Replies: 1 comment
-
|
The leak is due the start time on s6, i was thinking patch it somehow to reduce the chances of the leak, another solution could be to add a delay to the torrent container somehow |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I was about to post it as a bug, but I eventually came accros the discussion #161 about dns leak at bootstrap...
So posting my case here anyway, looking for more info on this potential dns leak.
Describe the bug
When I start up my stack, it looks like the torrent container is able to connect to internet before the iptables rules are set.
It happens for a very brief time apparently, but enough for the ISP public IP to leak through the torrent tracker.
Basically spotted it thanks to the ipleak.net torrent reporting the public IP seen by their tracker, which always displays my ISP public IP when (re)starting the stack, reporting then the VPN IP after a "force reannounce". Also more clearly displays my IP from their online "monitoring" (see screenshot).
I don't get how it is possible, since from the logs I always see the torrent container [s6-init] happening after the vpn container "Firewall is up" step. But my public IP reported by ipleak.me is definitely coming from the torrent container.
Maybe worth to mention as well that i'm running the :basic_ports version of the image following bug similar to #199.
To Reproduce using docker-compose
Expected behavior
Do not leak my public IP at startup.
Logs
pi@ubuntu:~/bubuntux_nordvpn$ docker-compose logs
Attaching to qbittorrent, bubuntux_nordvpn_vpn_1
vpn_1 | [2021-11-17T23:11:25+00:00] Firewall is up, everything has to go through the vpn
vpn_1 | [2021-11-17T23:11:25+00:00] Enabling connection to secure interfaces
vpn_1 | [2021-11-17T23:11:25+00:00] Opening basic ports
vpn_1 | [2021-11-17T23:11:25+00:00] Enabling connection to nordvpn group
vpn_1 | [2021-11-17T23:11:25+00:00] Enabling connection to docker network
vpn_1 | [2021-11-17T23:11:25+00:00] Enabling connection to network 192.168.1.0/24
vpn_1 | [2021-11-17T23:11:25+00:00] Restarting the service
vpn_1 | [2021-11-17T23:11:25+00:00] Waiting for the service to start
vpn_1 | [2021-11-17T23:11:25+00:00] Logging in
Welcome to NordVPN! You can now connect to VPN by using 'nordvpn connect'.
vpn_1 | [2021-11-17T23:11:28+00:00] Setting up NordVPN Version 3.10.0
vpn_1 | Technology is successfully set to 'NordLynx'.
vpn_1 | Subnet 172.30.0.0/16 is whitelisted successfully.
vpn_1 | Subnet 192.168.1.0/24 is whitelisted successfully.
vpn_1 | [2021-11-17T23:11:28+00:00] Connecting...
Connecting to France #738 (fr738.nordvpn.com)
You are connected to France #738 (fr738.nordvpn.com)!
qbittorrent | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
qbittorrent | [s6-init] ensuring user provided files have correct perms...exited 0.
qbittorrent | [fix-attrs.d] applying ownership & permissions fixes...
qbittorrent | [fix-attrs.d] done.
qbittorrent | [cont-init.d] executing container initialization scripts...
qbittorrent | [cont-init.d] 00-env-file-init: executing...
qbittorrent | [cont-init.d] 00-env-file-init: exited 0.
qbittorrent | [cont-init.d] 00-start-container: executing...
qbittorrent | ...
Under the pixelized slot...my public IP:
Additional context
Linux ubuntu 5.4.0-1045-raspi aarch64
Beta Was this translation helpful? Give feedback.
All reactions