Let other containers use the VPN has some IP leaks

[SachaTe]

Is there a pinned issue for this?

• [X] I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• [X] I have searched the existing issues
• [X] I have searched the existing discussions

Is there any comment in the documentation for this?

• [X] I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• [X] I have checked the provider repo for issues
• [X] My issue is NOT related to a provider

Are you using the latest release?

• [X] I am using the latest release

Have you tried using the dev branch latest?

• [X] I have tried using dev branch

Docker run config used

This is my docker compose file, in which I am trying to run qbittorrent through the VPN;

# docker-compose up --detach # Will start up this docker
version: '3.3'
services:
    transmission-openvpn:
        container_name: transmission-openvpn
        cap_add:
            - NET_ADMIN
        volumes:
            - 'E:\Temp\:/downloads' # MODIFY - Temporary location of downloads
            - 'C:\Config\:/config' # MODIFY - Location of configs, ideally within clouddrive
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=America/New_York
            - LOCAL_NETWORK=REDACTED
            - AUTO_UPDATE=true
            - OPENVPN_PROVIDER=NORDVPN
            - OPENVPN_USERNAME=REDACTED
            - OPENVPN_PASSWORD=REDACTED
            - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
            - NORDVPN_PROTOCOL=TCP
            - NORDVPN_CATEGORY=P2P
            - NORDVPN_COUNTRY=CA
            # Transmission options; https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md#options
            - GLOBAL_APPLY_PERMISSIONS=false
            - TRANSMISSION_INCOMPLETE_DIR_ENABLED=false
            - TRANSMISSION_DOWNLOAD_DIR=/downloads
            - TRANSMISSION_RATIO_LIMIT=5
            - TRANSMISSION_RATIO_LIMIT_ENABLED=true
            - TRANSMISSION_IDLE_SEEDING_LIMIT=0
            - TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true
            - TRANSMISSION_RPC_USERNAME='REDACTED'
            - TRANSMISSION_RPC_PASSWORD='REDACTED'
        logging:
            driver: "json-file"
            options:
                max-size: 10m
        privileged: true
        ports:
            - '9091:9091'
            - '7878:7878'
            - '6881:6881'
            - '8989:8989'
            - '8080:8080'
        restart: unless-stopped
        image: haugene/transmission-openvpn

    qbittorrent:
        container_name: Qbittorrent
        privileged: true
        volumes:
            - 'C:\Config\qbittorrent\config:/config'
            - 'E:\Temp\:/downloads'
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=America/New_York
            - LOCAL_NETWORK=192.168.0.0/24
            - AUTO_UPDATE=true
            - WEBUI_PORT=8080
        restart: unless-stopped
        image: 'lscr.io/linuxserver/qbittorrent:latest'
        network_mode: "service:transmission-openvpn" # Test container IP; docker exec <NAME> curl -s https://api.ipify.org
        depends_on:
            - transmission-openvpn # Set dependency on transmission-openvpn Container

Current Behavior

After running the above I check qbittorrent for IP leaks by running https://ipleak.net/ Torrent Address detection. I see both my personal IP and VPN IP appearing, showing that there is a leak occuring.

However when I test via docker exec Qbittorrent curl -s https://api.ipify.org as described within https://haugene.github.io/docker-transmission-openvpn/tips-tricks/#let_other_containers_use_the_vpn, then it only shows my VPN IP.

Expected Behavior

I should only see the VPN IP in both tests

How have you tried to solve the problem?

1) Been having this issue for a while on multiple different builds.

Log output

No Relevant

HW/SW Environment

- OS: Microsof Windows 11 Home
- Docker: Docker Desktop 4.26.1 (131620) 

Anything else?

No response

[ilike2burnthing]

Please provide the environment information in the template.

[edgd1er]

When the haugene's container is starting, connections are unprotected until openvpn is up. The firewall is not blocking/filtering outgoing connection. If qbittorrent is using service network at that moment, private ip will leak.

Three ideas to mitigate to evaluate:

• create a PR allowing blocking all connections but the vpn servers.
• have a check prior to start the qbittorrent client.
• block forwarding: sysctl -w net.ipv4.ip_forward=0