stalled downloads with Mullvad

[seriousuxx]

Hi,

I get stalled downloads with every torrent I try to download. I am trying this for weeks but I still can not get it to work. I have also tried the qBittorrent in Linux binding an interface and qBittorrent users in Linux, macOS, and Windows (https://mullvad.net/en/help/bittorrent/) but with no luck :/ I have tried the android ovpn and windows ovpn files

I hope someone can help me figuring this out, I would really appreciate it.

docker run -d \ --cap-add=NET_ADMIN \ -p 6881:6881 \ -p 6881:6881/udp \ -p 6363:6363 \ -p 8118:8118 \ --name=qbittorrentvpn \ -v /share/Container/docker/qbittorrent/data:/data \ -v /share/Container/docker/qbittorrent/config:/config \ -v /share/Download/QBittorrent:/downloads \ -v /etc/localtime:/etc/localtime:ro \ -e VPN_ENABLED=yes \ -e VPN_USER=XXXXXXXXXXXXXXXXXXXXXX \ -e VPN_PASS=m \ -e VPN_PROV=custom \ -e VPN_CLIENT=openvpn \ -e STRICT_PORT_FORWARD=yes \ -e ENABLE_PRIVOXY=yes \ -e LAN_NETWORK=192.168.1.0/24 \ -e NAME_SERVERS=1.1.1.1,1.0.0.1\ -e ADDITIONAL_PORTS=4790 \ -e DEBUG=false \ -e WEBUI_PORT=6363 \ -e UMASK=000 \ -e PUID=1000 \ -e PGID=1000 \ binhex/arch-qbittorrentvpn

---

log download from Portainer

[info] qBittorrent listening interface IP 10.11.0.19 and VPN provider IP 10.11.0.11 different, marking for reconfigure

2021-01-24 13:54:18,180 DEBG 'start-script' stderr output:

/root/openvpn.sh: line 76: 984 Killed /usr/bin/openvpn --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv VPN_CLIENT 'openvpn' --setenv DEBUG 'false' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_ENABLED 'yes' --setenv VPN_REMOTE_SERVER 'de-fra-006.mullvad.net' --setenv APPLICATION 'qbittorrent' --script-security 2 --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'dhcp-option DNS6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --up /root/openvpnup.sh --up-delay --up-restart --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/mullvad_de_fra.ovpn' --remote 185.213.155.136 1197 udp --remote-random

2021-01-24 13:54:18,181 DEBG 'start-script' stdout output:

[info] Starting OpenVPN (non daemonised)...

2021-01-24 13:54:18 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

2021-01-24 13:54:18 WARNING: file 'credentials.conf' is group or others accessible

2021-01-24 13:54:18 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov 6 2020

2021-01-24 13:54:18 library versions: OpenSSL 1.1.1i 8 Dec 2020, LZO 2.10

2021-01-24 13:54:18 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2021-01-24 13:54:18 TCP/UDP: Preserving recently used remote address: [AF_INET]185.213.155.135:1197

2021-01-24 13:54:18 Socket Buffers: R=[8388608->1048576] S=[8388608->1048576]

2021-01-24 13:54:18 UDP link local: (not bound)

2021-01-24 13:54:18 UDP link remote: [AF_INET]185.213.155.135:1197

2021-01-24 13:54:18,202 DEBG 'start-script' stdout output:

2021-01-24 13:54:18 TLS: Initial packet from [AF_INET]185.213.155.135:1197, sid=e2fb36b2 cb0c71f0

2021-01-24 13:54:18,224 DEBG 'start-script' stdout output:

2021-01-24 13:54:18 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, emailAddress=security@mullvad.net

2021-01-24 13:54:18,224 DEBG 'start-script' stdout output:

2021-01-24 13:54:18 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v3, emailAddress=security@mullvad.net

2021-01-24 13:54:18,224 DEBG 'start-script' stdout output:

2021-01-24 13:54:18 VERIFY KU OK

2021-01-24 13:54:18 Validating certificate extended key usage

2021-01-24 13:54:18,224 DEBG 'start-script' stdout output:

2021-01-24 13:54:18 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2021-01-24 13:54:18 VERIFY EKU OK

2021-01-24 13:54:18 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=de-fra-005.mullvad.net, emailAddress=security@mullvad.net

2021-01-24 13:54:18,258 DEBG 'start-script' stdout output:

2021-01-24 13:54:18 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'

2021-01-24 13:54:18,258 DEBG 'start-script' stdout output:

2021-01-24 13:54:18 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'

2021-01-24 13:54:18 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA

2021-01-24 13:54:18 [de-fra-005.mullvad.net] Peer Connection Initiated with [AF_INET]185.213.155.135:1197

2021-01-24 13:54:19,376 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 SENT CONTROL [de-fra-005.mullvad.net]: 'PUSH_REQUEST' (status=1)

2021-01-24 13:54:19,394 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.11.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.11.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1197::1007/64 fdda:d0d0:cafe:1197::,ifconfig 10.11.0.9 255.255.0.0,peer-id 0,cipher AES-256-GCM'

2021-01-24 13:54:19,394 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 Pushed option removed by filter: 'route-ipv6 0000::/2'

2021-01-24 13:54:19 Pushed option removed by filter: 'route-ipv6 4000::/2'

2021-01-24 13:54:19 Pushed option removed by filter: 'route-ipv6 8000::/2'

2021-01-24 13:54:19 Pushed option removed by filter: 'route-ipv6 C000::/2'

2021-01-24 13:54:19 Pushed option removed by filter: 'ifconfig-ipv6 fdda:d0d0:cafe:1197::1007/64 fdda:d0d0:cafe:1197::'

2021-01-24 13:54:19 OPTIONS IMPORT: compression parms modified

2021-01-24 13:54:19 OPTIONS IMPORT: --socket-flags option modified

2021-01-24 13:54:19 NOTE: setsockopt TCP_NODELAY=1 failed

2021-01-24 13:54:19 OPTIONS IMPORT: --ifconfig/up options modified

2021-01-24 13:54:19 OPTIONS IMPORT: route options modified

2021-01-24 13:54:19 OPTIONS IMPORT: route-related options modified

2021-01-24 13:54:19 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

2021-01-24 13:54:19 OPTIONS IMPORT: peer-id set

2021-01-24 13:54:19 OPTIONS IMPORT: adjusting link_mtu to 1624

2021-01-24 13:54:19 OPTIONS IMPORT: data channel crypto options modified

2021-01-24 13:54:19 Data Channel: using negotiated cipher 'AES-256-GCM'

2021-01-24 13:54:19 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

2021-01-24 13:54:19 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

2021-01-24 13:54:19,395 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 net_route_v4_best_gw query: dst 0.0.0.0

2021-01-24 13:54:19 net_route_v4_best_gw result: via 10.0.3.1 dev eth0

2021-01-24 13:54:19 ROUTE_GATEWAY 10.0.3.1/255.255.255.0 IFACE=eth0 HWADDR=02:42:0a:00:03:05

2021-01-24 13:54:19,395 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 TUN/TAP device tun0 opened

2021-01-24 13:54:19 net_iface_mtu_set: mtu 1500 for tun0

2021-01-24 13:54:19 net_iface_up: set tun0 up

2021-01-24 13:54:19,395 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 net_addr_v4_add: 10.11.0.9/16 dev tun0

2021-01-24 13:54:19 /root/openvpnup.sh tun0 1500 1552 10.11.0.9 255.255.0.0 init

2021-01-24 13:54:19,396 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 net_route_v4_add: 185.213.155.135/32 via 10.0.3.1 dev [NULL] table 0 metric -1

2021-01-24 13:54:19,396 DEBG 'start-script' stdout output:

2021-01-24 13:54:19 net_route_v4_add: 0.0.0.0/1 via 10.11.0.1 dev [NULL] table 0 metric -1

2021-01-24 13:54:19 net_route_v4_add: 128.0.0.0/1 via 10.11.0.1 dev [NULL] table 0 metric -1

2021-01-24 13:54:19 Initialization Sequence Completed

2021-01-24 13:54:20,455 DEBG 'start-script' stdout output:

[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2021-01-24 13:54:20,707 DEBG 'start-script' stdout output:

[info] Successfully retrieved external IP address 185.213.155.165

2021-01-24 13:54:20,707 DEBG 'start-script' stdout output:

[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment

[s3rverro0m]

I can most likely help you because I use Mullvad and don’t have any issues. I used it with OVPN and WireGuard. I see you set your Additional Port in the env section which is good. 1. Is that the same port you use for port forwarding within Mullvad? If so, then 2. You need to go into the config of Qbit and set the range with that port forward port. I’m not in front of my computer right now to get you the exact name, but I can help in a few hours.

[s3rverro0m]

So this is in /config/qBittorrent.conf...

Connection\PortRangeMin=PORT FORWARDED PORT HERE

[seriousuxx]

Hi r0arkin, I really appreciate you helping me. I have checked the config file put I already had set that up in the qui itself. Connection\PortRangeMin=4790. So I really have no clue what I should do, or what is going wrong. Maybe it is the ovpn files? I have tried the windows and Android ones.

---

[AutoRun] enabled=false program=

[BitTorrent] Session\BTProtocol=Both

[Core] AutoDeleteAddedTorrentFile=Never

[Preferences] Advanced\AnonymousMode=false Advanced\RecheckOnCompletion=false Advanced\trackerPort=9000 Bittorrent\DHT=false Bittorrent\LSD=false Bittorrent\MaxRatio=1 Bittorrent\PeX=false Connection\Interface= Connection\InterfaceAddress= Connection\InterfaceName= Connection\PortRangeMin=4790 Connection\Proxy\IP=10.64.0.1 Connection\Proxy\Password= IS EMPTY Connection\Proxy\Port=8080 Connection\Proxy\Username= IS EMPTY Connection\ProxyType=0 Connection\ResolvePeerCountries=true Connection\UPnP=false Connection\alt_speeds_on=false Downloads\SavePath=/share/Download/QBittorrent/Downloaded/ Downloads\ScanDirsV2=@Variant(\0\0\0\x1c\0\0\0\0) Downloads\TempPath=/share/Download/QBittorrent/temp/ Downloads\TempPathEnabled=true DynDNS\DomainName=changeme.dyndns.org DynDNS\Enabled=false DynDNS\Password= DynDNS\Service=0 DynDNS\Username= General\Locale=en General\UseRandomPort=false MailNotification\email= MailNotification\enabled=false MailNotification\password= MailNotification\req_auth=true MailNotification\req_ssl=false MailNotification\sender=qBittorrent_notification@example.com MailNotification\smtp_server=smtp.changeme.com MailNotification\username= Queueing\QueueingEnabled=false WebUI\Address= WebUI\AlternativeUIEnabled=false WebUI\AuthSubnetWhitelist=@Invalid() WebUI\AuthSubnetWhitelistEnabled=false WebUI\BanDuration=3600 WebUI\CSRFProtection=false WebUI\ClickjackingProtection=true WebUI\CustomHTTPHeaders= WebUI\CustomHTTPHeadersEnabled=false WebUI\HTTPS\CertificatePath= WebUI\HTTPS\Enabled=false WebUI\HTTPS\KeyPath= WebUI\HostHeaderValidation=true WebUI\LocalHostAuth=false WebUI\MaxAuthenticationFailCount=5 WebUI\Password_PBKDF2="REMOVED" WebUI\Port=6363 WebUI\RootFolder= WebUI\SecureCookie=true WebUI\ServerDomains= WebUI\SessionTimeout=3600 WebUI\UseUPnP=false WebUI\Username=REMOVED

[RSS] AutoDownloader\DownloadRepacks=true AutoDownloader\SmartEpisodeFilter=s(\d+)e(\d+), (\d+)x(\d+), "(\d{4}[.\-]\d{1,2}[.\-]\d{1,2})", "(\d{1,2}[.\-]\d{1,2}[.\-]\d{4})"

[s3rverro0m]

Okay good! Can you try downloading the ovpn file for linux? After which, you'll need to change "mullvad_whatever.conf" to "mullvad_whatever.ovpn"? The reason for this is because that folder has the cert, password and updated-resolv.conf. I'm not sure if those are really needed, but I have them in my folder so may as well try.

[seriousuxx]

I have downloaded the linux files but no luck :/

• credentials.conf
• mullvad_ca.crt
• mullvad_de_fra.ovpn
• mullvad_userpass.txt
• update-resolv-conf

These are in the folder now.

Do I have to select something else from the "Advanced settings" when downloading the files? I have downloaded the "Default (UDP)" file.

[s3rverro0m]

No, "Default UDP" is fine. What Linux distro are you running? In my yaml, I use privileged: true instead of --cap-add=NET_ADMIN but that's because I'm running CentOS 8. Does Qbit work if you disable VPN?

[seriousuxx]

I have a qnap with Portainer. changing vpn yes to no, same issue. even ubuntu torrent is stalled. Maybe it is just one simple thing that is going wrong, but I just can't figure it out

[seriousuxx]

It started to work after I had disabled the vpn and disabled "Keep incomplete torrents in". and it was downloading fast. So I changed it back to vpn=yes and it also was downloading. but then I stopped. and now it is downloading but really really slow. even the Ubuntu torrent is taking ages, while when vpn was turned off it was seconds