Closed prabbit237 closed 2 years ago
This is not a bug, but rather a choice of the Docker container maintainer's to force users to use --privileged=true
. If you wish to use wireguard, you can add those options in your overrides file.
Not sure if the issue was misunderstood or what but....
When setting the VPN to Wireguard, qbittorrentvpn has the following in docker-compose.yml (along with the stuff before and after. I'm just including some lines for context but I'm marking the pertinent lines with asterisks) and it runs fine:
- mode: ingress
target: 51413
published: "51413"
protocol: udp
** privileged: true
restart: unless-stopped
** sysctls:
** net.ipv4.conf.all.src_valid_mark: "1"
volumes:
- type: bind
Sabnzbdvpn has:
- mode: ingress
target: 8118
published: "58118"
protocol: tcp
restart: unless-stopped
** sysctls:
** net.ipv4.conf.all.src_valid_mark: "1"
volumes:
- type: bind
So it fails to load because the "privileged: true" line isn't added. I understand that the packagers are requiring the "privileged: true" (or "--privileged=true") and it's not the choice of the authors of Dockstarter to require that, but when it's in the file qbittorrentvpn.yml but it's missing in sabnzbdvpn.yml, and when Dockstarter is reasonably expected to setup the general compose file with some standard options, I'd call it a bug (and one with what would seem to be a simple fix: add the one line to Sabnzbdvpn.yml.")
Of the six *vpn.yml files, four of them have the "sysctls" line and also the same four have the "net.ipv4..." line but only one of them has the "privileged..." line. So if it's not a bug that it's not in one of them (or rather "in five of them" and, by the same token, two of them are missing the other two lines), why have ANY of those three lines in any of them?
I realize Dockstarter can't be expected to cover ALL fringe use-cases (and I did add lines in the override to include NVIDIA support for tdarr, set tdarr to run a node in the same container, etc) but this seems pretty generic/universal.
I wasn't aware the other VPN containers had it. Feel free to PR the fix
At one point the documentation binhex provided for qbittorrentvpn stated that it required privileged
mode (full stop). The other images were documented as not requiring it. Also, the nzbgetvpn image is not maintained by binhex (someone else made it, but based it on binhex's images), and the last time I looked (it's been a while) it didn't add support for wireguard. It seems nzbgetvpn has now added support for wireguard. I'll go ahead and make all of them consistent now.
Oh and transmissionvpn is an entirely separate image maintained by someone else, not using binhex's base. As far as I can tell it currently does not support wireguard.
Bug report
Describe the bug A clear and concise description of what the bug is.
Wireguard doesn't load in sabnzbdvpn
To Reproduce Steps to reproduce the behavior:
Set the VPN to wireguard instead of openvpn (don't know if it's specific to PrivateInternetAccess or a Wireguard issue in general.)
Expected behavior It connects to the VPN.
Screenshots If applicable, add screenshots to help explain your problem.
System (please complete the following information):
Debian Bullseye
Additional context
Apparently the Docker Compose file needs:
It was connecting fine in qbittorrentvpn but throwing the error in sabnzbdvpn. Found the "privileged: true" part was missing. Added it via the docker.compose.override.yml and it works fine. The readme.md at https://github.com/binhex/arch-sabnzbdvpn showed the solution: