Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: FIREWALL_VPN_INPUT_PORTS doesn't work with more than one port specified #2719

Open
robotfactory opened this issue Feb 25, 2025 · 1 comment
Open

Bug: FIREWALL_VPN_INPUT_PORTS doesn't work with more than one port specified #2719

robotfactory opened this issue Feb 25, 2025 · 1 comment

Comments

@robotfactory
Copy link

robotfactory commented Feb 25, 2025
edited
Loading

Is this urgent?

None

Host OS

Ubuntu 24.04

CPU arch

x86_64

VPN service provider

AirVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

13532c8

What's the problem 🤔

Any time FIREWALL_VPN_INPUT_PORTS is set to include more than one port, port forwarding stops working. I've verified multiple times that it works with one single port, but as soon as a second is added, it silently stops working. Both ports work when used one at a time.

In the config example, both ports 5035 and 11235 work fine on their own when used one at a time. But add the second and they both stop working. Remove one again, and the remaining one works.

Share your logs (at least 10 lines)

gluetun  | 2025-02-25T05:36:22Z INFO [vpn] starting
gluetun  | 2025-02-25T05:36:22Z INFO [firewall] allowing VPN connection...
gluetun  | 2025-02-25T05:36:22Z INFO [wireguard] Using available kernelspace implementation
gluetun  | 2025-02-25T05:36:22Z INFO [wireguard] Connecting to 68.235.52.67:1637
gluetun  | 2025-02-25T05:36:22Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
gluetun  | 2025-02-25T05:36:22Z INFO [firewall] setting allowed input port 5035 through interface tun0...
gluetun  | 2025-02-25T05:36:22Z INFO [firewall] setting allowed input port 11235 through interface tun0...
gluetun  | 2025-02-25T05:36:23Z INFO [healthcheck] healthy!
gluetun  | 2025-02-25T05:36:23Z INFO [ip getter] Public IP address is 68.235.52.68 (United States, Illinois, Chicago - source: ipinfo)
gluetun  | 2025-02-25T05:36:27Z INFO [dns] DNS server listening on [::]:53
gluetun  | 2025-02-25T05:36:27Z INFO [dns] ready

Share your configuration

container_name: gluetun
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 63826:8112 # Deluge
      - 6881:6881 #Deluge
      - 6881:6881/udp #Deluge
      - 58846:58846 #optional
      - 40095:40095/udp #deluge
      - 47030:47030/udp
      - 40095:40095/tcp
      - 47030:47030/tcp
    volumes:
      - ./gluetun_data:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=airvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=[redacted]
      - WIREGUARD_PRESHARED_KEY=[redacted]
      - WIREGUARD_ADDRESSES=10.165.75.10/32
      - SERVER_COUNTRIES=United States
      - FIREWALL_VPN_INPUT_PORTS=5035,11235
@github-actions GitHub Actions
Copy link
Contributor

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@robotfactory