ARM support

[P3pit0r]

Hello,

As the title says, would there be any release for ARM architecture in the near future ?

Thank you !

[chrisjohnson00]

If @MarkusMcNugen still maintains this, I'd be willing to contribute some help to build ARM containers via Travis CI

[pled]

It would be nice to have this container working on ARM ! (cannot any other qbittorrent container including vpn ).

[chrisjohnson00]

@P3pit0r @pled Could you please give my containers a try? https://hub.docker.com/repository/docker/chrisjohnson00/qbittorrent-openvpn/tags?page=1&ordering=last_updated

I setup multi-architecture builds in my fork of this repo. I've also setup my fork to build/push a nightly update to latest, so you can use this tag once the first daily schedule kicks off (in less than 4 hrs from now)

[pled]

@chrisjohnson00 Cool, and thank you for this ! Please note I am a newbie and not a developer... I do my best ! So I give a try, using Portainer and setting same variables as for "markusmcnugen/qbittorrentvpn". It starts but I have that error : Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2) I added the NET_ADMIN capability, but same error. => EDIT : may be some info here : Here is the full log: 2021-01-01 16:51:36.381387 [info] VPN_ENABLED defined as 'yes' 2021-01-01 16:51:36.483713 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/mullvad_fr_par.ovpn dos2unix: converting file /config/openvpn/mullvad_fr_par.ovpn to Unix format... 2021-01-01 16:51:36.655971 [info] VPN remote line defined as 'fr-par-004.mullvad.net 1194' 2021-01-01 16:51:36.891239 [info] VPN_REMOTE defined as 'fr-par-004.mullvad.net' 2021-01-01 16:51:36.988695 [info] VPN_PORT defined as '1194' 2021-01-01 16:51:37.072394 [info] VPN_PROTOCOL defined as 'udp' 2021-01-01 16:51:37.152978 [info] VPN_DEVICE_TYPE defined as 'tun0' 2021-01-01 16:51:37.232035 [info] LAN_NETWORK defined as '192.168.1.0/24' 2021-01-01 16:51:37.311394 [info] NAME_SERVERS defined as '8.8.8.8,8.8.4.4' 2021-01-01 16:51:37.391365 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2021-01-01 16:51:37.472129 [info] Adding 8.8.8.8 to resolv.conf 2021-01-01 16:51:37.552142 [info] Adding 8.8.4.4 to resolv.conf 2021-01-01 16:51:37.625227 [info] Starting OpenVPN... Fri Jan 1 16:51:37 2021 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore. Fri Jan 1 16:51:37 2021 WARNING: file 'credentials.conf' is group or others accessible Fri Jan 1 16:51:37 2021 OpenVPN 2.4.4 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019 Fri Jan 1 16:51:37 2021 library versions: OpenSSL 1.1.1 11 Sep 2018, LZO 2.08 Fri Jan 1 16:51:37 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]193.32.126.82:1194 Fri Jan 1 16:51:37 2021 Socket Buffers: R=[163840->327680] S=[163840->327680] Fri Jan 1 16:51:37 2021 UDP link local: (not bound) Fri Jan 1 16:51:37 2021 UDP link remote: [AF_INET]193.32.126.82:1194 Fri Jan 1 16:51:37 2021 TLS: Initial packet from [AF_INET]193.32.126.82:1194, sid=4dfc9ec4 8de2072f Fri Jan 1 16:51:37 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Fri Jan 1 16:51:37 2021 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, emailAddress=security@mullvad.net Fri Jan 1 16:51:37 2021 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v3, emailAddress=security@mullvad.net Fri Jan 1 16:51:37 2021 VERIFY KU OK Fri Jan 1 16:51:37 2021 Validating certificate extended key usage Fri Jan 1 16:51:37 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Fri Jan 1 16:51:37 2021 VERIFY EKU OK Fri Jan 1 16:51:37 2021 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=fr-par-002.mullvad.net, emailAddress=security@mullvad.net Fri Jan 1 16:51:37 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558' Fri Jan 1 16:51:37 2021 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' Fri Jan 1 16:51:37 2021 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA Fri Jan 1 16:51:37 2021 [fr-par-002.mullvad.net] Peer Connection Initiated with [AF_INET]193.32.126.82:1194 Fri Jan 1 16:51:38 2021 SENT CONTROL [fr-par-002.mullvad.net]: 'PUSH_REQUEST' (status=1) Fri Jan 1 16:51:44 2021 SENT CONTROL [fr-par-002.mullvad.net]: 'PUSH_REQUEST' (status=1) Fri Jan 1 16:51:44 2021 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.8.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.8.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1194::100a/64 fdda:d0d0:cafe:1194::,ifconfig 10.8.0.12 255.255.0.0,peer-id 10,cipher AES-256-GCM' Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: compression parms modified Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: --socket-flags option modified Fri Jan 1 16:51:44 2021 NOTE: setsockopt TCP_NODELAY=1 failed Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: --ifconfig/up options modified Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: route options modified Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: route-related options modified Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: peer-id set Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: adjusting link_mtu to 1624 Fri Jan 1 16:51:44 2021 OPTIONS IMPORT: data channel crypto options modified Fri Jan 1 16:51:44 2021 Data Channel: using negotiated cipher 'AES-256-GCM' Fri Jan 1 16:51:44 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Fri Jan 1 16:51:44 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Fri Jan 1 16:51:44 2021 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:04 Fri Jan 1 16:51:44 2021 GDG6: remote_host_ipv6=n/a Fri Jan 1 16:51:44 2021 ROUTE6: default_gateway=UNDEF Fri Jan 1 16:51:44 2021 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2) Fri Jan 1 16:51:44 2021 Exiting due to fatal error

[pled]

@chrisjohnson00, Good news, it is now working. I failed using Portainer to make it run, so I did it from docker command line like below:

docker run --privileged -d \
        -v /your/config/path/:/downloads \
        -v /your/config/path/:/config  \
        -e "VPN_ENABLED=yes"  \
        -e "LAN_NETWORK=192.168.1.0/24"  \
        -e "NAME_SERVERS=8.8.8.8,8.8.4.4"  \
        -e "VPN_USERNAME=username"  \
        -e "VPN_PASSWORD=password"  \
        -e "PUID=XXX"  \
        -e "PGID=XXX"  \
        -e "INCOMING_PORT_ENV=8999"  \
        -p 8080:8080  \
        -p 8999:8999  \
        -p 8999:8999/udp  \
        --sysctl net.ipv6.conf.all.disable_ipv6=0  \
        --name qbittorrent-openvpn  \
        chrisjohnson00/qbittorrent-openvpn:latest

Notes: 1) The "--privileged -d" seems required (previous error cannot create TUN/TAP...) thus Portainer cannot be used (afaik). 2) I tried to change port 8080 using "WEBUI_PORT_ENV=8090" for example, but it failed (no way to access to qbittorrent UI), so I let default. 3) The "--sysctl net.ipv6.conf.all.disable_ipv6=0" seems to be linked to MULLVAD provider.

Thank you very much, for me it looks perfect !

[chrisjohnson00]

For number 2. If you want to change the port you access it on from 8080 to something else, the left side of the -p value is what port is exposed to you. So -p 9090:8080 would allow you to access it from port 9090, and docker will still route it to port 8080 inside the container.

Glad to hear it's working. I will pr it in hopes this repo is still maintained.

[P3pit0r]

Hello @chrisjohnson00, Thank you for your help ! It's finally working !! I was stuck since late September and visited many many threads without any success. :)

So what solved the issue is indeed using your fork as I am using a Raspberry Pi as a download server, and run the "docker run --privileged", I did not succeed with docker compose, I guess I need to change a few variables. I will try another time :) Merci également à @pled pour son feedback, sans quoi je n'aurais pas réussi.

I will explain how it worked hoping that it could help someone in the future.

So here what worked for me :

As I am using AirVPN, I had to create beforehand, a folder qBitorrentvpn in my config folder and then a folder "openvpn" :

So I created this folder : .../config/qBitorrentvpn/

& then the folder openvpn inside : .../config/qBitorrentvpn/openvpn/

I dropped in this folder (.../openvpn/) the following files got from AirVPN in the config generator :

The .ovpn, ca.crt, ta.key, user.crt, user.key.

To get these files from AirVPN, here are the steps and the options that must be chosen :

1. Go to Config Generator
2. Advanced Mode: Checked
3. API Reference: Unchecked
4. Select "Linux"
5. IP Layer: IPv4 only
6. Connect with IP layer: IPv4
7. Protocols: UDP/443
8. Bundle executables: No
9. OpenVPN version: >=2.4
10. Separatekeys/certs from .ovpn file: Checked
11. Proxy: None
12. Choose servers: for example "Switzerland"
13. Then, Generate.
14. On the download page, download the zip file.

Drop all the files included in the zip file (.crt, .key, .ovpn, ...) into your.../qBitorrent/openvpn/ folder

Open the .ovpn file with notepad (or other software) and add this line at the end : auth-user-pass

Still in the same folder (.../qBitorrent/openvpn/) create a text file that you will call auth-user-pass credentials.conf which will contain the following lines :

username
password

Replace of course the username by your AirVPN username and the password by your AirVPN password.

If you're on Windows (might be different on MacOS/Linux distro), delete the .txt at the end of the file so it is a .conf

Now you can run the docker run command and it should be working.

   docker run --privileged -d \
        -v /srv/dev-disk-by-label-mediadisk/databases/downloads/:/downloads \
        -v /srv/dev-disk-by-label-mediadisk/config/qbitorrentvpn/:/config  \
        -e "VPN_ENABLED=yes"  \
        -e "LAN_NETWORK=192.168.1.0/24"  \
        -e "NAME_SERVERS=9.9.9.9,149.112.112.112"  \
        -e "VPN_USERNAME=XXXXX"  \
        -e "VPN_PASSWORD=XXXXX"  \
        -e "PUID=XXX"  \
        -e "PGID=XXX"  \
        -p 8080:8080  \
        -p 8999:8999  \
        -p 8999:8999/udp  \
        --sysctl net.ipv6.conf.all.disable_ipv6=0  \
        --name qbittorrent-openvpn  \
        chrisjohnson00/qbittorrent-openvpn:latest 

Replace the XXX by the corresponding inputs from your raspberry.

Thanks again !

[inertia666]

Hi Chris, many thanks for getting this working with ARM. It's the only container i've had any success with on a Raspberry Pi.

I have one problem though. If the VPN goes down or stops responding, QBittorrent is still running. There is no connection to the internet though, which is good, but it makes it hard to know if anything is wrong since the application seems to behave normally. Is there anyway to implement a killswitch to shut down QBT or/and restart the container to revive the VPN?

[chrisjohnson00]

@inertia666 - i've yet to crack that issue. Docker watches process id 1, but the way the startup process works is that is spawns new processes (which doesn't doesn't watch).
So, when VPN can't connect anymore, docker doesn't notice since it's not PID 1. Also, from my investigations so far, there is something unique with these start up scripts that cause issues with a simple restart. I implemented a health check script in my version of the container, but when it fails and the container is restarted, it doesn't have the virtual network interface and VPN just dies.
I only have this issue about one, maybe two times per month so I've not spent much time trying to fix it. I just delete the container (i'm running in kubernetes) and it re-creates it and works fine.

[inertia666]

@inertia666 - i've yet to crack that issue. Docker watches process id 1, but the way the startup process works is that is spawns new processes (which doesn't doesn't watch). So, when VPN can't connect anymore, docker doesn't notice since it's not PID 1. Also, from my investigations so far, there is something unique with these start up scripts that cause issues with a simple restart. I implemented a health check script in my version of the container, but when it fails and the container is restarted, it doesn't have the virtual network interface and VPN just dies. I only have this issue about one, maybe two times per month so I've not spent much time trying to fix it. I just delete the container (i'm running in kubernetes) and it re-creates it and works fine.

How does haugene/docker-transmission-openvpn handle this in comparison? When the VPN stops responding it kills the Transmission process.

The main problem is not manually restarting to intervening to fix the problem. It's knowing when QBT is no longer doing anything. For example, long time seeding still shows peers connected in the UI. It's only if I happen to check my seeding list on the website that it says i have 0 seeded.

Would also be nice with a changelog or something at your Docker Hub. I will be sticking with this container as it works pretty well for but would like to keep my eye on further developments.

Thanks a lot for this.

[pled]

Hi Chris, I have an issue when restarting the container. On container creation, qBittorrent process starts and all is fine, I can login WebUI. Then if I stop and restart container from Portainer UI (or reboot OMV), I cannot acces QB WebUI anymore. Looking at logs, I can see the following :

Logging to /config/qBittorrent/data/logs/qbittorrent-daemon.log.
start-stop-daemon: matching on world-writable pidfile /var/run/qbittorrent-nox.pid is insecure
2021-02-06 10:21:21.768415 [info] qBittorrent PID: 

Solution : From the exec console, I have to delete the "/var/run/qbittorrent-nox.pid" file to be able to restart container and access WebUI. Any idea what could be the reason for that ? Thanks.

[chrisjohnson00]

@inertia666

How does haugene/docker-transmission-openvpn handle this in comparison? When the VPN stops responding it kills the Transmission process.

I believe it does not know. Since this uses iptables, the connection just disappears. The app isn't aware; from it's perspective no one is answering anymore.

Would also be nice with a changelog or something at your Docker Hub. I will be sticking with this container as it works pretty well for but would like to keep my eye on further developments.

This is what you can use: https://github.com/chrisjohnson00/docker-qBittorrentvpn/releases This is a fork repo, I don't intend to become maintainer of this, but will help when time offers.
The versioning in docker hub is different than the repo versioning. The automated build pushes up latest tags and x.y.z tags. The x.y.z tags is the qbittorrent version. This will change as they publish new versions to the ubuntu repo.

@pled

Solution : From the exec console, I have to delete the "/var/run/qbittorrent-nox.pid" file to be able to restart container and access WebUI. Any idea what could be the reason for that ?

No, sorry... I've never encountered this. I run qbittorrent from a Kubernetes cluster that I created; I've not used Portainer before. What volume mounts do you have? Stopping and starting the container should wipe any container file system files, so my thought is that you might be mounting long lived storage into this path, which will allow the pid file to live between container restarts (you don't want this to happen)

[pled]

Thanks Chris, Looking further, it seems to be a Portainer issue. When using docker command to stop and start container, all is fine. The only change I can remember is that I move docker files (using OMV WebUI for that) from system disk to external HD as my system disk is a microSD (odroid-hc2). Strange side effect, but at least there is some easy workaround ! Cheers.

[inertia666]

Is there anyway to reach @chrisjohnson00 ? I have issues with his fork but there is no way to message him or open issues at his Github repo.

[chrisjohnson00]

Is there anyway to reach @chrisjohnson00 ? I have issues with his fork but there is no way to message him or open issues at his Github repo.

Shouldn't be a problem in my fork with submitting issues...

[chrisjohnson00]

Is there anyway to reach @chrisjohnson00 ? I have issues with his fork but there is no way to message him or open issues at his Github repo.

Shouldn't be a problem in my fork with submitting issues...

Turns out issues were turned off on my fork, they are available now. Apologies.

[zahidm1701]

Hello Just would like to say thank you After almost 4 months moving to raspberry pi and failing with gluetun this method worked 🥇 👍 💯