OMV6 With qbittorrent and wireguard?

gderf · 23. Februar 2024

Opening router ports is pointless for downloading torrents with this image. If you feel you must do this for seeding purposes, then you will have to forward the port at your VPN provider's side of the connection, not in your router. Not all VPN providers offer this feature.

Leave the port 8999 statements as is in the compose file and in the Listening port connection setting in the qbt GUI. I have never found a difference with changing these or even leaving them out of the compose file.

If you are concerned about the Connection Status icon being a red flame instead of a green globe, this seems to be cosmetic only. But you can try changing this setting in the Qbt GUI: Connection | Peer connection protocol to: TCP and uTP.

The "qBittorrent client is not reachable" in red at the screen bottom left means that your VPN connection has died. Your connection to the qbt GUI has also crashed, but you won't see that until the page is reloaded with a still down VPN connection. Restarting the container is the first thing to try.

The vital things to have correct with this image are PUID, PGID, and the host side path of the volumes. There is no room for any guesswork with these.

When having problems reading both the container log and the qbittorrent.log is a good idea.

olduser · 26. Februar 2024

Here's the conf rotating script I'm using with the option VPN_DOWN_FILE=1 with gderf 's image. When the health check fails, it will rotate out the dead/bad VPN conf with another based on modification time (oldest copied first). Read the help, it's basic, only 2 variables to set. There's no tests.

Bash

#!/bin/bash
function vpn_conf_switch() (
  ######## HELP ##################
  #
  # Fill in VPN_TYPE and CONFIG_DIR
  #  or pass VPN_TYPE and/or CONFIG_DIR as arguments 1 and/or 2
  #
  # Create directory "$CONFIG_DIR/openvpn_confs" or "$CONFIG_DIR/wireguard_confs"
  #   Put all of your VPN config files in their respective confs directory.
  # If using openvpn, you must use the filename "default.ovpn"
  #   ie. /config/openvpn/default.opvn
  #   Same principle as when using wireguard that you must use "wg0.conf"
  # VPN conf files are rotated based on the oldest modification time.
  VPN_TYPE=openvpn
  # If in Docker you used -v /home/me/Docker/qb/config:/config
  #   then set CONFIG_DIR to, ie. CONFIG_DIR="/home/me/Docker/qb/config"
  CONFIG_DIR="/config"
  ######## END HELP ##############

  PRINT_PREFIX="$(basename "$0")"

  if [ "$1" != "" ]; then
    if [ "${1,,}" == "openvpn" ] || [ "${1,,}" == "wireguard" ]; then
      VPN_TYPE="$1"
    elif [ -d "$1" ]; then
      CONFIG_DIR="$1"
    else
      echo "$PRINT_PREFIX: dropped argument 1, \"$1\""
    fi
  fi
  if [ "$2" != "" ]; then
    if [ "${2,,}" == "openvpn" ] || [ "${2,,}" == "wireguard" ]; then
      VPN_TYPE="$2"
    elif [ -d "$2" ]; then
      CONFIG_DIR="$2"
    else
      echo "$PRINT_PREFIX: dropped argument 2, \"$2\""
    fi
  fi

  WATCH_FILE="$CONFIG_DIR/vpn_down"
  CONFS_DIR="$CONFIG_DIR/${VPN_TYPE}_confs"
  # eval is used on CONFS_FILTER
  #   the last line of the output is used for the conf filename
  CONFS_FILTER='ls -tp1 "$CONFS_DIR" | grep -v /'

  if [ -f "$WATCH_FILE" ]; then
    next_vpn_conf=""
    while IFS= read line ; do
        next_vpn_conf=$line;
    done < <(eval "$CONFS_FILTER");

    if [ "$next_vpn_conf" != "" ]; then
      if [ "${VPN_TYPE,,}" == "openvpn" ]; then
        echo "$PRINT_PREFIX: copying VPN file \"$CONFS_DIR/$next_vpn_conf\" to \"$CONFIG_DIR/${VPN_TYPE}/default.ovpn\""
        cp -f "$CONFS_DIR/$next_vpn_conf" "$CONFIG_DIR/$VPN_TYPE/default.ovpn"
      elif [ "${VPN_TYPE,,}" == "wireguard" ]; then
        echo "$PRINT_PREFIX: copying VPN file \"$CONFS_DIR/$next_vpn_conf\" to \"$CONFIG_DIR/${VPN_TYPE}/wg0.conf\""
        cp -f "$CONFS_DIR/$next_vpn_conf" "$CONFIG_DIR/$VPN_TYPE/wg0.conf"
      else
        echo "$PRING_PREFIX: VPN_TYPE is not openvpn or wireguard: \"$VPN_TYPE\""
        return 3
      fi
      touch "$CONFS_DIR/$next_vpn_conf"
    else
      echo "$PRINT_PREFIX: a VPN conf was not found at: \"$CONFS_DIR\""
      return 2
    fi
  else
    echo "$PRINT_PREFIX: watch file not found: \"$WATCH_FILE\""
    return 1
  fi

  return 0
)
# determine if the script was sourced or not, sourced == true
if ! (return 0 2>/dev/null); then
  vpn_conf_switch "$@";
  exit $?;
fi

Alles anzeigen

ErikDB · 26. Februar 2024

I deleted what I had, and started over.

Zitat von gderf

The vital things to have correct with this image are PUID, PGID, and the host side path of the volumes.

If these are the global environment variables:

Code

PUID=1001
PGID=100
TZ=Europe/Brussels
DATA=/srv/dev-disk-by-uuid-e99f6f22-fb04-4ac7-b71c-edfb1dd3e380
APPDATA=/appdata

... and this is the compose file:

Code

---
version: "3"
services:
  qbittorrentvpn:
    image: gderf/qbittorrentvpn:latest
    container_name: qbt
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_ENABLED=yes
      - VPN_TYPE=wireguard
      - ENABLE_SSL=no
      - PUID=${PUID}
      - PGID=${PGID}
      - LAN_NETWORK=192.168.1.0/24
      - NAME_SERVERS=8.8.8.8,8.8.4.4
      - UMASK=022
      - HEALTH_CHECK_HOST=one.one.one.one
      - HEALTH_CHECK_INTERVAL=30
      - HEALTH_CHECK_SILENT=1
      - HEALTH_CHECK_AMOUNT=10
      - RESTART_CONTAINER=yes
    ports:
      - 8080:8080/tcp
      - 8999:8999/tcp
      - 8999:8999/udp
    volumes:
      - ${APPDATA}/qbittorrentvpn:/config
      - ${DATA}/Qbittorrentdownloads:/downloads
    restart: unless-stopped

Alles anzeigen

... should that not all be ok then? Or does the config volume need to be in the same shared folder as the downloads folder?

(The first time I tried installing - a few days ago - the system did make a temp folder in my download folder, in which the torrents I had downloaded got their own folder. That didn't happen now...)

ErikDB · 26. Februar 2024

The "qBittorrent client is not reachable" in red at the screen bottom left means that your VPN connection has died. Your connection to the qbt GUI has also crashed, but you won't see that until the page is reloaded with a still down VPN connection. Restarting the container is the first thing to try.

I keep getting this red notification... I assume that free Proton VPN is not working...?

A bit from the docker log:

Code

qbt  | --------------------
qbt  | default via 172.30.0.1 dev eth0 qbt  | 172.30.0.0/16 dev eth0 proto kernel scope link src 172.30.0.2 qbt  | 192.168.1.0/24 via 172.30.0.1 dev eth0 qbt  | --------------------
qbt  | 2024-02-26 20:42:59.978000 [INFO] iptables defined as follows...
qbt  | --------------------
qbt  | -P INPUT DROP
qbt  | -P FORWARD ACCEPT
qbt  | -P OUTPUT DROP
qbt  | -A INPUT -i wg0 -j ACCEPT
qbt  | -A INPUT -s 172.30.0.0/16 -d 172.30.0.0/16 -j ACCEPT
qbt  | -A INPUT -i eth0 -p udp -m udp --sport 51820 -j ACCEPT
qbt  | -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
qbt  | -A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
qbt  | -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
qbt  | -A INPUT -i lo -j ACCEPT
qbt  | -A OUTPUT -o wg0 -j ACCEPT
qbt  | -A OUTPUT -s 172.30.0.0/16 -d 172.30.0.0/16 -j ACCEPT
qbt  | -A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
qbt  | -A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
qbt  | -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
qbt  | -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
qbt  | -A OUTPUT -o lo -j ACCEPT
qbt  | --------------------
qbt  | 2024-02-26 20:43:00.020425 [WARNING] ENABLE_SSL is set to 'no', SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
qbt  | 2024-02-26 20:43:00.051450 [WARNING] Removing the SSL configuration from the config file...
qbt  | 2024-02-26 20:43:00.086329 [INFO] A group with PGID 100 already exists in /etc/group within this container, nothing to do.
qbt  | 2024-02-26 20:43:00.119664 [INFO] An user with PUID 1001 already exists within this container, nothing to do.
qbt  | 2024-02-26 20:43:00.150541 [INFO] UMASK defined as '022'
qbt  | 2024-02-26 20:43:00.184312 [INFO] Starting qBittorrent daemon...
qbt  | Logging to /config/qBittorrent/data/logs/qbittorrent.log.
qbt  | 2024-02-26 20:43:01.228543 [INFO] Started qBittorrent daemon successfully...
qbt  | 2024-02-26 20:43:01.262817 [INFO] qBittorrent PID: 210
qbt  | 2024-02-26 20:43:01.295542 [INFO] RESTART_CONTAINER defined as 'yes'
qbt  | 2024-02-26 20:43:01.328944 [INFO] HEALTH_CHECK_AMOUNT is set to 10

Alles anzeigen

A bite from qbittorrent.log:

Code

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080

(I) 2024-02-26T20:43:01 - Detected external IP. IP: "169.150.218.66"
(N) 2024-02-26T20:44:14 - qBittorrent v4.6.3 started
(N) 2024-02-26T20:44:14 - Using config directory: /config/qBittorrent/config
WebUI will be started shortly after internal preparations. Please wait...
(N) 2024-02-26T20:44:14 - Trying to listen on the following list of IP addresses: "0.0.0.0:8999,[::]:8999"
(I) 2024-02-26T20:44:14 - Peer ID: "-qB4630-"
(I) 2024-02-26T20:44:14 - HTTP User-Agent: "qBittorrent/4.6.3"
(I) 2024-02-26T20:44:14 - Distributed Hash Table (DHT) support: ON
(I) 2024-02-26T20:44:14 - Local Peer Discovery support: ON
(I) 2024-02-26T20:44:14 - Peer Exchange (PeX) support: ON
(I) 2024-02-26T20:44:14 - Anonymous mode: OFF
(I) 2024-02-26T20:44:14 - Encryption support: ON
(I) 2024-02-26T20:44:14 - UPnP/NAT-PMP support: ON
(I) 2024-02-26T20:44:14 - Successfully listening on IP. IP: "127.0.0.1". Port: "TCP/8999"
(I) 2024-02-26T20:44:14 - Successfully listening on IP. IP: "127.0.0.1". Port: "UDP/8999"
(I) 2024-02-26T20:44:14 - Successfully listening on IP. IP: "10.2.0.2". Port: "TCP/8999"
(I) 2024-02-26T20:44:14 - Successfully listening on IP. IP: "10.2.0.2". Port: "UDP/8999"
(I) 2024-02-26T20:44:14 - Successfully listening on IP. IP: "172.30.0.2". Port: "TCP/8999"
(I) 2024-02-26T20:44:14 - Successfully listening on IP. IP: "172.30.0.2". Port: "UDP/8999"
(N) 2024-02-26T20:44:14 - Restored torrent. Torrent: "Fantastic.Beasts.and.Where.to.Find.Them.2016.1080p.BRRip.x264.AA"
(I) 2024-02-26T20:44:14 - IP geolocation database loaded. Type: DBIP-Country-Lite. Build time: Thu Feb 1 01:17:55 2024.
(N) 2024-02-26T20:44:14 - Using built-in WebUI.
(N) 2024-02-26T20:44:14 - WebUI translation for selected locale (en) has been successfully loaded.
(N) 2024-02-26T20:44:14 - WebUI: Now listening on IP: *, port: 8080

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080

(N) 2024-02-26T20:44:36 - qBittorrent v4.6.3 started
(N) 2024-02-26T20:44:36 - Using config directory: /config/qBittorrent/config
WebUI will be started shortly after internal preparations. Please wait...
(N) 2024-02-26T20:44:36 - Trying to listen on the following list of IP addresses: "0.0.0.0:8999,[::]:8999"
(I) 2024-02-26T20:44:36 - Peer ID: "-qB4630-"
(N) 2024-02-26T20:44:36 - Trying to listen on the following list of IP addresses: "0.0.0.0:8999,[::]:8999"
(I) 2024-02-26T20:44:36 - Peer ID: "-qB4630-"
(I) 2024-02-26T20:44:36 - HTTP User-Agent: "qBittorrent/4.6.3"
(I) 2024-02-26T20:44:36 - Distributed Hash Table (DHT) support: ON
(I) 2024-02-26T20:44:36 - Local Peer Discovery support: ON
(I) 2024-02-26T20:44:36 - Peer Exchange (PeX) support: ON
(I) 2024-02-26T20:44:36 - Anonymous mode: OFF
(I) 2024-02-26T20:44:36 - Encryption support: ON
(I) 2024-02-26T20:44:36 - UPnP/NAT-PMP support: ON
(I) 2024-02-26T20:44:36 - Successfully listening on IP. IP: "127.0.0.1". Port: "TCP/8999"
(I) 2024-02-26T20:44:36 - Successfully listening on IP. IP: "127.0.0.1". Port: "UDP/8999"
(I) 2024-02-26T20:44:36 - Successfully listening on IP. IP: "10.2.0.2". Port: "TCP/8999"
(I) 2024-02-26T20:44:36 - Successfully listening on IP. IP: "10.2.0.2". Port: "UDP/8999"
(I) 2024-02-26T20:44:36 - Successfully listening on IP. IP: "172.30.0.2". Port: "TCP/8999"
(I) 2024-02-26T20:44:36 - Successfully listening on IP. IP: "172.30.0.2". Port: "UDP/8999"
(N) 2024-02-26T20:44:36 - Restored torrent. Torrent: "Fantastic.Beasts.and.Where.to.Find.Them.2016.1080p.BRRip.x264.AA"
(I) 2024-02-26T20:44:36 - IP geolocation database loaded. Type: DBIP-Country-Lite. Build time: Thu Feb 1 01:17:55 2024.
(N) 2024-02-26T20:44:36 - Using built-in WebUI.
(N) 2024-02-26T20:44:36 - WebUI translation for selected locale (en) has been successfully loaded.
(N) 2024-02-26T20:44:36 - WebUI: Now listening on IP: *, port: 8080

******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080

Alles anzeigen

Maybe using a paid VPN is the solution? Any recommendations anyone?

gderf · 26. Februar 2024

I suggest NOT using any global environment variables. Put the correct values into the compose file instead. This applies to the volumes too.

Verify that - LAN_NETWORK=192.168.1.0/24 is correct for your use case.

Did you generate the Wireguard key file at your VPN provider and properly place it on your OMV machine?

Is your /config host side path the same as your old setup and still have all the files there?

I use Torguard for VPN services. I can't say anything about any of the others because I have no experience with them.

ErikDB · 26. Februar 2024

Zitat von gderf

Is your /config host side path the same as your old setup?

No, I changed it a bit.

Zitat von gderf

and still have all the files there?

I don't really now how many files should be there. I did expect the container to be downloaded again, but that didn't happen. So I'm wondering where the files are...

What's the best way to remove a container and reinstall it? I 'took down' the file, deleted it (both on the WebUI) and then removed the folder via Debian CLI.

ErikDB · 26. Februar 2024

Zitat von gderf

Did you generate the Wireguard key file at your VPN provider and properly place it on your OMV machine?

I did. I also think it's in the right folder. I wanted to give more log entries, but 10.000 symbols is easily reached, apparently

Zitat von gderf

Verify that - LAN_NETWORK=192.168.1.0/24 is correct for your use case.

It is. Well, I don't 100 % understand the '0/24' part, my NAS is at 192.168.1.10.

gderf · 27. Februar 2024

You need to properly setup your volumes, PUID, and PGID and the post your fixed compose file.

gderf · 27. Februar 2024

I created a wg0.conf file on Proton Free VPN. I was unable to get it working with my image. Additionally, I was able to see messages that P2P use was not allowed on the Proton Free VPN server I configured the file for, Netherlands.

No idea if this mere policy or actually implemented technically to prohibit such use.

I'd say that Proton Free VPN is a dead end with my image.

Maybe you'll have different luck?

olduser · 27. Februar 2024

gderf I'm going to push a few more changes to you. I added a conf switcher to the image, it's basically the same thing as the last script I posted, but smaller. I update the help, but I'm not sure if the explanations are good enough :-/. While I still didn't write tests, I did test the few changes with openvpn and they all work. I can't test wireguard right now.

BTW, if a bad/misconfigured .ovpn file is supplied, the container will crash without restart. Say it's just a blank file or some random crap, it will crash. I couldn't figure out how to get a unique error code from openvpn for this particular error, so I couldn't fix it, but it's notable.

Proton VPN clearly states no P2P. However, it's a good paid VPN. For international VPNs, for me (UTC-5) it was faster than mullvad. Although I stuck with mullvad because I like the sign up The fact you can pay with cash via snail mail is great!

ErikDB · 27. Februar 2024

Zitat von olduser

Proton VPN clearly states no P2P.

I didn't know that was an ability that had to be checked... I just tested the container with VPN_ENABLED=no, and it works.

I assume all free VPN's will be useless? I don't download stuff that much, so I'm tempted to forego VPN's. But maybe having Qbittorrent up and running without a VPN (even when downloading or uploading nothing) is some kind of security/privacy hazard?

gderf · 27. Februar 2024

Zitat von ErikDB

I didn't know that was an ability that had to be checked... I just tested the container with VPN_ENABLED=no, and it works.

I assume all free VPN's will be useless? I don't download stuff that much, so I'm tempted to forego VPN's. But maybe having Qbittorrent up and running without a VPN (even when downloading or uploading nothing) is some kind of security/privacy hazard?

I can only speak about the VPN service I use, Torguard. I will not comment on other services, free or pay for unless I actually use them, which I don't.

With VPN_ENABLED=no the container will run but it will do so on your real public IP address. If you torrent copyrighted material you will eventually be identified and if this is illegal where you live you will begin to get warnings from your ISP. They may give your identity to the people whose material you are infringing, shut your service off, etc.

I see no point in running a torrent application if you are not torrenting anything, even though this probably doesn't expose you.

olduser · 27. Februar 2024

Zitat von ErikDB

I assume all free VPN's will be useless?

No, paid ones don't block P2P, so they work and are recommended. Most free ones don't work with P2P and the free ones that do are extremely slow.

gderf · 27. Februar 2024

Zitat von olduser

No, paid ones don't block P2P, so they work and are recommended.

This is not quite accurate. Torguard, a paid for service, reached a legal settlement with someone regarding copyright infringement. The agreement resulted in them not allowing any torrenting on their US servers - VPNs and proxies. It took a few months for them to actually implement this, but it is in place and working at this time.

I never noticed any performance penalty when using their foreign servers compared to their US servers, making this a non-issue for me.

olduser · 27. Februar 2024

Zitat von gderf

not allowing any torrenting on their US servers

Reached this agreement with who?

gderf · 27. Februar 2024

Zitat von olduser

Reached this agreement with who?

Edit:

See: https://torrentfreak.com/images/torguard-dismissal.pdf

It was the terms of the agreement that were confidential.

ErikDB · 27. Februar 2024

Zitat von gderf

I see no point in running a torrent application if you are not torrenting anything

It would remove the need to turn it on and off.

gderf · 27. Februar 2024

Zitat von ErikDB

It would remove the need to turn it on and off.

My server and all its dockers run 24/7 regardless if they are doing anything or not.

ErikDB · 27. Februar 2024

Zitat von gderf

My server and all its dockers run 24/7 regardless if they are doing anything or not

That's my point 😉

olduser · 28. Februar 2024

gderf or anyone: If using wireguard and gderf's container, can you bash into your container and post the contents of ps -aux. I need to know the running process name for wireguard inside of gderf's container.

OMV6 With qbittorrent and wireguard?

Jetzt mitmachen!

Tags