Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bug: iptables segmentation fault v1.8.9 + v1.4.21 #1852

Closed
ohniceman opened this issue Sep 9, 2023 · 8 comments
Closed

Bug: iptables segmentation fault v1.8.9 + v1.4.21 #1852

ohniceman opened this issue Sep 9, 2023 · 8 comments

Comments

@ohniceman
Copy link

Is this urgent?

Yes

Host OS

QNAP QTS 5.1.1.2491

CPU arch

armv7l

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version v3.35.0 built on 2023-06-28T13:06:38.000Z (commit 44bc60b)

What's the problem 🤔

On v3.35.0 I encountered:
ERROR no iptables supported found: errors encountered are: iptables-nft: (signal: segmentation fault); iptables: (signal: segmentation fault)
as seen in the logs when running on my QNAP host.

I tested error to not be present on v3.34.3.
I tested error to not be present on a Windows Host.

Symptom looks similar to: #1062
Per @qdm12's comment running
docker run -it --rm alpine:3.18
apk add iptables
iptables -L
exit
Yields no stdout.

Share your logs

Running version v3.35.0 built on 2023-06-28T13:06:38.000Z (commit 44bc60b)
🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-09-09T18:31:35+10:00 INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2023-09-09T18:31:35+10:00 INFO [routing] local ethernet link found: eth0
2023-09-09T18:31:35+10:00 INFO [routing] local ipnet found: 172.29.0.0/22
2023-09-09T18:31:35+10:00 ERROR no iptables supported found: errors encountered are: iptables-nft:  (signal: segmentation fault); iptables:  (signal: segmentation fault)
2023-09-09T18:31:35+10:00 INFO Shutdown successful

Share your configuration

version: "3"
services:
  gluetun:
    container_name: gluetun
    restart: always
    image: qmcgaw/gluetun:v3.35.0
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
    volumes:
      - /share/Container/gluetun:/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=openvpn
      - OPENVPN_USER=###
      - OPENVPN_PASSWORD=N###
      - SERVER_COUNTRIES=Singapore
      - TZ=###
      #- VPN_PORT_FORWARDING=on
      #- VPN_PORT_FORWARDING_PROVIDER=protonvpn
@ohniceman
Copy link
Author

ohniceman commented Sep 9, 2023

After seeing the following provide no output.
docker run -it --rm alpine:3.18
apk add iptables
iptables -L
exit
I noted that from 3.34.3 > 3.35.0 alpine was changed from 3.17 to 3.18.
I ran the above commands on alpine 3.17 instead, and i got an output!

So I substituted the ARG ALPINE_VERSION=3.18 ARG GO_ALPINE_VERSION=3.18 arguments from 3.18 to 3.17 and rebuilt the docker image and deployed.

It works!

So it seems the QNAP OS 5.1.1.2491 is not friendly with alpine 3.18. Now I am not a developer or programmer so I am not sure of the repercussions of this change or if this will break anything else, so I will await your reply for a more suitable solution.

@ohniceman
Copy link
Author

Also tried the above with earlier versions of alpine 3.18; 3.18.0, 3.18.2, all show the same symptoms.
Symptom is likely caused by a change between alpine 3.17.5 and 3.18.0.

@qdm12
Copy link
Owner

qdm12 commented Sep 13, 2023

What do you get from:

docker run -it --rm alpine:3.18
apk add iptables
iptables -L
echo $?
exit

What's the code?

Usually (signal: segmentation fault) means there is something terribly wrong with iptables.
And on your host, what do you get from iptables --version?

Sticking to Alpine 3.17 isn't too bad, it's just that your Openvpn version will be stuck on Openvpn 2.5 and Openvpn 2.6 won't be available.

@ohniceman
Copy link
Author

Thanks for your response!

As seen in the photo, on 3.18 there is no output.
iptables version: v1.4.21

image

@qdm12
Copy link
Owner

qdm12 commented Sep 20, 2023

echo $? should had logged an exit code such as 0, 1 or another number. A bit strange nothing is 'echoed'.

iptables v1.4.21 is 10 years old (link), would it be possible that you update it? 🤔 Maybe via a qnap system upgrade?

@qdm12 qdm12 changed the title Bug: ERROR no iptables supported found Bug: iptables segmentation fault v1.8.9 + v1.4.21 Sep 20, 2023
@qdm12
Copy link
Owner

qdm12 commented May 1, 2024

Hi there, did you figure it out in the end? Thanks!

@qdm12 qdm12 added the Closed: ⚰️ Inactive No answer was received for weeks label Aug 3, 2024
@qdm12
Copy link
Owner

qdm12 commented Aug 3, 2024

Closing due to inactivity

@qdm12 qdm12 closed this as not planned Won't fix, can't repro, duplicate, stale Aug 3, 2024
Copy link
Contributor

github-actions bot commented Aug 3, 2024

Closed issues are NOT monitored, so commenting here is likely to be not seen.
If you think this is still unresolved and have more information to bring, please create another issue.

This is an automated comment setup because @qdm12 is the sole maintainer of this project
which became too popular to monitor issues closed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants