docker-qbittorrentvpn icon indicating copy to clipboard operation
docker-qbittorrentvpn copied to clipboard

Published 20 hours ago verified publisher icon DyonR

Error: Nexthop has invalid gateway - Webui not accessible

Open D1s0rdu8 opened this issue 2 years ago • 2 comments

When using this config on my 192.168.0.30 host:

networks:
  t2_proxy:
    name: t2_proxy
    driver: bridge
    ipam:
      config:
        - subnet: 192.168.90.0/24
  default:
    driver: bridge
		
services:
  qbittorrent:
    image: dyonr/qbittorrentvpn:dev
    container_name: qbittorrent
    restart: always
    privileged: true
    networks:
      t2_proxy:
        ipv4_address: 192.168.90.9
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    ports:
      - "8112:8080"
      - "8999:8999"
      - "8999:8999/udp"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - $DOCKERDIR/appdata/qbittorrent:/config
      - $DOCKERDIR/appdata/qbittorrent/tempdl:/downloads
      - $DATADIR/torrent:/torrent
    environment:
      VPN_ENABLED: "yes"
      VPN_TYPE: "openvpn"
      VPN_USERNAME: "***"
      VPN_PASSWORD: "***"
      LAN_NETWORK: "192.168.0.0/24"
      NAME_SERVERS: "1.1.1.1,1.0.0.1,8.8.8.8,8.8.4.4"
      ADDITIONAL_PORTS: "8112"
      INSTALL_PYTHON3: "yes"

give me the error:

[INFO] Docker network defined as 192.168.90.0/24
[INFO] Adding 192.168.0.0/24 as route via docker eth0
Error: Nexthop has invalid gateway.

Result : I can't access webui http://192.168.0.30:8112 from my local network 192.168.0.0/24

Solution is to manually add this route:

sudo docker exec -it qbittorrent bash
ip route add 192.168.0.0/24 via 192.168.90.1 dev eth0

Not sure if I have a special config or if this can be solved somehow in iptables.sh

D1s0rdu8 avatar Sep 27 '22 09:09 D1s0rdu8

Since you have 192.168.0.* (LAN network) and 192.168.90.* (docker network), shouldn't 192.168.0.0/16 cover both networks as a LAN? I've done it on my local but it doesn't seem to work.

LAN_NETWORK: "192.168.0.0/16"

Also, in my error logs, I don't see a "NextHop" Error. My routing table already has the 192.168.X.0/16 (or 24) in it's ip route table, pointing to the device on eth0.

Docker network defined as 192.168.90.0/20
Adding 192.168.0.0/16 as route via docker eth0
ip route defined as follows...
...
(table here)
192.168.0.0/16 via 192.168.90.1 dev eth0

Astro03 avatar Oct 03 '22 23:10 Astro03

I am getting this same issue on brand new deployment.

2023-02-10 15:23:26.005000 [INFO] VPN_ENABLED defined as 'yes' 2023-02-10 15:23:26.043662 [INFO] LEGACY_IPTABLES is set to '' 2023-02-10 15:23:26.090413 [INFO] Not making any changes to iptables version 2023-02-10 15:23:26.137590 [INFO] The container is currently running iptables v1.8.7 (nf_tables). 2023-02-10 15:23:26.190674 [INFO] VPN_TYPE defined as 'openvpn' 2023-02-10 15:23:26.267330 [INFO] OpenVPN config file is found at /config/openvpn/GP-2023-DC.ovpn dos2unix: converting file /config/openvpn/GP-2023-DC.ovpn to Unix format... 2023-02-10 15:23:26.338786 [INFO] VPN remote line defined as 'iad4.gpvpn.com 8080' 2023-02-10 15:23:26.420986 [INFO] VPN_REMOTE defined as 'iad4.gpvpn.com' 2023-02-10 15:23:26.487681 [INFO] VPN_PORT defined as '8080' 2023-02-10 15:23:26.547051 [INFO] VPN_PROTOCOL defined as 'udp' 2023-02-10 15:23:26.666850 [INFO] VPN_DEVICE_TYPE defined as 'tun0' 2023-02-10 15:23:26.738294 [INFO] LAN_NETWORK defined as '192.168.87.0/24' 2023-02-10 15:23:26.791795 [INFO] NAME_SERVERS defined as '8.8.8.8' 2023-02-10 15:23:26.835398 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2023-02-10 15:23:26.891016 [INFO] Adding 8.8.8.8 to resolv.conf 2023-02-10 15:23:26.927015 [INFO] PUID not defined. Defaulting to root user 2023-02-10 15:23:26.966088 [INFO] PGID not defined. Defaulting to root group 2023-02-10 15:23:27.005415 [INFO] Starting OpenVPN... 2023-02-10 15:23:27 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2023-02-10 15:23:27 WARNING: file 'credentials.conf' is group or others accessible 2023-02-10 15:23:27 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021 2023-02-10 15:23:27 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2023-02-10 15:23:27 TCP/UDP: Preserving recently used remote address: [AF_INET]185.151.12.242:8080 2023-02-10 15:23:27 UDP link local: (not bound) 2023-02-10 15:23:27 UDP link remote: [AF_INET]185.151.12.242:8080 2023-02-10 15:23:27 [VPN] Peer Connection Initiated with [AF_INET]185.151.12.242:8080 2023-02-10 15:23:34 TUN/TAP device tun0 opened 2023-02-10 15:23:34 net_iface_mtu_set: mtu 1500 for tun0 2023-02-10 15:23:34 net_iface_up: set tun0 up 2023-02-10 15:23:34 net_addr_ptp_v4_add: 10.10.2.26 peer 10.10.2.25 dev tun0 2023-02-10 15:23:34 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2023-02-10 15:23:34 Initialization Sequence Completed 2023-02-10 15:23:35.312574 [INFO] Docker network defined as 172.17.0.0/16 2023-02-10 15:23:35.359122 [INFO] Adding 192.168.87.0/24 as route via docker eth0 Error: Nexthop has invalid gateway. 2023-02-10 15:23:35.399720 [INFO] ip route defined as follows...

default via 10.10.2.25 dev tun0 10.10.2.1 via 10.10.2.25 dev tun0 10.10.2.25 dev tun0 proto kernel scope link src 10.10.2.26 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.8 185.151.12.242 via 172.17.0.1 dev eth0

2023-02-10 15:23:35.534171 [INFO] iptables defined as follows...

-P INPUT DROP -P FORWARD ACCEPT -P OUTPUT DROP -A INPUT -i tun0 -j ACCEPT -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT

2023-02-10 15:23:35.608879 [INFO] ENABLE_SSL is set to 'yes' 2023-02-10 15:23:35.635767 [INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do. 2023-02-10 15:23:35.668726 [INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do. 2023-02-10 15:23:35.707985 [INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true. 2023-02-10 15:23:35.755844 [INFO] A group with PGID root already exists in /etc/group within this container, nothing to do. 2023-02-10 15:23:35.815041 [INFO] An user with PUID root already exists within this container, nothing to do. 2023-02-10 15:23:35.854029 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002' 2023-02-10 15:23:35.887939 [INFO] Starting qBittorrent daemon... Logging to /config/qBittorrent/data/logs/qbittorrent.log. 2023-02-10 15:23:36.924614 [INFO] Started qBittorrent daemon successfully... 2023-02-10 15:23:36.953962 [INFO] qBittorrent PID: 219 2023-02-10 15:23:36.980677 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one 2023-02-10 15:23:37.013111 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300 2023-02-10 15:23:37.038481 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default 2023-02-10 15:23:37.063539 [WARNING] RESTART_CONTAINER not defined,(via -e RESTART_CONTAINER), defaulting to 'yes' 2023-02-10 15:23:37.088845 [INFO] HEALTH_CHECK_AMOUNT is not set. For now using default interval of 1 2023-02-10 15:23:37.121035 [INFO] HEALTH_CHECK_AMOUNT is set to 1

Shadex12 avatar Feb 10 '23 15:02 Shadex12