Can't access webui with new .ovpn file

[bigbtechnology]

Using OctanVPN config and openvpn.userpass file with credentials inside. The docker container starts the daemon successfully, but I still cannot access the webui on port 8080. Log attached. elated_bhabha_logs.txt

[bigbtechnology]

my vpn provider gave me a new .ovpn file. It works on the windows openvpn client. but it gets stuck in the qbitvpn docker.

2023-04-29 23:25:08.024315 [INFO] VPN_ENABLED defined as 'yes' 2023-04-29 23:25:08.068215 [INFO] LEGACY_IPTABLES is set to '' 2023-04-29 23:25:08.088006 [INFO] Not making any changes to iptables version 2023-04-29 23:25:08.135796 [INFO] The container is currently running iptables v1.8.7 (nf_tables). 2023-04-29 23:25:08.156081 [INFO] VPN_TYPE defined as 'openvpn' 2023-04-29 23:25:08.209723 [INFO] OpenVPN config file is found at /config/openvpn/OV-2023-DC.ovpn dos2unix: converting file /config/openvpn/OV-2023-DC.ovpn to Unix format... 2023-04-29 23:25:08.261764 [INFO] VPN remote line defined as 'gw2.yul2.octanevpn.com 8080' 2023-04-29 23:25:08.282768 [INFO] VPN_REMOTE defined as 'gw2.yul2.octanevpn.com' 2023-04-29 23:25:08.303418 [INFO] VPN_PORT defined as '8080' 2023-04-29 23:25:08.324591 [INFO] VPN_PROTOCOL defined as 'udp' 2023-04-29 23:25:08.345153 [INFO] VPN_DEVICE_TYPE defined as 'tun0' 2023-04-29 23:25:08.365933 [INFO] LAN_NETWORK defined as '192.168.0.0/24' 2023-04-29 23:25:08.388053 [INFO] NAME_SERVERS defined as '1.1.1.1,1.0.0.1,8.8.8.8' 2023-04-29 23:25:08.410523 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2023-04-29 23:25:08.432353 [INFO] Adding 1.1.1.1 to resolv.conf 2023-04-29 23:25:08.453458 [INFO] Adding 1.0.0.1 to resolv.conf 2023-04-29 23:25:08.474202 [INFO] Adding 8.8.8.8 to resolv.conf 2023-04-29 23:25:08.493409 [INFO] Starting OpenVPN... 2023-04-29 23:25:08 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2023-04-29 23:25:08 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2023-04-29 23:25:08 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10

[DyonR]

Are you sure your OpenVPN config file contains the line auth-user-pass credentials.conf
And, are you sure that that a file credentials.conf exists next to the OpenVPN config file?

[bigbtechnology]

The line was commented out, I removed the "#" and now qbittorrent loads in the docker. But, I still can't access the webui on http://192.168.0.X:8080 Attached docker logs from portainer. elated_bhabha_logs (1).txt

[bigbtechnology]

Since their config file is available publicly on their website, I'm uploading that as well. OV-2023-DC - Copy.txt

[DyonR]

It seems like there is an issue creating a route to your default gateway, which is odd.
Could you perhaps send your .ovpn file?
Make sure to censor any IP addresses or endpoints if you like and remove any certificates (stuff that looks like x0v/tzrSEersQW7y7Y1Nxo3RgHPM8980xwm/DVrZ/9WoDxp3DU+JuctbgzYwFUjZ) from it.
And the TLS-Auth which looks like:

78d11491bc124fb91e3270490163a9d0
cf0b53858945e3d15e4839636cba1c16
2da23176fa601a911d351067d66b451a

[DyonR]

Since their config file is available publicly on their website, I'm uploading that as well. OV-2023-DC - Copy.txt

That was just what I asked for 😝 I'll look at it

[DyonR]

@bigbtechnology Could you give this .ovpn file a try? If it doesn't work please send a new log, note it's a .txt file, you should change it to .ovpn
newconf.txt

[bigbtechnology]

New portainer docker logs. Qbit Starts up. says network may be down, then restarts container.

elated_bhabha_logs (2).txt

[bigbtechnology]

I appreciate the help @DyonR . I need to work on some other things and make some dinner. I may not be back to try other fixes until tomorrow or Monday.

[DyonR]

Alright, the authentication etc to the OpenVPN server works fine now. So the OpenVPN file is working properly now.
I think the current issue may be caused by a potential wrong configuration, specifically the LAN_NETWORK environment variable.
Are you sure your home network is 192.168.0.0/24?
Easiest way to check this is, if you are using Windows, is to open CMD or PowerShell and run ipconfig.
You should look for a like that says "Default Gateway".
If it is 192.168.0.1, 192.168.0.0/24 should be correct and something else is wrong.
If it is 192.168.0.0 change LAN_NETWORK to 192.168.1.0/24

Anyhow, enjoy dinner and let me know if my solution above works or not 😄

[bigbtechnology]

Default Gateway is 192.168.0.1 - ISP modem/router The docker host is 0.15 - Debian the machine that can't access the webui is 0.10 - Windows 10

[DyonR]

Last thing I can think of for now is a conflict in the WebUI port and the OpenVPN port.
In this OpenVPN config file line: remote gw2.yul2.octanevpn.com 8080 Change 8080 to 443, or 8888.

If that doesn't work - I don't know what else it could be

[bigbtechnology]

Still restarting the container with 443

elated_bhabha_logs (3).txt

[DyonR]

Very weird.
Add another environment variable RESTART_CONTAINER and set to no (default is yes) and check if the WebUI will be accessible then.
If the WebUI works, and the container doesn't auto restart, open the console.
Run this command:
apt update; apt -y install curl If this fails with an error like No network connection, Network timed out, etc, then the OpenVPN config file is probably still missing something.
If it it all runs fine and curl gets installed, run curl ifconfig.me This will return an ip address. If this IP address is not the IP of the device the portainer runs on, but a VPN IP, it's working. But it may be unable to resolve DNS records, in this case one.one.one.one, or one.one.one.one is just unreachable.
That are some leads I could give you for now.

[DyonR]

For reference, here is my .ovpn file, maybe you can see some settings in my file that you may miss, but it really differs per provider obviously:

client
dev tun
proto udp
remote ams-193.whiskergalaxy.com 1194
verify-x509-name ams-193.windscribe.com name

nobind
auth-user-pass credentials.conf

resolv-retry infinite

cipher AES-256-GCM
data-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
auth SHA512

verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun

key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>

Another difference I noticed between our log files is this:
My log ip tables:

2023-04-30 02:56:19.252001 [INFO] ip route defined as follows...
--------------------
0.0.0.0/1 via 10.120.18.1 dev tun0 
default via 172.17.0.1 dev eth0 
10.120.18.0/23 dev tun0 proto kernel scope link src 10.120.18.92 
84.17.46.2 via 172.17.0.1 dev eth0 
128.0.0.0/1 via 10.120.18.1 dev tun0 
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.10 
192.168.0.0/24 via 172.17.0.1 dev eth0 
--------------------

84.17.46.2 is the IP I received from my VPN provider.

Yours is missing some ip tables, but I have no idea why, the OpenVPN should not impact it. Anyhow, I am out of idea.

[DyonR]

Here is my full docker run command also, note there are many settings that don't impact the working of the container like HOST_OS, HOST_HOSTNAME:

docker run
  -d
  --name='qbittorrentvpn'
  --net='bridge'
  --privileged=true
  -e TZ="Europe/Berlin"
  -e HOST_OS="Unraid"
  -e HOST_HOSTNAME="Dyon-unRAID"
  -e HOST_CONTAINERNAME="qbittorrentvpn"
  -e 'VPN_ENABLED'='yes'
  -e 'VPN_TYPE'='openvpn'
  -e 'VPN_USERNAME'='xxxxxxxxxxxxxxxxxxxxxxxxxx'
  -e 'VPN_PASSWORD'='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
  -e 'LAN_NETWORK'='192.168.0.0/24'
  -e 'PUID'='1000'
  -e 'PGID'='100'
  -e 'HEALTH_CHECK_AMOUNT'='10'
  -e 'ENABLE_SSL'='1'
  -e 'NAME_SERVERS'='1.1.1.1,1.0.0.1'
  -e 'UMASK'='002'
  -e 'HEALTH_CHECK_HOST'='one.one.one.one'
  -e 'HEALTH_CHECK_INTERVAL'='5'
  -e 'HEALTH_CHECK_SILENT'='1'
  -e 'INSTALL_PYTHON3'='no'
  -p '8080:8080/tcp'
  -p '8999:8999/tcp'
  -p '8999:8999/udp'
  -v '/mnt/user/data/qBt/':'/downloads':'rw'
  -v '/mnt/user/appdata/qbittorrentvpn':'/config':'rw'
  --restart unless-stopped
  --cap-add NET_ADMIN
  --sysctl "net.ipv4.conf.all.src_valid_mark=1" 'dyonr/qbittorrentvpn'

[bigbtechnology]

'Apt update' fails to download new update files from deb.debian.org

'apt install' could not locate package curl

'ping google.ca' unknown host

'Ping 1.1.1.1' works fine So seems dns might be the issue?

On Sat., Apr. 29, 2023, 10:20 p.m. DyonR, @.***> wrote:

Here is my full docker run command also, note there are many settings that don't impact the working of the container like HOST_OS, HOST_HOSTNAME:

docker run -d --name='qbittorrentvpn' --net='bridge' --privileged=true -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e HOST_HOSTNAME="Dyon-unRAID" -e HOST_CONTAINERNAME="qbittorrentvpn" -e 'VPN_ENABLED'='yes' -e 'VPN_TYPE'='wireguard' -e 'VPN_USERNAME'='xxxxxxxxxxxxxxxxxxxxxxxxxx' -e 'VPN_PASSWORD'='xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' -e 'LAN_NETWORK'='192.168.0.0/24' -e 'PUID'='1000' -e 'PGID'='100' -e 'HEALTH_CHECK_AMOUNT'='10' -e 'ENABLE_SSL'='1' -e 'NAME_SERVERS'='1.1.1.1,1.0.0.1' -e 'UMASK'='002' -e 'HEALTH_CHECK_HOST'='one.one.one.one' -e 'HEALTH_CHECK_INTERVAL'='5' -e 'HEALTH_CHECK_SILENT'='1' -e 'INSTALL_PYTHON3'='no' -p '8080:8080/tcp' -p '8999:8999/tcp' -p '8999:8999/udp' -v '/mnt/user/data/qBt/':'/downloads':'rw' -v '/mnt/user/appdata/qbittorrentvpn':'/config':'rw' --restart unless-stopped --cap-add NET_ADMIN --sysctl "net.ipv4.conf.all.src_valid_mark=1" 'dyonr/qbittorrentvpn'

— Reply to this email directly, view it on GitHub https://github.com/DyonR/docker-qbittorrentvpn/issues/179#issuecomment-1528912894, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE26REE4QTVPHW627L2BGZTXDW46JANCNFSM6AAAAAAXQNC6EU . You are receiving this because you were mentioned.Message ID: @.***>