docker-qbittorrentvpn
docker-qbittorrentvpn copied to clipboard
DyonR
Can't access WebUI, after "Started qBittorrent daemon successfully..."
Command used to start docker:
sudo docker run --privileged \
-v /home/kalypso/config/:/config \
-v /home/kalypso/Downloads/:/downloads \
-e "VPN_ENABLED=yes" \
-e "VPN_TYPE=wireguard" \
-e "LAN_NETWORK=192.168.0.0/24" \
-e "INSTALL_PYTHON3=yes" \
-e "ADDITIONAL_PORTS=13770" \
-p 8080:8080 \
--restart unless-stopped \
dyonr/qbittorrentvpn
And the output log...
2021-07-19 09:05:39.645450 [INFO] VPN_ENABLED defined as 'yes'
2021-07-19 09:05:39.663183 [INFO] VPN_TYPE defined as 'wireguard'
2021-07-19 09:05:39.683112 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2021-07-19 09:05:40.486022 [INFO] VPN remote line defined as '<redacted>:13770'
2021-07-19 09:05:40.503508 [INFO] VPN_REMOTE defined as '<redacted>'
2021-07-19 09:05:40.523272 [INFO] VPN_PORT defined as '13770'
2021-07-19 09:05:40.541421 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2021-07-19 09:05:40.562831 [INFO] VPN_DEVICE_TYPE set as 'wg0', since WireGuard will always be wg0.
2021-07-19 09:05:40.581551 [INFO] LAN_NETWORK defined as '192.168.0.0/24'
2021-07-19 09:05:40.600476 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
2021-07-19 09:05:40.618774 [INFO] Adding 1.1.1.1 to resolv.conf
2021-07-19 09:05:40.636267 [INFO] Adding 8.8.8.8 to resolv.conf
2021-07-19 09:05:40.654900 [INFO] Adding 1.0.0.1 to resolv.conf
2021-07-19 09:05:40.673315 [INFO] Adding 8.8.4.4 to resolv.conf
2021-07-19 09:05:40.690839 [INFO] PUID not defined. Defaulting to root user
2021-07-19 09:05:40.709520 [INFO] PGID not defined. Defaulting to root group
2021-07-19 09:05:40.727984 [INFO] Starting WireGuard...
Warning: `/config/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.64.180.184/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
2021-07-19 09:05:40.854448 [INFO] Docker network defined as 172.17.0.0/16
2021-07-19 09:05:40.875653 [INFO] Adding 192.168.0.0/24 as route via docker eth0
2021-07-19 09:05:40.892902 [INFO] ip route defined as follows...
--------------------
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.0.0/24 via 172.17.0.1 dev eth0
--------------------
2021-07-19 09:05:40.927511 [INFO] Adding additional incoming port 13770 for eth0
2021-07-19 09:05:41.007874 [INFO] Adding additional outgoing port 13770 for eth0
2021-07-19 09:05:41.028709 [INFO] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i wg0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 13770 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 13770 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 13770 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 13770 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 13770 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 13770 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
2021-07-19 09:05:41.050230 [INFO] Python3 is already installed, nothing to do.
2021-07-19 09:05:41.068701 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2021-07-19 09:05:41.086988 [WARNING] If you manage the SSL config yourself, you can ignore this.
2021-07-19 09:05:41.106104 [INFO] A group with PGID root already exists in /etc/group, nothing to do.
2021-07-19 09:05:41.124775 [INFO] An user with PUID root already exists in /etc/passwd, nothing to do.
2021-07-19 09:05:41.141584 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2021-07-19 09:05:41.159265 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2021-07-19 09:05:42.179922 [INFO] qBittorrent PID: 233
2021-07-19 09:05:42.196460 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one
2021-07-19 09:05:42.214303 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300
2021-07-19 09:05:42.233204 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default
2021-07-19 09:05:42.472521 [INFO] Started qBittorrent daemon successfully...
I am unable to connect to http://<my_server_ip_address>:8080/. I can SSH in, check docker and get this log file, but can't access the WebUI
Not sure if I am doing something wrong... not even sure what the error is.
Hi, same thing here. Iḿ trying to run it trough portainer via yml file, but web ui is unaccesible, althoug container runs well and no problems seems to be in logs.
yaml config: qbittorrentvpn: image: dyonr/qbittorrentvpn container_name: qbittorrentvpn privileged: true environment: - VPN_USERNAME=**************************** - VPN_PASSWORD=**************************** - PUID=998 - PGID=100 - VPN_ENABLED=yes - VPN_TYPE=openvpn - HEALTH_CHECK_HOST=local-ip - HEALTH_CHECK_INTERVAL=300 - INSTALL_PYTHON3=yes - ADDITIONAL_PORTS=8282 - LAN_NETWORK=local-ip/24 #adjust this to YOUR network settings - NAME_SERVERS=8.8.8.8 #you can use whatever DNS provider you want ports: - 8282:8282 - 8999:8999 - 8999:8999/udp volumes: - /srv/path-to-data/Configs/QBittorrentVPN:/config - /srv/path-to-data/Torrents:/downloads - /etc/timezone:/etc/timezone:ro #This is for TimeZone restart: unless-stopped
Logs:
Tue Jul 20 21:27:54 2021 TUN/TAP device tun0 opened
Tue Jul 20 21:27:54 2021 TUN/TAP TX queue length set to 100
Tue Jul 20 21:27:54 2021 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul 20 21:27:54 2021 /sbin/ip addr add dev tun0 10.8.8.16/24 broadcast 10.8.8.255
Tue Jul 20 21:27:54 2021 /sbin/ip route add 185.153.150.61/32 via 172.22.0.1
Tue Jul 20 21:27:54 2021 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Tue Jul 20 21:27:54 2021 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Tue Jul 20 21:27:54 2021 Initialization Sequence Completed
2021-07-20 21:27:55.532578 [INFO] Docker network defined as 172.22.0.0/16
2021-07-20 21:27:55.584952 [INFO] Adding 192.168.50.1/24 as route via docker eth0
Error: Invalid prefix for given prefix length.
2021-07-20 21:27:55.634653 [INFO] ip route defined as follows...
0.0.0.0/1 via 10.8.8.1 dev tun0
default via 172.22.0.1 dev eth0
10.8.8.0/24 dev tun0 proto kernel scope link src 10.8.8.16
128.0.0.0/1 via 10.8.8.1 dev tun0
172.22.0.0/16 dev eth0 proto kernel scope link src 172.22.0.9
185.153.150.61 via 172.22.0.1 dev eth0
2021-07-20 21:27:55.715263 [INFO] Adding additional incoming port 8282 for eth0
2021-07-20 21:27:55.783479 [INFO] Adding additional outgoing port 8282 for eth0
2021-07-20 21:27:55.839799 [INFO] iptables defined as follows...
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.22.0.0/16 -d 172.22.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8282 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8282 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.22.0.0/16 -d 172.22.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8282 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8282 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
2021-07-20 21:27:55.896972 [INFO] Python3 is already installed, nothing to do.
2021-07-20 21:27:55.936417 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2021-07-20 21:27:55.969567 [WARNING] If you manage the SSL config yourself, you can ignore this.
2021-07-20 21:27:56.008171 [INFO] A group with PGID 100 already exists in /etc/group, nothing to do.
2021-07-20 21:27:56.044469 [INFO] An user with PUID 998 already exists in /etc/passwd, nothing to do.
2021-07-20 21:27:56.082389 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2021-07-20 21:27:56.118158 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2021-07-20 21:27:57.188948 [INFO] qBittorrent PID: 200
2021-07-20 21:27:57.202176 [INFO] Started qBittorrent daemon successfully...
2021-07-20 21:27:57.232200 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default
2021-07-20 21:28:08.296060 [ERROR] Network is down, exiting this Docker
2021-07-20 21:28:09.050672 [INFO] VPN_ENABLED defined as 'yes'
2021-07-20 21:28:09.077552 [INFO] VPN_TYPE defined as 'openvpn'
2021-07-20 21:28:09.182466 [INFO] OpenVPN config file is found at /config/openvpn/es-vlc.prod.vpn.comvpn_openvpn_udp.ovpn
dos2unix: converting file /config/openvpn/es-vlc.prod.vpn.comvpn_openvpn_udp.ovpn to Unix format...
2021-07-20 21:28:09.268845 [INFO] VPN remote line defined as 'es-vlc.prod.vpn.com 1194'
2021-07-20 21:28:09.302060 [INFO] VPN_REMOTE defined as 'es-vlc.prod.vpn.com'
2021-07-20 21:28:09.330259 [INFO] VPN_PORT defined as '1194'
2021-07-20 21:28:09.356065 [INFO] VPN_PROTOCOL defined as 'udp'
2021-07-20 21:28:09.382017 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2021-07-20 21:28:09.407505 [INFO] LAN_NETWORK defined as '192.168.50.1/24'
2021-07-20 21:28:09.432818 [INFO] NAME_SERVERS defined as '8.8.8.8'
2021-07-20 21:28:09.458111 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2021-07-20 21:28:09.483941 [INFO] Adding 8.8.8.8 to resolv.conf
2021-07-20 21:28:09.508938 [INFO] Starting OpenVPN...
Tue Jul 20 21:28:09 2021 WARNING: file 'credentials.conf' is group or others accessible
Tue Jul 20 21:28:09 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Jul 20 21:28:09 2021 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Tue Jul 20 21:28:09 2021 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Jul 20 21:28:09 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 20 21:28:09 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 20 21:28:09 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]185.153.150.54:1194
Tue Jul 20 21:28:09 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 20 21:28:09 2021 UDP link local: (not bound)
Tue Jul 20 21:28:09 2021 UDP link remote: [AF_INET]185.153.150.54:1194
Tue Jul 20 21:28:09 2021 TLS: Initial packet from [AF_INET]185.153.150.54:1194, sid=5b26f915 52be59d6
Tue Jul 20 21:28:09 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 20 21:28:09 2021 VERIFY OK: depth=2, C=VG, O=vpn, CN=vpn Root CA
Tue Jul 20 21:28:09 2021 VERIFY OK: depth=1, C=VG, O=vpn, CN=vpn Intermediate CA
Tue Jul 20 21:28:09 2021 VERIFY KU OK
Tue Jul 20 21:28:09 2021 Validating certificate extended key usage
Tue Jul 20 21:28:09 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 20 21:28:09 2021 VERIFY EKU OK
Tue Jul 20 21:28:09 2021 VERIFY OK: depth=0, CN=es-vlc-v014.prod.vpn.com
Tue Jul 20 21:28:09 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
Tue Jul 20 21:28:09 2021 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Tue Jul 20 21:28:09 2021 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Tue Jul 20 21:28:09 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jul 20 21:28:09 2021 [es-vlc-v014.prod.vpn.com] Peer Connection Initiated with [AF_INET]185.153.150.54:1194
Tue Jul 20 21:28:11 2021 SENT CONTROL [es-vlc-v014.prod.vpn.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 20 21:28:16 2021 SENT CONTROL [es-vlc-v014.prod.vpn.com]: 'PUSH_REQUEST' (status=1)
Tue Jul 20 21:28:16 2021 AUTH: Received control message: AUTH_FAILED
Tue Jul 20 21:28:16 2021 SIGTERM[soft,auth-failure] received, process exiting
@iratekalypso Can you try adding the option --net='brdige'
@Rufus13apostol The last message of the error you get is AUTH: Received control message: AUTH_FAILED
The password you did enter is most likely wrong or it has unsupported characters like a 'space'
@iratekalypso Can you try adding the option
--net='brdige'
Alright, this is the new command used:
sudo docker run --privileged \
-v /home/kalypso/config/:/config \
-v /home/kalypso/Downloads/:/downloads \
-e "VPN_ENABLED=yes" \
-e "VPN_TYPE=wireguard" \
-e "LAN_NETWORK=192.168.0.0/24" \
-e "INSTALL_PYTHON3=yes" \
-e "ADDITIONAL_PORTS=13770" \
-p 8080:8080 \
--restart unless-stopped \
--net=78c3386a2252 \
dyonr/qbittorrentvpn
And this is the correct NETWORK ID for bridge:
~ # docker network ls
NETWORK ID NAME DRIVER SCOPE
78c3386a2252 bridge bridge local
c31c20c24c6e host host local
12eacbde67df none null local
This is the new output log:
2021-07-21 09:37:38.441332 [INFO] VPN_ENABLED defined as 'yes'
2021-07-21 09:37:38.460038 [INFO] VPN_TYPE defined as 'wireguard'
2021-07-21 09:37:38.479732 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2021-07-21 09:37:38.776140 [INFO] VPN remote line defined as '<redacted>:51820'
2021-07-21 09:37:38.795014 [INFO] VPN_REMOTE defined as '<redacted>'
2021-07-21 09:37:38.812810 [INFO] VPN_PORT defined as '51820'
2021-07-21 09:37:38.832122 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2021-07-21 09:37:38.849409 [INFO] VPN_DEVICE_TYPE set as 'wg0', since WireGuard will always be wg0.
2021-07-21 09:37:38.867066 [INFO] LAN_NETWORK defined as '192.168.0.0/24'
2021-07-21 09:37:38.886808 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
2021-07-21 09:37:38.909175 [INFO] Adding 1.1.1.1 to resolv.conf
2021-07-21 09:37:38.928445 [INFO] Adding 8.8.8.8 to resolv.conf
2021-07-21 09:37:38.948160 [INFO] Adding 1.0.0.1 to resolv.conf
2021-07-21 09:37:38.969922 [INFO] Adding 8.8.4.4 to resolv.conf
2021-07-21 09:37:38.987552 [INFO] PUID not defined. Defaulting to root user
2021-07-21 09:37:39.005908 [INFO] PGID not defined. Defaulting to root group
2021-07-21 09:37:39.023386 [INFO] Starting WireGuard...
Warning: `/config/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.64.180.184/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
2021-07-21 09:37:39.155355 [INFO] Docker network defined as 172.17.0.0/16
2021-07-21 09:37:39.176893 [INFO] Adding 192.168.0.0/24 as route via docker eth0
2021-07-21 09:37:39.197259 [INFO] ip route defined as follows...
--------------------
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.0.0/24 via 172.17.0.1 dev eth0
--------------------
2021-07-21 09:37:39.232527 [INFO] Adding additional incoming port 13770 for eth0
2021-07-21 09:37:39.301886 [INFO] Adding additional outgoing port 13770 for eth0
2021-07-21 09:37:39.322554 [INFO] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i wg0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 51820 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 13770 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 13770 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 13770 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 13770 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
2021-07-21 09:37:39.346776 [INFO] Python3 is already installed, nothing to do.
2021-07-21 09:37:39.366089 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2021-07-21 09:37:39.381946 [WARNING] If you manage the SSL config yourself, you can ignore this.
2021-07-21 09:37:39.399791 [INFO] A group with PGID root already exists in /etc/group, nothing to do.
2021-07-21 09:37:39.417898 [INFO] An user with PUID root already exists in /etc/passwd, nothing to do.
2021-07-21 09:37:39.434832 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2021-07-21 09:37:39.452972 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2021-07-21 09:37:40.476787 [INFO] qBittorrent PID: 233
2021-07-21 09:37:40.486265 [INFO] Started qBittorrent daemon successfully...
2021-07-21 09:37:40.530527 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one
2021-07-21 09:37:40.546787 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300
2021-07-21 09:37:40.567388 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default
Running docker container stats returns this, so it's doing "something":
Sadly, not able to connect to the WebUI still:
HI, I tried again and now the auth error does not appear anymore, the only error I can see is: "Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.7)".
Full log: running python rtupdate hooks for python3.7...
running python post-rtupdate hooks for python3.7...
Processing triggers for libc-bin (2.28-10) ...
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
2021-07-22 21:20:43.707572 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2021-07-22 21:20:43.731532 [WARNING] If you manage the SSL config yourself, you can ignore this.
2021-07-22 21:20:43.758561 [INFO] A group with PGID 100 already exists in /etc/group, nothing to do.
2021-07-22 21:20:43.784094 [INFO] An user with PUID 998 does not exist, adding an user called 'qbittorrent user' with PUID 998
2021-07-22 21:20:43.832621 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2021-07-22 21:20:43.866541 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2021-07-22 21:20:44.934138 [INFO] Started qBittorrent daemon successfully...
2021-07-22 21:20:44.944848 [INFO] qBittorrent PID: 775
2021-07-22 21:20:44.981121 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default
Thu Jul 22 22:17:03 2021 VERIFY OK: depth=2, C=VG, O=vpn, CN=vpn Root CA
Thu Jul 22 22:17:03 2021 VERIFY OK: depth=1, C=VG, O=vpn, CN=vpn Intermediate CA
Thu Jul 22 22:17:03 2021 VERIFY KU OK
Thu Jul 22 22:17:03 2021 Validating certificate extended key usage
Thu Jul 22 22:17:03 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Thu Jul 22 22:17:03 2021 VERIFY EKU OK
Thu Jul 22 22:17:03 2021 VERIFY OK: depth=0, CN=es-vlc-v020.prod.vpn.com
Thu Jul 22 22:17:05 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
Thu Jul 22 22:17:05 2021 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Thu Jul 22 22:17:05 2021 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Thu Jul 22 22:17:05 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jul 22 22:17:05 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jul 22 22:17:05 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jul 24 18:45:55 2021 TLS: tls_process: killed expiring key
Sat Jul 24 18:48:55 2021 [es-vlc-v020.prod.vpn.com] Inactivity timeout (--ping-restart), restarting
Sat Jul 24 18:48:55 2021 SIGUSR1[soft,ping-restart] received, process restarting
Sat Jul 24 18:48:55 2021 Restart pause, 5 second(s)
Sat Jul 24 18:49:00 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]185.153.150.78:1194
Sat Jul 24 18:49:00 2021 Socket Buffers: R=[212992->425984] S=[212992->425984]
Sat Jul 24 18:49:00 2021 UDP link local: (not bound)
Sat Jul 24 18:49:00 2021 UDP link remote: [AF_INET]185.153.150.78:1194
Sat Jul 24 18:49:00 2021 TLS: Initial packet from [AF_INET]185.153.150.78:1194, sid=5bd00543 76727c89
Sat Jul 24 18:49:00 2021 VERIFY OK: depth=2, C=VG, O=vpn, CN=vpn Root CA
Sat Jul 24 18:49:00 2021 VERIFY OK: depth=1, C=VG, O=vpn, CN=vpn Intermediate CA
Sat Jul 24 18:49:00 2021 VERIFY KU OK
Sat Jul 24 18:49:00 2021 Validating certificate extended key usage
Sat Jul 24 18:49:00 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jul 24 18:49:00 2021 VERIFY EKU OK
Sat Jul 24 18:49:00 2021 VERIFY OK: depth=0, CN=es-vlc-v020.prod.vpn.com
Sat Jul 24 18:49:00 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
Sat Jul 24 18:49:00 2021 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Sat Jul 24 18:49:00 2021 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Sat Jul 24 18:49:00 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Sat Jul 24 18:49:00 2021 [es-vlc-v020.prod.vpn.com] Peer Connection Initiated with [AF_INET]185.153.150.78:1194
Sat Jul 24 18:49:01 2021 SENT CONTROL [es-vlc-v020.prod.vpn.com]: 'PUSH_REQUEST' (status=1)
Sat Jul 24 18:49:01 2021 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'
Sat Jul 24 18:49:01 2021 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.7)
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: explicit notify parm(s) modified
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Sat Jul 24 18:49:01 2021 Socket Buffers: R=[425984->425984] S=[425984->425984]
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: route options modified
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: route-related options modified
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: peer-id set
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: adjusting link_mtu to 1656
Sat Jul 24 18:49:01 2021 OPTIONS IMPORT: data channel crypto options modified
Sat Jul 24 18:49:01 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Sat Jul 24 18:49:01 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jul 24 18:49:01 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jul 24 18:49:01 2021 Preserving previous TUN/TAP instance: tun0
Sat Jul 24 18:49:01 2021 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.
Sat Jul 24 18:49:01 2021 /sbin/ip route del 185.153.150.78/32
Sat Jul 24 18:49:01 2021 /sbin/ip route del 0.0.0.0/1
Sat Jul 24 18:49:01 2021 /sbin/ip route del 128.0.0.0/1
Sat Jul 24 18:49:01 2021 Closing TUN/TAP interface
Sat Jul 24 18:49:01 2021 /sbin/ip addr del dev tun0 10.8.8.9/24
Sat Jul 24 18:49:02 2021 ROUTE_GATEWAY 172.19.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:13:00:07
Sat Jul 24 18:49:02 2021 TUN/TAP device tun0 opened
Sat Jul 24 18:49:02 2021 TUN/TAP TX queue length set to 100
Sat Jul 24 18:49:02 2021 /sbin/ip link set dev tun0 up mtu 1500
Sat Jul 24 18:49:02 2021 /sbin/ip addr add dev tun0 10.8.8.2/24 broadcast 10.8.8.255
Sat Jul 24 18:49:02 2021 /sbin/ip route add 185.153.150.78/32 via 172.19.0.1
Sat Jul 24 18:49:02 2021 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Sat Jul 24 18:49:02 2021 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Sat Jul 24 18:49:02 2021 Initialization Sequence Completed
Sat Jul 24 19:48:32 2021 VERIFY OK: depth=2, C=VG, O=vpn, CN=vpn Root CA
Sat Jul 24 19:48:32 2021 VERIFY OK: depth=1, C=VG, O=vpn, CN=vpn Intermediate CA
Sat Jul 24 19:48:32 2021 VERIFY KU OK
Sat Jul 24 19:48:32 2021 Validating certificate extended key usage
Sat Jul 24 19:48:32 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jul 24 19:48:32 2021 VERIFY EKU OK
Sat Jul 24 19:48:32 2021 VERIFY OK: depth=0, CN=es-vlc-v020.prod.vpn.com
Sat Jul 24 19:48:32 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
Sat Jul 24 19:48:32 2021 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Sat Jul 24 19:48:32 2021 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Sat Jul 24 19:48:32 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jul 24 19:48:32 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Jul 24 19:48:32 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Same issue here. I installed this after getting similar behavior with MarkusMcNugen\qbittorrentvpn which has worked for me for quite a while. chrisjohnson00\qbittorrentvpn fork has the same experience.
I recently rebooted after an unraid 6.9.2 install, and rolled back to 6.9.1 with no change in behavior.
An update with some more interesting behavior.
Just for grins I renamed my existing config mount to qbittorrentvpn-backup and ran the container so it could recreate any of its own files on startup. Logs threw an error for their being no OpenVPN config obviously, so I copied that config from the old config mount over to the new one and restarted the container.
After the container logs show qbittorrent daemon started, I checked out https://IP:8080 and I did get an SSL Cert security warning which was new and unexpected. After accepting and continue, same behavior as previously.
I've been able to run the binhex qbittorrentvpn container and get a response from the webui there, albiet VERY slowly (5+ minutes). Wonder if something's up with qbittorrent-nox.
@Rufus13apostol I recommend starting a new issue for your situation. It seems to be unrelated to what @topher587 and I are experiencing.
A few more things I've tried:
Disabling iptables rules:
root@7e0654999ab3:/opt# iptables-save > /root/firewall_rules.backup
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
root@7e0654999ab3:/opt# iptables-legacy-save > /root/firewall_rules_legacy.backup
root@7e0654999ab3:/opt# iptables -F
root@7e0654999ab3:/opt# iptables -X
root@7e0654999ab3:/opt# iptables -P INPUT ACCEPT
root@7e0654999ab3:/opt# iptables -P OUTPUT ACCEPT
root@7e0654999ab3:/opt# iptables -P FORWARD ACCEPT
root@7e0654999ab3:/opt# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# Warning: iptables-legacy tables present, use iptables-legacy to see them
root@7e0654999ab3:/opt# iptables-legacy -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@7e0654999ab3:/opt#
No still no UI access.
I've also tried manually changing the locale from en to en-US in \qBittorrent\config\qbittorrent.conf, but since both locales present the same errors of the locale translation being unable to be loaded, I changed to es and did not get any locale errors, but still didn't get any web UI to load.
Log messages from the container's config/qBittorrent/data/logs/qbittorrent.log look as follows:
(N) 2021-07-27T11:36:04 - qBittorrent v4.3.5 started
(N) 2021-07-27T11:36:04 - Using config directory: /config/qBittorrent/config/
(I) 2021-07-27T11:36:04 - Trying to listen on: tun0:8999
(N) 2021-07-27T11:36:04 - Peer ID: -qB4350-
(N) 2021-07-27T11:36:04 - HTTP User-Agent is 'qBittorrent/4.3.5'
(I) 2021-07-27T11:36:04 - DHT support [ON]
(I) 2021-07-27T11:36:04 - Local Peer Discovery support [ON]
(I) 2021-07-27T11:36:04 - PeX support [ON]
(I) 2021-07-27T11:36:04 - Anonymous mode [ON]
(I) 2021-07-27T11:36:04 - Encryption support [ON]
(I) 2021-07-27T11:36:04 - UPnP / NAT-PMP support [ON]
(N) 2021-07-27T11:36:04 - Using built-in Web UI.
(W) 2021-07-27T11:36:04 - Couldn't load Web UI translation for selected locale (en-US).
(N) 2021-07-27T11:36:04 - Web UI: Now listening on IP: *, port: 8080
(I) 2021-07-27T11:36:04 - Successfully listening on IP: 10.8.8.9, port: TCP/8999
(I) 2021-07-27T11:36:04 - Successfully listening on IP: 10.8.8.9, port: UDP/8999
(I) 2021-07-27T11:36:04 - Detected external IP: 198.147.22.166
(C) 2021-07-27T11:38:40 - UPnP/NAT-PMP: Port mapping failure, message: could not map port using UPnP: no router found
(C) 2021-07-27T11:38:40 - UPnP/NAT-PMP: Port mapping failure, message: could not map port using UPnP: no router found
(C) 2021-07-27T11:38:40 - UPnP/NAT-PMP: Port mapping failure, message: could not map port using UPnP: no router found
And here's the container log output:
------------------------------------------------------------------------------------------------
2021-07-27 11:34:52.116158 [INFO] VPN_ENABLED defined as 'yes'
2021-07-27 11:34:52.164086 [INFO] VPN_TYPE defined as 'openvpn'
2021-07-27 11:34:52.341014 [INFO] OpenVPN config file is found at /config/openvpn/xxxxxxxx.ovpn
dos2unix: converting file /config/openvpn/xxxxxxxx.ovpn to Unix format...
2021-07-27 11:34:52.404819 [INFO] VPN remote line defined as 'xxxxxxxx 1194'
2021-07-27 11:34:52.451353 [INFO] VPN_REMOTE defined as 'xxxxxxxx'
2021-07-27 11:34:52.501224 [INFO] VPN_PORT defined as '1194'
2021-07-27 11:34:52.547450 [INFO] VPN_PROTOCOL defined as 'udp'
2021-07-27 11:34:52.592841 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2021-07-27 11:34:52.637551 [INFO] LAN_NETWORK defined as '192.168.1.0/24'
2021-07-27 11:34:52.681734 [INFO] NAME_SERVERS defined as '192.168.1.11,8.8.8.8'
2021-07-27 11:34:52.725846 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2021-07-27 11:34:52.771364 [INFO] Adding 192.168.1.11 to resolv.conf
2021-07-27 11:34:52.814664 [INFO] Adding 8.8.8.8 to resolv.conf
2021-07-27 11:34:52.855324 [INFO] Starting OpenVPN...
Tue Jul 27 11:34:52 2021 WARNING: file 'credentials.conf' is group or others accessible
Tue Jul 27 11:34:52 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Tue Jul 27 11:34:52 2021 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Tue Jul 27 11:34:52 2021 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Tue Jul 27 11:34:52 2021 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 27 11:34:52 2021 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Tue Jul 27 11:34:52 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]198.147.22.165:1194
Tue Jul 27 11:34:52 2021 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Jul 27 11:34:52 2021 UDP link local: (not bound)
Tue Jul 27 11:34:52 2021 UDP link remote: [AF_INET]198.147.22.165:1194
Tue Jul 27 11:34:52 2021 TLS: Initial packet from [AF_INET]198.147.22.165:1194, sid=8489aa64 5322bd2a
Tue Jul 27 11:34:52 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Jul 27 11:34:53 2021 VERIFY OK: depth=2, C=VG, O=xxxxxx, CN=xxxxxxxx
Tue Jul 27 11:34:53 2021 VERIFY OK: depth=1, C=VG, O=xxxxxx, CN=xxxxxxxx
Tue Jul 27 11:34:53 2021 VERIFY KU OK
Tue Jul 27 11:34:53 2021 Validating certificate extended key usage
Tue Jul 27 11:34:53 2021 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Jul 27 11:34:53 2021 VERIFY EKU OK
Tue Jul 27 11:34:53 2021 VERIFY OK: depth=0, CN=xxxxxxxx
Tue Jul 27 11:34:53 2021 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
Tue Jul 27 11:34:53 2021 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'
Tue Jul 27 11:34:53 2021 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
Tue Jul 27 11:34:53 2021 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Tue Jul 27 11:34:53 2021 [xxxxxxxx] Peer Connection Initiated with [AF_INET]xxxxxxxx:1194
Tue Jul 27 11:34:54 2021 SENT CONTROL [xxxxxxxx]: 'PUSH_REQUEST' (status=1)
Tue Jul 27 11:34:54 2021 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS xxxxxxxx,dhcp-option DNS xxxxxxxx,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway xxxxxxxx,topology subnet,ping 60,ping-restart 180,ifconfig xxxxxxxx255.255.255.0,peer-id 6,cipher AES-256-GCM'
Tue Jul 27 11:34:54 2021 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.7)
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: timers and/or timeouts modified
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: explicit notify parm(s) modified
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Tue Jul 27 11:34:54 2021 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: --ifconfig/up options modified
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: route options modified
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: route-related options modified
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: peer-id set
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: adjusting link_mtu to 1656
Tue Jul 27 11:34:54 2021 OPTIONS IMPORT: data channel crypto options modified
Tue Jul 27 11:34:54 2021 Data Channel: using negotiated cipher 'AES-256-GCM'
Tue Jul 27 11:34:54 2021 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 27 11:34:54 2021 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Tue Jul 27 11:34:54 2021 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=xxxxxx
Tue Jul 27 11:34:54 2021 TUN/TAP device tun0 opened
Tue Jul 27 11:34:54 2021 TUN/TAP TX queue length set to 100
Tue Jul 27 11:34:54 2021 /sbin/ip link set dev tun0 up mtu 1500
Tue Jul 27 11:34:54 2021 /sbin/ip addr add dev tun0 10.8.8.9/24 broadcast 10.8.8.255
Tue Jul 27 11:34:54 2021 /sbin/ip route add 198.147.22.165/32 via 192.168.1.1
Tue Jul 27 11:34:54 2021 /sbin/ip route add 0.0.0.0/1 via 10.8.8.1
Tue Jul 27 11:34:54 2021 /sbin/ip route add 128.0.0.0/1 via 10.8.8.1
Tue Jul 27 11:34:54 2021 Initialization Sequence Completed
2021-07-27 11:34:54.943497 [INFO] Docker network defined as 192.168.1.0/24
2021-07-27 11:34:54.991696 [INFO] Adding 192.168.1.0/24 as route via docker eth0
RTNETLINK answers: File exists
2021-07-27 11:34:55.036317 [INFO] ip route defined as follows...
--------------------
0.0.0.0/1 via 10.8.8.1 dev tun0
default via 192.168.1.1 dev eth0
10.8.8.0/24 dev tun0 proto kernel scope link src 10.8.8.9
128.0.0.0/1 via 10.8.8.1 dev tun0
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.46
198.147.22.165 via 192.168.1.1 dev eth0
--------------------
iptable_mangle 16384 1
ip_tables 28672 3 iptable_filter,iptable_nat,iptable_mangle
x_tables 28672 15 ip6table_filter,xt_conntrack,iptable_filter,nft_compat,xt_tcpudp,xt_addrtype,xt_CHECKSUM,xt_nat,ip6_tables,ipt_REJECT,ip_tables,ip6table_mangle,xt_MASQUERADE,iptable_mangle,xt_mark
2021-07-27 11:34:55.092374 [INFO] iptable_mangle support detected, adding fwmark for tables
2021-07-27 11:34:55.197183 [INFO] iptables defined as follows...
--------------------
# Warning: iptables-legacy tables present, use iptables-legacy to see them
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
2021-07-27 11:35:43.057981 [INFO] Python3 not yet installed, installing...
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
10 packages can be upgraded. Run 'apt list --upgradable' to see them.
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
bzip2 file libexpat1 libmagic-mgc libmagic1 libmpdec2 libpython3-stdlib
libpython3.7-minimal libpython3.7-stdlib libreadline7 libsqlite3-0
mime-support python3-minimal python3.7 python3.7-minimal readline-common
xz-utils
Suggested packages:
bzip2-doc python3-doc python3-tk python3-venv python3.7-venv python3.7-doc
binutils binfmt-support readline-doc
The following NEW packages will be installed:
bzip2 file libexpat1 libmagic-mgc libmagic1 libmpdec2 libpython3-stdlib
libpython3.7-minimal libpython3.7-stdlib libreadline7 libsqlite3-0
mime-support python3 python3-minimal python3.7 python3.7-minimal
readline-common xz-utils
0 upgraded, 18 newly installed, 0 to remove and 10 not upgraded.
Need to get 6258 kB of archives.
After this operation, 32.2 MB of additional disk space will be used.
Get:1 http://deb.debian.org/debian buster/main amd64 libpython3.7-minimal amd64 3.7.3-2+deb10u3 [589 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 libexpat1 amd64 2.2.6-2+deb10u1 [106 kB]
Get:3 http://deb.debian.org/debian buster/main amd64 python3.7-minimal amd64 3.7.3-2+deb10u3 [1737 kB]
Get:4 http://deb.debian.org/debian buster/main amd64 python3-minimal amd64 3.7.3-1 [36.6 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 mime-support all 3.62 [37.2 kB]
Get:6 http://deb.debian.org/debian buster/main amd64 libmpdec2 amd64 2.4.2-2 [87.2 kB]
Get:7 http://deb.debian.org/debian buster/main amd64 readline-common all 7.0-5 [70.6 kB]
Get:8 http://deb.debian.org/debian buster/main amd64 libreadline7 amd64 7.0-5 [151 kB]
Get:9 http://deb.debian.org/debian buster/main amd64 libsqlite3-0 amd64 3.27.2-3+deb10u1 [641 kB]
Get:10 http://deb.debian.org/debian buster/main amd64 libpython3.7-stdlib amd64 3.7.3-2+deb10u3 [1734 kB]
Get:11 http://deb.debian.org/debian buster/main amd64 python3.7 amd64 3.7.3-2+deb10u3 [330 kB]
Get:12 http://deb.debian.org/debian buster/main amd64 libpython3-stdlib amd64 3.7.3-1 [20.0 kB]
Get:13 http://deb.debian.org/debian buster/main amd64 python3 amd64 3.7.3-1 [61.5 kB]
Get:14 http://deb.debian.org/debian buster/main amd64 bzip2 amd64 1.0.6-9.2~deb10u1 [48.4 kB]
Get:15 http://deb.debian.org/debian buster/main amd64 libmagic-mgc amd64 1:5.35-4+deb10u2 [242 kB]
Get:16 http://deb.debian.org/debian buster/main amd64 libmagic1 amd64 1:5.35-4+deb10u2 [118 kB]
Get:17 http://deb.debian.org/debian buster/main amd64 file amd64 1:5.35-4+deb10u2 [66.4 kB]
Get:18 http://deb.debian.org/debian buster/main amd64 xz-utils amd64 5.2.4-1 [183 kB]
debconf: delaying package configuration, since apt-utils is not installed
Fetched 6258 kB in 1s (10.1 MB/s)
Selecting previously unselected package libpython3.7-minimal:amd64.
Preparing to unpack .../libpython3.7-minimal_3.7.3-2+deb10u3_amd64.deb ...
Unpacking libpython3.7-minimal:amd64 (3.7.3-2+deb10u3) ...
Selecting previously unselected package libexpat1:amd64.
Preparing to unpack .../libexpat1_2.2.6-2+deb10u1_amd64.deb ...
Unpacking libexpat1:amd64 (2.2.6-2+deb10u1) ...
Selecting previously unselected package python3.7-minimal.
Preparing to unpack .../python3.7-minimal_3.7.3-2+deb10u3_amd64.deb ...
Unpacking python3.7-minimal (3.7.3-2+deb10u3) ...
Setting up libpython3.7-minimal:amd64 (3.7.3-2+deb10u3) ...
Setting up libexpat1:amd64 (2.2.6-2+deb10u1) ...
Setting up python3.7-minimal (3.7.3-2+deb10u3) ...
Selecting previously unselected package python3-minimal.
Preparing to unpack .../0-python3-minimal_3.7.3-1_amd64.deb ...
Unpacking python3-minimal (3.7.3-1) ...
Selecting previously unselected package mime-support.
Preparing to unpack .../1-mime-support_3.62_all.deb ...
Unpacking mime-support (3.62) ...
Selecting previously unselected package libmpdec2:amd64.
Preparing to unpack .../2-libmpdec2_2.4.2-2_amd64.deb ...
Unpacking libmpdec2:amd64 (2.4.2-2) ...
Selecting previously unselected package readline-common.
Preparing to unpack .../3-readline-common_7.0-5_all.deb ...
Unpacking readline-common (7.0-5) ...
Selecting previously unselected package libreadline7:amd64.
Preparing to unpack .../4-libreadline7_7.0-5_amd64.deb ...
Unpacking libreadline7:amd64 (7.0-5) ...
Selecting previously unselected package libsqlite3-0:amd64.
Preparing to unpack .../5-libsqlite3-0_3.27.2-3+deb10u1_amd64.deb ...
Unpacking libsqlite3-0:amd64 (3.27.2-3+deb10u1) ...
Selecting previously unselected package libpython3.7-stdlib:amd64.
Preparing to unpack .../6-libpython3.7-stdlib_3.7.3-2+deb10u3_amd64.deb ...
Unpacking libpython3.7-stdlib:amd64 (3.7.3-2+deb10u3) ...
Selecting previously unselected package python3.7.
Preparing to unpack .../7-python3.7_3.7.3-2+deb10u3_amd64.deb ...
Unpacking python3.7 (3.7.3-2+deb10u3) ...
Selecting previously unselected package libpython3-stdlib:amd64.
Preparing to unpack .../8-libpython3-stdlib_3.7.3-1_amd64.deb ...
Unpacking libpython3-stdlib:amd64 (3.7.3-1) ...
Setting up python3-minimal (3.7.3-1) ...
Selecting previously unselected package python3.
Preparing to unpack .../0-python3_3.7.3-1_amd64.deb ...
Unpacking python3 (3.7.3-1) ...
Selecting previously unselected package bzip2.
Preparing to unpack .../1-bzip2_1.0.6-9.2~deb10u1_amd64.deb ...
Unpacking bzip2 (1.0.6-9.2~deb10u1) ...
Selecting previously unselected package libmagic-mgc.
Preparing to unpack .../2-libmagic-mgc_1%3a5.35-4+deb10u2_amd64.deb ...
Unpacking libmagic-mgc (1:5.35-4+deb10u2) ...
Selecting previously unselected package libmagic1:amd64.
Preparing to unpack .../3-libmagic1_1%3a5.35-4+deb10u2_amd64.deb ...
Unpacking libmagic1:amd64 (1:5.35-4+deb10u2) ...
Selecting previously unselected package file.
Preparing to unpack .../4-file_1%3a5.35-4+deb10u2_amd64.deb ...
Unpacking file (1:5.35-4+deb10u2) ...
Selecting previously unselected package xz-utils.
Preparing to unpack .../5-xz-utils_5.2.4-1_amd64.deb ...
Unpacking xz-utils (5.2.4-1) ...
Setting up mime-support (3.62) ...
Setting up libmagic-mgc (1:5.35-4+deb10u2) ...
Setting up libsqlite3-0:amd64 (3.27.2-3+deb10u1) ...
Setting up libmagic1:amd64 (1:5.35-4+deb10u2) ...
Setting up file (1:5.35-4+deb10u2) ...
Setting up bzip2 (1.0.6-9.2~deb10u1) ...
Setting up xz-utils (5.2.4-1) ...
update-alternatives: using /usr/bin/xz to provide /usr/bin/lzma (lzma) in auto mode
update-alternatives: warning: skip creation of /usr/share/man/man1/lzma.1.gz because associated file /usr/share/man/man1/xz.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/unlzma.1.gz because associated file /usr/share/man/man1/unxz.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzcat.1.gz because associated file /usr/share/man/man1/xzcat.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzmore.1.gz because associated file /usr/share/man/man1/xzmore.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzless.1.gz because associated file /usr/share/man/man1/xzless.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzdiff.1.gz because associated file /usr/share/man/man1/xzdiff.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzcmp.1.gz because associated file /usr/share/man/man1/xzcmp.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzgrep.1.gz because associated file /usr/share/man/man1/xzgrep.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzegrep.1.gz because associated file /usr/share/man/man1/xzegrep.1.gz (of link group lzma) doesn't exist
update-alternatives: warning: skip creation of /usr/share/man/man1/lzfgrep.1.gz because associated file /usr/share/man/man1/xzfgrep.1.gz (of link group lzma) doesn't exist
Setting up libmpdec2:amd64 (2.4.2-2) ...
Setting up readline-common (7.0-5) ...
Setting up libreadline7:amd64 (7.0-5) ...
Setting up libpython3.7-stdlib:amd64 (3.7.3-2+deb10u3) ...
Setting up libpython3-stdlib:amd64 (3.7.3-1) ...
Setting up python3.7 (3.7.3-2+deb10u3) ...
Setting up python3 (3.7.3-1) ...
running python rtupdate hooks for python3.7...
running python post-rtupdate hooks for python3.7...
Processing triggers for libc-bin (2.28-10) ...
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
Reading package lists...
Building dependency tree...
Reading state information...
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
2021-07-27 11:36:03.848201 [WARNING] ENABLE_SSL is set to no, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2021-07-27 11:36:03.892213 [WARNING] If you manage the SSL config yourself, you can ignore this.
2021-07-27 11:36:03.935898 [INFO] A group with PGID 100 already exists in /etc/group, nothing to do.
2021-07-27 11:36:03.978021 [INFO] An user with PUID 99 already exists in /etc/passwd, nothing to do.
2021-07-27 11:36:04.018636 [INFO] UMASK defined as '002'
2021-07-27 11:36:04.066147 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2021-07-27 11:36:05.190152 [INFO] Started qBittorrent daemon successfully...
2021-07-27 11:36:05.496013 [INFO] qBittorrent PID: 764
Deploying the container anew (different container name, different config mount path) with VPN_ENABLED=no allows the webui to load immediately once qbittorrent gets a PID.
Placing an ovpn file into the proper location in the config mount path and running the container with VPN_ENABLED=yes, as well as VPN_USERNAME=, and VPN_PASSWORD= declared prevents the webui from loading even when qbittorrent is assigned a PID.
Changing only VPN_ENABLED to =no again allows the webui once again.
I assume when VPN_ENABLED=yes, either the webui is now listening on the openvpn tunnel interface unintentionally rather than the local LAN interface, or the openvpn client is recently misbehaving or misconfigured and is routing all traffic over tun0.
https://hub.docker.com/r/markusmcnugen/qbittorrentvpn/ exhibits identical behavior in troubleshooting. WebUI will load only with VPN off. Turn it on, no webui. Turn it back off, webui comes back.
Hope this helps get us closer to a solution.
@topher587 You use Unraid right?
I think you are running the container with a custom IP or as Host instead of Bridge.
Can you confirm?
@iratekalypso On what system are you running Docker? Compared to my log, I do not see any differences at all, except something related to IP tables. Can you run the container and run iptables -V and tell me what iptables version you have?
@Rufus13apostol You issue is different from the one posted by @iratekalypso.
Please open a new issue and include you .ovpn file in there with sensitive information removed.
I can confirm I am using a static custom IP address via br0, not bridge or host.
I'll try bridge and report any different behavior shortly.
On Mon, Aug 2, 2021, 9:58 AM DyonR @.***> wrote:
@topher587 https://github.com/topher587 You use Unraid right? I think you are running the container with a custom IP or as host instead of Bridge. Can you confirm?
@iratekalypso https://github.com/iratekalypso On what system are you running Docker? Compared to my log, I do not see any differences at all, except something related to IP tables. Can you run the container and run iptables -V and tell me what iptables version you have?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/DyonR/docker-qbittorrentvpn/issues/50#issuecomment-891049667, or unsubscribe https://github.com/notifications/unsubscribe-auth/AHNGS27AJ2FGSUDPO2HSNH3T22P75ANCNFSM5ATI4DHA .
@iratekalypso On what system are you running Docker? Compared to my log, I do not see any differences at all, except something related to IP tables. Can you run the container and run
iptables -Vand tell me what iptables version you have?
Alright, got that information for you! @DyonR
This is the system I am running it on:
Linux Debian-109-buster-64-minimal 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/Linux
This is the output for my iptables:
iptables v1.8.2 (nf_tables)
@topher587 You use Unraid right? I think you are running the container with a custom IP or as
Hostinstead ofBridge. Can you confirm?
I've been able to confirm that changing to bridge mode allows the UI to load when the VPN client is on for me. Appreciate your help so very much!
@iratekalypso On what system are you running Docker? Compared to my log, I do not see any differences at all, except something related to IP tables. Can you run the container and run
iptables -Vand tell me what iptables version you have?Alright, got that information for you! @DyonR This is the system I am running it on:
Linux Debian-109-buster-64-minimal 4.19.0-16-amd64 #1 SMP Debian 4.19.181-1 (2021-03-19) x86_64 GNU/LinuxThis is the output for my iptables:
iptables v1.8.2 (nf_tables)
Can you update the container and run it with LEGACY_IPTABLES set to yes? I've made some changes to, hopefully, fix it
Can you update the container and run it with LEGACY_IPTABLES set to
yes? I've made some changes to, hopefully, fix it @DyonR
New command:
sudo docker run --privileged \
-v /home/kalypso/config/:/config \
-v /home/kalypso/Downloads/:/downloads \
-e "VPN_ENABLED=yes" \
-e "VPN_TYPE=wireguard" \
-e "LAN_NETWORK=192.168.0.0/24" \
-e "INSTALL_PYTHON3=yes" \
-e "ADDITIONAL_PORTS=13770" \
-e "LEGACY_IPTABLES=yes" \
-p 8080:8080 \
--restart unless-stopped \
--net=78c3386a2252 \
dyonr/qbittorrentvpn
And... new output:
2021-08-04 01:42:25.127233 [INFO] VPN_ENABLED defined as 'yes'
2021-08-04 01:42:25.146281 [INFO] The container is currently running iptables v1.8.2 (legacy).
2021-08-04 01:42:25.163865 [INFO] LEGACY_IPTABLES is set to 'yes'
2021-08-04 01:42:25.181375 [INFO] Setting iptables to iptables (legacy)
2021-08-04 01:42:25.204989 [INFO] The container is now running iptables v1.8.2 (legacy).
2021-08-04 01:42:25.222212 [INFO] VPN_TYPE defined as 'wireguard'
2021-08-04 01:42:25.269077 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2021-08-04 01:42:25.326512 [INFO] VPN remote line defined as '<redacted>:51820'
2021-08-04 01:42:25.346044 [INFO] VPN_REMOTE defined as '<redacted>'
2021-08-04 01:42:25.363721 [INFO] VPN_PORT defined as '51820'
2021-08-04 01:42:25.381762 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2021-08-04 01:42:25.399392 [INFO] VPN_DEVICE_TYPE set as 'wg0', since WireGuard will always be wg0.
2021-08-04 01:42:25.416749 [INFO] LAN_NETWORK defined as '192.168.0.0/24'
2021-08-04 01:42:25.434877 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
2021-08-04 01:42:25.465341 [INFO] Adding 1.1.1.1 to resolv.conf
2021-08-04 01:42:25.484678 [INFO] Adding 8.8.8.8 to resolv.conf
2021-08-04 01:42:25.505297 [INFO] Adding 1.0.0.1 to resolv.conf
2021-08-04 01:42:25.524277 [INFO] Adding 8.8.4.4 to resolv.conf
2021-08-04 01:42:25.541956 [INFO] PUID not defined. Defaulting to root user
2021-08-04 01:42:25.559725 [INFO] PGID not defined. Defaulting to root group
2021-08-04 01:42:25.578251 [INFO] Starting WireGuard...
Warning: `/config/wireguard/wg0.conf' is world accessible
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.64.73.37/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
2021-08-04 01:42:25.858192 [INFO] Docker network defined as 172.17.0.0/16
2021-08-04 01:42:25.878662 [INFO] Adding 192.168.0.0/24 as route via docker eth0
2021-08-04 01:42:25.897748 [INFO] ip route defined as follows...
--------------------
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.0.0/24 via 172.17.0.1 dev eth0
--------------------
iptable_mangle 16384 1
ip_tables 28672 3 iptable_filter,iptable_raw,iptable_mangle
x_tables 45056 13 xt_conntrack,iptable_filter,nft_compat,xt_tcpudp,ipt_MASQUERADE,xt_addrtype,xt_nat,xt_comment,xt_connmark,iptable_raw,ip_tables,iptable_mangle,xt_mark
2021-08-04 01:42:25.921314 [INFO] iptable_mangle support detected, adding fwmark for tables
2021-08-04 01:42:26.129226 [INFO] Adding additional incoming port 13770 for eth0
2021-08-04 01:42:26.435116 [INFO] Adding additional outgoing port 13770 for eth0
2021-08-04 01:42:26.543384 [INFO] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i wg0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 51820 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 13770 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 13770 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 13770 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 13770 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
2021-08-04 01:42:26.566787 [INFO] Python3 is already installed, nothing to do.
2021-08-04 01:42:26.586013 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2021-08-04 01:42:26.603569 [WARNING] If you manage the SSL config yourself, you can ignore this.
2021-08-04 01:42:26.622881 [INFO] A group with PGID root already exists in /etc/group, nothing to do.
2021-08-04 01:42:26.643262 [INFO] An user with PUID root already exists in /etc/passwd, nothing to do.
2021-08-04 01:42:26.662236 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2021-08-04 01:42:26.680227 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2021-08-04 01:42:27.709146 [INFO] qBittorrent PID: 251
2021-08-04 01:42:27.726322 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one
2021-08-04 01:42:27.744971 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300
2021-08-04 01:42:27.762594 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default
2021-08-04 01:42:27.812503 [INFO] Started qBittorrent daemon successfully...
Still no luck. Not able to connect to the WebUI
I just started getting this randomly after restarting my computer. WebUI times out, no error messages anywhere or in any of the logs.
iptables v1.8.2 (nf_tables)
I'm having the same issue, WebUI times out when using wireguard but is accessible when VPN_ENABLED=no. Would it be helpful to upload logs as well?
@DyonR
Hi, I did some investigation on my side.
I was also having the same issue, on Synology DSM 6.2.4.
I decided to run the container with VPN_ENABLED=no, then start the vpn with:
openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config /config/openvpn/<my_config>.ovpn
and run one by one the commands from iptables.sh. What I noticed really breaks the connection to the WebUI is the following two lines:
https://github.com/DyonR/docker-qbittorrentvpn/blob/0981380ec1ca6c4824b704862d6d80e78600820c/qbittorrent/iptables.sh#L161-L162
If I run iptables -t mangle -F then connectivity is immediately restored.
Unfortunately, I am not familiar with the use of fwmark and the mangle table, so I cannot propose a solution.
I have same issue where VPN_ENABLED=no everything works, VPN_ENABLED=yes, and the server is up and running but I cannot access WebGUI. I did find something interesting when running netstat -tulpn | grep LISTEN I get:
tcp 0 0 172.22.0.3:8999 0.0.0.0:* LISTEN 855/qbittorrent-nox
tcp 0 0 [VPN_IP]:8999 0.0.0.0:* LISTEN 855/qbittorrent-nox
tcp 0 0 127.0.0.1:8999 0.0.0.0:* LISTEN 855/qbittorrent-nox
tcp 0 0 127.0.0.11:41143 0.0.0.0:* LISTEN -
tcp6 0 0 :::8080 :::* LISTEN 855/qbittorrent-nox
I have no IPv6 anywhere in my environment, and it's not in my wg0.conf, so not sure why this appears to only be listening over tcp6.
Edit: But I guess this is not the issue, since running with vpn disabled gives me the same output but GUI works...
I pretty much tried every single hint that was mentioned here and still no luck.
I've also tried setting WebUI\HTTPS\Enabled=false in the qBittorrent.conf, chaging the web ui port to something else, tried different image sources not only this one...
My server has the local ip 192.168.178.xx so LAN_NETWORK=192.168.0.0/16 or LAN_NETWORK=192.168.178.0/24 should be correct, right?
Also it works without the VPN being enabled so all of my settings should be fine already...
With VPN disabled I can even reach the Web UI through my traefik proxy no problem...
↪️ Edit: ok it works for me. My wg0.conf had the following lines in it, acting like a killswitch. I've removed them and now it works. I think this messes up the iptables and makes the WebUI unreachable. But who knows, maybe it's a mix of the five thousand different things I've tried so far. Hope it helps somebody at least! Oh and please let me know if removing these lines is bad because of ip leak or something, I'm not sure.
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
That didn't help my because my config has no iptables, but you should check your IP just to be sure, cause I'm not sure what happened but mine finally started working with VPN yes, tested the IP and it's showing my IP, so... idk what's going on..
If I run
iptables -t mangle -Fthen connectivity is immediately restored. Unfortunately, I am not familiar with the use of fwmark and the mangle table, so I cannot propose a solution.
Since I wrote that message, I have switched to using the dev branch. In that branch I do not need to flush the mangle table any more to access the WebUI, however if I don’t, I observe #60.
Solved: qbittorrent.conf > WebUI\CSRFProtection=true <------ change to false, this worked for me then try again with vpn on. Make sure you restart after the change. It might change back to true once restarted but it kept on working.
