Help: Most HTTP requests don't work

[Maykin-99]

Is this urgent?: No

Host OS (approximate answer is fine too): Raspbian GNU/Linux 10 (buster)

CPU arch or device name: armv7l / Raspberry Pi 4 B 4GB

What VPN provider are you using: Private Internet Access

What is the version of the program (See the line at the top of your logs)

Running version latest built on 2021-05-06T18:55:14Z (commit 91b037a)

What's the problem 🤔

Somehow most HTTP requests don't work.

# from inside the gluetun container
/ # curl http://ifconfig.io # works
212.102.39.158
/ # curl https://ifconfig.io # works
212.102.39.158
/ # curl http://www.google.com # doesn't work
curl: (56) Recv failure: Connection reset by peer
/ # curl https://www.google.com # doesn't work
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to www.google.com:443 
/ # curl http://github.com # works
/ # curl https://github.com # doesn't work
curl: (35) OpenSSL SSL_connect: Connection reset by peer in connection to github.com:443 

These commands work fine on the host. Seems to me like a PIA issues but I'm not sure?

Share your logs... (careful to remove in example tokens)

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version latest built on 2021-05-06T18:55:14Z (commit 91b037a)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/05/06 22:18:22 INFO OpenVPN version: 2.5.2
2021/05/06 22:18:22 INFO Unbound version: 1.13.0
2021/05/06 22:18:22 INFO IPtables version: v1.8.6
2021/05/06 22:18:22 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Custom port: 0
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Blocked hostnames:
          |--Blocked IP addresses:
              |--127.0.0.1/8
              |--10.0.0.0/8
              |--172.16.0.0/12
              |--192.168.0.0/16
              |--169.254.0.0/16
              |--::1/128
              |--fc00::/7
              |--fe80::/10
              |--::ffff:0:0/96
          |--Allowed hostnames:
      |--Block malicious: enabled
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/05/06 22:18:22 INFO storage: merging by most recent 8973 hardcoded servers and 8973 servers read from /gluetun/servers.json
2021/05/06 22:18:22 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/06 22:18:22 INFO routing: local ethernet link found: eth0
2021/05/06 22:18:22 INFO routing: local ipnet found: 172.23.0.0/16
2021/05/06 22:18:22 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/06 22:18:22 INFO routing: adding route for 0.0.0.0/0
2021/05/06 22:18:22 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/05/06 22:18:22 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/06 22:18:22 INFO openvpn configurator: checking for device /dev/net/tun
2021/05/06 22:18:22 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/05/06 22:18:22 INFO openvpn configurator: creating /dev/net/tun
2021/05/06 22:18:22 INFO firewall: enabling...
2021/05/06 22:18:23 INFO firewall: enabled successfully
2021/05/06 22:18:23 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/05/06 22:18:23 INFO http server: listening on 0.0.0.0:8000
2021/05/06 22:18:23 INFO healthcheck: listening on 127.0.0.1:9999
2021/05/06 22:18:23 INFO firewall: setting VPN connection through firewall...
2021/05/06 22:18:23 INFO openvpn configurator: starting openvpn
2021/05/06 22:18:23 INFO openvpn: OpenVPN 2.5.2 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/05/06 22:18:23 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/05/06 22:18:23 INFO openvpn: CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
2021/05/06 22:18:23 INFO openvpn: <token>
2021/05/06 22:18:23 INFO openvpn: -----END X509 CRL-----
2021/05/06 22:18:23 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.34.50:1197
2021/05/06 22:18:23 INFO openvpn: UDP link local: (not bound)
2021/05/06 22:18:23 INFO openvpn: UDP link remote: [AF_INET]156.146.34.50:1197
2021/05/06 22:18:24 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/05/06 22:18:30 WARN openvpn: unhealthy program: restarting openvpn
2021/05/06 22:18:30 INFO firewall: setting VPN connection through firewall...
2021/05/06 22:18:30 INFO openvpn configurator: starting openvpn
2021/05/06 22:18:30 INFO openvpn: OpenVPN 2.5.2 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/05/06 22:18:30 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/05/06 22:18:30 INFO openvpn: CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
2021/05/06 22:18:30 INFO openvpn: <token>
2021/05/06 22:18:30 INFO openvpn: -----END X509 CRL-----
2021/05/06 22:18:30 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]109.248.149.4:1197
2021/05/06 22:18:30 INFO openvpn: UDP link local: (not bound)
2021/05/06 22:18:30 INFO openvpn: UDP link remote: [AF_INET]109.248.149.4:1197
2021/05/06 22:18:31 INFO openvpn: [riga401] Peer Connection Initiated with [AF_INET]109.248.149.4:1197
2021/05/06 22:18:31 INFO openvpn: unhealthy program: waiting 12s for it to change to healthy
2021/05/06 22:18:32 INFO openvpn: sitnl_send: rtnl: generic error (-101): Network unreachable
2021/05/06 22:18:32 INFO openvpn: TUN/TAP device tun0 opened
2021/05/06 22:18:32 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/05/06 22:18:32 INFO openvpn: /sbin/ip link set dev tun0 up
2021/05/06 22:18:32 INFO openvpn: /sbin/ip addr add dev tun0 10.2.110.7/24
2021/05/06 22:18:32 WARN openvpn: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
2021/05/06 22:18:32 INFO openvpn: add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
2021/05/06 22:18:32 ERROR openvpn: RTNETLINK answers: Permission denied
2021/05/06 22:18:32 INFO openvpn: ERROR: Linux route -6 add command failed: external program exited with error status: 2
2021/05/06 22:18:32 INFO openvpn: Initialization Sequence Completed
2021/05/06 22:18:32 INFO VPN routing IP address: 109.248.149.4
2021/05/06 22:18:32 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/06 22:18:32 INFO healthcheck: healthy!
2021/05/06 22:18:45 WARN dns over tls: cannot update files
2021/05/06 22:18:45 INFO dns over tls: attempting restart in 10s
2021/05/06 22:18:55 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/06 22:19:05 WARN dns over tls: cannot update files
2021/05/06 22:19:05 INFO dns over tls: attempting restart in 20s
2021/05/06 22:19:25 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/06 22:19:35 WARN dns over tls: cannot update files
2021/05/06 22:19:35 INFO dns over tls: attempting restart in 40s
2021/05/06 22:20:15 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/06 22:20:26 WARN dns over tls: cannot update files
2021/05/06 22:20:26 INFO dns over tls: attempting restart in 1m20s
2021/05/06 22:21:46 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/06 22:21:56 WARN dns over tls: cannot update files
2021/05/06 22:21:56 INFO dns over tls: attempting restart in 2m40s

What are you using to run your container?: Docker Compose

Please also share your configuration file:

version: '3.6'

services:
  vpn:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8000:8000/tcp # Built-in HTTP control serveruser: 1000:1000
    environment:
      VPNSP: private internet access
    secrets:
      - openvpn_user
      - openvpn_password
    volumes:
      - ./data/vpn:/gluetun

secrets:
  openvpn_user:
    file: ./openvpn_user
  openvpn_password:
    file: ./openvpn_password

[Maykin-99]

Seems to me like a PIA issues but I'm not sure?

I was wrong.

Switching to tag v3.16.0 seems to solve the problem - something between this and latest seems to cause this issue.

[qdm12]

Ah interesting. Let's keep it opened, I'll try it before doing another release tag. Maybe it's due to IPv6 being blocked since then. Careful you're not leaking ipv6 traffic 🤔

[qdm12]

Isn't it related to dns over tls: cannot update files perhaps? I'll have a look more in depth over the weekend.

[Maykin-99]

Isn't it related to dns over tls: cannot update files perhaps? I'll have a look more in depth over the weekend.

Possibly. This doesn't happen on v3.16.0.

Though DNS seems to work fine in latest:

/ # nslookup www.google.com
Server:		1.1.1.1
Address:	1.1.1.1:53

Non-authoritative answer:
Name:	www.google.com
Address: 172.217.194.105
Name:	www.google.com
Address: 172.217.194.106
Name:	www.google.com
Address: 172.217.194.103
Name:	www.google.com
Address: 172.217.194.104
Name:	www.google.com
Address: 172.217.194.99
Name:	www.google.com
Address: 172.217.194.147

Non-authoritative answer:
Name:	www.google.com
Address: 2404:6800:4003:c04::93
Name:	www.google.com
Address: 2404:6800:4003:c04::63
Name:	www.google.com
Address: 2404:6800:4003:c04::67
Name:	www.google.com
Address: 2404:6800:4003:c04::6a

Even traceroute works:

traceroute to www.google.com (172.217.194.104), 30 hops max, 46 byte packets
 1  10.10.110.1 (10.10.110.1)  174.932 ms  171.597 ms  172.151 ms
 2  86.107.104.209 (86.107.104.209)  178.299 ms  172.623 ms  175.161 ms
 3  193.27.15.41 (193.27.15.41)  178.062 ms  184.682 ms  179.478 ms
 4  37.120.220.218 (37.120.220.218)  171.300 ms  37.120.220.230 (37.120.220.230)  176.829 ms  37.120.220.218 (37.120.220.218)  172.719 ms
 5  snge-b1-link.ip.twelve99.net (62.115.155.102)  169.608 ms  169.592 ms  snge-b1-link.ip.twelve99.net (62.115.185.72)  176.427 ms
 6  google-ic307031-snge-b1.ip.twelve99-cust.net (213.248.86.62)  170.714 ms  170.332 ms  169.016 ms
 7  108.170.254.226 (108.170.254.226)  171.891 ms  108.170.240.172 (108.170.240.172)  172.066 ms  108.170.240.164 (108.170.240.164)  171.211 ms
 8  216.239.49.74 (216.239.49.74)  170.193 ms  72.14.235.60 (72.14.235.60)  171.448 ms  *
 9  108.170.225.101 (108.170.225.101)  172.770 ms  74.125.37.250 (74.125.37.250)  171.213 ms  209.85.255.128 (209.85.255.128)  176.081 ms
10  108.170.230.103 (108.170.230.103)  180.217 ms  66.249.95.23 (66.249.95.23)  170.720 ms  209.85.245.135 (209.85.245.135)  172.698 ms
11  *  *  *
12  *  *  *
13  *  *  *
14  *  *  *
15  *  *  *
16  *  *  *
17  *  *  *
18  *  *  *
19  *  *  *
20  172.217.194.104 (172.217.194.104)  171.599 ms  170.041 ms  169.450 ms

[qdm12]

So I tried running a container named gluetun (with Mullvad) and running

docker exec -it gluetun ping github.com

And it's working without interruption for me.

Note in :latest (after v3.16.0), the following got upgraded:

• Alpine from 3.12 to 3.13 and:
• Openvpn from 2.4.10 to 2.5.1
• Unbound from 1.10.1 to 1.13.0
• Iptables from 1.8.4 to 1.8.6

As you are running on a 32 bit OS, did you try step 2 here perhaps? Alpine 3.13 broke a few things on 32 bit OS especially for Raspberry Pis 🤔

[Maykin-99]

So I tried running a container named gluetun (with Mullvad) and running

docker exec -it gluetun ping github.com

And it's working without interruption for me.

Same. ping works - HTTP requests (and maybe TCP requests in general) do not.

As you are running on a 32 bit OS, did you try step 2 here perhaps? Alpine 3.13 broke a few things on 32 bit OS especially for Raspberry Pis 🤔

I did:

root@raspberrypi:/tmp# apt list | grep libseccomp

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

golang-github-seccomp-libseccomp-golang-dev/stable 0.9.0-2 all
libseccomp-dev/buster-backports,now 2.4.4-1~bpo10+1 armhf [installed]
libseccomp2/now 2.5.1-1 armhf [installed,local]

I also restarted the Raspberry Pi - just in case - and it didn't help either.

[qdm12]

1. Try with docker exec gluetun apk add speedtest-cli && speedtest-cli?
2. What does docker exec gluetun nslookup google.com give?
3. Maybe try setting a server region closed to your location? Does it help?

[Maykin-99]

1. Try with `docker exec gluetun apk add speedtest-cli && speedtest-cli`?

Doesn't work. It is stuck there:

/ # apk add speedtest-cli
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/armv7/APKINDEX.tar.gz

2. What does `docker exec gluetun nslookup google.com` give?

/ # nslookup google.com
Server:		1.1.1.1
Address:	1.1.1.1:53

Non-authoritative answer:
Name:	google.com
Address: 142.250.185.110

Non-authoritative answer:
Name:	google.com
Address: 2a00:1450:4001:80f::200e

3. Maybe try setting a server region closed to your location? Does it help?

No change. 1. & 2. where done using a close region

[qdm12]

Actually I rechecked, ipv6 is allowed through the tunnel so that shouldn't be the cause really. The DNS returns 2a00:1450:4001:80f::200e for me as well, so I doubt IPv6 is at fault.

It might be because of Alpine 3.13 or Openvpn 2.5.x;

Can you therefore try (it should take at most 1 minute on a raspberry Pi)

docker build -t qmcgaw/gluetun:test --build-arg ALPINE_VERSION=3.12 https://github.com/qdm12/gluetun.git

To build it with Alpine 3.12 and run the image qmcgaw/gluetun:test, to see if it works? 🤔

At least that way we can be certain it's due to Alpine/Openvpn or if it's due to the code changes since v3.16.0.

[Maykin-99]

Can you therefore try (it should take at most 1 minute on a raspberry Pi)

docker build -t qmcgaw/gluetun:test --build-arg ALPINE_VERSION=3.12 https://github.com/qdm12/gluetun.git

I somehow can't build it on the Raspberry Pi:

docker build -t qmcgaw/gluetun:test --build-arg ALPINE_VERSION=3.12 --build-arg BUILDPLATFORM=linux/arm/v7 https://github.com/qdm12/gluetun.git 
Sending build context to Docker daemon  2.211MB
Step 1/39 : ARG ALPINE_VERSION=3.13
Step 2/39 : ARG GO_VERSION=1.16
Step 3/39 : ARG BUILDPLATFORM=linux/amd64
Step 4/39 : FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
 ---> 24d827672eae
Step 5/39 : RUN apk --update add git
 ---> [Warning] The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm/v7) and no specific platform was requested
 ---> Running in 62e8875a2d5f
standard_init_linux.go:219: exec user process caused: exec format error
The command '/bin/sh -c apk --update add git' returned a non-zero code: 1

Also happens when I clone the project and manually edit the Dockerfile.

I'll inform you when I figure it out the issue here.

[qdm12]

Oops try by adding --build-arg BUILDPLATFORM="linux/arm/7" to the build command. Usually Docker replaces it by itself but it looks like it's not always the case 🤔

[Maykin-99]

I did. The issue seems to be something else.

# docker build -t qmcgaw/gluetun:test --build-arg ALPINE_VERSION=3.12 --build-arg BUILDPLATFORM="linux/arm/7" https://github.com/qdm12/gluetun.git 
Sending build context to Docker daemon  2.211MB
Step 1/39 : ARG ALPINE_VERSION=3.13
Step 2/39 : ARG GO_VERSION=1.16
Step 3/39 : ARG BUILDPLATFORM=linux/amd64
Step 4/39 : FROM --platform=$BUILDPLATFORM golang:${GO_VERSION}-alpine${ALPINE_VERSION} AS base
 ---> 24d827672eae
Step 5/39 : RUN apk --update add git
 ---> [Warning] The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm/v7) and no specific platform was requested
 ---> Running in 32dda12901ed
standard_init_linux.go:219: exec user process caused: exec format error
The command '/bin/sh -c apk --update add git' returned a non-zero code: 1

I'll look into it.

[qdm12]

Maybe try with --platform="linux/arm/7" as well? Otherwise I'll build and push it myself for arm later today no worry 😉

[qdm12]

Can you try with the image qmcgaw/gluetun:alpine-3.12? It should be built using :latest and with Alpine 3.12 (and older openvpn too). Note that it's only built for arm v7.

[Maykin-99]

Sorry for the delay.

The alpine-3.12 image doesn't work at all:

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version unknown built on an unknown date (commit unknown)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/05/14 23:18:12 INFO IPtables version: v1.8.4
2021/05/14 23:18:12 INFO OpenVPN version: 2.4.11
2021/05/14 23:18:12 INFO Unbound version: 1.10.1
2021/05/14 23:18:12 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Custom port: 0
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Blocked hostnames:
          |--Blocked IP addresses:
              |--127.0.0.1/8
              |--10.0.0.0/8
              |--172.16.0.0/12
              |--192.168.0.0/16
              |--169.254.0.0/16
              |--::1/128
              |--fc00::/7
              |--fe80::/10
              |--::ffff:0:0/96
          |--Allowed hostnames:
      |--Block malicious: enabled
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/05/14 23:18:12 INFO storage: merging by most recent 9140 hardcoded servers and 7403 servers read from /gluetun/servers.json
2021/05/14 23:18:12 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/14 23:18:12 INFO routing: local ethernet link found: eth0
2021/05/14 23:18:12 INFO routing: local ipnet found: 172.23.0.0/16
2021/05/14 23:18:12 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/14 23:18:12 INFO routing: adding route for 0.0.0.0/0
2021/05/14 23:18:12 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/05/14 23:18:12 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/14 23:18:12 INFO openvpn configurator: checking for device /dev/net/tun
2021/05/14 23:18:12 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/05/14 23:18:12 INFO openvpn configurator: creating /dev/net/tun
2021/05/14 23:18:12 INFO firewall: enabling...
2021/05/14 23:18:13 INFO firewall: enabled successfully
2021/05/14 23:18:14 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/05/14 23:18:14 INFO http server: listening on 0.0.0.0:8000
2021/05/14 23:18:14 INFO healthcheck: listening on 127.0.0.1:9999
2021/05/14 23:18:14 INFO firewall: setting VPN connection through firewall...
2021/05/14 23:18:14 INFO openvpn configurator: starting openvpn
2021/05/14 23:18:14 ERROR openvpn: Unrecognized option or missing or extra parameter(s) in /etc/openvpn/target.ovpn:18: data-ciphers-fallback (2.4.11)
2021/05/14 23:18:14 INFO openvpn: Use --help for more information.
2021/05/14 23:18:14 ERROR openvpn: exit status 1
2021/05/14 23:18:14 INFO openvpn: retrying in 15s

The last 6 lines keep repeating.

[qdm12]

I fixed that for PIA only, can you try again? (that instruction was a migration from openvpn 2.4 to 2.5)

docker pull qmcgaw/gluetun:alpine-3.12

[Maykin-99]

This tag seems to work without issues.

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version unknown built on an unknown date (commit unknown)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/05/17 15:27:42 INFO OpenVPN version: 2.4.11
2021/05/17 15:27:42 INFO Unbound version: 1.10.1
2021/05/17 15:27:42 INFO IPtables version: v1.8.4
2021/05/17 15:27:43 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Custom port: 0
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--Cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Username: 
      |--Blacklist:
         |--Blocked categories: malicious
         |--Additional IP networks blocked: 13
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/05/17 15:27:43 INFO storage: merging by most recent 9140 hardcoded servers and 7585 servers read from /gluetun/servers.json
2021/05/17 15:27:43 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/17 15:27:43 INFO routing: local ethernet link found: eth0
2021/05/17 15:27:43 INFO routing: local ipnet found: 172.23.0.0/16
2021/05/17 15:27:43 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/17 15:27:43 INFO routing: adding route for 0.0.0.0/0
2021/05/17 15:27:43 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/05/17 15:27:43 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/17 15:27:43 INFO openvpn configurator: checking for device /dev/net/tun
2021/05/17 15:27:43 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/05/17 15:27:43 INFO openvpn configurator: creating /dev/net/tun
2021/05/17 15:27:43 INFO firewall: enabling...
2021/05/17 15:27:45 INFO firewall: enabled successfully
2021/05/17 15:27:45 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/05/17 15:27:45 INFO http server: listening on 0.0.0.0:8000
2021/05/17 15:27:45 INFO healthcheck: listening on 127.0.0.1:9999
2021/05/17 15:27:45 INFO firewall: setting VPN connection through firewall...
2021/05/17 15:27:45 INFO openvpn configurator: starting openvpn
2021/05/17 15:27:45 INFO openvpn: OpenVPN 2.4.11 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/05/17 15:27:45 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/05/17 15:27:45 INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2021/05/17 15:27:45 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]188.215.235.119:1197
2021/05/17 15:27:45 INFO openvpn: UDP link local: (not bound)
2021/05/17 15:27:45 INFO openvpn: UDP link remote: [AF_INET]188.215.235.119:1197
2021/05/17 15:27:46 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/05/17 15:27:46 INFO openvpn: [cambodia402] Peer Connection Initiated with [AF_INET]188.215.235.119:1197
2021/05/17 15:27:47 INFO openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021/05/17 15:27:47 INFO openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
2021/05/17 15:27:47 INFO openvpn: TUN/TAP device tun0 opened
2021/05/17 15:27:47 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/05/17 15:27:48 INFO openvpn: /sbin/ip addr add dev tun0 10.5.110.3/24 broadcast 10.5.110.255
2021/05/17 15:27:48 WARN openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021/05/17 15:27:48 INFO openvpn: Initialization Sequence Completed
2021/05/17 15:27:48 INFO VPN routing IP address: 188.215.235.119
2021/05/17 15:27:48 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/17 15:27:49 INFO healthcheck: healthy!
2021/05/17 15:27:55 INFO dns over tls: downloading hostnames and IP block lists
2021/05/17 15:27:58 INFO dns over tls: init module 0: validator
2021/05/17 15:27:58 INFO dns over tls: init module 1: iterator
2021/05/17 15:27:58 INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021/05/17 15:27:58 INFO dns over tls: start of service (unbound 1.10.1).
2021/05/17 15:28:01 INFO dns over tls: ready
2021/05/17 15:28:03 INFO There is a new release v3.17.0 (v3.17.0) created 8 days ago
2021/05/17 15:28:03 INFO VPN gateway IP address: 10.5.110.1
2021/05/17 15:28:05 INFO port forwarding: Found persistent forwarded port data for port 38691
2021/05/17 15:28:05 INFO port forwarding: Forwarded port data expires in 52 days
2021/05/17 15:28:05 INFO port forwarding: Port forwarded is 38691 expiring in 52 days
2021/05/17 15:28:05 INFO port forwarding: Writing port to /tmp/gluetun/forwarded_port
2021/05/17 15:28:06 INFO firewall: setting allowed input port 38691 through interface tun0...
2021/05/17 15:28:10 INFO ip getter: Public IP address is 188.215.235.119 (Singapore, Singapore, Singapore)

curl to various servers work without errors.

So what did change? The alpine version is older?

[qdm12]

Yes it was running Alpine 3.12 and openvpn 2.4.11-r0.

I just re-pushed another image running Alpine 3.13 with openvpn 2.4.11-r0 (instead of 2.5.x), can you try pulling qmcgaw/gluetun:alpine-3.12 and see if it works? So we can see if it's Alpine or Openvpn at fault (or both).

[Maykin-99]

Works fine like the previous image but I don't think that Alpine 3.13 is used in this image:

# docker pull qmcgaw/gluetun:alpine-3.12
alpine-3.12: Pulling from qmcgaw/gluetun
Digest: sha256:f31c1de61b373cddec76644e630f32e1726f3429c855a0fe24d1ce9cc2e16913
Status: Image is up to date for qmcgaw/gluetun:alpine-3.12
docker.io/qmcgaw/gluetun:alpine-3.12

# docker run --rm --entrypoint sh qmcgaw/gluetun:alpine-3.12 -c 'cat /etc/*-release'
3.12.7
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.12.7
PRETTY_NAME="Alpine Linux v3.12"
HOME_URL="https://alpinelinux.org/"
BUG_REPORT_URL="https://bugs.alpinelinux.org/"

Providing logs anyway:

... (removed by qdm12 as irrelevant)

[qdm12]

Oh yeah I built it with the build argument 3.12 by mistake, thanks for spotting it! I re-pushed it with Alpine 3.13 now.

Actually that gave me the idea to log the Alpine version, I also re-pushed it for the :alpine3.12 image 😉

[Maykin-99]

Everything works fine. So OpenVPN seems to be the issue.

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version unknown built on an unknown date (commit unknown)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/05/19 16:40:16 INFO OpenVPN version: 2.4.11
2021/05/19 16:40:16 INFO Unbound version: 1.13.0
2021/05/19 16:40:16 INFO IPtables version: v1.8.6
2021/05/19 16:40:16 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Custom port: 0
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--Cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Username: 
      |--Blacklist:
         |--Blocked categories: malicious
         |--Additional IP networks blocked: 13
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/05/19 16:40:16 INFO storage: merging by most recent 9140 hardcoded servers and 7585 servers read from /gluetun/servers.json
2021/05/19 16:40:16 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 16:40:16 INFO routing: local ethernet link found: eth0
2021/05/19 16:40:16 INFO routing: local ipnet found: 172.23.0.0/16
2021/05/19 16:40:16 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 16:40:16 INFO routing: adding route for 0.0.0.0/0
2021/05/19 16:40:16 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/05/19 16:40:16 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 16:40:16 INFO openvpn configurator: checking for device /dev/net/tun
2021/05/19 16:40:16 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/05/19 16:40:16 INFO openvpn configurator: creating /dev/net/tun
2021/05/19 16:40:16 INFO firewall: enabling...
2021/05/19 16:40:17 INFO firewall: enabled successfully
2021/05/19 16:40:17 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/05/19 16:40:17 INFO http server: listening on 0.0.0.0:8000
2021/05/19 16:40:17 INFO healthcheck: listening on 127.0.0.1:9999
2021/05/19 16:40:17 INFO firewall: setting VPN connection through firewall...
2021/05/19 16:40:17 INFO openvpn configurator: starting openvpn
2021/05/19 16:40:17 INFO openvpn: OpenVPN 2.4.11 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/05/19 16:40:17 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/05/19 16:40:17 INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2021/05/19 16:40:17 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.63.136:1197
2021/05/19 16:40:17 INFO openvpn: UDP link local: (not bound)
2021/05/19 16:40:17 INFO openvpn: UDP link remote: [AF_INET]156.146.63.136:1197
2021/05/19 16:40:18 INFO openvpn: [paris402] Peer Connection Initiated with [AF_INET]156.146.63.136:1197
2021/05/19 16:40:18 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/05/19 16:40:19 INFO openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021/05/19 16:40:19 INFO openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
2021/05/19 16:40:19 INFO openvpn: TUN/TAP device tun0 opened
2021/05/19 16:40:19 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/05/19 16:40:19 INFO openvpn: /sbin/ip addr add dev tun0 10.2.110.7/24 broadcast 10.2.110.255
2021/05/19 16:40:19 WARN openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021/05/19 16:40:19 INFO openvpn: Initialization Sequence Completed
2021/05/19 16:40:19 INFO VPN routing IP address: 156.146.63.136
2021/05/19 16:40:19 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/19 16:40:19 INFO healthcheck: healthy!
2021/05/19 16:40:20 INFO dns over tls: downloading hostnames and IP block lists
2021/05/19 16:40:22 INFO dns over tls: init module 0: validator
2021/05/19 16:40:22 INFO dns over tls: init module 1: iterator
2021/05/19 16:40:22 INFO dns over tls: start of service (unbound 1.13.0).
2021/05/19 16:40:22 INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021/05/19 16:40:22 INFO dns over tls: ready
2021/05/19 16:40:23 INFO There is a new release v3.17.0 (v3.17.0) created 10 days ago
2021/05/19 16:40:23 INFO VPN gateway IP address: 10.2.110.1
2021/05/19 16:40:23 INFO port forwarding: Found persistent forwarded port data for port 38691
2021/05/19 16:40:23 INFO port forwarding: Forwarded port data expires in 50 days
2021/05/19 16:40:23 INFO port forwarding: Port forwarded is 38691 expiring in 50 days
2021/05/19 16:40:23 INFO port forwarding: Writing port to /tmp/gluetun/forwarded_port
2021/05/19 16:40:23 INFO ip getter: Public IP address is 156.146.63.136 (France, Île-de-France, Paris)
2021/05/19 16:40:29 INFO firewall: setting allowed input port 38691 through interface tun0...

[qdm12]

Can you try one last time (and re-pull) just to be 100% certain; it's now Alpine 3.12 with Openvpn 2.5.2

[Maykin-99]

Container does not start up properly:

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version unknown built on an unknown date (commit unknown)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/05/19 17:22:38 INFO Alpine version: 3.12.7
2021/05/19 17:22:38 ERROR exit status 127
2021/05/19 17:22:38 INFO Unbound version: 1.10.1
2021/05/19 17:22:38 INFO IPtables version: v1.8.4
2021/05/19 17:22:38 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Custom port: 0
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--Cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Username: 
      |--Blacklist:
         |--Blocked categories: malicious
         |--Additional IP networks blocked: 13
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/05/19 17:22:39 INFO storage: merging by most recent 9140 hardcoded servers and 9140 servers read from /gluetun/servers.json
2021/05/19 17:22:39 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 17:22:39 INFO routing: local ethernet link found: eth0
2021/05/19 17:22:39 INFO routing: local ipnet found: 172.23.0.0/16
2021/05/19 17:22:39 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 17:22:39 INFO routing: adding route for 0.0.0.0/0
2021/05/19 17:22:39 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/05/19 17:22:39 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 17:22:39 INFO openvpn configurator: checking for device /dev/net/tun
2021/05/19 17:22:39 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/05/19 17:22:39 INFO openvpn configurator: creating /dev/net/tun
2021/05/19 17:22:39 INFO firewall: enabling...
2021/05/19 17:22:40 INFO firewall: enabled successfully
2021/05/19 17:22:40 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/05/19 17:22:40 INFO http server: listening on 0.0.0.0:8000
2021/05/19 17:22:40 INFO healthcheck: listening on 127.0.0.1:9999
2021/05/19 17:22:40 INFO firewall: setting VPN connection through firewall...
2021/05/19 17:22:40 INFO openvpn configurator: starting openvpn
2021/05/19 17:22:40 ERROR openvpn: Error relocating /usr/sbin/openvpn: __dlsym_time64: symbol not found
2021/05/19 17:22:40 ERROR openvpn: Error relocating /usr/sbin/openvpn: __select_time64: symbol not found
2021/05/19 17:22:40 ERROR openvpn: Error relocating /usr/sbin/openvpn: __localtime64: symbol not found
2021/05/19 17:22:40 ERROR openvpn: Error relocating /usr/sbin/openvpn: __difftime64: symbol not found
2021/05/19 17:22:40 ERROR openvpn: Error relocating /usr/sbin/openvpn: __stat_time64: symbol not found
2021/05/19 17:22:40 ERROR openvpn: Error relocating /usr/sbin/openvpn: __gettimeofday_time64: symbol not found
2021/05/19 17:22:40 ERROR openvpn: Error relocating /usr/sbin/openvpn: __time64: symbol not found
2021/05/19 17:22:40 ERROR openvpn: exit status 127
2021/05/19 17:22:40 INFO openvpn: retrying in 15s
2021/05/19 17:22:55 INFO firewall: setting VPN connection through firewall...
2021/05/19 17:22:55 INFO openvpn configurator: starting openvpn
2021/05/19 17:22:55 ERROR openvpn: Error relocating /usr/sbin/openvpn: __dlsym_time64: symbol not found
2021/05/19 17:22:55 ERROR openvpn: Error relocating /usr/sbin/openvpn: __select_time64: symbol not found
2021/05/19 17:22:55 ERROR openvpn: Error relocating /usr/sbin/openvpn: __localtime64: symbol not found
2021/05/19 17:22:55 ERROR openvpn: Error relocating /usr/sbin/openvpn: __difftime64: symbol not found
2021/05/19 17:22:55 ERROR openvpn: Error relocating /usr/sbin/openvpn: __stat_time64: symbol not found
2021/05/19 17:22:55 ERROR openvpn: Error relocating /usr/sbin/openvpn: __gettimeofday_time64: symbol not found
2021/05/19 17:22:55 ERROR openvpn: Error relocating /usr/sbin/openvpn: __time64: symbol not found
2021/05/19 17:22:55 ERROR openvpn: exit status 127
2021/05/19 17:22:55 INFO openvpn: retrying in 15s
2021/05/19 17:23:10 INFO firewall: setting VPN connection through firewall...
2021/05/19 17:23:10 INFO openvpn configurator: starting openvpn
2021/05/19 17:23:10 ERROR openvpn: Error relocating /usr/sbin/openvpn: __dlsym_time64: symbol not found
2021/05/19 17:23:10 ERROR openvpn: Error relocating /usr/sbin/openvpn: __select_time64: symbol not found
2021/05/19 17:23:10 ERROR openvpn: Error relocating /usr/sbin/openvpn: __localtime64: symbol not found
2021/05/19 17:23:10 ERROR openvpn: Error relocating /usr/sbin/openvpn: __difftime64: symbol not found
2021/05/19 17:23:10 ERROR openvpn: Error relocating /usr/sbin/openvpn: __stat_time64: symbol not found
2021/05/19 17:23:10 ERROR openvpn: Error relocating /usr/sbin/openvpn: __gettimeofday_time64: symbol not found
2021/05/19 17:23:10 ERROR openvpn: Error relocating /usr/sbin/openvpn: __time64: symbol not found
2021/05/19 17:23:10 ERROR openvpn: exit status 127
2021/05/19 17:23:10 INFO openvpn: retrying in 15s
2021/05/19 17:23:25 INFO firewall: setting VPN connection through firewall...
2021/05/19 17:23:25 INFO openvpn configurator: starting openvpn
2021/05/19 17:23:25 ERROR openvpn: Error relocating /usr/sbin/openvpn: __dlsym_time64: symbol not found
2021/05/19 17:23:25 ERROR openvpn: Error relocating /usr/sbin/openvpn: __select_time64: symbol not found
2021/05/19 17:23:25 ERROR openvpn: Error relocating /usr/sbin/openvpn: __localtime64: symbol not found
2021/05/19 17:23:25 ERROR openvpn: Error relocating /usr/sbin/openvpn: __difftime64: symbol not found
2021/05/19 17:23:25 ERROR openvpn: Error relocating /usr/sbin/openvpn: __stat_time64: symbol not found
2021/05/19 17:23:25 ERROR openvpn: Error relocating /usr/sbin/openvpn: __gettimeofday_time64: symbol not found
2021/05/19 17:23:25 ERROR openvpn: Error relocating /usr/sbin/openvpn: __time64: symbol not found
2021/05/19 17:23:25 ERROR openvpn: exit status 127
2021/05/19 17:23:25 INFO openvpn: retrying in 15s

[qdm12]

Ah alright that means openvpn 2.5.x can only run on Alpine 3.13 because of the time change that came with Alpine 3.13. If you try to run :latest with a higher openvpn verbosity (I think OPENVPN_VERBOSITY=3 from the top of my head), can you share your logs?

Anyway, so it's Openvpn 2.5.x at fault since it works with Alpine 3.13 and Openvpn 2.4.x.
Maybe it's PIA servers still not liking it for some reason, I'll see depending on your logs.

In the worst case, I can revert to Openvpn 2.4.x but ideally if we can move to 2.5.x that would be nice. I'm also working on Wireguard, it should be ready in the coming weeks, that would be a nice alternative.

[Maykin-99]

================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version latest built on 2021-05-19T17:58:32Z (commit a3751a7)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/05/19 20:11:32 INFO IPtables version: v1.8.6
2021/05/19 20:11:32 INFO Alpine version: 3.13.5
2021/05/19 20:11:32 INFO OpenVPN version: 2.5.2
2021/05/19 20:11:32 INFO Unbound version: 1.13.0
2021/05/19 20:11:32 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 3
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--Cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Username: 
      |--Blacklist:
         |--Blocked categories: malicious
         |--Additional IP networks blocked: 13
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/05/19 20:11:32 INFO storage: merging by most recent 9140 hardcoded servers and 7585 servers read from /gluetun/servers.json
2021/05/19 20:11:33 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 20:11:33 INFO routing: local ethernet link found: eth0
2021/05/19 20:11:33 INFO routing: local ipnet found: 172.23.0.0/16
2021/05/19 20:11:33 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 20:11:33 INFO routing: adding route for 0.0.0.0/0
2021/05/19 20:11:33 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/05/19 20:11:33 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/05/19 20:11:33 INFO openvpn configurator: checking for device /dev/net/tun
2021/05/19 20:11:33 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/05/19 20:11:33 INFO openvpn configurator: creating /dev/net/tun
2021/05/19 20:11:33 INFO firewall: enabling...
2021/05/19 20:11:34 INFO firewall: enabled successfully
2021/05/19 20:11:34 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/05/19 20:11:34 INFO http server: listening on 0.0.0.0:8000
2021/05/19 20:11:34 INFO healthcheck: listening on 127.0.0.1:9999
2021/05/19 20:11:34 INFO firewall: setting VPN connection through firewall...
2021/05/19 20:11:34 INFO openvpn configurator: starting openvpn
2021/05/19 20:11:34 INFO openvpn: OpenVPN 2.5.2 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/05/19 20:11:34 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/05/19 20:11:34 INFO openvpn: CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
2021/05/19 20:11:34 INFO openvpn: <token>
2021/05/19 20:11:34 INFO openvpn: -----END X509 CRL-----
2021/05/19 20:11:34 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.89.240:1197
2021/05/19 20:11:34 INFO openvpn: Socket Buffers: R=[180224->180224] S=[180224->180224]
2021/05/19 20:11:34 INFO openvpn: UDP link local: (not bound)
2021/05/19 20:11:34 INFO openvpn: UDP link remote: [AF_INET]172.98.89.240:1197
2021/05/19 20:11:34 INFO openvpn: TLS: Initial packet from [AF_INET]172.98.89.240:1197, sid=049ea9c7 4e70f4e0
2021/05/19 20:11:34 INFO openvpn: VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
2021/05/19 20:11:34 INFO openvpn: VERIFY KU OK
2021/05/19 20:11:34 INFO openvpn: Validating certificate extended key usage
2021/05/19 20:11:34 INFO openvpn: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2021/05/19 20:11:34 INFO openvpn: VERIFY EKU OK
2021/05/19 20:11:34 INFO openvpn: VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=vancouver409, name=vancouver409
2021/05/19 20:11:35 INFO openvpn: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2021/05/19 20:11:35 INFO openvpn: [vancouver409] Peer Connection Initiated with [AF_INET]172.98.89.240:1197
2021/05/19 20:11:35 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/05/19 20:11:35 INFO openvpn: PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.46.110.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.46.110.5 255.255.255.0,peer-id 0,cipher AES-256-CBC'
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: timers and/or timeouts modified
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: compression parms modified
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: --ifconfig/up options modified
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: route options modified
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: route-related options modified
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: peer-id set
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: adjusting link_mtu to 1625
2021/05/19 20:11:35 INFO openvpn: OPTIONS IMPORT: data channel crypto options modified
2021/05/19 20:11:35 INFO openvpn: Data Channel: using negotiated cipher 'AES-256-CBC'
2021/05/19 20:11:35 INFO openvpn: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2021/05/19 20:11:35 INFO openvpn: Outgoing Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2021/05/19 20:11:35 INFO openvpn: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
2021/05/19 20:11:35 INFO openvpn: Incoming Data Channel: Using 256 bit message hash 'SHA256' for HMAC authentication
2021/05/19 20:11:35 INFO openvpn: ROUTE_GATEWAY 172.23.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:17:00:02
2021/05/19 20:11:35 INFO openvpn: GDG6: remote_host_ipv6=n/a
2021/05/19 20:11:35 INFO openvpn: net_route_v6_best_gw query: dst ::
2021/05/19 20:11:35 INFO openvpn: sitnl_send: rtnl: generic error (-101): Network unreachable
2021/05/19 20:11:35 INFO openvpn: ROUTE6: default_gateway=UNDEF
2021/05/19 20:11:35 INFO openvpn: TUN/TAP device tun0 opened
2021/05/19 20:11:35 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/05/19 20:11:35 INFO openvpn: /sbin/ip link set dev tun0 up
2021/05/19 20:11:35 INFO openvpn: /sbin/ip addr add dev tun0 10.46.110.5/24
2021/05/19 20:11:35 INFO openvpn: /sbin/ip route add 172.98.89.240/32 via 172.23.0.1
2021/05/19 20:11:35 INFO openvpn: /sbin/ip route add 0.0.0.0/1 via 10.46.110.1
2021/05/19 20:11:35 INFO openvpn: /sbin/ip route add 128.0.0.0/1 via 10.46.110.1
2021/05/19 20:11:35 WARN openvpn: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
2021/05/19 20:11:35 INFO openvpn: add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
2021/05/19 20:11:35 INFO openvpn: /sbin/ip -6 route add 2000::/3 dev tun0
2021/05/19 20:11:35 ERROR openvpn: RTNETLINK answers: Permission denied
2021/05/19 20:11:35 INFO openvpn: ERROR: Linux route -6 add command failed: external program exited with error status: 2
2021/05/19 20:11:35 INFO openvpn: Initialization Sequence Completed
2021/05/19 20:11:35 INFO VPN routing IP address: 172.98.89.240
2021/05/19 20:11:35 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/05/19 20:11:36 INFO healthcheck: healthy!
2021/05/19 20:11:45 WARN dns over tls: cannot update files
2021/05/19 20:11:45 INFO dns over tls: attempting restart in 10s

In the worst case, I can revert to Openvpn 2.4.x [...]

No need. I'll just use v3.16.0. Since the container has no IPv6 interface I won't need to worry about leakage, I guess.

[qdm12]

This would be partly solved with #134

[qdm12]

You can now set OPENVPN_VERSION=2.4 to run Openvpn 2.4.x (the latest released Openvpn on Alpine 3.12).

The image now comes with both Openvpn 2.4.x and 2.5.x, using 2.5.x by default. It only adds 1MB to the image, which is totally worth it to avoid instabilities in some cases depending on your machine and/or provider.

The image still runs on Alpine 3.13 and is available on the qmcgaw/gluetun:latest image and will be available in future image tag :v3.18.0.

Please have a try and let me know if it works on your side 😉

[Maykin-99]

It doesn't seem to work 🤔

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️ by github.com/qdm12 ====
=========================================

Running version latest built on 2021-06-06T15:43:18Z (commit f9308e6)


🔧 Need help? https://github.com/qdm12/gluetun/issues/new
💻 Email? [email protected]
☕ Slack? Join from the Slack button on Github
💰 Help me? https://github.com/sponsors/qdm12
2021/06/07 20:50:50 INFO Alpine version: 3.13.5
2021/06/07 20:50:50 INFO OpenVPN 2.4 version: 2.4.11
2021/06/07 20:50:50 INFO OpenVPN 2.5 version: 2.5.2
2021/06/07 20:50:50 INFO Unbound version: 1.13.0
2021/06/07 20:50:50 INFO IPtables version: v1.8.6
2021/06/07 20:50:50 INFO Settings summary below:
|--OpenVPN:
   |--Version: 2.4
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--Cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Username: 
      |--Blacklist:
         |--Blocked categories: malicious
         |--Additional IP networks blocked: 13
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/06/07 20:50:50 INFO storage: merging by most recent 9140 hardcoded servers and 9140 servers read from /gluetun/servers.json
2021/06/07 20:50:50 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/07 20:50:50 INFO routing: local ethernet link found: eth0
2021/06/07 20:50:50 INFO routing: local ipnet found: 172.23.0.0/16
2021/06/07 20:50:50 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/07 20:50:50 INFO routing: adding route for 0.0.0.0/0
2021/06/07 20:50:50 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/06/07 20:50:50 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/07 20:50:50 INFO openvpn configurator: checking for device /dev/net/tun
2021/06/07 20:50:50 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/06/07 20:50:50 INFO openvpn configurator: creating /dev/net/tun
2021/06/07 20:50:50 INFO firewall: enabling...
2021/06/07 20:50:51 INFO firewall: enabled successfully
2021/06/07 20:50:51 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/06/07 20:50:51 INFO http server: listening on :8000
2021/06/07 20:50:51 INFO healthcheck: listening on 127.0.0.1:9999
2021/06/07 20:50:51 INFO firewall: setting VPN connection through firewall...
2021/06/07 20:50:51 INFO openvpn configurator: starting OpenVPN 2.4
2021/06/07 20:50:51 INFO openvpn: OpenVPN 2.4.11 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/06/07 20:50:51 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/06/07 20:50:51 INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2021/06/07 20:50:51 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]27.50.74.109:1197
2021/06/07 20:50:51 INFO openvpn: UDP link local: (not bound)
2021/06/07 20:50:51 INFO openvpn: UDP link remote: [AF_INET]27.50.74.109:1197
2021/06/07 20:50:52 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/06/07 20:50:52 INFO openvpn: [melbourne414] Peer Connection Initiated with [AF_INET]27.50.74.109:1197
2021/06/07 20:50:54 INFO openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021/06/07 20:50:54 INFO openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
2021/06/07 20:50:54 INFO openvpn: TUN/TAP device tun0 opened
2021/06/07 20:50:54 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/06/07 20:50:54 INFO openvpn: /sbin/ip addr add dev tun0 10.12.110.8/24 broadcast 10.12.110.255
2021/06/07 20:50:54 WARN openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021/06/07 20:50:54 INFO openvpn: Initialization Sequence Completed
2021/06/07 20:50:54 INFO VPN routing IP address: 27.50.74.109
2021/06/07 20:50:54 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/07 20:50:54 INFO healthcheck: healthy!
2021/06/07 20:51:04 WARN dns over tls: cannot update files
2021/06/07 20:51:04 INFO dns over tls: attempting restart in 10s
2021/06/07 20:51:14 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/07 20:51:25 WARN dns over tls: cannot update files
2021/06/07 20:51:25 INFO dns over tls: attempting restart in 20s
2021/06/07 20:51:45 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/07 20:51:57 WARN dns over tls: cannot update files
2021/06/07 20:51:57 INFO dns over tls: attempting restart in 40s
2021/06/07 20:52:37 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/07 20:52:48 WARN dns over tls: cannot update files
2021/06/07 20:52:48 INFO dns over tls: attempting restart in 1m20s

[qdm12]

Whaaaaattt... Try pulling the :alpine3.12 tag? Does that one work (the same but with alpine 3.12 instead of 3.13)?

[Maykin-99]

the image is from 2 weeks ago, right?

It works:

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version unknown built on an unknown date (commit unknown)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/06/07 21:33:34 INFO Alpine version: 3.13.5
2021/06/07 21:33:34 INFO OpenVPN version: 2.4.11
2021/06/07 21:33:34 INFO Unbound version: 1.13.0
2021/06/07 21:33:34 INFO IPtables version: v1.8.6
2021/06/07 21:33:34 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--Cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Username: 
      |--Blacklist:
         |--Blocked categories: malicious
         |--Additional IP networks blocked: 13
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/06/07 21:33:35 INFO storage: merging by most recent 9140 hardcoded servers and 7585 servers read from /gluetun/servers.json
2021/06/07 21:33:35 INFO storage: Using PureVPN servers from file which are 565h56m27s more recent
2021/06/07 21:33:36 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/07 21:33:36 INFO routing: local ethernet link found: eth0
2021/06/07 21:33:36 INFO routing: local ipnet found: 172.23.0.0/16
2021/06/07 21:33:36 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/07 21:33:36 INFO routing: adding route for 0.0.0.0/0
2021/06/07 21:33:36 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/06/07 21:33:36 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/07 21:33:36 INFO openvpn configurator: checking for device /dev/net/tun
2021/06/07 21:33:36 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/06/07 21:33:36 INFO openvpn configurator: creating /dev/net/tun
2021/06/07 21:33:36 INFO firewall: enabling...
2021/06/07 21:33:37 INFO firewall: enabled successfully
2021/06/07 21:33:37 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/06/07 21:33:37 INFO http server: listening on 0.0.0.0:8000
2021/06/07 21:33:37 INFO healthcheck: listening on 127.0.0.1:9999
2021/06/07 21:33:37 INFO firewall: setting VPN connection through firewall...
2021/06/07 21:33:37 INFO openvpn configurator: starting openvpn
2021/06/07 21:33:37 INFO openvpn: OpenVPN 2.4.11 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/06/07 21:33:37 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/06/07 21:33:37 INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2021/06/07 21:33:37 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]154.16.93.37:1197
2021/06/07 21:33:37 INFO openvpn: UDP link local: (not bound)
2021/06/07 21:33:37 INFO openvpn: UDP link remote: [AF_INET]154.16.93.37:1197
2021/06/07 21:33:38 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/06/07 21:33:38 INFO openvpn: [johannesburg401] Peer Connection Initiated with [AF_INET]154.16.93.37:1197
2021/06/07 21:33:39 INFO openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021/06/07 21:33:39 INFO openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
2021/06/07 21:33:39 INFO openvpn: TUN/TAP device tun0 opened
2021/06/07 21:33:39 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/06/07 21:33:39 INFO openvpn: /sbin/ip addr add dev tun0 10.5.110.2/24 broadcast 10.5.110.255
2021/06/07 21:33:39 WARN openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021/06/07 21:33:39 INFO openvpn: Initialization Sequence Completed
2021/06/07 21:33:39 INFO VPN routing IP address: 154.16.93.37
2021/06/07 21:33:39 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/07 21:33:40 INFO healthcheck: healthy!
2021/06/07 21:33:45 INFO dns over tls: downloading hostnames and IP block lists
2021/06/07 21:33:47 INFO dns over tls: init module 0: validator
2021/06/07 21:33:47 INFO dns over tls: init module 1: iterator
2021/06/07 21:33:47 INFO dns over tls: start of service (unbound 1.13.0).
2021/06/07 21:33:48 INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021/06/07 21:33:48 INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021/06/07 21:33:50 INFO dns over tls: ready
2021/06/07 21:33:52 INFO There is a new release v3.18.0 (v3.18.0) created 7 days ago
2021/06/07 21:33:52 INFO VPN gateway IP address: 10.5.110.1
2021/06/07 21:33:55 INFO ip getter: Public IP address is 154.16.93.37 (South Africa, Gauteng, Johannesburg)
2021/06/07 21:34:08 INFO port forwarding: Found persistent forwarded port data for port 38691
2021/06/07 21:34:08 INFO port forwarding: Forwarded port data expires in 31 days
2021/06/07 21:34:08 INFO port forwarding: Port forwarded is 38691 expiring in 31 days
2021/06/07 21:34:09 INFO port forwarding: Writing port to /tmp/gluetun/forwarded_port
2021/06/07 21:34:09 INFO firewall: setting allowed input port 38691 through interface tun0...
``

[qdm12]

the image is from 2 weeks ago, right

No I just pushed it now. It should show

2021/06/07 19:48:32 INFO Alpine version: 3.12.7
2021/06/07 19:48:32 INFO OpenVPN 2.4 version: 2.4.11
2021/06/07 19:48:32 INFO OpenVPN 2.5 version: 2.4.11

[Maykin-99]

Ok, I didn't notice you removed the dash in the tag name.

standard_init_linux.go:219: exec user process caused: exec format error
standard_init_linux.go:219: exec user process caused: exec format error
standard_init_linux.go:219: exec user process caused: exec format error
standard_init_linux.go:219: exec user process caused: exec format error
standard_init_linux.go:219: exec user process caused: exec format error
standard_init_linux.go:219: exec user process caused: exec format error
standard_init_linux.go:219: exec user process caused: exec format error
standard_init_linux.go:219: exec user process caused: exec format error

Wrong architecture.

[qdm12]

Oops sorry, yet again. I pushed it for armv7 😉

[Maykin-99]

Still doesn't work:

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️ by github.com/qdm12 ====
=========================================

Running version unknown built on an unknown date (commit unknown)


🔧 Need help? https://github.com/qdm12/gluetun/issues/new
💻 Email? [email protected]
☕ Slack? Join from the Slack button on Github
💰 Help me? https://github.com/sponsors/qdm12
2021/06/08 09:22:22 INFO Alpine version: 3.12.7
2021/06/08 09:22:22 INFO OpenVPN 2.4 version: 2.4.11
2021/06/08 09:22:22 INFO OpenVPN 2.5 version: 2.4.11
2021/06/08 09:22:22 INFO Unbound version: 1.10.1
2021/06/08 09:22:22 INFO IPtables version: v1.8.4
2021/06/08 09:22:22 INFO Settings summary below:
|--OpenVPN:
   |--Version: 2.4
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--Cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Username: 
      |--Blacklist:
         |--Blocked categories: malicious
         |--Additional IP networks blocked: 13
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/06/08 09:22:22 INFO storage: merging by most recent 9140 hardcoded servers and 7585 servers read from /gluetun/servers.json
2021/06/08 09:22:23 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/08 09:22:23 INFO routing: local ethernet link found: eth0
2021/06/08 09:22:23 INFO routing: local ipnet found: 172.23.0.0/16
2021/06/08 09:22:23 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/08 09:22:23 INFO routing: adding route for 0.0.0.0/0
2021/06/08 09:22:23 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/06/08 09:22:23 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/08 09:22:23 INFO openvpn configurator: checking for device /dev/net/tun
2021/06/08 09:22:23 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/06/08 09:22:23 INFO openvpn configurator: creating /dev/net/tun
2021/06/08 09:22:23 INFO firewall: enabling...
2021/06/08 09:22:24 INFO firewall: enabled successfully
2021/06/08 09:22:24 INFO healthcheck: listening on 127.0.0.1:9999
2021/06/08 09:22:24 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/06/08 09:22:24 INFO http server: listening on :8000
2021/06/08 09:22:24 INFO firewall: setting VPN connection through firewall...
2021/06/08 09:22:24 INFO openvpn configurator: starting OpenVPN 2.4
2021/06/08 09:22:24 INFO openvpn: OpenVPN 2.4.11 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021
2021/06/08 09:22:24 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/06/08 09:22:24 INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2021/06/08 09:22:24 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]188.241.80.7:1197
2021/06/08 09:22:24 INFO openvpn: UDP link local: (not bound)
2021/06/08 09:22:24 INFO openvpn: UDP link remote: [AF_INET]188.241.80.7:1197
2021/06/08 09:22:25 INFO openvpn: [china404] Peer Connection Initiated with [AF_INET]188.241.80.7:1197
2021/06/08 09:22:25 INFO openvpn: unhealthy program: waiting 6s for it to change to healthy
2021/06/08 09:22:26 INFO openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021/06/08 09:22:26 INFO openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
2021/06/08 09:22:26 INFO openvpn: TUN/TAP device tun0 opened
2021/06/08 09:22:26 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/06/08 09:22:26 INFO openvpn: /sbin/ip addr add dev tun0 10.5.110.4/24 broadcast 10.5.110.255
2021/06/08 09:22:26 WARN openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021/06/08 09:22:26 INFO openvpn: Initialization Sequence Completed
2021/06/08 09:22:26 INFO VPN routing IP address: 188.241.80.7
2021/06/08 09:22:26 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/08 09:22:27 INFO healthcheck: healthy!
2021/06/08 09:22:37 WARN dns over tls: cannot update files
2021/06/08 09:22:37 INFO dns over tls: attempting restart in 10s
2021/06/08 09:22:47 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/08 09:22:57 WARN dns over tls: cannot update files
2021/06/08 09:22:57 INFO dns over tls: attempting restart in 20s

[qdm12]

Although the healthcheck healthcheck: healthy! is passing which doesn't make any sense. Looks like DNS is going through (healthcheck does a DNS resolution of github.com) but not https, strange...

Maybe it's due to OpenVPN needs a gateway parameter for a --route-ipv6 option and OpenVPN was configured to add an IPv6 route over tun0. However, ... 🤔

I'll add a pull-filter option on that and get back to you.

[Maykin-99]

Maybe it's due to OpenVPN needs a gateway parameter for a --route-ipv6 option and OpenVPN was configured to add an IPv6 route over tun0. However, ... 🤔

Not sure because they also appear in v3.16.0

=========================================
================ Gluetun ================
=========================================
==== A mix of OpenVPN, DNS over TLS, ====
======= Shadowsocks and HTTP proxy ======
========= all glued up with Go ==========
=========================================
=========== For tunneling to ============
======== your favorite VPN server =======
=========================================
=== Made with ❤️  by github.com/qdm12 ====
=========================================

Running version v3.16.0 built on 2021-04-17T23:31:08Z (commit 6208081)


🔧  Need help? https://github.com/qdm12/gluetun/issues/new
💻  Email? [email protected]
☕  Slack? Join from the Slack button on Github
💸  Help me? https://github.com/sponsors/qdm12
2021/06/08 21:10:58 INFO OpenVPN version: 2.4.10
2021/06/08 21:10:58 INFO Unbound version: 1.10.1
2021/06/08 21:10:58 INFO IPtables version: v1.8.4
2021/06/08 21:10:58 INFO Settings summary below:
|--OpenVPN:
   |--Verbosity level: 1
   |--Run as root: enabled
   |--Provider:
      |--Private Internet Access settings:
         |--Network protocol: udp
         |--Encryption preset: strong
         |--Custom port: 0
         |--Port forwarding:
            |--File path: /tmp/gluetun/forwarded_port
|--DNS:
   |--Plaintext address: 1.1.1.1
   |--DNS over TLS:
      |--Unbound:
          |--DNS over TLS providers:
              |--cloudflare
          |--Listening port: 53
          |--Access control:
              |--Allowed:
                  |--0.0.0.0/0
                  |--::/0
          |--Caching: enabled
          |--IPv4 resolution: enabled
          |--IPv6 resolution: disabled
          |--Verbosity level: 1/5
          |--Verbosity details level: 0/4
          |--Validation log level: 0/2
          |--Blocked hostnames:
          |--Blocked IP addresses:
              |--127.0.0.1/8
              |--10.0.0.0/8
              |--172.16.0.0/12
              |--192.168.0.0/16
              |--169.254.0.0/16
              |--::1/128
              |--fc00::/7
              |--fe80::/10
              |--::ffff:0:0/96
          |--Allowed hostnames:
      |--Block malicious: enabled
      |--Update: every 24h0m0s
|--Firewall:
|--System:
   |--Process user ID: 1000
   |--Process group ID: 1000
   |--Timezone: europe/berlin
|--HTTP control server:
   |--Listening port: 8000
   |--Logging: enabled
|--Public IP getter:
   |--Fetch period: 12h0m0s
   |--IP file: /tmp/gluetun/ip
|--Github version information: enabled
2021/06/08 21:10:59 INFO storage: merging by most recent 7378 hardcoded servers and 7585 servers read from /gluetun/servers.json
2021/06/08 21:10:59 INFO storage: Using Cyberghost servers from file (2350h2m35s more recent)
2021/06/08 21:10:59 INFO storage: Using Fastestvpn servers from file (1975h30m19s more recent)
2021/06/08 21:10:59 INFO storage: Using HideMyAss servers from file (1631h27m45s more recent)
2021/06/08 21:10:59 INFO storage: Using Mullvad servers from file (2352h41m53s more recent)
2021/06/08 21:10:59 INFO storage: Using NordVPN servers from file (2615h59m46s more recent)
2021/06/08 21:10:59 INFO storage: Using Privatevpn servers from file (1826h8m25s more recent)
2021/06/08 21:10:59 INFO storage: Using PureVPN servers from file (2948h6m13s more recent)
2021/06/08 21:10:59 INFO storage: Using Surfshark servers from file (554h21m36s more recent)
2021/06/08 21:10:59 INFO storage: Using VyprVPN servers from file (2383h42m51s more recent)
2021/06/08 21:10:59 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/08 21:10:59 INFO routing: local ethernet link found: eth0
2021/06/08 21:10:59 INFO routing: local ipnet found: 172.23.0.0/16
2021/06/08 21:10:59 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/08 21:10:59 INFO routing: adding route for 0.0.0.0/0
2021/06/08 21:10:59 INFO firewall: firewall disabled, only updating allowed subnets internal list
2021/06/08 21:10:59 INFO routing: default route found: interface eth0, gateway 172.23.0.1
2021/06/08 21:10:59 INFO openvpn configurator: checking for device /dev/net/tun
2021/06/08 21:10:59 WARN TUN device is not available: open /dev/net/tun: no such file or directory
2021/06/08 21:10:59 INFO openvpn configurator: creating /dev/net/tun
2021/06/08 21:10:59 INFO firewall: enabling...
2021/06/08 21:10:59 INFO firewall: enabled successfully
2021/06/08 21:10:59 INFO http server: listening on 0.0.0.0:8000
2021/06/08 21:10:59 INFO dns over tls: using plaintext DNS at address 1.1.1.1
2021/06/08 21:10:59 INFO healthcheck: listening on 127.0.0.1:9999
2021/06/08 21:10:59 INFO firewall: setting VPN connection through firewall...
2021/06/08 21:10:59 INFO openvpn configurator: starting openvpn
2021/06/08 21:10:59 INFO openvpn: OpenVPN 2.4.10 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan  4 2021
2021/06/08 21:10:59 INFO openvpn: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
2021/06/08 21:10:59 INFO openvpn: CRL: loaded 1 CRLs from file [[INLINE]]
2021/06/08 21:10:59 INFO openvpn: TCP/UDP: Preserving recently used remote address: [AF_INET]188.126.94.164:1197
2021/06/08 21:10:59 INFO openvpn: UDP link local: (not bound)
2021/06/08 21:10:59 INFO openvpn: UDP link remote: [AF_INET]188.126.94.164:1197
2021/06/08 21:11:00 INFO openvpn: [copenhagen404] Peer Connection Initiated with [AF_INET]188.126.94.164:1197
2021/06/08 21:11:01 INFO openvpn: OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
2021/06/08 21:11:01 INFO openvpn: OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
2021/06/08 21:11:01 INFO openvpn: TUN/TAP device tun0 opened
2021/06/08 21:11:01 INFO openvpn: /sbin/ip link set dev tun0 up mtu 1500
2021/06/08 21:11:01 INFO openvpn: /sbin/ip addr add dev tun0 10.2.110.8/24 broadcast 10.2.110.255
2021/06/08 21:11:01 WARN openvpn: OpenVPN was configured to add an IPv6 route over tun0. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
2021/06/08 21:11:01 INFO openvpn: Initialization Sequence Completed
2021/06/08 21:11:01 INFO VPN routing IP address: 188.126.94.164
2021/06/08 21:11:01 INFO dns over tls: downloading DNS over TLS cryptographic files
2021/06/08 21:11:01 INFO healthcheck: healthy!
2021/06/08 21:11:02 INFO dns over tls: downloading hostnames and IP block lists
2021/06/08 21:11:04 INFO dns over tls: init module 0: validator
2021/06/08 21:11:04 INFO dns over tls: init module 1: iterator
2021/06/08 21:11:05 INFO dns over tls: start of service (unbound 1.10.1).
2021/06/08 21:11:05 INFO dns over tls: generate keytag query _ta-4a5c-4f66. NULL IN
2021/06/08 21:11:06 INFO dns over tls: ready
2021/06/08 21:11:06 INFO There is a new release v3.18.0 (v3.18.0) created 7 days ago
2021/06/08 21:11:06 INFO VPN gateway IP address: 10.2.110.1
2021/06/08 21:11:06 INFO port forwarding: Found persistent forwarded port data for port 38691
2021/06/08 21:11:06 INFO port forwarding: Forwarded port data expires in 30 days
2021/06/08 21:11:06 INFO port forwarding: Port forwarded is 38691 expiring in 30 days
2021/06/08 21:11:06 INFO port forwarding: Writing port to /tmp/gluetun/forwarded_port
2021/06/08 21:11:06 INFO firewall: setting allowed input port 38691 through interface tun0...
2021/06/08 21:11:08 INFO ip getter: Public IP address is 188.126.94.164 (Sweden, Blekinge, Karlshamn)

[qdm12]

Hey there, have you finally fixed it? Maybe try running it on :latest and it will magically work? 🤔

[Maykin-99]

:latest works great 👍️ . Thanks.