Skip to content

Bug: The ProtonVPN port is changing every minute #3196

New issue
New issue
Open
Open
Bug: The ProtonVPN port is changing every minute#3196
Labels
Category: User error 🤦Category: VPN port forwarding 📥Status: 🗯️ Waiting for feedback☁️ ProtonVPN
@brumik

Description

@brumik
brumik
opened on Mar 5, 2026

EDIT

This seems to be working fine if I switch to OpenVPN TCP. So I am guessing that this is some issue with dropped UDP packages on Wireguard. (I havent tested OpenVPN UDP)

Is this urgent?

No

Host OS

NixOS

CPU arch

x86_64

VPN service provider

ProtonVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2025-12-29T05:33:29.822Z (commit 9b9b723)

What's the problem 🤔

Everything works but every second check for port on protonvpn returns an error and changed port. It updates as expected but it seems the port changes just about every 50s-1m that means that connection for apps that depend on open port is broken.

I cannot pinpoint it to a exact point, but I noticed issues first about at least 3 weeks ago (sorry, tooke me a bit to get into investigation)

Share your logs (at least 10 lines)

Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z ERROR [port forwarding] external port changed: 59264 changed to 45666
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z INFO [port forwarding] starting
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z INFO [port forwarding] gateway external IPv4 address is 45.92.33.174
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z INFO [port forwarding] port forwarded is 45666
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z INFO [firewall] setting allowed input port 45666 through interface tun0...
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z DEBUG [firewall] /usr/sbin/iptables --append INPUT -i tun0 -p tcp -m tcp --dport 45666 -j ACCEPT
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z DEBUG [firewall] /usr/sbin/ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 45666 -j ACCEPT
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z DEBUG [firewall] /usr/sbin/iptables --append INPUT -i tun0 -p udp -m udp --dport 45666 -j ACCEPT
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z DEBUG [firewall] /usr/sbin/ip6tables --append INPUT -i tun0 -p udp -m udp --dport 45666 -j ACCEPT
Mär 05 21:31:21 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:21Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
Mär 05 21:31:22 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:22Z DEBUG [dns] response blocked for ipv4.tracker.harry.lu. because 127.0.0.1 is private and the question name is not local nor exempt from rebinding protection
Mär 05 21:31:34 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:34Z DEBUG [dns] exchanging over tls connection (2000ms) for request IN A thinking.duckdns.org.: read tcp 10.2.0.2:57982->1.1.1.1:853: i/o timeout
Mär 05 21:31:37 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:37Z DEBUG [dns] response blocked for opentracker.internetwarriors.net. because 127.0.0.1 is private and the question name is not local nor exempt from rebinding protection
Mär 05 21:31:48 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:48Z DEBUG [dns] response blocked for ipv4.tracker.harry.lu. because 127.0.0.1 is private and the question name is not local nor exempt from rebinding protection
Mär 05 21:31:50 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:50Z DEBUG [http server] access to route GET /v1/portforward authorized for role nicotine
Mär 05 21:31:50 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:31:50Z INFO [http server] 200 GET /v1/portforward wrote 15B to 127.0.0.1:32990 in 33.419µs
Mär 05 21:32:06 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:06Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
Mär 05 21:32:06 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:06Z DEBUG [port forwarding] port forwarded 45666 maintained
Mär 05 21:32:50 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:50Z DEBUG [http server] access to route GET /v1/portforward authorized for role nicotine
Mär 05 21:32:50 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:50Z INFO [http server] 200 GET /v1/portforward wrote 15B to 127.0.0.1:45136 in 38.946µs
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z INFO [firewall] removing allowed port 45666...
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/iptables -t filter -L INPUT --line-numbers -n -v
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] found iptables chain rule matching "--delete INPUT -i tun0 -p tcp -m tcp --dport 45666 -j ACCEPT" at line number 4
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/iptables -t filter -D INPUT 4
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/ip6tables -t filter -L INPUT --line-numbers -n -v
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] found iptables chain rule matching "--delete INPUT -i tun0 -p tcp -m tcp --dport 45666 -j ACCEPT" at line number 3
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/ip6tables -t filter -D INPUT 3
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/iptables -t filter -L INPUT --line-numbers -n -v
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] found iptables chain rule matching "--delete INPUT -i tun0 -p udp -m udp --dport 45666 -j ACCEPT" at line number 4
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/iptables -t filter -D INPUT 4
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/ip6tables -t filter -L INPUT --line-numbers -n -v
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] found iptables chain rule matching "--delete INPUT -i tun0 -p udp -m udp --dport 45666 -j ACCEPT" at line number 3
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/ip6tables -t filter -D INPUT 3
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z INFO [port forwarding] clearing port file /tmp/gluetun/forwarded_port
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z ERROR [port forwarding] external port changed: 45666 changed to 60293
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z INFO [port forwarding] starting
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z INFO [port forwarding] gateway external IPv4 address is 45.92.33.174
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z INFO [port forwarding] port forwarded is 60293
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z INFO [firewall] setting allowed input port 60293 through interface tun0...
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/iptables --append INPUT -i tun0 -p tcp -m tcp --dport 60293 -j ACCEPT
Mär 05 21:32:51 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:51Z DEBUG [firewall] /usr/sbin/ip6tables --append INPUT -i tun0 -p tcp -m tcp --dport 60293 -j ACCEPT
Mär 05 21:32:52 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:52Z DEBUG [firewall] /usr/sbin/iptables --append INPUT -i tun0 -p udp -m udp --dport 60293 -j ACCEPT
Mär 05 21:32:52 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:52Z DEBUG [firewall] /usr/sbin/ip6tables --append INPUT -i tun0 -p udp -m udp --dport 60293 -j ACCEPT
Mär 05 21:32:52 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:32:52Z INFO [port forwarding] writing port file /tmp/gluetun/forwarded_port
Mär 05 21:33:37 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:33:37Z DEBUG [port forwarding] refreshing port forward since 45 seconds have elapsed
Mär 05 21:33:37 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:33:37Z DEBUG [port forwarding] port forwarded 60293 maintained
Mär 05 21:33:50 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:33:50Z DEBUG [http server] access to route GET /v1/portforward authorized for role nicotine
Mär 05 21:33:50 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:33:50Z INFO [http server] 200 GET /v1/portforward wrote 15B to 127.0.0.1:45954 in 49.832µs
Mär 05 21:33:55 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:33:55Z DEBUG [dns] renewing tls connection for request IN A dht.transmissionbt.com.: dialing tcp 1.1.1.1:853: dial tcp 1.1.1.1:853: i/o timeout
Mär 05 21:34:00 sleeper docker-gluetun-transmission-start[2275066]: 2026-03-05T20:34:00Z DEBUG [dns] renewing tls connection for request IN A dht.transmissionbt.com.: dialing tcp 1.0.0.1:853: dial tcp 1.0.0.1:853: i/o timeout

Share your configuration

# + a secret as env file for wireguard
      gluetun-transmission = {
        image = "qmcgaw/gluetun:latest";
        # pull = "always";
        ports = [
          # For transmission since the networking is going through this container
          "9092:9091"
          "51413:51413"
          "51413:51413/udp"
        ];
        capabilities = { NET_ADMIN = true; };
        environment = {
          LOG_LEVEL = "debug";
          VPN_SERVICE_PROVIDER = "protonvpn";
          VPN_TYPE = "wireguard";
          SERVER_COUNTRIES = "Greece";
          PORT_FORWARD_ONLY = "on";
          VPN_PORT_FORWARDING = "on";
          GLUETUN_HTTP_CONTROL_SERVER_ENABLE = "on";
          HTTP_CONTROL_SERVER_AUTH_CONFIG_FILEPATH = "/gluetun/auth/config.toml";
        };
        volumes = [
          "${cfg.baseDir}/gluetun-auth-config.toml:/gluetun/auth/config.toml"
        ];
        environmentFiles = [ config.sops.templates."n100/gluetun/.env".path ];
        devices = [ "/dev/net/tun:/dev/net/tun" ];

Metadata

Metadata

Assignees

No one assigned

    Labels

    Category: User error 🤦Category: VPN port forwarding 📥Status: 🗯️ Waiting for feedback☁️ ProtonVPN

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions