[Support] binhex - qBittorrentVPN


Recommended Posts

I've just finished setting up docker using wireguard and the config provided from my vpn provider. I'm not sure why but I can't connect to the qbit web-ui. I've tried running it in host mode that doesn't seem to work at all. Only bridged mode works. I'm really unsure as to why the web-ui doesn't show up. I tried changing ports etc, and I'm aware that no other app is using that port. Any suggestions?

 

text  error  warn  system  array  login  

-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A OUTPUT -d <HIDDEN-for-my-PRIVACY>/32 -o eth0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT

2023-02-18 13:58:11,311 DEBG 'start-script' stdout output:
--------------------

2023-02-18 13:58:11,464 DEBG 'start-script' stdout output:
[info] Attempting to bring WireGuard interface 'up'...

2023-02-18 13:58:11,889 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2023-02-18 13:58:11,896 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard

2023-02-18 13:58:11,897 DEBG 'start-script' stderr output:
[#] wg setconf wg0 /dev/fd/63

2023-02-18 13:58:11,899 DEBG 'start-script' stderr output:
[#] ip -4 address add 100.82.142.69/32 dev wg0

2023-02-18 13:58:11,904 DEBG 'start-script' stderr output:
[#] ip link set mtu 1420 up dev wg0

2023-02-18 13:58:11,906 DEBG 'start-script' stderr output:
[#] resolvconf -a wg0 -m 0 -x

2023-02-18 13:58:12,141 DEBG 'start-script' stderr output:
could not detect a useable init system

2023-02-18 13:58:13,387 DEBG 'start-script' stderr output:
[#] wg set wg0 fwmark 51820

2023-02-18 13:58:13,388 DEBG 'start-script' stderr output:
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820

2023-02-18 13:58:13,389 DEBG 'start-script' stderr output:
[#] ip -4 rule add not fwmark 51820 table 51820

2023-02-18 13:58:13,391 DEBG 'start-script' stderr output:
[#] ip -4 rule add table main suppress_prefixlength 0

2023-02-18 13:58:13,393 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1

2023-02-18 13:58:13,497 DEBG 'start-script' stderr output:
[#] iptables-restore -n

2023-02-18 13:58:14,184 DEBG 'start-script' stderr output:
[#] '/root/wireguardup.sh'

2023-02-18 13:58:15,562 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2023-02-18 13:58:19,026 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address <HIDDEN-for-my-PRIVACY>

2023-02-18 13:58:19,027 DEBG 'start-script' stdout output:
[info] WireGuard interface 'up'

2023-02-18 13:58:19,038 DEBG 'watchdog-script' stdout output:
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 100.82.142.69 different, marking for reconfigure

2023-02-18 13:58:19,183 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment

2023-02-18 13:58:20,306 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2023-02-18 13:58:20,500 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2023-02-18 13:58:20,508 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2023-02-18 13:58:24,959 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8080...

2023-02-18 13:58:25,559 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080
 

Link to comment
On 2/18/2023 at 5:43 AM, binhex said:

it did, thanks. can you try pulling down latest, this should get it working for you.

 

Still getting this issue on my QNAP TVS-672XT running QuTS Hero h5.0.1.2277.

 

[skynet@SkynetNAS ~]$ lsmod
Module                  Size  Used by    Tainted: P
xt_ipvs                16384  0
ip_vs_rr               16384  0
ip_vs_ftp              16384  0
ip_vs                 139264 11 xt_ipvs,ip_vs_rr,ip_vs_ftp
xt_nat                 16384  8
xt_addrtype            16384  6
vfio_iommu_type1       36864  0
vhost_net              24576  1
vhost                  40960  1 vhost_net
vhost_iotlb            16384  1 vhost
macvtap                16384  0
macvlan                28672  1 macvtap
tap                    24576  2 vhost_net,macvtap
tun                    49152  3 vhost_net
virtio_scsi            20480  0
virtio_pci             28672  0
virtio_net             49152  0
net_failover           20480  1 virtio_net
failover               16384  1 net_failover
virtio_mmio            16384  0
virtio_console         28672  0
virtio_blk             20480  0
virtio_balloon         20480  0
virtio_rng             16384  0
virtio_ring            28672  8 virtio_scsi,virtio_pci,virtio_net,virtio_mmio,virtio_console,virtio_blk,virtio_balloon,virtio_rng
virtio                 16384  8 virtio_scsi,virtio_pci,virtio_net,virtio_mmio,virtio_console,virtio_blk,virtio_balloon,virtio_rng
kvm_intel             225280  6
kvm                   516096  1 kvm_intel
thunderbolt_icm        49152  0
fbdisk                 36864  0
rfcomm                 69632  0
ksmbd                 135168  0
usdm_drv               94208  0
intel_qat             286720  1 usdm_drv
uio                    20480  1 intel_qat
iscsi_tcp              20480  0
libiscsi_tcp           28672  1 iscsi_tcp
libiscsi               53248  2 iscsi_tcp,libiscsi_tcp
scsi_transport_iscsi    90112  4 iscsi_tcp,libiscsi_tcp,libiscsi
zscst_vdisk           483328  0
scst                  815104  1 zscst_vdisk
cfg80211              397312  0
br_netfilter           24576  0
bridge                172032  1 br_netfilter
stp                    16384  1 bridge
bonding               163840  0
dummy                  16384  0
xt_connmark            16384  2
xt_NFLOG               16384  5
ip6table_filter        16384  1
ip6_tables             24576  1 ip6table_filter
xt_conntrack           16384  7
xt_TCPMSS              16384  0
xt_LOG                 16384  0
xt_set                 16384 15
ip_set_hash_netiface    45056  1
ip_set_hash_net        45056 11
ip_set                 40960  3 xt_set,ip_set_hash_netiface,ip_set_hash_net
xt_MASQUERADE          16384 14
xt_REDIRECT            16384  0
iptable_nat            16384  1
nf_nat                 36864  5 ip_vs_ftp,xt_nat,xt_MASQUERADE,xt_REDIRECT,iptable_nat
xt_policy              16384  0
xt_mark                16384 10
8021q                  28672  0
ipv6                  475136 161 br_netfilter,bridge,[permanent]
uvcvideo              106496  0
videobuf2_v4l2         24576  1 uvcvideo
videobuf2_vmalloc      16384  1 uvcvideo
videobuf2_memops       16384  1 videobuf2_vmalloc
videobuf2_common       45056  2 uvcvideo,videobuf2_v4l2
snd_usb_caiaq          49152  0
snd_usb_audio         262144  0
snd_usbmidi_lib        28672  1 snd_usb_audio
snd_seq_midi           16384  0
snd_rawmidi            32768  3 snd_usb_caiaq,snd_usbmidi_lib,snd_seq_midi
fnotify                61440  1
nfsd                 1208320  1 fnotify
udf                   114688  0
isofs                  45056  0
iTCO_wdt               16384  1
vfio_pci               61440  0
irqbypass              16384  4 kvm,vfio_pci
vfio_virqfd            16384  1 vfio_pci
vfio                   28672  2 vfio_iommu_type1,vfio_pci
exfat                  77824  0
ufsd                  794624  1
jnl                    32768  1 ufsd
cdc_acm                32768  0
pl2303                 24576  0
usbserial              40960  1 pl2303
qm2_i2c                16384  0
zfs                  8581120 21 scst
icp                   393216  1 zfs
lpl                   159744  4 zscst_vdisk,scst,zfs,icp
i2c_imc                20480  0
intel_ips              24576  0
drbd                  413696  0
lru_cache              16384  1 drbd
flashcache            167936  0
dm_tier_hro_algo       24576  0
dm_thin_pool          229376  1 dm_tier_hro_algo
dm_bio_prison          24576  1 dm_thin_pool
dm_persistent_data     81920  1 dm_thin_pool
hal_netlink            16384  0
atlantic              266240  0
r8152                 221184  0
usbnet                 36864  0
mii                    16384  1 usbnet
igb                   225280  0
e1000e                245760  0
mv14xx                651264  0
mpt3sas               368640  0
scsi_transport_sas     40960  1 mpt3sas
raid_class             16384  1 mpt3sas
qla2xxx_qzst          831488  0
scsi_transport_fc      57344  1 qla2xxx_qzst
k10temp                16384  0
coretemp               16384  0
uas                    28672  0
usb_storage            69632  4 uas
xhci_pci               16384  0
xhci_hcd              184320  1 xhci_pci
usblp                  24576  0
uhci_hcd               45056  0
ehci_pci               16384  0
ehci_hcd               81920  1 ehci_pci

 

[skynet@SkynetNAS ~]$ sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N CSFORWARD
-N DOCKER
-N DOCKER-ISOLATION-STAGE-1
-N DOCKER-ISOLATION-STAGE-2
-N DOCKER-USER
-N QUFIREWALL
-N SYSDOCKER
-N SYSDOCKER-ISOLATION-STAGE-1
-N SYSDOCKER-ISOLATION-STAGE-2
-N SYSDOCKER-USER
-A INPUT -m state --state NEW -j QUFIREWALL
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o lxcbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o lxcbr0 -j DOCKER
-A FORWARD -i lxcbr0 ! -o lxcbr0 -j ACCEPT
-A FORWARD -i lxcbr0 -o lxcbr0 -j ACCEPT
-A FORWARD -j SYSDOCKER-USER
-A FORWARD -j SYSDOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j SYSDOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -j CSFORWARD
-A OUTPUT -m set --match-set BRNOIPSET src,dst -j DROP
-A CSFORWARD -i lxdbr0 -o lxdbr0 -j ACCEPT
-A CSFORWARD -i lxcbr0 -o lxcbr0 -j ACCEPT
-A CSFORWARD -i docker0 -o docker0 -j ACCEPT
-A CSFORWARD -o docker0 -m conntrack --ctstate INVALID,NEW -j DROP
-A CSFORWARD -o lxcbr0 -m conntrack --ctstate INVALID,NEW -j DROP
-A CSFORWARD -o lxdbr0 -m conntrack --ctstate INVALID,NEW -j DROP
-A DOCKER -d 10.0.3.3/32 ! -i lxcbr0 -o lxcbr0 -p tcp -m tcp --dport 8989 -j ACCEPT
-A DOCKER -d 10.0.3.5/32 ! -i lxcbr0 -o lxcbr0 -p tcp -m tcp --dport 6767 -j ACCEPT
-A DOCKER -d 10.0.3.2/32 ! -i lxcbr0 -o lxcbr0 -p tcp -m tcp --dport 9696 -j ACCEPT
-A DOCKER -d 10.0.3.7/32 ! -i lxcbr0 -o lxcbr0 -p tcp -m tcp --dport 7878 -j ACCEPT
-A DOCKER -d 10.0.3.8/32 ! -i lxcbr0 -o lxcbr0 -p tcp -m tcp --dport 8920 -j ACCEPT
-A DOCKER -d 10.0.3.8/32 ! -i lxcbr0 -o lxcbr0 -p tcp -m tcp --dport 8096 -j ACCEPT
-A DOCKER -d 10.0.3.8/32 ! -i lxcbr0 -o lxcbr0 -p udp -m udp --dport 7359 -j ACCEPT
-A DOCKER -d 10.0.3.8/32 ! -i lxcbr0 -o lxcbr0 -p udp -m udp --dport 1900 -j ACCEPT
-A DOCKER-ISOLATION-STAGE-1 -i lxcbr0 ! -o lxcbr0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o lxcbr0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A QUFIREWALL -i lxdbr0 -j ACCEPT
-A QUFIREWALL -i docker0 -j ACCEPT
-A QUFIREWALL -i lxcbr0 -j ACCEPT
-A QUFIREWALL ! -i lo -m set --match-set PSIRT.ipv4 src -j NFLOG --nflog-prefix  "RULE=4 ACT=DROP"
-A QUFIREWALL ! -i lo -m set --match-set PSIRT.ipv4 src -j DROP
-A QUFIREWALL ! -i lo -m set --match-set TOR.ipv4 src -j NFLOG --nflog-prefix  "RULE=5 ACT=DROP"
-A QUFIREWALL ! -i lo -m set --match-set TOR.ipv4 src -j DROP
-A QUFIREWALL -s 192.168.1.0/24 -i eth0 -j ACCEPT
-A QUFIREWALL -s 10.8.0.0/24 -i eth0 -j ACCEPT
-A QUFIREWALL -s 192.168.1.0/24 -i qvs0 -j ACCEPT
-A QUFIREWALL ! -i lo -j NFLOG --nflog-prefix  "RULE=9 ACT=DROP"
-A QUFIREWALL ! -i lo -j DROP
-A SYSDOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j SYSDOCKER-ISOLATION-STAGE-2
-A SYSDOCKER-ISOLATION-STAGE-1 -j RETURN
-A SYSDOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A SYSDOCKER-ISOLATION-STAGE-2 -j RETURN
-A SYSDOCKER-USER -j RETURN

 

Link to comment
39 minutes ago, methanoid said:

I'm not running container on unRAID but on a remote cloud server but cannot get my webUI to come up.  All other webUIs for containers are fine and this all started about a week ago.  Tried downgrading but still can't get it back

 

Log attached (yes I know VPN disabled, just wanted to get it working again  BEFORE wondering about VPN)

_qbittorrentvpn_logs.txt 3.02 kB · 0 downloads

what does your docker run or compose file look like?

Link to comment

Edit: So much time wasted :( Creating this docker from scratch via the cli vs using portainer solved everything it seems

 

Hi, I hope it’s ok to post here about this. I’m running these containers just on Linux, not unraid (although I do have unraid and did run it on there before). I have one host, Ubuntu running in a vm, where this container runs perfectly. I have another host, this time it’s a physical Debian machine, on which I get an error starting up 


- permission denied on key "net.ipv4.conf.all.src_valid_mark"
 

Oddly enough, this same host is where I’ve been running rtorrentvpn, using the image on docker hub, for over a year without issue. I’m trying to move over to qbitorrentvpn.

 

Any ideas? I guess the only major function difference is rtorrentvpn is running out of my home directory while I put this under opt. I configured this one using portainer, haven’t tried just running it manually via docker cmd, will do so today. It is set to run privileged. I basically duplicates the rtorrent config and made the necessary changes. 
 

What does that error even mean? It can’t read it? 

 

Edit: If I shell into the container, it cannot set that sysctl however it's already set to 1.

Edited by doubleopinter
Link to comment
3 hours ago, binhex said:

nothing obviously wrong that i can see, what if you try curl/wget on the host to the web ui?, if that works then your issue is blocking from/to the host from/to the internet.

 

Thanks... I confess I have no idea hgow to curl/wget to the webui.... could you (please) spoonfeed me a bit :-) ?? I can of course SSH to the remote host. 

Link to comment
5 minutes ago, doubleopinter said:

 

curl -v yourhost:8080

 

Thanks. I didnt know whether you meant

 

curl -v qbittorrentvpn.mydomain.com (??)

curl -v qbittorrentvpn.mydomain.com:8080 (not a QBT port)

curl -v 172.17.0.14:8098 (my bridge network)

curl -v 172.18.0.13:8098 (my plexguide network)

 

What am I looking for too? 

 

I also tried   curl -v qbittorrentvpn.mydomain.com:8098

* Rebuilt URL to: qbittorrentvpn.xxxxxxxxx.co.uk:8098/
*   Trying 2a06:98c1:3120::3...
* TCP_NODELAY set
*   Trying nnn.aaa.bbb.ccc...
* TCP_NODELAY set

 

The nnn.aaa.bbb.ccc is NOT my current IP address which makes me wonder if Cloudflare DNS is not updating for ONE address for some reason (it does for all others)

 

Link to comment
5 minutes ago, methanoid said:

 

Thanks. I didnt know whether you meant

 

curl -v qbittorrentvpn.mydomain.com (??)

curl -v qbittorrentvpn.mydomain.com:8080 (not a QBT port)

curl -v 172.17.0.14:8098 (my bridge network)

curl -v 172.18.0.13:8098 (my plexguide network)

 

What am I looking for too? 

 

I also tried   curl -v qbittorrentvpn.mydomain.com:8098

* Rebuilt URL to: qbittorrentvpn.xxxxxxxxx.co.uk:8098/
*   Trying 2a06:98c1:3120::3...
* TCP_NODELAY set
*   Trying nnn.aaa.bbb.ccc...
* TCP_NODELAY set

 

The nnn.aaa.bbb.ccc is NOT my current IP address which makes me wonder if Cloudflare DNS is not updating for ONE address for some reason (it does for all others)

 

 

You curl to wherever you expect qbitorrent to be running. Wherever you expect that :8080 to be. It mimics your browser accessing it and it should say a bunch of stuff which you can post here. I guess you're using 8089 for your webui so :8089.

Link to comment
2 hours ago, binhex said:

ssh onto your remote machine running the docker container and curl the qbittorrent web ui e.g.:-

 

curl -v http://<ip of container or host>:8098

 

 

curl -v 172.18.0.13:6881
* Rebuilt URL to: 172.18.0.13:6881/
*   Trying 172.18.0.13...
* TCP_NODELAY set
* connect to 172.18.0.13 port 6881 failed: Connection refused
* Failed to connect to 172.18.0.13 port 6881: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 172.18.0.13 port 6881: Connection refused

 

and

 

curl -v 172.17.0.14:6881
* Rebuilt URL to: 172.17.0.14:6881/
*   Trying 172.17.0.14...
* TCP_NODELAY set
* connect to 172.17.0.14 port 6881 failed: Connection refused
* Failed to connect to 172.17.0.14 port 6881: Connection refused
* Closing connection 0
curl: (7) Failed to connect to 172.17.0.14 port 6881: Connection refused
 

 

Link to comment

i know that this is more a question about wireguard itself than it is about this package, but i figure someone else here must know the answer:

 

i want to ensure that if, for some reason, the endpoint specified in my wg0.conf file is unavailable, it tries another endpoint. does wireguard support adding a list of multiple endpoints in one config file to accomplish this? or, can i otherwise have qbittorrent-vpn connect to one (chosen at random) endpoint by feeding it multiple config files?

 

mullvad will spit out like twenty config files for a given country, and i just want qbittorrent-vpn to pick one of a handful, since i don't care which specific city or host it connects to. i couldn't find any solid information about this in the wireguard docs. thanks!

Link to comment
4 hours ago, almighty7lurch said:

does wireguard support adding a list of multiple endpoints in one config file to accomplish this?

sadly, no

 

4 hours ago, almighty7lurch said:

or, can i otherwise have qbittorrent-vpn connect to one (chosen at random) endpoint by feeding it multiple config files?

this is not currently implemented, i have thought about this in the past but its non trivial to do in code.

 

if you want resilience then openvpn is still the king here, you can specify multiple 'remote' endpoints in a single ovpn file.

Link to comment

@binhex

If I change /data to /qBittorrent (app default) in all the appropriate containers will this container still work? The app has a tendency to reset download locations to default at random times and when it does it starts downloading to /qBittorrent until it fills all the ram and my server crashes. At least I believe that’s what is happening.

 

If I change /data to /qBittorrent at least the default location won’t be in ram anymore.

 

Just exploring options.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.