gluetun: Bug: Sequence complete, Healthy, then Unhealthy, Restarting VPN, Sequence complete and afterwards Healthy again

Is this urgent?

Host OS

Debian Bullseye

CPU arch

x86_64

VPN service provider

Surfshark

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2022-06-06T18:13:11.996Z (commit 5359257)

What’s the problem 🤔

Sequence complete, Healthy, then Unhealthy, Restarting VPN, Sequence complete, and afterwards Healthy again

Share your logs

gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1 and assigned IP 172.18.0.2
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip rule add from 172.18.0.2/32 lookup 200 pref 100
gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] adding route for 0.0.0.0/0
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip route replace 0.0.0.0/0 via 172.18.0.1 dev eth0 table 200
gluetun  | 2022-06-07T09:08:35+02:00 INFO [firewall] setting allowed subnets...
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] iptables --append OUTPUT -o eth0 -s 172.18.0.2 -d 10.54.1.0/24 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] default route found: interface eth0, gateway 172.18.0.1 and assigned IP 172.18.0.2
gluetun  | 2022-06-07T09:08:35+02:00 INFO [routing] adding route for 10.54.1.0/24
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip route replace 10.54.1.0/24 via 172.18.0.1 dev eth0 table 199
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [routing] ip rule add to 10.54.1.0/24 lookup 199 pref 99
gluetun  | 2022-06-07T09:08:35+02:00 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
gluetun  | 2022-06-07T09:08:35+02:00 INFO [pprof] http server listening on [::]:6060
gluetun  | 2022-06-07T09:08:35+02:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
gluetun  | 2022-06-07T09:08:35+02:00 INFO [http proxy] listening on :8888
gluetun  | 2022-06-07T09:08:35+02:00 INFO [http server] http server listening on [::]:8000
gluetun  | 2022-06-07T09:08:35+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun  | 2022-06-07T09:08:35+02:00 INFO [shadowsocks] listening TCP on :8388
gluetun  | 2022-06-07T09:08:35+02:00 INFO [shadowsocks] listening UDP on :8388
gluetun  | 2022-06-07T09:08:35+02:00 INFO [firewall] allowing VPN connection...
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] iptables --append OUTPUT -d 178.239.173.43 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
gluetun  | 2022-06-07T09:08:35+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]178.239.173.43:1443 [nonblock]
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP connection established with [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound)
gluetun  | 2022-06-07T09:08:35+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:36+02:00 INFO [openvpn] [nl-ams-v126.prod.surfshark.com] Peer Connection Initiated with [AF_INET]178.239.173.43:1443
gluetun  | 2022-06-07T09:08:37+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6)
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.3/24
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] UID set to nonrootuser
gluetun  | 2022-06-07T09:08:37+02:00 INFO [openvpn] Initialization Sequence Completed
gluetun  | 2022-06-07T09:08:37+02:00 INFO [dns over tls] downloading DNS over TLS cryptographic files
gluetun  | 2022-06-07T09:08:37+02:00 INFO [healthcheck] healthy!
gluetun  | 2022-06-07T09:08:38+02:00 INFO [dns over tls] downloading hostnames and IP block lists
gluetun  | 2022-06-07T09:08:42+02:00 INFO [healthcheck] unhealthy: cannot dial: dial tcp4: lookup cloudflare.com on 127.0.0.1:53: read udp 127.0.0.1:34363->127.0.0.1:53: read: connection refused
gluetun  | 2022-06-07T09:08:50+02:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
gluetun  | 2022-06-07T09:08:50+02:00 INFO [vpn] stopping
gluetun  | 2022-06-07T09:08:50+02:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
gluetun  | 2022-06-07T09:08:50+02:00 INFO [vpn] starting
gluetun  | 2022-06-07T09:08:50+02:00 INFO [firewall] allowing VPN connection...
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --delete OUTPUT -d 178.239.173.43 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] ip6tables-nft --delete OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --append OUTPUT -d 89.46.223.212 -o eth0 -p tcp -m tcp --dport 1443 -j ACCEPT
gluetun  | 2022-06-07T09:08:50+02:00 DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:51+02:00 DEBUG [firewall] ip6tables-nft --append OUTPUT -o tun0 -j ACCEPT
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 17 2022
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10
gluetun  | 2022-06-07T09:08:51+02:00 WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] Attempting to establish TCP connection with [AF_INET]89.46.223.212:1443 [nonblock]
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP connection established with [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP_CLIENT link local: (not bound)
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] TCP_CLIENT link remote: [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:51+02:00 INFO [openvpn] [nl-ams-v039.prod.surfshark.com] Peer Connection Initiated with [AF_INET]89.46.223.212:1443
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] init module 0: validator
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] init module 1: iterator
gluetun  | 2022-06-07T09:08:52+02:00 ERROR [openvpn] Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6)
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] TUN/TAP device tun0 opened
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] /sbin/ip link set dev tun0 up
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] /sbin/ip addr add dev tun0 10.7.7.15/24
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] UID set to nonrootuser
gluetun  | 2022-06-07T09:08:52+02:00 INFO [openvpn] Initialization Sequence Completed
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] start of service (unbound 1.15.0).
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
gluetun  | 2022-06-07T09:08:52+02:00 INFO [dns over tls] ready
gluetun  | 2022-06-07T09:08:52+02:00 INFO [healthcheck] healthy!

Share your configuration

version: "3.7"

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    ports:
      - 8000:8000/tcp   #HTTP control server
      - 8888:8888/tcp   #HTTPproxy
      - 8388:8388/tcp   #shadowsocks
      - 8388:8388/udp   #shadowsocks
    volumes:
      - /dockercfg/gluetun:/gluetun
    secrets:
      - openvpn_user
      - openvpn_password
      - httpproxy_username
      - httpproxy_password
      - shadowsocks_password
    environment:
    # OPENVPN
      - VPN_SERVICE_PROVIDER=surfshark
      - OPENVPN_VERSION=2.5
      - OPENVPN_PROTOCOL=tcp
      - OPENVPN_VERBOSITY=1
      - OPENVPN_PROCESS_USER=no
    # Surfshark
      - SERVER_COUNTRIES=Netherlands
    # DNS over TLS
      - DOT=on
      - DOT_PROVIDERS=cloudflare
      - DOT_CACHING=on
      - DOT_IPV6=off
      - DOT_PRIVATE_ADDRESS=
      - DOT_VERBOSITY=1
      - DOT_VERBOSITY_DETAILS=0
      - DOT_VALIDATION_LOGLEVEL=0
      - DNS_UPDATE_PERIOD=24h
      - BLOCK_MALICIOUS=on
      - BLOCK_SURVEILLANCE=off
      - BLOCK_ADS=off
      - UNBLOCK=
      - DNS_KEEP_NAMESERVER=off
    # Firewall
      - FIREWALL=on
      - FIREWALL_DEBUG=on
      - FIREWALL_OUTBOUND_SUBNETS=10.54.1.0/24
    # Shadowsocks
      - SHADOWSOCKS=on
      - SHADOWSOCKS_LOG=off
      - SHADOWSOCKS_LISTENING_ADDRESS=:8388
      - SHADOWSOCKS_CIPHER=chacha20-ietf-poly1305
    # HTTPproxy
      - HTTPPROXY=on
      - HTTPPROXY_LOG=on
      - HTTPPROXY_LISTENING_ADDRESS=:8888
      - HTTPPROXY_STEALTH=on
    # System
      - TZ=Europe/Amsterdam
      - PUID=1000
      - PGID=100
    # HTTP Control server
      - HTTP_CONTROL_SERVER_ADDRESS=:8000
      - HTTP_CONTROL_SERVER_LOG=on
    # Other
      - PUBLICIP_PERIOD=12h
      - VERSION_INFORMATION=on
      - UPDATER_PERIOD=24h
    restart: unless-stopped

About this issue

Original URL
State: open
Created 2 years ago
Reactions: 1
Comments: 21 (7 by maintainers)

Most upvoted comments

Hi all, for me, changing HEALTH_TARGET_ADDRESS and DNS_ADDRESS to 1.1.1.1 both solved the issue.

antro31 on Jun 20, 2022