Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Port forwarding not starting with DNS_KEEP_NAMESERVER enabled on Kubernetes with provider PIA #2640

Open
garlix42 opened this issue Jan 4, 2025 · 1 comment
Open

Bug: Port forwarding not starting with DNS_KEEP_NAMESERVER enabled on Kubernetes with provider PIA #2640

garlix42 opened this issue Jan 4, 2025 · 1 comment

Comments

@garlix42
Copy link

garlix42 commented Jan 4, 2025
edited
Loading

Is this urgent?

No

Host OS

Raspian

CPU arch

aarch64

VPN service provider

Private Internet Access

What are you using to run the container

Kubernetes

What is the version of Gluetun

Running version latest built on 2024-12-27T20:18:46.989Z (commit 61b053f)

What's the problem 🤔

Sorry if I make a duplicate bug, didn't quite find one that matches (even though I found plenty of posts on similar subjects)..

I have found a termporary hack solution to get things running, but posting and hopeing for a permanent fix to the issue.

The issue:
Port forwarding does not seem to fire up at all if I have the setting DNS_KEEP_NAMESERVER as ON which seems to be needed for external DNS lookup to function properly in Kubernetes. (if I leave it off I cannot make lookups for external domains at all).

It just stops here:

2025-01-04T07:51:21Z INFO [openvpn] Initialization Sequence Completed
2025-01-04T07:51:23Z INFO [healthcheck] healthy!

It does not even write the /tmp/gluetun/ip file..

However, if I remove this value (DNS_KEEP_NAMESERVER) from my config, everything seems to start up fine and port forwarding seems to be enbled and functioning as intended, the /tmp/gluetun/ip and port_forwarding files are written!

However external DNS lookups are not working...

If I then (by exec into running container) manually configure the /etc/resolv.conf and add the kubernetes DNS as well as local 127.0.0.1 DNS, to look like so:

/ # cat /etc/resolv.conf
search torrenting.svc.cluster.local svc.cluster.local cluster.local
nameserver 10.152.183.10
nameserver 127.0.0.1
options ndots:5

Then DNS lookup works both kubernetes internal plus external and everything seems to be working. Services are running, working as intended, I can reach the services from the local LAN and port forwarding is up.

But a manual patch each container restart is not optimal, so writing here with my finding and hoping for a more elegant solution or permanent fix :-)

Share your logs (at least 10 lines)

Logs when things are not working:
--------------------
2025-01-04T07:51:21Z INFO [routing] default route found: interface eth0, gateway 169.254.1.1, assigned IP 10.1.254.198 and family v4
2025-01-04T07:51:21Z INFO [routing] adding route for 0.0.0.0/0
2025-01-04T07:51:21Z INFO [firewall] setting allowed subnets...
2025-01-04T07:51:21Z INFO [routing] default route found: interface eth0, gateway 169.254.1.1, assigned IP 10.1.254.198 and family v4
2025-01-04T07:51:21Z INFO [routing] adding route for 10.152.183.0/24
2025-01-04T07:51:21Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2025-01-04T07:51:21Z INFO [firewall] setting allowed input port 8080 through interface eth0...
2025-01-04T07:51:21Z WARN [dns] ⚠️⚠️⚠️  keeping the default container nameservers, this will likely leak DNS traffic outside the VPN and go through your container network DNS outside the VPN tunnel!
2025-01-04T07:51:21Z INFO [http server] http server listening on [::]:8000
2025-01-04T07:51:21Z INFO [healthcheck] listening on 127.0.0.1:9999
2025-01-04T07:51:21Z INFO [firewall] allowing VPN connection...
2025-01-04T07:51:21Z INFO [openvpn] OpenVPN 2.6.11 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2025-01-04T07:51:21Z INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2025-01-04T07:51:21Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]WW.XX.YY.ZZ:1197
2025-01-04T07:51:21Z INFO [openvpn] UDPv4 link local: (not bound)
2025-01-04T07:51:21Z INFO [openvpn] UDPv4 link remote: [AF_INET]WW.XX.YY.ZZ:1197
2025-01-04T07:51:21Z INFO [openvpn] [stockholm404] Peer Connection Initiated with [AF_INET]WW.XX.YY.ZZ:1197
2025-01-04T07:51:21Z INFO [openvpn] sitnl_send: rtnl: generic error (-101): Network unreachable
2025-01-04T07:51:21Z INFO [openvpn] TUN/TAP device tun0 opened
2025-01-04T07:51:21Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2025-01-04T07:51:21Z INFO [openvpn] /sbin/ip link set dev tun0 up
2025-01-04T07:51:21Z INFO [openvpn] /sbin/ip addr add dev tun0 10.10.110.30/24
2025-01-04T07:51:21Z WARN [openvpn] OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
2025-01-04T07:51:21Z INFO [openvpn] UID set to nonrootuser
2025-01-04T07:51:21Z INFO [openvpn] Initialization Sequence Completed
---------
and here it just stops...

Logs when things are working:
--------
2025-01-04T08:17:12Z INFO [routing] default route found: interface eth0, gateway 169.254.1.1, assigned IP 10.1.254.197 and family v4
2025-01-04T08:17:12Z INFO [routing] adding route for 0.0.0.0/0
2025-01-04T08:17:12Z INFO [firewall] setting allowed subnets...
2025-01-04T08:17:12Z INFO [routing] default route found: interface eth0, gateway 169.254.1.1, assigned IP 10.1.254.197 and family v4
2025-01-04T08:17:12Z INFO [routing] adding route for 10.152.183.0/24
2025-01-04T08:17:12Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2025-01-04T08:17:12Z INFO [firewall] setting allowed input port 8080 through interface eth0...
2025-01-04T08:17:12Z INFO [dns] using plaintext DNS at address 1.1.1.1
2025-01-04T08:17:12Z INFO [http server] http server listening on [::]:8000
2025-01-04T08:17:12Z INFO [healthcheck] listening on 127.0.0.1:9999
2025-01-04T08:17:12Z INFO [firewall] allowing VPN connection...
2025-01-04T08:17:12Z INFO [openvpn] OpenVPN 2.6.11 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2025-01-04T08:17:12Z INFO [openvpn] library versions: OpenSSL 3.3.2 3 Sep 2024, LZO 2.10
2025-01-04T08:17:12Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]WW.XX.YY.ZZ:1197
2025-01-04T08:17:12Z INFO [openvpn] UDPv4 link local: (not bound)
2025-01-04T08:17:12Z INFO [openvpn] UDPv4 link remote: [AF_INET]WW.XX.YY.ZZ:1197
2025-01-04T08:17:12Z INFO [openvpn] [stockholm404] Peer Connection Initiated with [AF_INET]WW.XX.YY.ZZ:1197
2025-01-04T08:17:12Z INFO [openvpn] sitnl_send: rtnl: generic error (-101): Network unreachable
2025-01-04T08:17:12Z INFO [openvpn] TUN/TAP device tun0 opened
2025-01-04T08:17:12Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2025-01-04T08:17:12Z INFO [openvpn] /sbin/ip link set dev tun0 up
2025-01-04T08:17:12Z INFO [openvpn] /sbin/ip addr add dev tun0 10.30.110.89/24
2025-01-04T08:17:12Z WARN [openvpn] OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
2025-01-04T08:17:12Z INFO [openvpn] UID set to nonrootuser
2025-01-04T08:17:12Z INFO [openvpn] Initialization Sequence Completed
2025-01-04T08:17:12Z INFO [dns] downloading hostnames and IP block lists
2025-01-04T08:17:12Z INFO [healthcheck] healthy!
2025-01-04T08:17:14Z INFO [dns] DNS server listening on [::]:53
2025-01-04T08:17:15Z INFO [dns] ready
2025-01-04T08:17:15Z INFO [ip getter] Public IP address is WW.XX.YY.ZZ (Sweden, Stockholm, Stockholm - source: ipinfo)
2025-01-04T08:17:16Z INFO [vpn] You are running on the bleeding edge of latest!
2025-01-04T08:17:16Z INFO [port forwarding] starting
2025-01-04T08:17:16Z INFO [port forwarding] Found saved forwarded port data for port XXXXX
2025-01-04T08:17:16Z INFO [port forwarding] Port forwarded data expires in 62 days
2025-01-04T08:17:16Z INFO [port forwarding] port forwarded is XXXXX
2025-01-04T08:17:16Z INFO [firewall] setting allowed input port XXXXX through interface tun0...
2025-01-04T08:17:16Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
-------

Share your configuration

The following configuration now seems to works, snip from my Kubernetes yaml-file.
-----
      env:
        - name: VPN_SERVICE_PROVIDER
          value: "private internet access"
        - name: VPN_TYPE
          value: "openvpn"
        - name: OPENVPN_USER
          value: "XXXXXXXX"
        - name: OPENVPN_PASSWORD
          value: "XXXXXXXX"
        - name: FIREWALL_OUTBOUND_SUBNETS
          value: "10.152.183.0/24"
        - name: SERVER_REGIONS
          value: "SE Stockholm"
        - name: VPN_PORT_FORWARDING
          value: "on"
        - name: FIREWALL_INPUT_PORTS
          value: "8080"
# Breaks port forwarding from starting up and halting boot..
#        - name: DNS_KEEP_NAMESERVER
#          value: "true"
--------
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Jan 4, 2025

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@garlix42