Open poudenes opened 5 months ago
You seem to be using Synology. The error message is a little different but this might be related to: https://github.com/Trigus42/alpine-qbittorrentvpn/issues/50. Could you please add SYS_MODULE
to the containers capabilities and the volume /lib/modules:/lib/modules:ro
and try the image trigus42/qbittorrentvpn:issue-50
?
Its running for almost a year on my Synology.
Here log output:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 10-environment.sh: executing...
2024-01-09 18:52:45 [INFO] WEBUI_ALLOWED_NETWORKS is defined as 192.168.100.0/24
2024-01-09 18:52:46 [DEBUG] Docker interface defined as eth0
2024-01-09 18:52:47 [DEBUG] Docker IPv4 address defined as 172.30.33.106
2024-01-09 18:52:47 [INFO] Docker IPv4 network defined as 172.30.32.0/23
2024-01-09 18:52:47 [DEBUG] Default IPv4 gateway defined as 172.30.32.1
2024-01-09 18:52:47 [INFO] PUID defined as 1026
2024-01-09 18:52:47 [INFO] PGID defined as 100
2024-01-09 18:52:47 [INFO] An user with PUID 1026 does not exist, adding an user called 'qbittorrent' with PUID 1026
2024-01-09 18:52:49 [INFO] VPN_ENABLED defined as 'yes'
2024-01-09 18:52:49 [INFO] VPN_TYPE defined as 'openvpn'
2024-01-09 18:52:49 [INFO] NAME_SERVERS defined as '1.1.1.1'
2024-01-09 18:52:49 [INFO] Adding 1.1.1.1 to resolv.conf
[cont-init.d] 10-environment.sh: exited 0.
[cont-init.d] 20-vpn.sh: executing...
2024-01-09 18:52:49 [INFO] Choosen VPN config: 'vpn_unlimited_torrent_fr.ovpn'
2024-01-09 18:52:49 [INFO] Using credentials from /config/openvpn/vpn_unlimited_torrent_fr_credentials.conf
dos2unix: converting file /config/openvpn/vpn_unlimited_torrent_fr.ovpn to Unix format...
2024-01-09 18:52:49 [INFO] VPN remote line defined as 'fr.vpnunlimitedapp.com 1197'
2024-01-09 18:52:49 [INFO] VPN_REMOTE defined as 'fr.vpnunlimitedapp.com'
2024-01-09 18:52:49 [INFO] VPN_PORT defined as '1197'
2024-01-09 18:52:49 [INFO] VPN_PROTOCOL defined as 'udp'
2024-01-09 18:52:49 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2024-01-09 18:52:49 [DEBUG] Route: 1.1.1.1 via 172.30.32.1 dev eth0 src 172.30.33.106
2024-01-09 18:52:49 [DEBUG] Ping to 1.1.1.1 succeeded
2024-01-09 18:52:50 [DEBUG] fr.vpnunlimitedapp.com resolved to 195.154.166.20
2024-01-09 18:52:50 [DEBUG] Ping to 195.154.166.20 via eth0 succeeded
2024-01-09 18:52:50 [INFO] Starting OpenVPN...
--------------------
2024-01-09 18:52:50 [DEBUG] OpenVPN PID: 320
2024-01-09 18:52:51 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations.
2024-01-09 18:52:51 WARNING: file '/config/openvpn/vpn_unlimited_torrent_fr_credentials.conf' is group or others accessible
2024-01-09 18:52:51 OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2024-01-09 18:52:51 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-01-09 18:52:51 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-01-09 18:52:51 TCP/UDP: Preserving recently used remote address: [AF_INET]195.154.221.54:1197
2024-01-09 18:52:51 UDPv4 link local: (not bound)
2024-01-09 18:52:51 UDPv4 link remote: [AF_INET]195.154.221.54:1197
2024-01-09 18:53:51 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
2024-01-09 18:53:51 TLS Error: TLS handshake failed
2024-01-09 18:53:51 SIGUSR1[soft,tls-error] received, process restarting
2024-01-09 18:53:52 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-01-09 18:53:52 TCP/UDP: Preserving recently used remote address: [AF_INET]195.154.204.36:1197
2024-01-09 18:53:52 UDPv4 link local: (not bound)
2024-01-09 18:53:52 UDPv4 link remote: [AF_INET]195.154.204.36:1197
2024-01-09 18:53:52 [server.ironnodes.com] Peer Connection Initiated with [AF_INET]195.154.204.36:1197
2024-01-09 18:53:52 TUN/TAP device tun0 opened
2024-01-09 18:53:52 /sbin/ip link set dev tun0 up mtu 1500
2024-01-09 18:53:52 /sbin/ip link set dev tun0 up
2024-01-09 18:53:52 /sbin/ip addr add dev tun0 local 10.80.0.66 peer 10.80.0.65
2024-01-09 18:53:53 Initialization Sequence Completed
--------------------
2024-01-09 18:53:53 [DEBUG] Route: 1.1.1.1 via 10.80.0.65 dev tun0 src 10.80.0.66
2024-01-09 18:53:53 [DEBUG] Ping to 1.1.1.1 succeeded
2024-01-09 18:53:53 [DEBUG] fr.vpnunlimitedapp.com resolved to 195.154.204.36
2024-01-09 18:53:53 [DEBUG] Ping to 195.154.204.36 via eth0 succeeded
[cont-init.d] 20-vpn.sh: exited 0.
[cont-init.d] 30-network.sh: executing...
2024-01-09 18:53:53 [DEBUG] nf_tables kernel module not loaded
2024-01-09 18:53:53 [ERROR] Failed to load nf_tables kernel module:
--------------------
modprobe: can't change directory to '4.4.302+': No such file or directory
--------------------
Try adding the required volume and capability to this container or load nf_tables manually
Maybe its was nothing. But after I started the container with the extra lines etc. It seems my whole network get unstable....
Can you try loading the module manually on your host (synology) using modprobe -v nf_tables
? Does this work? Can you post the output of uname -a
and modinfo nf_tables
?
Nothing...
ash-4.4# modprobe -v nf_tables
modprobe: FATAL: Module nf_tables not found.
ash-4.4# uname -a
Linux Synology 4.4.302+ #69057 SMP Mon Nov 13 14:19:30 CST 2023 x86_64 GNU/Linux synology_geminilake_220+
ash-4.4# modinfo nf_tables
ash: modinfo: command not found
Yeah it seems like the Synology DSM Kernel isn't built with nftables support enabled. I didn't expect to come across any up-to-date systems without nftables support as it is supported since kernel version 3.13 and has been slowly replacing iptables-legacy since then.
For now, please use the old image trigus42/qbittorrentvpn:7871e66f8529db34ac58b54e1df56d9db51cf2e5
.
Once I got a little more time, I'll see how to deal with that. I'd rather not switch back to iptables, but I might be left with no choice if I wanna support Synology. I am open to suggestions btw
Revert back to trigus42/qbittorrentvpn:7871e66f8529db34ac58b54e1df56d9db51cf2e5
and its working.
Let me know if I can do something to test. Can create a second container for testing
Yeah it seems like the Synology DSM Kernel isn't built with nftables support enabled. I didn't expect to come across any up-to-date systems without nftables support as it is supported since kernel version 3.13 and has been slowly replacing iptables-legacy since then.
For now, please use the old image
trigus42/qbittorrentvpn:7871e66f8529db34ac58b54e1df56d9db51cf2e5
.Once I got a little more time, I'll see how to deal with that. I'd rather not switch back to iptables, but I might be left with no choice if I wanna support Synology. I am open to suggestions btw
Which one is newer?
I'm sorry but I can't figure it out by myself
Just letting everyone know, this doesn't only affect a Synology NAS. I ran into the same issue on a Tinkerboard S running Tinker OS. The "trigus42/qbittorrentvpn:7871e66f8529db34ac58b54e1df56d9db51cf2e5" image fixed the issue for me, but I'm guessing it can never be updated from there?
I have created a legacy-iptables
branch. Please try the image
legacy-iptables didn't work for me. It looked like the vpn would connect, but errors adding rules, though I don't have the output. Had to go back to 7871e66f8529db34ac58b54e1df56d9db51cf2e5 which still works for me.
Didn't use qBittorrent for some days but its was not reachable. Saw some errors. App is working with VPN off. But with VPN on I get the errors see below the compose information:
Debug log information