Bug: control server shows port forwarded as 0

[samtate]

Is this urgent?

No

Host OS

Debian 12 (virtualised in Proxmox)

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-08-01T11:55:38.342Z (commit 34e8f5f)

What's the problem 🤔

I am trying to find my forwarded port using the endpoint /v1/openvpn/portforwarded as stated on the Wiki, however I always get a response of {"port":0}. Similarly when using the endpoint /v1/openvpn/status I always get a response of {"status":"stopped"}.

However, the endpoint /v1/publicip/ip does work and return the IP and other data as expected. The connection works other than this, so I think there is an issue with the openvpn endpoint for wireguard connections?

I am using ProtonVPN via Wireguard using the custom provider as outlined on the Wiki.

Share your logs (at least 10 lines)

gluetun                     | 2024-08-02T14:06:57+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 33.956µs
gluetun                     | 2024-08-02T14:06:57+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 15.839µs
gluetun                     | 2024-08-02T14:06:57+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 17.371µs
gluetun                     | 2024-08-02T14:06:57+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 16.661µs
gluetun                     | 2024-08-02T14:06:58+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 24.243µs
gluetun                     | 2024-08-02T14:06:58+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 17.233µs
gluetun                     | 2024-08-02T14:06:58+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 17.215µs
gluetun                     | 2024-08-02T14:06:58+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 18.046µs
gluetun                     | 2024-08-02T14:06:59+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 26.882µs
gluetun                     | 2024-08-02T14:06:59+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:37044 in 20.99µs
gluetun                     | 2024-08-02T14:07:13+01:00 INFO [http server] 200 GET /portforwarded wrote 11B to 192.168.86.88:59334 in 20.011µs
gluetun                     | 2024-08-02T14:07:20+01:00 INFO [http server] 200 GET /ip wrote 259B to 192.168.86.88:59344 in 28.535µs

Share your configuration

services:
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8001:8000/tcp
      - 8888:8888/tcp # HTTP proxy
    volumes:
      - /mnt/NAS/gluetun:/gluetun
    environment:
      - TZ=Europe/London #CHANGE_TO_YOUR_TZ
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP=xx.xx.xx.xx
      - VPN_ENDPOINT_PORT=51820
      - WIREGUARD_PUBLIC_KEY=xxx
      - WIREGUARD_PRIVATE_KEY=xxx
      - WIREGUARD_ADDRESSES=xx.xx.xx.xx
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
      - HTTPPROXY=off #change to on if you wish to enable
      - SHADOWSOCKS=off #change to on if you wish to enable
      - FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.86.0/24 #change this in line with your subnet see note on guide.
      - UPDATER_PERIOD=24h
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: always

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[qdm12]

Can you share your full logs?

The /v1/openvpn/portforwarded is actually independent of the VPN protocol, really, relevant code:

gluetun/internal/server/openvpn.go

Line 126 in 10384c9

ports := h.pf.GetPortsForwarded()

So my guess is port forwarding either didn't launch or there is a port forwarding bug somewhere 🤔

/v1/openvpn/status works as 'expected', it's the recent documentation change I made that was wrong 😄 Changed it in qdm12/gluetun-wiki@af757af ! There is no way for now to get status information on wireguard...

[samtate]

Aha, thanks for the info. Yes I have no need for the openvpn endpoint I just thought it may have been relevant but now I see it is not! I've censored my public VPN IP. Probably not necessary to censor but also probably not necessary for debug? I have confirmed the proton server I am connecting to does support port forwarding according to them.

Slightly unrelated, do you have an alternative crypto donate wallet? I've been meaning to support the project but I'd rather not use card and I have no Kusama

Below are my logs:

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-08-01T11:55:38.342Z (commit 34e8f5f)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-08-02T14:09:13+01:00 WARN You are using the old environment variable VPN_ENDPOINT_IP, please consider changing it to OPENVPN_ENDPOINT_IP
2024-08-02T14:09:13+01:00 WARN You are using the old environment variable VPN_ENDPOINT_PORT, please consider changing it to OPENVPN_ENDPOINT_PORT
2024-08-02T14:09:13+01:00 WARN You are using the old environment variable VPN_ENDPOINT_IP, please consider changing it to WIREGUARD_ENDPOINT_IP
2024-08-02T14:09:13+01:00 WARN You are using the old environment variable VPN_ENDPOINT_PORT, please consider changing it to WIREGUARD_ENDPOINT_PORT
2024-08-02T14:09:13+01:00 INFO [routing] default route found: interface eth0, gateway 172.26.0.1, assigned IP 172.26.0.2 and family v4
2024-08-02T14:09:13+01:00 INFO [routing] local ethernet link found: eth0
2024-08-02T14:09:13+01:00 INFO [routing] local ipnet found: 172.26.0.0/16
2024-08-02T14:09:13+01:00 INFO [firewall] enabling...
2024-08-02T14:09:13+01:00 INFO [firewall] enabled successfully
2024-08-02T14:09:14+01:00 INFO [storage] merging by most recent 19689 hardcoded servers and 19817 servers read from /gluetun/servers.json
2024-08-02T14:09:14+01:00 INFO [storage] Using nordvpn servers from file which are 49 days more recent
2024-08-02T14:09:14+01:00 INFO [storage] Using protonvpn servers from file which are 23 hours more recent
2024-08-02T14:09:14+01:00 INFO Alpine version: 3.20.2
2024-08-02T14:09:14+01:00 INFO OpenVPN 2.5 version: 2.5.10
2024-08-02T14:09:14+01:00 INFO OpenVPN 2.6 version: 2.6.11
2024-08-02T14:09:14+01:00 INFO Unbound version: 1.20.0
2024-08-02T14:09:14+01:00 INFO IPtables version: v1.8.10
2024-08-02T14:09:14+01:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: custom
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Target IP address: _xx.xx.xx.xx_
|   |       └── Wireguard selection settings:
|   |           ├── Endpoint IP address: _xx.xx.xx.xx_
|   |           ├── Endpoint port: 51820
|   |           └── Server public key: _xxx_
|   └── Wireguard settings:
|       ├── Private key: xxxxxx
|       ├── Interface addresses:
|       |   └── 10.2.0.2/32
|       ├── Allowed IPs:
|       |   ├── 0.0.0.0/0
|       |   └── ::/0
|       └── Network interface: tun0
|           └── MTU: 1400
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── Outbound subnets:
|       ├── 172.20.0.0/16
|       └── 192.168.86.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Europe/London
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes
2024-08-02T14:09:14+01:00 INFO [routing] default route found: interface eth0, gateway 172.26.0.1, assigned IP 172.26.0.2 and family v4
2024-08-02T14:09:14+01:00 INFO [routing] adding route for 0.0.0.0/0
2024-08-02T14:09:14+01:00 INFO [firewall] setting allowed subnets...
2024-08-02T14:09:14+01:00 INFO [routing] default route found: interface eth0, gateway 172.26.0.1, assigned IP 172.26.0.2 and family v4
2024-08-02T14:09:14+01:00 INFO [routing] adding route for 172.20.0.0/16
2024-08-02T14:09:14+01:00 INFO [routing] adding route for 192.168.86.0/24
2024-08-02T14:09:14+01:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-08-02T14:09:14+01:00 INFO [http server] http server listening on [::]:8000
2024-08-02T14:09:14+01:00 INFO [firewall] allowing VPN connection...
2024-08-02T14:09:14+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-08-02T14:09:14+01:00 INFO [wireguard] Using available kernelspace implementation
2024-08-02T14:09:14+01:00 INFO [wireguard] Connecting to _xx.xx.xx.xx_:51820
2024-08-02T14:09:14+01:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-08-02T14:09:14+01:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-08-02T14:09:14+01:00 INFO [healthcheck] healthy!
2024-08-02T14:09:15+01:00 INFO [dns] downloading hostnames and IP block lists
2024-08-02T14:09:21+01:00 INFO [dns] init module 0: validator
2024-08-02T14:09:21+01:00 INFO [dns] init module 1: iterator
2024-08-02T14:09:21+01:00 INFO [dns] start of service (unbound 1.20.0).
2024-08-02T14:09:21+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T14:09:21+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T14:09:21+01:00 INFO [dns] ready
2024-08-02T14:09:21+01:00 INFO [healthcheck] healthy!
2024-08-02T14:09:22+01:00 INFO [ip getter] Public IP address is _xx.xx.xx.xx_ (United Kingdom, England, London)
2024-08-02T14:09:22+01:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-08-02T14:11:13+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:48274 in 61.355µs
2024-08-02T14:11:34+01:00 INFO [http server] 200 GET /ip wrote 259B to 192.168.86.88:40508 in 79.425µs
2024-08-02T14:22:43+01:00 INFO [http server] 200 GET /ip wrote 259B to 192.168.86.88:56858 in 41.244µs
2024-08-02T14:22:44+01:00 INFO [http server] 200 GET /status wrote 21B to 192.168.86.88:56858 in 33.937µs
2024-08-02T14:22:45+01:00 INFO [http server] 200 GET /portforwarded wrote 11B to 192.168.86.88:56858 in 36.265µs
2024-08-02T14:22:45+01:00 INFO [http server] 200 GET /portforwarded wrote 11B to 192.168.86.88:56870 in 19.513µs
2024-08-02T14:22:45+01:00 INFO [http server] 400 GET /favicon.ico wrote 41B to 192.168.86.88:56870 in 7.922µs
2024-08-02T15:10:43+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T16:11:47+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T18:44:19+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T20:04:34+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T21:14:30+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T22:15:49+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN
2024-08-02T23:34:45+01:00 INFO [dns] generate keytag query _ta-4a5c-4f66-9728. NULL IN

[samtate]

I did just try change VPN_ENDPOINT_IP to WIREGUARD_ENDPOINT_IP as suggested in the logs, and same for the port variable, but same result unfortunately.

[qdm12]

😄 you need to turn port forwarding on! VPN_PORT_FORWARDING=on. Closing this since it looks like it's documented properly (at least on the protonvpn wiki page).

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.