OMV6 With qbittorrent and wireguard?

goodtime · 19. Juli 2023

Hello, I was wondering if anyone could help me out with a docker stack I am running in portainer. Everything seems to work except getting trackers. Trackers are unreachable. My guess is an issue with PEERDNS. I've tried setting it to auto, 8.8.8.8, and the DNS value in my wireguard [interface] config with no luck.

Code

version: "2.1"
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard
    container_name: qbittorrent_wireguard
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    ports:
      - 6881:6881 # qBittorrent TCP
      - 6881:6881/udp # qBittorrent UDP
      - 8080:8080 # qBittorrent WebUI
    environment:
      - PUID=1002 # non-root host uid
      - PGID=100
      - TZ=MYTIMEZONE
      - PEERDNS=auto
    volumes:
      - /PublicData/DockerConfig/wireguard_client:/config
      - /lib/modules:/lib/modules
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1 # not sure what this does
      - net.ipv6.conf.all.disable_ipv6=0 # not sure what this does
    restart: unless-stopped

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent
    container_name: qbittorrent
    environment:
      - PUID=1002 # non-root host uid
      - PGID=100
      - TZ=MYTIMEZONE
      - WEBUI_PORT=8080
    volumes:
      - MYPATHTOCONFIG:/config
      - MYPATHTODOWNLOADS:/downloads
    network_mode: service:wireguard
    restart: unless-stopped

Alles anzeigen

I also added the following lines to the wireguard config, this was needed to be able to hit the qbittorrent web ui on port 8080 on the ip of my omv server, which is on my local network/router.

Code

PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d $HOMENET3 -j ACCEPT;  iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via $DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT

Thanks in advance!

gderf · 20. Juli 2023

You don't say what hardware you are running on, and this will greatly influence any suggestions you might get.

goodtime · 20. Juli 2023

Running on desktop hardware. AMD 5600G, 16GB RAM, MSI PRO B450-A PRO MAX motherboard.

gderf · 20. Juli 2023

Zitat von goodtime

Running on desktop hardware. AMD 5600G, 16GB RAM, MSI PRO B450-A PRO MAX motherboard.

Do yourself a big favor and run this image instead.

https://hub.docker.com/r/dyonr/qbittorrentvpn/

If you need a copy of my compose file, just ask and I will provide a sanitized copy.

goodtime · 20. Juli 2023

Thank you so much! That image is working for me. For reference, I added my composer file below.

By the way, are you aware the repo for this image has been archived? So, I don't think it's being maintained anymore.

GitHub - DyonR/docker-qbittorrentvpn: Docker container which runs a qBittorent-nox client with an optional WireGuard or OpenVPN connection

Docker container which runs a qBittorent-nox client with an optional WireGuard or OpenVPN connection - GitHub - DyonR/docker-qbittorrentvpn: Docker container…

github.com

Code

version: "2"
services:
  qbittorrentvpn:
    image: dyonr/qbittorrentvpn:latest
    container_name: qbittorrentvpn
    privileged: true   
    environment:
      - PUID=1002 # user I created in OMV web dashboard
      - PGID=100 # default
      - VPN_ENABLED=yes
      - VPN_TYPE=wireguard
      - LAN_NETWORK=192.168.0.0/16 # For reference, I access OMV at 192.168.50.77. My router web portal is on 192.168.50.1
    ports:
      - 8080:8080
      - 8999:8999
      - 8999:8999/udp
    sysctls: # I don't really understand, but these settings fixed RTNETLINK answers: Permission denied 
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
    volumes:
      - /myconfigpath:/config
      - /mydownloadspath:/downloads
    restart: unless-stopped

Alles anzeigen

goodtime · 20. Juli 2023

The GitHub repo was just archived on the 16th

gderf · 20. Juli 2023

Thanks for pointing that out. I wish the author could be contacted to find out what happened. I have built the image from the docker file a few times so it may be possible to maintain it locally.

gderf · 31. August 2023

Qbt 4.5.4 was the last version for which the author pushed an image.

Qbt 4.5.5 is out now, and if you have the build environment (build-essential) on your system, you can build an image yourself with docker by running docker build --no-cache https://github.com/DyonR/docker-qbittorrentvpn.git.

Or if you don't want to build your own image, I offer mine below. I added curl and wget to the build for those who like to bash into the container and check the IP being used by running curl ifconfig.io

Use this image in your compose file: gderf/qbittorrentvpn:4.5.5

For the image documentation, refer to the original author's page: https://hub.docker.com/r/dyonr/qbittorrentvpn/

BernH · 31. August 2023

It's too bad that he stopped maintaining it. That said I'm very grateful that you have picked it up, improved it a little and are willing to share.

To that end, might I make a suggestion that you try to implement the :latest tag in your docker repo so a pull would automatically grab the latest one, assuming you are going to update it periodically.

Also, I just tried to change the image in my container to your's, but it isn't starting because I'm getting UID and GID not found errors. Reverting back to the DyobR image makes the error go away.

gderf · 31. August 2023

I think I know why it isn't starting for you. When I added wget and curl to it, I didn't do that as part of building the image. What I did was to add those two programs into my running container and then push an image out of it. So there are likely going to be other problems that would surface.

What I will do now is build it from scratch, not extract it from a running container.

I'll fix this up and post back when done.

BernH · 31. August 2023

Thanks

I used to bash in and add curl when I wanted to confirm the functionality of the VPN. Easy to do and not a big deal.

I had contemplated modifying/building one myself, but I have never built a container before and have not had the free time lately to learn how.

gderf · 31. August 2023

OK, I rebuilt the image properly this time and uploaded to the repo using the tags 4.5.5 and latest.

Give it a try and let me know if it loads error free.

I am keeping an eye on the progress of Qbt v4.6. It's in release candidate stage now and once it is released I will try making an image.

BlueCoffee · 31. August 2023

Zitat von gderf

OK, I rebuilt the image properly this time and uploaded to the repo using the tags 4.5.5 and latest.

Give it a try and let me know if it loads error free.

I am keeping an eye on the progress of Qbt v4.6. It's in release candidate stage now and once it is released I will try making an image.

Why do you use qbittorent with VPN? I just use qbittorent. So curious as to why vpn just on qtorrent

gderf · 31. August 2023

Zitat von BlueCoffee

Why do you use qbittorent with VPN? I just use qbittorent. So curious as to why vpn just on qtorrent

The purpose of using qbittorrent with VPN is to not expose your real IP address when torrenting. The IP of the VPN is exposed instead.

BlueCoffee · 31. August 2023

Zitat von gderf

The purpose of using qbittorrent with VPN is to not expose your real IP address when torrenting. The IP of the VPN is exposed instead.

how can wireguard do this?

gderf · 31. August 2023

Zitat von BlueCoffee

how can wireguard do this?

You have to connect to a VPN service which generally costs some money.

BlueCoffee · 31. August 2023

Zitat von gderf

You have to connect to a VPN service which generally costs some money.

yea that's what a thought. You have to trust them. the wireguard in the name title peaked my Interest.

gderf · 31. August 2023

Zitat von BlueCoffee

yea that's what a thought. You have to trust them. the wireguard in the name title peaked my Interest.

Yes, you have to trust them, and I do. I've been connected to the service I use continuously 24/7 for more than eight years. The only thing I ever hear from them is my annual renewal bill.

BlueCoffee · 31. August 2023

Zitat von gderf

Yes, you have to trust them, and I do. I've been connected to the service I use continuously 24/7 for more than eight years.

That's nice good for you trust is hard to come by online.

Zitat von gderf

The only thing I ever hear from them is my annual renewal bill.

Is that good or bad for you? I wonder who else hears from them.

gderf · 31. August 2023

Zitat von BlueCoffee

That's nice good for you trust is hard to come by online.
Is that good or bad for you? I wonder who else hears from them.

They claim that their service is configured in such a way that they can not identify what an individual customer is doing, they do not log, etc.

It is possible for anyone to see what is being bittorrent trafficked on any of their server IPs, but this doesn't identify customer IP addresses.

Here's a link that shows the last six days of bittorrent traffic for one of the server IPs. Note that all the XXX porn is highlighted!

https://iknowwhatyoudownload.com/en/peer/?ip=209.205.204.218

OMV6 With qbittorrent and wireguard?

KM0201 19. Juli 2023

Jetzt mitmachen!

Tags