starred/AdGuardHome

Fork 0

mirror of https://github.com/AdguardTeam/AdGuardHome.git synced 2026-03-04 00:01:12 -05:00

Arch: "network is unreachable" and "write: operation not permitted" Error 502. Edit: PIA VPN problems #3424

New issue

Closed

opened 2026-03-04 03:36:48 -05:00 by deekerman · 4 comments

deekerman commented

2026-03-04 03:36:48 -05:00

Owner

Originally created by @mmx3DCvZMp on GitHub (Jan 25, 2022).

Prerequisites

[y] I am running the latest version
[y] I checked the documentation and found no answer
[-] I checked to make sure that this issue has not already been filed (#744 and #1104 are similar but not the same)

Issue Details

I'm running a fresh, up-to-date Arch on my desktop.

Setup on port 3000 went without problems.
But every time the dashboard loads, I get a red warning popup that says:
Error: control/version.json | Couldn't get version check json from https://static.adguard.com/adguardhome/release/version.json: *fmt.wrapError updater: HTTP GET https://static.adguard.com/adguardhome/release/version.json: Get "https://static.adguard.com/adguardhome/release/version.json": initializing http client: initializing http transport: bootstrapping https://dns10.quad9.net:443/dns-query: lookup dns10.quad9.net: all resolvers failed: 4 errors: "dial udp [2620:fe::fe:10]:53: connect: network is unreachable", "dial udp [2620:fe::10]:53: connect: network is unreachable", "write udp 10.10.18.2:56617->149.112.112.10:53: write: operation not permitted", "write udp 10.10.18.2:40279->9.9.9.10:53: write: operation not permitted" | 502

Similar problems when for example trying to update blocklists.

My router doesn't permit port forwarding and I don't have a firewall on Arch.
iptables -L shows that my policy for INPUT, FORWARD and OUTPUT is ACCEPT.
Restarting arch or restarting/reinstalling adguard all don't do anything.
Starting with ./AdGuardHome -s start or systemctl start AdGuardHome.service doesn't make a difference.

AdGuardHome -v --version:
AdGuard Home
Version: v0.107.3
Channel: release
Go version: go1.16.12
Build time: 2022-01-25T13:38:21Z+0000
GOOS: linux
GOARCH: amd64
Race: false
Dependencies:
github.com/AdguardTeam/dnsproxy@v0.40.7-0.20220124144147-a8868e34b0bf (sum: h1:lir9P3RJyZSZXUSw11px0SMIWfwjscbwpqWmm2rR76I=)
github.com/AdguardTeam/golibs@v0.10.4 (sum: h1:TMBkablZC0IZOpRgg9fzAKlxxNhSN2YJq7qbgtuZ7PQ=)
github.com/AdguardTeam/urlfilter@v0.15.2 (sum: h1:LZGgrm4l4Ys9eAqB+UUmZfiC6vHlDlYFhx0WXqo6LtQ=)
github.com/NYTimes/gziphandler@v1.1.1 (sum: h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=)
github.com/aead/chacha20@v0.0.0-20180709150244-8b13a72661da (sum: h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=)
github.com/aead/poly1305@v0.0.0-20180717145839-3fee0db0b635 (sum: h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=)
github.com/ameshkov/dnscrypt/v2@v2.2.3 (sum: h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=)
github.com/ameshkov/dnsstamps@v1.0.3 (sum: h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=)
github.com/beefsack/go-rate@v0.0.0-20200827232406-6cde80facd47 (sum: h1:M57m0xQqZIhx7CEJgeLSvRFKEK1RjzRuIXiA3HfYU7g=)
github.com/cheekybits/genny@v1.0.0 (sum: h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=)
github.com/digineo/go-ipset/v2@v2.2.1 (sum: h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=)
github.com/fsnotify/fsnotify@v1.5.1 (sum: h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=)
github.com/go-ping/ping@v0.0.0-20210506233800-ff8be3320020 (sum: h1:mdi6AbCEoKCA1xKCmp7UtRB5fvGFlP92PvlhxgdvXEw=)
github.com/google/go-cmp@v0.5.5 (sum: h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=)
github.com/google/gopacket@v1.1.19 (sum: h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=)
github.com/google/renameio@v1.0.1 (sum: h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=)
github.com/insomniacslk/dhcp@v0.0.0-20210310193751-cfd4d47082c2 (sum: h1:NpTIlXznCStsY88jU+Gh1Dy5dt/jYV4z4uU8h2TUOt4=)
github.com/josharian/native@v0.0.0-20200817173448-b6b71def0850 (sum: h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=)
github.com/kardianos/service@v1.2.0 (sum: h1:bGuZ/epo3vrt8IPC7mnKQolqFeYJb7Cs8Rk4PSOBB/g=)
github.com/lucas-clemente/quic-go@v0.24.0 (sum: h1:ToR7SIIEdrgOhgVTHvPgdVRJfgVy+N0wQAagH7L4d5g=)
github.com/marten-seemann/qtls-go1-16@v0.1.4 (sum: h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco=)
github.com/mdlayher/ethernet@v0.0.0-20190606142754-0394541c37b7 (sum: h1:lez6TS6aAau+8wXUP3G9I3TGlmPFEq2CTxBaRqY6AGE=)
github.com/mdlayher/netlink@v1.4.0 (sum: h1:n3ARR+Fm0dDv37dj5wSWZXDKcy+U0zwcXS3zKMnSiT0=)
github.com/mdlayher/raw@v0.0.0-20210412142147-51b895745faf (sum: h1:InctQoB89TIkmgIFQeIL4KXNvWc1iebQXdZggqPSwL8=)
github.com/miekg/dns@v1.1.45 (sum: h1:g5fRIhm9nx7g8osrAvgb16QJfmyMsyOCb+J7LSv+Qzk=)
github.com/patrickmn/go-cache@v2.1.0+incompatible (sum: h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=)
github.com/pkg/errors@v0.9.1 (sum: h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=)
github.com/satori/go.uuid@v1.2.0 (sum: h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=)
github.com/ti-mo/netfilter@v0.4.0 (sum: h1:rTN1nBYULDmMfDeBHZpKuNKX/bWEXQUhe02a/10orzg=)
github.com/u-root/u-root@v7.0.0+incompatible (sum: h1:u+KSS04pSxJGI5E7WE4Bs9+Zd75QjFv+REkjy/aoAc8=)
go.etcd.io/bbolt@v1.3.6 (sum: h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=)
golang.org/x/crypto@v0.0.0-20211215153901-e495a2d5b3d3 (sum: h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=)
golang.org/x/net@v0.0.0-20211216030914-fe4d6282115f (sum: h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=)
golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c (sum: h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=)
golang.org/x/sys@v0.0.0-20211216021012-1d35b9e2eb4e (sum: h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=)
golang.org/x/text@v0.3.7 (sum: h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=)
gopkg.in/natefinch/lumberjack.v2@v2.0.0 (sum: h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=)
gopkg.in/yaml.v2@v2.4.0 (sum: h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=)
howett.net/plist@v0.0.0-20201203080718-1454fab16a06 (sum: h1:QDxUo/w2COstK1wIBYpzQlHX/NqaQTcf9jyz347nI58=)

How did you install AdGuard Home:
https://aur.archlinux.org/packages/adguardhome
Everything default except I'm using nodejs-lts-gallium.
Installing from the curl command in this repo gives the same problem.
How did you setup DNS configuration:
Default settings.

I wanted to include logs with verbose enabled. But it doesn't write to a file with log_file: "/home/user/log.txt" and I don't know how to make it output to the terminal...

I might sound like I know what I'm doing, but I'm new to linux and I don't know much about networking, so the problem might be very basic/stupid.

Originally created by @mmx3DCvZMp on GitHub (Jan 25, 2022). ### Prerequisites - [y] I am running the latest version - [y] I checked the documentation and found no answer - [-] I checked to make sure that this issue has not already been filed (#744 and #1104 are similar but not the same) ### Issue Details I'm running a fresh, up-to-date Arch on my desktop. Setup on port 3000 went without problems. But every time the dashboard loads, I get a red warning popup that says: `Error: control/version.json | Couldn't get version check json from https://static.adguard.com/adguardhome/release/version.json: *fmt.wrapError updater: HTTP GET https://static.adguard.com/adguardhome/release/version.json: Get "https://static.adguard.com/adguardhome/release/version.json": initializing http client: initializing http transport: bootstrapping https://dns10.quad9.net:443/dns-query: lookup dns10.quad9.net: all resolvers failed: 4 errors: "dial udp [2620:fe::fe:10]:53: connect: network is unreachable", "dial udp [2620:fe::10]:53: connect: network is unreachable", "write udp 10.10.18.2:56617->149.112.112.10:53: write: operation not permitted", "write udp 10.10.18.2:40279->9.9.9.10:53: write: operation not permitted" | 502` Similar problems when for example trying to update blocklists. My router doesn't permit port forwarding and I don't have a firewall on Arch. `iptables -L` shows that my policy for INPUT, FORWARD and OUTPUT is ACCEPT. Restarting arch or restarting/reinstalling adguard all don't do anything. Starting with `./AdGuardHome -s start` or `systemctl start AdGuardHome.service` doesn't make a difference. `AdGuardHome -v --version`: AdGuard Home Version: v0.107.3 Channel: release Go version: go1.16.12 Build time: 2022-01-25T13:38:21Z+0000 GOOS: linux GOARCH: amd64 Race: false Dependencies: github.com/AdguardTeam/dnsproxy@v0.40.7-0.20220124144147-a8868e34b0bf (sum: h1:lir9P3RJyZSZXUSw11px0SMIWfwjscbwpqWmm2rR76I=) github.com/AdguardTeam/golibs@v0.10.4 (sum: h1:TMBkablZC0IZOpRgg9fzAKlxxNhSN2YJq7qbgtuZ7PQ=) github.com/AdguardTeam/urlfilter@v0.15.2 (sum: h1:LZGgrm4l4Ys9eAqB+UUmZfiC6vHlDlYFhx0WXqo6LtQ=) github.com/NYTimes/gziphandler@v1.1.1 (sum: h1:ZUDjpQae29j0ryrS0u/B8HZfJBtBQHjqw2rQ2cqUQ3I=) github.com/aead/chacha20@v0.0.0-20180709150244-8b13a72661da (sum: h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY=) github.com/aead/poly1305@v0.0.0-20180717145839-3fee0db0b635 (sum: h1:52m0LGchQBBVqJRyYYufQuIbVqRawmubW3OFGqK1ekw=) github.com/ameshkov/dnscrypt/v2@v2.2.3 (sum: h1:X9UP5AHtwp46Ji+sGFfF/1Is6OPI/SjxLqhKpx0P5UI=) github.com/ameshkov/dnsstamps@v1.0.3 (sum: h1:Srzik+J9mivH1alRACTbys2xOxs0lRH9qnTA7Y1OYVo=) github.com/beefsack/go-rate@v0.0.0-20200827232406-6cde80facd47 (sum: h1:M57m0xQqZIhx7CEJgeLSvRFKEK1RjzRuIXiA3HfYU7g=) github.com/cheekybits/genny@v1.0.0 (sum: h1:uGGa4nei+j20rOSeDeP5Of12XVm7TGUd4dJA9RDitfE=) github.com/digineo/go-ipset/v2@v2.2.1 (sum: h1:k6skY+0fMqeUjjeWO/m5OuWPSZUAn7AucHMnQ1MX77g=) github.com/fsnotify/fsnotify@v1.5.1 (sum: h1:mZcQUHVQUQWoPXXtuf9yuEXKudkV2sx1E06UadKWpgI=) github.com/go-ping/ping@v0.0.0-20210506233800-ff8be3320020 (sum: h1:mdi6AbCEoKCA1xKCmp7UtRB5fvGFlP92PvlhxgdvXEw=) github.com/google/go-cmp@v0.5.5 (sum: h1:Khx7svrCpmxxtHBq5j2mp/xVjsi8hQMfNLvJFAlrGgU=) github.com/google/gopacket@v1.1.19 (sum: h1:ves8RnFZPGiFnTS0uPQStjwru6uO6h+nlr9j6fL7kF8=) github.com/google/renameio@v1.0.1 (sum: h1:Lh/jXZmvZxb0BBeSY5VKEfidcbcbenKjZFzM/q0fSeU=) github.com/insomniacslk/dhcp@v0.0.0-20210310193751-cfd4d47082c2 (sum: h1:NpTIlXznCStsY88jU+Gh1Dy5dt/jYV4z4uU8h2TUOt4=) github.com/josharian/native@v0.0.0-20200817173448-b6b71def0850 (sum: h1:uhL5Gw7BINiiPAo24A2sxkcDI0Jt/sqp1v5xQCniEFA=) github.com/kardianos/service@v1.2.0 (sum: h1:bGuZ/epo3vrt8IPC7mnKQolqFeYJb7Cs8Rk4PSOBB/g=) github.com/lucas-clemente/quic-go@v0.24.0 (sum: h1:ToR7SIIEdrgOhgVTHvPgdVRJfgVy+N0wQAagH7L4d5g=) github.com/marten-seemann/qtls-go1-16@v0.1.4 (sum: h1:xbHbOGGhrenVtII6Co8akhLEdrawwB2iHl5yhJRpnco=) github.com/mdlayher/ethernet@v0.0.0-20190606142754-0394541c37b7 (sum: h1:lez6TS6aAau+8wXUP3G9I3TGlmPFEq2CTxBaRqY6AGE=) github.com/mdlayher/netlink@v1.4.0 (sum: h1:n3ARR+Fm0dDv37dj5wSWZXDKcy+U0zwcXS3zKMnSiT0=) github.com/mdlayher/raw@v0.0.0-20210412142147-51b895745faf (sum: h1:InctQoB89TIkmgIFQeIL4KXNvWc1iebQXdZggqPSwL8=) github.com/miekg/dns@v1.1.45 (sum: h1:g5fRIhm9nx7g8osrAvgb16QJfmyMsyOCb+J7LSv+Qzk=) github.com/patrickmn/go-cache@v2.1.0+incompatible (sum: h1:HRMgzkcYKYpi3C8ajMPV8OFXaaRUnok+kx1WdO15EQc=) github.com/pkg/errors@v0.9.1 (sum: h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=) github.com/satori/go.uuid@v1.2.0 (sum: h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=) github.com/ti-mo/netfilter@v0.4.0 (sum: h1:rTN1nBYULDmMfDeBHZpKuNKX/bWEXQUhe02a/10orzg=) github.com/u-root/u-root@v7.0.0+incompatible (sum: h1:u+KSS04pSxJGI5E7WE4Bs9+Zd75QjFv+REkjy/aoAc8=) go.etcd.io/bbolt@v1.3.6 (sum: h1:/ecaJf0sk1l4l6V4awd65v2C3ILy7MSj+s/x1ADCIMU=) golang.org/x/crypto@v0.0.0-20211215153901-e495a2d5b3d3 (sum: h1:0es+/5331RGQPcXlMfP+WrnIIS6dNnNRe0WB02W0F4M=) golang.org/x/net@v0.0.0-20211216030914-fe4d6282115f (sum: h1:hEYJvxw1lSnWIl8X9ofsYMklzaDs90JI2az5YMd4fPM=) golang.org/x/sync@v0.0.0-20210220032951-036812b2e83c (sum: h1:5KslGYwFpkhGh+Q16bwMP3cOontH8FOep7tGV86Y7SQ=) golang.org/x/sys@v0.0.0-20211216021012-1d35b9e2eb4e (sum: h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=) golang.org/x/text@v0.3.7 (sum: h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=) gopkg.in/natefinch/lumberjack.v2@v2.0.0 (sum: h1:1Lc07Kr7qY4U2YPouBjpCLxpiyxIVoxqXgkXLknAOE8=) gopkg.in/yaml.v2@v2.4.0 (sum: h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=) howett.net/plist@v0.0.0-20201203080718-1454fab16a06 (sum: h1:QDxUo/w2COstK1wIBYpzQlHX/NqaQTcf9jyz347nI58=) * **How did you install AdGuard Home:** https://aur.archlinux.org/packages/adguardhome Everything default except I'm using nodejs-lts-gallium. Installing from the curl command in this repo gives the same problem. * **How did you setup DNS configuration:** Default settings. I wanted to include logs with `verbose` enabled. But it doesn't write to a file with `log_file: "/home/user/log.txt"` and I don't know how to make it output to the terminal... I might sound like I know what I'm doing, but I'm new to linux and I don't know much about networking, so the problem might be very basic/stupid.

deekerman

2026-03-04 03:36:48 -05:00

closed this issue
added the
question
label

deekerman commented

2026-03-04 03:37:05 -05:00

Author

Owner

@ainar-g commented on GitHub (Jan 26, 2022):

Hello and thanks for the thorough report!

connect: network is unreachable errors might indicate that the machine isn't connected to the internet or doesn't have IPv6 enabled. write: operation not permitted is weird, considering that you say that you don't have a firewall. Maybe SELinux issues or something similar? Try checking the syslog.

I wanted to include logs with verbose enabled. But it doesn't write to a file with log_file: "/home/user/log.txt" and I don't know how to make it output to the terminal...

The default log location on Linux is /var/log/AdGuardHome.err. Are you sure that you stopped AdGuard Home before setting the log file to make sure that it doesn't overwrite the config file?

@ainar-g commented on GitHub (Jan 26, 2022): Hello and thanks for the thorough report! `connect: network is unreachable` errors might indicate that the machine isn't connected to the internet or doesn't have IPv6 enabled. `write: operation not permitted` is weird, considering that you say that you don't have a firewall. Maybe SELinux issues or something similar? Try checking the syslog. > I wanted to include logs with verbose enabled. But it doesn't write to a file with `log_file: "/home/user/log.txt"` and I don't know how to make it output to the terminal... The default log location on Linux is `/var/log/AdGuardHome.err`. Are you sure that you stopped AdGuard Home before setting the log file to make sure that it doesn't overwrite the config file?

deekerman commented

2026-03-04 03:37:05 -05:00

Author

Owner

@mmx3DCvZMp commented on GitHub (Jan 26, 2022):

@ainar-g I forgot to mention Private Internet Access automatically connects on startup.

When you mentioned IPv6, I thought the problem might be that PIA doesn't have it. Turns out my normal network also doesn't, but the problem is fixed when I start AdGuard before PIA.

Weirdly enough, AdGuard keeps working after I turn PIA on. AdGuard should be connected through PIA because the VPN kill switch is on, blocking traffic outside PIA (it might not work on linux though). Any idea why this is and/or how I can fix it? Otherwise I'll just try to start AdGuard before PIA on startup.

The log is indeed in /var/log/ if it's still usefull. Is it save to post here?

@mmx3DCvZMp commented on GitHub (Jan 26, 2022): @ainar-g I forgot to mention Private Internet Access automatically connects on startup. When you mentioned IPv6, I thought the problem might be that PIA doesn't have it. Turns out my normal network also doesn't, but the problem is fixed when I start AdGuard before PIA. Weirdly enough, AdGuard keeps working after I turn PIA on. AdGuard should be connected through PIA because the VPN kill switch is on, blocking traffic outside PIA (it might not work on linux though). Any idea why this is and/or how I can fix it? Otherwise I'll just try to start AdGuard before PIA on startup. The log is indeed in `/var/log/` if it's still usefull. Is it save to post here?

deekerman commented

2026-03-04 03:37:05 -05:00

Author

Owner

@ainar-g commented on GitHub (Jan 26, 2022):

Is Private Internet Access a kind of VPN? AdGuard Home doesn't really work with most VPNs, since they tend to replace name servers. Or at least, doesn't work in a stable way. I think, there were similar issues with Apple Private Relay.

You should probably look up their documentation and see if you can replace the name server for your account in some VPN client settings.

The log is indeed in /var/log/ if it's still usefull. Is it save to post here?

I don't think that we need it. In the future, you can also send it to devteam@adguard.com.

@ainar-g commented on GitHub (Jan 26, 2022): Is Private Internet Access a kind of VPN? AdGuard Home doesn't really work with most VPNs, since they tend to replace name servers. Or at least, doesn't work in a stable way. I think, there were similar issues with Apple Private Relay. You should probably look up their documentation and see if you can replace the name server for your account in some VPN client settings. > The log is indeed in /var/log/ if it's still usefull. Is it save to post here? I don't think that we need it. In the future, you can also send it to devteam@adguard.com.

deekerman commented

2026-03-04 03:37:05 -05:00

Author

Owner

@mmx3DCvZMp commented on GitHub (Jan 27, 2022):

I don't think they support replacing name servers sadly. Thank you anyway!

@mmx3DCvZMp commented on GitHub (Jan 27, 2022): I don't think they support replacing name servers sadly. Thank you anyway!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/AdGuardHome#3424

No description provided.

Rows
Columns