[Support] binhex - qBittorrentVPN


Recommended Posts

9 minutes ago, binhex said:

yeah you don't want to do that, this container is isolated from your host for a reason, it must run in 'Network Type:' 'bridge', as must all the VPN enabled docker images I produce.

I understand. As I say I'm quite new to unraid and dockers (but having a blast learning it for my new server) so I was sticking to "what works" as I built my understanding - I didn't have a picture of host vs bridge vs custom bridge, which I learned when puzzling out this issue.

 

I was illustrating that I had vanilla qbit webui working on host, but not in bridge and qbitvpn forced bridge and no webui. Difficult to troubleshoot. What's the reason you mention? 

 

FYI - I had to root cause this and test your theory and you were correct, I disabled adblock and it popped up. 

 

Thanks for your help and thanks for the time and effort you put into this tooling, really very much appreciated and absolutely adds value to unraid imo.

Edited by klippertyk
Link to comment
1 minute ago, klippertyk said:

I was illustrating that I had vanilla qbit webui working on host, but not in bridge and qbitvpn forced bridge and no webui. Difficult to troubleshoot. What's the reason you mention?

you brought up the query as to why qbittorrent wasn't running in host mode, and i wanted to be clear for you and anybody else reading this in the future that 'Network Type' of 'host' is definitely a bad thing for this image, vanilla qbittorrent with no VPN built in is a different thing, you can run that in host, bridge, custom bridge, whatever really.

 

3 minutes ago, klippertyk said:

FYI - I had to root cause this and test your theory and you were correct, I disabled adblock and it popped up. 

🙂

Link to comment
12 minutes ago, plantsandbinary said:

Is there anything I have to do with my router to ensure that qBittorrent-VPN is port forwarding properly that I am able to seed correctly?

nope, not a thing!, port forwarding over a VPN is completely independent of port forwarding on your router, the port forwarding is done at the VPN providers end not yours, you don't need to and indeed should not setup any sort of port forward on your router.

  • Like 1
Link to comment
5 hours ago, TheFeelTrain said:

I tried using the latest `libtorrentv1` image and after a couple days I got the same crash I was getting with the v2 images. I'm moving back to `binhex/arch-qbittorrentvpn:4.3.9-2-01` since that has always been stable for me.

ok thats interesting!, im using the libtorrentv1 tagged image myself, no crashes, perhaps your issue is something else.

Link to comment

You saying that made me actually look into it more, I saw a bunch of kernel-related messages so my eyes glazed over it and assumed it was the same problem, that is my bad. It seems that I had actually ran out of memory. I used to see these same messages after the old issue as well so it *seemed* like the same thing but this time there are no kernels errors in front of it, just the OOM errors.

 

May 30 23:49:12 unRAID kernel: oom-kill:constraint=CONSTRAINT_NONE,nodemask=(null),cpuset=/,mems_allowed=0,global_oom,task_memcg=/docker/1ce2e085daba11a7bb558dd82aaff85baa717288036b63f77ab269c351c810e5,task=qbittorrent-nox,pid=14902,uid=99
May 30 23:49:12 unRAID kernel: Out of memory: Killed process 14902 (qbittorrent-nox) total-vm:10117188kB, anon-rss:9015660kB, file-rss:0kB, shmem-rss:0kB, UID:99 pgtables:18332kB oom_score_adj:0
May 30 23:49:14 unRAID kernel: oom_reaper: reaped process 14902 (qbittorrent-nox), now anon-rss:0kB, file-rss:0kB, shmem-rss:0kB

 

Although I've never had this problem before, I have 32GB and it generally sits around 60% usage with around 30 docker images running so I'm not sure how it happened. I didn't change anything else but the qbittorrent one. The 4.3.9-2-01 image has been running fine since that day so could it be a memory leak on the newer images? Or do I just have some other issue I need to track down? I think using the latest v1 image did reset some settings in qbittorrent so maybe it set the max memory to unlimited or something to that effect? But that's just a guess.

Edited by TheFeelTrain
Link to comment

I need help with an upgrade path. I am running a container on unRaid v6.11.5.

 

For quite a while I was holding at QBT v4.3.9 due to an error with one of the early 4.4.x builds. I don't even recall what it was specifically. Today I read that a site I use will possibly be removing 4.3.x from their whitelist. So, having read that 4.5.2-x has resolved the webUI exploit, I went ahead and removed the version tag from the template's docker pull.

 

This was a mistake, as the resulting webUI was unreadable (see screenshot). I panicked, and tried rolled back to 4.4.5-2-02. This displays correctly, but many of my Categories were missing. All custom save paths for the remaining Categories are missing or wrong also. I replaced the categories.json from my original 4.3.9 install, but no change. Privoxy was also not accepting connections with this version running.

 

I have rolled back to v4.3.9-2-01 and everything seems to have reverted to the way I had it. All Categories and custom paths are restored.

 

So, is there a step-stone approach I need to take to safely upgrade to :latest from v3.3.9? What is the proper way to get current and not blow up my Category/Folder config?

 

**Side note: I first tried to replicate the missing Categories on v4.4.5. But I realized I don't remember how I set it up so it functions as follows:

  1. Files added to QBT from the *ARR apps are given a Category based on the app.
  2. They are downloaded into that Category's folder (/downloads/*ARR/
  3. When finished and imported by the *ARR, the hard-linked /downloads/ files are moved into a new folder, /downloads/*ARR-imported/.

 

It is step 3 I can't recall, nor find the guide I followed to set it up. 

 

below is the display problem when I tried :latest

qbt wonky.png

Edited by VelcroBP
captioned photo
Link to comment
6 minutes ago, VelcroBP said:
  1. Files added to QBT from the *ARR apps are given a Category based on the app.
  2. They are downloaded into that Category's folder (/downloads/*ARR/
  3. When finished and imported by the *ARR, the hard-linked /downloads/ files are moved into a new folder, /downloads/*ARR-imported/.

It is step 3 I can't recall, nor find the guide I followed to set it up. 

 

Ok I'm dumb. I forgot to show Advanced options in the *ARR app's DL Client settings. Derp. Well that part is solved at least.

 

  • Upvote 1
Link to comment

I am currently using qbittorrentVPN for about 4 months with no issues overall, though I noticed any unregistered torrents are never reported as an error like they were on rtorrent before I switched to qbitorrent. This makes it very tedious to manually search each unregistered torrent and remove. Is there a way to turn on that kind filter? I have seen others mention you need a script possibly, but that seems a bit cumbersome for something to basic. Any help is appreciated as always

Link to comment

Have never been able to make qbittorrent accessible externally from the web, works locally but not extrenally, all other dockers (Sonarr, Radarr, Tautulli) are all set up similarly and are fully accessible from outside of my network via dyndns and port forwarding at my router, has any else experienced/solved this?  Thank you for your help!

Link to comment
37 minutes ago, MTerracciano said:

Have never been able to make qbittorrent accessible externally from the web, works locally but not extrenally, all other dockers (Sonarr, Radarr, Tautulli) are all set up similarly and are fully accessible from outside of my network via dyndns and port forwarding at my router, has any else experienced/solved this?  Thank you for your help!

If you enter the network you are connecting from into the LAN Network field in the docker configuration that should allow you to access the webUI.

Link to comment
3 hours ago, wgstarks said:

If you enter the network you are connecting from into the LAN Network field in the docker configuration that should allow you to access the webUI.

How would I know the network I'd be connecting from if, let's say, I'm just trying to view download progress in the qbittorrent remote app on my phone while on a mobile network?

Link to comment
52 minutes ago, MTerracciano said:

I'm just trying to view download progress in the qbittorrent remote app on my phone while on a mobile network?

 

I'm trying to do the same. In my case when I connect to my home router via WireGuard (on the router not unRaid) I am able to access any other local service icontainers except this one running behind it's own VPN. I don't know how to configure so it's also available to the wireguard connection.

Link to comment
1 hour ago, MTerracciano said:

How would I know the network I'd be connecting from if, let's say, I'm just trying to view download progress in the qbittorrent remote app on my phone while on a mobile network?

You would need to connect to your local network through a vpn or similar and you can enter the lan network that your router assigns to the vpn.

Link to comment
13 minutes ago, VelcroBP said:

 

I'm trying to do the same. In my case when I connect to my home router via WireGuard (on the router not unRaid) I am able to access any other local service icontainers except this one running behind it's own VPN. I don't know how to configure so it's also available to the wireguard connection.

Enter the lan network that your router uses for the wireguard connection.

Link to comment

I have both LANs defined in allowed-ips already. i can hit other services using IP:PORT just not the qbtVPN container. from other devices on the same LAN as the server i can bring it up by IP:PORT. I can also access the smb shares via SolidExplorer when I'm in via wireguard.

Sent from my Pixel 5 using Tapatalk

Link to comment
13 minutes ago, VelcroBP said:

I have both LANs defined in allowed-ips already. i can hit other services using IP:PORT just not the qbtVPN container. from other devices on the same LAN as the server i can bring it up by IP:PORT. I can also access the smb shares via SolidExplorer when I'm in via wireguard.

Sent from my Pixel 5 using Tapatalk
 

Attach your docker run command to your next post. Be sure to redact users/passwords.

Link to comment

Hi all, I have made some nice changes to the core code used for all the VPN docker images I produce, details as follows:-

  • Randomly rotate between multiple remote endpoints (openvpn only) on disconnection - Less possbility of getting stuck on a defunct endpoint
  • Manual round-robin implementation of IP addresses for endpoints - On disconnection all endpoint IP's are rotated in /etc/hosts, reducing the possibility of getting stuck on a defunct server on the endpoint.

I also have a final piece of work around this (not done yet), which is to refresh IP addresses for endpoints on each disconnect/reconnect cycle, further reducing the possibility of getting stuck on defunct servers.
 

In short the work above should help keep the connection maintained for longer periods of time (hopefully months!) without the requirement to restart the container.
 

The work was non-trivial and it is possible I have introduced some bugs (extensively tested) so please keep an eye out of for unexpected issues as I roll out the this change (currently rolled out to SABnzbdVPN and PrivoxyVPN), if you see a new image released then it will include the new functionality.

  • Like 1
  • Thanks 2
Link to comment

Hi, hoping to get some VPN help.  I use OctaneVPN, working on the deprecated rTorrentVPN docker and trying to move to either DelugeVPN or QBittorrentVPN.

 

My VPN provider's OVPN file wasn't working, so I asked them to help and they gave me an update that include "tls-cipher "DEFAULT:@SECLEVEL=0". I get this in teh logs though:

Quote

2023-06-09 14:49:08,971 DEBG 'start-script' stdout output:
2023-06-09 14:49:08 OPTIONS ERROR: failed to negotiate cipher with server.  Add the server's cipher ('AES-256-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305') if you want to connect to this server.
2023-06-09 14:49:08 ERROR: Failed to apply push options
2023-06-09 14:49:08 Failed to open tun/tap interface

2023-06-09 14:49:08,972 DEBG 'start-script' stdout output:
2023-06-09 14:49:08 SIGHUP[soft,process-push-msg-failed] received, process restarting

Is there something I can do to edit "--data-ciphers" to get things going?  Again, this is working on the old rTorrent docker...just trying to migrate.


Thanks!

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.