[Support] binhex - qBittorrentVPN


Recommended Posts

Hey folx. I'm at my wits end. I've tried searching Google and no luck there. I'm still pretty new to UnRaid. I have been using qBittorroent just fine for a while now. I decided I was going to switch to Binhex's qBitorrent VPN with my PIA account. I've been able to get the docker up and running, BUT, I can't get it to save to the drive array.

 

I have a single drive on my array that I added to a pool specifically to handle the downloads of the torrents. I can't seem to get the location correct in the config though. I've tried so many things and and keep getting an error when a torrent is added. When I look at the logs it says there is an Error: Permission Denied. for the files. I'm pretty sure I don't have the directory listed correctly in qbit. I've tried many iterations and just don't know what I'm doing wrong. 

 

What info can I provide to help diagnose this?

Edited by Lonewolf147
spelling corrections
Link to comment
5 minutes ago, wgstarks said:

Add your docker run command to your next post. Be sure to redact users and passwords.

Command executiondocker run
  -d
  --name='binhex-qbittorrentvpn'
  --net='bridge'
  --privileged=true
  -e TZ="America/Chicago"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Valaskjalf"
  -e HOST_CONTAINERNAME="binhex-qbittorrentvpn"
  -e 'VPN_ENABLED'='yes'
  -e 'VPN_USER'='**********'
  -e 'VPN_PASS'='**********'
  -e 'VPN_PROV'='pia'
  -e 'VPN_CLIENT'='openvpn'
  -e 'VPN_OPTIONS'=''
  -e 'STRICT_PORT_FORWARD'='yes'
  -e 'ENABLE_PRIVOXY'='no'
  -e 'WEBUI_PORT'='8080'
  -e 'LAN_NETWORK'='192.168.1.0/24'
  -e 'NAME_SERVERS'='84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
  -e 'VPN_INPUT_PORTS'=''
  -e 'VPN_OUTPUT_PORTS'=''
  -e 'DEBUG'='false'
  -e 'UMASK'='000'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8080]/'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/docker-templates/master/binhex/images/qbittorrent-icon.png'
  -p '6881:6881/tcp'
  -p '6881:6881/udp'
  -p '8080:8080/tcp'
  -p '8118:8118/tcp'
  -v '/mnt/user/appdata/data':'/data':'rw'
  -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw'
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'

695bf53336341a1b45c9f2da1a93d51745655d377140a2aa3c591593b2da1d92

The command finished successfully!

Link to comment
5 minutes ago, wgstarks said:

Is this where you want the torrents to download to? I imagine you’ll want to edit the path for /data. It should be something like /mnt/user/<name of share>.

No, that should be the directory that qbit is installed to. The location I want to download it is a pool drive named plex-pool-drive with two subdirectories, complete, and incoming. Those two subdirectories show up in my Share list. I've tried using /mnt/user/complete(incoming) and I still get an error. I've also tried just /complete, /plex-pool-drive/complete, /main/mnt/user/complete, and several others. I've used Doublecommander to make sure all the permissions are set allow read/write on those directories. I did try and set the download location to /tmp/ and it worked perfect, but I'm not going to use my ram for downloads.

Link to comment
Just now, Lonewolf147 said:

since i'm not using the /data location for downloads?

You’ll need to add paths for whatever location you want but I would recommend just mapping /data to the proper location. Otherwise you’re going to break binhex-Radarr  Sonarr etc since they’ll all be using /data. Besides that it’s already there, just map it to /mnt/user/complete and then in the app settings set the download location to /data.

Link to comment
4 minutes ago, wgstarks said:

2 paths may cause issues if you are using any of the *arrs suite. Are you?

I am, Sonarr, Radarr, Lidarr, Readarr, and my default setup is that I have an external laptop that only has qbit running on it with PIA running as its own background app. All the *arrs use two directories and work just fine. I'm just now trying to get qbit to run on my unraid server so I can eventually take off the laptop. I run Plex, and it won't work with a VPN since it masks my IP. So I like these vpn built in *arrs from binhex. If I can get qbit to work like this, it would be much more streamlined.

 

Link to comment
Just now, wgstarks said:

I think most people probably only use one path in qbit and then sub folders for complete, incomplete etc but if your config is working then no point in fixing it.

I see what you're getting at. I'll see about changing that later. The less clutter in the background, no matter how well it works, the better. Thanks again :)

 

Link to comment
On 11/14/2022 at 7:06 AM, VelcroBP said:

Does this container stop or prevent qbt from accessing the internet if the VPN fails? For example if the VPN sub expires overnight does qbt lose connection?

Yes. And I think I might be experiencing the same thing...

 

Since Nov 13th it appears my OpenVPN has not been working causing the docker to be unreachable. The docker goes into an infinite loop of trying to process the VPN and never crashes, biggest symptom was the docker's UI being inaccessible. I tried pulling in a new VPN config from my provider but no luck. I also confirmed the ovpn file is good by loading it into the openvpn client on my Windows.

 

I have attached my debug log (Captured two loops, but this loops indefinitely).

qbitorrentdebuglog_openvpnerror.txt

Edited by KinkyBanjo
Link to comment

I like the feature that lets you delete a torrent and its files when it reaches a specified seed ration and/or time limit. Is there a way to set qbtv to only delete the file if it has a specified category?

 

I have torrents set to change to Imported category via the *arr programs. But quite often, I'll reach a seed ratio before the file finished importing into my Plex server. When that happens, the file gets delete and it doesn't finish the import. If I could set it to only delete files that have a specific category, that would be great.

Edited by Lonewolf147
Link to comment
4 hours ago, Lonewolf147 said:

If I could set it to only delete files that have a specific category, that would be great.

You can request this feature in their forums but I don’t think it exists yet.

https://qbforums.shiki.hu/viewforum.php?f=10&sid=7f4005cb04884a786f508294be14ea29

Probably the best way to prevent this would be to set the torrent to delete after seeding for a specific time. I believe two weeks is standard to keep from getting labeled as a leech.

  • Like 1
Link to comment

When you have a torrent that is added to the queue, is there a way to tell which indexer it pulled it from?  I use Prowlarr and have about 20 indexers in my *arr programs. But, I also have a single private indexer that requires ratios to be maintained. I'd like to be able to look somewhere and see if a torrent was pulled from that site or not, so I can ensure it doesn't get deleted and seeds longer than everything else.

Link to comment
18 minutes ago, Lonewolf147 said:

When you have a torrent that is added to the queue, is there a way to tell which indexer it pulled it from?  I use Prowlarr and have about 20 indexers in my *arr programs. But, I also have a single private indexer that requires ratios to be maintained. I'd like to be able to look somewhere and see if a torrent was pulled from that site or not, so I can ensure it doesn't get deleted and seeds longer than everything else.

I’ve never seen anything like that. Another option would be to check the trackers used by the private indexer or save yourself some trouble and let all torrents seed to the minimum time/ratio.

  • Like 1
Link to comment
25 minutes ago, wgstarks said:

I’ve never seen anything like that. Another option would be to check the trackers used by the private indexer or save yourself some trouble and let all torrents seed to the minimum time/ratio.

Gotcha. Guess it's another suggestion then :)  I thought about letting it seed everything... but I don't have enough space to keep holding on to all the files I regularly download.

Link to comment
On 11/16/2022 at 5:34 PM, KinkyBanjo said:

Yes. And I think I might be experiencing the same thing...

 

Since Nov 13th it appears my OpenVPN has not been working causing the docker to be unreachable. The docker goes into an infinite loop of trying to process the VPN and never crashes, biggest symptom was the docker's UI being inaccessible. I tried pulling in a new VPN config from my provider but no luck. I also confirmed the ovpn file is good by loading it into the openvpn client on my Windows.

 

I have attached my debug log (Captured two loops, but this loops indefinitely).

qbitorrentdebuglog_openvpnerror.txt 6.3 kB · 3 downloads

 I am having the exact same issue.  I haven't touched it, except maybe for updating it when there is an update.  I don't really use it all that much so I am not sure when it happened, but like you, it is unreachable.  I am using OpenVPN with NordVPN.  If I set VPN to no, it works just fine.  Downloads, opens the web ui, etc.  Of course, no VNP.

 

Here's a snippet from the console..

 

Quote

[info] Starting OpenVPN (non daemonised)...

2022-11-21 08:36:32,551 DEBG 'start-script' stdout output:
2022-11-21 08:36:32 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2022-11-21 08:36:32,553 DEBG 'start-script' stdout output:
2022-11-21 08:36:32 WARNING: file 'credentials.conf' is group or others accessible
2022-11-21 08:36:32 OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2022

2022-11-21 08:36:32,553 DEBG 'start-script' stdout output:
2022-11-21 08:36:32 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10

2022-11-21 08:36:32,554 DEBG 'start-script' stdout output:
2022-11-21 08:36:32 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-11-21 08:36:32 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2022-11-21 08:36:32,555 DEBG 'start-script' stdout output:
2022-11-21 08:36:32 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-21 08:36:32 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2022-11-21 08:36:32,555 DEBG 'start-script' stdout output:
2022-11-21 08:36:32 TCP/UDP: Preserving recently used remote address: [AF_INET]23.19.141.109:1194
2022-11-21 08:36:32 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-11-21 08:36:32 UDP link local: (not bound)
2022-11-21 08:36:32 UDP link remote: [AF_INET]23.19.141.109:1194


2022-11-21 08:37:33,055 DEBG 'start-script' stdout output:
2022-11-21 08:37:33 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2022-11-21 08:37:33 TLS Error: TLS handshake failed

2022-11-21 08:37:33,056 DEBG 'start-script' stdout output:
2022-11-21 08:37:33 SIGHUP[soft,tls-error] received, process restarting

2022-11-21 08:37:33,056 DEBG 'start-script' stdout output:
2022-11-21 08:37:33 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2022-11-21 08:37:33,056 DEBG 'start-script' stdout output:
2022-11-21 08:37:33 WARNING: file 'credentials.conf' is group or others accessible

2022-11-21 08:37:33,057 DEBG 'start-script' stdout output:
2022-11-21 08:37:33 OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2022
2022-11-21 08:37:33 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10
2022-11-21 08:37:33 Restart pause, 5 second(s)

2022-11-21 08:37:38,057 DEBG 'start-script' stdout output:
2022-11-21 08:37:38 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-11-21 08:37:38 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2022-11-21 08:37:38,058 DEBG 'start-script' stdout output:
2022-11-21 08:37:38 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-11-21 08:37:38 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2022-11-21 08:37:38,058 DEBG 'start-script' stdout output:
2022-11-21 08:37:38 TCP/UDP: Preserving recently used remote address: [AF_INET]23.19.141.109:1194
2022-11-21 08:37:38 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-11-21 08:37:38 UDP link local: (not bound)
2022-11-21 08:37:38 UDP link remote: [AF_INET]23.19.141.109:1194

 

 

Well I downloaded a new cert from NordVPN and replaced the old one, fixed everything for me.  I went back a few pages and saw someone else had that same issue.

 

All good now.

Edited by jcamer
Link to comment
10 minutes ago, jcamer said:

2022-11-21 08:37:33 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

out of date openvpn config file and/or certificate, re-download from your vpn provider, if still no go then try another endpoint.

Link to comment
12 minutes ago, binhex said:

out of date openvpn config file and/or certificate, re-download from your vpn provider, if still no go then try another endpoint.

 

I have tried a new config file and a new endpoint with no luck. My openvpn config file works with the OpenVpn windows client and my Deluge docker. I am confident this occured because of a change from the last update.

 

2022-11-16 16:17:11,633 DEBG 'start-script' stdout output:
[debug] VPN remote configuration options as follows...
[debug] VPN remote server is defined as 'fr.vpnunlimitedapp.com'
[debug] VPN remote port is defined as '1194'

2022-11-16 16:17:11,633 DEBG 'start-script' stdout output:
[debug] VPN remote protocol is defined as 'udp'
[debug] VPN remote ip is defined as '195.154.222.168'

2022-11-16 16:17:11,633 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv VPN_CLIENT 'openvpn' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_ENABLED 'yes' --setenv VPN_REMOTE_SERVER 'fr.vpnunlimitedapp.com' --setenv APPLICATION 'qbittorrent' --script-security 2 --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'dhcp-option DNS6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --up /root/openvpnup.sh --up-delay --up-restart --cd /config/openvpn --config '/config/openvpn/DE93AA06-787F-4A83-8574-D28934ABE1CE_fr_openvpn.ovpn' --remote 195.154.222.168 1194 udp --remote 62.210.38.83 1194 udp --remote 195.154.221.54 1194 udp --remote 195.154.189.212 1194 udp --remote 195.154.189.85 1194 udp --remote 195.154.209.149 1194 udp --remote 62.210.211.73 1194 udp --remote 195.154.199.175 1194 udp --remote-random
[info] Starting OpenVPN (non daemonised)...

2022-11-16 16:17:11,639 DEBG 'start-script' stdout output:
2022-11-16 16:17:11 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2022-11-16 16:17:11,640 DEBG 'start-script' stdout output:
2022-11-16 16:17:11 OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2022
2022-11-16 16:17:11 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10

2022-11-16 16:17:11,640 DEBG 'start-script' stdout output:
2022-11-16 16:17:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2022-11-16 16:17:11,641 DEBG 'start-script' stdout output:
2022-11-16 16:17:11 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-11-16 16:17:11 Cannot load inline certificate file

2022-11-16 16:17:11,641 DEBG 'start-script' stdout output:
2022-11-16 16:17:11 Exiting due to fatal error

Edited by KinkyBanjo
Link to comment
7 minutes ago, KinkyBanjo said:

2022-11-16 16:17:11 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2022-11-16 16:17:11 Cannot load inline certificate file

 

ok new error, cert looks like the inline cipher for the cert used is too weak, the only thing you can do here is feed that back to your vpn provider, openvpn is helping you here by telling you the cert used is insecure.

Link to comment
41 minutes ago, binhex said:

ok new error, cert looks like the inline cipher for the cert used is too weak, the only thing you can do here is feed that back to your vpn provider, openvpn is helping you here by telling you the cert used is insecure.

I did consider spending the time bringing it up to VPNUnlimited. But if deluge's vpn docker and the OpenVpn client connect without issue using this exact same configuration file it makes it harder to convince them its something on their end.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.