Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] binhex - qBittorrentVPN

Featured Replies

On 12/9/2019 at 12:37 PM, binhex said:

nope, you dont forward any ports outside of the vpn tunnel

 

the only port you MAY want to port forward is for the web ui but ONLY if you want to access the web ui outside of your home lan.

so I think I have the same confusion as the guy you replied to 2 years ago. Do we not do port forwarding to improve torrenting speed or connectivity?

  • Replies 5.1k
  • Views 1.1m
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • I rolled back to tag 5.1.1-1-01 which fixed the issue for me. I guess the new update wasn't tested for wireguard connections. Edit the docker container and change "Repository" from binhex/arch-qbitt

  • FWIW, I found this method in Reddit that seemed to work for me until they fix the log bug. But note if you have qbittorrent internet facing, it's a risk.   Add this line under [Preferences]

  • gustyScanner
    gustyScanner

    Hello! I have been using wireguard successfully for a long time with this container, today though when the container restarted I got the following error: 2025-06-27 10:35:26,490 DEBG 'start-script'

Posted Images

Great work on this! I'm completely new to Docker, but did eventually get this working on Windows in Hyper-V mode (Mullvad/Wireguard).

 

My question - is it possible to get this working with Docker set to WSL 2 mode? So far I haven't been able to get it working. The main error seems to be:

 

2021-02-04 15:44:05,318 DEBG 'start-script' stderr output:
iptables-restore v1.8.7 (legacy): unknown option "--save-mark"
Error occurred at line: 5
Try `iptables-restore -h' or 'iptables-restore --help' for more information.

 

Which I believe means the WSL2 kernel does not include the CONNMARK module. But I swapped out the WSL2 kernel for one built with wireguard/connmark support, and I'm still getting errors.

 

--EDIT--

Got it! I had to manually compile the WSL2 kernel with CONFIG_NETFILTER_XT_MATCH_CONNMARK=y

 

Everything works great when using that modified kernel. Instructions here (not mine) in case anyone else runs into this in the future.

 

Edited by crafty35a

Subsequent to my own previous post, I have rolled back my Alpine Linux version and everything works again. It seems there may be an internal problem with a recent version of iptables routing inside docker itself. That would explain the weird behaviour where it would sometimes start and throw errors in some of my docker images with the above errors I already noted, but others would launch, but their UI's would still be unreachable though their web interfaces, even though they were running. It was really weird behaviour.

 

I don't know if its Alpine specific, or a larger docker problem, but something to note if you are having problems and docker is throwing iptable errors.

I am using Surfshark VPN, and have set my container to a static IP (Custom br0). I can access the container webui when VPN enabled is set to "no", but I cannot access it once it is set to "yes"

 

However, if I disable the static IP and go back to Bridge, it seems to work with VPN enable is set to "yes"

 

I couldn't find much on this in the thread, is there a reason for this?

 

Thanks

On 2/4/2021 at 12:53 PM, crafty35a said:

Great work on this! I'm completely new to Docker, but did eventually get this working on Windows in Hyper-V mode (Mullvad/Wireguard).

So you're using this docker successfully with mullvad+wireguard with good speed? (vs just working overall)

I'm considering switching to them when my year sub to PIA expires in a couple months because of their buyout but the VPN provider I buy completely hinges on how well it performs with this app and the binhex-sabnzbdvpn app haha. Not concerned about SAB because that's less nuanced with port forwarding and all that, but if people are seeing good non-throttled speed with port forwarding working with mullvad I've love to hear about it. :)

 

Edit: screw it, I'll probably just buy a month's worth since they bill monthly regardless of plan. Fingers crossed I can migrate easily without screwing it up too much.

 

Thank you!

Edited by internetfriend

I can't access the WebUI. I am on UnRaid and didn't change any of the configuration, aside from my PIA Credentials, which I've double checked beforehand.

 

I'm not sure if I downloaded the correct openvpn configuration, I used their Generator for this. I selected OpenVPN 2.4 or newer, Linux as Platform, and Frankfurt as Location. Am I supposed to use ovpn 2.3?

 

That configuration I copied to the absolute path on the UnRaid Host:

/mnt/user/appdata/binhex-qbittorrentvpn/openvpn

(or relatively to /config/openvpn).

 

When I look at the log I don't see any errors, the last line says "qBittorrent process listening on port 8080" (which is the right port)

 

EDIT: The Problem was I didn't have the Variable LAN_NETWORK set correctly

Edited by Kristophersson
Link Formatting

Hi All!

I am trying to do a sneaky little script to assist with automated transcoding after torrent completion here.

Basically I want to copy files using the "Run on torrent completion" command, I want to copy files within a category and without HEVC flags to folder for transcoding (below), and I want files that contain HEVC flags to go into a folder that avoids transcoding (I have left the elif statement out due to the below script not working anyway).

 

Unfortunately my below script isn't working, and I can't figure out where the logs go for this to find out why.

Command in Qbittorrent: /config/TorrentMovev2.bash %F %L %N

Script (TorrentMovev2.bash:

#!/bin/bash
%F=$1
%L=$2
%N=$3
if [[ $2 == 'tv-sonarr' || $2 == 'Movies' ]] && [[ $3 != *H265* || $3 != *x265* ]]; then
  cp -r $1 "/mnt/user/Downloads/Downloaded/Copied"
fi

 

Now this script DOES work, so I know I am onto something, just can't figure out what about the above addition is breaking it.

#!/bin/bash
%F=$1
%L=$2
if [[ $2 == 'tv-sonarr' || $2 == 'Movies' ]]; then
  cp -r $1 "/mnt/user/Downloads/Downloaded/Copied"
fi

Edited by deanpelton

 

On 1/7/2020 at 11:22 AM, DBJordan said:

You may need to rework your container parameters, because it looks like you're trying to transfer between two shares. (Although if your host path 2 is /mnt/user you can safely ignore the rest of this paragraph!)  This container has a single host path 2 available to configure, which means everything you want to copy from and to needs to be under that host path. So the first step I'd make is assign host path 2 to /mnt/user/media and mkdir /mnt/user/media/downloads/complete as your qbittorrent download directory. Once that's done, the container will have access to both locations it needs. From that point, your bash script can be placed in /mnt/user/media/downloads/myscript.bash or even /mnt/user/media/myscript.bash.

 

It doesn't need to be in the file structure of the container. You can keep it in your shares.

 

Also note that once you change host path 2 to /mnt/user/media, within the container that path becomes /data, so you'll need to tell qbittorrent to execute /data/downloads/myscript.bash or /data/myscript.bash depending on where you put it.

 

Be sure to chmod your script to be executable, then you want an external run-once-download-completes command in qbittorrent that looks like this:



/data/myscript.bash %L %F

 

And that script needs to collect the arguments from qbittorrent to run something that looks like this:



mkdir -p "/data/%L" && cp -R "%F" $_

 

Hopefully that gives you enough info to come up with something. 🙂 Good luck!

 

Edit: just one other thought. I provided a command that will create a subdir of that name if it doesn't already exist. If you already have that directory, you probably don't even need a script. Just run this program on completion:



cp -R "%F" "/data/%L"

This recursively copies the ${full path} of your download into /data/${category}.

 

Nevermind all!

 

I figured it out by re-reading this post by DBJordan.

 

It didn't occur to me that the script would honor the container paths and not the host paths! Crazy.

I also had to fix the operator from || to && for my exclusions.

This is a great way to manage automatic encoding with Handbrake if anyone finds this, basically I automatically encode using x265 from qbittorrent, with sonnar grabbing the output. IF the file is already h.265 format, this process will give it straight to sonnar from Qbittorrent skipping the encoding process!!

 

#!/bin/bash
%F=$1
%L=$2
%N=$3
if { [[ $2 == 'tv-sonarr' || $2 == 'Movies' ]] ;} && { [[ $3 != *H265* && $3 != *x265* ]] ;}; then
  cp -r $1 "/Downloads/Downloaded/Copied" #this is my watch folder for handbrake
elif [[ $2 == 'tv-sonarr' || $2 == 'Movies' ]]; then
  cp -r $1 "/Transcodes" #this is my output folder for handbrake, and watch folder for sonarr.
fi

#the above are all container paths.


 

 

Edited by deanpelton
fix code

I've got an issue where none of my downloads will seed. They only download.

I am using Torguard Wireguard VPN, I have got them forwarding a port, which I have added to my router, and have set that in the port for incoming connections within QB.

Can anyone help?

I'm unable to open the webui.  The logs look fine like the client is started, but all I get is "unauthorized" in text on the page.  Any help?

 

Thanks!

2 hours ago, swtz said:

I'm unable to open the webui.  The logs look fine like the client is started, but all I get is "unauthorized" in text on the page.  Any help?

 

Thanks!

You're going to need to attach your supervisord log to your next post. Redact user names and passwords.

On 2/2/2021 at 9:44 PM, Noah Tatum said:

@_rogue, sorry to reply to an older comment, but did you ever figure this issue with pfSense out? I have essentially the same setup, but I'm using binhex-sabnzvpn instead of qbittorrent. Completely at a loss, myself.

Also sorry to reply to an older comment. (Bunch of Canadians here). I never figured it out. I switched over to wireguard on the binhex container and the issue was gone so I just left it that way.

Hello

 

Im having a problem with qbittorrent.. and wireguard?

Can somebody tell me what is wrong??

 

Thank you..

Unraid.txt

Hello

I use the vpn part for other apps like jackett

 

I have this in my ports section of qbitorrentvpn

	ports:
	  - "9117:9117" #port pour jackett

and in my jackett I have

network_mode: "service:qbitorrentvpn"

 

Looks like the latest changes no longer allow me to access jackett's gui on host ip : 9117

Edited by zitzutzo

  • Author
16 minutes ago, zitzutzo said:

Hello

I use the vpn part for other apps like jackett

 

I have this in my ports section of qbitorrentvpn


	ports:
	  - "9117:9117" #port pour jackett

and in my jackett I have


network_mode: "service:qbitorrentvpn"

 

Looks like the latest changes no longer allow me to access jackett's gui on host ip : 9117

do you have the port 9117 defined in 'additional_ports' for qbittorrentvpn?, if not then you will now need to do this.

 

13 minutes ago, binhex said:

do you have the port 9117 defined in 'additional_ports' for qbittorrentvpn?, if not then you will now need to do this.

 

I just add in ADDITIONAL_PORTS and all work ! thanks again Binhex.

 

To bring a little more precision I must also keep the port in the ports section:?

 

If have more than one port I can do: - ADDITIONAL_PORTS = 9117,8191 ?

 

thanks !

 

  • Author
2 minutes ago, zitzutzo said:

To bring a little more precision I must also keep the port in the ports section:?

yes, this allows the host to communicate with the container port used by the app, whereas ADDITIONAL_PORTS allows the communication between lan and application via firewall rules.

 

4 minutes ago, zitzutzo said:

If have more than one port I can do: - ADDITIONAL_PORTS = 9117,8191 ?

correct.

 

1 minute ago, binhex said:

yes, this allows the host to communicate with the container port used by the app, whereas ADDITIONAL_PORTS allows the communication between lan and application via firewall rules.

 

correct.

 

 

your help is really appreciate! It's really a pleasure to have someone so involved

^^ I'm not so good in english hope this sentence is ok :)

  • Author
5 minutes ago, zitzutzo said:

 

your help is really appreciate! It's really a pleasure to have someone so involved

^^ I'm not so good in english hope this sentence is ok :)

no probs, and your sentence is fine 🙂

  • Author

There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A new image has now been rolled out for all vpn enabled docker images (25th Feb 2021) i produce with the fix in place, i would encourage everyone to update to the recently created 'latest' tagged image.
 

You can force the upgrade by toggling 'basic view' to 'advanced view' and then clicking on 'force update' link for each container, or by clicking on the 'check for updates' button at the bottom and then click on 'update all'.
 

for transparency, here is the link to the (now closed off) issue:- https://github.com/binhex/arch-qbittorrentvpn/issues/80

 

IMPORTANT
As part of the tightening up if you run multiple containers through a single vpn container and are encountering issues then please read Q25 from the following link:-
https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md
 

As part of the tightening up if you run privoxy and are encountering issues then please read Q26 from the following link:-
https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

50 minutes ago, binhex said:

IMPORTANT:- As part of the tightening up if you run multiple containers through a single vpn container then please ensure you define all web ui ports (if more than 1 port then use comma to separate) for all routed containers in 'ADDITIONAL_PORTS' env var for the vpn container.

I'm assuming this is in addition to mapping those ports.

  • Author
3 minutes ago, jonathanm said:

I'm assuming this is in addition to mapping those ports.

indeed yes, the additional_ports env var punches holes in iptables, whereas port mapping is docker related.

 

edit - im going to write a simple faq on how to route containers through a vpn container shortly.

3 minutes ago, binhex said:

edit - im going to write a simple faq on how to route containers through a vpn container shortly.

Cool. I added a post and recommended my own post to draw attention to it in @SpaceInvaderOne tutorial thread.

 

 

4 hours ago, binhex said:

 

IMPORTANT:- As part of the tightening up if you run multiple containers through a single vpn container then please ensure you define all web ui ports (if more than 1 port then use comma to separate) for all routed containers in 'ADDITIONAL_PORTS' env var for the vpn container.

Maybe I’m a little dense today. Not quite sure what containers this refers to. I don’t have any that are using a piggyback network through your vpn (as described in the video) but I do have several that connect through the privoxy port on this container (Sonarr, Radarr and Jackett). Do I need to add their webUI ports to additional_ports?

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.