1  | ├── Firewall settings:
tunnel-1  | |   ├── Enabled: yes
tunnel-1  | |   └── VPN input ports:
tunnel-1  | |       ├── REDACTED
tunnel-1  | |       └── REDACTED
tunnel-1  | ├── Log settings:
tunnel-1  | |   └── Log level: info
tunnel-1  | ├── Health settings:
tunnel-1  | |   ├── Server listening address: 127.0.0.1:9999
tunnel-1  | |   ├── Target address: cloudflare.com:443
tunnel-1  | |   ├── Duration to wait after success: 5s
tunnel-1  | |   ├── Read header timeout: 100ms
tunnel-1  | |   ├── Read timeout: 500ms
tunnel-1  | |   └── VPN wait durations:
tunnel-1  | |       ├── Initial duration: 6s
tunnel-1  | |       └── Additional duration: 5s
tunnel-1  | ├── Shadowsocks server settings:
tunnel-1  | |   └── Enabled: no
tunnel-1  | ├── HTTP proxy settings:
tunnel-1  | |   └── Enabled: no
tunnel-1  | ├── Control server settings:
tunnel-1  | |   ├── Listening address: :8000
tunnel-1  | |   ├── Logging: yes
tunnel-1  | |   └── Authentication file path: /gluetun/auth/config.toml
tunnel-1  | ├── Storage settings:
tunnel-1  | |   └── Filepath: /gluetun/servers.json
tunnel-1  | ├── OS Alpine settings:
tunnel-1  | |   ├── Process UID: 1000
tunnel-1  | |   └── Process GID: 1000
tunnel-1  | ├── Public IP settings:
tunnel-1  | |   ├── IP file path: /tmp/gluetun/ip
tunnel-1  | |   ├── Public IP data base API: ipinfo
tunnel-1  | |   └── Public IP data backup APIs:
tunnel-1  | |       ├── ifconfigco
tunnel-1  | |       ├── ip2location
tunnel-1  | |       └── cloudflare
tunnel-1  | └── Version settings:
tunnel-1  |     └── Enabled: yes
tunnel-1  | 2025-01-21T09:25:26Z INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
tunnel-1  | 2025-01-21T09:25:26Z INFO [routing] adding route for 0.0.0.0/0
tunnel-1  | 2025-01-21T09:25:26Z INFO [firewall] setting allowed subnets...
tunnel-1  | 2025-01-21T09:25:26Z INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
tunnel-1  | 2025-01-21T09:25:26Z INFO [dns] using plaintext DNS at address 1.1.1.1
tunnel-1  | 2025-01-21T09:25:26Z INFO [http server] http server listening on [::]:8000
tunnel-1  | 2025-01-21T09:25:26Z INFO [healthcheck] listening on 127.0.0.1:9999
tunnel-1  | 2025-01-21T09:25:26Z INFO [firewall] allowing VPN connection...
tunnel-1  | 2025-01-21T09:25:26Z INFO [wireguard] Using available kernelspace implementation
tunnel-1  | 2025-01-21T09:25:26Z INFO [wireguard] Connecting to 89.238.150.42:1637
tunnel-1  | 2025-01-21T09:25:26Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
tunnel-1  | 2025-01-21T09:25:26Z INFO [firewall] setting allowed input port REDACTED through interface tun0...
tunnel-1  | 2025-01-21T09:25:26Z INFO [firewall] setting allowed input port REDACTED through interface tun0...
tunnel-1  | 2025-01-21T09:25:26Z INFO [dns] downloading hostnames and IP block lists
tunnel-1  | 2025-01-21T09:25:36Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
tunnel-1  | 2025-01-21T09:25:36Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
tunnel-1  | 2025-01-21T09:25:36Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
tunnel-1  | 2025-01-21T09:25:36Z INFO [vpn] stopping
tunnel-1  | 2025-01-21T09:25:36Z INFO [firewall] removing allowed port REDACTED...
tunnel-1  | 2025-01-21T09:25:36Z INFO [firewall] removing allowed port REDACTED...
tunnel-1  | 2025-01-21T09:25:36Z ERROR [vpn] getting public IP address information: context canceled
tunnel-1  | 2025-01-21T09:25:36Z ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/releases": context canceled
tunnel-1  | 2025-01-21T09:25:36Z INFO [vpn] starting
tunnel-1  | 2025-01-21T09:25:36Z INFO [firewall] allowing VPN connection...
tunnel-1  | 2025-01-21T09:25:36Z INFO [wireguard] Using available kernelspace implementation
tunnel-1  | 2025-01-21T09:25:36Z INFO [wireguard] Connecting to 2.58.47.202:1637
tunnel-1  | 2025-01-21T09:25:36Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
tunnel-1  | 2025-01-21T09:25:36Z INFO [firewall] setting allowed input port REDACTED through interface tun0...
tunnel-1  | 2025-01-21T09:25:36Z INFO [firewall] setting allowed input port REDACTED through interface tun0...
tunnel-1  | 2025-01-21T09:25:41Z WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
tunnel-1  | 2025-01-21T09:25:41Z INFO [dns] attempting restart in 10s
tunnel-1  | 2025-01-21T09:25:48Z INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
tunnel-1  | 2025-01-21T09:25:48Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
tunnel-1  | 2025-01-21T09:25:48Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
tunnel-1  | 2025-01-21T09:25:48Z INFO [vpn] stopping
tunnel-1  | 2025-01-21T09:25:48Z INFO [firewall] removing allowed port REDACTED...
tunnel-1  | 2025-01-21T09:25:48Z INFO [firewall] removing allowed port REDACTED...
tunnel-1  | 2025-01-21T09:25:48Z ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
tunnel-1  | 2025-01-21T09:25:48Z INFO [vpn] starting
tunnel-1  | 2025-01-21T09:25:48Z INFO [firewall] allowing VPN connection...
tunnel-1  | 2025-01-21T09:25:48Z INFO [wireguard] Using available kernelspace implementation
tunnel-1  | 2025-01-21T09:25:48Z INFO [wireguard] Connecting to 146.70.61.130:1637
tunnel-1  | 2025-01-21T09:25:48Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
tunnel-1  | 2025-01-21T09:25:49Z INFO [firewall] setting allowed input port REDACTED through interface tun0...
tunnel-1  | 2025-01-21T09:25:49Z INFO [firewall] setting allowed input port REDACTED through interface tun0...
tunnel-1  | 2025-01-21T09:25:51Z INFO [dns] downloading hostnames and IP block lists
tunnel-1  | 2025-01-21T09:26:04Z ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
tunnel-1  | 2025-01-21T09:26:06Z WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
tunnel-1  | 2025-01-21T09:26:06Z INFO [dns] attempting restart in 20s
tunnel-1  | 2025-01-21T09:26:09Z INFO [healthcheck] program has been unhealthy for 16s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
tunnel-1  | 2025-01-21T09:26:09Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
tunnel-1  | 2025-01-21T09:26:09Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
tunnel-1  | 2025-01-21T09:26:09Z INFO [vpn] stopping
tunnel-1  | 2025-01-21T09:26:09Z INFO [firewall] removing allowed port REDACTED...
tunnel-1  | 2025-01-21T09:26:09Z INFO [firewall] removing allowed port REDACTED...
tunnel-1  | 2025-01-21T09:26:09Z INFO [vpn] starting
tunnel-1  | 2025-01-21T09:26:09Z INFO [firewall] allowing VPN connection...
tunnel-1  | 2025-01-21T09:26:09Z INFO [wireguard] Using available kernelspace implementation
tunnel-1  | 2025-01-21T09:26:09Z INFO [wireguard] Connecting to 217.138.195.18:1637
tunnel-1  | 2025-01-21T09:26:09Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
tunnel-1  | 2025-01-21T09:26:09Z INFO [firewall] setting allowed input port REDACTED through interface tun0...
tunnel-1  | 2025-01-21T09:26:09Z INFO [firewall] setting allowed input port REDACTED through interface tun0...

Share your configuration

tunnel:
  image: qmcgaw/gluetun:v3.40
  devices:
    - /dev/net/tun:/dev/net/tun
  cap_add:
    - NET_ADMIN
  environment:
    - VPN_SERVICE_PROVIDER=airvpn
    - VPN_TYPE=wireguard
    - WIREGUARD_PRIVATE_KEY=...
    - WIREGUARD_PRESHARED_KEY=...
    - WIREGUARD_ADDRESSES=...
    - FIREWALL_VPN_INPUT_PORTS=...
    # - SERVER_CITIES=London
    # - SERVER_COUNTRIES='United Kingdom'
    - SERVER_REGION=Europe
  volumes:
    - ./tunnel_data:/gluetun
  ports:
    - ...
  restart: unless-stopped

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image