Search the Community

TL/DR -- Gluetun Healthcheck directive fails, possibly because Bell is not allowing DNS queries to cloudflare. Apologies, I should be posting this, probably on the Gluetun wiki, but any help welcome. I have a new-to-me Asustor NAS that I am starting to configure as a more general purpose server deploying locally hosted docker containers/stacks. As an early step, I am working to be able run some containers behind a vpn connection. The vendor offers proprietary VPN configurations, but I am not confident in them. Consequently, I have been working to get a dockerized AIRVPN service up and running. A very common wireguard image for doing this is GLUETUN. I learned here that they now, in theory, support AIRVPN. My issue is that gluetun seems to connect to AIRVPN, but then for reasons that are unclear to me, related to the healthcheck directive, it disconnects and cycles until it eventually times out. Thanks to some users here, I have constructed what appears to my inexperienced eyes to be a viable docker compose file: services: gluetun: image: 'qmcgaw/gluetun:latest' container_name: gluetun cap_add: - NET_ADMIN devices: - '/dev/net/tun:/dev/net/tun' volumes: - /volume1/Docker/gluetun:/gluetun environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - WIREGUARD_PUBLIC_KEY=**************** - WIREGUARD_PRIVATE_KEY=*************** - WIREGUARD_PRESHARED_KEY=************* - WIREGUARD_ADDRESSES=10.170.255.172/32 - SERVER_COUNTRIES=Canada - FIREWALL_VPN_INPUT_PORTS=**** - TZ="America/Montreal" - UPDATER_PERIOD=24h ports: - '8080:8080' - '****:****' restart: unless-stopped It seems to be almost working, but I am not sure why it is failing. BTW, I am running pihole as a local DNS server on the same machine, which got me past an earlier glitch. It seems that there is still a DNS issue, but I can't figure it out from the log. The container starts, glitches and restarts whenI run the following command: docker compose -f /volume1/Docker/media_dl/gluetun.yml run gluetun The console output below provides clues that I hope you can help me use to sort out the issue: 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12 2025-04-13T20:29:58Z INFO [routing] default route found: interface eth0, gateway 172.18.0.1, assigned IP 172.18.0.2 and family v4 2025-04-13T20:29:58Z INFO [routing] local ethernet link found: eth0 2025-04-13T20:29:58Z INFO [routing] local ipnet found: 172.18.0.0/16 2025-04-13T20:29:58Z INFO [firewall] enabling... 2025-04-13T20:29:58Z INFO [firewall] enabled successfully 2025-04-13T20:29:59Z INFO [storage] merging by most recent 20776 hardcoded serve rs and 20776 servers read from /gluetun/servers.json 2025-04-13T20:29:59Z INFO Alpine version: 3.20.5 2025-04-13T20:29:59Z INFO OpenVPN 2.5 version: 2.5.10 2025-04-13T20:29:59Z INFO OpenVPN 2.6 version: 2.6.11 2025-04-13T20:29:59Z INFO IPtables version: v1.8.10 2025-04-13T20:29:59Z INFO Settings summary: ├── VPN settings: | ├── VPN provider settings: | | ├── Name: airvpn | | └── Server selection settings: | | ├── VPN type: wireguard | | ├── Countries: canada | | └── Wireguard selection settings: | | └── Server public key: *************** hk= | └── Wireguard settings: | ├── Private key: GJn...VI= | ├── Pre-shared key: odJ...Cc= | ├── Interface addresses: | | └── 10.170.255.172/32 | ├── Allowed IPs: | | ├── 0.0.0.0/0 | | └── ::/0 | └── Network interface: tun0 | └── MTU: 1320 ├── DNS settings: | ├── Keep existing nameserver(s): no | ├── DNS server address to use: 127.0.0.1 | └── DNS over TLS settings: | ├── Enabled: yes | ├── Update period: every 24h0m0s | ├── Upstream resolvers: | | └── cloudflare | ├── Caching: yes | ├── IPv6: no | └── DNS filtering settings: | ├── Block malicious: yes | ├── Block ads: no | ├── Block surveillance: no | └── Blocked IP networks: | ├── 127.0.0.1/8 | ├── 10.0.0.0/8 | ├── 172.16.0.0/12 | ├── 192.168.0.0/16 | ├── 169.254.0.0/16 | ├── ::1/128 | ├── fc00::/7 | ├── fe80::/10 | ├── ::ffff:127.0.0.1/104 | ├── ::ffff:10.0.0.0/104 | ├── ::ffff:169.254.0.0/112 | ├── ::ffff:172.16.0.0/108 | └── ::ffff:192.168.0.0/112 ├── Firewall settings: | ├── Enabled: yes | └── VPN input ports: | └── **** ├── Log settings: | └── Log level: info ├── Health settings: | ├── Server listening address: 127.0.0.1:9999 | ├── Target address: google.com | ├── Duration to wait after success: 5s | ├── Read header timeout: 100ms | ├── Read timeout: 500ms | └── VPN wait durations: | ├── Initial duration: 6s | └── Additional duration: 5s ├── Shadowsocks server settings: | └── Enabled: no ├── HTTP proxy settings: | └── Enabled: no ├── Control server settings: | ├── Listening address: :8000 | ├── Logging: yes | └── Authentication file path: /gluetun/auth/config.toml ├── Storage settings: | └── Filepath: /gluetun/servers.json ├── OS Alpine settings: | ├── Process UID: 1000 | ├── Process GID: 1000 | └── Timezone: america/montreal ├── Public IP settings: | ├── IP file path: /tmp/gluetun/ip | ├── Public IP data base API: ipinfo | └── Public IP data backup APIs: | ├── ifconfigco | ├── ip2location | └── cloudflare ├── Server data updater settings: | ├── Update period: 24h0m0s | ├── DNS address: 1.1.1.1:53 | ├── Minimum ratio: 0.8 | └── Providers to update: airvpn └── Version settings: └── Enabled: yes 2025-04-13T20:46:31Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4 2025-04-13T20:46:31Z INFO [routing] adding route for 0.0.0.0/0 2025-04-13T20:46:31Z INFO [firewall] setting allowed subnets... 2025-04-13T20:46:31Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.2 and family v4 2025-04-13T20:46:31Z INFO [dns] using plaintext DNS at address 1.1.1.1 2025-04-13T20:46:31Z INFO [http server] http server listening on [::]:8000 2025-04-13T20:46:31Z INFO [healthcheck] listening on 127.0.0.1:9999 2025-04-13T20:46:31Z INFO [firewall] allowing VPN connection... 2025-04-13T20:46:31Z INFO [wireguard] Using available kernelspace implementation 2025-04-13T20:46:31Z INFO [wireguard] Connecting to 139.28.218.234:1637 2025-04-13T20:46:31Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working. 2025-04-13T20:46:31Z INFO [firewall] setting allowed input port **** through interface tun0... 2025-04-13T20:46:31Z INFO [dns] downloading hostnames and IP block lists 2025-04-13T20:46:41Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (healthcheck error: dialing: dial tcp4: lookup cloudflare.com: i/o timeout) 2025-04-13T20:46:41Z INFO [healthcheck] 👉 See https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md 2025-04-13T20:46:41Z INFO [healthcheck] DO NOT OPEN AN ISSUE UNLESS YOU READ AND TRIED EACH POSSIBLE SOLUTION 2025-04-13T20:46:41Z INFO [vpn] stopping The healthcheck directive of Gluetun uses the following command to verify that the interface is up: ping -W 1 -w 1 -q -s 8 1.1.1.1 Using the same command on the NAS, I get 100% packet loss, though on my desktop (that used the Pihole NAS I see: PS C:\Windows\system32> ./ping.exe -w 1 -s 4 1.1.1.1 Pinging 1.1.1.1 with 32 bytes of data: Reply from 1.1.1.1: bytes=32 time=201ms TTL=59 Timestamp: 10.11.10.1 : 75717118 -> 77.243.185.75 : 75717122 -> 162.158.124.1 : 75717239 -> 1.1.1.1 : 75717240 Reply from 1.1.1.1: bytes=32 time=155ms TTL=59 Timestamp: 10.11.10.1 : 75718136 -> 77.243.185.75 : 75718141 -> 162.158.124.1 : 75718219 -> 1.1.1.1 : 75718219 Reply from 1.1.1.1: bytes=32 time=117ms TTL=59 Timestamp: 10.11.10.1 : 75719155 -> 77.243.185.75 : 75719160 -> 162.158.124.1 : 75719194 -> 1.1.1.1 : 75719194 Reply from 1.1.1.1: bytes=32 time=87ms TTL=59 Timestamp: 10.11.10.1 : 75720172 -> 77.243.185.75 : 75720176 -> 162.158.124.1 : 75720192 -> 1.1.1.1 : 75720193 I suspect that Bell DNS is blocking cloudflare. I will let you know if I can find another healthcheck configuration that works. Thanks for bearing with me. This has been longer than I expected.

Hi all, Please note I'm quite inexperienced with networking and server things, I'm learning as I go. I downloaded a .ovpn file to use with Gluetun in Docker. After lots of fiddling, I got Gluetun up and running. However, I wanted to make some changes to my ports (specifically, changed the DDNS address for one of the ports) and I'm wondering if I need to download a new .ovpn file each time I mess with something in the AirVPN client area. Does the .ovpn save details like which ports are forwarded, the DDNS stuff for those ports, etc? Would it be easier for me to remove the .ovpn from my Gluetun docker-compose file and just use my username/password for AirVPN? Thanks.

gluetun docker log ERROR VPN settings: provider settings: port forwarding: port forwarding cannot be enabled: value is not one of the possible choices: airvpn must be one of perfect privacy, private internet access, privatevpn or protonvpn 2024-11-17T20:13:01+01:00 INFO Shutdown successful docker compose version: "3.9" services: vpn: image: qmcgaw/gluetun container_name: vpn networks: proxy: ipv4_address: 10.0.0.4 cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun ports: - 1637:1637/udp - 13660:13660/tcp - 13660:13660/udp - 8096:8096 volumes: - ./:/gluetun environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - VPN_PORT_FORWARDING=on - FIREWALL_VPN_INPUT_PORTS=13660 - WIREGUARD_PRIVATE_KEY=X - WIREGUARD_ADDRESSES=X - WIREGUARD_PRESHARED_KEY=X - WIREGUARD_ENDPOINT_PORT=1637 - SERVER_COUNTRIES=Netherlands - TZ=X - DNS_ADDRESS=10.128.0.1 restart: unless-stopped

Hello! I'm trying to expose Jellyfin to internet through AirVPN port forwarding, but I can't for the life of me make it to work. You can see the gluetun stack I'm using bellow 45554 is the port I'm trying to use for Jellyfin. 42148 is the one I'm using for Qbittorrent. You can ignore this, it's working perfectly. I have no idea what I could be doing wrong, tried everything that came to my mind. In the AirVPN => Client Area => Forwarded Port, I tried to bind 45554 to "local port" 8096, without success. I'd really appreciate any help, Thanks for your time! services: gluetun: image: qmcgaw/gluetun container_name: gluetun cap_add: - NET_ADMIN devices: - /dev/net/tun:/dev/net/tun environment: - VPN_SERVICE_PROVIDER=airvpn - VPN_TYPE=wireguard - WIREGUARD_PRIVATE_KEY=xxx - WIREGUARD_PRESHARED_KEY=xxx - WIREGUARD_ADDRESSES=xxx - SERVER_REGIONS=Europe - FIREWALL_VPN_INPUT_PORTS=45554,42148 ports: - 8080:8080 # Qbittorrent1 - 42148:42148 # Qbittorrent1 port forwarding - 42148:42148/udp # Qbittorrent1 port forwarding - 8181:8181 # Qbittorrent2 - 6881:6881 # Qbittorrent2 port - 6881:6881/udp # Qbittorrent2 port - 8096:8096 # Jellyfin - 45554:45554 qbittorrent: image: lscr.io/linuxserver/qbittorrent:latest container_name: qbittorrent1 environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - WEBUI_PORT=8080 - TORRENTING_PORT=42148 volumes: - /home/charly/container/qbittorrent1/appdata/:/config - /home/charly/Téléchargements/:/downloads network_mode: 'service:gluetun' depends_on: - gluetun restart: unless-stopped qbittorrent2: image: qbittorrentofficial/qbittorrent-nox:latest container_name: qbittorrent2 environment: - PUID=1000 - PGID=1000 - TZ=Etc/UTC - TORRENTING_PORT=6881 - QBT_LEGAL_NOTICE=confirm - QBT_VERSION=latest - QBT_WEBUI_PORT=8181 volumes: - /home/charly/container/qbittorrent2/appdata/:/config - /home/charly/Téléchargements/:/downloads network_mode: 'service:gluetun' depends_on: - gluetun restart: unless-stopped jellyfin: image: jellyfin/jellyfin container_name: jellyfin network_mode: 'service:gluetun' volumes: - /home/charly/container/jellyfin/config:/config - /home/charly/container/jellyfin/cache:/cache - /home/charly/container/jellyfin/movies:/movies - /home/charly/container/jellyfin/tvshows:/tvshows restart: 'unless-stopped' environment: - TZ=Etc/UTC - PUID=1000 - PGID=1000

Okay so I'm trying to port forward plex and qbittorrent but testing it using Airvpn returns " Connection timed out (110) " and using https://www.yougetsignal.com/tools/open-ports/ tells me that both ports are closed. The setup I have is a bit complicated since Plex and Qbittorrent are running in docker along with an openvpn-client to connect to Airvpn. Docker is running in vm using Fedora CoreOS and the vm is running on a machine with a Fedora Server. I tried different ports, rebooting the machines and temporarily disabling the firewall on the vm and host but its still no working. Also, I'm behind a carrier grade nat but to my understanding that should not affect port forwarding using Airvpn, right? So not exactly sure were the problem is.

Hi, Ubuntu 17.10 AirVPN 2.13.6, running through Eddie When I try to start my app in Docker using "docker-compose up", I get an error: ERROR: could not find an available, non-overlapping IPv4 address pool among the defaults to assign to the network If I disable network lock and stop Eddie, Docker will start up just fine. After Googling I found a possible explanation and solution in https://stackoverflow.com/questions/45692255/how-make-openvpn-work-with-docker. With my minimal VPN and network knowledge I'm unable to judge if this is a valid and safe solution. Can anyone knowledgeable comment on this solution?

Hello, I have an issue with port forwarding and my ASUS router. I've got an ASUS route, running the latest stock firmware (3.0.0.4.388_23013) with mostly default settings. The router is directly connected to a modem in bridge mode so there's no double NAT. I imported a wireguard profile and assigned my NAS to this profile. So far everything works good and as expected, and the VPN connection is active for my NAS. Most posts in this forum seem to be about the ASUS merlin firmware, but I'd rather not install a custom firmware if not necessary. For my setup: I am running an owncloud docker instance on my synology NAS and want to access it with port forwarding on the internet. Therefore I went to https://airvpn.org/ports/ and assigned a port and DDNS entry. My owncloud docker container has the port 8080 assigned as local and container port and I can access it correctly with my local ip:port. The port entry has port X assigned and as local port I setup 8080 to match the owncloud port. If I now test the port status with "test open" on the ports page, I just get the "Connection timed out (110)" error. Afaik, there shouldn't be any custom port forwarding rules necessary in my router settings, as the FAQ says don't forward the ports you want to use in the router, as that might be a security risk (?). Also accessing the ddns:port address and checking the outgoing ip:port gives also connection timeout in my browser. For testing I also forwarded a random other port and tried to listen on it on my windows pc with openvpn active and that yielded the same results. Forwarding a random port in my router and then listening to it without vpn worked though, as some testing webpage showed that this port is open then. I tried to troubleshoot it with the help of ChatGPT, but all the ideas it had, didn't yield and results or improvements. Am I missing something? There doesn't seem to be any special settings regarding the VPN Fusion connection and any type of port forwarding etc.

I have built a docker container using the https://registry.hub.docker.com/r/markusmcnugen/qbittorrentvpn image containing qbittorrent. The container is running on a DS1019+ Synology NAS DSM 6.2.4.-25556. The connection is supposed to be made using the files generated by the OpenVPN Config Generator. For some reason the container makes no attempt to establish the VPN connection, doileak.com indicates that qb is leaking the router's WAN ip address. Any thoughts appreciated.

Hello all, I am looking to create a docker container or some type of script to rotate my IP addresses. My goal is to rotate my IP address every time that it is unable to connect to a given IP (TTL like 30 seconds). However, If I am unable to do this I would like to simply rotate my IP address every couple of minutes. Does anyone know how I might do this efficiently? I would preferably run it from a local machine or docker container routing my applications through it.

My setup is as follows. I have a docker setup where i run my vpn server in one container and my transmission application in another container. My transmission container uses the vpn container as a gateway which works quite nice. My only problem is that i'm unable to forward my peer listening port from my airvpn connection to the transmission container. I have added the port forwarding at airvpn.org but dont know how to forward it to my transmission container. I guess I have to add some iptables rules to my vpn gateway, which uses openvpn+iptables to connect airvpn servers. Does anyone have an idea of how to configure iptables to handle port forwarding?

Edit: Because this post continues to bring people to my github page, I'd like to make things a bit easier. I have pushed my images to Dockerhub, so you no longer need to build these images yourself. Unfortunately there are still a few manual steps. Here's a step-by-step to get this running: 1) You still need to install Docker and docker-compose as described below. 2) You need to grab two files from my repository. https://github.com/rahmnathan/docker/blob/master/deluge/docker-compose.yml and https://github.com/rahmnathan/docker/blob/master/deluge/airvpn/resolv.conf 3) In the docker-compose file that you grabbed, you need to set the USERNAME and PASSWORD environment variables to your AirVPN credentials. 4) In the docker-compose file that you grabbed, you need to update the 'volumes' section to point to the resolv.conf file that you grabbed. This file configures Air to use AirVpn's DNS servers. Normally this is automatic with eddie, but there are some issues in Docker that currently prevent this, so it needs to be mapped as a volume. 5) Run 'docker-compose up -d' in the directory of the docker-compose.yml file. More often than not, the airvpn container stops at 'Ready' before AirVPN connects. I haven't resolved this yet, but if you toggle 'docker-compose down'/'docker-compose up -d' a few times, it eventually goes through. If anyone knows why this is happening, please let me know or submit a pull request against my repo and I'd be happy to merge it. To expand on that, if anyone has any suggestions, I'd be happy to implement them or accept PRs. --------------------- After several days of grind, I was finally able to get my vpn/deluge Docker swarm working properly. The goal of this was to create an isolated/portable environment to use my vpn so I could run it without changing the external IP of everything else running on the host system. Fair warning, I'm terrible at how-to's... The first thing you'll want to do is install Docker and Docker Compose. I like DigitalOcean's guides for this.. Docker -> https://www.digitalocean.com/community/tutorials/how-to-install-and-use-docker-on-ubuntu-16-04 Docker Compose -> https://www.digitalocean.com/community/tutorials/how-to-install-docker-compose-on-ubuntu-16-04 Now you can follow the instructions located here -> https://github.com/rahmnathan/docker . Brief Explanation: vpn - This image downloads, configures, and runs Air's Eddie client. deluge - This image downloads, configures, and runs the Deluge deamon. This image will use the network of the 'vpn' container, which is completely locked down outside of the docker swarm unless it's through the vpn. That brings us to... nginx - This image downloads, configures, and runs nginx. Because our swarm's network is isolated from the host's we need to utilize nginx as a reverse proxy to get into it. This is simply a gateway for us to access the Deluge daemon. Hopefully that's enough information for anyone interested to get started. The cool thing about this is you can force any container through the vpn while leaving the host machine/other containers running outside of the vpn. This gives us a very scalable, portable, isolated way to use the awesome service provided by Air. Feel free to ask questions and suggest edits. Thanks

I'm trying to create a docker image that connects to a VPN on launch with Eddie. It appears the error I'm getting is related to a driver that's needed at some point, but I can't find any details. I'm using the standard portable eddie version (though I also tried mono and ended up with the same result). The relevant logs are as follows... . 2017.04.02 22:27:45 - Operating System: Unix 4.4.0.71 - Linux b55511669e6e 4.4.0-71-generic #92-Ubuntu SMP Fri Mar 24 12:59:01 UTC 2017 x86_64 x86_64 x86_64 GNU/LinuxE 2017.04.02 22:27:46 - OpenVPN Driver - Not available - Will be installed at next connection.I 2017.04.02 22:27:46 - OpenVPN - Version: 2.4.0 - OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09 (/vpn/openvpn)I 2017.04.02 22:27:46 - SSH - Version: OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g 1 Mar 2016 (/usr/bin/ssh)I 2017.04.02 22:27:46 - SSL - Version: stunnel 5.40 (/vpn/stunnel)I 2017.04.02 22:27:46 - curl - Version: 7.47.0 (/usr/bin/curl)I 2017.04.02 22:27:46 - Certification Authorities: /vpn/cacert.pem! 2017.04.02 22:27:46 - Activation of Network Lock - Linux IPTablesI 2017.04.02 22:28:30 - Checking login .... 2017.04.02 22:28:30 - Updating systems & servers data .... 2017.04.02 22:28:32 - Systems & servers data update completed! 2017.04.02 22:28:32 - Logged in.I 2017.04.02 22:28:32 - Session starting.. 2017.04.02 22:28:32 - Unable to understand if IPv6 is active.F 2017.04.02 22:28:32 - Driver can't be installed.nI 2017.04.02 22:28:32 - Server switch requested from keyboard.I 2017.04.02 22:28:32 - Session starting.. 2017.04.02 22:28:32 - Unable to understand if IPv6 is active.F 2017.04.02 22:28:32 - Driver can't be installed. I'm sure I could get this working without Eddie, but I'd rather use the built in network-lock than have to configure something myself. If anyone has any ideas what is going on here, please let me know. Thanks

Hi VPN Experts, I've been reading many hours but I'm still completely lost as to how to achieve what I want. My goal is to set up one or more Docker Containers and run all the applications that should go through the VPN from within said containers so that all the other traffic is uneffected by the VPN. That means that Eddi or OpenVPN, a torrent client etc. must go into a container. Please bear in mind that I'm a complete beginner/noob, but it is my understanding that this solution is a viable, resource light alternative to a VM or an even more complicated(?) Iptables-based split tunneling solution. A more costly way would be to buy a Raspberry Pi and set it up as a proxy server with AirVPN running on it, right? Anyway, I've installed the openvpn package and Docker on Arch Linux but I don't know how to proceed from here. Any help is greatly appreciated. Cheers