[Support] binhex - qBittorrentVPN


Recommended Posts

Already posted this question here, but @JonathanM told me to ask it here also:

 

Hello all,

 

I am the whole afternoon/evening busy with getting a second image of the same docker template, binhex-qbittorrentvpn, up and running.

I did change all the standard ports to different ports, all folder associations also to new folders, but I still cannot reach my webUI.

 

Here are the template settings, adjusted by me:

 

firefox_y0jLw8zy3k_cropped.thumb.png.86a6d9e488c6e9c56fbb7fc0faa6c7b0.png

firefox_YvXQjxgkna_cropped.thumb.png.2ad05bf74b71fb836d54ef549bb0a0fa.pngfirefox_ndUwZ9Y5Gl_cropped.thumb.png.4b3d6b5efa934a3ac86939924529bf5b.png

firefox_ZnPCf2xxlB_cropped.thumb.png.3770ccef7ad0aba2125e88f2a3f2c0e1.png

 

The image is running, openvpn configuration files are supplied in the new folder, and the only thing that doesn't work is the webUI.
I put in <server-ip>:8811 as that is set to the new webUI port.
The docker log of that new image also says "[info] qBittorrent process listening on port 8811".

 

So what is it that I cannot reach the qBittorent webUI on above ip address and port.
FYI; the 1st docker image of qbittorrent does work like a charm...

 

Some help is much appreciated. Thanks!

Link to comment
4 minutes ago, rikdegraaff said:

Some help is much appreciated. Thanks!

Host port 3 is set to 8811 for the host port but your screenshot doesn’t show the container port. It must also be set to 8811. If you can’t edit the existing port (you probably can’t) just delete it and create a new port mapping 8811:8811.

Link to comment
26 minutes ago, wgstarks said:

Host port 3 is set to 8811 for the host port but your screenshot doesn’t show the container port. It must also be set to 8811. If you can’t edit the existing port (you probably can’t) just delete it and create a new port mapping 8811:8811.

Thanks a thousand times @wgstarks, I removed Host Port 3 and re-created it on 8811, and yes it woks now!
I'm such a noob using docker, so mega much thanks! So obvious and although so unclear!!!!!! Thanksssss! 🤪

Link to comment
16 minutes ago, rikdegraaff said:

Thanks a thousand times @wgstarks, I removed Host Port 3 and re-created it on 8811, and yes it woks now!
I'm such a noob using docker, so mega much thanks! So obvious and although so unclear!!!!!! Thanksssss! 🤪

Depending on who is maintaining the docker, either the first post in the support thread or the readme on GitHub (linked in the first post) will have instructions for common configurations.

Link to comment
On 7/12/2022 at 3:22 PM, LumberJackGeek said:

I am migrating from your Deluge VPN to this qBittorrent VPN docker, and when I do that, I can't get Jackett to use the proxy successfully, all searches result in the indexer reporting all sites are in error. I switch Jackett back to Deluge, and it works.

 

My IP address is in the format 192.168.0.*

 

My LAN_NETWORK for Deluge is 192.168.1.0/24 and I tried this on qBittorrent however this seems wrong, I think it should be 192.168.0.0/24 but neither works for qBittorrent. I am able to successfully use qBittorrent to make downloads, so I know the container works to some degree at least.

 

What info would you like to see here? Or ideas on the issue?

Bump?

Link to comment

Hi - I'm having a probem switching from Bridge to Host mode...

 

I've had a look around but I've not found any simular posts (may be I'm not looking right).

 

Could any one make anu suggestions based on this error ?

 

Execution error / Server error

 

Quote

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='binhex-qbittorrentvpn' --net='host' --privileged=true -e TZ="Europe/London" -e HOST_OS="Unraid" -e HOST_HOSTNAME="tbmaindoma" -e HOST_CONTAINERNAME="binhex-qbittorrentvpn" -e 'TCP_PORT_6881'='6881' -e 'UDP_PORT_6881'='6881' -e 'TCP_PORT_8080'='8080' -e 'TCP_PORT_8118'='8118' -e 'VPN_ENABLED'='no' -e 'VPN_USER'='vpn username' -e 'VPN_PASS'='vpn password' -e 'VPN_PROV'='pia' -e 'VPN_CLIENT'='openvpn' -e 'VPN_OPTIONS'='' -e 'STRICT_PORT_FORWARD'='yes' -e 'ENABLE_PRIVOXY'='no' -e 'WEBUI_PORT'='8080' -e 'LAN_NETWORK'='192.168.1.0/24' -e 'NAME_SERVERS'='84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1' -e 'VPN_INPUT_PORTS'='' -e 'VPN_OUTPUT_PORTS'='' -e 'DEBUG'='false' -e 'UMASK'='000' -e 'PUID'='99' -e 'PGID'='100' -l net.unraid.docker.managed=dockerman -l net.unraid.docker.webui='http://[IP]:[PORT:8080]/' -l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/docker-templates/master/binhex/images/qbittorrent-icon.png' -v '/mnt/disks/WD-WCAU41281929/downloads/':'/data':'rw' -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw' --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'

1d1dc8ce5f836506820bcd067190d146abfc6e9cc48f3b5a0e609221491180ec
docker: Error response from daemon: failed to create shim: OCI runtime create failed: sysctl "net.ipv4.conf.all.src_valid_mark" not allowed in host network namespace: unknown.

The command failed.

 

Alternativley if Bridge mode is the best way what would be the best suggestion to set up a fixed port as Unraid only allows for UDP or TCP not UDP/TCP when allocating.

 

THe main reason for the above is that I'm not convinced my router is enabling the UPNP ports and as such I do not have access to some seeds so I was going to fix them under bridged or hopefully allow UPNP to work right under host.

 

Thanks

 

Terran

Edited by ccsnet
Link to comment

Hi,

 

I am having a little trouble getting into the WEB UI.

 

I have removed Host Port 3 and added it back in to set the Container and the host ports both to 8088 however I don't seem to be able to access the UI. any suggestions?

 

Here is a screenshot of my settings:

image.thumb.png.3abeb673a6f2999f99a733cf78f91af6.png

 

image.thumb.png.52095755ea37fb2ca134d823621df213.png

 

image.thumb.png.661e1a9f00f8ed9f276b82d21c904798.png

Link to comment
13 minutes ago, ArxKnight said:

Hi,

 

I am having a little trouble getting into the WEB UI.

 

I have removed Host Port 3 and added it back in to set the Container and the host ports both to 8088 however I don't seem to be able to access the UI. any suggestions?

 

Here is a screenshot of my settings:

image.thumb.png.3abeb673a6f2999f99a733cf78f91af6.png

 

image.thumb.png.52095755ea37fb2ca134d823621df213.png

 

image.thumb.png.661e1a9f00f8ed9f276b82d21c904798.png

Looking at the logs, I am getting this if it's any help ?

 

LOGS:

Spoiler

text  error  warn  system  array  login  


2022-07-27 03:20:13,836 DEBG 'start-script' stdout output:
--------------------

2022-07-27 03:20:13,836 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2022-07-27 03:20:13,881 DEBG 'start-script' stdout output:
2022-07-27 03:20:13 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2022-07-27 03:20:13,882 DEBG 'start-script' stdout output:
2022-07-27 03:20:13 WARNING: file 'credentials.conf' is group or others accessible
2022-07-27 03:20:13 OpenVPN 2.5.7 [git:makepkg/a0f9a3e9404c8321+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022
2022-07-27 03:20:13 library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10

2022-07-27 03:20:13,882 DEBG 'start-script' stdout output:
2022-07-27 03:20:13 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-07-27 03:20:13 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2022-07-27 03:20:13,882 DEBG 'start-script' stdout output:
2022-07-27 03:20:13 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-07-27 03:20:13 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2022-07-27 03:20:13,882 DEBG 'start-script' stdout output:
2022-07-27 03:20:13 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.152.19:1194
2022-07-27 03:20:13 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-07-27 03:20:13 UDP link local: (not bound)
2022-07-27 03:20:13 UDP link remote: [AF_INET]31.171.152.19:1194

2022-07-27 03:20:13,944 DEBG 'start-script' stdout output:
2022-07-27 03:20:13 TLS: Initial packet from [AF_INET]31.171.152.19:1194, sid=748aaa0b 7a16e639

2022-07-27 03:20:14,077 DEBG 'start-script' stdout output:
2022-07-27 03:20:14 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

2022-07-27 03:20:14,077 DEBG 'start-script' stdout output:
2022-07-27 03:20:14 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
2022-07-27 03:20:14 VERIFY KU OK
2022-07-27 03:20:14 Validating certificate extended key usage
2022-07-27 03:20:14 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-07-27 03:20:14 VERIFY EKU OK
2022-07-27 03:20:14 VERIFY OK: depth=0, CN=al18.nordvpn.com

2022-07-27 03:20:14,965 DEBG 'start-script' stdout output:
2022-07-27 03:20:14 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2022-07-27 03:20:14 [al18.nordvpn.com] Peer Connection Initiated with [AF_INET]31.171.152.19:1194

2022-07-27 03:20:16,033 DEBG 'start-script' stdout output:
2022-07-27 03:20:16 SENT CONTROL [al18.nordvpn.com]: 'PUSH_REQUEST' (status=1)

2022-07-27 03:20:16,095 DEBG 'start-script' stdout output:
2022-07-27 03:20:16 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.1.8 255.255.255.0,peer-id 4,cipher AES-256-GCM'

2022-07-27 03:20:16,095 DEBG 'start-script' stdout output:
2022-07-27 03:20:16 OPTIONS IMPORT: timers and/or timeouts modified
2022-07-27 03:20:16 OPTIONS IMPORT: explicit notify parm(s) modified
2022-07-27 03:20:16 OPTIONS IMPORT: compression parms modified
2022-07-27 03:20:16 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-07-27 03:20:16 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2022-07-27 03:20:16 OPTIONS IMPORT: --ifconfig/up options modified
2022-07-27 03:20:16 OPTIONS IMPORT: route options modified
2022-07-27 03:20:16 OPTIONS IMPORT: route-related options modified
2022-07-27 03:20:16 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-07-27 03:20:16 OPTIONS IMPORT: peer-id set
2022-07-27 03:20:16 OPTIONS IMPORT: adjusting link_mtu to 1657
2022-07-27 03:20:16 OPTIONS IMPORT: data channel crypto options modified
2022-07-27 03:20:16 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-07-27 03:20:16 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-27 03:20:16 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-27 03:20:16 net_route_v4_best_gw query: dst 0.0.0.0
2022-07-27 03:20:16 net_route_v4_best_gw result: via 172.17.0.1 dev eth0
2022-07-27 03:20:16 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:0a

2022-07-27 03:20:16,096 DEBG 'start-script' stdout output:
2022-07-27 03:20:16 TUN/TAP device tun0 opened
2022-07-27 03:20:16 net_iface_mtu_set: mtu 1500 for tun0
2022-07-27 03:20:16 net_iface_up: set tun0 up

2022-07-27 03:20:16,096 DEBG 'start-script' stdout output:
2022-07-27 03:20:16 net_addr_v4_add: 10.8.1.8/24 dev tun0
2022-07-27 03:20:16 /root/openvpnup.sh tun0 1500 1585 10.8.1.8 255.255.255.0 init

2022-07-27 03:20:16,099 DEBG 'start-script' stdout output:
2022-07-27 03:20:16 net_route_v4_add: 31.171.152.19/32 via 172.17.0.1 dev [NULL] table 0 metric -1

2022-07-27 03:20:16,099 DEBG 'start-script' stdout output:
2022-07-27 03:20:16 net_route_v4_add: 0.0.0.0/1 via 10.8.1.1 dev [NULL] table 0 metric -1
2022-07-27 03:20:16 net_route_v4_add: 128.0.0.0/1 via 10.8.1.1 dev [NULL] table 0 metric -1
2022-07-27 03:20:16 Initialization Sequence Completed

2022-07-27 03:20:18,223 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2022-07-27 03:20:18,676 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 31.171.152.22

2022-07-27 03:20:18,677 DEBG 'start-script' stdout output:
[info] Script started to assign incoming port

2022-07-27 03:20:18,678 DEBG 'start-script' stdout output:
[info] Port forwarding is enabled
[info] Checking endpoint '31.171.152.19' is port forward enabled...

2022-07-27 03:20:19,246 DEBG 'start-script' stdout output:
[warn] PIA endpoint '31.171.152.19' is not in the list of endpoints that support port forwarding, DL/UL speeds maybe slow
[info] Please consider switching to one of the endpoints shown below

2022-07-27 03:20:19,247 DEBG 'start-script' stdout output:
[info] List of PIA endpoints that support port forwarding:-

2022-07-27 03:20:19,247 DEBG 'start-script' stdout output:
[info] hungary.privacy.network
[info] sofia.privacy.network
[info] santiago.privacy.network
[info] no.privacy.network
[info] jakarta.privacy.network
[info] lv.privacy.network
[info] sanjose.privacy.network
[info] tr.privacy.network
[info] br.privacy.network
[info] lt.privacy.network
[info] ae.privacy.network
[info] bangladesh.privacy.network
[info] swiss.privacy.network
[info] japan-2.privacy.network
[info] ad.privacy.network
[info] france.privacy.network
[info] hk.privacy.network
[info] sk.privacy.network
[info] taiwan.privacy.network
[info] egypt.privacy.network
[info] china.privacy.network
[info] nz.privacy.network
[info] mexico.privacy.network
[info] aus-perth.privacy.network
[info] de-berlin.privacy.network
[info] italy.privacy.network
[info] ee.privacy.network
[info] pt.privacy.network
[info] is.privacy.network
[info] ca-vancouver.privacy.network
[info] spain.privacy.network
[info] bahamas.privacy.network
[info] sweden.privacy.network
[info] man.privacy.network
[info] ro.privacy.network
[info] denmark.privacy.network
[info] nigeria.privacy.network
[info] ca-ontario.privacy.network
[info] brussels.privacy.network
[info] vietnam.privacy.network
[info] liechtenstein.privacy.network
[info] macau.privacy.network
[info] aus-melbourne.privacy.network
[info] ca-montreal.privacy.network
[info] rs.privacy.network
[info] de-frankfurt.privacy.network
[info] yerevan.privacy.network
[info] fi-2.privacy.network
[info] gr.privacy.network

2022-07-27 03:20:19,247 DEBG 'start-script' stdout output:
[info] qatar.privacy.network
[info] philippines.privacy.network
[info] uk-southampton.privacy.network
[info] kazakhstan.privacy.network
[info] japan.privacy.network
[info] malta.privacy.network
[info] cambodia.privacy.network
[info] za.privacy.network
[info] bogota.privacy.network
[info] georgia.privacy.network
[info] israel.privacy.network
[info] panama.privacy.network
[info] morocco.privacy.network
[info] montenegro.privacy.network
[info] poland.privacy.network
[info] czech.privacy.network
[info] es-valencia.privacy.network
[info] ca-toronto.privacy.network
[info] uk-2.privacy.network
[info] sg.privacy.network
[info] lu.privacy.network
[info] ar.privacy.network
[info] sweden-2.privacy.network
[info] mk.privacy.network
[info] cyprus.privacy.network
[info] uk-london.privacy.network
[info] ba.privacy.network
[info] ua.privacy.network
[info] in.privacy.network
[info] italy-2.privacy.network
[info] austria.privacy.network
[info] kualalumpur.privacy.network
[info] denmark-2.privacy.network
[info] greenland.privacy.network
[info] au-sydney.privacy.network
[info] md.privacy.network
[info] slovenia.privacy.network
[info] fi.privacy.network
[info] venezuela.privacy.network
[info] mongolia.privacy.network
[info] zagreb.privacy.network
[info] ireland.privacy.network
[info] dz.privacy.network
[info] srilanka.privacy.network
[info] uk-manchester.privacy.network
[info] saudiarabia.privacy.network
[info] monaco.privacy.network
[info] al.privacy.network
[info] nl-amsterdam.privacy.network

2022-07-27 03:20:20,947 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 12 retries left
[info] Retrying in 10 secs...

 

END OF LOGS

Edited by ArxKnight
Link to comment
8 minutes ago, JonathanM said:

Does the supervisord log show a successful connection to the VPN?

Did you put your actual credentials in for the VPN instead of the placeholders shown in your screenshots?

Hi @JonathanM,

 

Yes I have puy my details in, first time round looks like it was the wrong password but getting this now in the logs.

 

Still no WEB UI though.

 

LOGS

Spoiler

[MH/PKTINFO] [AEAD] built on May 31 2022

2022-07-27 03:23:45,953 DEBG 'start-script' stdout output:
2022-07-27 03:23:45 library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10

2022-07-27 03:23:45,953 DEBG 'start-script' stdout output:
2022-07-27 03:23:45 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-07-27 03:23:45 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-07-27 03:23:45 NOTE: --fast-io is disabled since we are not using UDP

2022-07-27 03:23:45,953 DEBG 'start-script' stdout output:
2022-07-27 03:23:45 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-07-27 03:23:45 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2022-07-27 03:23:45,953 DEBG 'start-script' stdout output:
2022-07-27 03:23:45 TCP/UDP: Preserving recently used remote address: [AF_INET]31.171.152.19:443
2022-07-27 03:23:45 Socket Buffers: R=[87380->87380] S=[65536->65536]
2022-07-27 03:23:45 Attempting to establish TCP connection with [AF_INET]31.171.152.19:443 [nonblock]

2022-07-27 03:23:46,014 DEBG 'start-script' stdout output:
2022-07-27 03:23:46 TCP connection established with [AF_INET]31.171.152.19:443
2022-07-27 03:23:46 TCP_CLIENT link local: (not bound)
2022-07-27 03:23:46 TCP_CLIENT link remote: [AF_INET]31.171.152.19:443

2022-07-27 03:23:46,075 DEBG 'start-script' stdout output:
2022-07-27 03:23:46 TLS: Initial packet from [AF_INET]31.171.152.19:443, sid=108835d7 2d95a33a

2022-07-27 03:23:46,326 DEBG 'start-script' stdout output:
2022-07-27 03:23:46 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

2022-07-27 03:23:46,327 DEBG 'start-script' stdout output:
2022-07-27 03:23:46 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
2022-07-27 03:23:46 VERIFY KU OK
2022-07-27 03:23:46 Validating certificate extended key usage
2022-07-27 03:23:46 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-07-27 03:23:46 VERIFY EKU OK
2022-07-27 03:23:46 VERIFY OK: depth=0, CN=al18.nordvpn.com

2022-07-27 03:23:48,451 DEBG 'start-script' stdout output:
2022-07-27 03:23:48 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2022-07-27 03:23:48 [al18.nordvpn.com] Peer Connection Initiated with [AF_INET]31.171.152.19:443

2022-07-27 03:23:49,601 DEBG 'start-script' stdout output:
2022-07-27 03:23:49 SENT CONTROL [al18.nordvpn.com]: 'PUSH_REQUEST' (status=1)

2022-07-27 03:23:49,763 DEBG 'start-script' stdout output:
2022-07-27 03:23:49 AUTH: Received control message: AUTH_FAILED

2022-07-27 03:23:49,763 DEBG 'start-script' stdout output:
2022-07-27 03:23:49 SIGTERM[soft,auth-failure] received, process exiting

2022-07-27 03:23:49,764 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2022-07-27 03:23:49,769 DEBG 'start-script' stdout output:
2022-07-27 03:23:49 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

 

END OF LOGS

Edited by ArxKnight
Link to comment
5 minutes ago, JonathanM said:

Does the supervisord log show a successful connection to the VPN?

Did you put your actual credentials in for the VPN instead of the placeholders shown in your screenshots?

Looking at the logs is seems to be able to connect but this yellow warning/ error looks concerning, could this be preventing the connection?

 

Error List:

 

2022-07-27 03:28:17 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2022-07-27 03:28:17,420 DEBG 'start-script' stdout output:
2022-07-27 03:28:17 WARNING: file 'credentials.conf' is group or others accessible
2022-07-27 03:28:17 OpenVPN 2.5.7 [git:makepkg/a0f9a3e9404c8321+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022
2022-07-27 03:28:17 library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10

2022-07-27 03:28:17,420 DEBG 'start-script' stdout output:
2022-07-27 03:28:17 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-07-27 03:28:17 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Link to comment

Update:

 

Looks like it's working with the correct details now, though it looks to be listening on port: 8080 when it should be on port: 8088 if I am correct?

 

LOGS

Spoiler

text  error  warn  system  array  login  

2022-07-27 03:47:48,387 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2022-07-27 03:47:48,388 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 WARNING: file 'credentials.conf' is group or others accessible
2022-07-27 03:47:48 OpenVPN 2.5.7 [git:makepkg/a0f9a3e9404c8321+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 31 2022

2022-07-27 03:47:48,388 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 library versions: OpenSSL 1.1.1o  3 May 2022, LZO 2.10

2022-07-27 03:47:48,388 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-07-27 03:47:48 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-07-27 03:47:48 NOTE: --fast-io is disabled since we are not using UDP

2022-07-27 03:47:48,388 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-07-27 03:47:48 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2022-07-27 03:47:48,388 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 TCP/UDP: Preserving recently used remote address: [AF_INET]178.159.3.180:443
2022-07-27 03:47:48 Socket Buffers: R=[87380->87380] S=[65536->65536]
2022-07-27 03:47:48 Attempting to establish TCP connection with [AF_INET]178.159.3.180:443 [nonblock]

2022-07-27 03:47:48,405 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 TCP connection established with [AF_INET]178.159.3.180:443
2022-07-27 03:47:48 TCP_CLIENT link local: (not bound)
2022-07-27 03:47:48 TCP_CLIENT link remote: [AF_INET]178.159.3.180:443

2022-07-27 03:47:48,421 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 TLS: Initial packet from [AF_INET]178.159.3.180:443, sid=a2ca8e61 ae336092

2022-07-27 03:47:48,489 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

2022-07-27 03:47:48,490 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7

2022-07-27 03:47:48,490 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 VERIFY KU OK
2022-07-27 03:47:48 Validating certificate extended key usage
2022-07-27 03:47:48 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-07-27 03:47:48 VERIFY EKU OK
2022-07-27 03:47:48 VERIFY OK: depth=0, CN=uk2202.nordvpn.com

2022-07-27 03:47:48,632 DEBG 'start-script' stdout output:
2022-07-27 03:47:48 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2022-07-27 03:47:48 [uk2202.nordvpn.com] Peer Connection Initiated with [AF_INET]178.159.3.180:443

2022-07-27 03:47:49,745 DEBG 'start-script' stdout output:
2022-07-27 03:47:49 SENT CONTROL [uk2202.nordvpn.com]: 'PUSH_REQUEST' (status=1)

2022-07-27 03:47:49,818 DEBG 'start-script' stdout output:
2022-07-27 03:47:49 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.2.3 255.255.255.0,peer-id 0,cipher AES-256-GCM'

2022-07-27 03:47:49,818 DEBG 'start-script' stdout output:
2022-07-27 03:47:49 OPTIONS IMPORT: timers and/or timeouts modified
2022-07-27 03:47:49 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
2022-07-27 03:47:49 OPTIONS IMPORT: compression parms modified
2022-07-27 03:47:49 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-07-27 03:47:49 Socket Buffers: R=[87380->1048576] S=[130560->1048576]
2022-07-27 03:47:49 OPTIONS IMPORT: --ifconfig/up options modified
2022-07-27 03:47:49 OPTIONS IMPORT: route options modified
2022-07-27 03:47:49 OPTIONS IMPORT: route-related options modified
2022-07-27 03:47:49 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-07-27 03:47:49 OPTIONS IMPORT: peer-id set
2022-07-27 03:47:49 OPTIONS IMPORT: adjusting link_mtu to 1659
2022-07-27 03:47:49 OPTIONS IMPORT: data channel crypto options modified
2022-07-27 03:47:49 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-07-27 03:47:49 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-27 03:47:49 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-27 03:47:49 net_route_v4_best_gw query: dst 0.0.0.0
2022-07-27 03:47:49 net_route_v4_best_gw result: via 172.17.0.1 dev eth0
2022-07-27 03:47:49 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:0a

2022-07-27 03:47:49,818 DEBG 'start-script' stdout output:
2022-07-27 03:47:49 TUN/TAP device tun0 opened
2022-07-27 03:47:49 net_iface_mtu_set: mtu 1500 for tun0
2022-07-27 03:47:49 net_iface_up: set tun0 up
2022-07-27 03:47:49 net_addr_v4_add: 10.7.2.3/24 dev tun0
2022-07-27 03:47:49 /root/openvpnup.sh tun0 1500 1587 10.7.2.3 255.255.255.0 init

2022-07-27 03:47:49,820 DEBG 'start-script' stdout output:
2022-07-27 03:47:49 net_route_v4_add: 178.159.3.180/32 via 172.17.0.1 dev [NULL] table 0 metric -1

2022-07-27 03:47:49,821 DEBG 'start-script' stdout output:
2022-07-27 03:47:49 net_route_v4_add: 0.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2022-07-27 03:47:49 net_route_v4_add: 128.0.0.0/1 via 10.7.2.1 dev [NULL] table 0 metric -1
2022-07-27 03:47:49 Initialization Sequence Completed

2022-07-27 03:47:50,871 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2022-07-27 03:47:51,153 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 37.9.60.84

2022-07-27 03:47:51,154 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment

2022-07-27 03:48:05,949 DEBG 'watchdog-script' stdout output:
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.7.2.3 different, marking for reconfigure

2022-07-27 03:48:05,953 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2022-07-27 03:48:05,953 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2022-07-27 03:48:05,962 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2022-07-27 03:48:06,085 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8080...

2022-07-27 03:48:06,302 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080

 

 

Link to comment

supervisord.logHey @wgstarks

 

The WEBUI is set to port: 8088, I deleted the default one and added it back so that it would set the host and container ports to 8088.

 

I have attached my supervisord for you to take a look :)

 

These are the most up-to-date logs:

 

LOGS

Spoiler

text  error  warn  system  array  login  

2022-07-27 03:58:37 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2022-07-27 03:58:37 [uk2202.nordvpn.com] Peer Connection Initiated with [AF_INET]178.159.3.180:1194

2022-07-27 03:58:38,130 DEBG 'start-script' stdout output:
2022-07-27 03:58:38 SENT CONTROL [uk2202.nordvpn.com]: 'PUSH_REQUEST' (status=1)

2022-07-27 03:58:38,145 DEBG 'start-script' stdout output:
2022-07-27 03:58:38 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.1.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.1.3 255.255.255.0,peer-id 0,cipher AES-256-GCM'

2022-07-27 03:58:38,146 DEBG 'start-script' stdout output:
2022-07-27 03:58:38 OPTIONS IMPORT: timers and/or timeouts modified
2022-07-27 03:58:38 OPTIONS IMPORT: explicit notify parm(s) modified
2022-07-27 03:58:38 OPTIONS IMPORT: compression parms modified
2022-07-27 03:58:38 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-07-27 03:58:38 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2022-07-27 03:58:38 OPTIONS IMPORT: --ifconfig/up options modified
2022-07-27 03:58:38 OPTIONS IMPORT: route options modified
2022-07-27 03:58:38 OPTIONS IMPORT: route-related options modified
2022-07-27 03:58:38 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-07-27 03:58:38 OPTIONS IMPORT: peer-id set
2022-07-27 03:58:38 OPTIONS IMPORT: adjusting link_mtu to 1657
2022-07-27 03:58:38 OPTIONS IMPORT: data channel crypto options modified
2022-07-27 03:58:38 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-07-27 03:58:38 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-27 03:58:38 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-27 03:58:38 net_route_v4_best_gw query: dst 0.0.0.0
2022-07-27 03:58:38 net_route_v4_best_gw result: via 172.17.0.1 dev eth0
2022-07-27 03:58:38 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:0a

2022-07-27 03:58:38,146 DEBG 'start-script' stdout output:
2022-07-27 03:58:38 TUN/TAP device tun0 opened
2022-07-27 03:58:38 net_iface_mtu_set: mtu 1500 for tun0

2022-07-27 03:58:38,146 DEBG 'start-script' stdout output:
2022-07-27 03:58:38 net_iface_up: set tun0 up
2022-07-27 03:58:38 net_addr_v4_add: 10.8.1.3/24 dev tun0
2022-07-27 03:58:38 /root/openvpnup.sh tun0 1500 1585 10.8.1.3 255.255.255.0 init

2022-07-27 03:58:38,150 DEBG 'start-script' stdout output:
2022-07-27 03:58:38 net_route_v4_add: 178.159.3.180/32 via 172.17.0.1 dev [NULL] table 0 metric -1

2022-07-27 03:58:38,151 DEBG 'start-script' stdout output:
2022-07-27 03:58:38 net_route_v4_add: 0.0.0.0/1 via 10.8.1.1 dev [NULL] table 0 metric -1
2022-07-27 03:58:38 net_route_v4_add: 128.0.0.0/1 via 10.8.1.1 dev [NULL] table 0 metric -1
2022-07-27 03:58:38 Initialization Sequence Completed

2022-07-27 03:58:39,188 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2022-07-27 03:58:39,431 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 37.9.60.87

2022-07-27 03:58:39,431 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment

2022-07-27 03:58:54,260 DEBG 'watchdog-script' stdout output:
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.8.1.3 different, marking for reconfigure

2022-07-27 03:58:54,265 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2022-07-27 03:58:54,265 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2022-07-27 03:58:54,274 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2022-07-27 03:58:54,386 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8080...

2022-07-27 03:58:54,497 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080

2022-07-27 04:58:37,210 DEBG 'start-script' stdout output:
2022-07-27 04:58:37 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2022-07-27 04:58:37 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA7
2022-07-27 04:58:37 VERIFY KU OK
2022-07-27 04:58:37 Validating certificate extended key usage
2022-07-27 04:58:37 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-07-27 04:58:37 VERIFY EKU OK
2022-07-27 04:58:37 VERIFY OK: depth=0, CN=uk2202.nordvpn.com

2022-07-27 04:58:37,329 DEBG 'start-script' stdout output:
2022-07-27 04:58:37 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-07-27 04:58:37 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

2022-07-27 04:58:37,330 DEBG 'start-script' stdout output:
2022-07-27 04:58:37 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512

 

image.thumb.png.cdd4480880473ffd2f04c7310c8de92e.png

Edited by ArxKnight
Link to comment
3 hours ago, JonathanM said:

 

You only changed the template, not the app itself.

Hi @JonathanM,

 

I though I had done the correct method by deleting the default "WEBUI" port and making it again to set the host and container ports both to 8088?

 

Here you can see what I did:

image.thumb.png.a9f591024c244a7f93ae23563af1c1ab.png

 

If there is something i'm missing could you please point me in the right direction for how I may go and change it as I thought all ports were handled though the settings of the container as shown above?

Link to comment
Just now, ArxKnight said:

Hi @JonathanM,

 

I though I had done the correct method by deleting the default "WEBUI" port and making it again to set the host and container ports both to 8088?

 

Here you can see what I did:

image.thumb.png.a9f591024c244a7f93ae23563af1c1ab.png

 

If there is something i'm missing could you please point me in the right direction for how I may go and change it as I thought all ports were handled though the settings of the container as shown above?

Not that I pay much attention to binhex's threads as he's great at supporting them, but I do have a question

 

Why are you changing the container port?  The container is running as bridge which means that you generally leave the container port alone (8080) and simply edit it to change the host port (to 8088)  There's no conflict by having multiple containers all listening internally on 8080 as that's what the port mapping is supposed to do.

 

The way that you're doing this means getting into the container's UI (which is still internally on 8080, but no port mapping now available for it), telling it to listen instead on 8088, deleting and adding the port (which you've done) in the template, and also changing the WebUI entry in the template to reflect now 8088 instead of how it was originally set (which works no matter how you map the port)

 

This BTW is why on the template you cannot edit the container port number and have to instead delete and re-add

Link to comment
1 minute ago, Squid said:

Not that I pay much attention to binhex's threads as he's great at supporting them, but I do have a question

 

Why are you changing the container port?  The container is running as bridge which means that you generally leave the container port alone (8080) and simply edit it to change the host port (to 8088)  There's no conflict by having multiple containers all listening internally on 8080 as that's what the port mapping is supposed to do.

 

The way that you're doing this means getting into the container's UI (which is still internally on 8080, but no port mapping now available for it), telling it to listen instead on 8088, deleting and adding the port (which you've done) in the template, and also changing the WebUI entry in the template to reflect now 8088 instead of how it was originally set (which works no matter how you map the port)

 

This BTW is why on the template you cannot edit the container port number and have to instead delete and re-add

I am changing the container port as I already have another container running in brigde mode with the same port so I would have thought that trying to run this also on the same IP/Port would cause a conflict.

 

hmmm, it seems after those steps it still claims this:

 

Spoiler

2022-07-27 15:53:17,323 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8080...

2022-07-27 15:53:17,432 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080

 

Link to comment

Tried changing it 8080 just to see if I would be correct and indeed I cannot use the consiner on port: 8088 as it's currently in use via another container.

 

 

image.thumb.png.335f19b5bfa5fbc3ba24efd5ddb762e3.png

 

UPDATE:

 

It seems that I can run the conainer port on 8080 and then just run the host port on 8088 which does give something but it looks like it's showing "Unauthorized"? I don't know what this could mean though.

image.png.9fb0d9633834d678de46badd93992a68.png

 

image.png.369a33a931ec7abe7200967de7952c93.png

Edited by ArxKnight
Link to comment

You have deleted the existing webUI port variable and created a port to replace it. That’s not going to work. You should have edited the existing webUI port variable and changed it to 8088 (see screenshot).

36FD5149-50B4-44A8-8715-11098BC2DD89.thumb.png.e1a564acc290f9a61cc48708a1667f05.png

 

You would also need to delete the port mapping for 8080 and create a new one for 8088.

FBA04DCC-36A6-4447-9727-4D5D010F03B1.thumb.png.db8108339f1d74089c2ea4280792fdd6.png

 

Im not sure exactly what you have now but you may want to delete whatever you have for these two items and create new ones to match the screenshots.

Link to comment
18 minutes ago, ArxKnight said:

It seems that I can run the conainer port on 8080 and then just run the host port on 8088 which does give something but it looks like it's showing "Unauthorized"? I don't know what this could mean though.

https://forums.unraid.net/topic/75539-support-binhex-qbittorrentvpn/?do=findComment&comment=696184

@Squid, this container is "special". It doesn't like remapped ports.

Link to comment
32 minutes ago, ArxKnight said:

I though I had done the correct method by deleting the default "WEBUI" port and making it again to set the host and container ports both to 8088?

from your screenshot it looks like you defined the 'Name' of the port incorrectly, its not 'WEBUI PORT' its 'WEBUI_PORT' and the type is wrong, its a variable NOT a port.

 

@Squid you are quite right, the user should not be redefining the container port - however qbittorrent is an exception to the case here, here are my notes from the qbittorrent README.md (geared more towards non unraid users, but you get the gist):-

 

Quote

Due to issues with CSRF and port mapping, should you require to alter the port for the webui you need to change both sides of the -p 8080 switch AND set the WEBUI_PORT variable to the new port.

For example, to set the port to 8090 you need to set -p 8090:8090 and -e WEBUI_PORT=8090

so for unraid users that means setting WEBUI_PORT to the port you want and then re-creating the port to match (host and container side being the same).

 

i then have some code to pick up the env var WEBUI_PORT to set the port for the running application (qbittorrent in this case).

  • Like 1
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.