Bug: Peer discovery on trackers limited/nonfunctional using Mullvad

[DanteDouglas]

Is this urgent?

No

Host OS

Ubuntu 22.04

CPU arch

x86_64

VPN service provider

Mullvad

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2023-08-11T11:08:54.752Z (commit e556871)

What's the problem 🤔

i have a torrenting "stack" set up using docker. I have one container that uses gluetun that provides a VPN interface for the second container, which uses qbittorrent. Up until today, I hadn't noticed any weirdness, but today I really am.

Here is what's happening:

• seeds and peers discovery on many/most trackers is nearly completely nonfunctional -- trackers time out or give the error message that they are "unreachable". This severely limits download speed (though upload speed appears to be untouched).

More context:

• both containers appear to be working fine in terms of accessibility and internet access. gluetun is correctly working with my vpn and qbit is correctly connecting to gluetun. i've verified that both containers have internet access that is providing the correct IP address that i'd expect for the VPN (somewhere in sweden). Speedtest within both containers shows expected speeds.
• qbit is working "mostly correctly". WebUI is completely accessible, no concerns. Port forwarding within docker appears to be working as expected.
• Qbittorrent is not indicating any firewall or lack of access to broader web -- the status bar shows a "green globe" instead of the "orange flame" that denotes a firewall problem.
• DHT discovery & (some!) public trackers appear to work fine.

when qbit CAN find a seed that has a good upload speed, it'll download, but it's clear that the entire discovery process is being stymied somehow. If I sit and look at the Peers tab on qbit it'll show peers appearing, sometimes being connected to, and then abruptly disappearing.

I've seen a couple bug reports of this that seem to be describing this phenomenon:

• 1562, which describes my issue more or less, but the diagnosis is incorrect. Maintainer recommends a different qbit image to avoid a lost connection problem between qbit and gluetun, but that's not what's going on for me -- the qbit container still has internet access, it's the qbit software that cannot connect to trackers.

• 349, which also seems to be exactly my problem, and commenter "beebls" even describes what appears to be an identical dl speed issue (this may warrant an issue merge, but I'm not sure -- mods feel free to do as needed here obviously)

• This reddit post seems to be my same error, but in typical internet fashion the "solve" is nearly completely undocumented. thanks reddit
• This reddit post appears to also document the same bug, no solve.

What I don't think this is: Any connection issues between docker containers, exactly. This error seems to only show up when torrenting -- any ping requests or other shit from the container works fine. There does not seem to be any glaring issues with my router or with the host computer.

What I think this might be: Something like the final question in this reddit post. Mullvad removed port forwarding as an option recently, and it would follow that the bizarre lack of peers/seeds could be related to something about torrents shutting me down due to a lack of public port or whatever.

If this is the case, it is not a gluetun issue -- it's a Mullvad issue. But I want to cover my bases because I've been banging my head against this for hours today. Anecdotally, a friend of mine who has this same gluetun-mullvad-qbit stack has experienced none of the issues that I'm describing, so if it is a Mullvad issue it seems to be inconsistent.

This could also be some strange problem related to my personal router that I haven't discovered, but given that it's not stopping any other aspect of docker, qbittorrent, or any other device on my network I am skeptical.

So to reiterate: right now the issue appears to be constant (lack of discoverability of seeds/peers, constant tracker timeouts/unreachability) but the symptoms are intermittent -- since if i find one seed with good upload, I still download the torrent at a high speed. It's just that I'm only seeing like 4 people at once, for some unknown reason.

Share your logs

========================================
========================================
=============== gluetun ================
========================================
=========== Made with ❤️ by ============
======= https://github.com/qdm12 =======
========================================
========================================

Running version latest built on 2023-08-11T11:08:54.752Z (commit e556871)

🔧 Need help? https://github.com/qdm12/gluetun/discussions/new
🐛 Bug? https://github.com/qdm12/gluetun/issues/new
✨ New feature? https://github.com/qdm12/gluetun/issues/new
☕ Discussion? https://github.com/qdm12/gluetun/discussions/new
💻 Email? quentin.mcgaw@gmail.com
💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12
2023-08-19T07:19:46Z INFO [routing] default route found: interface eth0, gateway 10.1.0.1, assigned IP 10.1.0.2 and family v4
2023-08-19T07:19:46Z INFO [routing] local ethernet link found: eth0
2023-08-19T07:19:46Z INFO [routing] local ipnet found: 10.1.0.0/24
2023-08-19T07:19:46Z INFO [firewall] enabling...
2023-08-19T07:19:46Z INFO [firewall] enabled successfully
2023-08-19T07:19:46Z INFO [storage] creating /gluetun/servers.json with 17692 hardcoded servers
2023-08-19T07:19:46Z INFO Alpine version: 3.18.3
2023-08-19T07:19:47Z INFO OpenVPN 2.5 version: 2.5.8
2023-08-19T07:19:47Z INFO OpenVPN 2.6 version: 2.6.5
2023-08-19T07:19:47Z INFO Unbound version: 1.17.1
2023-08-19T07:19:47Z INFO IPtables version: v1.8.9
2023-08-19T07:19:47Z INFO Settings summary:
├── VPN settings:
|   ├── VPN provider settings:
|   |   ├── Name: mullvad
|   |   └── Server selection settings:
|   |       ├── VPN type: openvpn
|   |       ├── Cities: seattle wa
|   |       └── OpenVPN server selection settings:
|   |           └── Protocol: TCP
|   └── OpenVPN settings:
|       ├── OpenVPN version: 2.5
|       ├── User: [set]
|       ├── Password: [set]
|       ├── Ciphers: [aes-256-gcm]
|       ├── Network interface: tun0
|       ├── Run OpenVPN as: root
|       └── Verbosity level: 1
├── DNS settings:
|   ├── Keep existing nameserver(s): no
|   ├── DNS server address to use: 127.0.0.1
|   └── DNS over TLS settings:
|       ├── Enabled: yes
|       ├── Update period: every 24h0m0s
|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   └── VPN input ports:
|       └── 61234
├── Log settings:
|   └── Log level: INFO
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1000
|   └── Process GID: 1000
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   └── IP file path: /tmp/gluetun/ip
└── Version settings:
    └── Enabled: yes
2023-08-19T07:19:47Z INFO [routing] default route found: interface eth0, gateway 10.1.0.1, assigned IP 10.1.0.2 and family v4
2023-08-19T07:19:47Z INFO [routing] adding route for 0.0.0.0/0
2023-08-19T07:19:47Z INFO [firewall] setting allowed subnets...
2023-08-19T07:19:47Z INFO [routing] default route found: interface eth0, gateway 10.1.0.1, assigned IP 10.1.0.2 and family v4
2023-08-19T07:19:47Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2023-08-19T07:19:47Z INFO [dns] using plaintext DNS at address 1.1.1.1
2023-08-19T07:19:47Z INFO [http server] http server listening on [::]:8000
2023-08-19T07:19:47Z INFO [healthcheck] listening on 127.0.0.1:9999
2023-08-19T07:19:47Z INFO [firewall] allowing VPN connection...
2023-08-19T07:19:47Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
2023-08-19T07:19:47Z INFO [openvpn] library versions: OpenSSL 3.1.2 1 Aug 2023, LZO 2.10
2023-08-19T07:19:47Z WARN [openvpn] --ping should normally be used with --ping-restart or --ping-exit
2023-08-19T07:19:47Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]198.54.131.34:443
2023-08-19T07:19:47Z INFO [openvpn] Attempting to establish TCP connection with [AF_INET]198.54.131.34:443 [nonblock]
2023-08-19T07:19:47Z INFO [openvpn] TCP connection established with [AF_INET]198.54.131.34:443
2023-08-19T07:19:47Z INFO [openvpn] TCP_CLIENT link local: (not bound)
2023-08-19T07:19:47Z INFO [openvpn] TCP_CLIENT link remote: [AF_INET]198.54.131.34:443
2023-08-19T07:19:47Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1551', remote='link-mtu 1536'
2023-08-19T07:19:47Z INFO [openvpn] [us-sea-ovpn-101.mullvad.net] Peer Connection Initiated with [AF_INET]198.54.131.34:443
2023-08-19T07:19:49Z INFO [openvpn] TUN/TAP device tun0 opened
2023-08-19T07:19:49Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2023-08-19T07:19:49Z INFO [openvpn] /sbin/ip link set dev tun0 up
2023-08-19T07:19:49Z INFO [openvpn] /sbin/ip addr add dev tun0 10.5.0.10/16
2023-08-19T07:19:49Z INFO [openvpn] UID set to nonrootuser
2023-08-19T07:19:49Z INFO [openvpn] Initialization Sequence Completed
2023-08-19T07:19:49Z INFO [firewall] setting allowed input port 61234 through interface tun0...
2023-08-19T07:19:49Z INFO [dns] downloading DNS over TLS cryptographic files
2023-08-19T07:19:50Z INFO [healthcheck] healthy!
2023-08-19T07:19:50Z INFO [dns] downloading hostnames and IP block lists
2023-08-19T07:19:57Z INFO [dns] init module 0: validator
2023-08-19T07:19:57Z INFO [dns] init module 1: iterator
2023-08-19T07:19:57Z INFO [dns] start of service (unbound 1.17.1).
2023-08-19T07:19:57Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-08-19T07:19:57Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2023-08-19T07:19:57Z INFO [dns] ready
2023-08-19T07:19:57Z INFO [vpn] You are running on the bleeding edge of latest!
2023-08-19T07:19:57Z INFO [ip getter] Public IP address is 198.54.131.54 (United States, Washington, Seattle)

Share your configuration

---
version: "3"
services:
  mullvad:
    image: qmcgaw/gluetun
    container_name: mullvad
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=mullvad
      - VPN_TYPE=openvpn
      - OPENVPN_USER=userkey #user key
      - OPENVPN_CIPHERS=AES-256-GCM
        # - VPN_TYPE=wireguard
        # - WIREGUARD_PRIVATE_KEY= wireguardkey
        # - WIREGUARD_ADDRESSES= wireguardaddress
      - SERVER_CITIES=Seattle WA 
      - FIREWALL_VPN_INPUT_PORTS=61234 
        # - KILL_SWITCH=true
      - OPENVPN_PROTOCOL=tcp
    ports:
      - 6881:6881
      - 8080:8080 #qbit
      - 61234:61234 #qbit
      - 61234:61234/udp #qbit
      - 1194:1194 #openvpn
      # - 9091:9091 #transmission ports
      # - 51413:51413 #transmission
      # - 51413:51413/udp #transmission
      # - 61729:61729/udp
    restart: unless-stopped 

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles
      - WEBUI_PORT=8080
    volumes:
      - /home/dante/qbittorrent/config:/config
      - /home/dante/docker/downloads:/downloads
      - /plexserver:/plexserver
    #ports:
        #- 8080:8080
        #- 51820:51820 #qbit
        #- 51820:51820/udp #qbit
        #- 61234:61234
    restart: unless-stopped
    network_mode: "service:mullvad"

[SxthGear]

Experiencing the same thing here with deluge and qbittorrent. Interestingly if I run natively through my pfsense mullvad openvpn connection, I have no issues with peer or tracker connections. So I don't think it's necessarily a mullvad issue.

[qdm12]

1. Have you updated your qbittorrent settings to not have a forwarded port configured?
2. Have you tried with Wireguard (since it's natively supported with Gluetun <-> Mullvad)?
3. Have you tried with another torrent client like Deluge

Despite what @SxthGear mentions, I run Gluetun+Wireguard+Deluge+Netherlands server+No VPN server port forwarding; and download speeds are fine (at least 50MB/s), although I don't download that often either.

Most users don't have port forwarding setup for torrenting, so I doubt trackers would judge you for it? 🤔

[DanteDouglas]

Have you updated your qbittorrent settings to not have a forwarded port configured?

Yep, none is currently configured.

Have you tried with Wireguard (since it's natively supported with Gluetun <-> Mullvad)?

I did swap between Wireguard and OpenVPN a couple times while testing this, I didn't notice any difference positive or negative.

Have you tried with another torrent client like Deluge?

I didn't try with Deluge, but I did try with transmission, and it appeared to work about the same.

It's a weird one, I think. I would like to report that today, it seems like it's working better (or at least, I have noticed more trackers populating with peers). Given the nature of torrents, I can't fully rule out that I was just using some crappy torrents that didn't have too many seeders at the time, so it's hard to nail down.

Regardless, as of today at least, this is not a going concern for me.