Bug: Gluetun container is unhealthy, even fresh install

[therealjin]

Is this urgent?

None

Host OS

Ubuntu 22.04.5 LTS

CPU arch

x86_64

VPN service provider

Private Internet Access

What are you using to run the container

Portainer

What is the version of Gluetun

3.40

What's the problem 🤔

Hello,

I have been using gluetun for the last few months without any issues, however today suddenly I realized that gluetun was not working properly. The container showed unhealthy, and since I had it as a stack with qbit and a auto port forward container, I decided to break it down into just gluetun.

I started a new install of gluetun, using the latest v3.40 image and used wireguard and PIA's wireguard settings. I used both my original settings that worked for the last few months as well as generated a new wireguard config file and utilized these settings (generated via manual connections FOSS)

I have updated my VPN servers list as well as tried to use custom DNS (google's/the vpn's), turning off port forwarding, turning off DOT to no avail.

I have tried to downgrade all the way to 3.37 but i still have issues

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2025-01-22T08:30:14.628Z (commit 13532c8)

🔧 Need help? ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new/choose
🐛 Bug? ✨ New feature? https://github.com/qdm12/gluetun/issues/new/choose
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2025-02-28T16:30:40-05:00 INFO [routing] default route found: interface eth0, gateway 172.27.0.1, assigned IP 172.27.0.26 and family v4
2025-02-28T16:30:40-05:00 INFO [routing] local ethernet link found: eth0
2025-02-28T16:30:40-05:00 INFO [routing] local ipnet found: 172.27.0.0/16
2025-02-28T16:30:40-05:00 INFO [firewall] enabling...
2025-02-28T16:30:40-05:00 INFO [firewall] enabled successfully
2025-02-28T16:30:40-05:00 INFO [storage] creating /gluetun/servers.json with 20776 hardcoded servers
2025-02-28T16:30:40-05:00 INFO Alpine version: 3.20.5
2025-02-28T16:30:40-05:00 INFO OpenVPN 2.5 version: 2.5.10
2025-02-28T16:30:40-05:00 INFO OpenVPN 2.6 version: 2.6.11
2025-02-28T16:30:40-05:00 INFO IPtables version: v1.8.10
2025-02-28T16:30:40-05:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: wireguard
|   |   |   ├── Server names: ontario418
|   |   |   └── Wireguard selection settings:
|   |   |       ├── Endpoint IP address: 149.50.218.37
|   |   |       ├── Endpoint port: 1337
|   |   |       └── Server public key: 3UiFlajEp5LYitGh8jkGoYyy1BSzuIEVHrELY+4FUhs=
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: disabled
|   |       ├── Use code for provider: private internet access
|   |       ├── Forwarded port file path: /tmp/gluetun/forwarded_port
|   |       └── Credentials:
|   |           ├── Username: p3521283
|   |           └── Password: [set]
|   └── Wireguard settings:
|       ├── Private key: 4B5...nU=
|       ├── Interface addresses:
|       |   └── 10.9.158.225/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1320
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Upstream resolvers:
|       |   └── cloudflare
|       ├── Caching: yes
|       ├── IPv6: no
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   ├── Logging: yes
|   └── Authentication file path: /gluetun/auth/config.toml
├── Storage settings:
|   └── Filepath: /gluetun/servers.json
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: america/toronto
├── Public IP settings:
|   ├── IP file path: /tmp/gluetun/ip
|   ├── Public IP data base API: ipinfo
|   └── Public IP data backup APIs:
|       ├── ifconfigco
|       ├── ip2location
|       └── cloudflare
└── Version settings:
    └── Enabled: yes
2025-02-28T16:30:40-05:00 INFO [routing] default route found: interface eth0, gateway 172.27.0.1, assigned IP 172.27.0.26 and family v4
2025-02-28T16:30:40-05:00 INFO [routing] adding route for 0.0.0.0/0
2025-02-28T16:30:40-05:00 INFO [firewall] setting allowed subnets...
2025-02-28T16:30:40-05:00 INFO [routing] default route found: interface eth0, gateway 172.27.0.1, assigned IP 172.27.0.26 and family v4
2025-02-28T16:30:40-05:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2025-02-28T16:30:40-05:00 INFO [http server] http server listening on [::]:8000
2025-02-28T16:30:40-05:00 INFO [firewall] allowing VPN connection...
2025-02-28T16:30:40-05:00 INFO [healthcheck] listening on 127.0.0.1:9999
2025-02-28T16:30:40-05:00 INFO [wireguard] Using available kernelspace implementation
2025-02-28T16:30:40-05:00 INFO [wireguard] Connecting to 149.50.218.37:1337
2025-02-28T16:30:40-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-02-28T16:30:40-05:00 INFO [dns] downloading hostnames and IP block lists
2025-02-28T16:30:50-05:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2025-02-28T16:30:50-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2025-02-28T16:30:50-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2025-02-28T16:30:50-05:00 INFO [vpn] stopping
2025-02-28T16:30:50-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2025-02-28T16:30:50-05:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2025-02-28T16:30:50-05:00 INFO [port forwarding] starting
2025-02-28T16:30:50-05:00 ERROR [vpn] starting port forwarding service: port forwarding for the first time: refreshing port forward data: fetching token: Post "https://www.privateinternetaccess.com/api/client/v2/token": dial tcp: lookup www.privateinternetaccess.com on 1.1.1.1:53: write udp 172.27.0.26:51569->1.1.1.1:53: write: operation not permitted
2025-02-28T16:30:50-05:00 INFO [vpn] starting
2025-02-28T16:30:50-05:00 INFO [firewall] allowing VPN connection...
2025-02-28T16:30:50-05:00 INFO [wireguard] Using available kernelspace implementation
2025-02-28T16:30:50-05:00 INFO [wireguard] Connecting to 149.50.218.37:1337
2025-02-28T16:30:50-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-02-28T16:30:55-05:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2025-02-28T16:30:55-05:00 INFO [dns] attempting restart in 10s
2025-02-28T16:31:02-05:00 INFO [healthcheck] program has been unhealthy for 11s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2025-02-28T16:31:02-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2025-02-28T16:31:02-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2025-02-28T16:31:02-05:00 INFO [vpn] stopping
2025-02-28T16:31:02-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context canceled
2025-02-28T16:31:02-05:00 INFO [port forwarding] starting
2025-02-28T16:31:02-05:00 ERROR [vpn] starting port forwarding service: port forwarding for the first time: refreshing port forward data: fetching token: Post "https://www.privateinternetaccess.com/api/client/v2/token": dial tcp: lookup www.privateinternetaccess.com on 1.1.1.1:53: write udp 172.27.0.26:50811->1.1.1.1:53: write: operation not permitted
2025-02-28T16:31:02-05:00 INFO [vpn] starting
2025-02-28T16:31:02-05:00 INFO [firewall] allowing VPN connection...
2025-02-28T16:31:02-05:00 INFO [wireguard] Using available kernelspace implementation
2025-02-28T16:31:02-05:00 INFO [wireguard] Connecting to 149.50.218.37:1337
2025-02-28T16:31:02-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-02-28T16:31:05-05:00 INFO [dns] downloading hostnames and IP block lists
2025-02-28T16:31:17-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2025-02-28T16:31:17-05:00 INFO [port forwarding] starting
2025-02-28T16:31:20-05:00 WARN [dns] cannot update filter block lists: Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-hostnames.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers), Get "https://raw.githubusercontent.com/qdm12/files/master/malicious-ips.updated": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2025-02-28T16:31:20-05:00 INFO [dns] attempting restart in 20s
2025-02-28T16:31:22-05:00 INFO [healthcheck] program has been unhealthy for 16s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout)
2025-02-28T16:31:22-05:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
2025-02-28T16:31:22-05:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
2025-02-28T16:31:22-05:00 INFO [vpn] stopping
2025-02-28T16:31:32-05:00 ERROR [vpn] starting port forwarding service: port forwarding for the first time: refreshing port forward data: fetching token: Post "https://www.privateinternetaccess.com/api/client/v2/token": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2025-02-28T16:31:32-05:00 INFO [vpn] starting
2025-02-28T16:31:32-05:00 INFO [firewall] allowing VPN connection...
2025-02-28T16:31:32-05:00 INFO [wireguard] Using available kernelspace implementation
2025-02-28T16:31:32-05:00 INFO [wireguard] Connecting to 149.50.218.37:1337
2025-02-28T16:31:32-05:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2025-02-28T16:31:40-05:00 INFO [dns] downloading hostnames and IP block lists
2025-02-28T16:31:48-05:00 ERROR [vpn] getting public IP address information: fetching information: Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2025-02-28T16:31:48-05:00 INFO [port forwarding] starting

Share your configuration

---
services:
  #gluetun custom vpn
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    restart: unless-stopped
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8080:8080/tcp
      - 8765:8000/tcp
    volumes:
      - ${BASE_PATH}/gluetun_test:/gluetun_test
      - ${BASE_PATH}/gluetun_test/wg0.conf:/gluetun_test/wireguard/wg0.conf


    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - WIREGUARD_ENDPOINT_IP=149.50.218.37
      - WIREGUARD_ENDPOINT_PORT=1337
      - WIREGUARD_PUBLIC_KEY=3UiFlajEp5LYitGh8jkGoYyy1BSzuIEVHrELY+4FUhs=
      - WIREGUARD_PRIVATE_KEY=XXXXXXXXX
      - WIREGUARD_ADDRESSES=10.9.158.225
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=private internet access
      - VPN_PORT_FORWARDING_USERNAME=XXXXXXXX
      - VPN_PORT_FORWARDING_PASSWORD=XXXXXXXX
      - SERVER_NAMES=ontario418
      - TZ=America/Toronto

      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

[therealjin]

I started fresh again, this time obtaining brand new wg configuration. I completely deleted my old wg mounts as well.
I assume that the server may have expired or something, leading to the gluetun giving issues.

By acquiring new configuration settings and yet again a fresh mount space, I was able to fix my once unhealthy container.
I apologize for the bug issue. It just took me 11 hours to fumble upon the situation lol

Thanks to the dev/maintainer of the project.