Help: cannot acces containers behind the vpn

[kajvans]

Is this urgent?

No

Host OS

Debian 12

CPU arch

x86_64

VPN service provider

ExpressVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on Jun 28, 2024

What's the problem 🤔

i cant access my services that are running behind the container.
this is how i connect to my container: network_mode: container:gluetun
gluetin itself is working and i can see its ip that is has.
I want to access my services on port 8080 and 8082 but when i try connecting it just gives me: "site cant be reached"
All my containers that are not in the gluetun network also can access the other services only things not on the computer cant acces them

Share your logs (at least 10 lines)

all values are hidden
Running version latest built on 2024-06-28T21:00:48.750Z (commit fe05521)
all values are hidden
🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? [email protected]
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2024-06-29T11:34:19+02:00 INFO [routing] default route found: interface eth0, gateway 172.19.0.1, assigned IP 172.19.0.11 and family v4
2024-06-29T11:34:19+02:00 INFO [routing] local ethernet link found: eth0
2024-06-29T11:34:19+02:00 INFO [routing] local ipnet found: 172.19.0.0/16
2024-06-29T11:34:19+02:00 INFO [firewall] enabling...
2024-06-29T11:34:19+02:00 INFO [firewall] enabled successfully
2024-06-29T11:34:20+02:00 INFO [storage] merging by most recent 19425 hardcoded servers and 19425 servers read from /gluetun/servers.json
2024-06-29T11:34:21+02:00 INFO Alpine version: 3.19.2
2024-06-29T11:34:21+02:00 INFO OpenVPN 2.5 version: 2.5.8
2024-06-29T11:34:21+02:00 INFO OpenVPN 2.6 version: 2.6.8
2024-06-29T11:34:21+02:00 INFO Unbound version: 1.20.0
2024-06-29T11:34:21+02:00 INFO IPtables version: v1.8.10
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── VPN input ports:
|       └── 57786
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 998
|   ├── Process GID: 100
|   └── Timezone: Europe/Berlin
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
└── Version settings:
    └── Enabled: yes


UFW:
Anywhere                   ALLOW       192.168.1.175
Anywhere                   ALLOW       192.168.1.143
8080/tcp                   ALLOW       Anywhere
8086/tcp                   ALLOW       Anywhere
8080/udp                   ALLOW       Anywhere
8082/udp                   ALLOW       Anywhere

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    networks:
      - services
    environment:
      - PUID=998
      - PGID=100
      - TZ=Europe/Berlin
      - VPN_SERVICE_PROVIDER=expressvpn
      - OPENVPN_USER=
      - OPENVPN_PASSWORD=
      - SERVER_COUNTRIES=Netherlands
      - FIREWALL_VPN_INPUT_PORTS=57786
    volumes:
      - /srv/mergerfs/config/appdata/gluetun:/gluetun
    ports:
      - 8086:8000/tcp
      - 8080:8080 # SABnzbd WEB GUI
      - 8081-8085:8081-8085 # qBittorrent WEB GUI
      - 6881-6885:6881-6885/udp
      - 6881-6885:6881-6885
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    restart: unless-stopped
networks:
  services:
    external: true

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[frepke]

Be careful exposing your credentials as you did.
I removed them for you.

[qdm12]

Thanks @frepke !

@kajvans I'm not sure what produces site cant be reached, I guess that's one of your other containers? Is this in your browser? What service are you trying to access that gives you site cant be reached. Alternatively you can try having the other containers in the same docker-compose.yml and use network_mode: "service:gluetun"?

[kajvans]

sabnzbd and qbittorrent both give the same error. Also when trying to run it in the same compose file nothing changes

[frepke]

sabnzbd and qbittorrent both give the same error. Also when trying to run it in the same compose file nothing changes

Are you on a OpenMediaVault box? If yes, don't use UID 998 and GID 100.
How do you try to connect to the web interface of SABNZBD, <server-ip>:port

Can you also post the combined compose-file

[kajvans]

'''version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
networks:
- services
environment:
- PUID=998
- PGID=100
- TZ=Europe/Berlin
- VPN_SERVICE_PROVIDER=expressvpn
- OPENVPN_USER=
- OPENVPN_PASSWORD=
- SERVER_COUNTRIES=Netherlands
- FIREWALL_VPN_INPUT_PORTS=57786
volumes:
- /srv/mergerfs/config/appdata/gluetun:/gluetun
ports:
- 8086:8000/tcp
- 8080:8080 # SABnzbd WEB GUI
- 8081-8085:8081-8085 # qBittorrent WEB GUI
- 6881-6885:6881-6885/udp
- 6881-6885:6881-6885
- 8888:8888/tcp # HTTP proxy
- 8388:8388/tcp # Shadowsocks
- 8388:8388/udp # Shadowsocks
restart: unless-stopped
qbittorrent:
# latest version has a memory leak on Debian/Ubuntu by the looks of it
image: lscr.io/linuxserver/qbittorrent:14.3.9
container_name: qbittorrent
network_mode: service:gluetun
environment:
- PUID=998
- PGID=100
- TZ=Europe/Berlin
- WEBUI_PORT=8082
volumes:
- /srv/mergerfs/config/appdata/qbittorrent:/config
- /srv/mergerfs/pool/share_media/:/data
restart: unless-stopped
sabnzbd:
image: lscr.io/linuxserver/sabnzbd:latest
restart: unless-stopped
network_mode: service:gluetun
container_name: sabnzbd
environment:
- PUID=998
- PGID=100
- TZ=Europe/Berlin
volumes:
- /srv/mergerfs/config/appdata/sabnzbd:/config
- /srv/mergerfs/pool/share_media/:/data #optional
- /srv/mergerfs/pool/share_media/incomplete:/incomplete-downloads
networks:
services:
external: true
'''

I try to access it by ip:ports
And why shouldn't I use uid 998 and gid 100

[frepke]

When it's an OMV machine, UID 998 is the OMV admin user. It gives you user and permission issues (you can read a lot of this mistake on the OMV forum). In OMV you can create a new user for your docker-containers if you want.

[kajvans]

so i should just remove it?

[frepke]

No, create a new user and use the UID and GID from that user.

[kajvans]

Oke I will, but that is not the reason that I first could access containers behind gluetun and now not. Did not change anything in the container only installed a fresh os so maybe the firewall problem but that is also weird because my computer has completed access and also all the ports are open