Giters

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.

Home Page:https://hub.docker.com/r/qmcgaw/gluetun

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Bug: gluetun and another Wireguard kills all

Subfortytwo opened this issue · comments

commented

Is this urgent?

None

Host OS

No response

CPU arch

x86_64

VPN service provider

Mullvad

What are you using to run the container

docker-compose

What is the version of Gluetun

latest built on 2020-03-13T01:30:06Z (commit d0f678c)

What's the problem 🤔

I want to route all the traffic thru "wireguard", but use a VPN to reach that server.
Since gluetun is using WIREGUARD_ALLOWED_IPS=0.0.0.0/0, when the 2nd docker tries to do the same, it kills the routing of gluetun.
So I tried to WIREGUARD_ALLOWED_IPS=<IP_OF_MY_WG/32>, but then nothing works.

What would you recommend?

Thank you.

version: "3"

services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    environment:
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=<bla>
      - WIREGUARD_ADDRESSES=10.70.x.x/32
      - SERVER_CITIES=Amsterdam,Helsinki,Berlin,Paris,Milan
      - HTTPPROXY=on
      - WIREGUARD_ALLOWED_IPS=0.0.0.0/0
    ports:
      - 8888:8888/tcp
  
  wireguard:
    container_name: wireguard
    image: jordanpotter/wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      net.ipv4.conf.all.src_valid_mark: 1
    network_mode: "service:gluetun"
    volumes:
      - ./wireguard/config.conf:/etc/wireguard/wg1.conf
    restart: unless-stopped

EDIT: probably same as #2086 ?

Share your logs (at least 10 lines)

Well, it loops and the connection is killed, not sure the log helps:


gluetun_1    | 2024-05-06T12:52:04Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION
gluetun_1    | 2024-05-06T12:52:04Z INFO [vpn] stopping
gluetun_1    | 2024-05-06T12:52:04Z INFO [vpn] starting
gluetun_1    | 2024-05-06T12:52:04Z INFO [firewall] allowing VPN connection...
gluetun_1    | 2024-05-06T12:52:04Z INFO [wireguard] Using available kernelspace implementation
gluetun_1    | 2024-05-06T12:52:04Z INFO [wireguard] Connecting to 193.32.248.68:51820
gluetun_1    | 2024-05-06T12:52:04Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.

dead here.



### Share your configuration

_No response_
commented

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

commented

You could try with HEALTH_TARGET_ADDRESS=1.1.1.1:443 and WIREGUARD_ALLOWED_IPS=1.1.1.1/32,10.70.x.x/32 so the healthcheck works (using 1.1.1.1) and the Gluetun wireguard interface allows the jordanpotter/wireguard interface to reach 10.70.x.x/32. Although I'm not sure about other implications, but it could be an interesting page to add to the Wiki.