Jump to content

[Support] binhex - qBittorrentVPN

binhex

By binhex
in Docker Containers

Recommended Posts

Recommended

Posted by binhex,

Need further help?, please >click< here and follow the instructions.

Further help

Recommended by binhex

0 reactions

Go to this post
Recommended

Posted by binhex,

This also looks like a neat and fast solution, but PLEASE for the love of god change the password from adminadmin after doing this:- https://forums.unraid.net/topic/75539-support-binhex-qbittorrentvpn/?do=findComment&comment=1330952

qBittorrent password workaround

Recommended by binhex

0 reactions

Go to this post
Recommended

Posted by binhex,

Looks like a PIA issue with the CRL inline in the ovpn files being malformed, see here:- https://github.com/binhex/arch-qbittorrentvpn/issues/233#issuecomment-2088192316

PIA OpenVPN CRL issue

Recommended by binhex

0 reactions

Go to this post
  • Replies 3.4k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

nraygun
nraygun

FWIW, I found this method in Reddit that seemed to work for me until they fix the log bug. But note if you have qbittorrent internet facing, it's a risk.   Adding this line under [Preference

ThEdOtOr
ThEdOtOr

Create a necessary folder in   \\yourservername\appdata\binhex-qbittorrentvpn\qBittorrent    Create a folder called ssl     Open up terminal and type,  

cloudyb
cloudyb

For me radarr and sonarr picked up my changed password no problem. The steps I took were: -Edited the binhex/arch-qbittorrentvpn container: Changed the Repository field to binhex/arch-qbittorre

Posted Images

SQK1 Noob

SQK1

Posted
Posted

Hi all, I need some help please,

 

    I've been running binhex-qbittorrentvpn for awhile and has been good until last few days. Upon opening the Webui I get the message: 

This site can’t be reached, 192.168.0.118 refused to connect.

 

I do not use a VPN. I have tried restarting the docker and the server but no luck and also deleted the config file. 

The setting and ports seem correct, I think. I've searched other threads but cant seem to get anything to work.

 

Please advise. Sorry i`m just a noob 

Thanks

 

 

1.JPG

2.JPG

3.JPG

4.JPG

Link to comment
SQK1 Noob

SQK1

Posted
Posted (edited)
2 hours ago, wgstarks said:

Looks like your appdata folder is missing and your cache drive is full.

 

Just in the process of moving some data to free up cache.

 

I have this appdata folder... Does that look right?

5.JPG

6.JPG

Edited by SQK1
add file
Link to comment
SQK1 Noob

SQK1

Posted
Posted

Some good news... moved out some data from cache drive and now can see the login screen, however my current password is incorrect apparently. Any way of fixing this please.

7.JPG

Link to comment
wgstarks Mentor

wgstarks

Posted
Posted
1 hour ago, SQK1 said:

 

Just in the process of moving some data to free up cache.

 

I have this appdata folder... Does that look right?

5.JPG

6.JPG

That probably matches the default setup but I choose not to download my torrents into the appdata folder since it is located on the cache drive by default (which is my smallest drive). I prefer to download the torrents to a separate share which is only limited in size by the amount of available space on my array. Here is my configuration for /data-

 

IMG_2714.thumb.png.5cd5849111a0cc8e55799f950703763c.png

 

If you want you can configure this share to use cache but IMHO it’s not necessary.

 

Remember, if you change /data here you must also change it in every docker that uses qbit for a download client.

 Also, your first screenshot is missing OpenVPN or wireguard directories.

 

Link to comment
wgstarks Mentor

wgstarks

Posted
Posted
2 minutes ago, SQK1 said:

Some good news... moved out some data from cache drive and now can see the login screen, however my current password is incorrect apparently. Any way of fixing this please.

7.JPG

If you check supervisord log you’ll see a temp password that the app created. This will allow you to login and change the password to one of your choosing.

Link to comment
SQK1 Noob

SQK1

Posted
Posted
7 minutes ago, wgstarks said:

If you check supervisord log you’ll see a temp password that the app created. This will allow you to login and change the password to one of your choosing.

Thank for your help, all sorted. Been pulling my hair out last few days. 

 

Will look to download to a separate share like you suggested above. 

 

Thanks again :)

 

 

Link to comment
flinerock Noob

flinerock

Posted
Posted (edited)

I have bene having this issue since the update 2 days ago. It was working fine before i updated. Now it wont start. I also use PIA. This was working pefectly fine before the update. Is there something new i am missing i need to add

 

2024-05-02T21:54:14.486777208Z 2024-05-02 17:54:14 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=revoked, Type=X509_CRL_INFO

974

2024-05-02T21:54:14.486782976Z 2024-05-02 17:54:14 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=crl, Type=X509_CRL

975

2024-05-02T21:54:14.486788721Z

976

2024-05-02T21:54:14.486880844Z 2024-05-02 17:54:14,486 DEBG 'start-script' stdout output:

977

2024-05-02T21:54:14.486894471Z 2024-05-02 17:54:14 OpenSSL: error:0488000D:PEM routines::ASN1 lib:

978

2024-05-02T21:54:14.486901330Z 2024-05-02 17:54:14 CRL: cannot read CRL from file [[INLINE]]

Edited by flinerock
adding log
Link to comment
scolcipitato Contributor

scolcipitato

Posted
Posted
2 hours ago, flinerock said:

I have bene having this issue since the update 2 days ago. It was working fine before i updated. Now it wont start. I also use PIA. This was working pefectly fine before the update. Is there something new i am missing i need to add

 

2024-05-02T21:54:14.486777208Z 2024-05-02 17:54:14 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=revoked, Type=X509_CRL_INFO

974

2024-05-02T21:54:14.486782976Z 2024-05-02 17:54:14 OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=crl, Type=X509_CRL

975

2024-05-02T21:54:14.486788721Z

976

2024-05-02T21:54:14.486880844Z 2024-05-02 17:54:14,486 DEBG 'start-script' stdout output:

977

2024-05-02T21:54:14.486894471Z 2024-05-02 17:54:14 OpenSSL: error:0488000D:PEM routines::ASN1 lib:

978

2024-05-02T21:54:14.486901330Z 2024-05-02 17:54:14 CRL: cannot read CRL from file [[INLINE]]

Apparently this is caused by OpenSSL-3.3.0 (source).

55 minutes ago, Green Dragon said:

On the PIA OpenPVN issue guys; this worked for me using the .zip I downloaded years ago.  The one linked in the reddit post does not work though you can browse the website for it to download but its probably the one you already have from 2020):

 

https://old.reddit.com/r/synology/comments/jwbtld/1819_trouble_connecting_to_pia/

 

Good luck!

This post has the solution, the first reply worked for me (here, if needed).

 

I don't know if this involves some other security concerns, maybe someone who knows more can say something.

Hope this helps.

Link to comment
Elmojo Contributor

Elmojo

Posted
Posted

Ok, I'm mostly there...

I've signed up for PIA, and reconfig'd the docker to use PIA, and WG.

I can start the docker, and access the webGUI for qBT.  It reports that it's no longer 'firewalled', however, the logs show that port forwarding isn't enabled.  I believe it, since I can't find anything in the docs that says how to PF when you're not using the PIA windows app.  Even if I was, the port is 'randomly assigned', so wouldn't it change each session?

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
3 hours ago, Elmojo said:

Ok, I'm mostly there...

I've signed up for PIA, and reconfig'd the docker to use PIA, and WG.

I can start the docker, and access the webGUI for qBT.  It reports that it's no longer 'firewalled', however, the logs show that port forwarding isn't enabled.  I believe it, since I can't find anything in the docs that says how to PF when you're not using the PIA windows app.  Even if I was, the port is 'randomly assigned', so wouldn't it change each session?

what logs? paste here

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

Hi guys, i don't want to be snowed under with support due to the PIA CRL issue so i have taken the executive decision of downgrading openssl to 3.2.0 (ignores the issue), this will get openvpn up and running again whilst we await to see if PIA will actually do anything to address the problem.

Please pull latest image at your convenience and switch back to openvpn (if you were forced onto wireguard and you prefer openvpn).

  • Thanks 1
Link to comment
Fribb Noob

Fribb

Posted
Posted

With the PIA/OPENVPN issue, I wanted to try out Wireguard but just following the README didn't work. Setting VPN_CLIENT to wireguard, running the container in privileged mode and setting sysctl="net.ipv4.conf.all.src_valid_mark=1" will result in the container being started but the WebUI runs into a timeout.

 

Here are the startup parameters 

2024-05-03 12:46:15.308638 [info] Host is running unRAID
2024-05-03 12:46:15.330047 [info] System information Linux 90a76e02267e 6.1.64-Unraid #1 SMP PREEMPT_DYNAMIC Wed Nov 29 12:48:16 PST 2023 x86_64 GNU/Linux
2024-05-03 12:46:15.354886 [info] PUID defined as '99'
2024-05-03 12:46:15.432609 [info] PGID defined as '100'
2024-05-03 12:46:15.531275 [info] UMASK defined as '000'
2024-05-03 12:46:15.553667 [info] Permissions already set for '/config'
2024-05-03 12:46:15.578096 [info] Deleting files in /tmp (non recursive)...
2024-05-03 12:46:15.609182 [info] VPN_ENABLED defined as 'yes'
2024-05-03 12:46:15.633233 [info] VPN_CLIENT defined as 'wireguard'
2024-05-03 12:46:15.656610 [info] VPN_PROV defined as 'pia'
2024-05-03 12:46:15.687296 [info] WireGuard config file (conf extension) is located at /config/wireguard/wg0.conf
2024-05-03 12:46:15.718762 [info] VPN_REMOTE_SERVER defined as 'nl-amsterdam.privacy.network'
2024-05-03 12:46:15.744488 [info] VPN_REMOTE_PORT defined as '1337'
2024-05-03 12:46:15.765793 [info] VPN_DEVICE_TYPE defined as 'wg0'
2024-05-03 12:46:15.787013 [info] VPN_REMOTE_PROTOCOL defined as 'udp'
2024-05-03 12:46:46.159324 [info] LAN_NETWORK defined as '192.168.1.0/24'
2024-05-03 12:46:46.187446 [info] LAN_NETWORK exported as '192.168.1.0/24'
2024-05-03 12:46:46.210320 [info] NAME_SERVERS defined as '84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
2024-05-03 12:46:46.233490 [info] VPN_USER defined as 'redacted'
2024-05-03 12:46:46.256255 [info] VPN_PASS defined as 'redacted'
2024-05-03 12:46:46.279149 [info] STRICT_PORT_FORWARD defined as 'yes'
2024-05-03 12:46:46.302224 [info] ENABLE_PRIVOXY defined as 'yes'
2024-05-03 12:46:46.327174 [info] VPN_INPUT_PORTS not defined (via -e VPN_INPUT_PORTS), skipping allow for custom incoming ports
2024-05-03 12:46:46.350626 [info] VPN_OUTPUT_PORTS not defined (via -e VPN_OUTPUT_PORTS), skipping allow for custom outgoing ports
2024-05-03 12:46:46.373783 [info] ENABLE_STARTUP_SCRIPTS not defined (via -e ENABLE_STARTUP_SCRIPTS), defaulting to 'no'
2024-05-03 12:46:46.396916 [info] WEBUI_PORT defined as '8085'
2024-05-03 12:46:46.435452 [info] Starting Supervisor...

 

When I run the same configuration with just OpenVPN instead of wireguard, as soon as I get the 

  

2024-05-03 12:57:58,270 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8085

 

log output, I can access the WebUI. When I change VPN_CLIENT to wireguard, the same log output happens but the WebUI is running in the timeout.

 

full log output with redacted possibly private information https://pastebin.com/avNzwj9g

Link to comment
wgstarks Mentor

wgstarks

Posted
Posted
48 minutes ago, Fribb said:

and setting sysctl="net.ipv4.conf.all.src_valid_mark=1" will result in the container being started but the WebUI runs into a timeout.

Where are you getting this from? I don’t see that in the FAQ at all.

Link to comment
Fribb Noob

Fribb

Posted
Posted
2 minutes ago, wgstarks said:

Where are you getting this from? I don’t see that in the FAQ at all.

 

In the Readme in the WireGuard Section 

 

Quote

WireGuard

If you wish to use WireGuard (defined via 'VPN_CLIENT' env var value ) then due to the enhanced security and kernel integration WireGuard will require the container to be defined with privileged permissions and sysctl support, so please ensure you change the following docker options:-

from

--cap-add=NET_ADMIN \

to

--sysctl="net.ipv4.conf.all.src_valid_mark=1" \

--privileged=true \

Link to comment
Fribb Noob

Fribb

Posted
Posted
11 minutes ago, wgstarks said:

When I switched to wireguard last night I used the process described in the FAQ-

 https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Scroll down to Q21.

yeah, this isn't any different to what I did. Wireguard and the VPN work fine, the curled IP from ifconfig.co/ip is different to the one I get in just my regular browser. However, the WebUI of Qbit is not accessible for whatever reason 

 

the only errors in the linked log file are Standard error outputs from the Start Script which don't look like errors to me.

Link to comment
Elmojo Contributor

Elmojo

Posted
Posted
6 hours ago, binhex said:

what logs? paste here

My fault.  I found in a thread elsewhere that this container does auto-forwarding.  I missed that in the docs somehow.

All I had to do was turn on the STRICT_PORT_FORWARD variable, and it appears to be working just fine now with WG.

 

Speaking of, given the bug you noted above, and 'downgrade' update, do I need to do that, or am I okay to stay as I am, since it appears to be working?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...