Endpoint host is not an IP

[jakesteele]

Is this urgent?

No

Host OS

Ubuntu 24.04

CPU arch

x86_64

VPN service provider

Custom

What are you using to run the container

docker-compose

What is the version of Gluetun

latest

What's the problem 🤔

I am unable use a domain as the public endpoint in Gluetun.

Share your logs

gluetun  | ========================================
gluetun  | ========================================
gluetun  | =============== gluetun ================
gluetun  | ========================================
gluetun  | =========== Made with ❤️ by ============
gluetun  | ======= https://github.com/qdm12 =======
gluetun  | ========================================
gluetun  | ========================================
gluetun  | 
gluetun  | 
gluetun  | Running version latest built on 2023-08-04T11:14:39.159Z (commit 082a38b)
gluetun  | 
gluetun  | 
gluetun  | 🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
gluetun  | 🐛 Bug? https://github.com/qdm12/gluetun/issues/new
gluetun  | ✨ New feature? https://github.com/qdm12/gluetun/issues/new
gluetun  | ☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
gluetun  | 💻 Email? [email protected]
gluetun  | 💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
gluetun  | **2023-08-10T23:20:58Z ERROR reading from files: provider: server selection: wireguard: parsing peer section: endpoint host is not an IP: ParseAddr("engage.cloudflareclient.com"): unexpected character (at "engage.cloudflareclient.com")**
gluetun  | 2023-08-10T23:20:58Z INFO Shutdown successful

Share your configuration

gluetun:
    container_name: gluetun
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    volumes:
      - /root/cloudflare:/gluetun/wireguard/
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard

[Interface]
PrivateKey = <REMOVED>
Address = <REMOVED>
Address = <REMOVED>
DNS = 1.1.1.1
MTU = 1280
[Peer]
PublicKey = <REMOVED>
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = engage.cloudflareclient.com:2408

[qdm12]

This is expected and described in the wiki for the custom provider. You need an ip address which you can obtain by resolving the hostname (see the wiki)

[fominv]

Sorry to reopen this (also running into this), but could you link the entry in the wiki? I cannot find it and there is nothing regarding this in:

• https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/custom.md
• https://github.com/qdm12/gluetun-wiki/blob/main/setup/options/wireguard.md
• https://github.com/qdm12/gluetun-wiki/blob/main/setup/advanced/wireguard.md

You need an ip address which you can obtain by resolving the hostname (see the wiki)

Does this mean that having a Wireguard with a dynamic IP address behind a domain is not supported, or is there a way to resolve it automatically on container start?

Not sure if you mean resolving it manually by you can obtain by resolving the hostname.

[DiCE81]

Use the ip adress of engage.cloudflareclient.com

[ryancom16]

Yes, you could do the manual work of replacing the address with the IP but many VPN providers generate config files with a address. However, this is tedious.
The idea would be that you can quickly switch wireguard configuration files by updating one line instead of manually pasting your keys every time.

+1 to this feature being added.

[diamondsw]

This is certainly a bug. Wireguard has no such limitation and handles peers with domain names without issue. Why does gluetun require an IP address?

This breaks connecting to a wireguard instance behind dynamically-assigned IP addresses, which are still common both on residential providers and many cloud platforms.

[frankyw]

This is certainly a bug. Wireguard has no such limitation and handles peers with domain names without issue. Why does gluetun require an IP address?

Agreed, this is a bad restriction to have in place

[ShrirajHegde]

yes, I have the same issue with configs with domain.

gluetun should resolve the IP.

[ShrirajHegde]

I am implementing resolving hostname to IP if it's not an IP #1998.

Feel free to contribute.

@qdm12 Please let me know if there is any specific reason for not resolving domains.

[qdm12]

See https://github.com/qdm12/gluetun-wiki/blob/main/faq/others.md#server-information

I'll change the location of this section so it's more obvious

[qdm12]

This is also something I'm working on fixing (with a tight firewall only allowing DNS traffic + DNS server only allowing to resolve certain hostnames - could be later extended to be a user setting). But there are valid reasons for it being like that currently.

[diamondsw]

Ahhhh - now I see, the concern is that the initial DNS resolution for the Wireguard endpoint would be by definition outside the VPN tunnel, and if that traffic is allowed out, how do you make absolutely 100% sure that other traffic can't also get out.

Makes sense in that context.

[andi0b]

That's a pretty harsh restriction. I'm trying to connect to a VPN behind a dynamic IP (dyndns). This is the first tool I know that doesn't allow me to do that. Are there any workarounds for this issue? Except a sidecar container, that does the DNS query every few seconds and dynamically reconfigures gluetun on any change...