Like the title says... I think this was working before because I still had a VPN client enabled outside of Gluetun, but that sends all traffic through the VPN which is obviously not ideal. I disabled the external VPN connection, rebooted server, and the same Gluetun config is still not working.

Gluetun is creating tun0 and is getting an IP, but there are a handful of errors in the logs that suggest that I need to install a kernel module to use the mark flag. Google/AI suggests xt_mark, but I do not see this module in my system. I am using an Asustor NAS, so I even tried loading the "sudo modprobe tun" command as suggested for Synology users and rebuilt the containers after that with no luck.

This seems like an environment issue that I'm hoping someone has encountered before. Nonetheless, I've disabled the firewall temporarily to rule it out and I've tried setting "FIREWALL_OUTBOUND_SUBNETS" to "192.168.0.0/24" (my local subnet) - both to no avail. My machine has rebooted many times since the issue presented itself. I have also ensured that my qBittorrent config allows for GUI connections from all server NICs. qBittorrent container logs do not show anything helpful.

Any ideas would be greatly appreciated!

Gluetun Docker logs:

Warning: Extension mark is not supported, missing kernel module?
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 172.21.0.0/16 -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 172.21.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 192.168.0.0/24 -o eth0 -j ACCEPT
-A OUTPUT -d 50.118.162.4/32 -o eth0 -p udp -m udp --dport 1195 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 32869 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 42177 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 45081 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 55583 --dport 53 --tcp-flags RST RST -m markWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
--mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51725 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53171 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 49349 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 44623 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59965 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 52929 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 56103 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcpWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
--sport 42027 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59593 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53325 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51205 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
COMMIT
# Completed on Mon May 18 17:07:38 2026
2026-05-18T17:07:38-05:00 WARN [MTU discovery] reverting firewall changes: finding iptables chain rule line number: parsing chain list: iptables chain list output is malformed: legend "Warning: Extension mark revision 0 not supported, missing kernel module?" is not the expected "num pkts bytes target prot opt in out source destination"
2026-05-18T17:07:38-05:00 WARN [iptables] restoring IPv4 iptables failed: exit status 1: iptables-restore: line 2 failed: restoring from data:
# Generated by iptables-save v1.8.11 (nf_tables) on Mon May 18 17:07:38 2026
Warning: Extension mark revision 0 not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d 172.21.0.0/16 -i eth0 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 172.21.0.0/16 -o eth0 -j ACCEPT
-A OUTPUT -s 172.21.0.2/32 -d 192.168.0.0/24 -o eth0 -j ACCEPT
-A OUTPUT -d 50.118.162.4/32 -o eth0 -p udp -m udp --dport 1195 -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 32869 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 42177 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 45081 --dport 443 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 8.8.8.8/32 -p tcp -m tcp --sport 55583 --dport 53 --tcp-flags RST RST -m markWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
--mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51725 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53171 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 49349 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 44623 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59965 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 52929 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 56103 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcpWarning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
Warning: Extension mark is not supported, missing kernel module?
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
--sport 42027 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 59593 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 53325 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
-A OUTPUT -s 10.26.0.212/32 -d 1.1.1.1/32 -p tcp -m tcp --sport 51205 --dport 53 --tcp-flags RST RST -m mark --mark 0x11c1/0x1 -j DROP
COMMIT
# Completed on Mon May 18 17:07:38 2026
2026-05-18T17:07:38-05:00 WARN [MTU discovery] reverting firewall changes: finding iptables chain rule line number: parsing chain list: iptables chain list output is malformed: legend "Warning: Extension mark revision 0 not supported, missing kernel module?" is not the expected "num pkts bytes target prot opt in out source destination"
2026-05-18T17:07:38-05:00 INFO [MTU discovery] setting VPN interface tun0 MTU to maximum valid MTU 1171
2026-05-18T17:07:38-05:00 INFO [dns] DNS server listening on [::]:53
2026-05-18T17:07:38-05:00 INFO [dns] ready and using DNS server with dot upstream resolvers
2026-05-18T17:07:38-05:00 INFO [dns] downloading hostnames and IP block lists
2026-05-18T17:08:03-05:00 INFO [ip getter] Public IP address is 193.19.109.25 (United States, Washington, Seattle - source: ipinfo+ifconfig.co+ip2location+cloudflare)
2026-05-18T17:08:03-05:00 INFO [dns] leak check report: 172.68.21.230 (20%), 172.68.21.231 (20%), 172.71.149.78 (20%), 108.162.244.84 (10%), 172.68.21.229 (10%), 172.69.191.224 (10%), 172.71.145.35 (10%)
2026-05-18T17:08:04-05:00 INFO [vpn] You are running on the bleeding edge of latest!

My compose stack:

version: "3"
services:
gluetun:
image: qmcgaw/gluetun:latest
container_name: Gluetun
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun:/dev/net/tun
volumes:
- /share/Docker/Gluetun:/gluetun
environment:
- VPN_SERVICE_PROVIDER=expressvpn
- OPENVPN_USER=${OPENVPN_USER}
- OPENVPN_PASSWORD=${OPENVPN_PWD}
- TZ=America/Chicago
- FIREWALL=off
restart: unless-stopped
ports:
- 18181:18181 # Web GUI
- 6881:6881 # Torrenting port
qbittorrent:
image: lscr.io/linuxserver/qbittorrent:latest
container_name: qBittorrent
network_mode: "container:Gluetun"
# depends_on: # Ensure qBittorrent starts after Gluetun
# - gluetun
environment:
- PUID=1000
- PGID=1000
- UMASK=002
- WEBUI_PORT=18181
- TORRENTING_PORT=6881
- LIBTORRENT=v1
volumes:
- /share/Docker/qBittorrent/config:/config
- /share/Docker/qBittorrent/downloads:/downloads
restart: unless-stopped

Hi all. I'm trying to figure out how I can get Gluetun to use the host's DNS. I use DOT NextDNS, it's configured in the host via systemd-resolved.

I've done a bit of searching and I've played with a few environment variables, but I can't get Gluetun to leak the DNS queries to the host, it seems like it only wants to use the built-in DNS.

What configuration do I need to get this to work?

Hi everyone. I've been trying for days now to get port forwarding to work and I'm at a loss. I'm pretty new to this stuff so I'm fairly certain I'm missing something since I find lots of articles and posts saying how it's really easy and built in, but then I can't make it work.

I have Gluetun set up with my ProtonVPN account by putting in my OpenVPN credentials and I have verified that it's hiding my IP. I've set "VPN_PORT_FORWARDING=on",added "+pmp" to my username, and selected "PORT_FORWARD_ONLY=on". I've also set up the up and down commands from the Gluetun github:

VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- -nv --retry-connrefused --post-data "json={\"listen_port\":{{PORT}},\"current_network_interface\":\"{{VPN_INTERFACE}}\",\"random_port\":false,\"upnp\":false}" http://127.0.0.1:8080/api/v2/app/setPreferences' VPN_PORT_FORWARDING_DOWN_COMMAND=/bin/sh -c 'wget -O- -nv --retry-connrefused --post-data "json={\"listen_port\":0,\"current_network_interface\":\"lo\"}" http://127.0.0.1:8080/api/v2/app/setPreferences'

I changed the IP address there to the one for my actual server, which I assume is right, but it doesn't matter because when I check the Gluetun logs for which port is forwarded and I check that one on canyouseeme, it still says it's closed.

I've seen some things that give a docker-compose.yml and say "just run this and it'll work!" but I don't know what that is. When I googled, I saw that Unraid apparently doesn't support that natively anyway and a bunch of posts make it seem like I shouldn't need to anyway!!!

I hope this isn't too stupid a question where I'm missing something simple. I've been trying and trying to get this working, so I'm really hoping someone can help me out. Thanks!

Hi all, hitting a port forwarding wall and need a sanity check.

Setup

• Raspberry Pi 5, Docker Compose: Gluetun + qBittorrent
• ProtonVPN Plus, WireGuard
• Gluetun v3.40.0 (pinned to avoid 56789 placeholder bug in latest)
• qBittorrent connected via network_mode: "service:gluetun"
• Tested with both Netherlands (NL#614) and Switzerland configs, P2P selected, NAT-PMP ON, Moderate NAT OFF, VPN Accelerator ON
• IPv4 only (WIREGUARD_ADDRESSES=10.2.0.2/32)
• WIREGUARD_MTU=1412 (PPPoE IPv4)

Symptom

Gluetun successfully negotiates a forwarded port:

[port forwarding] port forwarded is (E.g.) 62884
[firewall] setting allowed input port 62884 through interface tun0

qBittorrent listen port stays in sync with the forwarded one (auto-sync via VPN_PORT_FORWARDING_UP_COMMAND, works fine — confirmed Session\Port=62884).

But: testing the forwarded port externally on canyouseeme.org, yougetsignal.com, and portchecker.io (all run from inside the gluetun-routed qBittorrent container, so request goes through Proton) — all return PORT CLOSED.

Tested multiple times on both NL and CH servers. Same result: Gluetun reports success, qBittorrent has the right port, firewall rule is in place, but the port is unreachable from the outside.

Also: DHT reports 0 nodes in qBittorrent regardless of VPN provider (tested with Mullvad too, same).

What I've checked

• ✅ Port reported by Gluetun matches firewall rule (no 56789 bug on v3.40.0)
• ✅ qBittorrent listen port matches Gluetun's forwarded port
• ✅ Container is healthy, port forwarding logs clean
• ✅ Outbound from container works fine (HTTPS, DNS, all good)
• ✅ Moderate NAT confirmed OFF in Proton dashboard
• ✅ No IPv6 in WIREGUARD_ADDRESSES
• ✅ Trackers can't reach me — peers timeout

Without VPN, qBittorrent connects to trackers and peers immediately. With Proton, port is reported open but actually closed externally.

docker-compose.yml

yaml

services:
  gluetun:
    image: qmcgaw/gluetun:v3.40.0
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8080:8080
      - 6881:6881
      - 6881:6881/udp
    volumes:
      - ./gluetun:/gluetun
      - ./gluetun:/tmp/gluetun
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=<REDACTED>
      - WIREGUARD_ADDRESSES=10.2.0.2/32
      - WIREGUARD_MTU=1412
      - SERVER_COUNTRIES=Switzerland
      - VPN_PORT_FORWARDING=on
      - VPN_PORT_FORWARDING_PROVIDER=protonvpn
      - VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused --post-data "json={\"listen_port\":{{PORTS}}}" http://127.0.0.1:8080/api/v2/app/setPreferences 2>
&1'
      - PORT_FORWARD_ONLY=on
      - TZ=America/Sao_Paulo
    restart: unless-stopped

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: "service:gluetun"
    environment:
      - PUID=1000
      - PGID=1000
      - WEBUI_PORT=8080
    volumes:
      - ./qbittorrent-public:/config
      - /mnt/media:/data
    depends_on:
      gluetun:
        condition: service_healthy
    restart: unless-stopped

Question

Is this a known Proton quirk? Has anyone gotten Proton port forwarding to be actually reachable externally on Gluetun lately, or is everyone seeing this "reported but closed" behavior? Worth opening a Proton support ticket, or is the issue on Gluetun's side?

Hello, I recently decided I wanted to get into self hosting a media server using Jellyfin. It has largely been successful, however, I have one issue.

I have Jellyfin (native), Sonarr, Radarr, Prowlarr, and qBittorrent (all on docker). I have Mullvad VPN for privacy while torrenting and Tailscale for accessing Jellyfin from other networks.

Enabling Mullvad on my host machine (my laptop running fedora linux) works as expected and hides my IP address as a VPN does. However, this then stops Tailscale from working properly. I looked into this and came to the conclusion that I should use Gluetun to route only qBittorrent through the VPN and nothing else. This works, however, this then reduces my DHT nodes to zero, the number of peers and seeds drops significantly - sometimes to zero, and download speeds are far slower.

I can't find a solution to this online and was wondering if anyone here could help me?

Secondary question: Is all of this necessary? Could I just torrent without a VPN without facing repercussions? I'm in the UK (specifically, England)

Thank you

EDIT:

The relevant sections of my docker config:

services:
  gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      #- WIREGUARD_MTU=1280
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=[Private key]
      - WIREGUARD_ADDRESSES=[IP addresses]
      - DNS_ADDRESS=[DNS address]
      - SERVER_COUNTRIES=Netherlands
      - SERVER_SELECTION_STRATEGY=lowestms
    ports:
      - "8080:8080"
      - "6081:6081"
      - "6081:6081/udp"
      - "6011:6011"
      - "6011:6011/udp"
      - "6881:6881"
      - "6881:6881/udp"

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: "service:gluetun"
    depends_on:
      - gluetun
    volumes:
      - ./qbittorrent:/config
      - /home/[user]/watch/downloads:/watch/downloads
    restart: unless-stopped

So I'm having a hard time getting gluten to run. Pia as wireguard in a docker compose. But my router is a GLI.net Flint 2 and I can assign certain IP addresses to the VPN on it. I don't know what would be the better setup for that. The one on the router I can set to wire guard and it would route all traffic from server out the VPN. Which one would be the better option and why?

So a few days ago I ran out of ethernet ports on my router so I bought an unmanaged switch to plug all my ethernet connections into. Well doing that broke my gluetun container seemingly forever. I've been to hell and back with this container and it refuses to get rid of the stale network namespace and work properly again. At this point I'm willing to pay someone who's well versed with gluetun to hop on a discord call with me and help me get this thing to work again because it's been incredibly infuriating trying to get it resolved.

My question is the title.

Docker file JIC I'm doing something wrong.

services:
gluetun:
cap_add:
- NET_ADMIN
container_name: gluetun
devices:
- /dev/net/tun:/dev/net/tun
environment:
- VPN_SERVICE_PROVIDER=private internet access
- OPENVPN_USER=USER
- OPENVPN_PASSWORD=PASS
- SERVER_REGIONS=Switzerland
- PORT_FORWARD_ONLY=true
- VPN_PORT_FORWARDING=on
- >-
VPN_PORT_FORWARDING_UP_COMMAND=/bin/sh -c 'wget -O- --retry-connrefused
--post-data "json={\"listen_port\":{{PORTS}}}"
http://127.0.0.1:30024/api/v2/app/setPreferences 2>&1'
- OPENVPN_PROTOCOL=udp
- FIREWALL_VPN_INPUT_PORTS=6881
image: qmcgaw/gluetun
ports:
- '30024:30024'
- 6881:6881/tcp
- 6881:6881/udp
restart: unless-stopped
volumes:
- /mnt/Tank/Apps/Gluetun:/gluetun
qbittorrent:
container_name: qbittorrent
depends_on:
- gluetun
environment:
- PUID=568
- PGID=568
- TZ=America/Detroit
- WEBUI_PORT=30024
image: lscr.io/linuxserver/qbittorrent:latest
network_mode: service:gluetun
restart: unless-stopped
volumes:
- /mnt/Tank/Apps/qBittorrent:/config
- /mnt/Tank/Data/Torrents:/data/torrents
version: '3'

Having a really weird issue as of 2 days ago when i last updated Gluetun.

2 weeks ago I had the same issue as everyone else with PIA, no connectivity. Changed the VPN_ENDPOINT to 8080 and that fixed it.

Since I updated 2 days ago, on private trackers and ipleak testers, I'm simultaneously connected on multiple PIA IPs. It displays multiple PIA IP's hitting one torrent on the leak checkers, and on private tracker client connectivity checkers, it displays lots of simultaneously connected clients, with my linux iso's distributed across them. I can successfully connnectable check them all as well so they're all working and port forwarding correctly.

Its all the same octet (158.173.16X.XXX). There's nothing unusual in the gluetun logs (solid since I re-connected at 1430), and seeing all my torrents are evenly distributed across them, and can all be successfully connected, for all intents and purposes it seems like I'm connected to 30 PIA endpoints concurrently?

I could probably just roll back to a few days ago, but is this happening to anyone else? Note below, it's not a particular tracker issue, it's the same on all my PTs. It's also not a bunch of shadow/orphan connections because the all have connectable torrents running on them. I also run two gluetun instances and its occurring on both.

Heres my environment vars from my compose. <<: common is just TZ and user/group. my two instances are identical.

I did update by QB to 5.2 earlier today before rolling it back, but this issue preceded that.

Any ideas?

    environment:
      <<: *common-env
      VPN_SERVICE_PROVIDER: "private internet access"
      VPN_TYPE: openvpn
      OPENVPN_USER: ${PIAUSER}
      OPENVPN_PASSWORD: ${PIAPASS}
      SERVER_REGIONS: "New Zealand"
      VPN_ENDPOINT_PORT: "8080"
      HTTPPROXY: off
      SHADOWSOCKS: off
      FIREWALL_OUTBOUND_SUBNETS: 172.20.0.0/16,192.168.0.0/24
      VPN_PORT_FORWARDING: on
      PORT_FORWARDING_STATUS_FILE: /gluetun/forwarded_port

https://preview.redd.it/vin49cbu4vzg1.png?width=700&format=png&auto=webp&s=8a4f06a16142b0648d7eddf82c6a936501fe173a