Posts by thesorcerer

Tried that already. Should have mentioned it.

Update:

Got it working. Problem is recent versions of tailscale on android need app split tunneling to access webgui.

Hi,

After reading the blog tonight I thought it would be save to upgrade with mentioned command:

omv-release-upgrade

So I did via ssh but now I cannot access the webgui. I've tried clearing cache and:

omv-firstaid

It said that webgui access > 192.168.1.100:80 but doesn't respond. Reboot didn't fix either.

So what's the next step please?

Kind regard.

Quote from Krisbee

I'm not sure the degree to which your j5040 cpu would be limiting factor, but it depends on the overall system activity. How much RAM does your system have? The jmicron card might be a problem with zfs as it uses FIS-based (hardware) switching. You'll find conflicting opinions about that.

That's what I would like to know. I can always opt for an 9211 LSI card if fis-based is problematic.

My system has 16 gigs of ram. It runs only a couple of dockers. CPU will spike upwards of 75% when torrenting with a VPN docker. I get a around 140-150MB/s, which is the limit of drives themselves when downloading. Smb/NFS speeds around the same with less CPU utilization.

Probably a good idea to use a cache ssd with zil/slog enabled and sync writes.

Hello,

Currently I'm running a btrfs raid 1 with two ironwolf 4tb drives. Worked really well but now I need to have more storage space. I was thinking about buying one or two extra disks and create a openzfs raidz1 pool. Does anyone have an idea what kind of performance in terms of reads and writes I can expect with a j5040 cpu? The sata controller is a 6 port PCI-e jmb586. I'm on 2.5Gb lan.

Thank you for the help.

anybody?

Hello,

I was looking at some performance statistics and noticed that my btrfs raid1 storage no longer has updated stats. Even after manual refreshing it won't update. Please have a look at the screenshot. Other disks stats are fine. The plugin mentions this:

Quote

For the statistics to function correctly, stable kernel device name assignment for the drives to be monitored must be ensured across reboots. This can be accomplished with user-defined Udev rules that must be created by the user.

Some more info:

root@omv6:~# lsblk
NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINTS
sda      8:0    0   3.6T  0 disk /export/NewPresciousData
                                 /srv/dev-disk-by-uuid-3f95b8a7-a00d-4467-aa8d-21e7ea955134
sdb      8:16   0   2.7T  0 disk 
└─sdb1   8:17   0   2.7T  0 part /export/Backup3TB
                                 /srv/dev-disk-by-uuid-14385551-7246-4cca-8756-6cd86daff5a6
sdc      8:32   0   3.6T  0 disk 
sdd      8:48   0   2.7T  0 disk /export/Torrents
                                 /srv/dev-disk-by-id-ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N3ANT71D
sde      8:64   0 232.9G  0 disk 
├─sde1   8:65   0   512M  0 part /boot/efi
├─sde2   8:66   0 216.4G  0 part /var/folder2ram/var/cache/samba
│                                /var/folder2ram/var/lib/monit
│                                /var/folder2ram/var/lib/rrdcached
│                                /var/folder2ram/var/spool
│                                /var/folder2ram/var/lib/openmediavault/rrd
│                                /var/folder2ram/var/tmp
│                                /var/folder2ram/var/log
│                                /export/compose-dockers
│                                /
└─sde3   8:67   0    16G  0 part [SWAP]
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS

sda 8:0 0 3.6T 0 disk /export/NewPresciousData

/srv/dev-disk-by-uuid-3f95b8a7-a00d-4467-aa8d-21e7ea955134

sdb 8:16 0 2.7T 0 disk

└─sdb1 8:17 0 2.7T 0 part /export/Backup3TB

/srv/dev-disk-by-uuid-14385551-7246-4cca-8756-6cd86daff5a6

sdc 8:32 0 3.6T 0 disk

sdd 8:48 0 2.7T 0 disk /export/Torrents

/srv/dev-disk-by-id-ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N3ANT71D

sde 8:64 0 232.9G 0 disk

├─sde1 8:65 0 512M 0 part /boot/efi

├─sde2 8:66 0 216.4G 0 part /var/folder2ram/var/cache/samba

│ /var/folder2ram/var/lib/monit

│ /var/folder2ram/var/lib/rrdcached

│ /var/folder2ram/var/spool

│ /var/folder2ram/var/lib/openmediavault/rrd

│ /var/folder2ram/var/tmp

│ /var/folder2ram/var/log

│ /export/compose-dockers

│ /

└─sde3 8:67 0 16G 0 part [SWAP]


# /etc/fstab: static file system information.

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# systemd generates mount units based on this file, see systemd.mount(5).
# Please run 'systemctl daemon-reload' after making changes here.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/sda2 during installation
UUID=ad2c829a-f810-4a8c-ab69-8447ca675186 /               ext4    noatime,nodiratime,errors=remount-ro 0       1
# /boot/efi was on /dev/sda1 during installation
UUID=F669-A847  /boot/efi       vfat    umask=0077      0       1
# swap was on /dev/sda3 during installation
UUID=cab76b45-9ffc-464c-a45a-1c7f1c03e4aa none            swap    sw              0       0
# >>> [openmediavault]
/dev/disk/by-uuid/14385551-7246-4cca-8756-6cd86daff5a6          /srv/dev-disk-by-uuid-14385551-7246-4cca-8756-6cd86daff5a6      btrfs   defaults,nofail 0 2
/dev/disk/by-uuid/3f95b8a7-a00d-4467-aa8d-21e7ea955134          /srv/dev-disk-by-uuid-3f95b8a7-a00d-4467-aa8d-21e7ea955134      btrfs   defaults,nofail 0 2
/dev/disk/by-id/ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N3ANT71D                /srv/dev-disk-by-id-ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N3ANT71D    btrfs   defaults,nofail 0 2
/srv/dev-disk-by-uuid-14385551-7246-4cca-8756-6cd86daff5a6/Backup3TB/           /export/Backup3TB       none    bind,nofail     0 0
/srv/dev-disk-by-uuid-3f95b8a7-a00d-4467-aa8d-21e7ea955134/NewPresciousData/            /export/NewPresciousData        none    bind,nofail     0 0
/srv/dev-disk-by-id-ata-WDC_WD30EFRX-68EUZN0_WD-WCC4N3ANT71D/Torrents/          /export/Torrents        none    bind,nofail     0 0
/dockers/               /export/compose-dockers none    bind,nofail     0 0
# <<< [openmediavault]

root@omv6:~# blkid
/dev/sdd: UUID="1afe29f3-cd8b-4a15-b201-ab09bf02f0f9" UUID_SUB="465edb4d-e9b1-44d2-95e2-9ff167d8e190" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/sdb1: LABEL="Backup3TB" UUID="14385551-7246-4cca-8756-6cd86daff5a6" UUID_SUB="53ba2d48-122d-42c3-b26a-26933f04c46f" BLOCK_SIZE="4096" TYPE="btrfs" PARTUUID="e5e12761-1d4a-4bf3-841e-ed9a1dc6afd4"
/dev/sde2: UUID="ad2c829a-f810-4a8c-ab69-8447ca675186" BLOCK_SIZE="4096" TYPE="ext4" PARTUUID="32968d3e-93a7-4d19-8d41-9f5936c8d827"
/dev/sde3: UUID="cab76b45-9ffc-464c-a45a-1c7f1c03e4aa" TYPE="swap" PARTUUID="9c2bde9d-d472-4a04-b1b3-f1a40bad7e7f"
/dev/sde1: UUID="F669-A847" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="5ddce16e-eaa0-4ebe-accc-d7d00513b901"
/dev/sdc: LABEL="data" UUID="3f95b8a7-a00d-4467-aa8d-21e7ea955134" UUID_SUB="815b6aa3-f117-4187-8de6-840f1280deba" BLOCK_SIZE="4096" TYPE="btrfs"
/dev/sda: LABEL="data" UUID="3f95b8a7-a00d-4467-aa8d-21e7ea955134" UUID_SUB="174efc63-87c4-4fd5-a371-b3b2fb5115de" BLOCK_SIZE="4096" TYPE="btrfs"

Thank you.

Latest image fixed the bug.

There is the problemen then. Will modify conf file tomorrow. Thank you for the info.

Quote from gderf

AFAIK, all of these QBT with VPN images will not spawn the QBT WebUI interface unless and until there is a verified working VPN connection. This where you need to focus your attention.

I was aware of that. Gave me some headache while back when setting up. No mention of that behaviour in the readme etc. First thing I tried was setting up a new vpn connection.

Quote from BernH

If opnsense is blocking the vpn connection then that would cause problems. As gderf said, if a vpn connection can't be established then that will keep qbit with a vpn from working. Can you ping the vpn server from omv? If you temporarily disable the vpn for the container, can you vash into it and ping the vpn server?

I run an opnsense router at the office and I know from experience that they are a bit confusing to configure, but to be honest, I don't use the unbound setup in there, just the dnsmasq settings for local dns resolution.

Unbound acts as an authoritative dns for your lan, while dnsmasq is just a dns interceptor and forwarder so not as finicky to set up. If you have changed something in there recently it could be the root of the problem. You may also need to check your port forwards and/or whitelists/blacklists in there.

Ssh into omv I was able to ping 185.65.134.76 Have not touched opnsense, disabled unbound dns blocklist to see if that helps but no.

Down, prune, pull > up didn't solve it. Everything else seems tot be in order. Perhaps unbound on opnsense is the problem.

Hello,

Please help me with the following. Since a couple of days I no longer can acces the webgui. Happened after a update I believe, not sure which one. This morning I saw that watchtower updated the binhex container but the problem still persists. Reboot didn't help either. I've generated a new wireguard file from mullvad and place that in the appropriate directory but still no go. Here is the log from the container:

2025-07-04 10:00:59,686 DEBG 'start-script' stdout output:
[info] WireGuard 'peer' not found, attempting to cycle WireGuard interface...

2025-07-04 10:00:59,687 DEBG 'start-script' stdout output:
[info] Attempting to bring WireGuard interface 'down'...

2025-07-04 10:00:59,700 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2025-07-04 10:00:59,705 DEBG 'start-script' stderr output:
wg-quick: `wg0' is not a WireGuard interface

2025-07-04 10:00:59,705 DEBG 'start-script' stdout output:
[warn] Failed to bring 'down' WireGuard kernel implementation

2025-07-04 10:00:59,705 DEBG 'start-script' stdout output:
[info] Configuring WireGuard...

2025-07-04 10:00:59,724 DEBG 'start-script' stdout output:
[info] Attempting to bring WireGuard interface 'up'...

2025-07-04 10:00:59,737 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2025-07-04 10:00:59,748 DEBG 'start-script' stderr output:
[#] ip link add dev wg0 type wireguard

2025-07-04 10:00:59,751 DEBG 'start-script' stderr output:
[#] wg setconf wg0 /dev/fd/63

2025-07-04 10:00:59,753 DEBG 'start-script' stderr output:
[#] ip -4 address add 10.72.201.82/32 dev wg0

2025-07-04 10:00:59,762 DEBG 'start-script' stderr output:
[#] ip link set mtu 1420 up dev wg0

2025-07-04 10:00:59,765 DEBG 'start-script' stderr output:
[#] resolvconf -a wg0 -m 0 -x

2025-07-04 10:00:59,776 DEBG 'start-script' stderr output:
could not detect a useable init system

2025-07-04 10:00:59,793 DEBG 'start-script' stderr output:
resolvconf: signature mismatch: /etc/resolv.conf

2025-07-04 10:00:59,795 DEBG 'start-script' stderr output:
resolvconf: run `resolvconf -u` to update

2025-07-04 10:00:59,804 DEBG 'start-script' stderr output:
[#] ip link delete dev wg0

2025-07-04 10:01:00,026 DEBG 'start-script' stdout output:
[warn] Failed to bring 'up' WireGuard kernel implementation


END OF LINE

Tried running this command on omv in ssh but the argument wasn't valid or something.

resolvconf -u

Any help is appreciated.

(btw it has been running smoothly for many months non stop until recently.)

update:

Just did a bit if tinkering and it is now possible to use any wireguard configuration, that includes killswitch and custom dns. Had to redeploy the container since privoxy was not working properly. Apparently this happens from time to time and various images. Delete your privoxy folder and double check that qbit is not using the same listening port. Adjust your compose and qbit settings in webgui. Finally check your log for any errors.

Found the cause. Lowering the upload slots in qbittorrent solved it. First part of the graph is without limitations, middle part with max 4 per torrent and last part max 2.

Hello,

Please help me clarifying a strange thing that is happening on my nas. The disk reads (+-60MB/s) shown in the graph on the performance statistics page does not correspond to what is actually happening in regards to network traffic according to opnsense. Taken into account the difference between KiB/s (torrent), MB/s (omv graph) and Mb/s (opnsense). When I stop the upload the graph drops, so It's for sure related to qbittorrent. I can hear the disk is being put to work while qbittorrent is capped at 500 KiB/s upload rate (more or less verfied by opnsense). Only a few torrents are being uploaded at the same time.

After stopping torrents:

Thank you

Quote from chente

To do that you need a point-to-site configuration. In this article you can see how to configure it. https://www.procustodibus.com/…ard-point-to-site-config/

I don't know if you want to connect to a remote server that you own or a commercial remote server. If it is the latter, you will have to consult that provider about what they allow you to do. You will also have to adapt the iptables configurations to what that article says for it to work.

That's not what I mean. Every client has individually been configured to use a vpn connection. In the future I will configure opnsense to do as you suggested.

Thank you for the suggestion. All seems to work now. Webgui/ssh is reachable with vpn connection enabled through wireguard plugin. I really want killswitch for obvious reasons enabled. Any ideas?

Quote from gderf

Seems like you have run into this before, no?

Post

RE: How to restart qbittorrent container every x hours automatically

Conclusion:

Problem:
glueton with qbitorrent in a compose resulted in random disconnect after x amount of hours/days. Torrents wouldn't start and rss feeds stopped working. A restart of qbittorrent container was necessary to regain functionality.

Solution:
Switching to a different image called dyonr/qbittorrentvpn that has build in vpn with killswitch. When using wireguard make sure you configure a wireguard config file through your vpn service provider (in my case mullvad) that uses only ipv4…

thesorcerer

Jun 25th 2023

That was a problem with a docker container. Since then I used binhex qbittorrent which functions really good. I wanted to try the wireguard plugin now, thus having all my clients in my household using a vpn.

Quote from gderf

Try regenerating the wireguard config with the killswitch DISabled.

While you where responding to my post I've updated/modified it. Will try disable option.

Hello,

Tried solving this problem by myself and searched this forum for similar error but no luck. I'm trying to get wireguard through the plugin (custom) to work with the following configs:

 [Interface]
# Device: device name here
PrivateKey = insert key here
Address = 10.69.171.24/32
DNS = 100.64.0.63
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
PublicKey = insert key here
AllowedIPs = 0.0.0.0/0
Endpoint = 193.32.249.66:51820

After a reboot the terminal shows that a connection is made with the mullvad server on a different external ip. Google is pingable and the curl ifconfig.io command verifies the external ip. But I cannot access the webgui, nor ssh.

Then I made a change (AllowedIPs) to the config with the help of nano editor and some info on this forum:

[Interface]
# Device: device name here
PrivateKey = insert key here
Address = 10.69.171.24/32
DNS = 100.64.0.63
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
PublicKey = insert key here=
AllowedIPs = 192.168.1.0/24
Endpoint = 193.32.249.66:51820

After a reboot the terminal shows a the normal public ip. No vpn connection has been made. This time it is possible to access the webgui/ssh.

A final change in the config (dns) didn't help:

[Interface]
# Device: device name here
PrivateKey = insert key here
Address = 10.69.171.24/32
DNS = 192.168.1.1
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

[Peer]
PublicKey = insert key here
AllowedIPs = 0.0.0.0/0
Endpoint = 193.32.249.66:51820

The wireguard config is newly generated on the mullvad website with killswitch enabled. I've noticed when I make a change in /etc/wireguard/wgnet_mullwg.conf (AllowedIPs) and after a reboot the webgui doesn't reflect that change.

Thank you in advance!

Not too long ago a update broke the system or at least a importend part of it. Can't remember exacly what it was and the search function will not let me search my own old posts so I cannot give you an example. I believe it had something to do with grub also. But it does happen once in a while.