search

binhex / arch-qbittorrentvpn

Docker build script for Arch Linux base with qBittorrent, Privoxy and OpenVPN
GNU General Public License v3.0
445 stars 47 forks source link

WebGUI issues. #39

Closed Turb0Yoda closed 4 years ago

Turb0Yoda commented 4 years ago

Hello, I successfully got the container up and running. I'm having an issue where, if I have VPN enabled(using Mullvad in this case), I cannot access the qbitorrent WebGUI. If I disable the VPN, I have access again. Am I missing something dumb? Running this on OMV5..

s3rverro0m commented 4 years ago

You definitely are missing something because I’m running Qbit with Mullvad as well and I can access the WebGUI perfectly fine. Can you post your docker compose on here? (Just make sure to take out any personal info)

Turb0Yoda commented 4 years ago 

    --privileged=true \
    -p 6881:6881 \
    -p 6881:6881/udp \
    -p 8080:8080 \
    -p 8118:8118 \
    --name=qbittorrentvpn \
    -v /mnt/main/main/torrents/torrents:/data \
    -v /mnt/main/main/torrents:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_PROV=custom \
    -e ENABLE_PRIVOXY=no \
    -e LAN_NETWORK=10.0.20.0/24 \
    -e NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 \
    -e ADDITIONAL_PORTS=1234 \
    -e DEBUG=false \
    -e WEBUI_PORT=8080 \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
    binhex/arch-qbittorrentvpn```

```Thu May  7 18:41:55 2020 VERIFY KU OK
Thu May  7 18:41:55 2020 Validating certificate extended key usage
Thu May  7 18:41:55 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu May  7 18:41:55 2020 VERIFY EKU OK
Thu May  7 18:41:55 2020 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=us-lax-015.mullvad.net, emailAddress=security@mullvad.net
2020-05-07 18:41:55,509 DEBG 'start-script' stdout output:
Thu May  7 18:41:55 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
Thu May  7 18:41:55 2020 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2020-05-07 18:41:55,510 DEBG 'start-script' stdout output:
Thu May  7 18:41:55 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
Thu May  7 18:41:55 2020 [us-lax-015.mullvad.net] Peer Connection Initiated with [AF_INET]$IP:$PORT
2020-05-07 18:41:56,599 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 SENT CONTROL [us-lax-015.mullvad.net]: 'PUSH_REQUEST' (status=1)
2020-05-07 18:41:56,617 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.11.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.11.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1197::1003/64 fdda:d0d0:cafe:1197::,ifconfig 10.11.0.5 255.255.0.0,peer-id 3,cipher AES-256-GCM'
2020-05-07 18:41:56,617 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 Pushed option removed by filter: 'route-ipv6 0000::/2'
Thu May  7 18:41:56 2020 Pushed option removed by filter: 'route-ipv6 4000::/2'
Thu May  7 18:41:56 2020 Pushed option removed by filter: 'route-ipv6 8000::/2'
Thu May  7 18:41:56 2020 Pushed option removed by filter: 'route-ipv6 C000::/2'
Thu May  7 18:41:56 2020 Pushed option removed by filter: 'ifconfig-ipv6 fdda:d0d0:cafe:1197::1003/64 fdda:d0d0:cafe:1197::'
Thu May  7 18:41:56 2020 OPTIONS IMPORT: compression parms modified
Thu May  7 18:41:56 2020 OPTIONS IMPORT: --socket-flags option modified
Thu May  7 18:41:56 2020 NOTE: setsockopt TCP_NODELAY=1 failed
Thu May  7 18:41:56 2020 OPTIONS IMPORT: --ifconfig/up options modified
Thu May  7 18:41:56 2020 OPTIONS IMPORT: route options modified
Thu May  7 18:41:56 2020 OPTIONS IMPORT: route-related options modified
Thu May  7 18:41:56 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu May  7 18:41:56 2020 OPTIONS IMPORT: peer-id set
Thu May  7 18:41:56 2020 OPTIONS IMPORT: adjusting link_mtu to 1624
Thu May  7 18:41:56 2020 OPTIONS IMPORT: data channel crypto options modified
Thu May  7 18:41:56 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu May  7 18:41:56 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu May  7 18:41:56 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-05-07 18:41:56,618 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
2020-05-07 18:41:56,618 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 TUN/TAP device tun0 opened
Thu May  7 18:41:56 2020 TUN/TAP TX queue length set to 100
Thu May  7 18:41:56 2020 /usr/bin/ip link set dev tun0 up mtu 1500
2020-05-07 18:41:56,622 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 /usr/bin/ip addr add dev tun0 10.11.0.5/16 broadcast 10.11.255.255
2020-05-07 18:41:56,625 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 /root/openvpnup.sh tun0 1500 1552 10.11.0.5 255.255.0.0 init
2020-05-07 18:41:56,631 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 /usr/bin/ip route add **.**.**.***/32 via 172.17.0.1
2020-05-07 18:41:56,634 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 /usr/bin/ip route add 0.0.0.0/1 via 10.11.0.1
2020-05-07 18:41:56,636 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 /usr/bin/ip route add 128.0.0.0/1 via 10.11.0.1
2020-05-07 18:41:56,637 DEBG 'start-script' stdout output:
Thu May  7 18:41:56 2020 Initialization Sequence Completed
2020-05-07 18:41:56,760 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment
2020-05-07 18:41:56,760 DEBG 'start-script' stdout output:
[info] Checking we can resolve name 'www.google.com' to address...
2020-05-07 18:41:56,778 DEBG 'start-script' stdout output:
[info] DNS operational, we can resolve name 'www.google.com' to address '$IP1 $IP2'
2020-05-07 18:41:56,779 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using Name Server 'ns1.google.com'...
2020-05-07 18:41:56,884 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address $IP
2020-05-07 18:41:56,953 DEBG 'watchdog-script' stdout output:
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.11.0.5 different, marking for reconfigure
2020-05-07 18:41:56,958 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running
2020-05-07 18:41:56,958 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...
2020-05-07 18:41:56,959 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...
2020-05-07 18:41:56,974 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8080...
2020-05-07 18:41:57,093 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080```
s3rverro0m commented 4 years ago

The only thing that really jumps out at me is the -e additional_ports. I have a forwarded port w/ Mullvad so I updated that on mine, including qbittorrent.config. Maybe try that?

s3rverro0m commented 4 years ago

This is my docker-compose which looks almost identical:


version: "3.7"

services:
  qbittorrentvpn:
    image: binhex/arch-qbittorrentvpn:latest
    container_name: qbittorrentvpn
    restart: always
    privileged: true
    networks:
      - traefik
    ports:
      - 8888:8080
    volumes:
      - ${USERDIR}/assets/qbittorrentvpn:/config
      - /mnt/downloads:/data
      - /mnt/media:/media
      - /etc/localtime:/etc/localtime:ro
    env_file: ${USERDIR}/assets/qbittorrentvpn/qbittorrentvpn.env
[Trimmed]
s3rverro0m commented 4 years ago

Heres my env file:

PUID=$PUID
PGID=$PGID
PHP_TZ=America/Los_Angeles
VPN_ENABLED=yes
VPN_USER=<username>
VPN_PASS=<pass>
VPN_PROV=custom
LAN_NETWORK=192.168.1.0/24
STRICT_PORT_FORWARD=yes
ADDITIONAL_PORTS=4032
ENABLE_PRIVOXY=yes
NAME_SERVERS=1.1.1.1,1.0.0.1
DEBUG=true
UMASK=000
WEBUI_PORT=8080

I also don't have all the same ports forwarded as you do because this container is controlled via Traefik, so don't mind that.

Turb0Yoda commented 4 years ago

No go :( not entirely sure what's up... I also don't have a qbittorrent.conf in the config directory... what the hell

s3rverro0m commented 4 years ago

No go :( not entirely sure what's up... I also don't have a qbittorrent.conf in the config directory... what the hell

I’m assuming you’ve already tried deleting the config folder and having docker recreate it?

Turb0Yoda commented 4 years ago

I've tried remaking the docker container entirely..

s3rverro0m commented 4 years ago

I've tried remaking the docker container entirely..

How about /mnt/main/main/torrents:/config?

Turb0Yoda commented 4 years ago

Just remade that directory- no go

last few bits of my docker lock from portainer


[info] qBittorrent process listening on port 8080,
[info] Successfully retrieved external IP address $IP
2020-05-10 15:04:18,998 DEBG 'watchdog-script' stdout output:,
2020-05-10 15:04:19,003 DEBG 'watchdog-script' stdout output:,
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.11.0.4 different, marking for reconfigure,
[info] qBittorrent not running,
2020-05-10 15:04:19,169 DEBG 'watchdog-script' stdout output:,
[info] Attempting to start qBittorrent...,
2020-05-10 15:04:19,004 DEBG 'watchdog-script' stdout output:,
[info] Removing session lock file (if it exists)...,
[info] qBittorrent process started,
[info] Waiting for qBittorrent process to start listening on port 8080...,
2020-05-10 15:04:19,296 DEBG 'watchdog-script' stdout output:```

8080/tcp filtered http-proxy

nmap shows that so.. it's doing something...
Turb0Yoda commented 4 years ago

Took the NAS off a vlan I had for it and it started to work...