guillaumedsde / alpine-qbittorrent-openvpn Goto Github PK

View Code? Open in Web Editor NEW

217.0 5.0 39.0 206 KB

qBittorrent docker container with OpenVPN client running as unprivileged user on alpine linux

Home Page: https://guillaumedsde.gitlab.io/alpine-qbittorrent-openvpn/

License: GNU General Public License v3.0

Dockerfile 15.37% Shell 84.63%

docker docker-container qbittorrent qbittorrent-nox openvpn openvpn-client alpine alpine-linux alpine-image s6-overlay

alpine-qbittorrent-openvpn's Introduction

🐋 Alpine qBittorrent OpenVPN

DEPRECATION NOTICE

I no longer have time to maintain this project.

This project has served me well for a while, but has important SECURITY ISSUES that I no longer have time to fix:

https://github.com/guillaumedsde/alpine-qbittorrent-openvpn/issues/137


I would advise migrating to another solution for running a containerized qbittorrent with a VPN tunnel such as:

https://github.com/qdm12/gluetun

I will leave this repository up for archival purposes and will add a disclaimer to the docker image at launch.

This repository contains the code to build a docker container with the qBittorrent torrent client with all traffic routed through an OpenVPN tunnel with firewall rules preventing traffic outside of the tunnel. The container is built automatically whenever the Alpine container is updated, the final image is available on the docker hub and the documentation is hosted on gitlab pages.

This container is based on an Alpine Linux and uses the S6-overlay for starting setting up the firewall, VPN tunnel and lastly starting qBittorrent. The image aims to be safe, small and generally minimal by installing as little dependencies as possible and running qBittorrent and OpenVPN as different unprivileged users.

✔️ Features summary

🏔️ Alpine Linux small and secure base Docker image
🤏 As few Docker layers as possible
🛡️ Minimal software dependencies installed
🛡️ Runs as unprivileged user with minimal permissions
🖥️ Built for many platforms
🚇 Compatible with most OpenVPN providers
↔️ Port forwarding support for PrivateVPN, Private Internet Access and Perfect Privacy

🏁 How to Run

`docker run`

$ docker run --cap-add=NET_ADMIN -d \
              -v /your/storage/path/:/downloads \
              -v /path/to/config/directory:/config \
              -v /etc/localtime:/etc/localtime:ro \
              -e OPENVPN_PROVIDER=PIA \
              -e OPENVPN_CONFIG=ca_toronto \
              -e OPENVPN_USERNAME=user \
              -e OPENVPN_PASSWORD=pass \
              -e PUID=1000 \
              -e PGID=1000 \
              -e LAN=192.168.0.0/16 \
              -p 8080:8080 \
              guillaumedsde/alpine-qbittorrent-openvpn:latest

`docker-compose.yml`

version: "3.3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/your/storage/path/:/downloads"
      - "/path/to/config/directory:/config"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=PIA
      - OPENVPN_CONFIG=ca_toronto
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - PUID=1000
      - PGID=1000
      - LAN=192.168.0.0/16
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

🖥️ Supported platforms

This container is built for many hardware platforms (yes, even ppc64le whoever uses that... 😉):

linux/386
linux/amd64
linux/arm/v6
linux/arm/v7
linux/arm64
linux/ppc64le

All you have to do is use a recent version of docker and it will pull the appropriate version of the image guillaumedsde/alpine-qbittorrent-openvpn from the docker hub.

🚇 OpenVPN configuration

Officially supported

This image makes use of the VPN providers' OpenVPN configurations from the latest version of haugene/docker-transmission-openvpn cheers to that project 🍺! It is possible I might have messed something up, so if one provider is not working for you, make sure to leave an issue on this repository's Github page. Selecting a preloaded configuration works the same way as the haugene container (see below for an example).

Custom OpenVPN config

If your provider is not in the supported list or if is currently not working, you can mount your .ovpn file at /config/openvpn/config.ovpn optionally set your OPENVPN_USERNAME and OPENVPN_PASSWORD leaving the OPENVPN_PROVIDER empty and the container will load your configuration upon start.

🔍 qBittorrent torrent search

In order to be as light as possible, the latest tagged docker image does not include python. This means that in order to use qBittorrent's torrent Search functionality you have to use the version of this image based on the official python alpine docker image, this image is tagged python, in order to download it, please use guillaumedsde/alpine-qbittorrent-openvpn:python.

🐌 Limitations

This image has a couple of limitations:

No IPv6 support I have not installed iptables for IPv6 as such the firewall kill switch will probably not work with IPv6 (I have not tested it) if you need it, file an issue and I'll look into it when I have some time
No support for docker's built in DNS server Docker has an embedded DNS server that containers query to get the IPs of other containers, however, Docker does some weird iptables trick to redirect containers' DNS requests to its resolver at 127.0.0.11. I have not managed to write proper iptables rules to allow this traffic, if you have any idea how, leave an issue 🙂. In the meantime, the container's DNS resolver is set using the DNS environment variable

Enhancements

@reconman suggests using docker-autoheal by adding the autoheal=true label to the container to automatically restart it when the container becomes unhealthy (qBittorrent or OpenVPN crashes).

🙏 Credits

A couple of projects really helped me out while developing this container:

🍻 0x022b/s6-openvpn for figuring out how the S6 overlay works, and for most of the code to run OpenVPN as an unprivileged user
🍻 haugene/docker-transmission-openvpn for general inspiration for the project and specifically, the OpenVPN configurations, the port forwarding and healthcheck scripts adapted in this repository
🏁 s6-overlay A simple, relatively small yet powerful set of init script for managing processes (especially in docker containers)
💽 userdocs/qbittorrent-nox-static for the great static qbittorrent build scripts
🏔️ Alpine Linux an awesome lightweight secure linux distribution used as the base for this container
🐋 The Docker project (of course)

alpine-qbittorrent-openvpn's People

Contributors

Stargazers

Watchers

alpine-qbittorrent-openvpn's Issues

Bad download speed?

Hi!

I disable all limits and settings like that in qbitvpn, but i'm stuck at 2.3 2.7 MB/s, maybe it could be torrents but I choose torrent which have more than 50 peers! With transmission-haugene-openvpn, I get a 25 MB/s speed constantly, is this an issue? What can I send to help?

Thanks,

Babeyoda

Surfshark or root issue?

I have following problem wen i start the container.

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing...
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing...
/var/run/s6/etc/cont-init.d/02-setup-openvpn: line 19: openvpn: Operation not permitted
INFO: Trying to use OpenVPN provider: SURFSHARK
INFO: Found OpenVPN configuration: "nl-ams-st001_udp" for provider "SURFSHARK" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cot-init.d] 03-setup-iptables: executing...
iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.4 (legacy): can't initialize iptables table nat': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.4 (legacy): can't initialize iptables table nat': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. getsockopt failed strangely: Operation not permitted getsockopt failed strangely: Operation not permitted getsockopt failed strangely: Operation not permitted getsockopt failed strangely: Operation not permitted iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. getsockopt failed strangely: Operation not permitted getsockopt failed strangely: Operation not permitted iptables v1.8.4 (legacy): can't initialize iptables table filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
iptables v1.8.4 (legacy): can't initialize iptables table `filter': Permission denied (you must be root)
Perhaps iptables or your kernel needs to be upgraded.
[cont-init.d] 03-setup-iptables: exited 3.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

bug

Information

Run external program on torrent completion is extremely fragile (static compile?) and crashes qbittorrent.

Current setup

information about your current setup

python 8eeac62e227d

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)


docker run \
       --name "bt" \
       --rm \
       --cap-add=NET_ADMIN \
       -v /bt/xfers:/downloads \
       -v /bt/config:/config \
       -v /etc/localtime:/etc/localtime:ro \
       -e OPENVPN_PROVIDER= \
       -e OPENVPN_CONFIG=default \
       -e OPENVPN_USERNAME="REDACTED" \
       -e OPENVPN_PASSWORD="REDACTED" \
       -e PUID=1000 \
       -e PGID=1000 \
       -e LAN=192.168.0.0/24 \
       -p 8080:8080 \
       $IMG

Attempted Fix(es)

The following script works 1 or 2 times in 10, otherwise it creates defunct qbittorrent-nox processes. Where the process is stalled, killing the younger qbittorent-nox child processes frees up cleanly and qbittorrrent is back via systemctl.

Even a simple script with "date >> /config/log" for content zombies most of the time.

#/bin/sh

# /config/complete.sh "%I" "%R"

set -x

WEBUI="http://localhost:8080/api/v2/torrents"
HASH="$1"
RDIR="$2"

if [ "${HASH}" == "" ]; then exit; fi
if [ "$RDIR" == "" ]; then exit; fi
test ! -e "${RDIR}" && exit

function dl {
    curl --cookie 'SID=REDACTED' "${WEBUI}/$1"
}

if [ -n "${HASH}" ]; then
    dl "resume?hashes=$HASH"
    dl "removeTags?hashes=$HASH"
fi

if [ -n "${HASH}" ]; then
    dl "addTags?tags=syncing&hashes=$HASH"
fi


#

[bug] Cannot add torrent from search

Information

Using the python tagged image.

Sometime double clicking on the search result does not work.
When it works, clicking on download does not add it to the queue.

Also external links/files gets added to the queue and are working fine.

Current setup

env: Raspberry Pi k3s
image: guillaumedsde/alpine-qbittorrent-openvpn:python

`qbittorrent.yaml` file for k3s

apiVersion: apps/v1 # for versions before 1.9.0 use apps/v1beta2
kind: Deployment
metadata:
  name: wordpress
  namespace: default
  labels:
    app: qbt
spec:
  selector:
    matchLabels:
      app: qbt
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        app: qbt
    spec:
      securityContext:
        supplementalGroups: [REDACTED] // For nfs share
      containers:
      - image: guillaumedsde/alpine-qbittorrent-openvpn:python
        name: qbt
        env:
        - name: PUID
          value: "REDACTED"
        - name: PGID
          value: "REDACTED"
        - name: OPENVPN_PROVIDER
          value: "REDACTED"
        - name: OPENVPN_CONFIG
          value: "REDACTED"
        - name: OPENVPN_USERNAME
          value: "REDACTED"
        - name: OPENVPN_PASSWORD
          value: "REDACTED"
        ports:
        - containerPort: 8080
          name: qbt
        volumeMounts:
        - name: data
          mountPath: /config/qBittorrent
          subPath: qBittorrent
        - name: media
          mountPath: /downloads
        securityContext:
          capabilities:
            add:
              - NET_ADMIN
      volumes:
      - name: data
        persistentVolumeClaim:
          claimName: nfs-data-pvc
      - name: media
        persistentVolumeClaim:
          claimName: nfs-media-pvc

Attempted Fix(es)

Nothing

Nordvpn not about to find best config file.

Information

Hey! Can't get NordVPN setup with the Alpine image. From the logs it looks like the NordVPN update script used in haugenetransmission-openvpn isn't being called so Nord's required "NORD_COUNTRY" environment variable isn't being used and the "best config" file isn't be fetched.

Current setup

alpine-qbittorrent-openvpn_1  | [cont-init.d] 01-setup-permissions: executing...
alpine-qbittorrent-openvpn_1  | [cont-init.d] 01-setup-permissions: exited 0.
alpine-qbittorrent-openvpn_1  | [cont-init.d] 02-setup-openvpn: executing...
alpine-qbittorrent-openvpn_1  | Thu Sep  3 22:11:36 2020 TUN/TAP device tun0 opened
alpine-qbittorrent-openvpn_1  | Thu Sep  3 22:11:36 2020 Persist state set to: ON
alpine-qbittorrent-openvpn_1  | INFO: Trying to use OpenVPN provider: NORDVPN
alpine-qbittorrent-openvpn_1  | A    nordvpn
alpine-qbittorrent-openvpn_1  | A    nordvpn/updateConfigs.sh
alpine-qbittorrent-openvpn_1  | Exported revision 2308.
alpine-qbittorrent-openvpn_1  | ERROR: Could not find OpenVPN configuration "" for provider NORDVPN
alpine-qbittorrent-openvpn_1  | [cont-init.d] 02-setup-openvpn: exited 1.

`docker-compose.yml` file or `docker run` command

version: "3.3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/your/storage/path/:/downloads"
      - "/path/to/config/directory:/config"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=NORDVPN
      - NORDVPN_COUNTRY=US
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - PUID=1000
      - PGID=1000
      - LAN=192.168.0.0/16
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:development

Attempted Fix(es)

Tried lots of setup options with different configs of the Nord environment variables. Looked through the code, but the s6 bits (so basically all of it) don't make much sense to me on first glance. Looks like maybe this isn't yet implemented? As Nord doesn't use preconfigured config files that are then parsed locally. Your non-alpine image works fine.

Health Check is pinging every 10 seconds

Information

I have a Pihole and it shows me what's getting requested on my network. alpine-qbittorrent-openvpn is pinging an external address as a health check over 10,000 times a day.

Current setup

guillaumedsde/alpine-qbittorrent-openvpn:latest
Running in the latest Docker via docker-compose, running on Ubuntu 20.04.

`docker-compose.yml` file or `docker run` command

version: "3.8"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/my/storage/path/:/downloads"
      - "/path/to/config/directory:/config"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      OPENVPN_PROVIDER:
      OPENVPN_CONFIG:
      OPENVPN_USERNAME: $VPN_USERNAME
      OPENVPN_PASSWORD: $VPN_PASSWORD
      PUID: $PUID
      PGID: $PGID
      DNS: $DNS
      LAN: 192.168.1.0/24 # $LOCAL_NETWORK
      HEALTH_CHECK_HOST: bing.com
      TZ: $TZ
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    restart: always
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

I stopped the container. It stopped pinging.

Unable to connect to a repository at URL

Information

svn export fails?

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing...
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing...
Fri Sep 25 23:51:56 2020 TUN/TAP device tun0 opened
Fri Sep 25 23:51:56 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: MULLVAD
svn: E170013: Unable to connect to a repository at URL 'https://github.com/haugene/docker-transmission-openvpn.git/trunk/openvpn/mullvad'
svn: E670003: Try again
ERROR: Could not find OpenVPN configuration "mullvad_be_udp" for provider MULLVAD
[cont-init.d] 02-setup-openvpn: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

Current setup

I'm running on a synology NAS, (DSM 6.2.3-25426 Update 2) and followed instructions here:

https://haugene.github.io/docker-transmission-openvpn/synology-nas/

tag	guillaumedsde/alpine-qbittorrent-openvpn
sha256 hash	b45139b531b37bdf4752161c47893698e1850538c31ffdd6eba1a4aea847ad22

`docker-compose.yml` file or `docker run` command

docker run \
    --cap-add=NET_ADMIN \
    --device=/dev/net/tun \
    -d \
    -v /volume1/openvpn/resolv.conf:/etc/resolv.conf \
    -v /volume1/qBitorrent/config:/config \
	-v /volume1/qBitorrent/downloads:/downloads \
	-v /etc/localtime:/etc/localtime:ro \
    -e "OPENVPN_PROVIDER=MULLVAD" \
    -e "OPENVPN_CONFIG=mullvad_be_udp" \
    -e "OPENVPN_USERNAME=****" \
    -e "OPENVPN_PASSWORD=****" \
    -e "LOCAL_NETWORK=192.168.0.0/24" \
    -e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \
    -e "PGID=100" \
    -e "PUID=1026" \
    -p 8080:8080 \
    --sysctl net.ipv6.conf.all.disable_ipv6=0 \
    --name "qBitorrent-openvpn" \
    guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

I've tried numerous options from https://github.com/haugene/docker-transmission-openvpn, but nothing helps. I checked ports are open. I'm not that familiar yet with docker and images, so I don't quite know how to proceed further. If there's anything you want me to do, let me know...

The only thing I can think of is that I map the mullvad config file I want manually, but I'm afraid that the export failing is just the symptom of a bigger issue?

Slow speeds with Torguard

Information

In the docker container, I only get 1.5 MB/s, suddenly. At some point today I reached 10 MB/s, but now I can't get above 1.5 MB/s.

I see the limited speed both when I'm torrenting and when I execute some wget commands to download files from speedtest websites.

It's definitely not the VPN provider's fault, as I can get 10 MB/s with the exact same VPN settings in the docker-transmission-openvpn container.

Current setup

Tag latest, digest sha256:0f5eea4cd0c73b7d66d73dcefcc6b3c97e63dd5269c3bd1904691a94cc80e9dd

`docker-compose.yml` file or `docker run` command

docker run --name=qbittorrent --hostname=qbittorrent \
    --cap-add=NET_ADMIN -d -v /volume1/Data/Downloads/Torrents/:/downloads \
    -v=/volume1/homes/qbittorrent/Austria.ovpn:/etc/openvpn/torguard/Austria.ovpn:ro \
    -v /volume1/docker/qbittorrent:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e DNS=1.1.1.1 \
    -e OPENVPN_PROVIDER=torguard \
    -e OPENVPN_CONFIG=Austria \
    -e OPENVPN_USERNAME=removed \
    -e OPENVPN_PASSWORD=removed \
    -e PUID=1032 \
    -e PGID=65537 \
    -e LAN=192.168.0.0/16 \
    -p 8080:8080 \
    --label='autoheal=true' \
    --network=mediaNet \
    --restart=always \
    guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

I tried restarting the container a few times, but it didn't help.

Not able to start torrent file; stuck in "downloading metadata"

Information

torrent file stuck in "Downloading Metadata" state.

Current setup

information about your current setup

guillaumedsde/alpine-qbittorrent-openvpn:latest@sha256:2ae14174f55be6a17a7128f2d0352d3b05239a00eaf26b4801691d7b213becda

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)

  qbittorrentvpn:
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest
    container_name: qbittorrentvpn
    hostname: qbittorrentvpn_MS2
    restart: always
    networks:
      t2_proxy:
        ipv4_address: ${QBITTORRENTVPN_IP_INTERNAL} # You can specify a static IP,192.168.90.230
    cap_add:
      - NET_ADMIN
    ports:
      - "$QBITTORRENTVPN_SEED_PORT:6881"
      - "$QBITTORRENTVPN_SEED_PORT:6881/udp"
      - "$QBITTORRENTVPN_GUI_PORT:8080"
    privileged: true
    environment:
      OPENVPN_USERNAME: $EXPRESSVPN_USERNAME
      OPENVPN_PASSWORD: $EXPRESSVPN_PASSWORD
      OPENVPN_PROVIDER: $VPN_PROVIDER
      OPENVPN_CONFIG: $VPN_SERVER
      LAN_NETWORK: $LOCAL_NETWORK
      NAME_SERVERS: 1.0.0.1,209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40
      PUID: $PUID
      PGID: $PGID
      TZ: $TZ
      UMASK_SET: 002
    volumes:
      - $USERDIR/QBittorrentVPN/config:/config
      - $GDRIVE_1/downloads/complete:/downloads/complete
      - $GDRIVE_1/downloads/incomplete:/downloads/incomplete
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "docker.group=MS2-Download"
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.qbittorrent-vpn-rtr.entrypoints=https"
      - "traefik.http.routers.qbittorrent-vpn-rtr.rule=Host(`qbit.$DOMAINNAME`)"
      - "traefik.http.routers.qbittorrent-vpn-rtr.tls=true"

Attempted Fix(es)

There is nothing in the log; VPN connection is established and got an Ip form the VPN provider;
Ports are assigned correctly:

Port configuration |
0.0.0.0:6881  6881/tcp
0.0.0.0:6881  6881/udp
0.0.0.0:42525  8080/tcp

-- | --
I do not know if EXpressVPN support port forwarding or I need to enable it here

Mon Aug 24 20:04:09 2020 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6

Mon Aug 24 20:04:09 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020

Mon Aug 24 20:04:09 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10

Mon Aug 24 20:04:09 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.

Mon Aug 24 20:04:09 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Mon Aug 24 20:04:09 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Mon Aug 24 20:04:09 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]*.*.81.173:1195

Mon Aug 24 20:04:09 2020 Socket Buffers: R=[212992->425984] S=[212992->425984]

Mon Aug 24 20:04:09 2020 UDP link local: (not bound)

Mon Aug 24 20:04:09 2020 UDP link remote: [AF_INET]*.*.81.173:1195

Mon Aug 24 20:04:09 2020 TLS: Initial packet from [AF_INET]*.*.81.173:1195, sid=*****454 33ee6019

Mon Aug 24 20:04:09 2020 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, [email protected]

Mon Aug 24 20:04:09 2020 VERIFY OK: nsCertType=SERVER

Mon Aug 24 20:04:09 2020 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-4312-0a, [email protected]

Mon Aug 24 20:04:09 2020 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-4312-0a, [email protected]

Mon Aug 24 20:04:09 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA

Mon Aug 24 20:04:09 2020 [Server-4312-0a] Peer Connection Initiated with [AF_INET]*.*.81.173:1195

Mon Aug 24 20:04:10 2020 SENT CONTROL [Server-4312-0a]: 'PUSH_REQUEST' (status=1)

Mon Aug 24 20:04:10 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.72.0.1,comp-lzo no,route 10.72.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.72.0.94 10.72.0.93,peer-id 24,cipher AES-256-GCM'

Mon Aug 24 20:04:10 2020 Pushed option removed by filter: 'dhcp-option DNS 10.72.0.1'

Mon Aug 24 20:04:10 2020 OPTIONS IMPORT: timers and/or timeouts modified

Mon Aug 24 20:04:10 2020 OPTIONS IMPORT: compression parms modified

Mon Aug 24 20:04:10 2020 OPTIONS IMPORT: --ifconfig/up options modified

Mon Aug 24 20:04:10 2020 OPTIONS IMPORT: route options modified

Mon Aug 24 20:04:10 2020 OPTIONS IMPORT: peer-id set

Mon Aug 24 20:04:10 2020 OPTIONS IMPORT: adjusting link_mtu to 1629

Mon Aug 24 20:04:10 2020 OPTIONS IMPORT: data channel crypto options modified

Mon Aug 24 20:04:10 2020 Data Channel: using negotiated cipher 'AES-256-GCM'

Mon Aug 24 20:04:10 2020 NCP: overriding user-set keysize with default

Mon Aug 24 20:04:10 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Aug 24 20:04:10 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Mon Aug 24 20:04:10 2020 ROUTE_GATEWAY 192.168.90.1/255.255.255.0 IFACE=eth0 HWADDR=*:*:c0:a8:5a:*

Mon Aug 24 20:04:10 2020 TUN/TAP device tun1 opened

Mon Aug 24 20:04:10 2020 TUN/TAP TX queue length set to 100

Mon Aug 24 20:04:10 2020 /usr/sbin/ip-su link set dev tun1 up mtu 1500

Mon Aug 24 20:04:10 2020 /usr/sbin/ip-su addr add dev tun1 local 10.72.0.94 peer 10.72.0.93

INFO: no port updater for provider EXPRESSVPN

******** Information ********

To control qBittorrent, access the Web UI at http://localhost:8080

Mon Aug 24 20:04:12 2020 /usr/sbin/ip-su route add *.*.81.173/32 via 192.168.90.1

Mon Aug 24 20:04:12 2020 /usr/sbin/ip-su route add 0.0.0.0/1 via 10.72.0.93

Mon Aug 24 20:04:12 2020 /usr/sbin/ip-su route add 128.0.0.0/1 via 10.72.0.93

Mon Aug 24 20:04:12 2020 /usr/sbin/ip-su route add 192.168.0.0/24 via 192.168.90.1

Mon Aug 24 20:04:12 2020 /usr/sbin/ip-su route add 10.72.0.1/32 via 10.72.0.93

Mon Aug 24 20:04:12 2020 Initialization Sequence Completed

Not able to access the ui in k3s.

Information

I am using this container in k3s setup. I am not able to access the pod from outside my local network.
curl on the ip works fine on worker node (on which this pod is running). But curl does not work on master node (and nginx reverse proxy as well). FYI I have tried LAN="192.168.0.0/16" LAN="192.168.0.0/24"

https://github.com/haugene/docker-transmission-openvpn image works just fine and is accessible from master and outside.
Could possibly due to the fact that, ip route add is happening after openvpn is exec-ed. In the transmission's version, the dev first adds LAN to route and then exec-s openVPN

Logs

qbt.log
transmission.log

Question about the OpenVPN tunnel

I would leave a comment if github allowed such a thing, but it can't, so I have no other way to ask my question. (If there is and Im just a dumbass, please let me know)

I'm new to docker and the internal functions of a vpn, and I have a question about the internet traffic. Does the OpenVPN traffic only cover the in and output of the docker image, or will all the traffic on my device go through the OpenVPN tunnel?

For example, I have a torrent running on the docker, but I want to download a file from the internet at the same time. Will both downloads go through the tunnel, or just the traffic from the torrent?

Access from devices on local network?

Information

I'm wondering if there's customization for the firewall settings so I can access qBittorrent over my local network, including other devices on the network. I'm trying to control qBittorrent via the Android app nzb360 (it's an awesome app).

Current setup

guillaumedsde/alpine-qbittorrent-openvpn:latest running on Docker. Using docker-compose.
Traefik 2.0 providing a reverse proxy so I can serve my docker containers to my web server, get certificates, use Google OAuth, etc.
Basically my setup follows this docker/server guide fairly closely, except I swapped out transmission-openvpn for yours. :)
Because of Traefik, I can't access qbittorrent-openvpn on localhost:port. I have to access it at custom.local.ip.address:port.

`docker-compose.yml` file or `docker run` command

docker-compose

(Note: I serve my OpenVPN config from a separate file.)

version: "3.7"
services:
  qbittorrent-openvpn:
    container_name: qbittorrent-openvpn
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest
    cap_add:
      - NET_ADMIN
    restart: always
    networks:
      t2_proxy:
        ipv4_address: $QBITTORRENT_IP
    ports:
      - "$QBITTORRENT_PORT:8080"
    volumes:
      - "REDACTED:/config"
      - "REDACTED:/Storage"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      OPENVPN_PROVIDER:     (this is left blank)
      OPENVPN_CONFIG:     (this is left blank)
      OPENVPN_USERNAME: REDACTED
      OPENVPN_PASSWORD: REDACTED
      PUID: $PUID
      PGID: $PGID
      LAN: $LOCAL_NETWORK
      HEALTH_CHECK_HOST: bing.com
    labels:
      - "traefik.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.qbittorrent-rtr.entrypoints=https"
      - "traefik.http.routers.qbittorrent-rtr.rule=HostHeader(`qbittorrent.$DOMAINNAME`)"
      ## Middlewares
      - "traefik.http.routers.qbittorrent-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.qbittorrent-rtr.service=qbittorrent-svc"
      - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8080"

Attempted Fix(es)

Banging it. Yelling at it. Threatening it.
Researched docker-transmission-openvpn. I think they have some firewall settings, like:
ENABLE_UFW
UFW_ALLOW_GW_NET
UFW_EXTRA_PORTS

Wondering if you had any thoughts/ideas/suggestions.

PIA next gen servers change

The latest haugene/docker-transmission-openvpn does not contain the server opvn anymore. As such when running this docker it complains that it can't find the openvpn config file:
ERROR: Could not find OpenVPN configuration "US East" for provider PIA

The changes are referenced in haugene/docker-transmission-openvpn#1334

Error: write UDP: Operation not permitted (code=1) OPENVPN_PROVIDER=SLICKVPN

Information

I am setting up new container using SLICKVPN.

Current setup

REPOSITORY	TAG	IMAGE ID	CREATED	SIZE
guillaumedsde/alpine-qbittorrent-openvpn	latest	a2d32a5a96cc	30 hours ago	47.4MB

`docker-compose.yml` file

version: "3.8"
services:
  qbittorrent-vpn: 
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest
    container_name: qbittorrent-vpn
    hostname: kn-qbittorrent-vpn-01    
    environment:
      - OPENVPN_PROVIDER=SLICKVPN
      - OPENVPN_CONFIG=default
      - [email protected]
      - OPENVPN_PASSWORD=password
      - PUID=1000
      - PGID=1000
      - LAN=192.168.0.0/16
      - DNS=8.8.8.8
    volumes:
      - "/etc/localtime:/etc/localtime:ro"
      - C:\Data\Docker\Configs\qbittorrent-openvpn:/config
      - C:\Data\Docker\temp:/downloads
    ports:
      - "8085:8080"
    dns:
    - 8.8.8.8
    - 8.8.4.4      
    cap_add:
      - NET_ADMIN

Container Logs

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing... 
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing... 
Mon Nov 30 01:49:30 2020 TUN/TAP device tun0 opened
Mon Nov 30 01:49:30 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: SLICKVPN
A    slickvpn
A    slickvpn/Australia-Brisbane.ovpn
A    slickvpn/Australia-Melbourne.ovpn
A    slickvpn/Australia-Perth.ovpn
A    slickvpn/Australia-Sydney.ovpn
A    slickvpn/Austria-Graz.ovpn
A    slickvpn/Belgium-Ostend.ovpn
A    slickvpn/Brazil-Sao-Paulo.ovpn
A    slickvpn/Bulgaria-Sofia.ovpn
A    slickvpn/Canada-Montreal.ovpn
A    slickvpn/Canada-Quebec.ovpn
A    slickvpn/Canada-Toronto.ovpn
A    slickvpn/Canada-Vancouver.ovpn
A    slickvpn/Chile-Vina-del-Mar.ovpn
A    slickvpn/Czech-Republic-Prague.ovpn
A    slickvpn/Denmark-Copenhagen.ovpn
A    slickvpn/Estonia-Tallinn.ovpn
A    slickvpn/France-Lille.ovpn
A    slickvpn/France-Paris.ovpn
A    slickvpn/France-Strasbourg.ovpn
A    slickvpn/Germany-Frankfurt.ovpn
A    slickvpn/Germany-Nuernberg.ovpn
A    slickvpn/Hong-Kong-Hong-Kong.ovpn
A    slickvpn/Hungary-Budapest.ovpn
A    slickvpn/Iceland-Reykjavik.ovpn
A    slickvpn/India-Bangalore.ovpn
A    slickvpn/India-Madras.ovpn
A    slickvpn/India-Pune.ovpn
A    slickvpn/Indonesia-Jakarta.ovpn
A    slickvpn/Ireland-Dublin.ovpn
A    slickvpn/Isle-of-Man-Isle-Of-Man.ovpn
A    slickvpn/Israel-Tel-aviv.ovpn
A    slickvpn/Italy-Milano.ovpn
A    slickvpn/Japan-Tokyo.ovpn
A    slickvpn/Latvia-Riga.ovpn
A    slickvpn/Luxembourg-Luxemburg.ovpn
A    slickvpn/Malaysia-Kuala-Lumpur.ovpn
A    slickvpn/Netherlands-Amsterdam.ovpn
A    slickvpn/New-Zealand-Auckland.ovpn
A    slickvpn/Norway-Sandefjord.ovpn
A    slickvpn/Panama-Panama-City.ovpn
A    slickvpn/Poland-Gdansk.ovpn
A    slickvpn/Poland-Warsaw.ovpn
A    slickvpn/Portugal-Lisbon.ovpn
A    slickvpn/Romania-Bucharest.ovpn
A    slickvpn/Russia-Moscow.ovpn
A    slickvpn/Russia-St.Petersburg.ovpn
A    slickvpn/Singapore-Singapore.ovpn
A    slickvpn/Slovenia-Ljubljana.ovpn
A    slickvpn/South-Africa-Cape-Town.ovpn
A    slickvpn/Spain-Barcelona.ovpn
A    slickvpn/Spain-Madrid.ovpn
A    slickvpn/Sweden-Halmstad.ovpn
A    slickvpn/Sweden-Stockholm.ovpn
A    slickvpn/Switzerland-Zurich.ovpn
A    slickvpn/Taiwan-Taipei.ovpn
A    slickvpn/Thailand-Bangkok.ovpn
A    slickvpn/Turkey-Istanbul.ovpn
A    slickvpn/Ukraine-Kiev.ovpn
A    slickvpn/United-Kingdom-Coventry.ovpn
A    slickvpn/United-Kingdom-London.ovpn
A    slickvpn/United-Kingdom-Manchester.ovpn
A    slickvpn/United-Kingdom-Rochester.ovpn
A    slickvpn/United-Kingdom-Southampton.ovpn
A    slickvpn/United-States-Asheville.ovpn
A    slickvpn/United-States-Atlanta.ovpn
A    slickvpn/United-States-Boston.ovpn
A    slickvpn/United-States-Buffalo.ovpn
A    slickvpn/United-States-Charlotte.ovpn
A    slickvpn/United-States-Chicago.ovpn
A    slickvpn/United-States-Columbus.ovpn
A    slickvpn/United-States-Dallas.ovpn
A    slickvpn/United-States-Denver.ovpn
A    slickvpn/United-States-Dubuque-IA.ovpn
A    slickvpn/United-States-Houston.ovpn
A    slickvpn/United-States-Kansas-City.ovpn
A    slickvpn/United-States-Las-Vegas.ovpn
A    slickvpn/United-States-Los-Angeles.ovpn
A    slickvpn/United-States-Miami.ovpn
A    slickvpn/United-States-Morganton.ovpn
A    slickvpn/United-States-New-York.ovpn
A    slickvpn/United-States-Newark.ovpn
A    slickvpn/United-States-Palo-Alto.ovpn
A    slickvpn/United-States-Phoenix.ovpn
A    slickvpn/United-States-Roseburg.ovpn
A    slickvpn/United-States-Salt-Lake-City.ovpn
A    slickvpn/United-States-San-Diego.ovpn
A    slickvpn/United-States-San-Jose.ovpn
A    slickvpn/United-States-Seattle.ovpn
A    slickvpn/United-States-St.Louis.ovpn
A    slickvpn/United-States-Tampa.ovpn
A    slickvpn/United-States-Washington.ovpn
A    slickvpn/ca.crt
A    slickvpn/default.ovpn
Exported revision 2616.
INFO: Found OpenVPN configuration: "default" for provider "SLICKVPN" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing... 
iptables v1.8.4 (legacy): Port "443
443
443
443
443
443
443
443
443" does not resolve to anything.

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (legacy): Port "443
443
443
443
443
443
443
443
443" does not resolve to anything.

Try `iptables -h' or 'iptables --help' for more information.
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Mon Nov 30 01:49:33 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Mon Nov 30 01:49:33 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Mon Nov 30 01:49:33 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]107.182.139.59:443
Mon Nov 30 01:49:33 2020 UDP link local: (not bound)
Mon Nov 30 01:49:33 2020 UDP link remote: [AF_INET]107.182.139.59:443
Mon Nov 30 01:49:33 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:49:35 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:49:39 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:49:47 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:50:03 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:50:34 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 30 01:50:34 2020 TLS Error: TLS handshake failed
Mon Nov 30 01:50:34 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 30 01:50:39 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]174.127.75.120:443
Mon Nov 30 01:50:39 2020 UDP link local: (not bound)
Mon Nov 30 01:50:39 2020 UDP link remote: [AF_INET]174.127.75.120:443
Mon Nov 30 01:50:39 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:50:41 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:50:46 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:50:54 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:51:10 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:51:39 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 30 01:51:39 2020 TLS Error: TLS handshake failed
Mon Nov 30 01:51:39 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 30 01:51:45 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]96.126.113.159:443
Mon Nov 30 01:51:45 2020 UDP link local: (not bound)
Mon Nov 30 01:51:45 2020 UDP link remote: [AF_INET]96.126.113.159:443
Mon Nov 30 01:51:45 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:51:47 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:51:51 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:51:59 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:52:15 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:52:46 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 30 01:52:46 2020 TLS Error: TLS handshake failed
Mon Nov 30 01:52:46 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 30 01:52:51 2020 RESOLVE: Cannot resolve host address: gw2.dfw1.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:52:51 2020 RESOLVE: Cannot resolve host address: gw2.dfw1.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:52:51 2020 Could not determine IPv4/IPv6 protocol
Mon Nov 30 01:52:51 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Nov 30 01:52:56 2020 RESOLVE: Cannot resolve host address: gw2.dfw2.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:52:56 2020 RESOLVE: Cannot resolve host address: gw2.dfw2.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:52:56 2020 Could not determine IPv4/IPv6 protocol
Mon Nov 30 01:52:56 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Nov 30 01:53:01 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]198.58.117.6:443
Mon Nov 30 01:53:01 2020 UDP link local: (not bound)
Mon Nov 30 01:53:01 2020 UDP link remote: [AF_INET]198.58.117.6:443
Mon Nov 30 01:53:01 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:53:03 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:53:07 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:53:15 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:53:31 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:54:01 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 30 01:54:01 2020 TLS Error: TLS handshake failed
Mon Nov 30 01:54:01 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 30 01:54:06 2020 RESOLVE: Cannot resolve host address: gw3.dfw1.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:54:06 2020 RESOLVE: Cannot resolve host address: gw3.dfw1.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:54:06 2020 Could not determine IPv4/IPv6 protocol
Mon Nov 30 01:54:06 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Nov 30 01:54:11 2020 RESOLVE: Cannot resolve host address: gw3.dfw2.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:54:11 2020 RESOLVE: Cannot resolve host address: gw3.dfw2.slickvpn.com:443 (Name does not resolve)
Mon Nov 30 01:54:11 2020 Could not determine IPv4/IPv6 protocol
Mon Nov 30 01:54:11 2020 SIGUSR1[soft,init_instance] received, process restarting
Mon Nov 30 01:54:16 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]104.237.128.245:443
Mon Nov 30 01:54:16 2020 UDP link local: (not bound)
Mon Nov 30 01:54:16 2020 UDP link remote: [AF_INET]104.237.128.245:443
Mon Nov 30 01:54:16 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:54:18 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:54:22 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:54:30 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:54:46 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:55:16 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 30 01:55:16 2020 TLS Error: TLS handshake failed
Mon Nov 30 01:55:16 2020 SIGUSR1[soft,tls-error] received, process restarting
Mon Nov 30 01:55:21 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]107.182.139.59:443
Mon Nov 30 01:55:21 2020 UDP link local: (not bound)
Mon Nov 30 01:55:21 2020 UDP link remote: [AF_INET]107.182.139.59:443
Mon Nov 30 01:55:21 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:55:23 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:55:27 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:55:35 2020 write UDP: Operation not permitted (code=1)
Mon Nov 30 01:55:51 2020 write UDP: Operation not permitted (code=1)

Attempted Fix(es)

Changed DNS Values
Changed OPENVPN_CONFIG setting
Changed LAN value

bug

Information

RESOLVE: Cannot resolve host address: ca-montreal.privateinternetaccess.com:1198 (Try again),
Could not determine IPv4/IPv6 protocol

Current setup

rpi4
omv5
portainer 1.24.1

`docker-compose.yml` file or `docker run` command

docker run --cap-add=NET_ADMIN
-v local path:/downloads
-v local path:/config
-v /etc/localtime:/etc/localtime:ro
-e OPENVPN_PROVIDER=PIA
-e OPENVPN_CONFIG=CA\ Montreal
-e OPENVPN_USERNAME=username
-e OPENVPN_PASSWORD=password
-e PUID=998
-e PGID=100
-e LAN=192.168.1.0/24
-p 8080:8080
guillaumedsde/alpine-qbittorrent-openvpn:latest

how did you start the container? (don't forget to use backticks for creating a proper code block)
Via portainer, filling out everything via ui


## Attempted Fix(es)

_What you have tried in order to fix the issue_ (if anything)

Added DNS entries  (1.1.1.1, 8.8.8.8) in portainer, equivalent to --dns 1.1.1.1 --dns 8.8.8.8
Tried connecting to container to see if I could ping some URLs, but sendto is not permitted on this container

Unhealthy container?

Hi @guillaumedsde

My container is no longer working, and I have a bunch of errors in the logs. Any idea why?
It happened after an auto update from Watchtower. But I have tried to reinstall, but same error.

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __fstat_time64: symbol not found

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __gmtime64_r: symbol not found

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __nanosleep_time64: symbol not found

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __gettimeofday_time64: symbol not found

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __pthread_cond_timedwait_time64: symbol not found

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __stat_time64: symbol not found

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __lstat_time64: symbol not found

Error relocating /usr/lib/libtorrent-rasterbar.so.10: __time64: symbol not found

Error relocating /usr/bin/qbittorrent-nox: __nanosleep_time64: symbol not found

Error relocating /usr/bin/qbittorrent-nox: _ZNK7QString8splitRefERKS_6QFlagsIN2Qt18SplitBehaviorFlagsEENS3_15CaseSensitivityE: symbol not found

Error relocating /usr/bin/qbittorrent-nox: ZN10QJsonArrayC1EOS: symbol not found

Error relocating /usr/bin/qbittorrent-nox: _ZN11QJsonObjectC1ESt16initializer_listI5QPairI7QString10QJsonValueEE: symbol not found

Error relocating /usr/bin/qbittorrent-nox: _ZNK7QString5splitE5QChar6QFlagsIN2Qt18SplitBehaviorFlagsEENS2_15CaseSensitivityE: symbol not found

Error relocating /usr/bin/qbittorrent-nox: _ZN7QThread4waitE14QDeadlineTimer: symbol not found

Error relocating /usr/bin/qbittorrent-nox: _ZN10QJsonArrayC1ESt16initializer_listI10QJsonValueE: symbol not found

Error relocating /usr/bin/qbittorrent-nox: __stat_time64: symbol not found

Error relocating /usr/bin/qbittorrent-nox: _ZNK7QString8splitRefE5QChar6QFlagsIN2Qt18SplitBehaviorFlagsEENS2_15CaseSensitivityE: symbol not found

Error relocating /usr/bin/qbittorrent-nox: _ZNK7QString5splitERKS_6QFlagsIN2Qt18SplitBehaviorFlagsEENS3_15CaseSensitivityE: symbol not found

bug

Information

I am on a Synology DS218+. The OpenVPN part works fine (I am using AirVPN). qBitTorrent boots fine, and I can access the WebUI and change some settings. When I add some torrents, however, the get flagged as Errored and don't work. There is no more info, at least to my knowledge. I also don't see any logs anywhere, so I can only guess. I believe it is a permissions issue, or at least a user/group issue (see below).

The downloads folder can be accessed by root and a user called docker, whose PUID and PGID are 1027 and 100. I pass these values to the container, and the qBittorrent-nox process is started with PUID 1027 (as intended). However when running top, it says the user that is running qBittorrent-nox is 1027 (it shows the PUID instead of the username). That means the user has been deleted, or so I have read online.

Maybe that is the cause of the error. When I log in to the machine I can access the internet (DNS works fine too). I ran cut -d: -f1 /etc/passwd to list all users:

root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
man
postmaster
cron
ftp
sshd
at
squid
xfs
games
cyrus
vpopmail
ntp
smmsp
guest
nobody
openvpn
svn
catchlog

I don't know which one is supposedly the one that starts the qBit process (if any). I could suas them and check for permission issues.

Current setup

docker image tag	python
docker image hash)	`8eeac62e227dca69b1f00e08a72844be0ea4b553facc33a9ad09ce08183f148b`

`docker run` command

sudo docker run --cap-add=NET_ADMIN -d \
	-v /volume1/downloads/complete:/downloads \
	-v /volume1/docker/qbit-vpn/config:/config \
	-v /etc/localtime:/etc/localtime:ro \
	-v /volume1/docker/qbit-vpn/config.ovpn:/etc/openvpn/custom/default.ovpn \
	-e OPENVPN_PROVIDER=CUSTOM \
	-e OPENVPN_USERNAME=USER \
	-e OPENVPN_PASSWORD=PASS \
	-e PUID=1027 \
	-e PGID=100 \
	-p 8080:8080 \
	--sysctl net.ipv6.conf.all.disable_ipv6=0 \
	--name qBitTorrent-VPN \
	guillaumedsde/alpine-qbittorrent-openvpn:python

(Note, the --sysctl net.ipv6.conf.all.disable_ipv6=0 line is to disable an ipv6 error. I don't think the issue is network-related, as the vpn connects fine.)

Attempted Fix(es)

I have tried to run the container in privileged mode, but did not fix anything. I thought about chowning the directories to the qbit user, but as I said, it appears to have been removed.

NordVPN issue

Hi,

I am having difficulties with NordVPN. Anybody have an idea what I am doing wrong?

First I tried:
-v /my/path:/downloads
-v /etc/localtime:/etc/localtime:ro
-e OPENVPN_PROVIDER=NORDVPN
-e OPENVPN_USERNAME=“MyUserID”
-e OPENVPN_PASSWORD=“MyPass”
-e OPENVPN_CONFIG=DE\ Berlin
-e PGID=1000
-e PUID=1000
-e LAN=192.168.0.0/16
-p 8080:8080
guillaumedsde/alpine-qbittorrent-openvpn:latest

And got this:
INFO: Trying to use OpenVPN provider: NORDVPN
ERROR: Could not find OpenVPN configuration "" for provider NORDVPN

The same error for these two docker run:
-v /my/path:/downloads
-v /etc/localtime:/etc/localtime:ro
-e OPENVPN_PROVIDER=NORDVPN
-e OPENVPN_USERNAME=“MyUserID”
-e OPENVPN_PASSWORD=“MyPass”
-e OPENVPN_CONFIG=DE
-e PGID=1000
-e PUID=1000
-e LAN=192.168.0.0/16
-p 8080:8080
guillaumedsde/alpine-qbittorrent-openvpn:latest

and
-v /my/path:/downloads
-v /etc/localtime:/etc/localtime:ro
-e OPENVPN_PROVIDER=NORDVPN
-e OPENVPN_USERNAME=“MyUserID”
-e OPENVPN_PASSWORD=“MyPass”
-e NORDVPN_COUNTRY=CH
-e NORDVPN_PROTOCOL=udp
-e NORDVPN_CATEGORY=P2P
-e PGID=1000
-e PUID=1000
-e LAN=192.168.0.0/16
-p 8080:8080
guillaumedsde/alpine-qbittorrent-openvpn:latest

My final attempt was with a custom openvpn config file:
-v /my/path/:/downloads
-v /my/path/:/config
-v /etc/localtime:/etc/localtime:ro
-e OPENVPN_PROVIDER=
-e OPENVPN_USERNAME=“MyUserID”
-e OPENVPN_PASSWORD=“MyPass”
-e PGID=1000
-e PUID=1000
-e LAN=192.168.0.0/16
-p 8080:8080
guillaumedsde/alpine-qbittorrent-openvpn:latest

And got this error:
OpenVPN provider not set. Using configuration at /config/openvpn/config.ovpn
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing...
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Options error: In [CMD-LINE]:1: Error opening configuration file: /config/openvpn/config.ovpn
Use --help for more information.

Anybody know what I am doing wrong?
I can get haugene/docker-transmission-openvpn to work with the docker run no3, but I would prefer to use qBittorrent.

bug - DNS leak

Information

Following connecting to the VPN, the DNS servers returned by the VPN are ignored, continuing to use local DNS. This leaks DNS queries.

Current setup

Standard docker compose

Attempted Fix(es)

To apply the DNS servers returned when connecting to the open VPN server , you need to apply them with a bash script included in the openvpn package

Add --up /etc/openvpn/up.sh --scriptsecurity 2 --down /etc/openvpn/down.sh to the openvpn start command.

I've tried this, and it seems to fail as the openvpn user does not have write access to create a temp file in /etc/ and to replace /etc/resolv.conf with the updated file.

Ultimately, I think this is just a permissions hurdle to implement this fix - I'm just not that familiar with docker.

ref - https://wiki.archlinux.org/index.php/OpenVPN#DNS (client.up and client.down from arch linux package are already in alpine as /etc/openvpn/up.sh and /etc/openvpn/down.sh)

bug - "unauthorized" when accessing webui

Information

thans for the amazing image!
the initialization goes fine, at least the log seems to say that...
suddenly, it says
To control qBittorrent, access the Web UI at http://localhost:8080 (that is under nat to 8088 on the host due to existing binding, maybe it's the cause?)
and then accessing from fqdn:8088 gives me Unauthorized

Current setup

python image on Docker version 19.03.11, on Ubuntu 20.04.1 LTS kernel 5.4.0-54

`docker-compose.yml` file or `docker run` command

$ docker run --cap-add=NET_ADMIN -d \ -v xxx:/downloads \ -v xxx:/config \ -v /etc/localtime:/etc/localtime:ro \ -e OPENVPN_PROVIDER=PUREVPN \ -e OPENVPN_CONFIG=de2-ovpn-tcp \ -e OPENVPN_USERNAME=xxx \ -e OPENVPN_PASSWORD=xxx \ -e PUID=1000 \ -e PGID=1000 \ -e LAN=192.168.0.0/24 \ -p 8088:8080 \ guillaumedsde/alpine-qbittorrent-openvpn:python

NordVPN: could not find VPN_HOST in the VPN configuration

Information

I'm trying to use custom ovpn configuration (NordVPN provider), but container fails to start:

Attaching to qbit_qbittorrent_1
qbittorrent_1  | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
qbittorrent_1  | [s6-init] ensuring user provided files have correct perms...exited 0.
qbittorrent_1  | [fix-attrs.d] applying ownership & permissions fixes...
qbittorrent_1  | [fix-attrs.d] done.
qbittorrent_1  | [cont-init.d] executing container initialization scripts...
qbittorrent_1  | [cont-init.d] 01-setup-permissions: executing...
qbittorrent_1  | [cont-init.d] 01-setup-permissions: exited 0.
qbittorrent_1  | [cont-init.d] 02-setup-openvpn: executing...
qbittorrent_1  | Wed Sep  2 20:56:48 2020 TUN/TAP device tun0 opened
qbittorrent_1  | Wed Sep  2 20:56:48 2020 Persist state set to: ON
qbittorrent_1  | OpenVPN provider not set. Using configuration at /config/openvpn/config.ovpn
qbittorrent_1  | [cont-init.d] 02-setup-openvpn: exited 0.
qbittorrent_1  | [cont-init.d] 03-setup-iptables: executing...
qbittorrent_1  | awk: cmd. line:1: Is a directory
qbittorrent_1  | awk: cmd. line:1: Is a directory
qbittorrent_1  | awk: cmd. line:1: Is a directory
qbittorrent_1  | ERROR could not find VPN_HOST in the VPN configuration
qbittorrent_1  | [cont-init.d] 03-setup-iptables: exited 1.
qbittorrent_1  | [cont-finish.d] executing container finish scripts...
qbittorrent_1  | [cont-finish.d] done.
qbittorrent_1  | [s6-finish] waiting for services.
qbittorrent_1  | [s6-finish] sending all processes the TERM signal.
qbittorrent_1  | [s6-finish] sending all processes the KILL signal and exiting.
qbit_qbittorrent_1 exited with code 1

Current setup

information about your current setup

docker image tag:	latest
docker image hash (ex: `603b78e07727`)	a45e8ae29070

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)

docker-compose up

services:
  qbittorrent:
    volumes:
      - "/mnt/storage/qbittorrent/downloads:/downloads"
      - "/mnt/storage/qbittorrent/config:/config"
      - "/mnt/storage/qbittorrent/pl122.nordvpn.com.udp1194.ovpn:/config/openvpn/config.ovpn"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=
      - OPENVPN_USERNAME=***
      - OPENVPN_PASSWORD=***
      - PUID=1001
      - PGID=1001
      - LAN=192.168.1.0/24
    ports:
      - "9092:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

What you have tried in order to fix the issue (if anything)

no network route for LAN and docker network

"Unauthorized" upon connecting to the web interface

Information

describe the issue

when trying to connect to the web interface, it just says Unauthorized. am i connecting to the wrong ip? feeling dumb. also, when I tried to use OPENVPN_PROVIDER as PIA, i couldnt get it to find any of the configs like US Chicago, US Texas, etc. yes, I properly escaped the spaces.

Current setup

information about your current setup

using a custom openvpn config, but its just generated from pia openvpn config generator tool. replaced sensitive info with &'s, but thats the exact run command im using. I changed the LAN to 10.0.0.0 from 192.168.0.0 since thats the format my lan uses.

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)

docker run --cap-add=NET_ADMIN -d \
              -v /home/&&/ten/media/dl:/downloads \
              -v /home/&&/ten/media/tc:/config \
	      -v /home/&&/ten/media/tf:/torrents \
              -v /etc/localtime:/etc/localtime:ro \
	      --name qbit-vpn \
              -e OPENVPN_USERNAME=&&&&&&  \
              -e OPENVPN_PASSWORD=&&&&&& \
              -e PUID=1000 \
              -e PGID=1000 \
              -e LAN=10.0.0.0/16 \
              -p 8089:8080 \
              guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

What you have tried in order to fix the issue (if anything)

changed openvpn config, run command, different browser, even calling curl/wget from the server running the docker container also results in the "unauthorized" response

Iptables v1.8.4 (legacy): unknown protocol "'udp'" specified

Raspberry Pi OS Lite,
Release date: January 11th 2021
Kernel version: 5.4
openmediavault 5.5.23

Running the container produces an Iptables error

Iptables v1.8.4 (legacy): unknown protocol "'udp'" specified

This is followed by :

write UDP: Operation not permitted (code=1)

Errors (could be unrelated). Using PrivateVPN service.

.ovpn files are missing for PIA

After switching from qbittorrent-openvpn docker image to alpine-qbittorrent-openvpn, I'm getting the follow errors on startup:

2020-06-18T03:02:26.613925052Z Trying to use OpenVPN provider: PIA
2020-06-18T03:02:26.647451183Z Connecting to raw.githubusercontent.com (151.101.128.133:443)
2020-06-18T03:02:26.826554142Z wget: server returned error: HTTP/1.1 404 Not Found
2020-06-18T03:02:26.826780456Z ERROR: Could not find OpenVPN configuration for provider PIA at https://raw.githubusercontent.com/haugene/docker-transmission-openvpn/master/openvpn/pia/CA.ovpn

Enable port forwarding for PIA and Perfect Privacy VPN providers

haugene/transmission-openvpn includes some scripts to enable port forwarding for both PIA and Perfect Privacy. I've tested PIA and port forwarding is not working currently.

Surfshark Isue?

After a certain time a get the following error and the container goes to unhealthy.

Thu Jul 9 07:53:56 2020 cd to '/config/openvpn' failed: Permission denied (errno=13)
Thu Jul 9 07:53:56 2020 Exiting due to fatal error

in the container itself I get.

Host not set! Set env 'HEALTH_CHECK_HOST'. For now, using default google.com ping: sendto: Operation not permitted PING google.com (172.217.4.46): 56 data bytes Network is down

putting > - HEALTH_CHECK_HOST=8.8.8.8 in docker-compose and lets wait.

I'm Using
image: guillaumedsde/alpine-qbittorrent-openvpn:python and did a rebuild with the latest image.

Old verstion of qBittorrent?

This is more of a question..

Is there a reason as to why its still running v4,2.5 of qBittorrent?

4.3.0.1 is out 👍

bug

Information

I'm having issues with the server choice. I've used your exact server and others and I get the same error each time.

Output:

pi@nas:~/dc/qbit-vpn $ docker-compose up
Recreating qbit-vpn ... done
Attaching to qbit-vpn
qbit-vpn          | [s6-init] making user provided files available at /var/run/s6/etc...exited 0.
qbit-vpn          | [s6-init] ensuring user provided files have correct perms...exited 0.
qbit-vpn          | [fix-attrs.d] applying ownership & permissions fixes...
qbit-vpn          | [fix-attrs.d] done.
qbit-vpn          | [cont-init.d] executing container initialization scripts...
qbit-vpn          | [cont-init.d] 01-setup-permissions: executing...
qbit-vpn          | [cont-init.d] 01-setup-permissions: exited 0.
qbit-vpn          | [cont-init.d] 02-setup-openvpn: executing...
qbit-vpn          | Tue Nov 10 21:04:40 2020 TUN/TAP device tun0 opened
qbit-vpn          | Tue Nov 10 21:04:40 2020 Persist state set to: ON
qbit-vpn          | INFO: Trying to use OpenVPN provider: PIA
qbit-vpn          | A    pia
qbit-vpn          | A    pia/configure-openvpn.sh
qbit-vpn          | A    pia/update-port.sh
qbit-vpn          | Exported revision 2511.
qbit-vpn          | ERROR: Could not find OpenVPN configuration "France" for provider PIA
qbit-vpn          | [cont-init.d] 02-setup-openvpn: exited 1.
qbit-vpn          | [cont-finish.d] executing container finish scripts...
qbit-vpn          | [cont-finish.d] done.
qbit-vpn          | [s6-finish] waiting for services.
qbit-vpn          | [s6-finish] sending all processes the TERM signal.
qbit-vpn          | [s6-finish] sending all processes the KILL signal and exiting.

Current setup

information about your current setup

docker image tag guillaumedsde/alpine-qbittorrent-openvpn:latest
running on raspberry pi 4

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)


```yaml
version: "3.3"
services:
  qbittorrentvpn:
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest
    container_name: qbit-vpn
    cap_add:
      - NET_ADMIN
    environment:
      - OPENVPN_PROVIDER=PIA
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - OPENVPN_CONFIG=France # choose server
      - LOCAL_NETWORK=192.168.88.0/24
      - PUID=1000 # pi user info
      - PGID=1000 # pi user info
    ports:
      - 9092:9092
    volumes:
      - /media/hdd/docker/config/qbit-vpn/:/config
      - /media/hdd/media/downloads/:/downloads
    restart: unless-stopped
```

## Attempted Fix(es)

I've tried more than 5 different servers but all give the same error.  I imagine this maybe a syntax issue? But if it is, I don't know where to find the correct syntax.

expressvpn issue?

Attempting to use with expressvpn. container fails to start. it appears to be pulling the relevant .ovpn but looks to be missing some variables from somewhere? log:

Trying to use OpenVPN provider: EXPRESSVPN
Connecting to raw.githubusercontent.com (151.101.0.133:443)
saving to '/config/openvpn/config.ovpn'
config.ovpn          100% |********************************|  6131  0:00:00 ETA
'/config/openvpn/config.ovpn' saved
Found OpenVPN configuration: /config/openvpn/config.ovpn for provider EXPRESSVPN at https://raw.githubusercontent.com/haugene/docker-transmission-openvpn/master/openvpn/expressvpn/my_expressvpn_usa_-_san_francisco_udp.ovpn using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing... 
One of the following variables could not be detected in the VPN configuration:
    VPN_PROTO:  
    VPN_HOST:   usa-sanfrancisco-ca-version-2.expressnetw.com
    VPN_PORT:   1195
    
[cont-init.d] 03-setup-iptables: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

Using similar settings with haugene/docker-transmission-openvpn appears to function properly.

Issue with Surfshark | Could not find OpenVPN configuration

Hi,
First sorry for my bad English, I've an issue with the provider Surfshark, the error is the following :

qbittorrent-openvpn    | ERROR: Could not find OpenVPN configuration "FR\" for provider SURFSHARK
qbittorrent-openvpn    | [cont-init.d] 02-setup-openvpn: exited 1.
qbittorrent-openvpn    | [cont-finish.d] executing container finish scripts...
qbittorrent-openvpn    | [cont-finish.d] done.
qbittorrent-openvpn    | [s6-finish] waiting for services.
qbittorrent-openvpn    | [s6-finish] sending all processes the TERM signal.
qbittorrent-openvpn    | [s6-finish] sending all processes the KILL signal and exiting.

My compose configuration :
image: guillaumedsde/alpine-qbittorrent-openvpn:latest
container_name: qbittorrent-openvpn
restart: unless-stopped
environment:

OPENVPN_PROVIDER=SURFSHARK
OPENVPN_CONFIG=FR\
PUID=${PUID}
PGID=${PGID}
LAN=192.168.0.0/16
OPENVPN_USERNAME=
OPENVPN_PASSWORD=
cap_add:
NET_ADMIN
ports:
'8080:8080'
volumes:
${PATH_QBT}:/config
${PATH_MEDIA}:/data
`
I did some research in the closed issue but I couldn't find a solution.
Any help is welcome, and thanks in advance.
Regards,

Can not get it to work with Mullvad VPN

Information

Can not get it to work with Mullvad VPN. It works fine with example haugene/docker-transmission-openvpn.

Current setup

Running docker on Raspberry Pi 4.

`docker-compose.yml` file or `docker run` command

Using Docker Compose

qbit:
  image: guillaumedsde/alpine-qbittorrent-openvpn:latest
  container_name: qbit
  volumes:
    - "/home/pi/docker/qbittorrent/downloads:/downloads"
    - "/home/pi/docker/qbittorrent/config:/config"
    - "/etc/localtime:/etc/localtime:ro"
  environment:
    - OPENVPN_PROVIDER=MULLVAD
    - OPENVPN_CONFIG=se_all
    - OPENVPN_USERNAME=***  # Masked my real username
    - OPENVPN_PASSWORD=*** # Masked my real password
    - LAN=10.0.0.0/16
  ports:
    - '8080:8080'
  cap_add:
    - NET_ADMIN

Attempted Fix(es)

Tried various settings, but same "error".

Docker logs

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing... 
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing... 
Sun Nov 22 01:11:36 2020 TUN/TAP device tun0 opened
Sun Nov 22 01:11:36 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: MULLVAD
A    mullvad
A    mullvad/ae_all.ovpn
A    mullvad/al_all.ovpn
A    mullvad/at_all.ovpn
A    mullvad/au_all.ovpn
A    mullvad/be_all.ovpn
A    mullvad/bg_all.ovpn
A    mullvad/br_all.ovpn
A    mullvad/ca.crt
A    mullvad/ca_all.ovpn
A    mullvad/ch_all.ovpn
A    mullvad/cz_all.ovpn
A    mullvad/de_all.ovpn
A    mullvad/default.ovpn
A    mullvad/dk_all.ovpn
A    mullvad/es_all.ovpn
A    mullvad/fi_all.ovpn
A    mullvad/fr_all.ovpn
A    mullvad/gb_all.ovpn
A    mullvad/gr_all.ovpn
A    mullvad/hk_all.ovpn
A    mullvad/hu_all.ovpn
A    mullvad/ie_all.ovpn
A    mullvad/il_all.ovpn
A    mullvad/it_all.ovpn
A    mullvad/jp_all.ovpn
A    mullvad/lu_all.ovpn
A    mullvad/lv_all.ovpn
A    mullvad/md_all.ovpn
A    mullvad/nl_all.ovpn
A    mullvad/no_all.ovpn
A    mullvad/nz_all.ovpn
A    mullvad/pl_all.ovpn
A    mullvad/ro_all.ovpn
A    mullvad/rs_all.ovpn
A    mullvad/se_all.ovpn
A    mullvad/sg_all.ovpn
A    mullvad/update-resolv-conf
A    mullvad/us_all.ovpn
Exported revision 2581.
INFO: Found OpenVPN configuration: "se_all" for provider "MULLVAD" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing... 
iptables v1.8.4 (legacy): Port "1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302" does not resolve to anything.

Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (legacy): Port "1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302
1302" does not resolve to anything.

Try `iptables -h' or 'iptables --help' for more information.
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Sun Nov 22 01:11:39 2020 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sun Nov 22 01:11:39 2020 OpenVPN 2.4.9 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Sun Nov 22 01:11:39 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Sun Nov 22 01:11:39 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.65.135.152:1302
Sun Nov 22 01:11:39 2020 Socket Buffers: R=[180224->360448] S=[180224->360448]
Sun Nov 22 01:11:39 2020 UDP link local: (not bound)
Sun Nov 22 01:11:39 2020 UDP link remote: [AF_INET]185.65.135.152:1302
Sun Nov 22 01:11:39 2020 write UDP: Operation not permitted (code=1)
Sun Nov 22 01:11:41 2020 write UDP: Operation not permitted (code=1)
Sun Nov 22 01:11:45 2020 write UDP: Operation not permitted (code=1)
Sun Nov 22 01:11:54 2020 write UDP: Operation not permitted (code=1)

look into read only filesystem support

Container broken - Can't pull PIA configs

Looks like your container is suffering from the same problem that was resolved here:

haugene/docker-transmission-openvpn#1548

Was this issue addressed?

I am having the exact same symptoms.

INFO: Trying to use OpenVPN provider: PIA
A pia
A pia/configure-openvpn.sh
A pia/update-port.sh
Exported revision 2658.
Provider PIA has a custom startup script, executing it
Downloading OpenVPN config bundle openvpn into temporary file /tmp/tmp.cbaAnl
Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
ERROR: Could not find OpenVPN configuration "US Washington DC" for provider PIA
[cont-init.d] 02-setup-openvpn: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

Docker container not starting

Logs are below, but watchtower updated a couple days ago and I'm just now realizing the container will not start.
`

020-07-09 13:16:57	stdout	[s6-finish] sending all processes the KILL signal and exiting.
2020-07-09 13:16:54	stdout	[s6-finish] sending all processes the TERM signal.
2020-07-09 13:16:54	stdout	[s6-finish] waiting for services.
2020-07-09 13:16:54	stdout	[cont-finish.d] done.
2020-07-09 13:16:54	stdout	[cont-finish.d] executing container finish scripts...
2020-07-09 13:16:54	stdout	[cont-init.d] 02-setup-openvpn: exited 1.
2020-07-09 13:16:54	stdout	find: : No such file or directory
2020-07-09 13:16:54	stdout	find: : No such file or directory
2020-07-09 13:16:54	stdout	chown: : No such file or directory
2020-07-09 13:16:54	stdout	Strip non-directory suffix from FILENAME
2020-07-09 13:16:54	stdout
2020-07-09 13:16:54	stdout	Usage: dirname FILENAME
2020-07-09 13:16:54	stdout
2020-07-09 13:16:54	stdout	BusyBox v1.31.1 () multi-call binary.
2020-07-09 13:16:54	stdout	OpenVPN provider not set. Using configuration at /config/openvpn/US Texas.ovpn
2020-07-09 13:16:54	stdout	Thu Jul 9 13:16:53 2020 Persist state set to: ON
2020-07-09 13:16:53	stdout	Thu Jul 9 13:16:53 2020 TUN/TAP device tun0 opened
2020-07-09 13:16:53	stdout	[cont-init.d] 02-setup-openvpn: executing...
2020-07-09 13:16:53	stdout	[cont-init.d] 01-setup-permissions: exited 0.
2020-07-09 13:16:51	stdout	[cont-init.d] 01-setup-permissions: executing...
2020-07-09 13:16:51	stdout	[cont-init.d] executing container initialization scripts...
2020-07-09 13:16:51	stdout	[fix-attrs.d] done.
2020-07-09 13:16:51	stdout	[fix-attrs.d] applying ownership & permissions fixes...
2020-07-09 13:16:51	stdout	[s6-init] ensuring user provided files have correct perms...exited 0.
2020-07-09 13:16:50	stdout	[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
2020-07-07 17:38:35	stdout	[s6-finish] sending all processes the KILL signal and exiting.
2020-07-07 17:38:32	stdout	[s6-finish] sending all processes the TERM signal.
2020-07-07 17:38:32	stdout	[s6-finish] waiting for services.
2020-07-07 17:38:32	stdout	[cont-finish.d] done.
2020-07-07 17:38:32	stdout	[cont-finish.d] executing container finish scripts...
2020-07-07 17:38:32	stdout	[cont-init.d] 02-setup-openvpn: exited 1.
2020-07-07 17:38:32	stdout	find: : No such file or directory
2020-07-07 17:38:32	stdout	find: : No such file or directory
2020-07-07 17:38:32	stdout	chown: : No such file or directory
2020-07-07 17:38:32	stdout	Strip non-directory suffix from FILENAME
2020-07-07 17:38:32	stdout
2020-07-07 17:38:32	stdout	Usage: dirname FILENAME
2020-07-07 17:38:32	stdout
2020-07-07 17:38:32	stdout	BusyBox v1.31.1 () multi-call binary.
2020-07-07 17:38:32	stdout	OpenVPN provider not set. Using configuration at /config/openvpn/US Texas.ovpn
2020-07-07 17:38:32	stdout	Tue Jul 7 17:38:32 2020 Persist state set to: ON
2020-07-07 17:38:32	stdout	Tue Jul 7 17:38:32 2020 TUN/TAP device tun0 opened
2020-07-07 17:38:31	stdout	[cont-init.d] 02-setup-openvpn: executing...
2020-07-07 17:38:31	stdout	[cont-init.d] 01-setup-permissions: exited 0.
2020-07-07 17:38:29	stdout	[cont-init.d] 01-setup-permissions: executing...
2020-07-07 17:38:29	stdout	[cont-init.d] executing container initialization scripts...
2020-07-07 17:38:29	stdout	[fix-attrs.d] done.
2020-07-07 17:38:29	stdout	[fix-attrs.d] applying ownership & permissions fixes...
2020-07-07 17:38:29	stdout	[s6-init] ensuring user provided files have correct perms...exited 0.
2020-07-07 17:38:29	stdout	[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
2020-07-06 12:40:05	stdout	[s6-finish] sending all processes the KILL signal and exiting.
2020-07-06 12:40:02	stdout	[s6-finish] sending all processes the TERM signal.
2020-07-06 12:40:02	stdout	[s6-finish] waiting for services.
2020-07-06 12:40:02	stdout	[cont-finish.d] done.
2020-07-06 12:40:02	stdout	[cont-finish.d] executing container finish scripts...
2020-07-06 12:40:02	stdout	[cont-init.d] 02-setup-openvpn: exited 1.
2020-07-06 12:40:02	stdout	find: : No such file or directory
2020-07-06 12:40:02	stdout	find: : No such file or directory
2020-07-06 12:40:02	stdout	chown: : No such file or directory
2020-07-06 12:40:02	stdout	Strip non-directory suffix from FILENAME
2020-07-06 12:40:02	stdout
2020-07-06 12:40:02	stdout	Usage: dirname FILENAME
2020-07-06 12:40:02	stdout
2020-07-06 12:40:02	stdout	BusyBox v1.31.1 () multi-call binary.
2020-07-06 12:40:02	stdout	OpenVPN provider not set. Using configuration at /config/openvpn/US Texas.ovpn
2020-07-06 12:40:02	stdout	Mon Jul 6 12:40:02 2020 Persist state set to: ON
2020-07-06 12:40:02	stdout	Mon Jul 6 12:40:02 2020 TUN/TAP device tun0 opened
2020-07-06 12:40:01	stdout	[cont-init.d] 02-setup-openvpn: executing...
2020-07-06 12:40:01	stdout	[cont-init.d] 01-setup-permissions: exited 0.
2020-07-06 12:39:59	stdout	[cont-init.d] 01-setup-permissions: executing...
2020-07-06 12:39:59	stdout	[cont-init.d] executing container initialization scripts...
2020-07-06 12:39:59	stdout	[fix-attrs.d] done.
2020-07-06 12:39:59	stdout	[fix-attrs.d] applying ownership & permissions fixes...
2020-07-06 12:39:59	stdout	[s6-init] ensuring user provided files have correct perms...exited 0.
2020-07-06 12:39:59	stdout	[s6-init] making user provided files available at /var/run/s6/etc...exited 0.

Healthcheck keeps failing when checking for openvpn process

Information

When I start the container, the healthcheck always fails in the openvpn process detection. If I execute the lines manually, I see that there are 2 processes.

Current setup

Tag latest, digest sha256:0f5eea4cd0c73b7d66d73dcefcc6b3c97e63dd5269c3bd1904691a94cc80e9dd

`docker-compose.yml` file or `docker run` command

docker run --name=qbittorrent --hostname=qbittorrent \
    --cap-add=NET_ADMIN -d -v /volume1/Data/Downloads/Torrents/:/downloads \
    -v=/volume1/homes/qbittorrent/Austria.ovpn:/etc/openvpn/torguard/Austria.ovpn:ro \
    -v /volume1/docker/qbittorrent:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e DNS=1.1.1.1 \
    -e OPENVPN_PROVIDER=torguard \
    -e OPENVPN_CONFIG=Austria \
    -e OPENVPN_USERNAME=removed \
    -e OPENVPN_PASSWORD=removed \
    -e PUID=1032 \
    -e PGID=65537 \
    -e LAN=192.168.0.0/16 \
    -p 8080:8080 \
    --label='autoheal=true' \
    --network=mediaNet \
    --restart=always \
    guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

I changed the healthcheck script to the current format of transmission-openvpn. Now it works.

external program creates zombies

Information

Run external program on torrent completion is extremely fragile (static compile?) and crashes qbittorrent.

Current setup

information about your current setup

python 8eeac62e227d

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)


docker run \
       --name "bt" \
       --rm \
       --cap-add=NET_ADMIN \
       -v /bt/xfers:/downloads \
       -v /bt/config:/config \
       -v /etc/localtime:/etc/localtime:ro \
       -e OPENVPN_PROVIDER= \
       -e OPENVPN_CONFIG=default \
       -e OPENVPN_USERNAME="REDACTED" \
       -e OPENVPN_PASSWORD="REDACTED" \
       -e PUID=1000 \
       -e PGID=1000 \
       -e LAN=192.168.0.0/24 \
       -p 8080:8080 \
       $IMG

Attempted Fix(es)

Even a simple script with "date >> /config/log" for content zombies most of the time.

#/bin/sh

# /config/complete.sh "%I" "%R"

set -x

WEBUI="http://localhost:8080/api/v2/torrents"
HASH="$1"
RDIR="$2"

if [ "${HASH}" == "" ]; then exit; fi
if [ "$RDIR" == "" ]; then exit; fi
test ! -e "${RDIR}" && exit

function dl {
    curl --cookie 'SID=REDACTED' "${WEBUI}/$1"
}

if [ -n "${HASH}" ]; then
    dl "resume?hashes=$HASH"
    dl "removeTags?hashes=$HASH"
fi

if [ -n "${HASH}" ]; then
    dl "addTags?tags=syncing&hashes=$HASH"
fi


#

Gettings lots of Operation not permitted (code=1)

Information

Unable to download p2p files in qBitTorrent, however, the application does start

Current setup

Ubuntu Server running lts, using docker container to run

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)

version: "3.3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - /media/data:/data
      - /home/nate/docker/qbit2/config:/config
      - /media/data/movies/airvpn.ovpn:/config/openvpn/config.ovpn
      #- "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=
      #- OPENVPN_CONFIG=ca_toronto
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - PUID=1000
      - PGID=1000
      - LAN=10.0.0.1/24
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

Restarting container
Rework config (guid and puid)
Using airVPN which may pose some issues, I followed the information on the wiki to properly configure it via the opvn config

Log file

https://gist.github.com/Demon-tk/8bf9dcf1770d7c75c8fc21c555101d91

document environment variables

write UDP: Operation not permitted (code=1) using ExpressVPN

Information

Here is what I got inside my portainer logs :

Mon Jan 11 22:40:40 2021 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.


Mon Jan 11 22:40:40 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.43.194:1195


Mon Jan 11 22:40:40 2021 Socket Buffers: R=[180224->360448] S=[180224->360448]


Mon Jan 11 22:40:40 2021 UDP link local: (not bound)


Mon Jan 11 22:40:40 2021 UDP link remote: [AF_INET]84.17.43.194:1195


Mon Jan 11 22:40:40 2021 write UDP: Operation not permitted (code=1)


Mon Jan 11 22:40:42 2021 write UDP: Operation not permitted (code=1)


Mon Jan 11 22:40:46 2021 write UDP: Operation not permitted (code=1)


Mon Jan 11 22:40:54 2021 write UDP: Operation not permitted (code=1)


Mon Jan 11 22:41:10 2021 write UDP: Operation not permitted (code=1)


Mon Jan 11 22:41:40 2021 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)


Mon Jan 11 22:41:40 2021 TLS Error: TLS handshake failed


Mon Jan 11 22:41:40 2021 SIGUSR1[soft,tls-error] received, process restarting


Mon Jan 11 22:41:40 2021 Restart pause, 5 second(s)

Current setup

I'm using a Raspberry pi 4 running on Raspberry pi OS.
I use a manual config.ovpn (I run a first time without and I got an error, then I move my config.ovpn inside /openvpn/config.ovpn
then I restart the container.

`docker-compose.yml` file or `docker run` command

version: "3.7"
services:
  alpine-qbittorrent-openvpn:
    container_name: qbittorrentvpn
    volumes:
      - /mnt/BLACKPEARL/seedbox:/downloads
      - ~/docker/qbittorrent:/config
      - /etc/localtime:/etc/localtime:ro
    environment:
      - OPENVPN_USERNAME=expressvpnusername
      - OPENVPN_PASSWORD=expressvpnpassword
      - PUID=1000
      - PGID=1000
      - LAN=192.168.1.0/24
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

Here is my config.ovpn

dev tun
fast-io
persist-key
persist-tun
nobind
remote france-paris-2-ca-version-2.expressnetw.com 1195
remote-random
pull
comp-lzo no
tls-client
verify-x509-name Server name-prefix
ns-cert-type server
key-direction 1
route-method exe
route-delay 2
tun-mtu 1500
fragment 1300
mssfix 1200
verb 3
cipher AES-256-CBC
keysize 256
auth SHA512
sndbuf 524288
rcvbuf 524288
auth-user-pass

CERTIFICATE

Attempted Fix(es)

Tried to change the server inside the config.ovpn
Tried to use NordVPN (but I can't make it work)

Thanks !

Port forwarding

Are there any plans of supporting port forwarding in this project?

iptables invalid port/service

I don't know whether this is related to the provider or a more general bug. The error seems to be related to iptables:

[cont-init.d] 03-setup-iptables: executing... 
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.

$ dc version
docker-compose version 1.26.0dev, build unknown
docker-py version: 4.3.1
CPython version: 3.7.6
OpenSSL version: OpenSSL 1.1.1g  21 Apr 2020

torr:
    container_name: torr
    image: guillaumedsde/alpine-qbittorrent-openvpn:development  # i also tried `latest` and `python`
    volumes:
      - /home/hadim/Configurations/torr/config:/config
      - "/etc/localtime:/etc/localtime:ro"
      - freda_Download:/downloads
    environment:
      - PGID=1000
      - PUID=1000
      - TZ=EST
      - UMASK_SET=022
      - OPENVPN_PROVIDER=PROTONVPN
      - OPENVPN_CONFIG=ca-27.protonvpn.com.tcp  # I also tried using `udp`
      - OPENVPN_USERNAME=xxxxxx
      - OPENVPN_PASSWORD=xxxxxxxx
      - LAN=192.168.0.0/16
      # - CREATE_TUN_DEVICE=true
      - QBT_WEBUI_PORT=8788
      # - WEBPROXY_ENABLED=false
      # - DNS=1.1.1.1
      # - HEALTH_CHECK_HOST=8.8.8.8
    ports:
      - 8788:8080
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    dns:
      - 1.1.1.1
      - 8.8.8.8
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.torr.rule=Host(`torr.xxxx.org`)"
      - "traefik.http.routers.torr.entrypoints=websecure"
      - "traefik.http.routers.torr.tls.certresolver=mydnschallenge"
      - "traefik.http.services.torr.loadbalancer.server.port=8788"

and here is the associated error when running the service:

Attaching to torr
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing... 
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing... 
Thu Sep 10 13:51:02 2020 TUN/TAP device tun0 opened
Thu Sep 10 13:51:02 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: PROTONVPN
A
A    protonvpn/us-wa-16.protonvpn.com.tcp.ovpn
A    protonvpn/us-wa-16.protonvpn.com.udp.ovpn
A    protonvpn/za-05.protonvpn.com.tcp.ovpn
A    protonvpn/za-05.protonvpn.com.udp.ovpn
A    protonvpn/za-06.protonvpn.com.tcp.ovpn
A    protonvpn/za-06.protonvpn.com.udp.ovpn
A    protonvpn/za-07.protonvpn.com.tcp.ovpn
A    protonvpn/za-07.protonvpn.com.udp.ovpn
# ...
A    protonvpn/za-08.protonvpn.com.tcp.ovpn
A    protonvpn/za-08.protonvpn.com.udp.ovpn
A    protonvpn/za-09.protonvpn.com.tcp.ovpn
A    protonvpn/za-09.protonvpn.com.udp.ovpn
A    protonvpn/za-10.protonvpn.com.tcp.ovpn
A    protonvpn/za-10.protonvpn.com.udp.ovpn
A    protonvpn/za-11.protonvpn.com.tcp.ovpn
A    protonvpn/za-11.protonvpn.com.udp.ovpn
A    protonvpn/za-12.protonvpn.com.tcp.ovpn
A    protonvpn/za-12.protonvpn.com.udp.ovpn
Exported revision 2308.
INFO: Found OpenVPN configuration: "ca-27.protonvpn.com.tcp" for provider "PROTONVPN" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing... 
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.
iptables v1.8.4 (legacy): invalid port/service `443
5995
8443' specified
Try `iptables -h' or 'iptables --help' for more information.
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Thu Sep 10 13:51:05 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Thu Sep 10 13:51:05 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Thu Sep 10 13:51:05 2020 NOTE: --fast-io is disabled since we are not using UDP
Thu Sep 10 13:51:05 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Sep 10 13:51:05 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Sep 10 13:51:05 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xx.xx:443

PR: enfore TUN as network interface and reverse-proxy

1. for an easier security, it might be worth it to enforce the connection only through TUN

which could be hardcoded in ./qBittorrent/qBittorrent.conf

[Preferences]
Connection\Interface=tun1
Connection\InterfaceName=tun1

2. I didn't know how to write it in the README, and or if it was appropriate, but this container work well with the reverse proxy config proposed by linux-server with their container SWAG

https://github.com/linuxserver/reverse-proxy-confs

Synology Permission Issue

The current version(docker) is resetting all user folder permissions for my downloads folder when started. It changes the folder permission to only allow the docker user access.

NordVPN: updateConfigs.sh not found

Information

Whenever I attempt to use NordVPN with this container I get the following error:

/var/run/s6/etc/cont-init.d/02-setup-openvpn: /etc/openvpn/nordvpn/configure-openvpn.sh: line 12: 
/etc/openvpn/nordvpn/updateConfigs.sh: not found

ERROR: Could not find OpenVPN configuration "" for provider NORDVPN

This occurs both with the suggested configuration as well as with the NordVPN specific env variables as mentioned here: https://haugene.github.io/docker-transmission-openvpn/nordvpn-script/

As the files for NordVPN are coming from docker-transmission-openvpn, I also tried that container with the same configuration. The problem does not appear there.

My suspicion is that the script is looking for the file in the wrong place. I think it's because of the "${VPN_PROVIDER_HOME} variable. Trying to confirm that.

Current setup

Docker image tag: latest
Docker image hash: sha256:8157f288e27d2b642f0aefd72b6f86174185e6e4eb310063d2d4b85720199dd6

`docker-compose.yml` file or `docker run` command

Started using docker-compose.yaml:

version: "3.3"
services:
  alpine-qbittorrent-openvpn:
    volumes:
      - "/your/storage/path/:/downloads"
      - "/path/to/config/directory:/config"
      - "/etc/localtime:/etc/localtime:ro"
    environment:
      - OPENVPN_PROVIDER=NORDVPN
      - OPENVPN_CONFIG=NL\
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - PUID=1000
      - PGID=1000
      - LAN=192.168.0.0/16
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest

Attempted Fix(es)

Set "behavior if S2 fails" to 0 to prevent termination
Went into the container to verify whether updateConfigs.sh exists (it does)
Tried with NordVPN-specific env variables (did not work)

No connection to VPN Unlimited

Information

I get no successful connection to VPN Unlimited.

I always get the error: write UDP: Operation not permitted (code=1)

log file: log.zip

Current setup

Synology: DSM 6.2.3-25426 Update 2;
Docker: 18.09.0-0513

Last working version: 6b74919

With all releases after that, I have no success.

`docker-compose.yml` file or `docker run` command

docker run --name qBittorrent_4.3_VPN_dev --device=/dev/net/tun --cap-add=NET_ADMIN --restart=always -d \
              -v /volume1/docker/qBittorrent_VPN_4.3_dev/config:/config \
              -v /volume1/Serien/geladen:/downloads \
              -v /volume1/docker/qBittorrent_VPN_4.3_dev/downloading:/downloading \
              -v /volume1/homes/fischy667/Filme:/Filme \
              -v /volume1/homes/fischy667/Wrestling:/Wrestling \
              -e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60 --mute-replay-warnings" \
              -e "OPENVPN_PROVIDER=VPNUNLIMITED" \
              -e "OPENVPN_CONFIG=lu" \
              -e "OPENVPN_USERNAME=*****" \
              -e "OPENVPN_PASSWORD=*****" \
              -e "LAN=192.168.1.0/24" \
              -e "WEBPROXY_ENABLED=false" \
              -e "PUID=1000" \
              -e "PGID=1000" \
              -p 8080:8080 \
              -p 16882:16882 \
              guillaumedsde/alpine-qbittorrent-openvpn:development

I'm running 6b74919 with the same settings and command successfully.

ERROR: could not drop iptables rule allowing DNS traffic

Having an issue with connective to my container, this is the log below:

Fri Jun 12 08:01:28 2020 VERIFY EKU OK,
Fri Jun 12 08:01:28 2020 VERIFY OK: depth=0, C=CA, ST=ON, O=Windscribe Limited, OU=Operations, CN=Windscribe Node Server 4096,
Fri Jun 12 08:01:29 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1604', remote='link-mtu 1552',
Fri Jun 12 08:01:29 2020 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM',
Fri Jun 12 08:01:29 2020 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]',
Fri Jun 12 08:01:29 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA,
Fri Jun 12 08:01:29 2020 [Windscribe Node Server 4096] Peer Connection Initiated with [AF_INET]173.44.36.67:1194,
Fri Jun 12 08:01:35 2020 Data Channel: using negotiated cipher 'AES-256-GCM',
Fri Jun 12 08:01:35 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key,
Fri Jun 12 08:01:35 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key,
Fri Jun 12 08:01:35 2020 TUN/TAP device tun1 opened,
Fri Jun 12 08:01:35 2020 /usr/sbin/ip-su link set dev tun1 up mtu 1500,
Fri Jun 12 08:01:35 2020 /usr/sbin/ip-su addr add dev tun1 ipaddress broadcast ipaddress,
Fri Jun 12 08:01:35 2020 Initialization Sequence Completed,
Could not create required directory '/config/qBittorrent/cache/',
iptables: Bad rule (does a matching rule exist in that chain?).,
iptables: Bad rule (does a matching rule exist in that chain?).,
iptables: Bad rule (does a matching rule exist in that chain?).,
iptables: Bad rule (does a matching rule exist in that chain?).,
ERROR: could not drop iptables rule allowing DNS traffic,
iptables: Bad rule (does a matching rule exist in that chain?).,

Permission gets changed in the downloads folder,

So I've had a few problems with the docker. Im quite new to the whole docker and linux thing. However Ive got it to a semi usable place now.

So I did not know that I needed to pass it a localtion for the config as It is not stated anywhere in the page. So when I ran it without the argument it returned an error passing it the default that u provided created the paths from / which in hindsight is normal behavior i had hopped it would recognize this and keep the configs inside the docker.
The downloads variable is not working properly? It's just creating a downloads folder inside the config;/qBittorrent/downloads/
I gave it the argument to have the config in a good position. So I can access it and it isent that big of a deal now would just be nice to have it be placed somewhere else. I also noticed that if I try and change the default save path in the qBittorrent web panel its root folder is the same as the config:
and biggest issue right now for me as I have not found a solution? A umask argument at docker container creation would be really nice. as I really would like a umask with 0775 as ive set the folder up with samba so I can access it from my other machines including windows. Meaning I can delete/change/execute anything from windows without having to ssh and chmoding everything. I could just set up a script to chmod which is quite messy but is fairly easy. Problem is then that the docker is chmodding the config: to 700? and the rest to only read access on the group and guest. I think some folders might be different didnt check all of them. A lot of the reason im having issues is also because im running samba with a different user but in the same group. I know I could easily change this however It would be nice if I could keep it like this and also i feel like it might be more secure atleast in some aspects?

Sorry if you feel like im harping on you I really think this is really well done and youve stripped out so much so it runs amazingly well with high amounts of security and efficiency. English is not my native language so everything I write might not be 100% but i hope you understand me. And you have time to read all of this

;)

container overlay size increase when a new torrent is added

Information

container overlay size increases when a new torrent is added;
[root@ms2 var]# du -Sh /var/lib/docker/overlay2/0c24011afcc11fb3a1f86874a81b59f659ce02fa017ad1ee5603831c2a4d3193/merged/run/s6/services/qbittorrent | sort -rh | head -5
97G /var/lib/docker/overlay2/0c24011afcc11fb3a1f86874a81b59f659ce02fa017ad1ee5603831c2a4d3193/merged/run/s6/services/qbittorrent
12K

Also the incomplete torrent files are created on the correct location

Current setup

Docker on CentOS7 host

guillaumedsde/alpine-qbittorrent-openvpn:latest@sha256:2ae14174f55be6a17a7128f2d0352d3b05239a00eaf26b4801691d7b213becda

`docker-compose.yml` file or `docker run` command

how did you start the container? (don't forget to use backticks for creating a proper code block)

version: "3.3"
  qbittorrentvpn:
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest
    container_name: qbittorrentvpn
    hostname: qbittorrentvpn_MS2
    restart: always
    networks:
      t2_proxy:
        ipv4_address: ${QBITTORRENTVPN_IP_INTERNAL} # You can specify a static IP,192.168.90.230
    cap_add:
      - NET_ADMIN
    ports:
      - "$QBITTORRENTVPN_SEED_PORT:6881"
      - "$QBITTORRENTVPN_SEED_PORT:6881/udp"
      - "$QBITTORRENTVPN_GUI_PORT:8080"
    privileged: true
    environment:
      OPENVPN_USERNAME: $EXPRESSVPN_USERNAME
      OPENVPN_PASSWORD: $EXPRESSVPN_PASSWORD
      OPENVPN_PROVIDER: $VPN_PROVIDER
      OPENVPN_CONFIG: $VPN_SERVER
      LAN_NETWORK: $LOCAL_NETWORK
      NAME_SERVERS: 8.8.8.8,209.222.18.222,84.200.69.80,37.235.1.174,209.222.18.218,37.235.1.177,84.200.70.40
      PUID: $PUID
      PGID: $PGID
      TZ: $TZ
      UMASK_SET: 002
    volumes:
      - $USERDIR/QBittorrentVPN/config:/config
      - $GDRIVE_1/downloads/complete:/downloads/complete
      - $GDRIVE_1/downloads/incomplete:/downloads/incomplete
      - /etc/localtime:/etc/localtime:ro
    labels:
      - "docker.group=922-MS2-Download"

Attempted Fix(es)

Download location is set to be on a different drive than /var, and it

guillaumedsde / alpine-qbittorrent-openvpn Goto Github PK

alpine-qbittorrent-openvpn's Introduction

✔️ Features summary

🏁 How to Run

docker run

docker-compose.yml

🖥️ Supported platforms

🚇 OpenVPN configuration

Officially supported

Custom OpenVPN config

🔍 qBittorrent torrent search

🐌 Limitations

Enhancements

🙏 Credits

alpine-qbittorrent-openvpn's People

Contributors

Stargazers

Watchers

Forkers

alpine-qbittorrent-openvpn's Issues

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

Information

Current setup

qbittorrent.yaml file for k3s

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

-- | -- I do not know if EXpressVPN support port forwarding or I need to enable it here

Information

Logs

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

Information

Current setup

docker-compose.yml file

Container Logs

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

Information

Current setup

docker run command

Attempted Fix(es)

Information

Current setup

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

Information

Current setup

docker-compose.yml file or docker run command

Attempted Fix(es)

Information

Current setup

docker-compose.yml file or docker run command

`docker run`

`docker-compose.yml`

`docker-compose.yml` file or `docker run` command

`qbittorrent.yaml` file for k3s

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

-- | --
I do not know if EXpressVPN support port forwarding or I need to enable it here

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file

`docker-compose.yml` file or `docker run` command

`docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command

`docker-compose.yml` file or `docker run` command