Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: gluetun and another Wireguard kills all #2268

Open
Subfortytwo opened this issue May 6, 2024 · 2 comments
Open

Bug: gluetun and another Wireguard kills all #2268

Subfortytwo opened this issue May 6, 2024 · 2 comments
Labels
Category: Healthcheck 🩺 Category: Wireguard 🔐 Priority: 💤 Low priority

Comments

@Subfortytwo
Copy link

Subfortytwo commented May 6, 2024
edited

Is this urgent?

None

Host OS

No response

CPU arch

x86_64

VPN service provider

Mullvad

What are you using to run the container

docker-compose

What is the version of Gluetun

latest built on 2020-03-13T01:30:06Z (commit d0f678c)

What's the problem 🤔

I want to route all the traffic thru "wireguard", but use a VPN to reach that server.
Since gluetun is using WIREGUARD_ALLOWED_IPS=0.0.0.0/0, when the 2nd docker tries to do the same, it kills the routing of gluetun.
So I tried to WIREGUARD_ALLOWED_IPS=<IP_OF_MY_WG/32>, but then nothing works.

What would you recommend?

Thank you.

version: "3"

services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=<bla>
      - WIREGUARD_ADDRESSES=10.70.x.x/32
      - SERVER_CITIES=Amsterdam,Helsinki,Berlin,Paris,Milan
      - HTTPPROXY=on
      - WIREGUARD_ALLOWED_IPS=0.0.0.0/0
    ports:
      - 8888:8888/tcp
  
  wireguard:
    container_name: wireguard
    image: jordanpotter/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      net.ipv4.conf.all.src_valid_mark: 1
    network_mode: "service:gluetun"
    volumes:
      - ./wireguard/config.conf:/etc/wireguard/wg1.conf
    restart: unless-stopped

EDIT: probably same as #2086 ?

Share your logs (at least 10 lines)

Well, it loops and the connection is killed, not sure the log helps:


gluetun_1    | 2024-05-06T12:52:04Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun_1    | 2024-05-06T12:52:04Z INFO [vpn] stopping
gluetun_1    | 2024-05-06T12:52:04Z INFO [vpn] starting
gluetun_1    | 2024-05-06T12:52:04Z INFO [firewall] allowing VPN connection...
gluetun_1    | 2024-05-06T12:52:04Z INFO [wireguard] Using available kernelspace implementation
gluetun_1    | 2024-05-06T12:52:04Z INFO [wireguard] Connecting to 193.32.248.68:51820
gluetun_1    | 2024-05-06T12:52:04Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.

dead here.



### Share your configuration

_No response_
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 6, 2024

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

@qdm12
Copy link
Owner

qdm12 commented May 7, 2024

You could try with HEALTH_TARGET_ADDRESS=1.1.1.1:443 and WIREGUARD_ALLOWED_IPS=1.1.1.1/32,10.70.x.x/32 so the healthcheck works (using 1.1.1.1) and the Gluetun wireguard interface allows the jordanpotter/wireguard interface to reach 10.70.x.x/32. Although I'm not sure about other implications, but it could be an interesting page to add to the Wiki.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: Healthcheck 🩺 Category: Wireguard 🔐 Priority: 💤 Low priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@qdm12 @Subfortytwo