search

guillaumedsde / alpine-qbittorrent-openvpn

qBittorrent docker container with OpenVPN client running as unprivileged user on alpine linux
https://guillaumedsde.gitlab.io/alpine-qbittorrent-openvpn/
GNU General Public License v3.0
215 stars 39 forks source link

Connection with VPN server is never established #94

Open RolandWH opened 2 years ago

RolandWH commented 2 years ago

Information

The container fails to establish a connection with the ip address of the vpn server, it tries for a long time before timing out and looping from there.

Docker container log

Exported revision 1273.,
INFO: Found OpenVPN configuration: "uk-lon_tcp" for provider "SURFSHARK" using it,
[cont-init.d] 02-setup-openvpn: exited 0.,
[cont-init.d] 03-setup-iptables: executing... ,
[cont-init.d] 03-setup-iptables: exited 0.,
[cont-init.d] done.,
[services.d] starting services,
[services.d] done.,
2021-10-26 14:36:42 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.,
2021-10-26 14:36:42 OpenVPN 2.5.2 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May  4 2021,
2021-10-26 14:36:42 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10,
2021-10-26 14:36:42 NOTE: --fast-io is disabled since we are not using UDP,
2021-10-26 14:36:42 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
2021-10-26 14:36:42 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication,
2021-10-26 14:36:42 TCP/UDP: Preserving recently used remote address: [AF_INET]86.106.157.226:1443,
2021-10-26 14:36:42 Socket Buffers: R=[131072->131072] S=[16384->16384],
2021-10-26 14:36:42 Attempting to establish TCP connection with [AF_INET]86.106.157.226:1443 [nonblock],
2021-10-26 14:38:43 TCP: connect to [AF_INET]86.106.157.226:1443 failed: Operation timed out,
2021-10-26 14:38:43 SIGUSR1[connection failed(soft),init_instance] received, process restarting,

Current setup

I'm using a Raspberry Pi 4 8GB with Raspberry Pi OS Lite (32-bit). The Pi is connected to the an ASUS RT-AX58U router via ethernet. There is no VPN software running on the router and my ISP is Virgin Media. The Pi has 2 4TB USB hard drives connected in RAID 1, the config directory for the container is located on those drives, the filesystem is ext4. My VPN provider is Surfshark and I'm using the UK/London OpenVPN profile.

docker image tag (ex: python, latest, 32242d1 ...) python
docker image hash (ex: 603b78e07727) 19b3fafaf67f

docker-compose.yml file or docker run command

I used Portainer (version 2.9.1) to create and launch the container. I installed Portainer via openmediavault.

version: "3.3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/your/storage/path/:/downloads"
      - "/path/to/config/directory:/config"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=SURFSHARK
      - OPENVPN_CONFIG=uk-lon_tcp
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - PUID=1000
      - PGID=1000
      - LAN=192.168.0.0/16
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:python

Attempted Fix(es)

I tried switching to a UDP config instead of TCP, however this created a different error: write UDP: Operation not permitted (code=1)

markcagatandavis commented 2 years ago

I am also getting the same thing... not sure what to do on this. 

qbittorrent-openvpn           | [cont-init.d] 03-setup-iptables: exited 0.
qbittorrent-openvpn           | [cont-init.d] done.
qbittorrent-openvpn           | [services.d] starting services
qbittorrent-openvpn           | ./run: line 8: arithmetic syntax error
qbittorrent-openvpn           | 2022-04-25 10:10:26 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
qbittorrent-openvpn           | 2022-04-25 10:10:26 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
qbittorrent-openvpn           | 2022-04-25 10:10:26 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
qbittorrent-openvpn           | Options error: --ca fails with 'ca.ipvanish.com.crt': No such file or directory (errno=2)
qbittorrent-openvpn           | Options error: Please correct these errors.
qbittorrent-openvpn           | Use --help for more information.
qbittorrent-openvpn           | [services.d] done.
hsinyu-chen commented 1 year ago

same issue , also using SURFSHARK