search

guillaumedsde / alpine-qbittorrent-openvpn

qBittorrent docker container with OpenVPN client running as unprivileged user on alpine linux
https://guillaumedsde.gitlab.io/alpine-qbittorrent-openvpn/
GNU General Public License v3.0
215 stars 39 forks source link

iptables invalid port/service #26

Open hadim opened 3 years ago

hadim commented 3 years ago

I don't know whether this is related to the provider or a more general bug. The error seems to be related to iptables:

[cont-init.d] 03-setup-iptables: executing... 
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.
$ dc version
docker-compose version 1.26.0dev, build unknown
docker-py version: 4.3.1
CPython version: 3.7.6
OpenSSL version: OpenSSL 1.1.1g  21 Apr 2020
torr:
    container_name: torr
    image: guillaumedsde/alpine-qbittorrent-openvpn:development  # i also tried `latest` and `python`
    volumes:
      - /home/hadim/Configurations/torr/config:/config
      - "/etc/localtime:/etc/localtime:ro"
      - freda_Download:/downloads
    environment:
      - PGID=1000
      - PUID=1000
      - TZ=EST
      - UMASK_SET=022
      - OPENVPN_PROVIDER=PROTONVPN
      - OPENVPN_CONFIG=ca-27.protonvpn.com.tcp  # I also tried using `udp`
      - OPENVPN_USERNAME=xxxxxx
      - OPENVPN_PASSWORD=xxxxxxxx
      - LAN=192.168.0.0/16
      # - CREATE_TUN_DEVICE=true
      - QBT_WEBUI_PORT=8788
      # - WEBPROXY_ENABLED=false
      # - DNS=1.1.1.1
      # - HEALTH_CHECK_HOST=8.8.8.8
    ports:
      - 8788:8080
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    dns:
      - 1.1.1.1
      - 8.8.8.8
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.torr.rule=Host(`torr.xxxx.org`)"
      - "traefik.http.routers.torr.entrypoints=websecure"
      - "traefik.http.routers.torr.tls.certresolver=mydnschallenge"
      - "traefik.http.services.torr.loadbalancer.server.port=8788"

and here is the associated error when running the service:

Attaching to torr
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing... 
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing... 
Thu Sep 10 13:51:02 2020 TUN/TAP device tun0 opened
Thu Sep 10 13:51:02 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: PROTONVPN
A
A    protonvpn/us-wa-16.protonvpn.com.tcp.ovpn
A    protonvpn/us-wa-16.protonvpn.com.udp.ovpn
A    protonvpn/za-05.protonvpn.com.tcp.ovpn
A    protonvpn/za-05.protonvpn.com.udp.ovpn
A    protonvpn/za-06.protonvpn.com.tcp.ovpn
A    protonvpn/za-06.protonvpn.com.udp.ovpn
A    protonvpn/za-07.protonvpn.com.tcp.ovpn
A    protonvpn/za-07.protonvpn.com.udp.ovpn
# ...
A    protonvpn/za-08.protonvpn.com.tcp.ovpn
A    protonvpn/za-08.protonvpn.com.udp.ovpn
A    protonvpn/za-09.protonvpn.com.tcp.ovpn
A    protonvpn/za-09.protonvpn.com.udp.ovpn
A    protonvpn/za-10.protonvpn.com.tcp.ovpn
A    protonvpn/za-10.protonvpn.com.udp.ovpn
A    protonvpn/za-11.protonvpn.com.tcp.ovpn
A    protonvpn/za-11.protonvpn.com.udp.ovpn
A    protonvpn/za-12.protonvpn.com.tcp.ovpn
A    protonvpn/za-12.protonvpn.com.udp.ovpn
Exported revision 2308.
INFO: Found OpenVPN configuration: "ca-27.protonvpn.com.tcp" for provider "PROTONVPN" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing... 
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Thu Sep 10 13:51:05 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Thu Sep 10 13:51:05 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu Sep 10 13:51:05 2020 NOTE: --fast-io is disabled since we are not using UDP
Thu Sep 10 13:51:05 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Sep 10 13:51:05 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Sep 10 13:51:05 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443
hadim commented 3 years ago

It looks like the ip in the ovpn file is now different so I tried to use a custom ovpn file but I have the same error:

client
dev tun
proto tcp

remote 37.120.205.85 443
remote 37.120.205.85 5995
remote 37.120.205.85 8443

remote-random
resolv-retry infinite
nobind
cipher AES-256-CBC
auth SHA512
compress
verb 3

tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
persist-tun

reneg-sec 0

remote-cert-tls server
auth-user-pass /config/openvpn-credentials.txt
pull
fast-io
<ca>
torr           | OpenVPN provider not set. Using configuration at /config/openvpn/config.ovpn
torr           | [cont-init.d] 02-setup-openvpn: exited 0.
torr           | [cont-init.d] 03-setup-iptables: executing... 
torr           | iptables v1.8.4 (legacy): invalid port/service `443
torr           | 5995
torr           | 8443' specified
torr           | Try `iptables -h' or 'iptables --help' for more information.
torr           | iptables v1.8.4 (legacy): invalid port/service `443
torr           | 5995
torr           | 8443' specified
torr           | Try `iptables -h' or 'iptables --help' for more information.

Note that using the same ovpn file on my desktop station works well.

hadim commented 3 years ago

Indeed something is wrong with internet connectivity inside the container:

$ docker-compose exec torr ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Operation not permitted

so this is probably iptables related.

guillaumedsde commented 3 years ago

Hi @hadim I've merged This PR from @Mithror which might fix the problem you're having, let me know if that fixes it for you :)

hadim commented 3 years ago

Ty but I have since switched to https://github.com/tprasadtp/protonvpn-docker.

Mithror commented 3 years ago

Seems to me that this probably never worked, because the *.ovpn files for protonvpn always seem to have had multiple remote entries defined (and remote-random)?

guillaumedsde commented 3 years ago

Hum, you're probably right @Mithror looks like I'll need to spend some time updating the scripts and file layout in the repo according to @haugene's repo