[Support] binhex - qBittorrentVPN

[wgstarks]

Glad it’s working. 👍

[Craft211]

Has anyone managed to implement a way to auto-update Vuetorrent? I tried to write a script to do this, but coding in general is not my strong point. 

[cwebb]

Error response from daemon: driver failed programming external connectivity on endpoint binhex-qbittorrentvpn (6f338e9fd54a4aa2f0ff411e32b3afc803bc76c7111556ff8cbba32c219b344e): Bind for 0.0.0.0:58946 failed: port is already allocated.

hi getting this message when i try to apply the docker container , and the docker will not start , just says server error 

[vmasip]

Another issue I'd like to talk about is about openvpn vs wireguard. Docs says clearly that wireguard config requires privileged permissions. That's the reason I am trying to use openvpn. I'd like to mention that this image:

 

https://hotio.dev/containers/qbittorrent/#__tabbed_3_2

 

does not required privileged access for pia + wireguard. Probably I am missing something. But I've wanted to point it out because would be great having this image with wireguard without privileges.

[vmasip]

Until using this image with vpn I used one without it. So I didn't have a  dilemma I've got right now. I used to donfigure this at my compose:

 

cloudflaretunnel:
container_name: cloudflaretunnel
image: cloudflare/cloudflared:2023.2.1
restart: unless-stopped
environment:
- TUNNEL_TOKEN=$TUNNEL_TOKEN
command: tunnel --no-autoupdate run
networks:
- alaska-rr-services

 

So, with this, all my rr apps and qbittorrent were accesible from outside my LAN trough cloudflare tunnels using this:

    networks:
      - alaska-rr-services

 

Now I've configured binhex.qbittorrentvpn image. Using pia and openvpn, because this is were I want my torrent traffic goes:

 

qbittorrent:
    image: binhex/arch-qbittorrentvpn
    container_name: qbittorrent
    logging:
      driver: json-file
    ports:
      - ${QBITTORRENT_WEBUI_PORT}:${QBITTORRENT_WEBUI_PORT}
      - ${TORRENTING_PORT}:${TORRENTING_PORT}
      - 8118:8118
      - 9118:9118 
      - 58946:58946 
      - 58946:58946/udp 
    cap_add:
      - NET_ADMIN
    environment:
    #  - DOCKER_MODS=ghcr.io/gabe565/linuxserver-mod-vuetorrent
      - PUID=1118
      - PGID=${PGIDTORRENT}
      - TZ=${TZ}
      - UMASK=${UMASK}
      - WEBUI_PORT=${QBITTORRENT_WEBUI_PORT}
      - TORRENTING_PORT=${TORRENTING_PORT}
      - VPN_ENABLED=yes
      - VPN_USER=$PIA_USER 
      - VPN_PASS=$PIA_PASS
      - VPN_PROV=pia 
      - VPN_CLIENT=openvpn
      - ENABLE_STARTUP_SCRIPTS=no
      - ENABLE_PRIVOXY=yes
      - STRICT_PORT_FORWARD=yes
      - USERSPACE_WIREGUARD=no
      - ENABLE_SOCKS=yes
      - SOCKS_USER=admin
      - SOCKS_PASS=socks
      - LAN_NETWORK=$PIA_LOCAL_NETWORK 
      - NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1 
      - VPN_INPUT_PORTS=1234 
      - VPN_OUTPUT_PORTS=5678 
      - DEBUG=true
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${APP_DATA_HOST}/qbittorrent:/config
      - ${DATA_HOST}:/data/torrents
    restart: always
    healthcheck:
      # Container may fail if the PIA's token expired, so mark as unhealthy when there is no internet connection
      # see: https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220
      test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8080", "https://google.com" ]
      interval: 30s
      retries: 10

 

 

But if I add

    networks:
      - alaska-rr-services

 

I guess my torrent traffic will go trough cloudflare too? (which is not suitable) I only want that  my WEBUI_PORT goes trough that network (and torrenting network trough vpn) I guess I am not the only one with this problem. How can I achieve that?

 

 

Edited August 6 by vmasip
details

[Weetbix M Milk]

I updated my 4 containers from qBit 4.5 today to :latest. I've recreated my containers from scratch, settings are copied exactly from a template so each container is identical, ports and WebUIs have been changed for each container.

Any combination of 2 containers can be run at the same time with functional WebUI, but the 3rd and 4th instances will hang on "[info] Waiting for qBittorrent process to start listening on port XXXX..."

Has anyone encountered this?

[Weetbix M Milk]

Separate question:

The is little/no documentation on "/shared" and "binhex-shared".
Can we use this to tie multiple binhex-qbittorentVPN containers to the same VPN connection?

[binhex]

6 hours ago, Weetbix M Milk said:

Separate question:

The is little/no documentation on "/shared" and "binhex-shared".
Can we use this to tie multiple binhex-qbittorentVPN containers to the same VPN connection?

i will be fixing the doc deficiencies in the future, but for now in a nutshell the shared docker volume is used to store the assigned incoming port, this info can then be used by the end user to configure applications running through a single vpn connection, of note there is currently no mechanism to auto update applications based on this information, and as any application could theoretically be sharing the vpn network it would be up to the end user to script this.

[bokchoiboy]

Hi, I've scoured the forums and FAQs and help and reddit to no avail.
I can't get my UI to load while the vpn option is enabled. It works without it.
When I look at the logs, it seems to me that I can't get an endpoint to work (PIA Wireguard).
I've tried many endpoints with both strict port forwarding on and off.
According to the Q and A's, I'm supposed to find a list of endpoints in my supervisord? But no such list exists.
Sorry if this has been addressed somewhere, I couldn't find it for the life of me.
This config/setup was working smoothly, until it wasn't.
(I know 8088 isn't the default, something else is using it, but again, it was working correctly)

I thank any samaritans ahead of time!

 

Command execution
docker run
  -d
  --name='binhex-qbittorrentvpn'
  --net='bridge'
  --privileged=true
  -e TZ="America/Los_Angeles"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="walle"
  -e HOST_CONTAINERNAME="binhex-qbittorrentvpn"
  -e 'VPN_ENABLED'='yes'
  -e 'VPN_USER'='redacted'
  -e 'VPN_PASS'='redacted'
  -e 'VPN_PROV'='pia'
  -e 'VPN_CLIENT'='wireguard'
  -e 'VPN_OPTIONS'=''
  -e 'STRICT_PORT_FORWARD'='no'
  -e 'ENABLE_PRIVOXY'='no'
  -e 'ENABLE_STARTUP_SCRIPTS'='yes'
  -e 'WEBUI_PORT'='8088'
  -e 'LAN_NETWORK'='192.168.1.0/24'
  -e 'NAME_SERVERS'='84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
  -e 'VPN_INPUT_PORTS'='6881'
  -e 'VPN_OUTPUT_PORTS'=''
  -e 'DEBUG'='true'
  -e 'UMASK'='000'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8088]/'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/docker-templates/master/binhex/images/qbittorrent-icon.png'
  -p '6881:6881/tcp'
  -p '6881:6881/udp'
  -p '8118:8118/tcp'
  -p '8088:8088/tcp'
  -v '/mnt/user/data/torrents':'/data/torrents/':'rw'
  -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw'
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'
9d98cb734d69f6c20d7cd88a4b0da02d3d79e1789c9a0a1b50e5b57d441e9ac2

The command finished successfully!

 

supervisord.log

[H2OKing]

@bokchoiboy

 

 

2024-06-11 18:19:34,274 DEBG 'start-script' stdout output:
[info] np-nepal-pf.privacy.network
[info] saudiarabia.privacy.network
[info] au-adelaide-pf.privacy.network
[info] japan-2.privacy.network
[info] au-sydney.privacy.network
[info] no.privacy.network
[info] au-australia-so.privacy.network
[info] nl-netherlands-so.privacy.network
[info] mexico.privacy.network
[info] ad.privacy.network
[info] ar.privacy.network
[info] hungary.privacy.network
[info] kualalumpur.privacy.network
[info] sofia.privacy.network
[info] lv.privacy.network
[info] mk.privacy.network
[info] sanjose.privacy.network
[info] sg.privacy.network
[info] qatar.privacy.network
[info] yerevan.privacy.network
[info] ae.privacy.network
[info] venezuela.privacy.network
[info] gr.privacy.network
[info] al.privacy.network
[info] nz.privacy.network
[info] bo-bolivia-pf.privacy.network
[info] denmark-2.privacy.network
[info] aus-melbourne.privacy.network
[info] nl-amsterdam.privacy.network
[info] panama.privacy.network
[info] czech.privacy.network
[info] denmark.privacy.network
[info] sweden-2.privacy.network
[info] egypt.privacy.network
[info] gt-guatemala-pf.privacy.network
[info] greenland.privacy.network
[info] ba.privacy.network
[info] georgia.privacy.network
[info] monaco.privacy.network
[info] philippines.privacy.network
[info] italy.privacy.network
[info] fi.privacy.network
[info] cyprus.privacy.network
[info] nigeria.privacy.network
[info] es-valencia.privacy.network

2024-06-11 18:19:34,274 DEBG 'start-script' stdout output:
[info] man.privacy.network
[info] za.privacy.network
[info] aus-perth.privacy.network
[info] slovenia.privacy.network
[info] santiago.privacy.network
[info] jakarta.privacy.network
[info] sk.privacy.network
[info] italy-2.privacy.network
[info] ee.privacy.network
[info] china.privacy.network
[info] mongolia.privacy.network
[info] cambodia.privacy.network
[info] malta.privacy.network
[info] sweden.privacy.network
[info] uk-london.privacy.network
[info] kazakhstan.privacy.network
[info] lt.privacy.network
[info] bahamas.privacy.network
[info] hk.privacy.network
[info] bangladesh.privacy.network
[info] md.privacy.network
[info] austria.privacy.network
[info] macau.privacy.network
[info] dz.privacy.network
[info] uk-manchester.privacy.network
[info] fi-2.privacy.network
[info] de-germany-so.privacy.network
[info] france.privacy.network
[info] de-berlin.privacy.network
[info] morocco.privacy.network
[info] rs.privacy.network
[info] montenegro.privacy.network
[info] vietnam.privacy.network
[info] ua.privacy.network

2024-06-11 18:19:34,275 DEBG 'start-script' stdout output:
[info] ca-ontario.privacy.network
[info] tr.privacy.network
[info] liechtenstein.privacy.network
[info] brussels.privacy.network
[info] ca-ontario-so.privacy.network
[info] ro.privacy.network
[info] ec-ecuador-pf.privacy.network
[info] spain.privacy.network
[info] de-frankfurt.privacy.network
[info] au-brisbane-pf.privacy.network
[info] uk-southampton.privacy.network
[info] uk-2.privacy.network
[info] lu.privacy.network
[info] ca-montreal.privacy.network
[info] ca-toronto.privacy.network
[info] swiss.privacy.network
[info] japan.privacy.network
[info] br.privacy.network
[info] bogota.privacy.network
[info] zagreb.privacy.network
[info] taiwan.privacy.network
[info] is.privacy.network
[info] ca-vancouver.privacy.network
[info] srilanka.privacy.network
[info] uy-uruguay-pf.privacy.network
[info] pe-peru-pf.privacy.network
[info] in.privacy.network
[info] kr-south-korea-pf.privacy.network
[info] israel.privacy.network
[info] ireland.privacy.network
[info] pt.privacy.network
[info] poland.privacy.network

               

[wgstarks]

9 hours ago, bokchoiboy said:

Hi, I've scoured the forums and FAQs and help and reddit to no avail.
I can't get my UI to load while the vpn option is enabled. It works without it.
When I look at the logs, it seems to me that I can't get an endpoint to work (PIA Wireguard).
I've tried many endpoints with both strict port forwarding on and off.
According to the Q and A's, I'm supposed to find a list of endpoints in my supervisord? But no such list exists.
Sorry if this has been addressed somewhere, I couldn't find it for the life of me.
This config/setup was working smoothly, until it wasn't.
(I know 8088 isn't the default, something else is using it, but again, it was working correctly)

I thank any samaritans ahead of time!

 

Command execution
docker run
  -d
  --name='binhex-qbittorrentvpn'
  --net='bridge'
  --privileged=true
  -e TZ="America/Los_Angeles"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="walle"
  -e HOST_CONTAINERNAME="binhex-qbittorrentvpn"
  -e 'VPN_ENABLED'='yes'
  -e 'VPN_USER'='redacted'
  -e 'VPN_PASS'='redacted'
  -e 'VPN_PROV'='pia'
  -e 'VPN_CLIENT'='wireguard'
  -e 'VPN_OPTIONS'=''
  -e 'STRICT_PORT_FORWARD'='no'
  -e 'ENABLE_PRIVOXY'='no'
  -e 'ENABLE_STARTUP_SCRIPTS'='yes'
  -e 'WEBUI_PORT'='8088'
  -e 'LAN_NETWORK'='192.168.1.0/24'
  -e 'NAME_SERVERS'='84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
  -e 'VPN_INPUT_PORTS'='6881'
  -e 'VPN_OUTPUT_PORTS'=''
  -e 'DEBUG'='true'
  -e 'UMASK'='000'
  -e 'PUID'='99'
  -e 'PGID'='100'
  -l net.unraid.docker.managed=dockerman
  -l net.unraid.docker.webui='http://[IP]:[PORT:8088]/'
  -l net.unraid.docker.icon='https://raw.githubusercontent.com/binhex/docker-templates/master/binhex/images/qbittorrent-icon.png'
  -p '6881:6881/tcp'
  -p '6881:6881/udp'
  -p '8118:8118/tcp'
  -p '8088:8088/tcp'
  -v '/mnt/user/data/torrents':'/data/torrents/':'rw'
  -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw'
  --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'
9d98cb734d69f6c20d7cd88a4b0da02d3d79e1789c9a0a1b50e5b57d441e9ac2

The command finished successfully!

 

supervisord.log 8.39 kB · 2 downloads

Your log just shows a constant repeat of network errors.

 

Quote

2024-08-07 19:07:49.620439 [debug] ip6tables default policies available, setting policy to drop...
Error: error sending query: Could not send or receive, because of network error
2024-08-07 19:08:04.695421 [debug] Having issues resolving name 'sanjose.privacy.network', sleeping before retry...

I had a similar issue a few weeks ago and was able to resolve it by adjusting my DNS servers. In my case everything started working when I removed the DNS Watch servers.

[bokchoiboy]

5 hours ago, wgstarks said:

I had a similar issue a few weeks ago and was able to resolve it by adjusting my DNS servers. In my case everything started working when I removed the DNS Watch servers.

Where/how would I go about doing that? Is that within the container commands? Some config file somewhere?

[H2OKing]

In the templet, there's a spot where you can change the dns

[bokchoiboy]

2 minutes ago, H2OKing said:

In the templet, there's a spot where you can change the dns

Im assuming that's "name_servers" in which case, when I removed them, same issue persists.
It does say since there were none defined, it defaults to the servers names in "readme.md"

[H2OKing]

13 minutes ago, bokchoiboy said:

Im assuming that's "name_servers" in which case, when I removed them, same issue persists.
It does say since there were none defined, it defaults to the servers names in "readme.md"

Yes Domain name server is the DNS.  

And you can't remove them all or it can't find anything.  DNS point you to the domains IP address.  Put in cloudflare IP 1.1.1.1 and/or Google 8.8.8.8

[bokchoiboy]

15 minutes ago, H2OKing said:

Yes Domain name server is the DNS.  

And you can't remove them all or it can't find anything.  DNS point you to the domains IP address.  Put in cloudflare IP 1.1.1.1 and/or Google 8.8.8.8

Thanks.
But still running into the same error. I've tried many endpoints. Still cycles with the "network error."

[H2OKing]

Can you ping that domain from any pc in your house?

 

Also try pinging 1.1.1.1 or 8.8.8.8

[bokchoiboy]

7 minutes ago, H2OKing said:

Can you ping that domain from any pc in your house?

 

Also try pinging 1.1.1.1 or 8.8.8.8

pinging both 1.1.1.1 and 8.8.8.8 are fine. 
Im not sure which domain youre referring too. but the ip of the container doesn't ping.

[H2OKing]

8 minutes ago, bokchoiboy said:

pinging both 1.1.1.1 and 8.8.8.8 are fine. 
Im not sure which domain youre referring too. but the ip of the container doesn't ping.

sanjose.privacy.network

What the error log is saying. That domain, when it looks for it is not coming back with an ip.Address for it. Try changing your endpoint to a different domain.

 

This is what the domain comes back with

Edited August 8 by H2OKing

[bokchoiboy]

22 minutes ago, H2OKing said:

sanjose.privacy.network

What the error log is saying. That domain, when it looks for it is not coming back with an ip.Address for it. Try changing your endpoint to a different domain.

 

This is what the domain comes back with

I must be misunderstanding you. I've tried over a dozen different endpoints. Both strict port forwarding on and off.
I appreciate your patience

[binhex]

5 minutes ago, bokchoiboy said:

I must be misunderstanding you. I've tried over a dozen different endpoints. Both strict port forwarding on and off.
I appreciate your patience

you have something blocking dns on your lan, from your log:-
 

Error: error sending query: Could not send or receive, because of network error
2024-08-07 19:08:04.695421 [debug] Having issues resolving name 'sanjose.privacy.network', sleeping before retry...

running pihole, opnsense, pfsense?, check for blocks on port 53.

[bokchoiboy]

1 hour ago, binhex said:

you have something blocking dns on your lan, from your log:-
 

Error: error sending query: Could not send or receive, because of network error
2024-08-07 19:08:04.695421 [debug] Having issues resolving name 'sanjose.privacy.network', sleeping before retry...

running pihole, opnsense, pfsense?, check for blocks on port 53.

I don't have pihole or any of those. From what I can tell, 53 isn't block. At least, not by me (do ISPs block?).
Again, this setup was working, until it didn't without any change.
Running netstat -a -n on my cmd I can see 
Don't know what this means.

[binhex]

25 minutes ago, bokchoiboy said:

I don't have pihole or any of those. From what I can tell, 53 isn't block. At least, not by me (do ISPs block?).
Again, this setup was working, until it didn't without any change.
Running netstat -a -n on my cmd I can see 
Don't know what this means.

OK go to the 'terminal' of your unraid server (not the container) and type the following:-
dig @1.1.1.1 www.google.com

 

this will prove if you can resolve names from your host, i expect it to fail, if it passes (resolved to an ip address) then set NAME_SERVERS to 1.1.1.1 only (remove all other entries) and apply and monitor the log.
 

[bokchoiboy]

2 hours ago, binhex said:

OK go to the 'terminal' of your unraid server (not the container) and type the following:-
dig @1.1.1.1 www.google.com

 

this will prove if you can resolve names from your host, i expect it to fail, if it passes (resolved to an ip address) then set NAME_SERVERS to 1.1.1.1 only (remove all other entries) and apply and monitor the log.
 

Sorry to consume your time.
It looks like it didn't fail. I tried 1.1.1.1 only as the name_server.
Log looks the same, same issue.
I appreciate your time kind sir!

[binhex]

8 hours ago, bokchoiboy said:

Sorry to consume your time.
It looks like it didn't fail. I tried 1.1.1.1 only as the name_server.
Log looks the same, same issue.
I appreciate your time kind sir!

OK cool, so i did have a bug related to this several weeks ago, lets ensure you are running latest:-

 

1. go to unraid webui/docker left click docker container and select 'edit' then click on 'advanced view' top right and check the repository is set to binhex/arch-qbittorrentvpn with NO tags specified, if all good then cancel out.

2. go to unraid/docker main screen, toggle 'advanced view' and click on 'force update' for the container.