[Support] binhex - qBittorrentVPN


Recommended Posts

I'm unable to get my webui working with vpn enabled. Things work fine with vpn turned off.

 

I did some searching, and in all the similar cases I found, there was a mismatch in the WEBUI_PORT and container port forwarding (usually, the WEBUI_PORT was set to something like 8123 but the forwarded container ports were still set to 8080). I think my ports are being set correctly.

 

My VPN appears to be working correctly, and I can successfully ping google.com from the container when the VPN is up, I just can't load the webui.

 

Does anyone have ideas of what else I could be missing? I've included my supervisord.log file below. Thanks!

 

Quote

[root@qbittorrent-vpn-ix-chart-7b8c78b4db-n6gpp config]# cat supervisord.log
Created by...
___.   .__       .__
\_ |__ |__| ____ |  |__   ____ ___  ___
 | __ \|  |/    \|  |  \_/ __ \\  \/  /
 | \_\ \  |   |  \   Y  \  ___/ >    <
 |___  /__|___|  /___|  /\___  >__/\_ \
     \/        \/     \/     \/      \/
  https://hub.docker.com/u/binhex/

2022-08-25 18:54:45.603216 [info] System information Linux qbittorrent-vpn-ix-chart-7b8c78b4db-n6gpp 5.10.109+truenas #1 SMP Tue May 3 15:35:59 UTC 2022 x86_64 GNU/Linux
2022-08-25 18:54:45.642790 [info] OS_ARCH defined as 'x86-64'
2022-08-25 18:54:45.684188 [info] PUID defined as '568'
2022-08-25 18:54:46.273747 [info] PGID defined as '568'
2022-08-25 18:54:46.448429 [info] UMASK defined as '000'
2022-08-25 18:54:46.481187 [info] Permissions already set for '/config'
2022-08-25 18:54:46.520249 [info] Deleting files in /tmp (non recursive)...
2022-08-25 18:54:46.563924 [info] VPN_ENABLED defined as 'yes'
2022-08-25 18:54:46.599641 [info] VPN_CLIENT defined as 'wireguard'
2022-08-25 18:54:46.635215 [info] VPN_PROV defined as 'pia'
2022-08-25 18:54:46.997914 [info] WireGuard config file (conf extension) is located at /config/wireguard/wg0.conf
2022-08-25 18:54:47.054062 [info] VPN_REMOTE_SERVER defined as 'nl-amsterdam.privacy.network'
2022-08-25 18:54:47.137257 [info] VPN_REMOTE_PORT defined as '1337'
2022-08-25 18:54:47.169017 [info] VPN_DEVICE_TYPE defined as 'wg0'
2022-08-25 18:54:47.201114 [info] VPN_REMOTE_PROTOCOL defined as 'udp'
2022-08-25 18:54:47.238711 [info] LAN_NETWORK defined as '192.168.9.0/24'
2022-08-25 18:54:47.273774 [info] NAME_SERVERS defined as '84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
2022-08-25 18:54:47.309780 [info] VPN_USER defined as 'REDACTED'
2022-08-25 18:54:47.348305 [info] VPN_PASS defined as 'REDACTED'
2022-08-25 18:54:47.491727 [info] STRICT_PORT_FORWARD defined as 'yes'
2022-08-25 18:54:47.523638 [info] ENABLE_PRIVOXY defined as 'yes'
2022-08-25 18:54:47.563041 [info] VPN_INPUT_PORTS defined as '1234'
2022-08-25 18:54:47.598927 [info] VPN_OUTPUT_PORTS defined as '5678'
2022-08-25 18:54:47.634286 [info] WEBUI_PORT defined as '10095'
2022-08-25 18:54:47.674161 [info] Starting Supervisor...
2022-08-25 18:54:47,945 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing
2022-08-25 18:54:47,945 INFO Set uid to user 0 succeeded
2022-08-25 18:54:47,948 INFO supervisord started with pid 7
2022-08-25 18:54:48,951 INFO spawned: 'shutdown-script' with pid 161
2022-08-25 18:54:48,953 INFO spawned: 'start-script' with pid 162
2022-08-25 18:54:48,955 INFO spawned: 'watchdog-script' with pid 163
2022-08-25 18:54:48,955 INFO reaped unknown pid 8 (exit status 0)
2022-08-25 18:54:48,962 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2022-08-25 18:54:48,962 INFO success: shutdown-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2022-08-25 18:54:48,962 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2022-08-25 18:54:48,962 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2022-08-25 18:54:48,964 DEBG 'watchdog-script' stdout output:
[info] qBittorrent config file already exists, skipping copy
[info] Removing session lock file (if it exists)...

2022-08-25 18:54:48,969 DEBG 'start-script' stdout output:
[info] Adding 84.200.69.80 to /etc/resolv.conf

2022-08-25 18:54:48,973 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2022-08-25 18:54:48,978 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2022-08-25 18:54:48,982 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2022-08-25 18:54:48,987 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2022-08-25 18:54:48,991 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2022-08-25 18:54:49,378 DEBG 'start-script' stdout output:
[info] Token generated for PIA wireguard authentication

2022-08-25 18:54:49,424 DEBG 'start-script' stdout output:
[info] Trying to connect to the PIA WireGuard API on 'nl-amsterdam.privacy.network'...

2022-08-25 18:54:50,060 DEBG 'start-script' stdout output:
[info] Default route for container is 172.16.0.1

2022-08-25 18:54:50,079 DEBG 'start-script' stdout output:
[info] Docker network defined as    172.16.0.0/16

2022-08-25 18:54:50,085 DEBG 'start-script' stdout output:
[info] Adding 192.168.9.0/24 as route via docker eth0

2022-08-25 18:54:50,087 DEBG 'start-script' stdout output:
[info] ip route defined as follows...

2022-08-25 18:54:50,087 DEBG 'start-script' stdout output:
--------------------

2022-08-25 18:54:50,089 DEBG 'start-script' stdout output:
default via 172.16.0.1 dev eth0
172.16.0.0/16 dev eth0 proto kernel scope link src 172.16.2.202
192.168.9.0/24 via 172.16.0.1 dev eth0
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1

2022-08-25 18:54:50,089 DEBG 'start-script' stdout output:
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 172.16.0.0 dev eth0 table local proto kernel scope link src 172.16.2.202
local 172.16.2.202 dev eth0 table local proto kernel scope host src 172.16.2.202
broadcast 172.16.255.255 dev eth0 table local proto kernel scope link src 172.16.2.202

2022-08-25 18:54:50,089 DEBG 'start-script' stdout output:
--------------------

2022-08-25 18:54:50,097 DEBG 'start-script' stdout output:
iptable_mangle         16384  0
ip_tables              32768  7 iptable_filter,iptable_raw,iptable_nat,iptable_mangle
x_tables               53248  21 xt_conntrack,iptable_filter,nft_compat,xt_multiport,xt_NFLOG,xt_tcpudp,xt_addrtype,xt_physdev,xt_nat,xt_ipvs,xt_comment,xt_owner,xt_set,ipt_REJECT,xt_connmark,iptable_raw,ip_tables,xt_limit,xt_MASQUERADE,iptable_mangle,xt_mark

2022-08-25 18:54:50,097 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2022-08-25 18:54:50,197 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2022-08-25 18:54:50,198 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 172.16.0.0/16 -d 172.16.0.0/16 -j ACCEPT
-A INPUT -s 181.214.206.132/32 -i eth0 -j ACCEPT
-A INPUT -s 195.78.54.171/32 -i eth0 -j ACCEPT
-A INPUT -s 212.102.35.97/32 -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 10095 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 10095 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1234 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 1234 -j ACCEPT
-A INPUT -s 192.168.9.0/24 -d 172.16.0.0/16 -i eth0 -p tcp -m tcp --dport 8118 -j ACCEPT
-A INPUT -s 192.168.9.0/24 -d 172.16.0.0/16 -i eth0 -p tcp -m tcp --sport 5678 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A OUTPUT -s 172.16.0.0/16 -d 172.16.0.0/16 -j ACCEPT
-A OUTPUT -d 181.214.206.132/32 -o eth0 -j ACCEPT
-A OUTPUT -d 195.78.54.171/32 -o eth0 -j ACCEPT
-A OUTPUT -d 212.102.35.97/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 10095 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 10095 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 1234 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 1234 -j ACCEPT
-A OUTPUT -s 172.16.0.0/16 -d 192.168.9.0/24 -o eth0 -p tcp -m tcp --sport 8118 -j ACCEPT
-A OUTPUT -s 172.16.0.0/16 -d 192.168.9.0/24 -o eth0 -p tcp -m tcp --dport 5678 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT

2022-08-25 18:54:50,200 DEBG 'start-script' stdout output:
--------------------

2022-08-25 18:54:50,204 DEBG 'start-script' stdout output:
[info] Attempting to bring WireGuard interface 'up'...

2022-08-25 18:54:50,216 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2022-08-25 18:54:50,225 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard

2022-08-25 18:54:50,227 DEBG 'start-script' stderr output:
[#] wg setconf wg0 /dev/fd/63

2022-08-25 18:54:50,229 DEBG 'start-script' stderr output:
[#] ip -4 address add 10.3.232.136 dev wg0

2022-08-25 18:54:50,236 DEBG 'start-script' stderr output:
[#] ip link set mtu 1420 up dev wg0

2022-08-25 18:54:50,247 DEBG 'start-script' stderr output:
[#] wg set wg0 fwmark 51820

2022-08-25 18:54:50,248 DEBG 'start-script' stderr output:
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820

2022-08-25 18:54:50,250 DEBG 'start-script' stderr output:
[#] ip -4 rule add not fwmark 51820 table 51820

2022-08-25 18:54:50,251 DEBG 'start-script' stderr output:
[#] ip -4 rule add table main suppress_prefixlength 0

2022-08-25 18:54:50,255 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1

2022-08-25 18:54:50,257 DEBG 'start-script' stderr output:
[#] iptables-restore -n

2022-08-25 18:54:50,260 DEBG 'start-script' stderr output:
[#] '/root/wireguardup.sh'

2022-08-25 18:54:51,516 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2022-08-25 18:54:52,715 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 181.214.206.132

2022-08-25 18:54:52,716 DEBG 'start-script' stdout output:
[info] Script started to assign incoming port

2022-08-25 18:54:52,716 DEBG 'start-script' stdout output:
[info] Port forwarding is enabled
[info] Checking endpoint 'nl-amsterdam.privacy.network' is port forward enabled...

2022-08-25 18:54:52,717 DEBG 'start-script' stdout output:
[info] WireGuard interface 'up'

2022-08-25 18:54:58,611 DEBG 'start-script' stdout output:
[info] PIA endpoint 'nl-amsterdam.privacy.network' is in the list of endpoints that support port forwarding

2022-08-25 18:54:58,615 DEBG 'start-script' stdout output:
[info] List of PIA endpoints that support port forwarding:-

2022-08-25 18:54:58,615 DEBG 'start-script' stdout output:
[info] ad.privacy.network
[info] macau.privacy.network
[info] sofia.privacy.network
[info] italy-2.privacy.network
[info] mongolia.privacy.network
[info] israel.privacy.network
[info] lu.privacy.network
[info] france.privacy.network
[info] georgia.privacy.network

2022-08-25 18:54:58,616 DEBG 'start-script' stdout output:
[info] nz.privacy.network
[info] man.privacy.network
[info] de-berlin.privacy.network
[info] ar.privacy.network
[info] venezuela.privacy.network
[info] rs.privacy.network
[info] ba.privacy.network
[info] greenland.privacy.network
[info] philippines.privacy.network
[info] slovenia.privacy.network
[info] qatar.privacy.network
[info] fi.privacy.network
[info] de-frankfurt.privacy.network
[info] ca-vancouver.privacy.network
[info] morocco.privacy.network
[info] sg.privacy.network
[info] malta.privacy.network
[info] is.privacy.network
[info] cambodia.privacy.network
[info] pt.privacy.network
[info] lt.privacy.network
[info] cyprus.privacy.network
[info] vietnam.privacy.network
[info] lv.privacy.network
[info] spain.privacy.network
[info] aus-melbourne.privacy.network
[info] sk.privacy.network
[info] japan.privacy.network
[info] japan-2.privacy.network
[info] denmark-2.privacy.network
[info] nigeria.privacy.network
[info] swiss.privacy.network
[info] hk.privacy.network
[info] ee.privacy.network
[info] denmark.privacy.network
[info] uk-southampton.privacy.network

2022-08-25 18:54:58,616 DEBG 'start-script' stdout output:
[info] bogota.privacy.network
[info] uk-manchester.privacy.network
[info] br.privacy.network
[info] tr.privacy.network
[info] taiwan.privacy.network
[info] ca-toronto.privacy.network
[info] poland.privacy.network
[info] al.privacy.network
[info] egypt.privacy.network
[info] mexico.privacy.network
[info] sweden-2.privacy.network
[info] sanjose.privacy.network
[info] liechtenstein.privacy.network
[info] hungary.privacy.network
[info] uk-2.privacy.network
[info] jakarta.privacy.network
[info] austria.privacy.network
[info] italy.privacy.network
[info] au-sydney.privacy.network
[info] ca-montreal.privacy.network
[info] dz.privacy.network
[info] ua.privacy.network
[info] panama.privacy.network
[info] nl-amsterdam.privacy.network
[info] yerevan.privacy.network
[info] santiago.privacy.network
[info] no.privacy.network
[info] srilanka.privacy.network
[info] fi-2.privacy.network
[info] ca-ontario.privacy.network
[info] bahamas.privacy.network
[info] czech.privacy.network
[info] monaco.privacy.network
[info] mk.privacy.network

2022-08-25 18:54:58,616 DEBG 'start-script' stdout output:
[info] uk-london.privacy.network
[info] es-valencia.privacy.network
[info] saudiarabia.privacy.network
[info] bangladesh.privacy.network
[info] china.privacy.network
[info] ireland.privacy.network
[info] in.privacy.network
[info] ae.privacy.network
[info] gr.privacy.network
[info] za.privacy.network
[info] brussels.privacy.network
[info] montenegro.privacy.network
[info] md.privacy.network
[info] kazakhstan.privacy.network
[info] kualalumpur.privacy.network
[info] ro.privacy.network
[info] aus-perth.privacy.network
[info] zagreb.privacy.network
[info] sweden.privacy.network

2022-08-25 18:55:09,505 DEBG 'watchdog-script' stdout output:
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.3.232.136 different, marking for reconfigure

2022-08-25 18:55:09,514 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2022-08-25 18:55:09,520 DEBG 'watchdog-script' stdout output:
[info] Privoxy not running

2022-08-25 18:55:09,520 DEBG 'watchdog-script' stdout output:
[info] qBittorrent incoming port 6881 and VPN incoming port 39333 different, marking for reconfigure

2022-08-25 18:55:09,520 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2022-08-25 18:55:09,530 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2022-08-25 18:55:09,579 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 10095...

2022-08-25 18:55:09,703 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 10095

2022-08-25 18:55:09,764 DEBG 'start-script' stdout output:
[info] Successfully assigned and bound incoming port '39333'

2022-08-25 18:55:10,121 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Privoxy...

2022-08-25 18:55:11,132 DEBG 'watchdog-script' stdout output:
[info] Privoxy process started
[info] Waiting for Privoxy process to start listening on port 8118...

2022-08-25 18:55:11,143 DEBG 'watchdog-script' stdout output:
[info] Privoxy process listening on port 8118
 

 

Edited by Concave5872
Link to comment
1 hour ago, Concave5872 said:

I'm unable to get my webui working with vpn enabled. Things work fine with vpn turned off.

 

I did some searching, and in all the similar cases I found, there was a mismatch in the WEBUI_PORT and container port forwarding (usually, the WEBUI_PORT was set to something like 8123 but the forwarded container ports were still set to 8080). I think my ports are being set correctly.

 

My VPN appears to be working correctly, and I can successfully ping google.com from the container when the VPN is up, I just can't load the webui.

 

Does anyone have ideas of what else I could be missing? I've included my supervisord.log file below. Thanks!

 

 

Just to be sure you've setup the port correctly lets start with this-

https://github.com/binhex/documentation/blob/master/docker/faq/qbittorrentvpn.md

Scroll down to Q4.

  • Like 1
Link to comment

Cross-posting what I've already posted on the rtorrent thread, as my main focus is now using qBittorrent instead. 

 

Hi @binhex

First, thanks a lot for these containers, have been using arch-rtorrentvpn for quite some time and been pretty happy with it - not on unraid but on a qnap NAS via AirVPN (a UDP OpenVPN Linux config retrieved via the dedicated airvpn page). I recently noticed a drop in bandwidth and decided to clean my install and rewrite the whole docker-compose file after reading your documentation VPN page. I've tried both the rtorrent and qbittorrent containers, via openvpn or wireguard, but I cannot get decent bandwidth with linux torrents, and the port I've got open on airvpn for port forwarding always appears to be closed when trying to reach it via yougetsignal. 

 

As a baseline, using QNAP Download Station on Ubuntu torrents gets me 60MBps, and using a standard qbittorrent from linuxserver with no VPN, I get 40MBps. Having 1/1000 that bandwidth, and reading on your doc that it must be a port forwarding issue, I requested port 62821-62825 on airvpn, and modified the qBittorrent.conf  `Session\Port=62821 and Connection\PortRangeMin=62821`

Just in case, I pulled the latest images, set PUID and PGID to 0. It seems like my containers are not set to priviledged when using wireguard since I get the error from Q23 `[warn] WireGuard interface failed to come 'up', exit code is '1'`. So I focused on OpenVPN config

No matter what I tried, I cannot get it to download faster than 1KBps. I did set VPN_INPUT_PORTS and VPN_OUTPUT_PORTS to 62821, but then realized these are used for inter-containers communication, which I am not using at the moment. I've tried with both a AirVPN_Netherlands_TCP-443.ovpn and AirVPN_Netherlands_UDP-443.ovpn openvpn file with no luck.


Here is my Qbittorrent docker-compose file

Spoiler
version: '3'

services:
  qbittorrentvpn:
    image: binhex/arch-qbittorrentvpn:latest
    container_name: qbittorrentvpn 
    restart: unless-stopped
    # OpenVPN
    cap_add:
      - NET_ADMIN
    # WIREGUARD
    #privileged: true
    #sysctls:
    #  - net.ipv4.conf.all.src_valid_mark=1
    # COMMMON
    ports: 
        - 61821:61821  # 6881
        - 61821:61821/udp # 6881/udp
        - 8030:8080 
        - 8118:8118 
    volumes: 
        - /share/DockerApps/downloads_qbittorrent:/data 
        - /share/DockerApps/config/qbittorrentvpn:/config 
        - /etc/localtime:/etc/localtime:ro         
    environment: 
      # OPENVPN or WIREGUARD
      - VPN_ENABLED=yes 
      - VPN_PROV=airvpn # airvpn custom
      - VPN_CLIENT=openvpn # openvpn wireguard
      - STRICT_PORT_FORWARD=yes 
      #- VPN_INPUT_PORTS=61821
      #- VPN_OUTPUT_PORTS=61821
      # LAN CONFIG
      - LAN_NETWORK=192.168.2.0/24 
      - NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 \
      - DEBUG=true 
      - VPN_USER=admin 
      - VPN_PASS=mypassword 
      # PLUGINS
      #- ENABLE_FLOOD=yes
      - ENABLE_PRIVOXY=yes 
      # LOGINS
      - WEBUI_USER=admin 
      - WEBUI_PORT=8080 
      - WEBUI_PASS=PWIz6hDg7GJLipOqUuP9 
      # OTHER
      - PUID=0 # 1000
      - PGID=0 # 100
      - UMASK=000 
      - PHP_TZ="Europe/Paris" # UTC
      
     
#    networks: 
#      - backend
#    
#networks:
#  backend:
#    # driver: "bridge"
#    name: website # networks can be named since version 3.5
    

 

 

And my qBittorrent.conf file: 

Spoiler
[AutoRun]
enabled=false
program=

[BitTorrent]
Session\AlternativeGlobalDLSpeedLimit=100024
Session\AlternativeGlobalUPSpeedLimit=100024
Session\DefaultSavePath=/data/
Session\GlobalDLSpeedLimit=100024
Session\GlobalUPSpeedLimit=100024
Session\Port=61821
Session\QueueingSystemEnabled=true
Session\TempPath=/data/incomplete/
Session\UseAlternativeGlobalSpeedLimit=true

[Core]
AutoDeleteAddedTorrentFile=Never

[LegalNotice]
Accepted=true

[Meta]
MigrationVersion=3

[Network]
PortForwardingEnabled=true
Proxy\OnlyForTorrents=false

[Preferences]
Advanced\RecheckOnCompletion=false
Advanced\trackerPort=9000
Connection\PortRangeMin=61821
Connection\ResolvePeerCountries=true
Connection\UPnP=false
Downloads\SavePath=/data/
Downloads\TempPath=/data/incomplete/
DynDNS\DomainName=changeme.dyndns.org
DynDNS\Enabled=false
DynDNS\Password=
DynDNS\Service=DynDNS
DynDNS\Username=
General\Locale=en
General\UseRandomPort=false
MailNotification\email=
MailNotification\enabled=false
MailNotification\password=
MailNotification\req_auth=true
MailNotification\req_ssl=false
MailNotification\[email protected]
MailNotification\smtp_server=smtp.changeme.com
MailNotification\username=
WebUI\Address=*
WebUI\AlternativeUIEnabled=false
WebUI\AuthSubnetWhitelist=@Invalid()
WebUI\AuthSubnetWhitelistEnabled=false
WebUI\BanDuration=3600
WebUI\CSRFProtection=false
WebUI\ClickjackingProtection=true
WebUI\CustomHTTPHeaders=
WebUI\CustomHTTPHeadersEnabled=false
WebUI\HTTPS\CertificatePath=
WebUI\HTTPS\Enabled=false
WebUI\HTTPS\KeyPath=
WebUI\HostHeaderValidation=false
WebUI\LocalHostAuth=false
WebUI\MaxAuthenticationFailCount=5
WebUI\Password_PBKDF2="@ByteArray(5+VVDeDKtrphM8Cy38vFKA==:mD4wtuE1aAJOPy3y9Hj0jUVT6kr1DjRxLBT/Zdj+f7qEVWcE/3QRmsGwdQA6BdrtBUlSS7VtggGDeyqkQNPZhw==)"
WebUI\Port=8080
WebUI\ReverseProxySupportEnabled=false
WebUI\RootFolder=
WebUI\SecureCookie=true
WebUI\ServerDomains=*
WebUI\SessionTimeout=3600
WebUI\TrustedReverseProxiesList=
WebUI\UseUPnP=false
WebUI\Username=admin

[RSS]
AutoDownloader\DownloadRepacks=true
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"

 

 

Here are my [logs dump](https://pastebin.com/SRJ7mEsu) with debug mode set to true for the rtorrent/OpenVPN container - not obfuscated, passwords are random.

 

Would love some pointers to get it to work back again, thanks a lot!

Best,

Link to comment
  • 2 weeks later...
On 8/25/2022 at 9:09 PM, Concave5872 said:

I'm unable to get my webui working with vpn enabled. Things work fine with vpn turned off.

 

I did some searching, and in all the similar cases I found, there was a mismatch in the WEBUI_PORT and container port forwarding (usually, the WEBUI_PORT was set to something like 8123 but the forwarded container ports were still set to 8080). I think my ports are being set correctly.

 

My VPN appears to be working correctly, and I can successfully ping google.com from the container when the VPN is up, I just can't load the webui.

 

Does anyone have ideas of what else I could be missing? I've included my supervisord.log file below. Thanks!

 

 

I'm having the same issue. Sometimes it's working for a few days and then it's not reachable again. So I'm just moving back to Deluge. Was a lot more stable and actually moved my files to the right folders.

Link to comment

Hi!
I'm facing a strange issue.
in fact, i have a custom docker network supporting ipv6. radarr, sonarr and others are able to talk to each other using container name instead of ip, but binhex-qbittorrentvpn is unreachable.
ping binhex-qbittorrentvpn from radarr and sonarr give me Addresse unreachable, unless I explicitly ask for ipv4 ping.
even stranger, ping work briefly when I restart qbittorrent container...

Any advise?

Link to comment
  • 2 weeks later...
On 6/12/2022 at 11:40 PM, IronBeardKnight said:

 

Also was getting this issue when enabling vpn yes on the latest tag.  I loose all access to the gui.

Rolled back as per the previous posts has brought me back up and running.

Obviously not a full solution.

 

Found this is the Supervisord.log

image.png.1282ae40609613901f3067b7426b0662.png

Edit: Found that this still did not fix the issue as after I did a CA Backup and the container auto started again it was back to no gui and this error above.

Please help 

 

Did you ever fix this issue @IronBeardKnight? I'm running into the same issue.

Link to comment

My docker had been running good for months. I haven't changed anything in the docker settings since I initially set it up, but I did move my appdata folder to a new SATA SSD cache protected by RAID 1 from a stand alone NVME.   I noticed after I moved it the qbittorent Web UI login took longer to prompt, a few seconds.   Now it just simply stopped working a few weeks later.  When I disable VPN it works though.   CA backups has been backing up QBIT and I also noticed that the folder permission state owner nobody (not sure if that changed at one point).   Im using Nordvpn as my VPN, I tried replacing the sever file with a new one, but no luck.

 

All of my ARR dockers use a separate bridge network I created called dockerrnet 172.18.0.0/16 

I tried switching to br0 and changing the LAN Network settings, nothing has worked.

 

I see static routes but I'm not sure what the gateways are.

 

Route: 172.17.0.0/16

Geteway: docker01

Route: 172.18.0.0/16

Gateway: br-31fc6dcb88df1

 

I get the following error when I start the Docker with VPN enabled.

 

472 DEBG 'start-script' stdout output:
TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
TLS Error: TLS handshake failed

DEBG 'start-script' stdout output:
SIGHUP[soft,tls-error] received, process restarting

 

I'm running Tag 4.4.5-1-01.

 

Any help would be much appreciated.

 

image.png.75bd6499c59e57096e9a1ed2157cbaea.png

supervisord.log_1.txt

Edited by sph031772
Link to comment

After upgrading to unraid 6.11 i notice for the first time I run into some problems with my qbittorrent (4.4.5-1-01). The VPN is disable.
For the first i couldn't login to the webgui. Then I try to stop the container from the unraid. But it fails big time.
This is the error i found:

 

Sep 25 08:44:56 Tower root: Error response from daemon: cannot stop container: binhex-qbittorrentvpn: tried to kill container, but did not receive an exit event
Sep 25 08:44:56 Tower root: Error response from daemon: error while removing network: network br0 id f564b69135e76d78b145214998f5739d7ec44224c468282466b2c9f4702a8b3b has active endpoints


I also was trying to KILL it, but it didn't help.
 

image.png

And this also prevent me for stopping the Array.
Found this info:
 

Sep 25 08:49:20 Tower root: umount: /mnt/cache: target is busy.
Sep 25 08:49:20 Tower emhttpd: shcmd (471): exit status: 32
Sep 25 08:49:20 Tower emhttpd: Retry unmounting disk share(s)...
Sep 25 08:49:25 Tower emhttpd: Unmounting disks...
Sep 25 08:49:25 Tower emhttpd: shcmd (472): umount /mnt/cache
Sep 25 08:49:25 Tower root: umount: /mnt/cache: target is busy.
Sep 25 08:49:25 Tower emhttpd: shcmd (472): exit status: 32
Sep 25 08:49:25 Tower emhttpd: Retry unmounting disk share(s)...
Sep 25 08:49:30 Tower emhttpd: Unmounting disks...
Sep 25 08:49:30 Tower emhttpd: shcmd (473): umount /mnt/cache
Sep 25 08:49:30 Tower root: umount: /mnt/cache: target is busy.
Sep 25 08:49:30 Tower emhttpd: shcmd (473): exit status: 32
Sep 25 08:49:30 Tower emhttpd: Retry unmounting disk share(s)...


I ended up to reboot my unraid server. :(

Edited by CiscoCoreX
Link to comment

Having a strange issue.  Suddenly I am unable to download anything.  The requests are getting sent from Sonarr and are downloading, but Sonarr is unable to import anything.  Sonarr is telling me the "path does not exist or unable to access"  I can't login to qbittorent either.  When I click on login after entering my username and password it just reloads the login screen.  This is after updating to Unraid 6.11.  I rolled back to 6.10.3 and still getting the same issue.

 

*edit*

Was able to fix downloading issue.  For same reason, it changed the folder preferences inside of qbittorent.  I am still unable to log in to qbittorent though from Firefox.  Just keeps reloading the login page.  I have to use Chrome or Edge to log in.

Edited by hahler2
Link to comment

I've been experiencing a weird and frustrating issue for a few months now. I'm using Firefox on Linux Mint, and the scroll bar is broken. It takes up all the space and I can't move it up & down.

 

I don't have this issue when using Firefox on Windows or when using a Chromium browser on Linux Mint.

 

Anyone either experiencing the same issue, or is using Firefox on Linux and not having issues at all using the Web UI?

 

Thanks!

bad.png

good.png

Link to comment

Trying to setup this docker and I'm running into a problem according to the logs. I'm not sure what I might be doing wrong.

 

Unraid 6.11 and on the latest version of the docker image. Using PIA with OpenVPN. I downloaded the config files and moved a single one plus the certs into the config file under appdata. I haven't changed any of the default settings in the docker image. According to the logs I'm having an issue connecting to PIA I think?

 

[warn] Unable to successfully download PIA json payload from URL 'https://10.*redacted*/getSignature' using token *redacted*

 

I removed the token and ip address just in case its identifying. Any help would be appreciated! I've tried searching for my problem and I can't figure out what I might be doing wrong. Thanks!

Link to comment

Could someone tell me how I can setup Windscribe VPN with this container? I'm a bit confused as I see the template having Key 4: PIA, AirVPN, Custom and Key 5: openVPN / wireguard. I heard Wireguard is the optimal protocol for speed, do i need to just put in my windscribe username/password in Key 2 (vpn username) and key 3 (vpn password) and select wireguard?

 

Also how do i enable the client to exclusively use VPN i.e. bind the qbit client to the adapter with VPN? I believe this is separate from "kill switches" built into the VPN itself. I want to make sure there's no possibility of leakage of IP

Link to comment
7 hours ago, Linguafoeda said:

Could someone tell me how I can setup Windscribe VPN with this container? I'm a bit confused as I see the template having Key 4: PIA, AirVPN, Custom and Key 5: openVPN / wireguard. I heard Wireguard is the optimal protocol for speed, do i need to just put in my windscribe username/password in Key 2 (vpn username) and key 3 (vpn password) and select wireguard?

 

Also how do i enable the client to exclusively use VPN i.e. bind the qbit client to the adapter with VPN? I believe this is separate from "kill switches" built into the VPN itself. I want to make sure there's no possibility of leakage of IP

https://github.com/binhex/documentation/blob/master/docker/guides/vpn.md

Link to comment

Is it normal that any qbittorrent are eating up all your memory?
And the reason why I ask, is that for some reason it make my unraid unresponsive. I can't login into the web gui.
And qbittorrent is not responding, can't sign into qbit web gui. One time i did see the qbittorrent was using all my memory.
This time i managed to restart it by the using SSH: diocker restart binhex-qbittorrent
Other times i can't restart or kill it. I need to restart my unraid server.
When this happening, all other containers are working normally, it's only qbittorrent i have this problem with.
Yesterday i only had max 12 torrents running.

This picture are with only 6 torrents.

image.png.c412ae04473fb837f8f8fd668daf15bc.png

Link to comment

Hi all,

 

Since upgrading from Unraid 6.9.2 (I think it was) to 6.11.1, QBVPN is on the fritz. I can still access the web ui, but no indication of connectability in the ui, no Privoxy working, no uploading of torrents and no ip getting assigned according to the logs. Would love if someone could take a look. It was working fine before the upgrade. Supervisord is attached.

 

Many thanks.

 

New wireguard config file fixed it. Weird situation. QB's web ui is crazy sluggish though and no actual downloading/uploading taking place so far...

 

Okay down/uploads working, but the web ui is crazy sluggish in Firefox. Seems to be my install, as Chrome works fine.

 

Firefox issue went away on its own. I am just made of small, annoying problems today.

 

Edited by thatsthefrickenlightning
Link to comment

Hi, in not that good with the vpn element of this docker. but is there a way to see what ip adress the docker has inside my network? 

In the docker config there is only visible the adresses that are bound to the docker its self. "

172.17.0.4:8989/TCP192.168.10.20:8992
172.17.0.4:9897/TCP192.168.10.20:9898" 

But im guessing the vpn uses a ip also to route traffic of some sort. The reason for me asking it are that i see on my security solution that there is some network scanning from a 192.241.220.196 Adress. And the vpn is the only one that i got exposed to the internet for traffic so wanted to check if the traffic is from this connection.

 

Link to comment

The goal: Run a Firefox container which uses the qbittorrentvpn container as its network.

 

My stack: https://pastebin.com/E6Naetvt

 

Result: qbittorrentvpn works perfectly, the Firefox container successfully hooks in to its network and has an internet connection (confirmed via CLI), but attempting to connect to port 3000 times out (accessing from a different machine on the same network). 

 

Change: Manually edited iptables in the qbittorrent container via CLI 

 

iptables -I INPUT 11 -i eth0 -p tcp -m tcp --dport 3000 -j ACCEPT
iptables -I INPUT 12 -i eth0 -p udp -m udp --dport 3000 -j ACCEPT
iptables -I OUTPUT 11 -o eth0 -p tcp -m tcp --sport 3000 -j ACCEPT
iptables -I OUTPUT 12 -o eth0 -p udp -m udp --sport 3000 -j ACCEPT

 

Tested and this works just as I expected.

 

So my two questions are:

1. Is what I did "safe"? Both from a network security and a stability perspective? What entity set the other rules (like the ones regarding ports 8080)?

2. What is the "correct" way to change these iptables so I don't have to manually touch this in the future? I can't find a way to do this through the compose file.

 

Thanks for all the amazing work you do!

Link to comment

Every torrent has been stuck to downloading metadata since a few days on my side with the PIA vpn. Nothing in the log, the UI works well, I get an IP from PIA without any issue. I tried changing the network card used by qbittorrent in the UI options between tun0 and eth0 without any luck. Seems to be related specifically with PIA?

 

Edit: I fixed it by forcing an update of the docker even though there was no update. Very weird problem. I see other people commenting on issues with PIA and qBittorrent online (not specifically to Unraid), I'm positive there is an issue somewhere but anyways.

Edited by dnLL
Link to comment
On 10/3/2022 at 9:55 PM, Linguafoeda said:

Could someone tell me how I can setup Windscribe VPN with this container? I'm a bit confused as I see the template having Key 4: PIA, AirVPN, Custom and Key 5: openVPN / wireguard. I heard Wireguard is the optimal protocol for speed, do i need to just put in my windscribe username/password in Key 2 (vpn username) and key 3 (vpn password) and select wireguard?

 

Also how do i enable the client to exclusively use VPN i.e. bind the qbit client to the adapter with VPN? I believe this is separate from "kill switches" built into the VPN itself. I want to make sure there's no possibility of leakage of IP

 

So i followed the guide in this video and used the KEY 4= custom and KEY 5 = wireguard and generated wireguard .conf files for Windscribe from here and placed them in /mnt/cache/appdata/binhex-qbittorrentvpn/wireguard/. When i right click on the container -> command line and run "curl ifconfig.io", it is showing an IP related to the VPN location i selected from that wireguard configurator. Does that mean everything for VPN is setup and fully running? I tried a test Ubuntu torrent and it peaked at around 80MB/s which seems pretty good for my gig connection.

 

I want to make sure my torrent client is bound so that there is no IP leakage. When I googled this, people universally recommended that I need to go into Qbittorrent settings -> advanced -> network interface and select the VPN interface to permanently bind it. Does anyone know which one I need to select (i see "lo", "wg0" and "eth0")? Or is this automatically already done via the container and I don't need any further tweaking to prevent ip leakage (I saw a reddit comment here referencing iptables saying it's already "implemented")

 

 

 

Edited by Linguafoeda
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.