arch-qbittorrentvpn
arch-qbittorrentvpn copied to clipboard
binhex
Wireguard on QNAP
Having an issue on QNAP TS-451+ FW:5.0.0.1986 trying to run the container with Wireguard. Openvpn works fine.
2022-04-05 20:09:25,270 DEBG 'start-script' stderr output:
iptables-restore v1.8.7 (legacy): iptables-restore: unable to initialize table 'raw'
Error occurred at line: 1
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
2022-04-05 20:09:25,311 DEBG 'start-script' stderr output:
[#] ip -4 rule delete table 51820
2022-04-05 20:09:25,459 DEBG 'start-script' stderr output:
[#] ip -4 rule delete table main suppress_prefixlength 0
2022-04-05 20:09:25,661 DEBG 'start-script' stderr output:
[#] ip link delete dev wg0
2022-04-05 20:09:25,747 DEBG 'start-script' stdout output:
[warn] WireGuard interface failed to come 'up', exit code is '1'
Not sure if this problem is related, but a similar issue was raised for the linuxserver/docker-wireguard container: https://github.com/linuxserver/docker-wireguard/issues/42
I'm running the following docker-compose, but tried many iterations without any success:
version: "3.8"
services:
qbittorrent:
container_name: qbittorrent
image: binhex/arch-qbittorrentvpn
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
privileged: true
cap_add:
- NET_ADMIN
- SYS_MODULE
ports:
- "6881:6881"
- "6881:6881/udp"
- "8112:8112"
- "8118:8118"
volumes:
- /etc/localtime:/etc/localtime:ro
- /share/Docker/qbittorrent/config:/config
- ${DOWNLOADS_DIR}:/data
environment:
VPN_ENABLED: ${VPN_ENABLED}
VPN_USER: ${VPN_USER}
VPN_PASS: ${VPN_PASS}
VPN_PROV: ${VPN_PROV}
VPN_CLIENT: ${VPN_CLIENT}
STRICT_PORT_FORWARD: ${STRICT_PORT_FORWARD}
ENABLE_PRIVOXY: ${ENABLE_PRIVOXY}
LAN_NETWORK: ${LAN_NETWORK}
NAME_SERVERS: ${NAME_SERVERS}
VPN_INPUT_PORTS: ${VPN_INPUT_PORTS}
VPN_OUTPUT_PORTS: ${VPN_OUTPUT_PORTS}
DEBUG: ${DEBUG}
UMASK: ${UMASK}
PUID: ${PUID}
PGID: ${PGID}
WEBUI_PORT: 8112
restart: unless-stopped
I ran into this, and fixed it with the suggestion here https://github.com/linuxserver/docker-wireguard/issues/42#issuecomment-888930759 (a specific comment from the link you referenced).
Essentially it's complaining about 0.0.0.0/0.
Still haven't fully gotten WireGuard to work (running into other problems) but hopefully this is still helpful.
AllowedIPs is being overwritten on container start to AllowedIPs = 0.0.0.0/0 so changing that setting has no effect 🤔
It sounds like you might be using PIA. If you're okay with losing port forwarding, you can generate the file, edit it to AllowedIPs = 0.0.0.0/1, 128.0.0.0/1 and change VPN_PROV to custom. Upon restart it shouldn't overwrite the change (at least it didn't for me).
@KosherBacon Have you completed your wireguard setup on qnap?
Everything seems connected on my side. But I dont seem to have access to anything..
no VPN, no ping to any IPs etc.
Completely blocked.
wg show does not display latest handshake info :(
[root@c5826c6b934f /]# wg show
interface: wg0
public key: QvxxxxxxxxxxxxxxxxxxxxxxzgCicGXjWR4=
private key: (hidden)
listening port: 46906
peer: UrQiI9ISdPPzd4ARw1NHOPKKvKvxUhjwRjaI0JpJFgM=
endpoint: 193.32.249.66:51820
allowed ips: 0.0.0.0/1, 128.0.0.0/1
transfer: 0 B received, 16.19 KiB sent
btw, the same wg0.conf works in the QNAP host (not inside docker)
any idea?
@KosherBacon sorry for the slow reply! Thank you for the suggestion, but I'm using Mullvad not PIA so already had AllowedIPs=0.0.0.0/1, 128.0.0.0/1 and VPN_PROV=custom. It's interesting that yours isn't getting overwritten 🤔
@ahurtaud I have unfortunately not gotten it to work.
WireGuard will "start" but won't complete a handshake. I just see RX as 0 bytes indefinitely, same as you.
@ahurtaud I have unfortunately not gotten it to work.
WireGuard will "start" but won't complete a handshake. I just see RX as 0 bytes indefinitely, same as you.
ok thanks for the info, on my side I left the binhex image and went to the native qbittorent with bind network interface on the host.. :/