search

qdm12 / gluetun

VPN client in a thin Docker container for multiple VPN providers, written in Go, and using OpenVPN or Wireguard, DNS over TLS, with a few proxy servers built-in.
https://hub.docker.com/r/qmcgaw/gluetun
MIT License
7.23k stars 345 forks source link

Bug: qBittorrent extremely slow startup and incomming connections port status change #1360

Open pentago opened 1 year ago

pentago commented 1 year ago

Is this urgent?

No

Host OS

Ubuntu 22

CPU arch

x86_64

VPN service provider

Mullvad

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2022-12-31T17:50:58.654Z (commit ea40b84)

What's the problem 🤔

Noticed two frustrating issues when using Mullvar with Wireguard:

  1. qBittorrent container takes an enormously long time to complete the startup (starts much faster without gluetun). I there anything that impacts container start time in this setup? I use compose..

  2. Upon start, qBittorrent is marked as "Firewalled" meaning it doesn't accept any incoming connections even though the firewall is properly open.

​I noticed that if I leave it alone, connectivity restores back after 10+ minutes or so after I start all containers. ​Not sure why because following the gluetun logs shows that I'm connected to Wireguard node within a couple of seconds.​​So seemingly, all is working but takes 10+ minutes for something to settle down somehow :/

Apparently, something involving the gluetun makes qBittorrent very sluggish and slow in regular work, is there anything that can be done to remedy this situation?

Share your logs

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2022-12-31T17:50:58.654Z (commit ea40b84)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-01-18T20:04:50+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.48.1 and assigned IP 192.168.48.2
2023-01-18T20:04:50+01:00 INFO [routing] local ethernet link found: eth0
2023-01-18T20:04:50+01:00 INFO [routing] local ipnet found: 192.168.48.0/20
2023-01-18T20:04:50+01:00 INFO [firewall] enabling...
2023-01-18T20:04:50+01:00 INFO [firewall] enabled successfully
2023-01-18T20:04:51+01:00 INFO [storage] merging by most recent 13224 hardcoded servers and 13224 servers read from /gluetun/servers.json
2023-01-18T20:04:51+01:00 INFO Alpine version: 3.16.3
2023-01-18T20:04:52+01:00 INFO OpenVPN 2.4 version: 2.4.12
2023-01-18T20:04:52+01:00 INFO OpenVPN 2.5 version: 2.5.6
2023-01-18T20:04:52+01:00 INFO Unbound version: 1.15.0
2023-01-18T20:04:52+01:00 INFO IPtables version: v1.8.8
2023-01-18T20:04:52+01:00 INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: mullvad
|   |   └── Server selection settings:
|   |       ├── VPN type: wireguard
|   |       ├── Cities: tokyo
|   |       └── Wireguard selection settings:
|   └── Wireguard settings:
|       ├── Private key: kD...mk=
|       ├── Interface addresses:
|       |   └── 10.64.123.78/32
|       └── Network interface: tun0
├── DNS settings:
|   ├── DNS server address to use: 127.0.0.1
|   ├── Keep existing nameserver(s): no
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:7f00:1/104
|               ├── ::ffff:a00:0/104
|               ├── ::ffff:a9fe:0/112
|               ├── ::ffff:ac10:0/108
|               └── ::ffff:c0a8:0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── VPN input ports:
|       └── 56587
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   ├── Process GID: 1000
|   └── Timezone: Europe/Belgrade
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
├── Server data updater settings:
|   ├── Update period: 24h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: mullvad
└── Version settings:
    └── Enabled: yes
2023-01-18T20:04:52+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.48.1 and assigned IP 192.168.48.2
2023-01-18T20:04:52+01:00 INFO [routing] adding route for 0.0.0.0/0
2023-01-18T20:04:52+01:00 INFO [firewall] setting allowed subnets...
2023-01-18T20:04:52+01:00 INFO [routing] default route found: interface eth0, gateway 192.168.48.1 and assigned IP 192.168.48.2
2023-01-18T20:04:52+01:00 INFO [dns over tls] using plaintext DNS at address 1.1.1.1
2023-01-18T20:04:52+01:00 INFO [http server] http server listening on [::]:8000
2023-01-18T20:04:52+01:00 INFO [healthcheck] listening on 127.0.0.1:9999
2023-01-18T20:04:52+01:00 INFO [firewall] allowing VPN connection...
2023-01-18T20:04:52+01:00 INFO [wireguard] Using available kernelspace implementation
2023-01-18T20:04:52+01:00 INFO [wireguard] Connecting to 91.193.7.66:51820
2023-01-18T20:04:52+01:00 INFO [wireguard] Wireguard is up
2023-01-18T20:04:52+01:00 INFO [firewall] setting allowed input port 56587 through interface tun0...
2023-01-18T20:04:52+01:00 INFO [dns over tls] downloading DNS over TLS cryptographic files
2023-01-18T20:04:54+01:00 INFO [healthcheck] healthy!
2023-01-18T20:04:56+01:00 INFO [dns over tls] downloading hostnames and IP block lists
2023-01-18T20:05:04+01:00 INFO [healthcheck] unhealthy: cannot dial: dial tcp4: lookup cloudflare.com on 127.0.0.1:53: read udp 127.0.0.1:41755->127.0.0.1:53: read: connection refused(see https://github.com/qdm12/gluetun/wiki/Healthcheck)
2023-01-18T20:05:10+01:00 INFO [healthcheck] program has been unhealthy for 6s: restarting VPN
2023-01-18T20:05:10+01:00 INFO [vpn] stopping
2023-01-18T20:05:10+01:00 INFO [firewall] removing allowed port 56587...
2023-01-18T20:05:10+01:00 ERROR [vpn] cannot get version information: Get "https://api.github.com/repos/qdm12/gluetun/commits": context canceled
2023-01-18T20:05:10+01:00 INFO [vpn] starting
2023-01-18T20:05:10+01:00 INFO [firewall] allowing VPN connection...
2023-01-18T20:05:10+01:00 INFO [wireguard] Using available kernelspace implementation
2023-01-18T20:05:10+01:00 INFO [wireguard] Connecting to 91.193.7.66:51820
2023-01-18T20:05:10+01:00 INFO [wireguard] Wireguard is up
2023-01-18T20:05:10+01:00 INFO [firewall] setting allowed input port 56587 through interface tun0...
2023-01-18T20:05:18+01:00 INFO [dns over tls] init module 0: validator
2023-01-18T20:05:18+01:00 INFO [dns over tls] init module 1: iterator
2023-01-18T20:05:18+01:00 INFO [dns over tls] start of service (unbound 1.15.0).
2023-01-18T20:05:19+01:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2023-01-18T20:05:19+01:00 INFO [dns over tls] generate keytag query _ta-4a5c-4f66. NULL IN
2023-01-18T20:05:21+01:00 INFO [healthcheck] healthy!
2023-01-18T20:05:22+01:00 INFO [dns over tls] ready

Share your configuration

services:

  gluetun:
    container_name: gluetun
    image:qmcgaw/gluetun:latest
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 56587:56587/tcp # Mullvad Port Forwards
      - 56587:56587/udp # Mullvad Port Forwards
    volumes:
      - ./config/gluetun:/gluetun
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Belgrade
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=wireguard
      - WIREGUARD_PRIVATE_KEY=redacted
      - WIREGUARD_ADDRESSES=redacted
      - FIREWALL_VPN_INPUT_PORTS=56587
      - SERVER_CITIES=Hong Kong

  qbittorrent:
    container_name: qbittorrent
    image: linuxserver/qbittorrent:latest
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Belgrade
      - WEBUI_PORT=8080
      - DOCKER_MODS=arafatamim/linuxserver-io-mod-vuetorrent
    volumes:
      - ./config/qbittorrent:/config
      - /storage:/storage/downloads
      - /storage/mma:/storage/downloads/mma
    network_mode: "service:gluetun"
    restart: always
khartahk commented 1 year ago

I'm having a similar issue while using OpenVPN. The download does not start at all. I'll leave it on for the night and see if this changes. Although I did test it out using https://torguard.net/checkmytorrentipaddress.php and the IP was displayed so outgoing must be working.

aidan-gibson commented 1 month ago

This issue should be closed, Mullvad doesn't support port forwarding https://mullvad.net/en/blog/2023/5/29/removing-the-support-for-forwarded-ports