[Support] binhex - qBittorrentVPN


binhex

Recommended Posts

Hey there, LOVE the docker images.   I am using qbittorrentvpn with PIA,  I wanted to know if there is a way to select a different server, Like have it connect with several servers.  Not to boost speed but to just change it up as sometimes a server may be really slow and switching means going and changing the cert and config file as far as I have seen.    Thanks in advance!  Keep up the awesome work.

Link to comment

So my container automatically updated on me and I could not log in at all. I tried removing the WebGUI\Password part as suggested a few pages ago and login with admin:admin and that did not work. Deleted the .conf file to let it regenerate and that didn't work. Tried reverting to the previous version with the old .conf file and that did not work.

How do I go about regaining access to the WebGUI? The container is running fine other than that little problem...

Link to comment

Hi, I started using this container today and noticed the auth is failing, culript was the default auth file for openvpn, maybe openvpn is parsing the auth file wrong (due being .conf file?) but after manually creating new .txt file and adding my auth information inside the container booted up normally.

Link to comment

Hey All,

   It took some time but i was able to figure out how to get this running with my VPN provider(SlickVPN). However, I now have another ask if anyone can help. 

 

   I want to confirm that the traffic is all within the VPN. Is there a way to confirm that is is working with the VPN?

Link to comment
43 minutes ago, Aerodb said:

Hey All,

   It took some time but i was able to figure out how to get this running with my VPN provider(SlickVPN). However, I now have another ask if anyone can help. 

 

   I want to confirm that the traffic is all within the VPN. Is there a way to confirm that is is working with the VPN?

Binhex just answered this a couple of posts up:

 

see Q2 for how to confirm the vpn tunnel is working:-

https://github.com/binhex/documentation/blob/master/docker/faq/delugevpn.md

 

 

Link to comment

Update: The part about removing a default entry and creating a custom port mapping worked, thanks!

 

On 9/22/2019 at 10:58 PM, JaY_III said:

If anyone is having troubles getting this working, here is what I did to set it all up using OpenVPN

 

From the CA app, click the install button, it will bring up the settings we need to tweak to get this to work

Step 1: Port Setup

-> Remove :

Host Port 3:

Container Port: 8080

 

-> Set :

Key 8: <to a free port number you wish to run this container on>

Container Variable: WEBUI_PORT" 



-> Click : "Add another Path, Port, Variable, Label or Device"

Set it up as follows

 

Config Type: Port

Name: Host Port 3 (or leave blank)
Host Port: <same as key 8 port>
Connection type : TCP
Description: Container Port: <same as key 8 port>

->Edit : WebUI

http://[IP]:[PORT:8080]/

(if you don't see this option ensure the advanced view toggle on the top right is enabled)

change the port number to <same as key 8 port>

Step 2: Download Dir

-> Edit:

Host Path 2: < location you would like to store your downloads >

Container Path: /data

 

 

Step 3a: VPN

Key 1: Yes

Container Variable: VPN_ENABLED

 

Key 2: <username goes here>

Container Variable: VPN_USER

 

Key 3:  <password goes here>

Container Variable: VPN_PASS

 

Key 4: Custom

Container Variable: VPN_PROV

 

Key 8: <set in step 1>

Container Variable: WEBUI_PORT

 

Key 9:  (LAN specific, common network is <192.168.1.0/24>)

Container Variable: LAN_NETWORK

 

Key 10: (defaults may work for you) <192.168.1.1,9.9.9.9,149.112.112.112>

Container Variable: NAME_SERVERS

 

* Set VPN to "no" if you do not wish to setup the VPN at this time

 

Click "APPLY"

 

The docker will now download and unpack

however if you have your VPN key 1 set to "Yes" the web interface will fail to load at this time as we do not have our certs setup yet.

 

Step 3b: VPN cert

 

Once the container has unpacked

Go to your /appdata location

the default install director is /binhex-qbittorrentvpn

inside that directory you will see another directory called

/openvpn

 

-> Copy your < vpn.ovpn > file here. This is provided by your VPN provider

Restart the container

 

Step 4: Web interface config

 

->Click on the container icon

WebUI

*Providing you set the webui port in step 1 correctly

 

L: admin

P: adminadmin

 

->Click

gear Icon (options)

 

Down Load Tab

 

Ensure the following is set as follows:

 

Default Save Path:  /data/

your downloads will be saved to the location set in step 2

 

I also like to set the following:

<checked> Keep incomplete torrents in: /data/incomplete/

<checked> Copy .torrent files to: /data/incomplete/torrent

<checked> Copy .torrent files for finished downloads to: /data/incomplete/torrent/done

 

<checked> Create sub-folder for torrents with multiple files

<checked> Delete .torrent files afterwards

<checked> Append .!qB extension to incomplete files

 

Automatically add torrents from:

Monitored Folder  |  Override Save Location

 /data/incomplete/torrent/monitor/ | Default Save Location

 

Connection Tab

Port used for incoming connections: < as per your firewall/router settings >

 

Web UI

Authentication

Username: <web UI username>

Password: <web UI pass>

 

 

<checked> Bypass authentication for clients on localhost

<checked> Bypass authentication for clients in whitelisted IP subnets : <same as key9 durring setup>

*only do this step if you don't want to worry about passwords for LAN (local) users

 

-> Click Save

 

Your Done!

 

Now test everything out. If all goes well you will have a working VPN'd Torrent Client

Linux Mint downloaded at my full network speed.

 

Hopefully this helps anyone looking to set this up



 

 

____________________________________________________________________

 

Unfortunately the GUI page is timing out.

 

I recently borked this container and had to reinstall and I might not have set the correct preferences at first... I used to have this running, but now several restarts of the container, forced updates, deleting the conf file and even redownloading the VPN profile didn't help.

 

Here's my container's log:

 

Created by...
___. .__ .__
\_ |__ |__| ____ | |__ ____ ___ ___
| __ \| |/ \| | \_/ __ \\ \/ /
| \_\ \ | | \ Y \ ___/ > <
|___ /__|___| /___| /\___ >__/\_ \
\/ \/ \/ \/ \/
https://hub.docker.com/u/binhex/

2020-02-25 03:56:21.365543 [info] System information Linux 7e9db428b484 4.19.98-Unraid #1 SMP Sun Jan 26 09:15:03 PST 2020 x86_64 GNU/Linux
2020-02-25 03:56:21.410969 [info] PUID defined as '99'
2020-02-25 03:56:21.459279 [info] PGID defined as '100'
2020-02-25 03:56:24.783198 [info] UMASK defined as '000'
2020-02-25 03:56:24.828922 [info] Permissions already set for volume mappings
2020-02-25 03:56:24.879175 [info] VPN_ENABLED defined as 'yes'
2020-02-25 03:56:24.937854 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/yyyy.xxxxx.com.udp.ovpn
2020-02-25 03:56:25.021206 [info] VPN remote line defined as 'remote xxx.xxx.xx.xxx xxxx'
2020-02-25 03:56:25.066922 [info] VPN_REMOTE defined as 'xxx.xxx.xx.xxx'
2020-02-25 03:56:25.114339 [info] VPN_PORT defined as '1194'
2020-02-25 03:56:25.167858 [info] VPN_PROTOCOL defined as 'udp'
2020-02-25 03:56:25.212669 [info] VPN_DEVICE_TYPE defined as 'tun0'
2020-02-25 03:56:25.256315 [info] VPN_PROV defined as 'custom'
2020-02-25 03:56:25.021206 [info] VPN remote line defined as 'remote xxx.xxx.xx.xxx xxxxx'
2020-02-25 03:56:25.066922 [info] VPN_REMOTE defined as 'xxx.xxx.xx.xxx'
2020-02-25 03:56:25.114339 [info] VPN_PORT defined as '1194'
2020-02-25 03:56:25.167858 [info] VPN_PROTOCOL defined as 'udp'
2020-02-25 03:56:25.212669 [info] VPN_DEVICE_TYPE defined as 'tun0'
2020-02-25 03:56:25.256315 [info] VPN_PROV defined as 'custom'
2020-02-25 03:56:25.300492 [info] LAN_NETWORK defined as '192.168.1.0/24'
2020-02-25 03:56:25.344835 [info] NAME_SERVERS defined as '1.0.0.1,209.222.18.218,37.235.1.177,84.200.70.40,1.1.1.1'
2020-02-25 03:56:25.388497 [info] VPN_USER defined as 'XXXXXXXXXXXXXXXXXXXXXXXXX'
2020-02-25 03:56:25.432928 [info] VPN_PASS defined as 'XXXXXXXXXXXXXXXXXXXXXXXXX'
2020-02-25 03:56:25.477532 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2020-02-25 03:56:25.521353 [info] ENABLE_PRIVOXY defined as 'yes'
2020-02-25 03:56:25.565992 [info] WEBUI_PORT defined as 'XXXXXX'
2020-02-25 03:56:25.619047 [info] Deleting files in /tmp (non recursive)...
2020-02-25 03:56:25.660896 [info] Starting Supervisor...
2020-02-25 03:56:25,901 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing
2020-02-25 03:56:25,902 INFO Set uid to user 0 succeeded
2020-02-25 03:56:25,905 INFO supervisord started with pid 6
2020-02-25 03:56:26,908 INFO spawned: 'start-script' with pid 151
2020-02-25 03:56:26,910 INFO spawned: 'watchdog-script' with pid 152
2020-02-25 03:56:26,911 INFO reaped unknown pid 7
2020-02-25 03:56:26,919 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2020-02-25 03:56:26,919 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2020-02-25 03:56:26,919 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2020-02-25 03:56:26,921 DEBG 'watchdog-script' stdout output:
[info] qBittorrent config file already exists, skipping copy

2020-02-25 03:56:26,922 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2020-02-25 03:56:26,928 DEBG 'start-script' stdout output:
[warn] Username contains characters which could cause authentication issues, please consider changing this if possible

2020-02-25 03:56:26,933 DEBG 'start-script' stdout output:
[warn] Password contains characters which could cause authentication issues, please consider changing this if possible

2020-02-25 03:56:26,999 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2020-02-25 03:56:27,004 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2020-02-25 03:56:27,008 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2020-02-25 03:56:27,012 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2020-02-25 03:56:27,017 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2020-02-25 03:56:27,021 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2020-02-25 03:56:27,025 DEBG 'start-script' stdout output:
xxx.xxx.xx.xxx

2020-02-25 03:56:27,062 DEBG 'start-script' stdout output:
[info] Docker network defined as 172.17.0.0/16

2020-02-25 03:56:27,066 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via docker eth0

2020-02-25 03:56:27,068 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2020-02-25 03:56:27,069 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.18
192.168.1.0/24 via 172.17.0.1 dev eth0

2020-02-25 03:56:27,070 DEBG 'start-script' stdout output:
--------------------

2020-02-25 03:56:27,073 DEBG 'start-script' stdout output:
iptable_mangle 16384 3
ip_tables 24576 9 iptable_filter,iptable_nat,iptable_mangle

2020-02-25 03:56:27,074 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2020-02-25 03:56:27,131 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2020-02-25 03:56:27,133 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 33038 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 33038 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 192.168.1.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

2020-02-25 03:56:27,134 DEBG 'start-script' stdout output:
--------------------

2020-02-25 03:56:27,135 DEBG 'start-script' stdout output:
[info] Starting OpenVPN...

2020-02-25 03:56:27,143 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 WARNING: file 'credentials.conf' is group or others accessible
Tue Feb 25 03:56:27 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020

2020-02-25 03:56:27,144 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10

2020-02-25 03:56:27,144 DEBG 'start-script' stdout output:
[info] OpenVPN started

2020-02-25 03:56:27,145 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Feb 25 03:56:27 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-02-25 03:56:27,147 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 25 03:56:27 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2020-02-25 03:56:27,148 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
Tue Feb 25 03:56:27 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb 25 03:56:27 2020 UDP link local: (not bound)
Tue Feb 25 03:56:27 2020 UDP link remote: [AF_INET]xxx.xxx.xx.xxx:1194

2020-02-25 03:56:27,216 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:1194, sid=5d0da1d2 74133a14

2020-02-25 03:56:27,304 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

2020-02-25 03:56:27,305 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA4

2020-02-25 03:56:27,305 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 VERIFY KU OK
Tue Feb 25 03:56:27 2020 Validating certificate extended key usage
Tue Feb 25 03:56:27 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 25 03:56:27 2020 VERIFY EKU OK
Tue Feb 25 03:56:27 2020 VERIFY OK: depth=0, CN=yyy.xxxxx.com

2020-02-25 03:56:27,004 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2020-02-25 03:56:27,008 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2020-02-25 03:56:27,012 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2020-02-25 03:56:27,017 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2020-02-25 03:56:27,021 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2020-02-25 03:56:27,025 DEBG 'start-script' stdout output:
xxx.xxx.xx.xxx

2020-02-25 03:56:27,062 DEBG 'start-script' stdout output:
[info] Docker network defined as 172.17.0.0/16

2020-02-25 03:56:27,066 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via docker eth0

2020-02-25 03:56:27,068 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2020-02-25 03:56:27,069 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.18
192.168.1.0/24 via 172.17.0.1 dev eth0

2020-02-25 03:56:27,070 DEBG 'start-script' stdout output:
--------------------

2020-02-25 03:56:27,073 DEBG 'start-script' stdout output:
iptable_mangle 16384 3
ip_tables 24576 9 iptable_filter,iptable_nat,iptable_mangle

2020-02-25 03:56:27,074 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2020-02-25 03:56:27,131 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2020-02-25 03:56:27,133 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 33038 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 33038 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 192.168.1.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

2020-02-25 03:56:27,134 DEBG 'start-script' stdout output:
--------------------

2020-02-25 03:56:27,135 DEBG 'start-script' stdout output:
[info] Starting OpenVPN...

2020-02-25 03:56:27,143 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 WARNING: file 'credentials.conf' is group or others accessible
Tue Feb 25 03:56:27 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020

2020-02-25 03:56:27,144 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10

2020-02-25 03:56:27,144 DEBG 'start-script' stdout output:
[info] OpenVPN started

2020-02-25 03:56:27,145 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Feb 25 03:56:27 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-02-25 03:56:27,147 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Feb 25 03:56:27 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2020-02-25 03:56:27,148 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194
Tue Feb 25 03:56:27 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb 25 03:56:27 2020 UDP link local: (not bound)
Tue Feb 25 03:56:27 2020 UDP link remote: [AF_INET]xxx.xxx.xx.xxx:1194

2020-02-25 03:56:27,216 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:1194, sid=5d0da1d2 74133a14

2020-02-25 03:56:27,304 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 VERIFY OK: depth=2, <snip>

2020-02-25 03:56:27,305 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 VERIFY OK: depth=1, <snip>

2020-02-25 03:56:27,305 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 VERIFY KU OK
Tue Feb 25 03:56:27 2020 Validating certificate extended key usage
Tue Feb 25 03:56:27 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 25 03:56:27 2020 VERIFY EKU OK
Tue Feb 25 03:56:27 2020 VERIFY OK: depth=0, CN=yyy.xxxxx.com

2020-02-25 03:56:27,548 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:27 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Tue Feb 25 03:56:27 2020 [yyy.xxxx.com] Peer Connection Initiated with [AF_INET]xxx.xxx.xx.xxx:1194

2020-02-25 03:56:28,652 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 SENT CONTROL [yyy.xxxxxx.com]: 'PUSH_REQUEST' (status=1)

2020-02-25 03:56:28,724 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.2.14 255.255.255.0,peer-id 22,cipher AES-256-GCM'

2020-02-25 03:56:28,724 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: timers and/or timeouts modified
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: compression parms modified
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Feb 25 03:56:28 2020 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: route options modified
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: route-related options modified
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: peer-id set
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: adjusting link_mtu to 1657
Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: data channel crypto options modified
Tue Feb 25 03:56:28 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Feb 25 03:56:28 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 25 03:56:28 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Feb 25 03:56:28 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:12

2020-02-25 03:56:28,725 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 TUN/TAP device tun0 opened
Tue Feb 25 03:56:28 2020 TUN/TAP TX queue length set to 100
Tue Feb 25 03:56:28 2020 /usr/bin/ip link set dev tun0 up mtu 1500

2020-02-25 03:56:28,727 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 /usr/bin/ip addr add dev tun0 10.8.2.14/24 broadcast 10.8.2.255

2020-02-25 03:56:28,728 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 /root/openvpnup.sh tun0 1500 1585 10.8.2.14 255.255.255.0 init

2020-02-25 03:56:28,731 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 /usr/bin/ip route add xxx.xxx.xx.xxx/32 via 172.17.0.1

2020-02-25 03:56:28,733 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 /usr/bin/ip route add 0.0.0.0/1 via 10.8.2.1

2020-02-25 03:56:28,735 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 /usr/bin/ip route add 128.0.0.0/1 via 10.8.2.1

2020-02-25 03:56:28,736 DEBG 'start-script' stdout output:
Tue Feb 25 03:56:28 2020 Initialization Sequence Completed

2020-02-25 03:56:28,856 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment

2020-02-25 03:56:28,856 DEBG 'start-script' stdout output:
[info] Checking we can resolve name 'www.google.com' to address...

2020-02-25 03:56:28,986 DEBG 'start-script' stdout output:
[info] DNS operational, we can resolve name 'www.google.com' to address '216.58.210.196'

2020-02-25 03:56:28,988 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using Name Server 'ns1.google.com'...

2020-02-25 03:56:29,463 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address xxx.xxx.xx.xxx

2020-02-25 03:56:29,497 DEBG 'watchdog-script' stdout output:
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.8.2.14 different, marking for reconfigure

2020-02-25 03:56:29,501 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2020-02-25 03:56:29,506 DEBG 'watchdog-script' stdout output:
[info] Privoxy not running

2020-02-25 03:56:29,506 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2020-02-25 03:56:29,508 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2020-02-25 03:56:29,532 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 33038...

2020-02-25 03:56:29,658 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 33038

2020-02-25 03:56:29,672 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Privoxy...

2020-02-25 03:56:30,678 DEBG 'watchdog-script' stdout output:
[info] Privoxy process started
[info] Waiting for Privoxy process to start listening on port 8118...

2020-02-25 03:56:30,688 DEBG 'watchdog-script' stdout output:
[info] Privoxy process listening on port 8118

 

Anything obvious I'm missing?

Edited by Glassed Silver
solved
Link to comment

I add some trackers using the "Automatically add these trackers to new downloads" but that setting and field reset when restarting the container. 

 

In qBittorrent.conf:
Bittorrent\AddTrackers=true
Bittorrent\TrackersList=udp://tracker.example.com:669/announce\nudp://tracker2.example.com:699/announce

 

After container restart

Bittorrent\AddTrackers=false

Bittorrent\TrackersList=

Edit:
This could of course be a problem with qbittorrent itself. hmm.

Edited by Niklas
Link to comment

So I've been having an issue the last week or so after successfully using this image (latest branch) on my QNAP TVS-672XT NAS the past year. Every 30 minutes the watchdog is marking the incoming port as closed and restarting OpenVPN etc. To make things worse, once this happens all connections from torrents fail (0 seeders 0 peers) until the docker container is manually restarted.

 

I'm currently using PIA with the Toronto endpoint so everything should be fine there. Below is a snippet of the end of my log;

 

https://pastebin.com/taChzBLm

 

Let me know if you require any other info.

 

Edited by Adamm
Link to comment
27 minutes ago, Adamm said:

Every 30 minutes the watchdog is marking the incoming port as closed and restarting OpenVPN etc

well it looks like its working as expected and for whatever reason the port is being closed, its possible there are issues with that endpoint, try another port forward enabled endpoint, preferably a non canadian one for a start and see how that goes.

 

27 minutes ago, Adamm said:

To make things worse, once this happens all connections from torrents fail (0 seeders 0 peers) until the docker container is manually restarted.

speeds will drop to 0, this is to prevent ip leakage whilst the tunnel is torn down and re-created, but should not require a restart of the container, as can be seen in your log snippet its coded in such a way that it will re-create the tunnel and get a fresh incoming port with no manual intervention required, i.e. restarting the container.

 

Edited by binhex
Link to comment
1 hour ago, binhex said:

well it looks like its working as expected and for whatever reason the port is being closed, its possible there are issues with that endpoint, try another port forward enabled endpoint, preferably a non canadian one for a start and see how that goes.

 

speeds will drop to 0, this is to prevent ip leakage whilst the tunnel is torn down and re-created, but should not require a restart of the container, as can be seen in your log snippet its coded in such a way that it will re-create the tunnel and get a fresh incoming port with no manual intervention required, i.e. restarting the container.

 

I tried with a different endpoint, same result. After 30 minutes the port was marked as closed and once OpenVPN restarted torrents were unable to establish connections;

 

Fu8lFQF.png

 

 

Here is the full log;

 

https://pastebin.com/SecBFFBL

 

Link to comment

My turn to request help.

 

After requesting Celo VPN open port because torrent would get metta data but never download the files after. Didnt help

 

Torrent never download a byte after metadata. Logs indicate VPN is established. Any ideas?

https://pastebin.com/hmRzHdzC

 

my ovpn profile

 

dev tun
persist-tun
persist-key
cipher AES-256-GCM
ncp-disable
auth SHA256
tls-client
client
resolv-retry infinite
remote nl1.celo.net 161 udp
auth-user-pass
remote-cert-tls server
push "redirect-gateway def1"
script-security 2
dhcp-option DNS 185.66.140.230
dhcp-option DNS 77.81.120.211
# Only on ubuntu client, you also need following directives:
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca>
setenv CLIENT_CERT 0
<tls-crypt>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
xxx
-----END OpenVPN Static key V1-----
</tls-crypt>

 

Link to comment
15 hours ago, Adamm said:

 

I tried with a different endpoint, same result. After 30 minutes the port was marked as closed and once OpenVPN restarted torrents were unable to establish connections;

 

Fu8lFQF.png

 

 

Here is the full log;

 

https://pastebin.com/SecBFFBL

 

check that Q12 from the following link is not the issue:-

https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Link to comment
12 hours ago, morbidpete said:

Torrent never download a byte after metadata. Logs indicate VPN is established. Any ideas?

have you configured qbittorrent locations for incomplete and completed downloads? you will need to configure it to write to /data (assuming you have a volume mapping called /data), screenshot of qbittorrent settings (or preferences).

Link to comment
2 hours ago, binhex said:

have you configured qbittorrent locations for incomplete and completed downloads? you will need to configure it to write to /data (assuming you have a volume mapping called /data), screenshot of qbittorrent settings (or preferences).

I feel like an idiot. I used /downloads/started instead of /data/started like I had in my original docker (non-vpn one before i switched) after fixing the mappings for the categories and default locations its all working. Thank you for noticing that

Link to comment
2 hours ago, binhex said:

ok i will spin up a container from this image later today and see if i can replicate the issue.

 

So I went through my Sonarr bot logs and noticed this issue occurred exactly a week ago, the same day 4.2.1-1-04 was tagged. I reverted back to 4.2.1-1-03 to experiment and the issue is resolved. Seems to be a problem with that particular build.

Link to comment
21 minutes ago, Adamm said:

 

So I went through my Sonarr bot logs and noticed this issue occurred exactly a week ago, the same day 4.2.1-1-04 was tagged. I reverted back to 4.2.1-1-03 to experiment and the issue is resolved. Seems to be a problem with that particular build.

although this LOOKS like a fix, it isnt, 4.2.1.1-03 had a bug in it in that the port checking code wasnt working correctly and thus it always reported port was open even when it wasnt (corrected in 4.2.1.1-04). 

 

so i assume you still have the same issue (port closed) you just dont know it, way to prove this is to do the following:-

 

1. open /config/supervisrod.log file with your fav editor

2. find string 'Successfully retrieved external IP address' and note the ip address - ensure its the last match in the log

3. find string 'Successfully assigned incoming port' and note the port number - ensure its the last match in the log

4. open web browser and go to https://www.yougetsignal.com/tools/open-ports/ and enter in ip and port from steps 2, and 3. and click on 'check'

 

i would assume you will find the port is closed.

Link to comment
5 minutes ago, binhex said:

although this LOOKS like a fix, it isnt, 4.2.1.1-03 had a bug in it in that the port checking code wasnt working correctly and thus it always reported port was open even when it wasnt (corrected in 4.2.1.1-04). 

 

so i assume you still have the same issue (port closed) you just dont know it, way to prove this is to do the following:-

 

1. open /config/supervisrod.log file with your fav editor

2. find string 'Successfully retrieved external IP address' and note the ip address - ensure its the last match in the log

3. find string 'Successfully assigned incoming port' and note the port number - ensure its the last match in the log

4. open web browser and go to https://www.yougetsignal.com/tools/open-ports/ and enter in ip and port from steps 2, and 3. and click on 'check'

 

i would assume you will find the port is closed.

 

Ah your right, the port is closed. So it looks like the port is never being opened in the first place as the result is the same after restarting the docker image. 

Link to comment
1 minute ago, Adamm said:

Ah your right, the port is closed. So it looks like the port is never being opened in the first place as the result is the same after restarting the docker image. 

yep, but for the life of me i cannot work out why this is happening just to you!, i tested the image and sure enough it works correctly, assigning a port, and then after 30 mins it checks and sure enough the port is open, no issue, so im stumped at the moment.

Link to comment

Seems like the API for assigning ports is failing for me, when I SSH into the container and issue the commands manually;

 

[root@6da3ac31a1e6 root]# client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
[root@6da3ac31a1e6 root]# echo $client_id
fcff19a59ef4d909cb7b21de116ffea6258988b53d090c823b4efc36c45076d6
[root@6da3ac31a1e6 root]# curl --interface tun0 http://209.222.18.222:2000/?client_id=fcff19a59ef4d909cb7b21de116ffea6258988b53d090c823b4efc36c45076d6
curl: (56) Recv failure: Connection reset by peer
[root@6da3ac31a1e6 root]# curl --interface tun0 icanhazip.com
45.12.220.184

 

Any idea why this might be happening?

Link to comment
1 hour ago, Adamm said:

Seems like the API for assigning ports is failing for me,

there is a time limit for hitting the PIA API, you will not be able to communicate with the API after 2 mins of establishing the vpn tunnel, i would suspect when you are running your code its after that 2 min period.

Link to comment
30 minutes ago, binhex said:

there is a time limit for hitting the PIA API, you will not be able to communicate with the API after 2 mins of establishing the vpn tunnel, i would suspect when you are running your code its after that 2 min period.

 

Right, wasn't aware of that limitation. In any case now the API is returning a port, it never seems to actually get opened. I also confirmed this behavior on my router directly using a separate OpenVPN instance.

 

skynet@RT-AX88U-DC28:/tmp/home/root# curl --interface tun11 icanhazip.com
45.12.220.212
skynet@RT-AX88U-DC28:/tmp/home/root# curl -4 --interface tun11 http://209.222.18.222:2000/?client_id=365732bef95553e634f41e19dba0e3cdfa0d65ef7979f89dba5654d43b0a275j
{"port":36870}

 

5aY2Tpw.png

 

 

2020-02-29 02:56:09,464 DEBG 'start-script' stdout output:
[info] Curl successful for http://209.222.18.222:2000/?client_id=6ff18107ffc4a1244594fea6d80e344ed8ccf0c8ef75c864c151a4e2f7f91812, response code 200

2020-02-29 02:56:09,495 DEBG 'start-script' stdout output:
[info] Successfully assigned incoming port 47431

2020-02-29 02:56:10,456 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 172.98.67.91

 

TbUZhxC.png

 

 

 

Not quite sure what to make of the whole situation as it seems port forwarding on their end is broken?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.