TombRaider

Edit: Fixed it. Booting and shutting down Windows again may have fixed what it messed up before. Hey guys, qbt has started throwing "errored" messages for newly added torrents. The log says On the host side, the permissions are set to read and write for all users. Using portainer, I consoled into the container and ran "ls -l". The output is l root@915ddecbec34 /]# ls -l total 236 lrwxrwxrwx 1 root root 7 Nov 7 11:26 bin -> usr/bin drwxr-xr-x 2 root root 6 Oct 18 23:01 boot drwxrwxr-x 6 root root 4096 Nov 21 22:05 config drwxrwxrwx 1 root root 77824 Feb 1 19:29 data drwxr-xr-x 17 root root 5000 Feb 5 10:57 dev drwxr-xr-x 44 root root 4096 Feb 5 10:58 etc drwxr-xr-x 3 root root 20 Nov 7 11:38 home lrwxrwxrwx 1 root root 7 Nov 7 11:26 lib -> usr/lib lrwxrwxrwx 1 root root 7 Nov 7 11:26 lib64 -> usr/lib drwxr-xr-x 2 root root 6 Oct 18 23:01 mnt drwxr-xr-x 2 root root 6 Oct 18 23:01 opt -rw-r--r-- 1 root root 1949 Nov 1 14:56 pkglist.x86_64.txt dr-xr-xr-x 398 root root 0 Feb 5 10:57 proc drwxr-x--- 3 root root 302 Feb 5 10:57 root drwxr-xr-x 14 root root 207 Feb 5 10:58 run lrwxrwxrwx 1 root root 7 Nov 7 11:26 sbin -> usr/bin drwxr-xr-x 4 root root 29 Nov 7 11:26 srv -rw-r--r-- 1 root root 2 Feb 5 10:57 supervisord.pid dr-xr-xr-x 13 root root 0 Feb 5 10:57 sys drwxrwxrwt 2 root root 278 Feb 5 10:58 tmp drwxrwxrwx 1 root root 143360 Feb 6 2022 TORRENT_DATEIEN drwxr-xr-x 8 root root 105 Nov 27 20:35 usr drwxr-xr-x 13 root root 173 Nov 7 11:47 var -rw-r--r-- 1 root root 11 Nov 1 14:56 version [root@915ddecbec34 /]# Shouldn't the incomplete folder be listed there? I am not sure what caused all of this, but I suspect it was my dual boot Windows installation messing with the file system. Any advice how to fix this?

Thanks for the explanation. It makes sense. To make sure I understand, do torrent clients use DNS servers and this would be the reason why we should use the name server list you provided? If not, I assume we could leave this variable empty.

Good Day, I switched over to Mullvad VPN and got two questions. 1) The Container is running and working except for port forwarding. The wireguard config contains the port which is supposed to be forwarded and I have entered the same port in qbt settings. Qbt is also bound to wg0 and the IP address set in the wireguard config. However, I am not connectable. Am I missing something? Are the following variables to be used with Mullvad? -e VPN_INPUT_PORTS=<port number(s)> \ -e VPN_OUTPUT_PORTS=<port number(s)> \ 2) DNS Leaks: When browsing over privoxy, the Mullvad checking site detects DNS Leaks. There are no DNS leaks when using the Mullvad App with Privoxy disabled. So, I assume it has to do with the DNS servers in the container config. By default, I use Binhex recommended servers (-e NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1 \). However, even removing these does not stop the leaks. Any advice? Thanks! Edit: Alright, 1) is no longer a problem. The port forwarding setup with Mullvad is kind of confusing as the forwarded port is NOT the port you can choose when creating the config file but a random port that you get assigned at a later step. Anyway, port forwarding seems to be working now. You also do not need to put the port in the docker compose but only add it in qbt. @binhex Do you have any idea regarding the 2) DNS leaks?

Each ipt torrent has three tracker addresses aka announce urls. This is all I could find. https://ssl.empirehost.me/*hash*/announce https://localhost.stackoverflow.tech/*hash*/announce https://routing.bgp.technology/*hash*/announce

0) I have been running your DelugeVPN container for years but am in the process of switching to qBt, so currently both containers are in use. Both behind a VPN. 1) I am not sure if I understand you correctly but there are no special rules for the ipt tracker. Globally, qBt is set to TCP only (I read that uTP could cause problems within VPN tunnels) and the listening port is the same that is forwarded on AirVPN. This port has been additionally entered into the config file as per your example config: port_range = 49400-49400 port_random = no 2) While performing this step, I realized the ovpn files I have been using so far are for the UDP protocol as this protocol is recommended by Air. Should I create one for TCP instead? After writing my previous comment I stopped both containers and restarted them when I read your reply. There were no disconnects for like 30 minutes. Maybe it is an issue only occurring right after booting? I will look into that. That being said, I have changed the qBt container to a different endpoint (country). There are no connections issues at the moment and ipt is only showing vpn ip's. 3) Here is the log file. supervisord.log

Strange. I can reproduce the leak though as you can see in the screenshot. This is the same torrent listed twice immediately after booting. It could be a problem with IPT in general as the deluge container returns "error: host not found (non-authoritative), try again later". The Deluge torrents aren't shown at all on IPT. Maybe the containers are interfering somehow? Btw, are we supposed to bind the network interface to tun0 under advanced settings or wouldn't make that any difference?

This morning, I noticed what I think is an IP Leak. On IPT in the active torrents section, all torrents seeded with the qBT container are listed twice. One entry is attached to my real IP address while the other one is the AirVPN address. Can you tell from the log why this is?

Hi there, this might be strange, but yesterday I installed the qbittorrent VPN and everything seemed fine. However, now I cannot access the deluge webUI anymore as the password "deluge" does not work. What can I do? Edit: It turned out there is no password set at all. Just hit enter and it worked.

Hi guys, turns out I got a little rusty when it comes to these containers. I've copied a couple of commands from my working Deluge container just so you know. What's the 6881 port used for again? If it is the listening port for qbt, then should it be changed to the port that was forwarded on AirVPN? There is an entry in the qBittoreent.conf that reads Connection\PortRangeMin=6881, so I wonder wheteher it is needed if I have to add the port range manually anyway. Another issue is that the WebUI is showing /config/qBittorrent/downloads/ as the standard download path but I have mapped it to be /data on the container side. I also copy and pasted the watch folder command from the Deluge container but it seems to have no effect as there is no folder specified on the WebUI. Entering one does have no effect. How do I fix the folder situation?

Can anyone say why AUTH failed? edit: AirVPN seems to have some problems. Connection working again.

Have you added the port when you tried accessing the WebGUI? http://localhost:8112

Edit: Again, I solved the problem on my own. Hate it when that happens What I did was to replace the ovpn file with a newly created one. I don't why this works but maybe someone finds a hint in the log. Anyone else having problems with privoxy and torrents? I can't find any errors in the logs but privoxy doesn't seem to work at all. Websites do not load when accessed through it. On top of that, all connections to different trackers get canceled in Deluge (Operation canceled). The VPN is working though.

Edit: SOLVED , but I'll leave it here in case someone runs into the same problem. You can use either command and just use your container ID. You may need to add sudo in front of it. @binhex There is a bug affecting me on the latest docker version that will be fixed in the next one. https://github.com/docker/for-linux/issues/211 https://github.com/moby/moby/issues/36145 There's a workaround for now but I don't know how to change the command to my needs. Below are two examples the docker dev has given but they look different and I'm a noob. docker-containerd-ctr --address /run/docker/containerd/docker-containerd.sock --namespace moby c rm <containerd id> docker-containerd-ctr --namespace moby --address /run/docker/containerd/docker-containerd.sock c rm b62020cb44e1ed3307195ca4402cdf23ed817c35c52a30da858909398898c8b6 I know my container ID. How would the right command look like for your container? Thanks!

It is because the AirVPN client "Eddie" is just an OpenVPN wrapper and it refuses to open an second instance of OpenVPN as long as the one from the container is running. I don't know if it's impossible to run 2 processes of OpenVPN or if it's an unfortunate programming choice. Edit: Nevermind, upated the client to the latest beta and it works now with two instances of OpenVPN.

Thank you. That would have helped me a lot if the problem hadn't already solved itself. The VPN is working again. I didn't do anything. I extended my VPN subscription a couple of days ago, so maybe there was an issue on their end, but it seems to be fixed now. Nice to see that the firewall works so well. I got two more questions if you don't mind. Do you have any plans to make a QBittorrent+VPN+Privoxy image? Is it correct and intended that the container starts an instance of OpenVPN on my host? This prevents me from using the VPN client software as it tries to start a second instance. Newbie me would expect the OpenVPN instance to run inside the container. Thanks again, I really appreciate your work!

Hi, after months of the container running perfectly I encountered a problem today. I cannot access sites through privoxy anymore and torrents aren't working either. The container is up and running and below is an excerpt from a container log. I can spot an AUTH error towards the end. Is the VPN not working and the IP-tables FW blocking any traffic? 2017-11-29 13:02:15,671 DEBG 'start-script' stdout output: [warn] OpenVPN process terminated, restarting OpenVPN... 2017-11-29T12:02:15.671445530Z 2017-11-29 13:02:15,679 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 OpenVPN 2.4.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017 Wed Nov 29 13:02:15 2017 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10 2017-11-29T12:02:15.679923010Z 2017-11-29 13:02:15,680 DEBG 'start-script' stdout output: [info] OpenVPN restarted 2017-11-29T12:02:15.680390255Z 2017-11-29 13:02:15,680 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2017-11-29T12:02:15.680559716Z 2017-11-29 13:02:15,680 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Wed Nov 29 13:02:15 2017 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication 2017-11-29T12:02:15.681041168Z 2017-11-29 13:02:15,681 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]213.152.161.218:443 Wed Nov 29 13:02:15 2017 Socket Buffers: R=[212992->212992] S=[212992->212992] 2017-11-29T12:02:15.681399357Z 2017-11-29 13:02:15,681 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 UDP link local: (not bound) Wed Nov 29 13:02:15 2017 UDP link remote: [AF_INET]213.152.161.218:443 2017-11-29T12:02:15.681528743Z 2017-11-29 13:02:15,711 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 TLS: Initial packet from [AF_INET]213.152.161.218:443, sid=93cb4aae 3a2bc1b2 2017-11-29T12:02:15.711553603Z 2017-11-29 13:02:15,765 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected] 2017-11-29T12:02:15.765298508Z 2017-11-29 13:02:15,765 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 VERIFY KU OK Wed Nov 29 13:02:15 2017 Validating certificate extended key usage Wed Nov 29 13:02:15 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Wed Nov 29 13:02:15 2017 VERIFY EKU OK Wed Nov 29 13:02:15 2017 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Canis, [email protected] 2017-11-29T12:02:15.765442747Z 2017-11-29 13:02:15,901 DEBG 'start-script' stdout output: Wed Nov 29 13:02:15 2017 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Wed Nov 29 13:02:15 2017 [Canis] Peer Connection Initiated with [AF_INET]213.152.161.218:443 2017-11-29T12:02:15.901237257Z 2017-11-29 13:02:17,129 DEBG 'start-script' stdout output: Wed Nov 29 13:02:17 2017 SENT CONTROL [Canis]: 'PUSH_REQUEST' (status=1) 2017-11-29T12:02:17.129547449Z 2017-11-29 13:02:17,158 DEBG 'start-script' stdout output: Wed Nov 29 13:02:17 2017 AUTH: Received control message: AUTH_FAILED Wed Nov 29 13:02:17 2017 SIGTERM received, sending exit notification to peer 2017-11-29T12:02:17.158768909Z 2017-11-29 13:02:22,071 DEBG 'start-script' stdout output: Wed Nov 29 13:02:22 2017 SENT CONTROL [Canis]: 'PUSH_REQUEST' (status=1) 2017-11-29T12:02:22.071701783Z 2017-11-29 13:02:22,071 DEBG 'start-script' stdout output: Wed Nov 29 13:02:22 2017 SIGTERM[soft,exit-with-notification] received, process exiting 2017-11-29T12:02:22.071887384Z supervisord.log

You need to download the AirVPN_US-Atlanta....ovpn file again but this time untick the box that splits it into 5 files. This way the singele file contains all the data you need. The strange thing is that by default the file won't get seperated, so it looks like you have ticked this option under advanced settings in the config generator. When done copy this new file into the openvpn folder and delete all the other files.

I've got another question With the container running I see two additional network interfaces, i.e. docker0 which is self-explaining and one veth59exxx which supposedly represents the VPN tunnel. My small network usage widget, which tracks all interfaces, shows a constant downloading stream of roughly 500Kib/s despite me not downloading anything. Is this the container talking to the host or should I be worried? Again, this is on a Linux host with no unRAID installed.

Thanks for your reply binhex! That has cleared up quite a bit. 1) I'm not an unRAID user. I take it that unRAID is a modified server OS much like FreeNAS or OpenMediaVault. I run docker on a regular Arch Linux desktop PC. 2) great, that's what I was hoping for. 3) that's fantastic as well. 4) Sorry for the confusion. I meant what you wrote. 10.4.0.1 would be my VPN DNS server IP. Glad to hear that will work too. 5+6+7) fair enough

Hey you all, just discovered this godsend minutes ago and am already in love. It's running just fine but needs a few days of testing to be sure. In the meantime, I have a few quick question if you don't mind. 1) Is there a way to autostart the container on boot? Should I stop the container before shutting down in order to prevent damaging it? I'm not running a 24/7 server, so shutdowns are regular. I'm on Arch Linux btw. 2) Can I just add a folder for auto-grabbing torrent files using the same syntax (-v ...) so that torrent files added to a host folder will magically appear in the respective docker folder where Deluge grabs them? 3) Any chance to point the download folder on the host side to a different hdd? The system SSD is quite small compared my data grave HDD. 4) Can I safely set the DNS address (Google as per default) to my VPN's address without breaking anything? 5) Is it recommended to update to new versions? What would be the advantage? Could I use an older image if my tracker requires a certain version of Deluge? 6) How does updating work? Do I have to manually check for new versions and would it overwrite settings if I updated? 7) Running Arch Linux, I found a GUI frontend called Kitematic. It looks nice but doesn't recognises folders for volumes that were set in the terminal. I guess the question is if anyone uses it? Cheers, TombRaider