docker-transmission-openvpn
docker-transmission-openvpn copied to clipboard
haugene
Let other containers use the VPN has some IP leaks
Is there a pinned issue for this?
- [X] I have read the pinned issues and could not find my issue
Is there an existing or similar issue/discussion for this?
- [X] I have searched the existing issues
- [X] I have searched the existing discussions
Is there any comment in the documentation for this?
- [X] I have read the documentation, especially the FAQ and Troubleshooting parts
Is this related to a provider?
- [X] I have checked the provider repo for issues
- [X] My issue is NOT related to a provider
Are you using the latest release?
- [X] I am using the latest release
Have you tried using the dev branch latest?
- [X] I have tried using dev branch
Docker run config used
This is my docker compose file, in which I am trying to run qbittorrent through the VPN;
# docker-compose up --detach # Will start up this docker
version: '3.3'
services:
transmission-openvpn:
container_name: transmission-openvpn
cap_add:
- NET_ADMIN
volumes:
- 'E:\Temp\:/downloads' # MODIFY - Temporary location of downloads
- 'C:\Config\:/config' # MODIFY - Location of configs, ideally within clouddrive
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- LOCAL_NETWORK=REDACTED
- AUTO_UPDATE=true
- OPENVPN_PROVIDER=NORDVPN
- OPENVPN_USERNAME=REDACTED
- OPENVPN_PASSWORD=REDACTED
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- NORDVPN_PROTOCOL=TCP
- NORDVPN_CATEGORY=P2P
- NORDVPN_COUNTRY=CA
# Transmission options; https://github.com/transmission/transmission/blob/main/docs/Editing-Configuration-Files.md#options
- GLOBAL_APPLY_PERMISSIONS=false
- TRANSMISSION_INCOMPLETE_DIR_ENABLED=false
- TRANSMISSION_DOWNLOAD_DIR=/downloads
- TRANSMISSION_RATIO_LIMIT=5
- TRANSMISSION_RATIO_LIMIT_ENABLED=true
- TRANSMISSION_IDLE_SEEDING_LIMIT=0
- TRANSMISSION_IDLE_SEEDING_LIMIT_ENABLED=true
- TRANSMISSION_RPC_USERNAME='REDACTED'
- TRANSMISSION_RPC_PASSWORD='REDACTED'
logging:
driver: "json-file"
options:
max-size: 10m
privileged: true
ports:
- '9091:9091'
- '7878:7878'
- '6881:6881'
- '8989:8989'
- '8080:8080'
restart: unless-stopped
image: haugene/transmission-openvpn
qbittorrent:
container_name: Qbittorrent
privileged: true
volumes:
- 'C:\Config\qbittorrent\config:/config'
- 'E:\Temp\:/downloads'
environment:
- PUID=1000
- PGID=1000
- TZ=America/New_York
- LOCAL_NETWORK=192.168.0.0/24
- AUTO_UPDATE=true
- WEBUI_PORT=8080
restart: unless-stopped
image: 'lscr.io/linuxserver/qbittorrent:latest'
network_mode: "service:transmission-openvpn" # Test container IP; docker exec <NAME> curl -s https://api.ipify.org
depends_on:
- transmission-openvpn # Set dependency on transmission-openvpn Container
Current Behavior
After running the above I check qbittorrent for IP leaks by running https://ipleak.net/ Torrent Address detection. I see both my personal IP and VPN IP appearing, showing that there is a leak occuring.
However when I test via docker exec Qbittorrent curl -s https://api.ipify.org as described within https://haugene.github.io/docker-transmission-openvpn/tips-tricks/#let_other_containers_use_the_vpn, then it only shows my VPN IP.
Expected Behavior
I should only see the VPN IP in both tests
How have you tried to solve the problem?
- Been having this issue for a while on multiple different builds.
Log output
No Relevant
HW/SW Environment
- OS: Microsof Windows 11 Home
- Docker: Docker Desktop 4.26.1 (131620)
Anything else?
No response
When the haugene's container is starting, connections are unprotected until openvpn is up. The firewall is not blocking/filtering outgoing connection. If qbittorrent is using service network at that moment, private ip will leak.
Three ideas to mitigate to evaluate:
- create a PR allowing blocking all connections but the vpn servers.
- have a check prior to start the qbittorrent client.
- block forwarding: sysctl -w net.ipv4.ip_forward=0
