problems with nordvpn CLI in debian LXC

[chenks]

i have a strange problem using nordvpn installed within an LXC.

i have a debian 12 LXC with nordvpn linux client installed (command line only).
the problem is that whilst nordvpn connects and works as expected, it only works for around 15-30 minutes then at that point i get zero DNS resolution from within the LXC. the vpn is still connected, and i can still ping any WAN IP address, but any attempt to resolve DNS fails. i disconnect the VPN, reconnect and it's rinse and repeat.
i've tried using nordlynx, openvpn (on both TCP and UDP), tried chaning the DNS servers from within the nordvpn client (default to nords DNS and tried cloudflare 1.1.1.) with no success.
nord support are also scratching their heads at this also.

i've tried this in 3 separate debian LXCs and all do the same.

as nordvpn works fine on my other devices on the same LAN (windows laptop, mobile devices etc), i can only assume it's something wrong at the proxmox end.

any ideas?

current LXC is debian 12 (unprivelidged), fully up to date. LXC has reserved DHCP IP, and LAN DNS is the local router (with the router using cloudflare as DNS).

below shows the current status of the vpn connection.

root@debtest:~# nordvpn status
Status: Connected
Server: United Kingdom #2189
Hostname: uk2189.nordvpn.com
IP: 194.35.233.88
Country: United Kingdom
City: London
Current technology: OPENVPN
Current protocol: TCP
Post-quantum VPN: Disabled
Transfer: 82.05 KiB received, 91.63 KiB sent
Uptime: 3 hours 49 minutes 32 seconds

root@debtest:~# nordvpn settings
Technology: OPENVPN
Protocol: TCP
Firewall: enabled
Firewall Mark: 0xe1f1
Routing: enabled
Analytics: disabled
Kill Switch: enabled
Threat Protection Lite: disabled
Obfuscate: enabled
Notify: enabled
Tray: enabled
Auto-connect: enabled
IPv6: disabled
Meshnet: disabled
DNS: 103.86.96.100, 103.86.99.100
LAN Discovery: disabled
Virtual Location: enabled
Allowlisted subnets:
192.168.50.1/24

root@debtest:~# curl https://api.ipify.org
curl: (6) Could not resolve host: api.ipify.org

root@debtest:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=21.0 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=57 time=23.0 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=57 time=21.2 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=57 time=26.8 ms

root@debtest:~# ping google.com
ping: google.com: Temporary failure in name resolution

LXC conf

arch: amd64
cores: 2
features: keyctl=1,nesting=1
hostname: debtest
memory: 1024
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:9B:75: D4,ip=dhcp,type=veth
ostype: debian
rootfs: local-lvm:vm-113-disk-0,size=8G
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

 

[hawantie]

I think I have a similar problem. I am running 2 adguard home LXCs on different proxmox nodes for resolving DNS requests. DNS requests from clients outside proxmox work perfectly; the names are resolved. DNS request from clients on proxmox LXCs do not always get resolved, and I get a Temporary failure in name resolution. It seems to flip now and than. I checked the connectivity from the lxc clients to the adguard DNS with ping, and they were positive: the connectivity was not the problem.
These probles started some weeks ago. Before that it worked perfectly. 2 major things changed in my setup: the bind9 upgrade was installed on proxmox and I upgraded my access points to openwrt 24.10. I don't think the latter is the problem.
I tend to think it is bind9 and ipv6 related, but I am not sure.

I also find the following link describing the same problem: https://serverfault.com/questions/1172551/dns-suddenly-not-working-in-my-proxmox-containers

Did you find a solution?