[Support] binhex - qBittorrentVPN

[H2OKing]

why is it when i use the VPN my logs are flooded with this error?

 

Aug  9 07:51:38 UNRAID kernel: br-f7d9c5297b05: port 25(vethd250265) entered disabled state
Aug  9 07:51:38 UNRAID kernel: br-f7d9c5297b05: port 25(vethf5c23d6) entered blocking state
Aug  9 07:51:38 UNRAID kernel: br-f7d9c5297b05: port 25(vethf5c23d6) entered disabled state

 

[bokchoiboy]

9 hours ago, binhex said:

OK cool, so i did have a bug related to this several weeks ago, lets ensure you are running latest:-

 

1. go to unraid webui/docker left click docker container and select 'edit' then click on 'advanced view' top right and check the repository is set to binhex/arch-qbittorrentvpn with NO tags specified, if all good then cancel out.

2. go to unraid/docker main screen, toggle 'advanced view' and click on 'force update' for the container.

 

 

Unchanged sadly
I ensured I was still using the correct repository. Force updated.
Still same looking logs.

[binhex]

2 hours ago, bokchoiboy said:

Unchanged sadly
I ensured I was still using the correct repository. Force updated.
Still same looking logs.

OK im out of ideas then :-(, all i can say is this is working for the majority of users including myself, so there must be something odd going on with your configuration somewhere.

[bokchoiboy]

1 hour ago, binhex said:

OK im out of ideas then :-(, all i can say is this is working for the majority of users including myself, so there must be something odd going on with your configuration somewhere.

Appreciate the help. There is comfort in knowing the expert can't, on first glance, find the problem.

[vmasip]

On 8/6/2024 at 12:44 PM, vmasip said:

Until using this image with vpn I used one without it. So I didn't have a  dilemma I've got right now. I used to donfigure this at my compose:

 

cloudflaretunnel:
container_name: cloudflaretunnel
image: cloudflare/cloudflared:2023.2.1
restart: unless-stopped
environment:
- TUNNEL_TOKEN=$TUNNEL_TOKEN
command: tunnel --no-autoupdate run
networks:
- alaska-rr-services

 

So, with this, all my rr apps and qbittorrent were accesible from outside my LAN trough cloudflare tunnels using this:

    networks:
      - alaska-rr-services

 

Now I've configured binhex.qbittorrentvpn image. Using pia and openvpn, because this is were I want my torrent traffic goes:

 

qbittorrent:
    image: binhex/arch-qbittorrentvpn
    container_name: qbittorrent
    logging:
      driver: json-file
    ports:
      - ${QBITTORRENT_WEBUI_PORT}:${QBITTORRENT_WEBUI_PORT}
      - ${TORRENTING_PORT}:${TORRENTING_PORT}
      - 8118:8118
      - 9118:9118 
      - 58946:58946 
      - 58946:58946/udp 
    cap_add:
      - NET_ADMIN
    environment:
    #  - DOCKER_MODS=ghcr.io/gabe565/linuxserver-mod-vuetorrent
      - PUID=1118
      - PGID=${PGIDTORRENT}
      - TZ=${TZ}
      - UMASK=${UMASK}
      - WEBUI_PORT=${QBITTORRENT_WEBUI_PORT}
      - TORRENTING_PORT=${TORRENTING_PORT}
      - VPN_ENABLED=yes
      - VPN_USER=$PIA_USER 
      - VPN_PASS=$PIA_PASS
      - VPN_PROV=pia 
      - VPN_CLIENT=openvpn
      - ENABLE_STARTUP_SCRIPTS=no
      - ENABLE_PRIVOXY=yes
      - STRICT_PORT_FORWARD=yes
      - USERSPACE_WIREGUARD=no
      - ENABLE_SOCKS=yes
      - SOCKS_USER=admin
      - SOCKS_PASS=socks
      - LAN_NETWORK=$PIA_LOCAL_NETWORK 
      - NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1 
      - VPN_INPUT_PORTS=1234 
      - VPN_OUTPUT_PORTS=5678 
      - DEBUG=true
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ${APP_DATA_HOST}/qbittorrent:/config
      - ${DATA_HOST}:/data/torrents
    restart: always
    healthcheck:
      # Container may fail if the PIA's token expired, so mark as unhealthy when there is no internet connection
      # see: https://github.com/qdm12/gluetun/issues/641#issuecomment-933856220
      test: [ "CMD", "curl", "--fail", "http://127.0.0.1:8080", "https://google.com" ]
      interval: 30s
      retries: 10

 

 

But if I add

    networks:
      - alaska-rr-services

 

I guess my torrent traffic will go trough cloudflare too? (which is not suitable) I only want that  my WEBUI_PORT goes trough that network (and torrenting network trough vpn) I guess I am not the only one with this problem. How can I achieve that?

 

 

Hello

I try to find docs which could clarify me this. Could anyone tell me the answer or passing me a link to learn about how this could work?

[lightsout]

For some reason all of my downloads are stuck at "stalled". I haven't changed any config. I am using airvpn, went to their site and confirmed the server I am using is up, and port is open. Qbit says I am connectable. Not sure what to do. I have tried 3 or 4 trackers same issue.

[vmasip]

On 8/10/2024 at 9:39 PM, lightsout said:

For some reason all of my downloads are stuck at "stalled". I haven't changed any config. I am using airvpn, went to their site and confirmed the server I am using is up, and port is open. Qbit says I am connectable. Not sure what to do. I have tried 3 or 4 trackers same issue.

 

Maybe writing permissions? That happened to me. Check the log and paste it here

[MetaCerberus]

Hi, I'm having an issue connection to the web interfaces from outside of my LAN through a Wireguard tunnel. Currently my server is collocated and I can only access it remotely. I have tried adding the below command to my go file as well as running it through the console after boot, but to no avail.

/sbin/modprobe iptable_mangle

Does anyone else have experience trying to access the VPN containers remotely? If so, how did you solve this issue?

 

(Side note: The web UI is accessible through the LAN. I know this because I can access it using a Firefox container and navigating to the LAN address of the server and the web ui port. Also, this is happening for both Qbittorrent_vpn and Sabnzbd_vpn.)

 

I am running Unraid 7.0.0-beta.2

[binhex]

13 minutes ago, MetaCerberus said:

Hi, I'm having an issue connection to the web interfaces from outside of my LAN through a Wireguard tunnel. Currently my server is collocated and I can only access it remotely. I have tried adding the below command to my go file as well as running it through the console after boot, but to no avail.

/sbin/modprobe iptable_mangle

Does anyone else have experience trying to access the VPN containers remotely? If so, how did you solve this issue?

 

(Side note: The web UI is accessible through the LAN. I know this because I can access it using a Firefox container and navigating to the LAN address of the server and the web ui port. Also, this is happening for both Qbittorrent_vpn and Sabnzbd_vpn.)

 

I am running Unraid 7.0.0-beta.2

Please see Q32 from the following link:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

[MetaCerberus]

2 minutes ago, binhex said:

Please see Q32 from the following link:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Thank you. Not sure how I missed this. I appreciate the quick response. All is working now.

Edited August 14 by MetaCerberus

[krazytaco]

I'm also having issues connecting to the webUI as of a couple days ago (previously, say last week, I was able to access the WebUI without issue) and as far as I know I never changed anything configuration wise.  I'm connecting to the WebUI straight from another PC on the network the Unraid server is located on.  I've seen the LAN_NETWORK config issue pop up a few times searching this but again I haven't changed what was already there and for grins I recalculated the correct value using the Online IP CIDR tool to confirm that what I have is correct already (10.0.0.0/24).  I'm not seeing any specific errors in the log other than that it tries to resolve google.com and fails.

log.txt

[artdepart]

On 8/1/2024 at 12:27 AM, artdepart said:

Hello all - been having a weird issue with some binhex containers lately. First noticed it with binhex-qbittorrentvpn after a docker update - the "port mapping" info disappeared from the GUI, and clicking the WebUI button doesn't actually send me to the IP address of the web interface, it brings up a blank page (about:blank#blocked). Just updated radarr and sonarr as well, and now they are also doing this. Is this an issue with a latest round of updates or something I've got misconfigured? Thanks all.

Any thoughts on this? As of today I'm still having this issue, and I'm on the latest version of these containers.

 

I should note that I'm still able to connect to the WebUI if I manually type in the IP of the container.

Edited August 17 by artdepart
left out some info

[questionbot]

I thinking something strange has happened to the proxy.. snarr and radarr can not longer do searches for some reason unless I turn them to not use the proxy.

 

Has this feature been removed or something?

 

This is how I am using it in radarr, it used to work but now dosn't

 

this is the error from the log of radarr

 

Quote

 

Error] ProxyCheck: Proxy Health Check failed

[v5.8.3.8933] System.Net.Http.HttpRequestException: The proxy tunnel request to proxy 'http://192.168.158.153:8118/' failed with status code '503'.

 

 

Edited August 18 by questionbot

[Tpole]

On 8/17/2024 at 12:33 PM, artdepart said:

Any thoughts on this? As of today I'm still having this issue, and I'm on the latest version of these containers.

 

I should note that I'm still able to connect to the WebUI if I manually type in the IP of the container.

I have the same bug, have for about a month or two now. Unsure how to resolve, but as you noted, if you type in the address it works, if you click the icon and hit web view, nothing loads

 

Also, another issue i currently have, unsure what may have caused it. all the plug-ins i had added within the Search area seem to have been cleared, and i cannot add any now, it seems that whole area is broken for me currently, is this a current issue for others, or a me thing?

Edited August 19 by Tpole
added issue for search area

[Kilrah]

4 hours ago, Tpole said:

all the plug-ins i had added within the Search area seem to have been cleared, and i cannot add any now, it seems that whole area is broken for me currently, is this a current issue for others, or a me thing?

Usually the search tab doesn't work if you go to it too quickly after starting the container, wait a bit, reload the page and it works

[lightsout]

On 8/11/2024 at 3:53 PM, vmasip said:

 

Maybe writing permissions? That happened to me. Check the log and paste it here

I don't think its permissions because restarting the container sometimes gets it to work. It comes and goes.

 

Not sure if this is the correct log

 

2024-08-19 09:47:07,535 DEBG 'start-script' stdout output:
[info] Attempting to bring WireGuard interface 'up'...

2024-08-19 09:47:07,540 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2024-08-19 09:47:07,543 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard

2024-08-19 09:47:07,544 DEBG 'start-script' stderr output:
[#] wg setconf wg0 /dev/fd/63

2024-08-19 09:47:07,545 DEBG 'start-script' stderr output:
[#] ip -4 address add .... dev wg0

2024-08-19 09:47:07,545 DEBG 'start-script' stderr output:
[#] ip link set mtu 1320 up dev wg0

2024-08-19 09:47:07,547 DEBG 'start-script' stderr output:
[#] resolvconf -a wg0 -m 0 -x

2024-08-19 09:47:07,555 DEBG 'start-script' stderr output:
[#] wg set wg0 fwmark 51820

2024-08-19 09:47:07,555 DEBG 'start-script' stderr output:
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820

2024-08-19 09:47:07,556 DEBG 'start-script' stderr output:
[#] ip -4 rule add not fwmark 51820 table 51820

2024-08-19 09:47:07,556 DEBG 'start-script' stderr output:
[#] ip -4 rule add table main suppress_prefixlength 0

2024-08-19 09:47:07,558 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1

2024-08-19 09:47:07,559 DEBG 'start-script' stderr output:
[#] iptables-restore -n

2024-08-19 09:47:07,560 DEBG 'start-script' stderr output:
[#] '/root/wireguardup.sh'

2024-08-19 09:47:08,629 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2024-08-19 09:47:16,950 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address ....

2024-08-19 09:47:16,950 DEBG 'start-script' stdout output:
[info] WireGuard interface 'up'

2024-08-19 09:47:16,951 DEBG 'start-script' stdout output:
[info] VPN provider 'airvpn' not supported for automatic port forwarding, skipping incoming port assignment

2024-08-19 09:47:17,030 DEBG 'watchdog-script' stdout output:
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP .... different, marking for reconfigure

2024-08-19 09:47:17,032 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2024-08-19 09:47:17,032 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2024-08-19 09:47:17,040 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2024-08-19 09:47:17,098 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8181...

2024-08-19 09:47:18,854 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8181

 

[Jessssuhh]

I'm having a very strange issue where qbittorrentvpn is not unpacking qbittorrent at all. Like within the folder I have the openvpn folder for .ovpn config, and supervisor.log, but no qbittorrent folder and no webUI. I do have net_admin added and I am literally running the thing as a root user as a part of the troubleshooting.. utterly bewildered.

 

Anyone have any ideas?? 

 

Edit: Solved

Interestingly qbittorrent doesn't even begin to unpack if the vpn portion can't initialise properly. So if you're having the same issue I have had, troubleshoot your vpn credentials if your logs has this undefined in repetition:

[UNDEF] Inactivity timeout (--ping-restart), restarting

The issue I was having was that the config generator tool on torguard does not account for a modified port if you're using a Dedicated IP or Port Foward. It simply fills in generic port 1195 regardless of what your dedicated IP or Port Foward is set to. Quite interesting that QB didn't unpack at all, really had me going down a rabbit hole of user permissions and silent kubernetes errors..

Edited August 25 by Jessssuhh
Solved

[wgstarks]

9 hours ago, Jessssuhh said:

Anyone have any ideas?? 

Are you running this on Unraid? Those file paths look very strange.

[Jessssuhh]

10 hours ago, wgstarks said:

Are you running this on Unraid? Those file paths look very strange.

It's on TrueNAS Scale. This is *the* support location for QBVPN according to Binhex' docs. it is still running on docker so the logs and permissions are much the same. If you know of a QBVPN support location that is specific to TrueNAS Scale, lemme know.

I had it running successfully til I messed around with Tailscale. QBVPN was stuck in disconnected mode. I've uninstalled tailscale, have uninstalled QBVPN, but reinstalling QBVPN with duplicate settings is giving me the above.

[wgstarks]

51 minutes ago, Jessssuhh said:

It's on TrueNAS Scale. This is *the* support location for QBVPN according to Binhex' docs. it is still running on docker so the logs and permissions are much the same. If you know of a QBVPN support location that is specific to TrueNAS Scale, lemme know.

I had it running successfully til I messed around with Tailscale. QBVPN was stuck in disconnected mode. I've uninstalled tailscale, have uninstalled QBVPN, but reinstalling QBVPN with duplicate settings is giving me the above.

Sorry, I know absolutely nothing about TrueNAS. Maybe someone else may get have some ideas.

[Jessssuhh]

Just now, wgstarks said:

Sorry, I know absolutely nothing about TrueNAS. Maybe someone else may get have some ideas.

I realised on re-read I think my reply to you came across a little harsher than I intended. Good vibes here I promise haha!

If you have any ideas for things you would trouble shoot if it were an unraid system, that would be helpful. In my experience they do line up pretty well; same concept different GUI, you know. Had to follow an Unraid youtube tutorial to get it installed in the first place haha!

[wgstarks]

45 minutes ago, Jessssuhh said:

I realised on re-read I think my reply to you came across a little harsher than I intended. Good vibes here I promise haha!

If you have any ideas for things you would trouble shoot if it were an unraid system, that would be helpful. In my experience they do line up pretty well; same concept different GUI, you know. Had to follow an Unraid youtube tutorial to get it installed in the first place haha!

I’ve never had a situation like this on Unraid but I feel fairly certain that it would generate some errors on a failed install.

[Jessssuhh]

1 hour ago, wgstarks said:

I’ve never had a situation like this on Unraid but I feel fairly certain that it would generate some errors on a failed install.

 

Yea you'd think so but I've found the logs to be pretty surprisingly generic. The only error/warning I got was the following:

2024-08-24 01:59:38,930 DEBG 'start-script' stdout output:
[warn] Unable to load iptable_mangle module, you will not be able to connect to the applications Web UI or Privoxy outside of your LAN

Which is fine because it is accessed exclusively locally anyway.

It seems to completely skip the actual QBittorrent part of the start up logs. Like it'll load the environment variables up top, hang for a minute or so, and then go into the ovpn portion of the start up log (which the above warning is from).

[questionbot]

On 8/19/2024 at 7:58 AM, questionbot said:

I thinking something strange has happened to the proxy.. snarr and radarr can not longer do searches for some reason unless I turn them to not use the proxy.

 

Has this feature been removed or something?

 

This is how I am using it in radarr, it used to work but now dosn't

 

this is the error from the log of radarr

 

 

 

Got it worked out... turns out there was a problem with the DNS thing... in the default setting there is a mass of dns servers in the field.. I went in and deleted them all and only left 1.1.1.1 and 1.0.0.1 and then it suddenly worked. This was on the proxy container that was running privoxy.

[Jessssuhh]

On 8/23/2024 at 12:46 PM, Jessssuhh said:

I'm having a very strange issue where qbittorrentvpn is not unpacking qbittorrent at all. Like within the folder I have the openvpn folder for .ovpn config, and supervisor.log, but no qbittorrent folder and no webUI. I do have net_admin added and I am literally running the thing as a root user as a part of the troubleshooting.. utterly bewildered.

 

Anyone have any ideas?? 

 

Solved it!! It was an authentication issue with my .ovpn creds. Turns out if the VPN portion can't initialise properly, QBittorrent won't unpack at all.