search

guillaumedsde / alpine-qbittorrent-openvpn

qBittorrent docker container with OpenVPN client running as unprivileged user on alpine linux
https://guillaumedsde.gitlab.io/alpine-qbittorrent-openvpn/
GNU General Public License v3.0
216 stars 40 forks source link

Question: Is there anyway to define multiple LANs? #61

Open PcInfamy opened 3 years ago

PcInfamy commented 3 years ago

Possible feature request, but is there anyway to define multiple LANs to access the web interface? I've tried this:

-e LAN=10.0.211.0/24 \
-e LAN=10.0.215.0/24 \

but I can only access the web UI from the 10.0.215.0/24 network.

Alfagun74 commented 3 years ago

Why is this Lan option needed at all

PcInfamy commented 3 years ago

Why is this Lan option needed at all

I believe its used to setup the iptables firewall rules to keep traffic from leaking out of the VPN. You define the local LAN so that the container can only communicate through the VPN or to the local LAN, but not out the local WAN connection.

Alfagun74 commented 3 years ago

Why is this Lan option needed at all

I believe its used to setup the iptables firewall rules to keep traffic from leaking out of the VPN. You define the local LAN so that the container can only communicate through the VPN or to the local LAN, but not out the local WAN connection.

But what should i set if i want exactly that

PcInfamy commented 3 years ago

Why is this Lan option needed at all

I believe its used to setup the iptables firewall rules to keep traffic from leaking out of the VPN. You define the local LAN so that the container can only communicate through the VPN or to the local LAN, but not out the local WAN connection.

But what should i set if i want exactly that

You set that using the -e LAN=10.0.211.0/24 variable when creating the container. i.e.:

docker run --cap-add=NET_ADMIN -d \
 -v /home/qb/config:/config \
 -e OPENVPN_PROVIDER=PIA \
 -e OPENVPN_CONFIG=japan \
 -e OPENVPN_USERNAME=********** \
 -e OPENVPN_PASSWORD=*********************** \
 -e PUID=1000 \
 -e PGID=1000 \
 -e LAN=10.0.211.0/24 \
 -p 8080:8080 \
 --restart unless-stopped \
 guillaumedsde/alpine-qbittorrent-openvpn:latest
Alfagun74 commented 3 years ago

My problem was i was hosting this in a home server and could not use the Web UI it from different networks i have, because this LAN Setting blocked me. Solution was setting it to 0.0.0.0/0 to allow all my networks to use it. The VPN is still used by Qbittorrent. Thanks for the help tho!

C84186 commented 3 years ago

@Alfagun74 I wouldn't (personally) suggest exposing qbittorrent's webui to public without putting it behind a TLS terminating proxy (unless i misunderstand you)

@PcInfamy , besides generally not being supported, unfortunately, the way you've tried to provide multiple settings for LAN wouldn't ever work, as using docker run -e VARIABLE=value helloworld just sets the environment variable given by VARIABLE, which (probably) means that whatever is set last will take precedence.

If the option were ever implemented, it'd likely need a character separated list like `-e LAN="192.168.0.1/24 10.0.211.0/24" (separate by whitespace).

Alfagun74 commented 3 years ago

@C84186 Don't worry i am hosting it behind a TLS proxy. Also i have different private networks @ home and i needed to expose it for the usual DMZ & VLAN stuff.