Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Wireguard add route for IPv6 destination no such device #2597

Open
Eoin-ONeill-Yokai opened this issue Nov 24, 2024 · 2 comments · May be fixed by #2629
Open

Bug: Wireguard add route for IPv6 destination no such device #2597

Eoin-ONeill-Yokai opened this issue Nov 24, 2024 · 2 comments · May be fixed by #2629
Labels
Category: IPv6 🛰️ Category: Routing 🛤️ Category: Wireguard 🔐

Comments

@Eoin-ONeill-Yokai
Copy link

Eoin-ONeill-Yokai commented Nov 24, 2024
edited
Loading

Is this urgent?

None

Host OS

Fedora CoreOS

CPU arch

x86_64

VPN service provider

NordVPN

What are you using to run the container

Podman

What is the version of Gluetun

Running version latest built on 2024-11-18T09:49:16.711Z (commit 68ddbfc)

What's the problem 🤔

Seems to me that it can't write to the tunnel device for IPv6, which causes an infinite fail loop on first boot. Having said that, I'm not positive it isn't a configuration issue yet. Any help or advice from someone who got this working in a podman environment would be helpful!

Other possible issues:

  • firewalld might be getting in the way. Is there any advice for configuring firewalld for use of gluetun via podman container?

Share your logs (at least 10 lines)

gluetun  | 2024-11-23T23:48:31-08:00 INFO [routing] default route found: interface eth0, gateway 10.89.1.1, assigned IP 10.89.1.13 and family v4
gluetun  | 2024-11-23T23:48:31-08:00 INFO [routing] adding route for 0.0.0.0/0
gluetun  | 2024-11-23T23:48:31-08:00 INFO [firewall] setting allowed subnets...
gluetun  | 2024-11-23T23:48:31-08:00 INFO [routing] default route found: interface eth0, gateway 10.89.1.1, assigned IP 10.89.1.13 and family v4
gluetun  | 2024-11-23T23:48:31-08:00 INFO [dns] using plaintext DNS at address 1.1.1.1
gluetun  | 2024-11-23T23:48:31-08:00 INFO [http server] http server listening on [::]:8000
gluetun  | 2024-11-23T23:48:31-08:00 INFO [healthcheck] listening on 127.0.0.1:9999
gluetun  | 2024-11-23T23:48:31-08:00 INFO [firewall] allowing VPN connection...
gluetun  | 2024-11-23T23:48:31-08:00 INFO [wireguard] Using available kernelspace implementation
gluetun  | 2024-11-23T23:48:31-08:00 INFO [wireguard] Connecting to 138.199.42.236:51820
gluetun  | 2024-11-23T23:48:31-08:00 ERROR [vpn] cannot add route for interface: adding route for destination ::/0: adding route for link tun0, destination ::/0 and table 51820: no such device
gluetun  | 2024-11-23T23:48:31-08:00 INFO [vpn] retrying in 15s
gluetun  | 2024-11-23T23:48:37-08:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com on 1.1.1.1:53: write udp 10.89.1.13:38411->1.1.1.1:53: write: operation not permitted)
gluetun  | 2024-11-23T23:48:37-08:00 INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md
gluetun  | 2024-11-23T23:48:37-08:00 INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION

^ Basically this on loop, but I imagine that first error is probably the source of the problem.

Share your configuration

services:
  gluetun:
    image: ghcr.io/qdm12/gluetun
    container_name: gluetun
    # line above must be uncommented to allow external containers to connect.
    # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/connect-a-container-to-gluetun.md#external-container-to-gluetun
    cap_add:
      - NET_ADMIN
      - NET_RAW
      - MKNOD # < Unsure about the necessity of this
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - ./gluetun:/gluetun:z
    environment:
      # See https://github.com/qdm12/gluetun-wiki/tree/main/setup#setup
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=wireguard
      # OpenVPN:
      # - OPENVPN_USER=
      # - OPENVPN_PASSWORD=
      # Wireguard:
      - WIREGUARD_PRIVATE_KEY=NopeNope:)
      - WIREGUARD_MTU=1000
      - SERVER_COUNTRIES=United States,Ireland
      # Timezone for accurate log times
      - TZ=America/Los_Angeles
      - LOG_LEVEL=debug
      # Server list updater
      # See https://github.com/qdm12/gluetun-wiki/blob/main/setup/servers.md#update-the-vpn-servers-list
      - UPDATER_PERIOD=24h
    networks:
      - isolated
    restart: unless-stopped
    healthcheck:
      test: "ping -c 1 google.com || exit 1"
      timeout: 2s
      retries: 3
    security_opt:
      - label=disable # Also unsure about the necessity of this
@github-actions GitHub Actions
Copy link
Contributor

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

@qdm12 qdm12 linked a pull request Dec 27, 2024 that will close this issue
Draft
@qdm12
Copy link
Owner

qdm12 commented Dec 27, 2024

no such device may mean tun0 doesn't exit - weird.
Please try image tag :pr-2629 to see if it helps, it now specifies the ip family for the route to add, depending on the destination. Maybe the netlink library I use or kernel is not smart enough to figure this out from the destination ip prefix specified.

Also please report the logs you get with LOG_LEVEL=debug thanks!

@qdm12 qdm12 changed the title Bug: VPN cannot add route for destination ::/0: ... : no such device Bug: Wireguard add route for IPv6 destination no such device Dec 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Category: IPv6 🛰️ Category: Routing 🛤️ Category: Wireguard 🔐
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix(wireguard): specify family for new route qdm12/gluetun
2 participants
@Eoin-ONeill-Yokai @qdm12