Bug: VPN_PORT_FORWARDING_LISTENING_PORT doesn't seem to work

[philipdouglas]

Is this urgent?

No

Host OS

Ubuntu 23.04

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2024-01-01T18:24:19.221Z (commit c826707)

What's the problem 🤔

I saw in the release notes that you'd added the VPN_PORT_FORWARDING_LISTENING_PORT environment variable, so I tried it out to see if I could eliminate mjmeli/qbittorrent-port-forward-gluetun-server from my setup.

I set the variable to 60000 and set qBittorrent to the same but it's showing the connection as Firewalled. As far as I can see gluetun has picked up the setting (see logs) and the port is open, but something's not working right.

Let me know if there's any other useful information I can share.

Share your logs (at least 10 lines)

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2024-01-01T18:24:19.221Z (commit c826707)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-01-02T13:26:30Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.9 and family v4
2024-01-02T13:26:30Z INFO [routing] local ethernet link found: eth0
2024-01-02T13:26:30Z INFO [routing] local ipnet found: 172.19.0.0/16
2024-01-02T13:26:30Z INFO [firewall] enabling...
2024-01-02T13:26:30Z INFO [firewall] enabled successfully
2024-01-02T13:26:31Z INFO [storage] merging by most recent 17743 hardcoded servers and 17743 servers read from /gluetun/servers.json
2024-01-02T13:26:31Z INFO Alpine version: 3.18.5
2024-01-02T13:26:31Z INFO OpenVPN 2.5 version: 2.5.8
2024-01-02T13:26:31Z INFO OpenVPN 2.6 version: 2.6.8
2024-01-02T13:26:31Z INFO Unbound version: 1.17.1
2024-01-02T13:26:31Z INFO IPtables version: v1.8.9
2024-01-02T13:26:31Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: protonvpn
|   |   ├── Server selection settings:
|   |   |   ├── VPN type: openvpn
|   |   |   ├── Countries: united kingdom
|   |   |   ├── Cities: london
|   |   |   └── OpenVPN server selection settings:
|   |   |       └── Protocol: UDP
|   |   └── Automatic port forwarding settings:
|   |       ├── Redirection listening port: 60000
|   |       ├── Use code for provider: protonvpn
|   |       └── Forwarded port file path: /tmp/gluetun/forwarded_port
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   └── Enabled: yes
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2024-01-02T13:26:31Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.9 and family v4
2024-01-02T13:26:31Z INFO [routing] adding route for 0.0.0.0/0
2024-01-02T13:26:31Z INFO [firewall] setting allowed subnets...
2024-01-02T13:26:31Z INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.9 and family v4
2024-01-02T13:26:31Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-01-02T13:26:31Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-01-02T13:26:31Z INFO [http server] http server listening on [::]:8000
2024-01-02T13:26:31Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-01-02T13:26:31Z INFO [firewall] allowing VPN connection...
2024-01-02T13:26:31Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2024-01-02T13:26:31Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-01-02T13:26:31Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]89.238.150.170:1194
2024-01-02T13:26:31Z INFO [openvpn] UDP link local: (not bound)
2024-01-02T13:26:31Z INFO [openvpn] UDP link remote: [AF_INET]89.238.150.170:1194
2024-01-02T13:26:37Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2024-01-02T13:26:37Z INFO [vpn] stopping
2024-01-02T13:26:37Z INFO [vpn] starting
2024-01-02T13:26:37Z INFO [firewall] allowing VPN connection...
2024-01-02T13:26:37Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2024-01-02T13:26:37Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-01-02T13:26:37Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.96.66:1194
2024-01-02T13:26:37Z INFO [openvpn] UDP link local: (not bound)
2024-01-02T13:26:37Z INFO [openvpn] UDP link remote: [AF_INET]146.70.96.66:1194
2024-01-02T13:26:39Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
2024-01-02T13:26:39Z WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-01-02T13:26:39Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2024-01-02T13:26:39Z INFO [openvpn] [node-uk-13.protonvpn.net] Peer Connection Initiated with [AF_INET]146.70.96.66:1194
2024-01-02T13:26:39Z INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-01-02T13:26:39Z INFO [openvpn] TUN/TAP device tun0 opened
2024-01-02T13:26:39Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-01-02T13:26:39Z INFO [openvpn] /sbin/ip link set dev tun0 up
2024-01-02T13:26:39Z INFO [openvpn] /sbin/ip addr add dev tun0 10.24.0.13/16
2024-01-02T13:26:39Z INFO [openvpn] UID set to nonrootuser
2024-01-02T13:26:39Z INFO [openvpn] Initialization Sequence Completed
2024-01-02T13:26:39Z INFO [dns] downloading DNS over TLS cryptographic files
2024-01-02T13:26:44Z INFO [healthcheck] healthy!
2024-01-02T13:26:49Z WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": dial tcp [2620:0:2830:200::b:9]:443: connect: cannot assign requested address
2024-01-02T13:26:49Z INFO [dns] attempting restart in 10s
2024-01-02T13:26:50Z INFO [ip getter] Public IP address is 146.70.96.73 (United Kingdom, England, London)
2024-01-02T13:26:50Z INFO [vpn] You are running on the bleeding edge of latest!
2024-01-02T13:26:50Z INFO [port forwarding] starting
2024-01-02T13:26:50Z INFO [port forwarding] gateway external IPv4 address is 146.70.96.73
2024-01-02T13:26:50Z INFO [port forwarding] port forwarded is 62651
2024-01-02T13:26:50Z INFO [firewall] setting allowed input port 62651 through interface tun0...
2024-01-02T13:26:50Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
2024-01-02T13:26:59Z INFO [dns] downloading DNS over TLS cryptographic files
2024-01-02T13:27:01Z INFO [dns] downloading hostnames and IP block lists
2024-01-02T13:27:11Z INFO [dns] init module 0: validator
2024-01-02T13:27:11Z INFO [dns] init module 1: iterator
2024-01-02T13:27:11Z INFO [dns] start of service (unbound 1.17.1).
2024-01-02T13:27:11Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-01-02T13:27:11Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-01-02T13:27:11Z INFO [dns] ready

Share your configuration

gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - OPENVPN_USER=${PROTONVPN_USER}+pmp
      - OPENVPN_PASSWORD=${PROTONVPN_PASSWORD}
      - SERVER_COUNTRIES=United Kingdom
      - SERVER_CITIES=London
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_LISTENING_PORT=60000
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
    restart: unless-stopped
    volumes:
      - ./config/gluetun:/gluetun
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: "service:gluetun"
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TIMEZONE}
      - WEBUI_PORT=8080
    volumes:
      - ./config/qbittorrent:/config
      - /home/${USERNAME}/Downloads:/downloads
    restart: unless-stopped
    depends_on:
      - gluetun

[Stetsed]

So this is to be expected, as Qbittorrent is not only binding to this port. But it's also announcing this port as the one it's using to trackers and such. I have looked and it doesn't seem to currently be possible to tell qbittorent to listen on one port, but announce another port easily. This wouldn't solve the issue of removing a container(and you still need to update the announce port) however I suspect it would fix the binding issue which I have noted in my "Fix Script which has been working fine for me.

If somebody else is able to find a solution for this I would love to hear it tbf, but right now I do not see a way to do it.

[qdm12]

This may be related to #2354 ... or not, we'll find out!

[qdm12]

I think @Stetsed is right anyway, but, just in case you want to test it out again, this got fixed recently in the latest image. I'll make bugfix releases for previous 2-3 releases, and will cut a new v3.39.0 release in the coming 2-3 days. Closing this as completed 😉
Also @philipdouglas @Stetsed you might be interested in subscribing to this fresh new PR #2399 which will allow you to run a script when the port forwarding is setup, meaning you could soon easily update qbittorrent with the new port with your little wget command or shell script if you want. Enjoy!

[github-actions]

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.