Giter VIP home page Giter VIP logo

arch-qbittorrentvpn's Introduction

Application

qBittorrent
Privoxy
microsocks
OpenVPN
WireGuard

Description

qBittorrent is a bittorrent client programmed in C++ / Qt that uses libtorrent (sometimes called libtorrent-rasterbar) by Arvid Norberg. It aims to be a good alternative to all other bittorrent clients out there. qBittorrent is fast, stable and provides unicode support as well as many features.

This Docker includes OpenVPN and WireGuard to ensure a secure and private connection to the Internet, including use of iptables to prevent IP leakage when the tunnel is down. It also includes Privoxy to allow unfiltered access to index sites, to use Privoxy please point your application at http://<host ip>:8118.

Build notes

Latest stable qBittorrent release from Arch Linux repo.
Latest stable Privoxy release from Arch Linux repo.
Latest stable microsocks release from GitHub.
Latest stable OpenVPN release from Arch Linux repo.
Latest stable WireGuard release from Arch Linux repo.

Usage

docker run -d \
    --cap-add=NET_ADMIN \
    -p 8080:8080 \
    -p 8118:8118 \
    -p 9118:9118 \
    -p 58946:58946 \
    -p 58946:58946/udp \
    --name=<container name> \
    -v <path for data files>:/data \
    -v <path for config files>:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=<yes|no> \
    -e VPN_USER=<vpn username> \
    -e VPN_PASS=<vpn password> \
    -e VPN_PROV=<pia|airvpn|protonvpn|custom> \
    -e VPN_CLIENT=<openvpn|wireguard> \
    -e VPN_OPTIONS=<additional openvpn cli options> \
    -e ENABLE_STARTUP_SCRIPTS=<yes|no> \
    -e ENABLE_PRIVOXY=<yes|no> \
    -e STRICT_PORT_FORWARD=<yes|no> \
    -e USERSPACE_WIREGUARD=<yes|no> \
    -e ENABLE_SOCKS=<yes|no> \
    -e SOCKS_USER=<socks username> \
    -e SOCKS_PASS=<socks password> \
    -e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
    -e NAME_SERVERS=<name server ip(s)> \
    -e VPN_INPUT_PORTS=<port number(s)> \
    -e VPN_OUTPUT_PORTS=<port number(s)> \
    -e DEBUG=<true|false> \
    -e WEBUI_PORT=<port for web interfance> \
    -e UMASK=<umask for created files> \
    -e PUID=<uid for user> \
    -e PGID=<gid for user> \
    binhex/arch-qbittorrentvpn

Please replace all user variables in the above command defined by <> with the correct values.

Access qBittorrent (web ui)

http://<host ip>:8080/

Username:- admin
Password:- randomly generated, password shown in /config/supervisord.log

Access Privoxy

http://<host ip>:8118

Access microsocks

<host ip>:9118

default credentials: admin/socks

PIA example

docker run -d \
    --cap-add=NET_ADMIN \
    -p 8080:8080 \
    -p 8118:8118 \
    -p 9118:9118 \
    -p 58946:58946 \
    -p 58946:58946/udp \
    --name=qbittorrentvpn \
    -v /root/docker/data:/data \
    -v /root/docker/config:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=myusername \
    -e VPN_PASS=mypassword \
    -e VPN_PROV=pia \
    -e VPN_CLIENT=openvpn \
    -e ENABLE_STARTUP_SCRIPTS=no \
    -e ENABLE_PRIVOXY=yes \
    -e STRICT_PORT_FORWARD=yes \
    -e USERSPACE_WIREGUARD=no \
    -e ENABLE_SOCKS=yes \
    -e SOCKS_USER=admin \
    -e SOCKS_PASS=socks \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1 \
    -e VPN_INPUT_PORTS=1234 \
    -e VPN_OUTPUT_PORTS=5678 \
    -e DEBUG=false \
    -e WEBUI_PORT=8080 \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
    binhex/arch-qbittorrentvpn

OpenVPN

Please note this Docker image does not include the required OpenVPN configuration file and certificates. These will typically be downloaded from your VPN providers website (look for OpenVPN configuration files), and generally are zipped.

PIA users - The URL to download the OpenVPN configuration files and certs is:-

PIA OpenVPN configuration

Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder).

If there are multiple ovpn files then please delete the ones you don't want to use (normally filename follows location of the endpoint) leaving just a single ovpn file and the certificates referenced in the ovpn file (certificates will normally have a crt and/or pem extension).

WireGuard

If you wish to use WireGuard (defined via 'VPN_CLIENT' env var value ) then due to the enhanced security and kernel integration WireGuard will require the container to be defined with privileged permissions and sysctl support, so please ensure you change the following docker options:-

from

    --cap-add=NET_ADMIN \

to

    --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
    --privileged=true \

PIA users - The WireGuard configuration file will be auto generated and will be stored in /config/wireguard/wg0.conf AFTER the first run, if you wish to change the endpoint you are connecting to then change the Endpoint line in the config file (default is Netherlands).

Other users - Please download your WireGuard configuration file from your VPN provider, start and stop the container to generate the folder /config/wireguard/ and then place your WireGuard configuration file in there.

Notes

Due to Google and OpenDNS supporting EDNS Client Subnet it is recommended NOT to use either of these NS providers. The list of default NS providers in the above example(s) is as follows:-

84.200.x.x = DNS Watch
37.235.x.x = FreeDNS
1.x.x.x = Cloudflare

IMPORTANT
Please note VPN_INPUT_PORTS is NOT to define the incoming port for the VPN, this environment variable is used to define port(s) you want to allow in to the VPN network when network binding multiple containers together, configuring this incorrectly with the VPN provider assigned incoming port COULD result in IP leakage, you have been warned!.

User ID (PUID) and Group ID (PGID) can be found by issuing the following command for the user you want to run the container as:-

id <username>

Due to issues with CSRF and port mapping, should you require to alter the port for the webui you need to change both sides of the -p 8080 switch AND set the WEBUI_PORT variable to the new port.

For example, to set the port to 8090 you need to set:-

    -p 8090:8090 \

and

    -e WEBUI_PORT=8090 \

If you are using VPN provider PIA or ProtonVPN and wish to share the assigned dynamic incoming port with another docker container running in the same network then this can be done via a docker volume, so add the following to your docker run command:-

    -v <name of volume>:/shared \

e.g.

    -v binhex-shared:/shared \

The incoming port will then be available in /shared/getvpnport.

If you appreciate my work, then please consider buying me a beer :D

PayPal donation

Documentation | Support forum

arch-qbittorrentvpn's People

Contributors

binhex avatar fryfrog avatar upcboy avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

fryfrog kramsg12 ljmerza maxattax97 tuksik forksbot mtalexan slyre1337 dylanmtaylor screwyluie guear glowacki-dev dgkh1975 northernpowerhouse s0uldrag0n dbd strannik19 sunnyagain gentoo9ball macmisu tharrington2002 softwarenerd7 onnolee samuelwn raid-forks spacecase123 rporotti rssnyder repo-trashmaster zhongli0401 jodiekurnia 29axe gauravsuman007 ianweedlun aramlakhan hexonxonx4 shrirajhegde tomrozekrans goodmen001 chloe-ko canardconfit 610 rsoorajs anthonyrocom zacbre o-mutt sugarcookie2101

arch-qbittorrentvpn's Issues

Not getting a port from PIA

Hi,

Looks like there are issues getting port from PIA. They've changed the endpoint address, so the script doesn't recognize it, but there seem to be more issues. I found that there has been a post regarding port forwarding on Aug 25th with a script that should be run to get ports forwarded.
https://www.privateinternetaccess.com/helpdesk/kb/articles/can-i-use-port-forwarding-without-using-the-pia-client-current-gen-only

[info] Port forwarding is enabled,
[info] Checking endpoint 'de-berlin.privacy.network' is port forward enabled...,
[warn] PIA endpoint 'de-berlin.privacy.network' is not in the list of endpoints that support port forwarding, DL/UL speeds maybe slow,
[info] Please consider switching to one of the endpoints shown below,
[info] List of PIA endpoints that support port forwarding:-,
...
[info] de-berlin.privateinternetaccess.com,
...
[info] Attempting to get dynamically assigned port...,
[warn] Exit code '7' from curl != 0 or no response body received

WebGUI issues.

Hello,
I successfully got the container up and running. I'm having an issue where, if I have VPN enabled(using Mullvad in this case), I cannot access the qbitorrent WebGUI. If I disable the VPN, I have access again. Am I missing something dumb? Running this on OMV5..

privileged mode needed?

Hi, I was wondering why privileged mode was needed.
I tried starting the container without privileged mode and it did not work, and the logs were not very helpful as to why, even with the debug flag enabled.

Which parts of it require privileged mode?

OVPN files with multiple remotes not handled properly

Some VPN providers (e.g. ProtonVPN) provide ovpn files that include a list of multiple remotes.

For example:

remote 185.159.158.133 443
remote 185.159.158.133 5995
remote 185.159.158.133 8443
remote 185.159.158.137 443
remote 185.159.158.137 5995
remote 185.159.158.137 8443
remote 185.159.158.141 443
remote 185.159.158.141 5995
remote 185.159.158.141 8443
remote 185.159.158.142 443
remote 185.159.158.142 5995
remote 185.159.158.142 8443

The current logic attempts to identify a remote line and converts a potential server name to an IP address.
It appears it currently parses all of the lines, but only writes back the results for the first line. In a case like the one above, only the line

remote 185.159.158.133 443

is written back to the file and the rest are removed. The reason an ovpn file would include a list of remotes is for the case where one of the listed remotes isn't available and a fallback should be used. By eliminating all but one line, it makes it very likely that the VPN will fail to connect

Unable to launch with OMV5 compose file

Hi.
I'm trying to use docker compose with open media vault 5 (omv5). I'm using portainer to deploy a docker compose as a "stack". I tried to replicate the PIA example in the readme. Not sure if my compose is the issue?

I'm seeing these errors in the logs:

insmod: ERROR: could not load module /lib/modules/tun.ko: No such file or directory,
insmod: ERROR: could not load module /lib/modules/iptable_mangle.ko: No such file or directory,

Here's my compose:

---
version: "2"
services:
  qbittorrentvpn:
    image: binhex/arch-qbittorrentvpn
    container_name: qbittorrentvpn
    privileged: true
    cap_add:
    - NET_ADMIN
    environment:
      - VPN_ENABLED=true
      - VPN_USER=REDACTED
      - VPN_PASS=REDACTED
      - VPN_PROV=pia
      - STRICT_PORT_FORWARD=yes
      - ENABLE_PRIVOXY=yes
      - LAN_NETWORK=192.168.1.0/24
      - NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1
      - ADDITIONAL_PORTS=1234
      - DEBUG=false
      - WEBUI_PORT=8080
      - UMASK=000
      - PUID=998
      - PGID=100
    ports:
      - 6881:6881
      - 6881:6881/udp
      - 8080:8080
      - 8118:8118
    volumes:
      - /srv/dev-disk-by-label-dataExt2tb/Config/QBittorrentVPN2:/config
      - /srv/dev-disk-by-label-dataExt2tb/media:/downloads
      - /srv/dev-disk-by-label-dataExt2tb/media:/data
      - /etc/localtime:/etc/localtime:ro
    restart: unless-stopped

More logs:

Created by...,
___.   .__       .__                   ,
\_ |__ |__| ____ |  |__   ____ ___  ___,
 | __ \|  |/    \|  |  \_/ __ \\  \/  /,
 | \_\ \  |   |  \   Y  \  ___/ >    < ,
 |___  /__|___|  /___|  /\___  >__/\_ \,
     \/        \/     \/     \/      \/,
   https://hub.docker.com/u/binhex/,
,
2020-07-05 01:56:58.021447 [info] System information Linux d642fc91cd64 5.6.0-0.bpo.2-amd64 #1 SMP Debian 5.6.14-2~bpo10+1 (2020-06-09) x86_64 GNU/Linux,
2020-07-05 01:56:58.046613 [info] OS_ARCH defined as 'x86-64',
2020-07-05 01:56:58.071663 [info] PUID defined as '998',
2020-07-05 01:56:58.098246 [info] PGID defined as '100',
2020-07-05 01:56:58.132368 [info] UMASK defined as '000',
2020-07-05 01:56:58.156068 [info] Setting permissions recursively on volume mappings...,
2020-07-05 01:56:58.228107 [info] VPN_ENABLED defined as 'yes',
2020-07-05 01:56:58.256508 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/DEFrankfurt.ovpn,
2020-07-05 01:56:58.311006 [info] VPN remote line defined as 'remote 185.220.70.154 8080',
2020-07-05 01:56:58.334851 [info] VPN_REMOTE defined as '185.220.70.154',
2020-07-05 01:56:58.361823 [info] VPN_PORT defined as '8080',
2020-07-05 01:56:58.388864 [info] VPN_PROTOCOL defined as 'udp',
2020-07-05 01:56:58.413784 [info] VPN_DEVICE_TYPE defined as 'tun0',
2020-07-05 01:56:58.438200 [info] VPN_PROV defined as 'pia',
2020-07-05 01:56:58.463592 [info] LAN_NETWORK defined as '192.168.1.0/24',
2020-07-05 01:56:58.488011 [info] NAME_SERVERS defined as '209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1',
2020-07-05 01:56:58.512086 [info] VPN_USER defined as 'REDACTED',
2020-07-05 01:56:58.536307 [info] VPN_PASS defined as 'REDACTED',
2020-07-05 01:56:58.560489 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS),
2020-07-05 01:56:58.584231 [info] STRICT_PORT_FORWARD defined as 'yes',
2020-07-05 01:56:58.607819 [info] ENABLE_PRIVOXY defined as 'yes',
2020-07-05 01:56:58.631383 [info] ADDITIONAL_PORTS defined as '1234',
2020-07-05 01:56:58.655024 [info] WEBUI_PORT defined as '8080',
2020-07-05 01:56:58.682141 [info] Deleting files in /tmp (non recursive)...,
2020-07-05 01:56:58.705205 [info] Starting Supervisor...,
2020-07-05 01:56:58,832 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing,
2020-07-05 01:56:58,832 INFO Set uid to user 0 succeeded,
2020-07-05 01:56:58,834 INFO supervisord started with pid 6,
2020-07-05 01:56:59,838 INFO spawned: 'start-script' with pid 169,
2020-07-05 01:56:59,841 INFO spawned: 'watchdog-script' with pid 170,
2020-07-05 01:56:59,841 INFO reaped unknown pid 7 (exit status 0),
2020-07-05 01:56:59,850 DEBG 'start-script' stdout output:,
[info] VPN is enabled, beginning configuration of VPN,
,
2020-07-05 01:56:59,850 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs),
2020-07-05 01:56:59,850 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs),
2020-07-05 01:56:59,850 DEBG 'watchdog-script' stdout output:,
[info] qBittorrent config file already exists, skipping copy,
[info] Removing session lock file (if it exists)...,
,
2020-07-05 01:56:59,897 DEBG 'start-script' stdout output:,
[info] Default route for container is 172.21.0.1,
,
2020-07-05 01:56:59,900 DEBG 'start-script' stdout output:,
[info] Adding 209.222.18.222 to /etc/resolv.conf,
,
2020-07-05 01:56:59,904 DEBG 'start-script' stdout output:,
[info] Adding 84.200.69.80 to /etc/resolv.conf,
,
2020-07-05 01:56:59,907 DEBG 'start-script' stdout output:,
[info] Adding 37.235.1.174 to /etc/resolv.conf,
,
2020-07-05 01:56:59,911 DEBG 'start-script' stdout output:,
[info] Adding 1.1.1.1 to /etc/resolv.conf,
,
2020-07-05 01:56:59,915 DEBG 'start-script' stdout output:,
[info] Adding 209.222.18.218 to /etc/resolv.conf,
,
2020-07-05 01:56:59,919 DEBG 'start-script' stdout output:,
[info] Adding 37.235.1.177 to /etc/resolv.conf,
,
2020-07-05 01:56:59,923 DEBG 'start-script' stdout output:,
[info] Adding 84.200.70.40 to /etc/resolv.conf,
,
2020-07-05 01:56:59,926 DEBG 'start-script' stdout output:,
[info] Adding 1.0.0.1 to /etc/resolv.conf,
,
2020-07-05 01:56:59,928 DEBG 'start-script' stdout output:,
185.220.70.154,
,
2020-07-05 01:56:59,933 DEBG 'start-script' stdout output:,
[info] Attempting to load tun kernel module...,
,
2020-07-05 01:56:59,934 DEBG 'start-script' stderr output:,
modprobe: FATAL: Module tun not found in directory /lib/modules/5.6.0-0.bpo.2-amd64,
,
2020-07-05 01:56:59,934 DEBG 'start-script' stdout output:,
[warn] Unable to load tun kernel module using modprobe, trying insmod...,
,
2020-07-05 01:56:59,935 DEBG 'start-script' stderr output:,
insmod: ERROR: could not load module /lib/modules/tun.ko: No such file or directory,
,
2020-07-05 01:56:59,935 DEBG 'start-script' stdout output:,
[warn] Unable to load tun kernel module, assuming its dynamically loaded,
,
2020-07-05 01:56:59,942 DEBG 'start-script' stdout output:,
[info] Attempting to load iptable_mangle module...,
,
2020-07-05 01:56:59,943 DEBG 'start-script' stderr output:,
modprobe: FATAL: Module iptable_mangle not found in directory /lib/modules/5.6.0-0.bpo.2-amd64,
,
2020-07-05 01:56:59,943 DEBG 'start-script' stdout output:,
[warn] Unable to load iptable_mangle module using modprobe, trying insmod...,
,
2020-07-05 01:56:59,944 DEBG 'start-script' stderr output:,
insmod: ERROR: could not load module /lib/modules/iptable_mangle.ko: No such file or directory,
,
2020-07-05 01:56:59,944 DEBG 'start-script' stdout output:,
[warn] Unable to load iptable_mangle module, you will not be able to connect to the applications Web UI or Privoxy outside of your LAN,
,
2020-07-05 01:56:59,945 DEBG 'start-script' stdout output:,
[info] unRAID/Ubuntu users: Please attempt to load the module by executing the following on your host: '/sbin/modprobe iptable_mangle',
[info] Synology users: Please attempt to load the module by executing the following on your host: 'insmod /lib/modules/iptable_mangle.ko',
,
2020-07-05 01:56:59,961 DEBG 'start-script' stdout output:,
[info] Docker network defined as    172.21.0.0/16,
,
2020-07-05 01:56:59,964 DEBG 'start-script' stdout output:,
[info] Adding 192.168.1.0/24 as route via docker eth0,
,
2020-07-05 01:56:59,965 DEBG 'start-script' stdout output:,
[info] ip route defined as follows...,
--------------------,
,
2020-07-05 01:56:59,965 DEBG 'start-script' stdout output:,
default via 172.21.0.1 dev eth0 ,
172.21.0.0/16 dev eth0 proto kernel scope link src 172.21.0.2 ,
192.168.1.0/24 via 172.21.0.1 dev eth0 ,
,
2020-07-05 01:56:59,965 DEBG 'start-script' stdout output:,
--------------------,
,
2020-07-05 01:56:59,984 DEBG 'start-script' stdout output:,
[info] Adding additional incoming port 1234 for eth0,
,
2020-07-05 01:57:00,013 DEBG 'start-script' stdout output:,
[info] Adding additional outgoing port 1234 for eth0,
,
2020-07-05 01:57:00,025 DEBG 'start-script' stdout output:,
[info] iptables defined as follows...,
--------------------,
,
2020-07-05 01:57:00,026 DEBG 'start-script' stdout output:,
-P INPUT DROP,
-P FORWARD DROP,
-P OUTPUT DROP,
-A INPUT -s 172.21.0.0/16 -d 172.21.0.0/16 -j ACCEPT,
-A INPUT -i eth0 -p udp -m udp --sport 8080 -j ACCEPT,
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT,
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT,
-A INPUT -i eth0 -p tcp -m tcp --dport 1234 -j ACCEPT,
-A INPUT -i eth0 -p tcp -m tcp --sport 1234 -j ACCEPT,
-A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT,
-A INPUT -s 192.168.1.0/24 -d 172.21.0.0/16 -i eth0 -p tcp -j ACCEPT,
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT,
-A INPUT -i lo -j ACCEPT,
-A INPUT -i tun0 -j ACCEPT,
-A OUTPUT -s 172.21.0.0/16 -d 172.21.0.0/16 -j ACCEPT,
-A OUTPUT -o eth0 -p udp -m udp --dport 8080 -j ACCEPT,
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT,
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT,
-A OUTPUT -o eth0 -p tcp -m tcp --dport 1234 -j ACCEPT,
-A OUTPUT -o eth0 -p tcp -m tcp --sport 1234 -j ACCEPT,
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT,
-A OUTPUT -s 172.21.0.0/16 -d 192.168.1.0/24 -o eth0 -p tcp -j ACCEPT,
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT,
-A OUTPUT -o lo -j ACCEPT,
-A OUTPUT -o tun0 -j ACCEPT,
,
2020-07-05 01:57:00,027 DEBG 'start-script' stdout output:,
--------------------,
,
2020-07-05 01:57:00,028 DEBG 'start-script' stdout output:,
fo] Starting OpenVPN...,
,
2020-07-05 01:57:00,033 DEBG 'start-script' stdout output:,
Sun Jul  5 01:57:00 2020 WARNING: file 'credentials.conf' is group or others accessible,
Sun Jul  5 01:57:00 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020,
Sun Jul  5 01:57:00 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10,
,
2020-07-05 01:57:00,033 DEBG 'start-script' stdout output:,
[info] OpenVPN started,
,
2020-07-05 01:57:00,033 DEBG 'start-script' stdout output:,
Sun Jul  5 01:57:00 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts,
,
2020-07-05 01:57:00,034 DEBG 'start-script' stdout output:,
Sun Jul  5 01:57:00 2020 CRL: loaded 1 CRLs from file [[INLINE]],
,
2020-07-05 01:57:00,035 DEBG 'start-script' stdout output:,
Sun Jul  5 01:57:00 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.220.70.154:8080,
Sun Jul  5 01:57:00 2020 UDP link local (bound): [AF_INET][undef]:53,
Sun Jul  5 01:57:00 2020 UDP link remote: [AF_INET]185.220.70.154:8080,

login

user: admin and password: adminadmin does not seem to be working atm

Unable to pass other docker through qbittorrentvpn #8

I'm trying to connect other docker network through this one using --network "container:binhex-qbittorrentvpn".
The other docker starts fine and I can see in their logs there seems to be working fine, but I can't connect to their webui.
The issue is probably with the default config for the network (iptables?) not allowing connection to the port for the webui for the other docker, (ex: port 9117 for jackett).
Is there anyway to achieve what I want?
I'm running the docker on an Unraid machine, and trying to route at least jackett/sonnar/radarr through this docker.

X Window System interface alongside WebUI?

Would there be any chance of adding a X11/Graphical interface through VNC to the qBittorrent client alongside the Web Interface? There's a lot of automation/mass settings available on the regular qBitTorrent interface (mostly RSS feeds monitoring and editing, but also mass category specific ratio settings) not available in the default WebUI (some alternative WebUIs provide that information, but they're cubersome and not as straight forward as the regular WebUI interface nor the original graphicl interface).

Wiregaurd

Hi, is there anyway I can use wiregaurd with qbittorrentvpn? Thank you so much

Does OpenVPN Restart on Connection Failure?

Hi Binhex,

I was using another qbittorrent with OpenVPN docker and it doesn't seem to have the daemon scripts right to restart the openvpn connection when the keepalives fail. I end up having to grab a shell in the container and manually restart it or restart the whole container.

Does your container handle keepalive and connect failures gracefully by restarting the OpenVPN connection?

Thanks.

Latest commit breaks ports with less than 4 digits

My container stopped working after updating to commit b7ce500. Everything worked perfectly before then.

From what I can discern, the issue is that my ovpn is using a port with only 3 digits (995), and the latest commit is not picking up ports that are not 4 or 5 digits.

PIA Port Not applied to qbittorrent client

The new pia port does not get set on start up. The logs show PIA gives a port but it is not changed in the client. below is the relevant logs

qbitttorrent    | 2019-12-26 15:51:38,170 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Checking endpoint 'ca-toronto.privateinternetaccess.com' is port forward enabled...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:38,180 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Attempting to curl https://www.privateinternetaccess.com/vpninfo/servers?version=82...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:38,687 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Curl successful for https://www.privateinternetaccess.com/vpninfo/servers?version=82, response code 200
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:38,890 DEBG 'start-script' stdout output:
qbitttorrent    | [info] PIA endpoint 'ca-toronto.privateinternetaccess.com' is in the list of endpoints that support port forwarding
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:38,890 DEBG 'start-script' stdout output:
qbitttorrent    | [info] List of PIA endpoints that support port forwarding:-
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:38,891 DEBG 'start-script' stdout output:
qbitttorrent    | [info] ca-toronto.privateinternetaccess.com
qbitttorrent    | [info] ca-montreal.privateinternetaccess.com
qbitttorrent    | [info] ca-vancouver.privateinternetaccess.com
qbitttorrent    | [info] de-berlin.privateinternetaccess.com
qbitttorrent    | [info] de-frankfurt.privateinternetaccess.com
qbitttorrent    | [info] sweden.privateinternetaccess.com
qbitttorrent    | [info] swiss.privateinternetaccess.com
qbitttorrent    | [info] france.privateinternetaccess.com
qbitttorrent    | [info] czech.privateinternetaccess.com
qbitttorrent    | [info] spain.privateinternetaccess.com
qbitttorrent    | [info] ro.privateinternetaccess.com
qbitttorrent    | [info] israel.privateinternetaccess.com
qbitttorrent    | [info] Attempting to get dynamically assigned port...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:38,910 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Attempting to curl http://209.222.18.222:2000/?client_id=RED
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:39,839 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Curl successful for http://209.222.18.222:2000/?client_id=RED, response code 200
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:39,935 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Successfully assigned incoming port 56734
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:39,938 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Checking we can resolve name 'www.google.com' to address...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,035 DEBG 'start-script' stdout output:
qbitttorrent    | [info] DNS operational, we can resolve name 'www.google.com' to address '172.217.1.4'
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,039 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Attempting to get external IP using Name Server 'ns1.google.com'...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,248 DEBG 'start-script' stdout output:
qbitttorrent    | [info] Successfully retrieved external IP address 172.98.67.4
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,293 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.23.10.10 different, marking for reconfigure
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,301 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] qBittorrent not running
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,310 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] Privoxy not running
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,311 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] qBittorrent incoming port 6881 and VPN incoming port 56734 different, marking for reconfigure
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,311 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] Removing session lock file (if it exists)...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,315 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] Attempting to start qBittorrent...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,343 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] qBittorrent process started
qbitttorrent    | [info] Waiting for qBittorrent process to start listening on port 8088...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,470 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] qBittorrent process listening on port 8088
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:40,507 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] Attempting to start Privoxy...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:41,513 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] Privoxy process started
qbitttorrent    | [info] Waiting for Privoxy process to start listening on port 8118...
qbitttorrent    |
qbitttorrent    | 2019-12-26 15:51:41,521 DEBG 'watchdog-script' stdout output:
qbitttorrent    | [info] Privoxy process listening on port 8118

PIA: looses connection every 24 hours

I had fully working system for a long time.
Now, for few weeks, the connection to PIA brakes in a time of 24 hours or less. I can access qbit UI, but nothing is downloading. Need to restart container and zhan everything runs just fine. Any idea why?
Don't have the logs now, but it looks that can't resolve DNS after a while.

Anybody else having this issue with PIA?

Add ADDITIONAL_PORTS argument as in arch-sabzndbvpn

Problem statement

In order to allow connections to/from other local services, additional iptables rules need to be added. The primary use case for this would be to allow NzbToMedia scripts to call Radarr/Sonarr and for those applications to respond. Currently, the iptables rules block these connections and the NzbToMedia scripts fail.

The arch-sabnzbdvpn container has the ADDITIONAL_PORTS variable which allows for exactly this use-case. I'd like to see it here too.

Solution

I've solved the issue on my end, but it's a hacky workaround and it's only persistent-ish - that is, it won't survive a container rebuild.

In essence, I customized the iptables rules that are instituted at container startup and using a similar ADDITIONAL_PORTS variable as the arch-sabnzbdvpn container.

My process is as follows:

  1. I added the ADDITIONAL_PORTS variable to my container with the value 8989,7878 for Sonarr and Radarr, respectively.

  2. I copied /root/iptable.sh to /config/iptable.sh and added the following changes:
    lines 102-103:
    # accept input to qbittorrent api from radarr and sonarr
    iptables -A INPUT -i "${docker_interface}" -s "${lan_network_item}" -p tcp -m multiport --sport "${ADDITIONAL_PORTS}" -j ACCEPT

    lines 159-160:
    # accept output to radarr and sonarr from qbittorrent api
    iptables -A OUTPUT -o "${docker_interface}" -d "${lan_network_item}" -p tcp -m multiport --dport "${ADDITIONAL_PORTS}" -j ACCEPT

  3. Upon rebuilding the container (e.g. after updating or changing values on the Unraid WebUI) I run:
    docker exec -it binhex-qbittorrentvpn cp /config/iptable.sh /root/iptable.sh && docker restart binhex-qbittorrentvpn

Next steps

I'd be happy to submit a pull-request for this change if it's acceptable. It's implemented slightly differently than in arch-sabnzbdvpn, insomuch as the iptables.sh script adds a single rule with the iptables multiport module instead of looping through the comma-separated list of ports and adding a new rule for each one. I'd be happy to implement the arch-sabnzbdvpn version if that would be preferable. It does occur to me that my current implementation doesn't specifically catch the situation wherein ADDITIONAL_PORTS is not specified, but that is easy enough to add.

I'd love to see this implemented natively so that I wouldn't have to run the cp command on each container rebuild.

Automatically add torrents from:

Hi, I am not sure what I am doing wrong here I am adding right location and save it but still not working. Any help :)

4

And when I press Save and go back to Options and Monitored folder location is empty

5

Thank you

Port 443 Problems

Hi,

I have succesfully setup qBittorrent on a docker (on my UnRaid system) with HTTPS working through port 8080 but I would like to change it too port 443 so I can reach it at only my FQDN within my LAN

I am having issues allowing port 443 as port 0-1024 are restricted I assume, is there an iptables rule or a guide I can follow to allow the web server to bind to port 443?

Any help would be appreciated!
Thanks

qBitTorrent can't start because... I don't know

I'm trying to incorporate arch-qbittorrentvpn into a docker stack along with some other services and qbittorrent is being troublesome

Container log: https://paste.dimdev.org/igamejalub.pl
Relevant info from docker-compose.yaml

qbittorrent:
  image: binhex/arch-qbittorrentvpn
  container_name: qbittorrent
  restart: unless-stopped
  privileged: true
  volumes:
    - /etc/localtime:/etc/localtime
    - /mnt/data:/mnt/data
    - ./appdata/qbittorrent:/config
  ports:
    - 8118:8118
  cap_add:
    - NET_ADMIN
  environment:
    - VPN_ENABLED=yes
    - VPN_USER=obviouslynotmyrealusername
    - VPN_PASS=obviouslynotmyrealpassword
    - VPN_PROV=airvpn
    - ENABLE_PRIVOXY=yes
    - LAN_NETWORK=192.168.0.0/24
    - NAME_SERVERS=208.67.222.222
    - WEBUI_PORT=8080
    - UMASK=500
    - PUID=500
    - PGID=500

For some reason, ./appdata/qbittorrent/qBittorrent has a folder mask of 0377 which probably has a role in this issue.

global and throttle speeds not saved?

Hi, I'm not sure if its just me (could be) but Global and local upload speeds are set back to a previous value I had set, I have tried various browsers, ways of submitting, changing all of them, disabling all of them etc... but to no avail? is anyone else having the issue? could be just me so feel free to close this if no one else has this :) .

Error while loading shared libraries: libQt5Core.so.5

Hi,

Pulled this container yesterday and I've got this error while running it :

2019-01-04 12:44:30,613 DEBG 'watchdog-script' stderr output:
usr/bin/qbittorrent-nox: error while loading shared libraries: libQt5Core.so.5: cannot open shared object file: No such file or directory

Then I looked further into the container :

[root@f20ffa1248e8 bin]# ldd qbittorrent-nox 
        linux-vdso.so.1 (0x00007ffd783e6000)
        libz.so.1 => /lib/libz.so.1 (0x00007f747ffa0000)
        libtorrent-rasterbar.so.9 => /lib/libtorrent-rasterbar.so.9 (0x00007f747fba6000)
        libboost_system.so.1.68.0 => /lib/libboost_system.so.1.68.0 (0x00007f747fba0000)
        libQt5Network.so.5 => /lib/libQt5Network.so.5 (0x00007f747f9ee000)
        libQt5Xml.so.5 => /lib/libQt5Xml.so.5 (0x00007f747f9af000)
        libQt5Core.so.5 => not found
        libpthread.so.0 => /lib/libpthread.so.0 (0x00007f747f97d000)
        libstdc++.so.6 => /lib/libstdc++.so.6 (0x00007f747f7ee000)
        libm.so.6 => /lib/libm.so.6 (0x00007f747f669000)
        libgcc_s.so.1 => /lib/libgcc_s.so.1 (0x00007f747f64f000)
        libc.so.6 => /lib/libc.so.6 (0x00007f747f48b000)
        /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f74807fc000)
        libssl.so.1.1 => /lib/libssl.so.1.1 (0x00007f747f3fb000)
        libcrypto.so.1.1 => /lib/libcrypto.so.1.1 (0x00007f747f127000)
        libboost_chrono.so.1.68.0 => /lib/libboost_chrono.so.1.68.0 (0x00007f747f11c000)
        libboost_random.so.1.68.0 => /lib/libboost_random.so.1.68.0 (0x00007f747f112000)
        librt.so.1 => /lib/librt.so.1 (0x00007f747f108000)
        libQt5Core.so.5 => not found
        libQt5Core.so.5 => not found
        libdl.so.2 => /lib/libdl.so.2 (0x00007f747f101000)

I checked /lib and was able to found libQt5Core.so.5 so I'm a little lost.
Hope you can point me to what is my problem.

Regards

Downloading not working while VPN enabled

Hi Binhex,

thanks for your wonderful work and supporto in daily noob's struggles!

I'm exploring UnRaid and one of the first docker container fot my HTPC is this one.
When I create the container everything seems fine, qbittorent webui is reacheable and so on.

The issue arise few seconds after a torrent starts to download: there a spike and the download speed drops to 0 in few seconds. I've tried with different torrents, with qbittorent without VPN.
I'm using surfshark as provider, it should support P2P protocol and with my windows PC it works fine.

Here my debug logs:

`Created by...
. . ._
_ |__ || ____ | | ____ ___ ___
| __ | |/ | | _/ __ \ / /
| _\ \ | | \ Y \ / > <
| /|| /| /_ >__/_
/ / / / /
https://hub.docker.com/u/binhex/

2020-03-26 22:17:23.260305 [info] System information Linux 4725141e0f72 4.19.107-Unraid #1 SMP Thu Mar 5 13:55:57 PST 2020 x86_64 GNU/Linux
2020-03-26 22:17:23.287729 [info] PUID defined as '99'
2020-03-26 22:17:23.320670 [info] PGID defined as '100'
2020-03-26 22:17:23.371137 [info] UMASK defined as '000'
2020-03-26 22:17:23.397203 [info] Permissions already set for volume mappings
2020-03-26 22:17:23.429557 [info] VPN_ENABLED defined as 'yes'
2020-03-26 22:17:23.464576 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn
2020-03-26 22:17:23.518202 [info] VPN remote line defined as 'remote it-mil.prod.surfshark.com 1194'
2020-03-26 22:17:23.545817 [info] VPN_REMOTE defined as 'it-mil.prod.surfshark.com'
2020-03-26 22:17:23.575469 [info] VPN_PORT defined as '1194'
2020-03-26 22:17:23.609066 [info] VPN_PROTOCOL defined as 'udp'
2020-03-26 22:17:23.638869 [info] VPN_DEVICE_TYPE defined as 'tun0'
2020-03-26 22:17:23.670184 [info] VPN_PROV defined as 'custom'
2020-03-26 22:17:23.698049 [info] LAN_NETWORK defined as '192.168.15.0/24'
2020-03-26 22:17:23.726612 [info] NAME_SERVERS defined as '1.1.1.1,1.0.0.1'
2020-03-26 22:17:23.754871 [info] VPN_USER defined as 'UvMksySzb9ReVwsCRc2Ra6jm'
2020-03-26 22:17:23.781187 [info] VPN_PASS defined as 'WPDFED2n5TzgMrE3WtytBcjU'
2020-03-26 22:17:23.808353 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2020-03-26 22:17:23.837165 [info] ENABLE_PRIVOXY defined as 'yes'
2020-03-26 22:17:23.866553 [info] WEBUI_PORT defined as '8080'
2020-03-26 22:17:23.898104 [info] Deleting files in /tmp (non recursive)...
2020-03-26 22:17:23.927787 [info] Starting Supervisor...
2020-03-26 22:17:24,087 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing
2020-03-26 22:17:24,087 INFO Set uid to user 0 succeeded
2020-03-26 22:17:24,090 INFO supervisord started with pid 6
2020-03-26 22:17:25,092 INFO spawned: 'start-script' with pid 151
2020-03-26 22:17:25,094 INFO spawned: 'watchdog-script' with pid 152
2020-03-26 22:17:25,095 INFO reaped unknown pid 7
2020-03-26 22:17:25,101 DEBG 'watchdog-script' stdout output:
[info] qBittorrent config file already exists, skipping copy
[info] Removing session lock file (if it exists)...

2020-03-26 22:17:25,102 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2020-03-26 22:17:25,102 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2020-03-26 22:17:25,102 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN
[debug] Environment variables defined as follows
APPLICATION=qbittorrent
BASH=/bin/bash
BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_LINENO=([0]="0")
BASH_SOURCE=([0]="/root/start.sh")
BASH_VERSINFO=([0]="5" [1]="0" [2]="16" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu")
BASH_VERSION='5.0.16(1)-release'
DEBUG=true
DIRSTACK=()
ENABLE_PRIVOXY=yes
EUID=0

)
HOME=/home/nobody
HOSTNAME=4725141e0f72
HOSTTYPE=x86_64
HOST_OS=Unraid
IFS=$' \t\n'
LANG=en_GB.UTF-8
LAN_NETWORK=192.168.15.0/24
MACHTYPE=x86_64-pc-linux-gnu
NAME_SERVERS=1.1.1.1,1.0.0.1
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID=100
PIPESTATUS=([0]="0")
PPID=6
PS4='+ '
PUID=99
PWD=/
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
STRICT_PORT_FORWARD=yes
SUPERVISOR_ENABLED=1
SUPERVISOR_GROUP_NAME=start-script
SUPERVISOR_PROCESS_NAME=start-script
TERM=xterm
TZ=Europe/Berlin
UID=0

0
VPN_CONFIG=/config/openvpn/it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn
VPN_DEVICE_TYPE=tun0
VPN_ENABLED=yes
VPN_OPTIONS=
VPN_PASS=xxxxxxxxxxxxxxxxxxxxxxxx
VPN_PORT=1194
VPN_PROTOCOL=udp
VPN_PROV=custom
VPN_REMOTE=it-mil.prod.surfshark.com
VPN_USER=xxxxxxxxxxxxxxxxxxxxxxxx
WEBUI_PORT=8080
_='[debug] Environment variables defined as follows'
[debug] Directory listing of files in /config/openvpn as follows

2020-03-26 22:17:25,105 DEBG 'start-script' stdout output:
total 20
drwxrwxr-x 1 nobody users 204 Mar 26 22:17 .
drwxrwxr-x 1 nobody users 98 Mar 25 22:05 ..
-rwxrwxr-x 1 nobody users 50 Mar 26 19:20 credentials.conf
-rwxrwxr-x 1 nobody users 2904 Mar 26 22:17 it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn
-rwxrwxr-x 1 nobody users 636 Mar 26 15:34 surfshark_tls.key
-rwxrwxr-x 1 nobody users 50 Jan 14 16:32 vpn.auth
-rwxrwxr-x 1 nobody users 1899 Jan 14 16:32 vpn-ca.crt

2020-03-26 22:17:25,159 DEBG 'start-script' stdout output:
[debug] Contents of ovpn file /config/openvpn/it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn as follows...

2020-03-26 22:17:25,160 DEBG 'start-script' stdout output:
remote it-mil.prod.surfshark.com 1194
client
dev tun

p
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
ping 15
ping-restart 0
ping-timer-rem

remote-cert-tls server

auth-user-pass credentials.conf

o
verb 3
pull
fast-io
cipher AES-256-CBC

auth SHA512

-----BEGIN CERTIFICATE----- MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+ 303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q 5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087 FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI 623cSEC3Q3UZutsEm/UplsM= -----END CERTIFICATE----- key-direction 1 # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- b02cb1d7c6fee5d4f89b8de72b51a8d0 c7b282631d6fc19be1df6ebae9e2779e 6d9f097058a31c97f57f0c35526a44ae 09a01d1284b50b954d9246725a1ead1f f224a102ed9ab3da0152a15525643b2e ee226c37041dc55539d475183b889a10 e18bb94f079a4a49888da566b9978346 0ece01daaf93548beea6c827d9674897 e7279ff1a19cb092659e8c1860fbad0d b4ad0ad5732f1af4655dbd66214e552f 04ed8fd0104e1d4bf99c249ac229ce16 9d9ba22068c6c0ab742424760911d463 6aafb4b85f0c952a9ce4275bc821391a a65fcd0d2394f006e3fba0fd34c4bc4a b260f4b45dec3285875589c97d3087c9 134d3a3aa2f904512e85aa2dc2202498 -----END OpenVPN Static key V1-----

2020-03-26 22:17:25,174 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2020-03-26 22:17:25,179 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2020-03-26 22:17:25,182 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2020-03-26 22:17:25,092 INFO spawned: 'start-script' with pid 151
2020-03-26 22:17:25,094 INFO spawned: 'watchdog-script' with pid 152
2020-03-26 22:17:25,095 INFO reaped unknown pid 7
2020-03-26 22:17:25,101 DEBG 'watchdog-script' stdout output:
[info] qBittorrent config file already exists, skipping copy
[info] Removing session lock file (if it exists)...

2020-03-26 22:17:25,102 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2020-03-26 22:17:25,102 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2020-03-26 22:17:25,102 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN
[debug] Environment variables defined as follows
APPLICATION=qbittorrent
BASH=/bin/bash
BASHOPTS=checkwinsize:cmdhist:complete_fullquote:extquote:force_fignore:globasciiranges:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath
BASH_ALIASES=()
BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_LINENO=([0]="0")
BASH_SOURCE=([0]="/root/start.sh")
BASH_VERSINFO=([0]="5" [1]="0" [2]="16" [3]="1" [4]="release" [5]="x86_64-pc-linux-gnu")
BASH_VERSION='5.0.16(1)-release'
DEBUG=true
DIRSTACK=()
ENABLE_PRIVOXY=yes
EUID=0

)
HOME=/home/nobody
HOSTNAME=4725141e0f72
HOSTTYPE=x86_64
HOST_OS=Unraid
IFS=$' \t\n'
LANG=en_GB.UTF-8
LAN_NETWORK=192.168.15.0/24
MACHTYPE=x86_64-pc-linux-gnu
NAME_SERVERS=1.1.1.1,1.0.0.1
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID=100
PIPESTATUS=([0]="0")
PPID=6
PS4='+ '
PUID=99
PWD=/
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
STRICT_PORT_FORWARD=yes
SUPERVISOR_ENABLED=1
SUPERVISOR_GROUP_NAME=start-script
SUPERVISOR_PROCESS_NAME=start-script
TERM=xterm
TZ=Europe/Berlin
UID=0

0
VPN_CONFIG=/config/openvpn/it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn
VPN_DEVICE_TYPE=tun0
VPN_ENABLED=yes
VPN_OPTIONS=
VPN_PASS=xxxxxxxxxxxxxxxxxxxxxxxx
VPN_PORT=1194
VPN_PROTOCOL=udp
VPN_PROV=custom
VPN_REMOTE=it-mil.prod.surfshark.com
VPN_USER=xxxxxxxxxxxxxxxxxxxxxxxx
WEBUI_PORT=8080
_='[debug] Environment variables defined as follows'
[debug] Directory listing of files in /config/openvpn as follows

2020-03-26 22:17:25,105 DEBG 'start-script' stdout output:
total 20
drwxrwxr-x 1 nobody users 204 Mar 26 22:17 .
drwxrwxr-x 1 nobody users 98 Mar 25 22:05 ..
-rwxrwxr-x 1 nobody users 50 Mar 26 19:20 credentials.conf
-rwxrwxr-x 1 nobody users 2904 Mar 26 22:17 it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn
-rwxrwxr-x 1 nobody users 636 Mar 26 15:34 surfshark_tls.key
-rwxrwxr-x 1 nobody users 50 Jan 14 16:32 vpn.auth
-rwxrwxr-x 1 nobody users 1899 Jan 14 16:32 vpn-ca.crt

2020-03-26 22:17:25,159 DEBG 'start-script' stdout output:
[debug] Contents of ovpn file /config/openvpn/it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn as follows...

2020-03-26 22:17:25,160 DEBG 'start-script' stdout output:
remote it-mil.prod.surfshark.com 1194
client
dev tun

p
resolv-retry infinite
remote-random
nobind
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450
persist-key
ping 15
ping-restart 0
ping-timer-rem

remote-cert-tls server

auth-user-pass credentials.conf

o
verb 3
pull
fast-io
cipher AES-256-CBC

auth SHA512

-----BEGIN CERTIFICATE----- MIIFTTCCAzWgAwIBAgIJAMs9S3fqwv+mMA0GCSqGSIb3DQEBCwUAMD0xCzAJBgNV BAYTAlZHMRIwEAYDVQQKDAlTdXJmc2hhcmsxGjAYBgNVBAMMEVN1cmZzaGFyayBS b290IENBMB4XDTE4MDMxNDA4NTkyM1oXDTI4MDMxMTA4NTkyM1owPTELMAkGA1UE BhMCVkcxEjAQBgNVBAoMCVN1cmZzaGFyazEaMBgGA1UEAwwRU3VyZnNoYXJrIFJv b3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEGMNj0aisM63o SkmVJyZPaYX7aPsZtzsxo6m6p5Wta3MGASoryRsBuRaH6VVa0fwbI1nw5ubyxkua Na4v3zHVwuSq6F1p8S811+1YP1av+jqDcMyojH0ujZSHIcb/i5LtaHNXBQ3qN48C c7sqBnTIIFpmb5HthQ/4pW+a82b1guM5dZHsh7q+LKQDIGmvtMtO1+NEnmj81BAp FayiaD1ggvwDI4x7o/Y3ksfWSCHnqXGyqzSFLh8QuQrTmWUm84YHGFxoI1/8AKdI yVoB6BjcaMKtKs/pbctk6vkzmYf0XmGovDKPQF6MwUekchLjB5gSBNnptSQ9kNgn TLqi0OpSwI6ixX52Ksva6UM8P01ZIhWZ6ua/T/tArgODy5JZMW+pQ1A6L0b7egIe ghpwKnPRG+5CzgO0J5UE6gv000mqbmC3CbiS8xi2xuNgruAyY2hUOoV9/BuBev8t tE5ZCsJH3YlG6NtbZ9hPc61GiBSx8NJnX5QHyCnfic/X87eST/amZsZCAOJ5v4EP SaKrItt+HrEFWZQIq4fJmHJNNbYvWzCE08AL+5/6Z+lxb/Bm3dapx2zdit3x2e+m iGHekuiE8lQWD0rXD4+T+nDRi3X+kyt8Ex/8qRiUfrisrSHFzVMRungIMGdO9O/z CINFrb7wahm4PqU2f12Z9TRCOTXciQIDAQABo1AwTjAdBgNVHQ4EFgQUYRpbQwyD ahLMN3F2ony3+UqOYOgwHwYDVR0jBBgwFoAUYRpbQwyDahLMN3F2ony3+UqOYOgw DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAn9zV7F/XVnFNZhHFrt0Z S1Yqz+qM9CojLmiyblMFh0p7t+Hh+VKVgMwrz0LwDH4UsOosXA28eJPmech6/bjf ymkoXISy/NUSTFpUChGO9RabGGxJsT4dugOw9MPaIVZffny4qYOc/rXDXDSfF2b+ 303lLPI43y9qoe0oyZ1vtk/UKG75FkWfFUogGNbpOkuz+et5Y0aIEiyg0yh6/l5Q 5h8+yom0HZnREHhqieGbkaGKLkyu7zQ4D4tRK/mBhd8nv+09GtPEG+D5LPbabFVx KjBMP4Vp24WuSUOqcGSsURHevawPVBfgmsxf1UCjelaIwngdh6WfNCRXa5QQPQTK ubQvkvXONCDdhmdXQccnRX1nJWhPYi0onffvjsWUfztRypsKzX4dvM9k7xnIcGSG EnCC4RCgt1UiZIj7frcCMssbA6vJ9naM0s7JF7N3VKeHJtqe1OCRHMYnWUZt9vrq X6IoIHlZCoLlv39wFW9QNxelcAOCVbD+19MZ0ZXt7LitjIqe7yF5WxDQN4xru087 FzQ4Hfj7eH1SNLLyKZkA1eecjmRoi/OoqAt7afSnwtQLtMUc2bQDg6rHt5C0e4dC LqP/9PGZTSJiwmtRHJ/N5qYWIh9ju83APvLm/AGBTR2pXmj9G3KdVOkpIC7L35dI 623cSEC3Q3UZutsEm/UplsM= -----END CERTIFICATE----- key-direction 1 # # 2048 bit OpenVPN static key # -----BEGIN OpenVPN Static key V1----- b02cb1d7c6fee5d4f89b8de72b51a8d0 c7b282631d6fc19be1df6ebae9e2779e 6d9f097058a31c97f57f0c35526a44ae 09a01d1284b50b954d9246725a1ead1f f224a102ed9ab3da0152a15525643b2e ee226c37041dc55539d475183b889a10 e18bb94f079a4a49888da566b9978346 0ece01daaf93548beea6c827d9674897 e7279ff1a19cb092659e8c1860fbad0d b4ad0ad5732f1af4655dbd66214e552f 04ed8fd0104e1d4bf99c249ac229ce16 9d9ba22068c6c0ab742424760911d463 6aafb4b85f0c952a9ce4275bc821391a a65fcd0d2394f006e3fba0fd34c4bc4a b260f4b45dec3285875589c97d3087c9 134d3a3aa2f904512e85aa2dc2202498 -----END OpenVPN Static key V1-----

2020-03-26 22:17:25,174 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2020-03-26 22:17:25,179 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2020-03-26 22:17:25,182 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2020-03-26 22:17:35,264 DEBG 'start-script' stdout output:
[debug] Show name servers defined for container

2020-03-26 22:17:35,265 DEBG 'start-script' stdout output:
nameserver 1.1.1.1
nameserver 1.0.0.1

2020-03-26 22:17:35,265 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint it-mil.prod.surfshark.com

2020-03-26 22:17:35,264 DEBG 'start-script' stdout output:
[debug] Show name servers defined for container

2020-03-26 22:17:35,265 DEBG 'start-script' stdout output:
nameserver 1.1.1.1
nameserver 1.0.0.1

2020-03-26 22:17:35,265 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint it-mil.prod.surfshark.com

2020-03-26 22:17:50,313 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 23334
;; flags: qr rd ra ; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; it-mil.prod.surfshark.com. IN A

;; ANSWER SECTION:
it-mil.prod.surfshark.com. 36 IN A 84.17.58.161
it-mil.prod.surfshark.com. 36 IN A 84.17.58.166
it-mil.prod.surfshark.com. 36 IN A 84.17.58.192
it-mil.prod.surfshark.com. 36 IN A 84.17.58.205
it-mil.prod.surfshark.com. 36 IN A 95.174.64.69
it-mil.prod.surfshark.com. 36 IN A 95.174.64.71
it-mil.prod.surfshark.com. 36 IN A 95.174.64.73
it-mil.prod.surfshark.com. 36 IN A 185.128.27.39
it-mil.prod.surfshark.com. 36 IN A 212.102.54.145
it-mil.prod.surfshark.com. 36 IN A 212.102.54.152
it-mil.prod.surfshark.com. 36 IN A 212.102.54.155
it-mil.prod.surfshark.com. 36 IN A 212.102.54.170
it-mil.prod.surfshark.com. 36 IN A 212.102.54.172
it-mil.prod.surfshark.com. 36 IN A 37.120.201.19
it-mil.prod.surfshark.com. 36 IN A 37.120.201.21
it-mil.prod.surfshark.com. 36 IN A 37.120.201.23
it-mil.prod.surfshark.com. 36 IN A 37.120.201.71
it-mil.prod.surfshark.com. 36 IN A 84.17.58.134
it-mil.prod.surfshark.com. 36 IN A 84.17.58.136
it-mil.prod.surfshark.com. 36 IN A 84.17.58.146
it-mil.prod.surfshark.com. 36 IN A 84.17.58.148
it-mil.prod.surfshark.com. 36 IN A 84.17.58.150
it-mil.prod.surfshark.com. 36 IN A 84.17.58.152
it-mil.prod.surfshark.com. 36 IN A 84.17.58.154
it-mil.prod.surfshark.com. 36 IN A 84.17.58.156

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 33 msec
;; SERVER: 1.0.0.1
;; WHEN: Thu Mar 26 22:17:50 2020
;; MSG SIZE rcvd: 443

2020-03-26 22:17:50,314 DEBG 'start-script' stdout output:
[debug] Show contents of hosts file

2020-03-26 22:17:50,314 DEBG 'start-script' stdout output:
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 4725141e0f72
37.120.201.71 it-mil.prod.surfshark.com

2020-03-26 22:17:50,320 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2020-03-26 22:17:50,323 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 172.17.0.2

2020-03-26 22:17:50,328 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.0.0

2020-03-26 22:17:50,337 DEBG 'start-script' stdout output:
[info] Docker network defined as 172.17.0.0/16

2020-03-26 22:17:50,340 DEBG 'start-script' stdout output:
[info] Adding 192.168.15.0/24 as route via docker eth0

2020-03-26 22:17:50,341 DEBG 'start-script' stdout output:
[info] ip route defined as follows...

2020-03-26 22:17:50,342 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.15.0/24 via 172.17.0.1 dev eth0

2020-03-26 22:17:50,343 DEBG 'start-script' stdout output:

[debug] Modules currently loaded for kernel

2020-03-26 22:17:50,344 DEBG 'start-script' stdout output:
Module Size Used by
iptable_mangle 16384 0
arc4 16384 0
ecb 16384 0
md4 16384 0
sha512_ssse3 45056 1
sha512_generic 16384 1 sha512_ssse3
cmac 16384 1
cifs 458752 2
ccm 20480 0
tun 36864 0
veth 20480 0
xt_nat 16384 8
ipt_MASQUERADE 16384 9
iptable_filter 16384 2
iptable_nat 16384 1
nf_nat_ipv4 16384 2 ipt_MASQUERADE,iptable_nat
nf_nat 24576 2 nf_nat_ipv4,xt_nat
ip_tables 24576 5 iptable_filter,iptable_nat,iptable_mangle
xfs 663552 3
md_mod 49152 3
bonding 110592 0
edac_mce_amd 28672 0
ccp 69632 0
kvm 380928 0
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 0
ghash_clmulni_intel 16384 0
pcbc 16384 0
aesni_intel 200704 1
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
r8169 69632 0
cryptd 20480 3 crypto_simd,ghash_clmulni_intel,aesni_intel
i2c_piix4 24576 0
i2c_core 40960 1 i2c_piix4
ahci 40960 5
wmi_bmof 16384 0
k10temp 16384 0
libahci 28672 1 ahci
glue_helper 16384 1 aesni_intel
realtek 20480 0
pcc_cpufreq 16384 0
acpi_cpufreq 16384 0
video 40960 0
button 16384 0
backlight 16384 1 video
wmi 20480 1 wmi_bmof

2020-03-26 22:17:50,349 DEBG 'start-script' stdout output:
iptable_mangle 16384 0
ip_tables 24576 5 iptable_filter,iptable_nat,iptable_mangle

2020-03-26 22:17:50,349 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2020-03-26 22:17:50,392 DEBG 'start-script' stdout output:
[info] iptables defined as follows...

2020-03-26 22:17:50,394 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -s 192.168.15.0/24 -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -s 192.168.15.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -d 192.168.15.0/24 -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 192.168.15.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

2020-03-26 22:17:50,395 DEBG 'start-script' stdout output:

2020-03-26 22:17:50,397 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_ENABLED 'yes' --setenv VPN_REMOTE 'it-mil.prod.surfshark.com' --setenv APPLICATION 'qbittorrent' --script-security 2 --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --up /root/openvpnup.sh --up-delay --up-restart --remote 37.120.201.71 1194 udp --remote 84.17.58.134 1194 udp --remote 84.17.58.136 1194 udp --remote 84.17.58.146 1194 udp --remote 84.17.58.148 1194 udp --remote 84.17.58.150 1194 udp --remote 84.17.58.152 1194 udp --remote 84.17.58.154 1194 udp --remote 84.17.58.156 1194 udp --remote 84.17.58.161 1194 udp --remote 84.17.58.166 1194 udp --remote 84.17.58.192 1194 udp --remote 84.17.58.205 1194 udp --remote 95.174.64.69 1194 udp --remote 95.174.64.71 1194 udp --remote 95.174.64.73 1194 udp --remote 185.128.27.39 1194 udp --remote 212.102.54.145 1194 udp --remote 212.102.54.152 1194 udp --remote 212.102.54.155 1194 udp --remote 212.102.54.170 1194 udp --remote 212.102.54.172 1194 udp --remote 37.120.201.19 1194 udp --remote 37.120.201.21 1194 udp --remote 37.120.201.23 1194 udp --remote-random --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn'
[info] Starting OpenVPN...

2020-03-26 22:17:50,404 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 WARNING: file 'credentials.conf' is group or others accessible

Thu Mar 26 22:17:50 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020
Thu Mar 26 22:17:50 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10

2020-03-26 22:17:50,405 DEBG 'start-script' stdout output:
[info] OpenVPN started

2020-03-26 22:17:50,405 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Thu Mar 26 22:17:50 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-03-26 22:17:50,407 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 26 22:17:50 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2020-03-26 22:17:50,407 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.58.152:1194
Thu Mar 26 22:17:50 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Mar 26 22:17:50 2020 UDP link local: (not bound)
Thu Mar 26 22:17:50 2020 UDP link remote: [AF_INET]84.17.58.152:1194

2020-03-26 22:17:50,458 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 TLS: Initial packet from [AF_INET]84.17.58.152:1194, sid=bd9cd62b 75ab1685

2020-03-26 22:17:50,313 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 23334
;; flags: qr rd ra ; QUERY: 1, ANSWER: 25, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; it-mil.prod.surfshark.com. IN A

;; ANSWER SECTION:
it-mil.prod.surfshark.com. 36 IN A 84.17.58.161
it-mil.prod.surfshark.com. 36 IN A 84.17.58.166
it-mil.prod.surfshark.com. 36 IN A 84.17.58.192
it-mil.prod.surfshark.com. 36 IN A 84.17.58.205
it-mil.prod.surfshark.com. 36 IN A 95.174.64.69
it-mil.prod.surfshark.com. 36 IN A 95.174.64.71
it-mil.prod.surfshark.com. 36 IN A 95.174.64.73
it-mil.prod.surfshark.com. 36 IN A 185.128.27.39
it-mil.prod.surfshark.com. 36 IN A 212.102.54.145
it-mil.prod.surfshark.com. 36 IN A 212.102.54.152
it-mil.prod.surfshark.com. 36 IN A 212.102.54.155
it-mil.prod.surfshark.com. 36 IN A 212.102.54.170
it-mil.prod.surfshark.com. 36 IN A 212.102.54.172
it-mil.prod.surfshark.com. 36 IN A 37.120.201.19
it-mil.prod.surfshark.com. 36 IN A 37.120.201.21
it-mil.prod.surfshark.com. 36 IN A 37.120.201.23
it-mil.prod.surfshark.com. 36 IN A 37.120.201.71
it-mil.prod.surfshark.com. 36 IN A 84.17.58.134
it-mil.prod.surfshark.com. 36 IN A 84.17.58.136
it-mil.prod.surfshark.com. 36 IN A 84.17.58.146
it-mil.prod.surfshark.com. 36 IN A 84.17.58.148
it-mil.prod.surfshark.com. 36 IN A 84.17.58.150
it-mil.prod.surfshark.com. 36 IN A 84.17.58.152
it-mil.prod.surfshark.com. 36 IN A 84.17.58.154
it-mil.prod.surfshark.com. 36 IN A 84.17.58.156

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 33 msec
;; SERVER: 1.0.0.1
;; WHEN: Thu Mar 26 22:17:50 2020
;; MSG SIZE rcvd: 443

2020-03-26 22:17:50,314 DEBG 'start-script' stdout output:
[debug] Show contents of hosts file

2020-03-26 22:17:50,314 DEBG 'start-script' stdout output:
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2 4725141e0f72
37.120.201.71 it-mil.prod.surfshark.com

2020-03-26 22:17:50,320 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2020-03-26 22:17:50,323 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 172.17.0.2

2020-03-26 22:17:50,328 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.0.0

2020-03-26 22:17:50,337 DEBG 'start-script' stdout output:
[info] Docker network defined as 172.17.0.0/16

2020-03-26 22:17:50,340 DEBG 'start-script' stdout output:
[info] Adding 192.168.15.0/24 as route via docker eth0

2020-03-26 22:17:50,341 DEBG 'start-script' stdout output:
[info] ip route defined as follows...

2020-03-26 22:17:50,342 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.15.0/24 via 172.17.0.1 dev eth0

2020-03-26 22:17:50,343 DEBG 'start-script' stdout output:

[debug] Modules currently loaded for kernel

2020-03-26 22:17:50,344 DEBG 'start-script' stdout output:
Module Size Used by
iptable_mangle 16384 0
arc4 16384 0
ecb 16384 0
md4 16384 0
sha512_ssse3 45056 1
sha512_generic 16384 1 sha512_ssse3
cmac 16384 1
cifs 458752 2
ccm 20480 0
tun 36864 0
veth 20480 0
xt_nat 16384 8
ipt_MASQUERADE 16384 9
iptable_filter 16384 2
iptable_nat 16384 1
nf_nat_ipv4 16384 2 ipt_MASQUERADE,iptable_nat
nf_nat 24576 2 nf_nat_ipv4,xt_nat
ip_tables 24576 5 iptable_filter,iptable_nat,iptable_mangle
xfs 663552 3
md_mod 49152 3
bonding 110592 0
edac_mce_amd 28672 0
ccp 69632 0
kvm 380928 0
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 0
ghash_clmulni_intel 16384 0
pcbc 16384 0
aesni_intel 200704 1
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
r8169 69632 0
cryptd 20480 3 crypto_simd,ghash_clmulni_intel,aesni_intel
i2c_piix4 24576 0
i2c_core 40960 1 i2c_piix4
ahci 40960 5
wmi_bmof 16384 0
k10temp 16384 0
libahci 28672 1 ahci
glue_helper 16384 1 aesni_intel
realtek 20480 0
pcc_cpufreq 16384 0
acpi_cpufreq 16384 0
video 40960 0
button 16384 0
backlight 16384 1 video
wmi 20480 1 wmi_bmof

2020-03-26 22:17:50,349 DEBG 'start-script' stdout output:
iptable_mangle 16384 0
ip_tables 24576 5 iptable_filter,iptable_nat,iptable_mangle

2020-03-26 22:17:50,349 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2020-03-26 22:17:50,392 DEBG 'start-script' stdout output:
[info] iptables defined as follows...

2020-03-26 22:17:50,394 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -s 192.168.15.0/24 -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -s 192.168.15.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -d 192.168.15.0/24 -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 192.168.15.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

2020-03-26 22:17:50,395 DEBG 'start-script' stdout output:

2020-03-26 22:17:50,397 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_ENABLED 'yes' --setenv VPN_REMOTE 'it-mil.prod.surfshark.com' --setenv APPLICATION 'qbittorrent' --script-security 2 --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --up /root/openvpnup.sh --up-delay --up-restart --remote 37.120.201.71 1194 udp --remote 84.17.58.134 1194 udp --remote 84.17.58.136 1194 udp --remote 84.17.58.146 1194 udp --remote 84.17.58.148 1194 udp --remote 84.17.58.150 1194 udp --remote 84.17.58.152 1194 udp --remote 84.17.58.154 1194 udp --remote 84.17.58.156 1194 udp --remote 84.17.58.161 1194 udp --remote 84.17.58.166 1194 udp --remote 84.17.58.192 1194 udp --remote 84.17.58.205 1194 udp --remote 95.174.64.69 1194 udp --remote 95.174.64.71 1194 udp --remote 95.174.64.73 1194 udp --remote 185.128.27.39 1194 udp --remote 212.102.54.145 1194 udp --remote 212.102.54.152 1194 udp --remote 212.102.54.155 1194 udp --remote 212.102.54.170 1194 udp --remote 212.102.54.172 1194 udp --remote 37.120.201.19 1194 udp --remote 37.120.201.21 1194 udp --remote 37.120.201.23 1194 udp --remote-random --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/it-mil.prod.surfshark.comsurfshark_openvpn_udp.ovpn'
[info] Starting OpenVPN...

2020-03-26 22:17:50,404 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 WARNING: file 'credentials.conf' is group or others accessible

Thu Mar 26 22:17:50 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020
Thu Mar 26 22:17:50 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10

2020-03-26 22:17:50,405 DEBG 'start-script' stdout output:
[info] OpenVPN started

2020-03-26 22:17:50,405 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Thu Mar 26 22:17:50 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-03-26 22:17:50,407 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Thu Mar 26 22:17:50 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

2020-03-26 22:17:50,407 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.58.152:1194
Thu Mar 26 22:17:50 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Mar 26 22:17:50 2020 UDP link local: (not bound)
Thu Mar 26 22:17:50 2020 UDP link remote: [AF_INET]84.17.58.152:1194

2020-03-26 22:17:50,458 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:50 2020 TLS: Initial packet from [AF_INET]84.17.58.152:1194, sid=bd9cd62b 75ab1685

2020-03-26 22:17:52,045 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:52 2020 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA

2020-03-26 22:17:52,046 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:52 2020 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA

2020-03-26 22:17:52,046 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:52 2020 VERIFY KU OK
Thu Mar 26 22:17:52 2020 Validating certificate extended key usage
Thu Mar 26 22:17:52 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2020-03-26 22:17:52,047 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:52 2020 VERIFY EKU OK
Thu Mar 26 22:17:52 2020 VERIFY OK: depth=0, CN=it-mil-v027.prod.surfshark.com

2020-03-26 22:17:52,268 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:52 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'

Thu Mar 26 22:17:52 2020 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher AES-256-GCM'

Thu Mar 26 22:17:52 2020 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'

2020-03-26 22:17:52,268 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:52 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Thu Mar 26 22:17:52 2020 [it-mil-v027.prod.surfshark.com] Peer Connection Initiated with [AF_INET]84.17.58.152:1194

2020-03-26 22:17:53,398 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 SENT CONTROL [it-mil-v027.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)

2020-03-26 22:17:53,463 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.7 255.255.255.0,peer-id 0,cipher AES-256-GCM'

2020-03-26 22:17:53,463 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.4.8)

Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: timers and/or timeouts modified
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: explicit notify parm(s) modified
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
Thu Mar 26 22:17:53 2020 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: --ifconfig/up options modified
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: route options modified
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: route-related options modified
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: peer-id set
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: adjusting link_mtu to 1656
Thu Mar 26 22:17:53 2020 OPTIONS IMPORT: data channel crypto options modified
Thu Mar 26 22:17:53 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Mar 26 22:17:53 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Mar 26 22:17:53 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Mar 26 22:17:53 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02

2020-03-26 22:17:53,464 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 TUN/TAP device tun0 opened

2020-03-26 22:17:53,464 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 TUN/TAP TX queue length set to 100
Thu Mar 26 22:17:53 2020 /usr/bin/ip link set dev tun0 up mtu 1500

2020-03-26 22:17:53,465 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 /usr/bin/ip addr add dev tun0 10.8.8.7/24 broadcast 10.8.8.255

2020-03-26 22:17:53,467 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 /root/openvpnup.sh tun0 1500 1584 10.8.8.7 255.255.255.0 init

2020-03-26 22:17:53,469 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 /usr/bin/ip route add 84.17.58.152/32 via 172.17.0.1

2020-03-26 22:17:53,471 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 /usr/bin/ip route add 0.0.0.0/1 via 10.8.8.1

2020-03-26 22:17:53,471 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2020-03-26 22:17:53,472 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 /usr/bin/ip route add 128.0.0.0/1 via 10.8.8.1

2020-03-26 22:17:53,474 DEBG 'start-script' stdout output:
Thu Mar 26 22:17:53 2020 Initialization Sequence Completed

2020-03-26 22:17:53,589 DEBG 'start-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.8.8.7'

2020-03-26 22:17:53,589 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment

2020-03-26 22:17:53,589 DEBG 'start-script' stdout output:
[info] Checking we can resolve name 'www.google.com' to address...

2020-03-26 22:17:53,630 DEBG 'start-script' stdout output:
[info] DNS operational, we can resolve name 'www.google.com' to address '172.217.21.68'

2020-03-26 22:17:53,632 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using Name Server 'ns1.google.com'...

2020-03-26 22:17:53,776 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 84.17.58.153

2020-03-26 22:17:53,777 DEBG 'watchdog-script' stdout output:
[debug] Waiting for iptables chain policies to be in place...

2020-03-26 22:17:53,787 DEBG 'watchdog-script' stdout output:
[debug] iptables chain policies are in place
[info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.8.8.7 different, marking for reconfigure

2020-03-26 22:17:53,791 DEBG 'watchdog-script' stdout output:
[info] qBittorrent not running

2020-03-26 22:17:53,795 DEBG 'watchdog-script' stdout output:
[info] Privoxy not running

2020-03-26 22:17:53,796 DEBG 'watchdog-script' stdout output:
[info] Removing session lock file (if it exists)...

2020-03-26 22:17:53,797 DEBG 'watchdog-script' stdout output:
[info] Attempting to start qBittorrent...

2020-03-26 22:17:53,815 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 8080...

2020-03-26 22:17:53,927 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process listening on port 8080

2020-03-26 22:17:53,933 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Privoxy...

2020-03-26 22:17:54,941 DEBG 'watchdog-script' stdout output:
[info] Privoxy process started
[info] Waiting for Privoxy process to start listening on port 8118...

2020-03-26 22:17:54,947 DEBG 'watchdog-script' stdout output:
[info] Privoxy process listening on port 8118

2020-03-26 22:17:54,947 DEBG 'watchdog-script' stdout output:
[debug] VPN IP is 10.8.8.7
[debug] qBittorrent IP is 10.8.8.7

2020-03-26 22:18:24,959 DEBG 'watchdog-script' stdout output:
[debug] Waiting for iptables chain policies to be in place...

2020-03-26 22:18:24,968 DEBG 'watchdog-script' stdout output:
[debug] iptables chain policies are in place

2020-03-26 22:18:24,976 DEBG 'watchdog-script' stdout output:
[debug] VPN IP is 10.8.8.7
[debug] qBittorrent IP is 10.8.8.7
`

I'm a noob so I don't how to astart the troubleshooting.My knowledge bring me to iptables issues, it's possible?
Thanks in advance for your help.

Gianmarco

Cant access webinterface when restarting docker container

When I restart qbittorrentvpn with docker-compose I cant access the webinterface.
It seems that it having problem with this command:
/root/getdns.sh "www.google.com"
and I must reboot my server to get it to work again or restart docker service.
I'm using TigerVPN as service provider.

Issues with tun device

I am migrating from LSIO's qBittorrent Docker container as I find the utility of OpenVPN, qBittorrent, and Privoxy all in one container to be useful, but in running this container I always get hung up on this error:

2019-02-27 12:38:57,649 DEBG 'start-script' stdout output:
Wed Feb 27 12:38:57 2019 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Wed Feb 27 12:38:57 2019 Exiting due to fatal error

OpenVPN is installed on the host (which is Arch Linux) and my docker run command is listed (it's a bit messy as I am simply testing before I migrate everything) here:
docker run --detach --privileged=true --name=qBittorrent-Test -p 6000:6000 -p 6001:8118 -p 6002:6881 -p 6002:6881/udp -v /mnt/Media/Sandbox/qBittorrent-Test/Torrents:/downloads -v /mnt/Media/Sandbox/qBittorrent-Test/Data:/config -v /etc/localtime:/etc/localtime:ro -e VPN_ENABLED=yes -e VPN_USER=lolno -e VPN_PASS=lolno -e VPN_PROV=pia -e STRICT_PORT_FORWARD=yes -e ENABLE_PRIVOXY=yes -e LAN_NETWORK=192.168.1.0/24 -e NAME_SERVERS=209.222.18.222,37.235.1.174,1.1.1.1,8.8.8.8,209.222.18.218,37.235.1.177,1.0.0.1,8.8.4.4 -e DEBUG=false -e WEBUI_PORT=6000 -e UMASK=755 -e PGID=993 -e PUID=1000 binhex/arch-qbittorrentvpn

qbittorrent stops downloading after a few hours, have to reboot

Host: Windows 10
App: Docker Desktop

having a weird issue, i can fire up the client and it will work for a few hours, then after a while it will just seize up ? is there a known workaround for this ? i did a curl from command line (while it was seized) to ipinfo.io and i was still traversing the VPN tunnel, thinking of adding a cronjob to reboot it every hour as a workaround

here is my config:
docker run -d --cap-add=NET_ADMIN -e STRICT_PORT_FORWARD=no -p 6881:6881 -p 6881:6881/udp -p 8080:8080 -p 8118:8118 --name=qbittorrentvpn -v z:/downloadclient-downloads:/downloads -v z:/docker/qbittorrentvpn:/config -e VPN_ENABLED=yes -e VPN_USER=USER -e VPN_PASS=REDACTED -e VPN_PROV=pia -e LAN_NETWORK=192.168.0.0/24 -e NAME_SERVERS=1.1.1.1 -e WEBUI_PORT=8080 binhex/arch-qbittorrentvpn

2020-09-10 19:43:24,615 DEBG 'start-script' stdout output:

Thu Sep 10 19:43:24 2020 /usr/bin/ip addr add dev tun0 local 10.82.21.6 peer 10.82.21.5


2020-09-10 19:43:24,617 DEBG 'start-script' stdout output:

Thu Sep 10 19:43:24 2020 /root/openvpnup.sh tun0 1500 1558 10.82.21.6 10.82.21.5 init


2020-09-10 19:43:24,637 DEBG 'start-script' stdout output:

Thu Sep 10 19:43:24 2020 Initialization Sequence Completed


2020-09-10 19:43:24,770 DEBG 'start-script' stdout output:

[info] Port forwarding is not enabled


2020-09-10 19:43:24,835 DEBG 'start-script' stdout output:

[info] Attempting to get external IP using Name Server 'ns1.google.com'...


2020-09-10 19:43:25,054 DEBG 'start-script' stdout output:

[info] Successfully retrieved external IP address 172.98.92.66


2020-09-10 19:43:26,148 DEBG 'watchdog-script' stdout output:

[info] qBittorrent listening interface IP 10.50.14.6 and VPN provider IP 10.82.21.6 different, marking for reconfigure


2020-09-10 20:35:02,646 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:02 2020 [279a15c38549fccf4ae3401af3cb689b] Inactivity timeout (--ping-restart), restarting


2020-09-10 20:35:02,729 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:02 2020 /usr/bin/ip addr del dev tun0 local 10.82.21.6 peer 10.82.21.5

Thu Sep 10 20:35:02 2020 SIGHUP[soft,ping-restart] received, process restarting


2020-09-10 20:35:04,287 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:04 2020 WARNING: file 'credentials.conf' is group or others accessible

Thu Sep 10 20:35:04 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020


2020-09-10 20:35:04,294 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:04 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10


2020-09-10 20:35:09,289 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:09 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts


2020-09-10 20:35:09,290 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:09 2020 CRL: loaded 1 CRLs from file [[INLINE]]

Thu Sep 10 20:35:09 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]66.115.145.199:1198

Thu Sep 10 20:35:09 2020 UDP link local: (not bound)

Thu Sep 10 20:35:09 2020 UDP link remote: [AF_INET]66.115.145.199:1198


2020-09-10 20:35:09,557 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:09 2020 [09c12d7958f300c0b0b436daa775ab36] Peer Connection Initiated with [AF_INET]66.115.145.199:1198


2020-09-10 20:35:10,733 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:10 2020 AUTH: Received control message: AUTH_FAILED


2020-09-10 20:35:10,734 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:10 2020 SIGHUP[soft,auth-failure (auth-token)] received, process restarting


2020-09-10 20:35:10,735 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:10 2020 WARNING: file 'credentials.conf' is group or others accessible


2020-09-10 20:35:10,737 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:10 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020

Thu Sep 10 20:35:10 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10


2020-09-10 20:35:15,739 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:15 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts


2020-09-10 20:35:15,740 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:15 2020 CRL: loaded 1 CRLs from file [[INLINE]]

Thu Sep 10 20:35:15 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.92.130:1198

Thu Sep 10 20:35:15 2020 UDP link local: (not bound)

Thu Sep 10 20:35:15 2020 UDP link remote: [AF_INET]172.98.92.130:1198


2020-09-10 20:35:16,054 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:16 2020 [9c9a00b7f859d558c2ff27ec98f1717a] Peer Connection Initiated with [AF_INET]172.98.92.130:1198


2020-09-10 20:35:17,235 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:17 2020 TUN/TAP device tun0 opened


2020-09-10 20:35:17,236 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:17 2020 /usr/bin/ip link set dev tun0 up mtu 1500


2020-09-10 20:35:17,238 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:17 2020 /usr/bin/ip addr add dev tun0 local 10.33.22.6 peer 10.33.22.5


2020-09-10 20:35:17,241 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:17 2020 /root/openvpnup.sh tun0 1500 1558 10.33.22.6 10.33.22.5 init


2020-09-10 20:35:17,255 DEBG 'start-script' stdout output:

Thu Sep 10 20:35:17 2020 Initialization Sequence Completed


2020-09-10 20:35:17,377 DEBG 'start-script' stdout output:

[info] Port forwarding is not enabled


2020-09-10 20:35:17,449 DEBG 'start-script' stdout output:

[info] Attempting to get external IP using Name Server 'ns1.google.com'...


2020-09-10 20:35:17,672 DEBG 'start-script' stdout output:

[info] Successfully retrieved external IP address 172.98.92.130


2020-09-10 20:35:26,415 DEBG 'watchdog-script' stdout output:

[info] qBittorrent listening interface IP 10.82.21.6 and VPN provider IP 10.33.22.6 different, marking for reconfigure


2020-09-11 09:42:44,599 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:44 2020 [9c9a00b7f859d558c2ff27ec98f1717a] Inactivity timeout (--ping-restart), restarting


2020-09-11 09:42:44,694 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:44 2020 /usr/bin/ip addr del dev tun0 local 10.33.22.6 peer 10.33.22.5

Fri Sep 11 09:42:44 2020 SIGHUP[soft,ping-restart] received, process restarting


2020-09-11 09:42:44,863 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:44 2020 WARNING: file 'credentials.conf' is group or others accessible

Fri Sep 11 09:42:44 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020


2020-09-11 09:42:44,931 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:44 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10


2020-09-11 09:42:49,892 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:49 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts


2020-09-11 09:42:49,896 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:49 2020 CRL: loaded 1 CRLs from file [[INLINE]]

Fri Sep 11 09:42:49 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]66.115.145.199:1198

Fri Sep 11 09:42:49 2020 UDP link local: (not bound)

Fri Sep 11 09:42:49 2020 UDP link remote: [AF_INET]66.115.145.199:1198


2020-09-11 09:42:50,426 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:50 2020 [09c12d7958f300c0b0b436daa775ab36] Peer Connection Initiated with [AF_INET]66.115.145.199:1198


2020-09-11 09:42:51,774 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:51 2020 AUTH: Received control message: AUTH_FAILED


2020-09-11 09:42:51,789 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:51 2020 SIGHUP[soft,auth-failure (auth-token)] received, process restarting


2020-09-11 09:42:51,805 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:51 2020 WARNING: file 'credentials.conf' is group or others accessible

Fri Sep 11 09:42:51 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020

Fri Sep 11 09:42:51 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10


2020-09-11 09:42:56,840 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:56 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

Fri Sep 11 09:42:56 2020 CRL: loaded 1 CRLs from file [[INLINE]]


2020-09-11 09:42:57,114 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:57 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]66.115.142.130:1198

Fri Sep 11 09:42:57 2020 UDP link local: (not bound)

Fri Sep 11 09:42:57 2020 UDP link remote: [AF_INET]66.115.142.130:1198


2020-09-11 09:42:57,428 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:57 2020 [d89ffa48afec2e0f65e0f874588fca61] Peer Connection Initiated with [AF_INET]66.115.142.130:1198


2020-09-11 09:42:58,536 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:58 2020 TUN/TAP device tun0 opened


2020-09-11 09:42:58,537 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:58 2020 /usr/bin/ip link set dev tun0 up mtu 1500


2020-09-11 09:42:58,542 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:58 2020 /usr/bin/ip addr add dev tun0 local 10.53.12.10 peer 10.53.12.9


2020-09-11 09:42:58,545 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:58 2020 /root/openvpnup.sh tun0 1500 1558 10.53.12.10 10.53.12.9 init


2020-09-11 09:42:58,592 DEBG 'start-script' stdout output:

Fri Sep 11 09:42:58 2020 Initialization Sequence Completed


2020-09-11 09:42:58,704 DEBG 'start-script' stdout output:

[info] Port forwarding is not enabled


2020-09-11 09:42:58,821 DEBG 'start-script' stdout output:

[info] Attempting to get external IP using Name Server 'ns1.google.com'...


2020-09-11 09:42:59,084 DEBG 'start-script' stdout output:

[info] Successfully retrieved external IP address 66.115.142.130


2020-09-11 09:43:32,091 DEBG 'watchdog-script' stdout output:

[info] qBittorrent listening interface IP 10.33.22.6 and VPN provider IP 10.53.12.10 different, marking for reconfigure


2020-09-11 11:18:41,385 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:41 2020 [d89ffa48afec2e0f65e0f874588fca61] Inactivity timeout (--ping-restart), restarting


2020-09-11 11:18:41,447 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:41 2020 /usr/bin/ip addr del dev tun0 local 10.53.12.10 peer 10.53.12.9

Fri Sep 11 11:18:41 2020 SIGHUP[soft,ping-restart] received, process restarting


2020-09-11 11:18:43,651 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:43 2020 WARNING: file 'credentials.conf' is group or others accessible

Fri Sep 11 11:18:43 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020

Fri Sep 11 11:18:43 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10


2020-09-11 11:18:48,651 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:48 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts


2020-09-11 11:18:48,653 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:48 2020 CRL: loaded 1 CRLs from file [[INLINE]]

Fri Sep 11 11:18:48 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]66.115.142.130:1198

Fri Sep 11 11:18:48 2020 UDP link local: (not bound)

Fri Sep 11 11:18:48 2020 UDP link remote: [AF_INET]66.115.142.130:1198


2020-09-11 11:18:48,930 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:48 2020 [d89ffa48afec2e0f65e0f874588fca61] Peer Connection Initiated with [AF_INET]66.115.142.130:1198


2020-09-11 11:18:50,220 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:50 2020 AUTH: Received control message: AUTH_FAILED


2020-09-11 11:18:50,221 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:50 2020 SIGHUP[soft,auth-failure (auth-token)] received, process restarting


2020-09-11 11:18:50,223 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:50 2020 WARNING: file 'credentials.conf' is group or others accessible

Fri Sep 11 11:18:50 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020

Fri Sep 11 11:18:50 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10


2020-09-11 11:18:55,223 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:55 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts


2020-09-11 11:18:55,225 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:55 2020 CRL: loaded 1 CRLs from file [[INLINE]]

Fri Sep 11 11:18:55 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.92.130:1198

Fri Sep 11 11:18:55 2020 UDP link local: (not bound)

Fri Sep 11 11:18:55 2020 UDP link remote: [AF_INET]172.98.92.130:1198


2020-09-11 11:18:55,505 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:55 2020 [9c9a00b7f859d558c2ff27ec98f1717a] Peer Connection Initiated with [AF_INET]172.98.92.130:1198


2020-09-11 11:18:56,651 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:56 2020 TUN/TAP device tun0 opened


2020-09-11 11:18:56,653 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:56 2020 /usr/bin/ip link set dev tun0 up mtu 1500

Fri Sep 11 11:18:56 2020 /usr/bin/ip addr add dev tun0 local 10.42.14.6 peer 10.42.14.5


2020-09-11 11:18:56,658 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:56 2020 /root/openvpnup.sh tun0 1500 1558 10.42.14.6 10.42.14.5 init


2020-09-11 11:18:56,670 DEBG 'start-script' stdout output:

Fri Sep 11 11:18:56 2020 Initialization Sequence Completed


2020-09-11 11:18:56,788 DEBG 'start-script' stdout output:

[info] Port forwarding is not enabled


2020-09-11 11:18:56,860 DEBG 'start-script' stdout output:

[info] Attempting to get external IP using Name Server 'ns1.google.com'...


2020-09-11 11:18:57,146 DEBG 'start-script' stdout output:

[info] Successfully retrieved external IP address 172.98.92.130


2020-09-11 11:19:00,352 DEBG 'watchdog-script' stdout output:

[info] qBittorrent listening interface IP 10.53.12.10 and VPN provider IP 10.42.14.6 different, marking for reconfigure

curl failure for https://serverlist.piaservers.net/vpninfo/servers/v4

The Container fails to start with error.
"PIA VPN server info JSON cannot be downloaded from URL 'https://serverlist.piaservers.net/vpninfo/servers/v4' exit code from curl is '0'"

This looks to have just happened today sometime as I know it was connected and torrenting last night.
Latest pull from the docker hub.

Log with debug on.
2020-10-11 13:13:06.633926 [info] Permissions already set for volume mappings 2020-10-11 13:13:06.672621 [info] Deleting files in /tmp (non recursive)... 2020-10-11 13:13:06.713619 [info] VPN_ENABLED defined as 'yes' 2020-10-11 13:13:06.747786 [info] VPN_CLIENT defined as 'openvpn' 2020-10-11 13:13:06.782836 [info] VPN_PROV defined as 'pia' 2020-10-11 13:15:07.916591 [crit] PIA VPN server info JSON cannot be downloaded from URL 'https://serverlist.piaservers.net/vpninfo/servers/v4' exit code from curl is '0', exiting...

I can hit the page from local browser.
image

nslookup & ping from within the container function fine.
image
image

Curl from within the container
image

and same from outside.
image

container keeps restarting behind edge router

I installed a new edgerouter 4 and now the container keeps restarting after a few seconds of being connected

 2020-06-07T02:49:58.871312324Z 2020-06-06 22:49:58,871 DEBG 'watchdog-script' stdout output:
 2020-06-07T02:49:58.871338914Z [debug] VPN incoming port is 27549
 2020-06-07T02:49:58.871346421Z [debug] qBittorrent incoming port is 27549
 2020-06-07T02:49:58.871364080Z [debug] VPN IP is 10.49.11.6
 2020-06-07T02:49:58.871369380Z [debug] qBittorrent IP is 10.49.11.6
 2020-06-07T02:49:58.871373828Z 
 2020-06-07T02:50:28.900622542Z 2020-06-06 22:50:28,900 DEBG 'watchdog-script' stdout output:
 2020-06-07T02:50:28.900679931Z [debug] Waiting for iptables chain policies to be in place...
 2020-06-07T02:50:28.900697335Z 
 2020-06-07T02:50:28.928054212Z 2020-06-06 22:50:28,927 DEBG 'watchdog-script' stdout output:
 2020-06-07T02:50:28.928098296Z [debug] iptables chain policies are in place
 2020-06-07T02:50:28.928110191Z 
 2020-06-07T02:50:28.945727449Z 2020-06-06 22:50:28,945 DEBG 'watchdog-script' stdout output:
 2020-06-07T02:50:28.945748806Z [debug] VPN incoming port is 27549
 2020-06-07T02:50:28.945753869Z [debug] qBittorrent incoming port is 27549
 2020-06-07T02:50:28.945758130Z [debug] VPN IP is 10.49.11.6
 2020-06-07T02:50:28.945761848Z [debug] qBittorrent IP is 10.49.11.6

Here is my config:

seedbox:
    image: binhex/arch-qbittorrentvpn:latest
    env_file: env/seedbox.env
    restart: always
    privileged: true
    ports:
      - 6881:6881
      - 6881:6881/udp
      - 8118:8118
      - 8087:8087
    volumes:
      - /home/user/docker/volumes/seedbox:/config
      - /media/user/plex:/data
    devices:
      - /dev/net/tun
    cap_add:
      - net_admin

TZ=America/New_York

PUID=1000
PGID=1000

VPN_ENABLED=yes
VPN_USER=xxxx
VPN_PASS=xxxx
VPN_PROV=pia

STRICT_PORT_FORWARD=yes
ENABLE_PRIVOXY=yes

LAN_NETWORK=192.168.1.0/24
NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 

DEBUG=true
WEBUI_PORT=8087

Running in Swarm?

Is there any way to run this in a Docker Swarm?

Privileged mode is not available in swarm, so it doesn't work out of the box

stuck on ' Setting permissions recursively on volume mapping'

used the sample pia docker command with my own credentials and I just get stuck on that one line.

qbittorrentvpn    | Created by...
qbittorrentvpn    | ___.   .__       .__                   
qbittorrentvpn    | \_ |__ |__| ____ |  |__   ____ ___  ___
qbittorrentvpn    |  | __ \|  |/    \|  |  \_/ __ \\  \/  /
qbittorrentvpn    |  | \_\ \  |   |  \   Y  \  ___/ >    < 
qbittorrentvpn    |  |___  /__|___|  /___|  /\___  >__/\_ \
qbittorrentvpn    |      \/        \/     \/     \/      \/
qbittorrentvpn    |    https://hub.docker.com/u/binhex/
qbittorrentvpn    | 
qbittorrentvpn    | 2020-03-05 11:04:42.236270 [info] System information Linux 3d1324c155de 5.3.0-28-generic #30~18.04.1-Ubuntu SMP Fri Jan 17 06:14:09 UTC 2020 x86_64 GNU/Linux
qbittorrentvpn    | 2020-03-05 11:04:42.255791 [info] PUID defined as '0'
qbittorrentvpn    | 2020-03-05 11:04:42.286292 [info] PGID defined as '0'
qbittorrentvpn    | 2020-03-05 11:04:42.315118 [info] UMASK defined as '000'
qbittorrentvpn    | 2020-03-05 11:04:42.333384 [info] Setting permissions recursively on volume mappings...

ARM support

I would love for this docker image to work on my Raspberry Pi, tried to build it myself but it seems really tied to ArchLinux of which I can't find an ISO. You know how to make it compatible with ARM?

Can't download with VPN activate

Hello, first thanks to binhex for this work,

So, my is issue is: I can't download a file with Qbittorrent, I add and all is good but look like my Qbittorrent don't have connection..., but I have access to Qbittorrent.

Some details:

  • I use NordVPN so, with my own knowledge, don't have IP forwarding
    Who I run my docker:
    sudo docker run -d \ --privileged=true \ -p 6881:6881 \ -p 6881:6881/udp \ -p 8080:8080 \ -v /home/next/conf_docker/data:/data \ -v /home/next/conf_docker/config:/config \ -v /etc/localtime:/etc/localtime:ro \ -e VPN_ENABLED=yes \ -e VPN_PROV=custom \ -e STRICT_PORT_FORWARD=no \ -e ENABLE_PRIVOXY=no \ -e LAN_NETWORK=192.168.1.0/24 \ -e NAME_SERVERS=1.1.1.1,1.0.0.1 \ -e DEBUG=true \ -e WEBUI_PORT=8080 \ -e UMASK=002 \ -e PUID=33 \ -e PGID=33 \ binhex/arch-qbittorrentvpn
    I read the log, but don't see any error
    Is the first time I run this container, I read the doc but maybe I misunderstand some part
    NOTE: without VPN it's works perfectly

Thanks in advance

DNS Issues while trying to use PIA

I tried to use a dns name for vpn config (remote ca-toronto.privateinternetaccess.com 1198) and i wasn't able to resolve anything on the container. But whenever i use an IP Address everything works perfectly.

Error:

Created by...,
___.   .__       .__                   ,
\_ |__ |__| ____ |  |__   ____ ___  ___,
 | __ \|  |/    \|  |  \_/ __ \\  \/  /,
 | \_\ \  |   |  \   Y  \  ___/ >    < ,
 |___  /__|___|  /___|  /\___  >__/\_ \,
     \/        \/     \/     \/      \/,
   https://hub.docker.com/u/binhex/,
,
2019-10-25 03:47:37.027043 [info] System information Linux 913a9346ba13 4.15.0-65-generic #74-Ubuntu SMP Tue Sep 17 17:06:04 UTC 2019 x86_64 GNU/Linux,
2019-10-25 03:47:37.119695 [info] PUID defined as '1000',
2019-10-25 03:47:37.407313 [info] PGID defined as '1000',
2019-10-25 03:47:37.662352 [info] UMASK defined as '000',
2019-10-25 03:47:37.746715 [info] Permissions already set for volume mappings,
2019-10-25 03:47:37.830848 [info] VPN_ENABLED defined as 'yes',
2019-10-25 03:47:37.916605 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/ca_toronto.ovpn,
2019-10-25 03:47:38.058653 [info] VPN remote line defined as 'remote ca-toronto.privateinternetaccess.com 1198',
2019-10-25 03:47:38.131599 [info] VPN_REMOTE defined as 'ca-toronto.privateinternetaccess.com',
2019-10-25 03:47:38.211768 [info] VPN_PORT defined as '1198',
2019-10-25 03:47:38.292593 [info] VPN_PROTOCOL defined as 'udp',
2019-10-25 03:47:38.371441 [info] VPN_DEVICE_TYPE defined as 'tun0',
2019-10-25 03:47:38.444290 [info] VPN_PROV defined as 'pia',
2019-10-25 03:47:38.516241 [info] LAN_NETWORK defined as '192.168.0.0/16',
2019-10-25 03:47:38.589867 [info] NAME_SERVERS defined as '209.222.18.222,1.1.1.1,84.200.69.80,37.235.1.174,185.121.177.177',
2019-10-25 03:47:38.664416 [info] VPN_USER defined as 'XXXXXX',
2019-10-25 03:47:38.741298 [info] VPN_PASS defined as 'XXXXXX',
2019-10-25 03:47:38.839372 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS),
2019-10-25 03:47:38.914290 [info] STRICT_PORT_FORWARD defined as 'yes',
2019-10-25 03:47:38.989611 [info] ENABLE_PRIVOXY defined as 'yes',
2019-10-25 03:47:39.066872 [info] WEBUI_PORT defined as '8098',
2019-10-25 03:47:40.754885 [info] Starting Supervisor...,
2019-10-25 03:47:41,182 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing,
2019-10-25 03:47:41,183 INFO Set uid to user 0 succeeded,
2019-10-25 03:47:41,189 INFO supervisord started with pid 6,
2019-10-25 03:47:42,193 INFO spawned: 'start-script' with pid 158,
2019-10-25 03:47:42,196 INFO spawned: 'watchdog-script' with pid 159,
2019-10-25 03:47:42,197 INFO reaped unknown pid 7,
2019-10-25 03:47:42,216 DEBG 'start-script' stdout output:,
[info] VPN is enabled, beginning configuration of VPN,
,
2019-10-25 03:47:42,216 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs),
2019-10-25 03:47:42,217 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs),
2019-10-25 03:47:42,217 DEBG 'watchdog-script' stdout output:,
[info] qBittorrent config file already exists, skipping copy,
[info] Removing session lock file (if it exists)...,
,
2019-10-25 03:47:42,349 DEBG 'start-script' stdout output:,
[info] Default route for container is 172.17.0.1,
,
2019-10-25 03:47:42,356 DEBG 'start-script' stdout output:,
[info] Adding 209.222.18.222 to /etc/resolv.conf,
,
2019-10-25 03:47:42,366 DEBG 'start-script' stdout output:,
[info] Adding 1.1.1.1 to /etc/resolv.conf,
,
2019-10-25 03:47:42,373 DEBG 'start-script' stdout output:,
[info] Adding 84.200.69.80 to /etc/resolv.conf,
,
2019-10-25 03:47:42,380 DEBG 'start-script' stdout output:,
[info] Adding 37.235.1.174 to /etc/resolv.conf,
,
2019-10-25 03:47:42,387 DEBG 'start-script' stdout output:,
[info] Adding 185.121.177.177 to /etc/resolv.conf,
,
2019-10-25 03:48:57,459 DEBG 'start-script' stderr output:,
Error: error sending query: Could not send or receive, because of network error,
,
2019-10-25 03:50:12,538 DEBG 'start-script' stderr output:,
Error: error sending query: Could not send or receive, because of network error,
,

On the containers, it times out connecting to DNS servers over port 53. Also iptables is empty as well. Any suggestion? Let me know if you need more info.

Force recheck is not working

Hi, there is a bug in the webui and if you fix it that would be great.

Compare to deluge and rtorrent, qbittorrent doesn't force recheck the existing media. But I can do force recheck with Windows Client version. I checked with my friend and he said the samething.

So steps I follow to rectify the issue. Windows client can look for existing media evenly when file and folder is renamed but webui version don't. But when I change the filename and foldername to original then force recheck work.

Is it possible for you to fix that?

Thank you

3

Add ENV to set Qbittorrent version installed

The newest qbitorrent version has some issues making some trackers not allow it to be used. Unfortunately, there is no way to specify what version of qbittorrent for this docker container to use. It would be helpful to add an ENV where you can specify a qbittorrent version to install during install.

UDP VPN Connections not supported

VPN connections can be TCP or UDP, and most VPN providers recommend UDP unless you have a specific need for TCP. In particular the providers that specifically allow P2P traffic usually recommend UDP for the VPN connections.

Testing this case, it appears it might be possible for a UDP VPN to work if:

  • parsing of the ovpn file allows proto udp in addition to proto tcp-client (currently works, but needs to be guarantee)
  • iptables need to allow udp port 1194 instead of tcp 443

torrent save path changes on every container restart

hi again,

I'm having another issue, on every container restart, the torrent save path changes to /config/qBittorrent/ and automatic torrent management is turned off, I'm unsure as to what could be causing this.

cURL Error

Container was working fine today, but I restarted it tonight and now I'm getting the following

qbittorent         | [info] PIA endpoint 'ca-toronto.privateinternetaccess.com' is in the list of endpoints that support port forwarding
qbittorent         | 
qbittorent         | 2020-03-30 23:41:14,437 DEBG 'start-script' stdout output:
qbittorent         | [info] List of PIA endpoints that support port forwarding:-
qbittorent         | [info] ca-toronto.privateinternetaccess.com
qbittorent         | [info] ca-montreal.privateinternetaccess.com
qbittorent         | [info] ca-vancouver.privateinternetaccess.com
qbittorent         | [info] de-berlin.privateinternetaccess.com
qbittorent         | [info] de-frankfurt.privateinternetaccess.com
qbittorent         | [info] sweden.privateinternetaccess.com
qbittorent         | 
qbittorent         | 2020-03-30 23:41:14,437 DEBG 'start-script' stdout output:
qbittorent         | [info] swiss.privateinternetaccess.com
qbittorent         | [info] france.privateinternetaccess.com
qbittorent         | [info] czech.privateinternetaccess.com
qbittorent         | [info] spain.privateinternetaccess.com
qbittorent         | [info] ro.privateinternetaccess.com
qbittorent         | [info] israel.privateinternetaccess.com
qbittorent         | [info] Attempting to get dynamically assigned port...
qbittorent         | 
qbittorent         | 2020-03-30 23:41:14,447 DEBG 'start-script' stdout output:
qbittorent         | [info] Attempting to curl http://209.222.18.222:2000/?client_id=86788e460ecafb77ed87c4fb1862f88932e0aff09aecbea9b86324ff9ad44570...
qbittorent         | 
qbittorent         | 2020-03-30 23:41:14,480 DEBG 'start-script' stdout output:
qbittorent         | [warn] Response code 000 from curl != 2xx
qbittorent         | [warn] Exit code 7 from curl != 0
qbittorent         | [info] 12 retries left
qbittorent         | [info] Retrying in 10 secs...
qbittorent         | 
qbittorent         | 2020-03-30 23:41:24,513 DEBG 'start-script' stdout output:
qbittorent         | [warn] Response code 000 from curl != 2xx
qbittorent         | [warn] Exit code 7 from curl != 0
qbittorent         | [info] 11 retries left
qbittorent         | [info] Retrying in 10 secs...
qbittorent         | 
qbittorent         | 2020-03-30 23:41:34,549 DEBG 'start-script' stdout output:
qbittorent         | [warn] Response code 000 from curl != 2xx
qbittorent         | [warn] Exit code 7 from curl != 0
qbittorent         | [info] 10 retries left
qbittorent         | [info] Retrying in 10 secs...
qbittorent         | 
qbittorent         | 2020-03-30 23:41:44,580 DEBG 'start-script' stdout output:
qbittorent         | [warn] Response code 000 from curl != 2xx
qbittorent         | [warn] Exit code 7 from curl != 0
qbittorent         | [info] 9 retries left
qbittorent         | [info] Retrying in 10 secs...

VPN profile configuration issues

The docker image supports pia, airvpn and custom profiles. I don't have airvpn or pia so I tried configuring it with the custom .ovpn profile. I keep getting errors.

image

I tried my own server's .ovpn profile and a 3rd party provider's profile. Any help would be highly appreciated.

/usr/bin/qbittorrent-nox fails to start on centos 17 and Unbuntu 16

This seems to be the same problem opened by hot22shot

  • this works on Unbuntu 18
  • same config does not work on latest Centos 7 and Unbuntu 16
  • Web user interface is inaccessible.
  • VPN is up and working properly
  • ps in containers shows qbittorrent-nox is not running.

Manually run it ..

[root@7a630ae7ab87 /]# /usr/bin/qbittorrent-nox --daemon --webui-port=8080 --profile=/config
/usr/bin/qbittorrent-nox: error while loading shared libraries: libQt5Core.so.5: cannot open shared object file: No such file or directory

Thank you

QBITTORRENTVPN_PORT_6881=6881

Hi,
Do I need to use 6881 in Connections Listening Port?

3

As you can see I changed the listening port and forward that port on VPN provider and its working perfectly but in my docker compose I didn't change the 6881=44042. I left it as it is?

QBITTORRENTVPN_BACKUP_CONFIG=true
QBITTORRENTVPN_NETWORK_MODE=
QBITTORRENTVPN_PORT_6881=6881
QBITTORRENTVPN_PORT_8080=8085
QBITTORRENTVPN_PORT_8118=8118
QBITTORRENTVPN_ENABLE_PRIVOXY=no

Shall I change the port 6881=44042 in compose file or just change it via Web UI? Reason is my downloading speed is very slow and I am trying to rectify the issue :)

Thank you

Startup script can't see qBittorrent

Ever since a few days ago, I can not get this docker container running. No matter what it hangs on:

2019-04-03 12:43:06,607 DEBG 'watchdog-script' stdout output:
[info] qBittorrent process started
[info] Waiting for qBittorrent process to start listening on port 7540...

but according to qBittorrent's logs, the program is running and listening:

(N) 2019-04-03T12:38:31 - qBittorrent v4.1.5 started
(N) 2019-04-03T12:38:31 - qBittorrent v4.1.5 started
(I) 2019-04-03T12:38:31 - qBittorrent is trying to listen on any interface port: 25122
(N) 2019-04-03T12:38:31 - Peer ID: -qB4150-
(N) 2019-04-03T12:38:31 - HTTP User-Agent is 'qBittorrent/4.1.5'
(I) 2019-04-03T12:38:31 - DHT support [ON]
(I) 2019-04-03T12:38:31 - Local Peer Discovery support [ON]
(I) 2019-04-03T12:38:31 - PeX support [ON]
(I) 2019-04-03T12:38:31 - Anonymous mode [OFF]
(I) 2019-04-03T12:38:31 - Encryption support [ON]
(I) 2019-04-03T12:38:31 - Embedded Tracker [OFF]
(I) 2019-04-03T12:38:31 - GeoIP database loaded. Type: GeoLite2-Country. Build time: Mon Mar 25 16:46:41 2019.
(N) 2019-04-03T12:38:31 - Using built-in Web UI.
(N) 2019-04-03T12:38:31 - Web UI translation for selected locale (en) has been successfully loaded.
(N) 2019-04-03T12:38:31 - Web UI: Now listening on IP: *, port: 7540
(I) 2019-04-03T12:38:31 - qBittorrent is successfully listening on interface :: port: TCP/25122
(I) 2019-04-03T12:38:31 - qBittorrent is successfully listening on interface 0.0.0.0 port: TCP/25122
(I) 2019-04-03T12:38:31 - qBittorrent is successfully listening on interface 0.0.0.0 port: UDP/25122

<Torrent statuses>

(I) 2019-04-03T12:38:32 - External IP: 172.98.67.82
(N) 2019-04-03T12:39:48 - qBittorrent v4.1.5 started
(N) 2019-04-03T12:39:48 - qBittorrent v4.1.5 started
(I) 2019-04-03T12:39:48 - qBittorrent is trying to listen on any interface port: 25313
(N) 2019-04-03T12:39:48 - Peer ID: -qB4150-
(N) 2019-04-03T12:39:48 - HTTP User-Agent is 'qBittorrent/4.1.5'
(I) 2019-04-03T12:39:48 - DHT support [ON]
(I) 2019-04-03T12:39:48 - Local Peer Discovery support [ON]
(I) 2019-04-03T12:39:48 - PeX support [ON]
(I) 2019-04-03T12:39:48 - Anonymous mode [OFF]
(I) 2019-04-03T12:39:48 - Encryption support [ON]
(I) 2019-04-03T12:39:48 - Embedded Tracker [OFF]
(I) 2019-04-03T12:39:48 - GeoIP database loaded. Type: GeoLite2-Country. Build time: Mon Mar 25 16:46:41 2019.
(N) 2019-04-03T12:39:48 - Using built-in Web UI.
(N) 2019-04-03T12:39:48 - Web UI translation for selected locale (en) has been successfully loaded.
(N) 2019-04-03T12:39:48 - Web UI: Now listening on IP: 0.0.0.0, port: 7540
(I) 2019-04-03T12:39:48 - qBittorrent is successfully listening on interface :: port: TCP/25313
(I) 2019-04-03T12:39:48 - qBittorrent is successfully listening on interface 0.0.0.0 port: TCP/25313
(I) 2019-04-03T12:39:48 - qBittorrent is successfully listening on interface 0.0.0.0 port: UDP/25313

<Torrent statuses>

(I) 2019-04-03T12:39:49 - External IP: 172.98.67.96
(N) 2019-04-03T12:41:39 - qBittorrent v4.1.5 started
(N) 2019-04-03T12:41:39 - qBittorrent v4.1.5 started
(I) 2019-04-03T12:41:39 - qBittorrent is trying to listen on any interface port: 24149
(N) 2019-04-03T12:41:39 - Peer ID: -qB4150-
(N) 2019-04-03T12:41:39 - HTTP User-Agent is 'qBittorrent/4.1.5'
(I) 2019-04-03T12:41:39 - DHT support [ON]
(I) 2019-04-03T12:41:39 - Local Peer Discovery support [ON]
(I) 2019-04-03T12:41:39 - PeX support [ON]
(I) 2019-04-03T12:41:39 - Anonymous mode [OFF]
(I) 2019-04-03T12:41:39 - Encryption support [ON]
(I) 2019-04-03T12:41:39 - Embedded Tracker [OFF]
(I) 2019-04-03T12:41:39 - UPnP / NAT-PMP support [ON]
(I) 2019-04-03T12:41:40 - GeoIP database loaded. Type: GeoLite2-Country. Build time: Mon Mar 25 16:46:41 2019.
(N) 2019-04-03T12:41:40 - Using built-in Web UI.
(N) 2019-04-03T12:41:40 - Web UI translation for selected locale (en) has been successfully loaded.

<Torrent statuses>

(I) 2019-04-03T12:43:06 - qBittorrent is trying to listen on any interface port: 46117
(I) 2019-04-03T12:43:06 - qBittorrent is successfully listening on interface :: port: TCP/46117
(I) 2019-04-03T12:43:06 - qBittorrent is successfully listening on interface 0.0.0.0 port: TCP/46117
(I) 2019-04-03T12:43:06 - qBittorrent is successfully listening on interface 0.0.0.0 port: UDP/46117

<Torrent statuses>

(I) 2019-04-03T12:43:07 - External IP: 172.98.67.25

I've tried removing the config file to let it generate a new one, but that does not solve the issue.

EDIT: Htop in the container even shows that it's running and listening

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.