Jump to content

[Support] binhex - qBittorrentVPN

binhex

By binhex
in Docker Containers

Recommended Posts

Recommended

Posted by binhex,

Need further help?, please >click< here and follow the instructions.

Further help

Recommended by binhex

0 reactions

Go to this post
Recommended

Posted by binhex,

This also looks like a neat and fast solution, but PLEASE for the love of god change the password from adminadmin after doing this:- https://forums.unraid.net/topic/75539-support-binhex-qbittorrentvpn/?do=findComment&comment=1330952

qBittorrent password workaround

Recommended by binhex

0 reactions

Go to this post
Recommended

Posted by binhex,

Looks like a PIA issue with the CRL inline in the ovpn files being malformed, see here:- https://github.com/binhex/arch-qbittorrentvpn/issues/233#issuecomment-2088192316

PIA OpenVPN CRL issue

Recommended by binhex

0 reactions

Go to this post
Matrix Noob

Matrix

Posted
Posted
4 hours ago, binhex said:

How are you using this docker image?, are you simply using the built in vpn or are you sharing networking with another container?, any use of socks4/5 proxy or similar?.

All ports are unchanged, privoxy set to no and not used anyway, vpn is custom on openvpn, strict port forward set to no and vpn input/output ports left blank. Nameservers are default to container install. Container is not use by any other for connection, only radarr and sonarr to download torrents with it.

Link to comment
  • Replies 3.8k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

nraygun
nraygun

FWIW, I found this method in Reddit that seemed to work for me until they fix the log bug. But note if you have qbittorrent internet facing, it's a risk.   Add this line under [Preferences]

ThEdOtOr
ThEdOtOr

Create a necessary folder in   \\yourservername\appdata\binhex-qbittorrentvpn\qBittorrent    Create a folder called ssl     Open up terminal and type,  

cloudyb
cloudyb

For me radarr and sonarr picked up my changed password no problem. The steps I took were: -Edited the binhex/arch-qbittorrentvpn container: Changed the Repository field to binhex/arch-qbittorre

Posted Images

binhex Mentor

binhex

Posted
  • Author
Posted
21 minutes ago, Matrix said:

All ports are unchanged, privoxy set to no and not used anyway, vpn is custom on openvpn, strict port forward set to no and vpn input/output ports left blank. Nameservers are default to container install. Container is not use by any other for connection, only radarr and sonarr to download torrents with it.

I will need to see a log to help further, please see the following link:- https://github.com/binhex/documentation/blob/master/docker/faq/help.md#unraid-users

Link to comment
Matrix Noob

Matrix

Posted
Posted
22 minutes ago, binhex said:

@Matrix another question whilst you get the log, the obfuscated IP address for the 'Server' in your screenshot, if you do a IP lookup of that IP address does it match the VPN Endpoint you are connecting to?.

I will try to get the logs when I am off work. But for the IP it is the one assigned to my VPN. It is actually a static Torguard.net VPN IP with 44203 port forwarded. 

 

I did remotely just run a packet capture for that port on my pfsense box and it is trying to send an receive packets from that port number on my static vpn ip

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
2 minutes ago, Matrix said:

But for the IP it is the one assigned to my VPN. It is actually a static Torguard.net VPN IP with 44203 port forwarded. 

OK that makes sense to me, so for obvious reasons I have to permit outgoing and incoming traffic to the VPN endpoint in order to establish the VPN tunnel in the first place, and thus iptables permit this.

 

qBittorrent is a very chatty Bittorrent client and it will communicate on all adapters by default, including the LAN adapter, and as the VPN endpoints have to be open qBittorrent may (not always) attempt to connect to the VPN endpoint over the LAN, obviously it would fail as the VPN endpoint is not a Bittorrent client.

 

But i hear you cry, can't you simply tie qBittorrent down to use just the tunnel adapter?, well yes you can and i do exactly this by editing the configuration file before qBittorrent starts, but it appears qBittorrent does not always (looks to be random) pick this setting up straight away, leading to this approx. 1 second delay before switching to talk only on the tunnel adapter (as defined in the config file), so i can only assume this is a bug in qBittorrent - it should be reading the configuration and binding to the adapter BEFORE attempting any communication.
 

In any case, this in my opinion is NOT an IP leak, your VPN provider already knows your ISP assigned IP address by this point and obviously a lot more besides, you are not talking to another Bittorrent client so there has been no peer to peer communication taking place and thus the risk is extremely low (in my opinion it's zero).

  • Like 1
Link to comment
Matrix Noob

Matrix

Posted
Posted
1 hour ago, binhex said:

OK that makes sense to me, so for obvious reasons I have to permit outgoing and incoming traffic to the VPN endpoint in order to establish the VPN tunnel in the first place, and thus iptables permit this.

 

qBittorrent is a very chatty Bittorrent client and it will communicate on all adapters by default, including the LAN adapter, and as the VPN endpoints have to be open qBittorrent may (not always) attempt to connect to the VPN endpoint over the LAN, obviously it would fail as the VPN endpoint is not a Bittorrent client.

 

But i hear you cry, can't you simply tie qBittorrent down to use just the tunnel adapter?, well yes you can and i do exactly this by editing the configuration file before qBittorrent starts, but it appears qBittorrent does not always (looks to be random) pick this setting up straight away, leading to this approx. 1 second delay before switching to talk only on the tunnel adapter (as defined in the config file), so i can only assume this is a bug in qBittorrent - it should be reading the configuration and binding to the adapter BEFORE attempting any communication.
 

In any case, this in my opinion is NOT an IP leak, your VPN provider already knows your ISP assigned IP address by this point and obviously a lot more besides, you are not talking to another Bittorrent client so there has been no peer to peer communication taking place and thus the risk is extremely low (in my opinion it's zero).

Thank you for looking into this. I also am not worried about it. Some of my trackers do not permit multiple IPs for seeding and have never complained or gave errors for it.  

 

I did explicitly block for 44203 on my firewall and got a kernel panic within 10 mins. Never had one before, could be a coincidence but the timing tho. I was not at home so I had the wife hard reset.

  • Like 1
Link to comment
WickedLlama Noob

WickedLlama

Posted
Posted
On 5/1/2024 at 5:16 AM, binhex said:

 

Looks like a PIA issue with the CRL inline in the ovpn files being malformed, see here:- https://github.com/binhex/arch-qbittorrentvpn/issues/233#issuecomment-2088192316

I have contacted my VPN provider "AirVPN" and they are asking me to do the following.

 

It doesn't seem the same problem, because there's no OpenSSL log entries complaining about a certificate problem.  Can you increase OpenVPN verbosity, just in case? Try "--verb 4" on OpenVPN options (or "verb 4" on the configuration file). Default verbosity level (1) should print anyway the certificate critical error, as it happens with PIA, so we suspect this is a different case.

 

Just not sure how to do this any insight would be great!

Link to comment
WickedLlama Noob

WickedLlama

Posted
Posted
5 hours ago, binhex said:

from your log:-

[UNDEF] Inactivity timeout (--ping-restart), restarting

 

Please see Q17 from the following link:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

 

Thank you for that!!  It was my fault had Ad-guard was blocking my VPN connection.  Thank you for the quick support.  Next time I will be sure to just post as it looks like my problem started around the same time everyone had openvpn problems.

Link to comment
somemike Noob

somemike

Posted
Posted

Hi,

 

I just got started with binhex-qbittorrentvpn and set up everything, however, the PIA Wireguard Config file is not being generated.

Any help is appreciated.

 

docker run
  -d
  --name='binhex-qbittorrentvpn'
  --net='bridge'
  --privileged=true
  -e TZ="Australia/Sydney"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="MikeUnraid"
  -e HOST_CONTAINERNAME="binhex-qbittorrentvpn"
  -e 'VPN_ENABLED'='yes'
  -e 'VPN_USER'='redacted'
  -e 'VPN_PASS'='redacted'
  -e 'VPN_PROV'='pia'
  -e 'VPN_CLIENT'='wireguard'
  -e 'VPN_OPTIONS'=''
  -e 'STRICT_PORT_FORWARD'='yes'
  -e 'ENABLE_PRIVOXY'='yes'
  -e 'ENABLE_STARTUP_SCRIPTS'='no'
  -e 'WEBUI_PORT'='8080'
  -e 'LAN_NETWORK'='192.168.0.0/24'
  -e 'NAME_SERVERS'='84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
  -e 'VPN_INPUT_PORTS'=''
  -e 'VPN_OUTPUT_PORTS'=''
  -e 'DEBUG'='false'
  -e 'UMASK'='000'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8080]/'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/docker-templates/master/binhex/images/qbittorrent-icon.png'
  -p '6881:6881/tcp'
  -p '6881:6881/udp'
  -p '8080:8080/tcp'
  -p '8118:8118/tcp'
  -v '/mnt/user/appdata/data':'/data':'rw'
  -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw'
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'

c74ca0b50da3a1edd458fbc80315b5498a1f3eeeb06d226f8394f3f863ade687

The command finished successfully!

Link to comment
wgstarks Mentor

wgstarks

Posted
Posted (edited)
2 hours ago, CrazyHalfling said:

Appreciate any help.

From your logs-

Quote

[info] ProtonVPN username 'USERNAME' does not contain the suffix '+pmp' and therefore is not enabled for port forwarding, skipping port forward assignment...

I’m guessing that this combined with the strict port forwarding setting is causing the container to fail to start. Try adding the +pmp suffix after your vpn user name.

Edited by wgstarks
Typo
  • Like 1
Link to comment
CrazyHalfling Noob

CrazyHalfling

Posted
Posted
20 minutes ago, wgstarks said:

From your logs-

I’m guessing that this combined with the strict port forwarding setting is causing the container to fail to start. Try adding the +pmp suffix after your vpn user name.

that was exactly it... I feel dumb for not trying that, but thought it was optional.  Thanks!

Link to comment
wgstarks Mentor

wgstarks

Posted
Posted
1 hour ago, somemike said:

supervisord.log 20.11 kB · 1 download

 

There's also another user with the same issue on git

https://github.com/binhex/arch-qbittorrentvpn/issues/243

From your log-

Quote

[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 1 retries left
[info] Retrying in 10 secs...

 

 

https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Scroll down to Q29.

 

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
5 hours ago, somemike said:

Yep, but the initial issue here is that /config/wireguard/wg0.conf is not being automatically generated as it should be

Looking at your logs i see the failure to get the token from 'https://www.privateinternetaccess.com/gtoken/generateToken', this will then prevent the script from going further to generate the wg0.conf file. 

 

Main causes of this are:-

  1. PIA intermittent failure - Yes this is a thing sadly, leaving the container to retry should result in success.
  2. Firewall block - Check you are not blocking www.privateinternetaccess.com on your router/firewall
  3. DNS issues - Try setting NAME_SERVERS to have a value of 1.1.1.1
  • Like 1
Link to comment
Strain-Beekz Noob

Strain-Beekz

Posted
Posted

Hello BinHex,

 

I been using Unraid for roughly 2-3 years now but starting to get into dockers other than plex.  So i use your QbittorrentVPN, everything it setup but when i try to download ANYTHING from iptorrents it just tells me torrent download failed even in manual adding.  what am i doing wrong? iv done the setup correctly from what the videos iv seen said. im missing something.  I tried downloading a ubuntu iso from google and that worked fine, but i cant download anything from iptorrents.

Link to comment
Ollebro Noob

Ollebro

Posted
Posted (edited)

Hello, I'm trying to figure out if I have an issue with the container or with my VPN provider. It runs fine for about 12 hours or so, then connection is lost, logs shows DNS issues:

 

2024-06-25 16:04:57,656 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
100    49    0     0  100    49      0    960 --:--:-- --:--:-- --:--:--   980
2024-06-26 03:31:15,879 DEBG 'watchdog-script' stdout output:
[info] DNS failure, creating file '/tmp/dnsfailure' to indicate failure...

2024-06-26 03:31:31,005 DEBG 'start-script' stdout output:
[info] Sending 'down' command to WireGuard due to dns failure...

Then it ends up in a loop, trying to get the interface up again but due to DNS issues it shuts down the interface, repeat. Restarting the container dosnt help, so far the only fix I've found is to go to ovpn.com (my vpn provider) and create a new config/keypair to add to the wg0.conf file. Then it works... for another 12 hours or so. This kinda feels like an issue on their end? But I dont have this issue on my phone or other devices using the official wireguard client and config file from them.

 

EDIT: Added a sanitized version of my supervisord.log

 

 

EDIT2: Contacted the VPN provider that confirmed this is probably an issue on their end. This issue can be ignored.

 

 

Edited by Ollebro
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...