[Support] binhex - qBittorrentVPN

[SentientNut]

My container won't start. I am using PIA. I tried updating the OPVPN files from PIA, but that did not help.

OpenSSL: error:068000E9:asn1 encoding routines::utctime is too short:
OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=revocationDate, Type=X509_REVOKED
OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=revoked, Type=X509_CRL_INFO
OpenSSL: error:0688010A:asn1 encoding routines::nested asn1 error:Field=crl, Type=X509_CRL

 

I went back to binhex/arch-qbittorrentvpn:4.6.4-1-01 to resolve this, so I know this is must only be an issue with 4.6.4-1-02 or my appdata somewhere.

 

Edit: Added redacted supervisord.log and Command Execution

Edit 2: I wrote out the error messages in case someone tries searching this topic or google to find what the error means.

 

Here is my Command execution.
docker run
  -d
  --name='binhex-qbittorrentvpn'
  --net='bridge'
  --privileged=true
  -e TZ="America/Chicago"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="YeetUnraid"
  -e HOST_CONTAINERNAME="binhex-qbittorrentvpn"
  -e 'VPN_ENABLED'='yes'
  -e 'VPN_USER'='REMOVED FOR SECURITY'
  -e 'VPN_PASS'='REMOVED FOR SECURITY'
  -e 'VPN _PROV'='pia'
  -e 'VPN_CLIENT'='openvpn'
  -e 'VPN_OPTIONS'=''
  -e 'STRICT_PORT_FORWARD'='yes'
  -e 'ENABLE_PRIVOXY'='yes'
  -e 'WEBUI_PORT'='8080'
  -e 'LAN_NETWORK'='192.168.1.0/24'
  -e 'NAME_SERVERS'='84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
  -e 'VPN_INPUT_PORTS'=''
  -e 'VPN_OUTPUT_PORTS'=''
  -e 'DEBUG'='true'
  -e 'UMASK'='000'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8080]/'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/docker-templates/master/binhex/images/qbittorrent-icon.png'
  -p '6881:6881/tcp'
  -p '6881:6881/udp'
  -p '8585:8080/tcp'
  -p '8118:8118/tcp'
  -v '/mnt/user/Seeding Torrents/':'/data':'rw'
  -v '/mnt/user/Seeding Torrents/':'/seeding':'rw'
  -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw'
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'

9a258e96adc3c32057ccd9972e8dab39a8b33185c6f4038dd68e0bce61bcdee8

yeetunraid-diagnostics-20240430-1657.zip supervisord.log

Edited May 1 by SentientNut

[Stupot]

3 hours ago, SentientNut said:

My container won't start. I am using PIA. I tried updating the OPVPN files from PIA, but that did not help.

 

I went back to binhex/arch-qbittorrentvpn:4.6.4-1-01 to resolve this, so I know this is must only be an issue with 4.6.4-1-02 or my appdata somewhere.

 

Edit: Added redacted supervisord.log and Command Execution

 

Here is my Command execution.
docker run
  -d
  --name='binhex-qbittorrentvpn'
  --net='bridge'
  --privileged=true
  -e TZ="America/Chicago"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="YeetUnraid"
  -e HOST_CONTAINERNAME="binhex-qbittorrentvpn"
  -e 'VPN_ENABLED'='yes'
  -e 'VPN_USER'='REMOVED FOR SECURITY'
  -e 'VPN_PASS'='REMOVED FOR SECURITY'
  -e 'VPN _PROV'='pia'
  -e 'VPN_CLIENT'='openvpn'
  -e 'VPN_OPTIONS'=''
  -e 'STRICT_PORT_FORWARD'='yes'
  -e 'ENABLE_PRIVOXY'='yes'
  -e 'WEBUI_PORT'='8080'
  -e 'LAN_NETWORK'='192.168.1.0/24'
  -e 'NAME_SERVERS'='84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
  -e 'VPN_INPUT_PORTS'=''
  -e 'VPN_OUTPUT_PORTS'=''
  -e 'DEBUG'='true'
  -e 'UMASK'='000'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8080]/'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/docker-templates/master/binhex/images/qbittorrent-icon.png'
  -p '6881:6881/tcp'
  -p '6881:6881/udp'
  -p '8585:8080/tcp'
  -p '8118:8118/tcp'
  -v '/mnt/user/Seeding Torrents/':'/data':'rw'
  -v '/mnt/user/Seeding Torrents/':'/seeding':'rw'
  -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw'
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'

9a258e96adc3c32057ccd9972e8dab39a8b33185c6f4038dd68e0bce61bcdee8

yeetunraid-diagnostics-20240430-1657.zip 265.27 kB · 0 downloads supervisord.log 41.99 kB · 1 download

 

 

Am in the exact same boat - tried to use qbittorrent but it's all of a sudden doing the same as SentientNut.  Am on PIA too.

 

Edit: How can one downgrade as you said you have done? Thanks

 

Edit 2: Figured out how to downgrade, super easy.

 

Is this something that has changed with the the docker or has something changed at PIA you think?

Edited May 1 by Stupot

[SentientNut]

30 minutes ago, Stupot said:

Is this something that has changed with the the docker or has something changed at PIA you think?

After doing some googling, it could be a combination as someone is having the same error with openssl.

https://github.com/openssl/openssl/discussions/24301

 

I did try changing my OPVPN files too and I don't think they have changed. It's the first option "OPENVPN CONFIGURATION FILES (DEFAULT)"

https://helpdesk.privateinternetaccess.com/kb/articles/where-can-i-find-your-ovpn-files

[Stupot]

7 minutes ago, SentientNut said:

After doing some googling, it could be a combination as someone is having the same error with openssl.

https://github.com/openssl/openssl/discussions/24301

 

I did try changing my OPVPN files too and I don't think they have changed. It's the first option "OPENVPN CONFIGURATION FILES (DEFAULT)"

https://helpdesk.privateinternetaccess.com/kb/articles/where-can-i-find-your-ovpn-files

 

Yeah I checked the OVPN files too and saw they were same as what you can download right now.  I tried a different server too and it didn't make any difference.

 

Hopefully this is something binhex can help resolve!

 

Thanks!

[SentientNut]

8 minutes ago, Stupot said:

Hopefully this is something binhex can help resolve!

Yup, we just gotta sit tight until our lord and savior fixes it 😂

[binhex]

7 hours ago, SentientNut said:

Yup, we just gotta sit tight until our lord and savior fixes it 😂

 

7 hours ago, Stupot said:

 

Yeah I checked the OVPN files too and saw they were same as what you can download right now.  I tried a different server too and it didn't make any difference.

 

Hopefully this is something binhex can help resolve!

 

Thanks!

Looks like a PIA issue with the CRL inline in the ovpn files being malformed, see here:- https://github.com/binhex/arch-qbittorrentvpn/issues/233#issuecomment-2088192316

[MrAndyBurns]

54 minutes ago, binhex said:

 

Looks like a PIA issue with the CRL inline in the ovpn files being malformed, see here:- https://github.com/binhex/arch-qbittorrentvpn/issues/233#issuecomment-2088192316

Thanks @binhex ... followed your advice on GitHub and switched to Wireguard ... the container is now working for me.

 

Not entirely sure what the impact of this will be but it connects and works!

 

[binhex]

2 minutes ago, MrAndyBurns said:

Not entirely sure what the impact of this will be but it connects and works!

the impact should be faster downloads and less cpu usage 🙂

[MrAndyBurns]

Just now, binhex said:

the impact should be faster downloads and less cpu usage 🙂

Well that sounds just terrible!!  !!

[jr37]

I tried switching to wireguard and updated the wireguard conf file to a different endpoint (changed from the Netherlands default), but when I try to access the webUI, the connection times out (it timed out before I changed the default endpoint as well). Currently, I am not on the same network as my server, I am using wireguard hosted on my server to connect to the network my server is on and I can access the unraid webUI but not qbittorrent. Any idea why it might not be working? Thanks.

Edited May 1 by jr37

[wgstarks]

10 minutes ago, jr37 said:

Currently, I am not on the same network as my server, I am using wireguard hosted on my server to connect to the network my server is on and I can access the unraid webUI but not qbittorrent.

This is likely your problem. If you add the lan network used by your wireguard server to the LAN_NETWORK setting on the container (comma separated) you’ll probably have access.

[jr37]

52 minutes ago, wgstarks said:

This is likely your problem. If you add the lan network used by your wireguard server to the LAN_NETWORK setting on the container (comma separated) you’ll probably have access.

Is this the setting you are referring to (inside the qbittorrent docker settings)?

 

[wgstarks]

1 minute ago, jr37 said:

Is this the setting you are referring to (inside the qbittorrent docker settings)?

 

Yes. Just add a comma and any other networks you want to be able to access the webUI from. Then click apply.

[jr37]

1 hour ago, wgstarks said:

Yes. Just add a comma and any other networks you want to be able to access the webUI from. Then click apply.

Thank you, currently trying to get it fixed. So am I correct that in addition to the default 192.168.1.0/24, I need the LAN address for the network that my server is connected to (in order to access the unraid UI and the qbittorrent UI)? Or does 192.168.1.0/24 refer to the server's local network? Sorry, I'm relatively new at this.

Edited May 1 by jr37

[Arteekay]

2 hours ago, jr37 said:

I tried switching to wireguard and updated the wireguard conf file to a different endpoint (changed from the Netherlands default)

 

Anyone have an idea why Netherlands is the default, or what other options are available, and if so what benefits or issues might come with changing it?

 

My google-fu has failed me today.

[wgstarks]

1 hour ago, jr37 said:

Thank you, currently trying to get it fixed. So am I correct that in addition to the default 192.168.1.0/24, I need the LAN address for the network that my server is connected to (in order to access the unraid UI and the qbittorrent UI)? Or does 192.168.1.0/24 refer to the server's local network? Sorry, I'm relatively new at this.

The current setting would be what you configured as your local network. You can add other networks as well if you want to be able to access the gui from those networks. I don’t believe there is any default setting for this. Too many possibilities.

[RonneBlaze]

1 hour ago, Arteekay said:

 

Anyone have an idea why Netherlands is the default, or what other options are available, and if so what benefits or issues might come with changing it?

 

My google-fu has failed me today.

Not sure why Netherlands was chosen as the default, but i did find this link https://serverlist.piaservers.net/vpninfo/servers/v6

it is a json of all the servers and addresses.

[matuopm]

Is there anything else to do besides switching to wireguard here ?


Because in the logs I saw:

2024-05-01 20:11:55.745109 [info] VPN_CONFIG not defined (wireguard config doesnt file exists), defaulting to '/config/wireguard/wg0.conf'
2024-05-01 20:11:55.757465 [info] VPN_REMOTE_SERVER not defined (wireguard config doesnt file exists), defaulting to 'XXXXXXXXXXXXXXXX.privacy.network'
2024-05-01 20:11:55.770262 [info] VPN_REMOTE_PORT not defined (wireguard config file doesnt exists), defaulting to 'XXXX'

and more down:
 

2024-05-01 20:16:49,595 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

 

Edited May 1 by matuopm

[wgstarks]

27 minutes ago, matuopm said:

Is there anything else to do besides switching to wireguard here ?


Because in the logs I saw:

2024-05-01 20:11:55.745109 [info] VPN_CONFIG not defined (wireguard config doesnt file exists), defaulting to '/config/wireguard/wg0.conf'
2024-05-01 20:11:55.757465 [info] VPN_REMOTE_SERVER not defined (wireguard config doesnt file exists), defaulting to 'XXXXXXXXXXXXXXXX.privacy.network'
2024-05-01 20:11:55.770262 [info] VPN_REMOTE_PORT not defined (wireguard config file doesnt exists), defaulting to 'XXXX'

and more down:
 

2024-05-01 20:16:49,595 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

 

https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

 

Scroll down to Q21 and Q28.

[Cybernaut]

Same thing gonna happen with binhex-sabnzbdvpn?

[Paper319]

So I have wireguard working the client is up, and I can download but trying to run an torrent leak test it wont work? Any thoughts? Should I assume since the client is on and logs show its connecting besides reconfiguring ip of qbit to torrent ip that it is working???

[Stupot]

I have just tried for the first time using Wireguard instead of OpenVPN as the client when using PIA.

 

I have a 1gig fibre internet connection, but I have only ever been able to get 40mb/sec~ using PIA and OpenVPN.  CPU was never maxed out so it always seemed like a PIA thing - I thought they were throttling me in some way.

 

Using Wireguard, I am almost maxing out my connection when downloading, at around 90mb/sec.  Does this sound right?  Doing "curl ifconfig.io" in the docker console says it's connected to the server I chose, and downloading a test torrent from https://torguard.net/checkmytorrentipaddress.php also reports back the IP of the VPN...so everything seems to be working as it should.

 

Is Wireguard just that much better than OpenVPN?  It was certainly using more of my CPU as it was downloading at that rate, so it seems as if it is VPNing properly?

 

Thanks

[Paper319]

7 minutes ago, Paper319 said:

So I have wireguard working the client is up, and I can download but trying to run an torrent leak test it wont work? Any thoughts? Should I assume since the client is on and logs show its connecting besides reconfiguring ip of qbit to torrent ip that it is working???

So doing curl ifconfig.io shows the ip of an Ontario server so I can assume I'm fine. Right?

[Paper319]

6 minutes ago, Stupot said:

I have just tried for the first time using Wireguard instead of OpenVPN as the client when using PIA.

 

I have a 1gig fibre internet connection, but I have only ever been able to get 40mb/sec~ using PIA and OpenVPN.  CPU was never maxed out so it always seemed like a PIA thing - I thought they were throttling me in some way.

 

Using Wireguard, I am almost maxing out my connection when downloading, at around 90mb/sec.  Does this sound right?  Doing "curl ifconfig.io" in the docker console says it's connected to the server I chose, and downloading a test torrent from https://torguard.net/checkmytorrentipaddress.php also reports back the IP of the VPN...so everything seems to be working as it should.

 

Is Wireguard just that much better than OpenVPN?  It was certainly using more of my CPU as it was downloading at that rate, so it seems as if it is VPNing properly?

 

Thanks

I'm having a different but same issue lol but yes wireguard is just that better I use wiregaurd for other things and my god is it just that much better than Openvpn.

[Stupot]

19 minutes ago, Paper319 said:

I'm having a different but same issue lol but yes wireguard is just that better I use wiregaurd for other things and my god is it just that much better than Openvpn.

Interesting.  Feel like a bit of a schmuck now going all this time thinking I wasn't able to use all the bandwidth available to me 😂

When you say you're trying to run a leak test, what method(s) do you use?  I've only been doing curl ifconfig.io in console and a Torguard check.  I have never received any notices from my ISP slapping my wrists in the 10+ years of torrenting, so have always assumed everything has been golden.