gluetun: Bug: [vpn] cannot add Wireguard link: file exists
Is this urgent?
~No~ Yes (cannot deploy)
Host OS
Kubernetes (k3s 1.26) over Photon OS 4.0
CPU arch
x86_64
VPN service provider
Windscribe
What are you using to run the container
Kubernetes
What is the version of Gluetun
Running version latest built on 2023-06-08T22:48:56.392Z (commit ea19914)
What’s the problem 🤔
VPN does not come up. Error seems to be related to netlink. Tried both with and without /dev/net/tun mounted.
Share your logs
2023-06-09T03:56:39Z DEBUG [wireguard] Wireguard server public key: fvmyuUJF8JvjzIts5bROwwZQ0zkSB7lk/q8E4G3+F20=
2023-06-09T03:56:39Z DEBUG [wireguard] Wireguard client private key:
2023-06-09T03:56:39Z DEBUG [wireguard] Wireguard pre-shared key:
2023-06-09T03:56:39Z INFO [firewall] allowing VPN connection...
2023-06-09T03:56:39Z INFO [wireguard] Using available kernelspace implementation
2023-06-09T03:56:39Z DEBUG [wireguard] closing controller client...
2023-06-09T03:56:39Z ERROR [vpn] cannot add Wireguard link: file exists
2023-06-09T03:56:39Z INFO [vpn] retrying in 2m0s
2023-06-09T03:58:39Z DEBUG [wireguard] Wireguard server public key:
2023-06-09T03:58:39Z DEBUG [wireguard] Wireguard client private key:
2023-06-09T03:58:39Z DEBUG [wireguard] Wireguard pre-shared key:
2023-06-09T03:58:39Z INFO [firewall] allowing VPN connection...
2023-06-09T03:58:39Z DEBUG [firewall] iptables --delete OUTPUT -d <> -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2023-06-09T03:58:39Z DEBUG [firewall] iptables --delete OUTPUT -o tun0 -j ACCEPT
2023-06-09T03:58:39Z DEBUG [firewall] ip6tables --delete OUTPUT -o tun0 -j ACCEPT
2023-06-09T03:58:39Z DEBUG [firewall] iptables --append OUTPUT -d <> -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
2023-06-09T03:58:39Z DEBUG [firewall] iptables --append OUTPUT -o tun0 -j ACCEPT
2023-06-09T03:58:39Z DEBUG [firewall] ip6tables --append OUTPUT -o tun0 -j ACCEPT
2023-06-09T03:58:39Z INFO [wireguard] Using available kernelspace implementation
2023-06-09T03:58:39Z DEBUG [wireguard] closing controller client...
2023-06-09T03:58:39Z ERROR [vpn] cannot add Wireguard link: file exists
2023-06-09T03:58:39Z INFO [vpn] retrying in 4m0s
Share your configuration
apiVersion: apps/v1
kind: Deployment
metadata:
name: wg
spec:
selector:
matchLabels:
app: wg
strategy:
type: Recreate
template:
metadata:
labels:
app: wg
spec:
volumes:
- name: dev-net-tun
hostPath:
path: /dev/net/tun
dnsConfig:
nameservers:
- 1.1.1.1
containers:
- name: windscribe
image: qmcgaw/gluetun:latest
volumeMounts:
- mountPath: /dev/net/tun
name: dev-net-tun
env:
- name: VPN_SERVICE_PROVIDER
value: windscribe
- name: VPN_TYPE
value: wireguard
- name: SERVER_REGIONS
value: US West
- name: SERVER_CITIES
value: Los Angeles
- name: HTTPPROXY
value: "on"
- name: LOG_LEVEL
value: debug
envFrom:
- secretRef:
name: windscribe
ports:
- containerPort: 8888
securityContext:
capabilities:
add:
- NET_ADMIN
resources:
requests:
memory: "8Mi"
cpu: "1m"
limits:
memory: "128Mi"
cpu: "100m"
livenessProbe:
initialDelaySeconds: 5
periodSeconds: 30
exec:
command:
- sh
- -c
- ping -c 1 -W 1 -q 1.1.1.1 >/dev/null
About this issue
- Original URL
- State: closed
- Created a year ago
- Comments: 21 (7 by maintainers)
Oh ok very strange, I might revert the change to replace the existing link in the future.
setting up IPv6: adding IPv6 rule: %!w(<nil>)wasn’t returning the error properly, it’s fixed in 2873b0627531535a4c6128fc8771daf483c2fa9ciptables, which only deals with the firewall tables, but an ip (routing + rule + link) problem 😉 github.com/vishvananda/netlink deals with the kernel similarly toip rule,ip routeandip linkcommands.adding IPv6 rulehappens?adding IPv4 rule: adding rule ip rule 101: from all to all table 51820: file existsI could also change this to replace the ip rule, but this is plain strange, why is everything already existing 😄 And all this always happens on the first wireguard setup try right??