[Support] binhex - qBittorrentVPN


Recommended Posts

13 minutes ago, dnLL said:

Just got it working without editing the routing table. I just edited the docker settings instead, enabling br0.2, then selected br0.2 for the qbittorrentvpn docker and changed the IP to 10.1.2.54 and done. It's now sharing that other dedicated VLAN with the developer VM. It would probably be a better idea for me to put it in its completely separate VLAN but that will do for now, as I would need to shut down all the VMs/shares to edit the network settings and I can't do that right now (hosting some semi-important stuff).

 

Thanks for your help by the way, happy you immediately found the issue. I will probably do some network redesign next time I do a planned maintenance.

glad you got it working :-), if oyu want to create a seperate network then my go to post is thie one, its old but still relevant:-

https://forums.unraid.net/topic/70906-added-in-651-docker-user-defined-bridge-networks/?do=findComment&comment=651107

 

im assuming there is a new fangled way of doing it through te web ui but i havent found it :-), just ensure you set the network to something unique and you should be set!.

 

Link to comment
8 minutes ago, jleiss said:

using the default wireguard config that comes from deployment, no modifications to it. Is this similar to openvpn and I need to get a wireguard config from PIA?

not sure the security of the public and private key so I have XXXX those out, here is what the config file looks like

 

[Interface]
Address = 10.27.139.48
PrivateKey = XXXXXXXXXXXXXX
PostUp = '/root/wireguardup.sh'
PostDown = '/root/wireguarddown.sh'

 

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0
Endpoint = nl-amsterdam.privacy.network:1337

 

Link to comment
1 minute ago, jleiss said:

not sure the security of the public and private key so I have XXXX those out, here is what the config file looks like

 

[Interface]
Address = 10.27.139.48
PrivateKey = XXXXXXXXXXXXXX
PostUp = '/root/wireguardup.sh'
PostDown = '/root/wireguarddown.sh'

 

[Peer]
PublicKey = XXXXXXXXXXXXXXXXXXX
AllowedIPs = 0.0.0.0/0
Endpoint = nl-amsterdam.privacy.network:1337

 

ok ensure you have done all the steps here Q21:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

 

if you are sure you have then please do this:- https://github.com/binhex/documentation/blob/master/docker/faq/help.md

Link to comment
10 hours ago, jleiss said:

updated as requested with same errors, supervisord log attached. UN & password cleared.

 

 

supervisord.logthese 73.26 kB · 1 download

 

 

these are your two issues, as shown in your log:-

2020-10-13 14:36:29,702 DEBG 'start-script' stderr output:
Error: Unknown device type.

2020-10-13 14:36:29,704 DEBG 'start-script' stderr output:
Unable to access interface: Protocol not supported

a quick google and i found the link below, i see you arent a unraid user, so your issue is no doubt with the kernel version you are running, it must be kernel 5.6.x or later for wireguard to work:-

https://www.reddit.com/r/WireGuard/comments/b3jp39/cant_get_wireguard_to_load_the_interface_wg0_at/

 

Link to comment

Hey @binhex, your apps/containers are awesome!

 

With that obvious FACT out of the way I'm having some trouble getting wireguard running. My config is below based on the guide (step 21) HERE but when I start I get an warning of: [warn] VPN_CLIENT not defined (via -e VPN_CLIENT), defaulting to 'openvpn'

 

I've been staring at the page for ages so I'm hoping you'll see something I am now blind/immune to :D

 

config.thumb.png.014cfd14d779714271f0c1d04b4aee20.png

 

Any help is appreciated, my speeds went to complete dogshit after switching to PIA nextgen via OpenVPN...hopeing WG may improve things. Thanks for your awesome work!

 

Link to comment
15 minutes ago, DaveDoesStuff said:

With that obvious FACT out of the way I'm having some trouble getting wireguard running. My config is below based on the guide (step 21) HERE but when I start I get an warning of: [warn] VPN_CLIENT not defined (via -e VPN_CLIENT), defaulting to 'openvpn'

ok ive spotted one issue, you have --privileged=true in the extra parameters AND you have privileged toggle set to on, so you dont need to specify the extra parameters as well.

 

can you click on 'edit' for the new env var VPN_CLIENT and screenshot that window.

Link to comment
3 minutes ago, binhex said:

ok ive spotted one issue, you have --privileged=true in the extra parameters AND you have privileged toggle set to on, so you dont need to specify the extra parameters as well.

 

can you click on 'edit' for the new env var VPN_CLIENT and screenshot that window.

Sorry I had meant to remove the extra parameter. Just tried it incase setting privelledged to true via the slider wasn't working (for some unknown reason). I've removed it, slider is still set to on and the error persists.

 

As requested:

 

2020-10-14 11_10_25-iBstorage_UpdateContainer.png

Link to comment
3 minutes ago, DaveDoesStuff said:

Sorry I had meant to remove the extra parameter. Just tried it incase setting privelledged to true via the slider wasn't working (for some unknown reason). I've removed it, slider is still set to on and the error persists.

 

As requested:

 

2020-10-14 11_10_25-iBstorage_UpdateContainer.png

yep thats your issue, you have set the name but not the key, the 'key' and the 'value' are the important ones, all others can be blank, so to be clear the key should be VPN_CLIENT

Edited by binhex
Link to comment
4 minutes ago, binhex said:

yep thats your issue, you have set the name but not the key, the 'key' and the 'value' are the important ones, all others can be blank.

Damn, my reading comprehension is off today. Sorry for wasting your time on that, you clearly say key in the FAQ and I just missed it:
635653640_2020-10-1411_14_22-documentation_vpn.mdatmasterbinhex_documentationGitHub.thumb.png.d574efc7baea4e85a04ad44ae078e2aa.png

 

Thanks for the assist!

 

Actually one other question, what is the format for having mutliple potential endpoints in wg0.conf or is it not supported with WG as it is with OVPN?

Edited by DaveDoesStuff
Link to comment
11 minutes ago, binhex said:

there is no support for multiple endpoints at this time for wireguard.

Fair enough.

 

The plot thickens however:
 

2020-10-14 11:31:48,391 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard

2020-10-14 11:31:48,393 DEBG 'start-script' stderr output:
RTNETLINK answers: Operation not supported

2020-10-14 11:31:48,395 DEBG 'start-script' stderr output:
Unable to access interface: Protocol not supported

2020-10-14 11:31:48,395 DEBG 'start-script' stderr output:
[#] ip link delete dev wg0

2020-10-14 11:31:48,397 DEBG 'start-script' stderr output:
Cannot find device "wg0"

2020-10-14 11:31:48,397 DEBG 'start-script' stdout output:
[warn] WireGuard interface failed to come 'up', exit code is '1'

Thats with the default wg0.conf, I originally had input france.privacy.network:1198 with which it also failed before deleting the conf and restarting as I assumed I had messed it up.

 

The above in the logs was preceeded by:
 

2020-10-14 11:30:18,310 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1337 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -s 10.1.1.0/24 -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -s 10.1.1.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1337 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -d 10.1.1.0/24 -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 10.1.1.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT

 

Not sure if this helps but my allocations for the container are:
1169863886_2020-10-1411_34_21-iBstorage_UpdateContainer.png.53c02f47e62682536310d3197ed4eb44.png

Edited by DaveDoesStuff
Link to comment
7 minutes ago, DaveDoesStuff said:

2020-10-14 11:31:48,393 DEBG 'start-script' stderr output: RTNETLINK answers: Operation not supported 2020-10-14 11:31:48,395 DEBG 'start-script' stderr output: Unable to access interface: Protocol not supported

sounds like you have turned off privileged mode completely now?, make sure you have privileged toggle set to on, make sure extra parameters is blank, if both of these are already set then please do the following:- https://github.com/binhex/documentation/blob/master/docker/faq/help.md

Link to comment
10 minutes ago, binhex said:

sounds like you have turned off privileged mode completely now?, make sure you have privileged toggle set to on, make sure extra parameters is blank, if both of these are already set then please do the following:- https://github.com/binhex/documentation/blob/master/docker/faq/help.md

The slider was still set to on, I toggled it on/off then restarted twice and no change. Same issue. I then toggled it off and re-added the extra parameter --privileged=true and the issue persists.

 

I followed those instructions to the letter, log file attached. Info removed/replace was username, pass and the wireguard public and private key (replaced with X's).

 

supervisord.log

Edited by DaveDoesStuff
File issue.
Link to comment
8 minutes ago, DaveDoesStuff said:

The slider was still set to on, I toggled it on/off then restarted twice and no change. Same issue. I then toggled it off and re-added the extra parameter --privileged=true and the issue persists.

 

I followed those instructions to the letter, log file attached. Info removed/replace was username, pass and the wireguard public and private key (replaced with X's).

 

supervisord.log 62.57 kB · 0 downloads

how bizarre!, i can replicate your issue by toggling privileged mode off, toggle it back on and the issue goes away, im at a loss right now as to what to suggest next...

Link to comment
25 minutes ago, binhex said:

how bizarre!, i can replicate your issue by toggling privileged mode off, toggle it back on and the issue goes away, im at a loss right now as to what to suggest next...

Bizzarre indeed! I can clearly see in the CMD output that when I toggle it and save the changes it is indeed running with it set to true (which you probably confirmed in the logs also):
 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='binhex-qbittorrentvpn' --net='bridge' --cpuset-cpus='1,9' --privileged=true -e TZ="Europe/London" -e HOST_OS="Unraid" -e 'VPN_ENABLED'='yes' -e 'VPN_USER'='XXXXX' -e 'VPN_PASS'='XXXXX' -e 'VPN_PROV'='pia' -e 'VPN_OPTIONS'='' -e 'STRICT_PORT_FORWARD'='yes' -e 'ENABLE_PRIVOXY'='yes' -e 'WEBUI_PORT'='8080' -e 'LAN_NETWORK'='10.1.1.0/24' -e 'NAME_SERVERS'='209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1' -e 'ADDITIONAL_PORTS'='' -e 'DEBUG'='true' -e 'UMASK'='000' -e 'PUID'='99' -e 'PGID'='100' -e 'VPN_CLIENT'='wireguard' -p '6881:6881/tcp' -p '6881:6881/udp' -p '8080:8080/tcp' -p '8118:8118/tcp' -v '/mnt/user/Downloads/':'/data':'rw' -v '/mnt/disks/UD_SSD/AppData/binhex-qbittorrentvpn':'/config':'rw,slave' 'binhex/arch-qbittorrentvpn'
9b76b47381e4fb14f762b1b87757888056b7aed2e9e4ae044bfc7113e0808968

Would there be any value to just blowing away the whole thing and re-installing from CA Apps? It's not ideal with 75 torrents in my queue so I was holding this option way back in reserve :D

 

Hmm, not likely to be related (or possibly already addressed) but I found someone with a similar wireguard issue from April from a different container...might be something to it. But probably not :P


https://github.com/linuxserver/docker-wireguard/issues/17

Edited by DaveDoesStuff
More info
Link to comment
8 hours ago, binhex said:

 

 

these are your two issues, as shown in your log:-


2020-10-13 14:36:29,702 DEBG 'start-script' stderr output:
Error: Unknown device type.

2020-10-13 14:36:29,704 DEBG 'start-script' stderr output:
Unable to access interface: Protocol not supported

a quick google and i found the link below, i see you arent a unraid user, so your issue is no doubt with the kernel version you are running, it must be kernel 5.6.x or later for wireguard to work:-

https://www.reddit.com/r/WireGuard/comments/b3jp39/cant_get_wireguard_to_load_the_interface_wg0_at/

 

Thank you, it's a proxmox server and they are only at 5.4 for now, might be awhile before they get there. Unless I find a workaround i'll stick with openvpn.

  • Like 1
Link to comment

I'm trying to get QbtVPN running with Wireguard, My VPN service (Torguard) supports Wireguard and portforwarding.
I read the 2 links VPN Docker FAQ and Further Help.

I also tried rTorrentVPN and i'm getting the same error.

2020-10-14 20:21:44,495 DEBG 'watchdog-script' stdout output:
[debug] Having issues resolving name 'www.google.com'
[debug] Retrying in 5 secs...
[debug] 11 retries left

I've added the supervisord.log that i run with the debug enabled.supervisord.log
Also added the docker compose of unraid.
Yes I know i don't use the default ports, but it's because i have those ports already in use

version: '3.3'
services:
    nginx:
        ports:
            - '80:80'
            - '6881:6881'
            - '6881:6881/udp'
            - '8085:8080'
            - '8119:8118'
        volumes:
            - '/var/run/docker.sock:/tmdocker'
            - '/mnt/disks/VM/appdata/binhex-qbittorrentvpn:/config:rw,slave'
            - '/mnt/user/data/.torrents/:/data/.torrents/:rw'
            - /config
            - /data
        container_name: binhex-qbittorrentvpn
        environment:
            - VPN_ENABLED=yes
            - VPN_OPTIONS=
            - 'NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1'
            - ADDITIONAL_PORTS=
            - PUID=99
            - DEBUG=true
            - PGID=100
            - VPN_USER=VPN_USER
            - VPN_PROV=custom
            - STRICT_PORT_FORWARD=yes
            - WEBUI_PORT=8085
            - LAN_NETWORK=192.168.2.0/24
            - UMASK=000
            - TZ=Europe/Berlin
            - HOST_OS=Unraid
            - VPN_PASS=VPN_PASS
            - VPN_CLIENT=wireguard
            - ENABLE_PRIVOXY=no
            - 'PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
            - HOME=/home/nobody
            - TERM=xterm
            - LANG=en_GB.UTF-8
        network_mode: bridge
        privileged: true
        restart: 'no,always'
        logging:
            options: 'max-file=1,max-size=50m,max-size=1g'
        image: nginx

 

Link to comment
13 hours ago, TRaSH said:

I also tried rTorrentVPN and i'm getting the same error.


2020-10-14 20:21:44,495 DEBG 'watchdog-script' stdout output:
[debug] Having issues resolving name 'www.google.com'
[debug] Retrying in 5 secs...
[debug] 11 retries left

i think this maybe PIA's DNS playing up, can you change the NAME_SERVERS to:-

'NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'

 

Link to comment

Anyone having issues with PIA and the strict port forwarding? Everything was working fine for me until today. Nothing was getting downloaded. Thought that maybe the VPN server went down so I tried it with another one, still nothing. Turned VPN off and it worked again. Turned VPN back on and noticed the logs were throwing errors around the port forwarding part and the docker (or at least the webpage part) wasn't even loading. I turned strict port forwarding off and everything works again now. Not sure if it's just me or something global with PIA, hence why I'm asking.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.