Doubts over Gluetun + QBitTorrent setup

Hello! I’m trying to set up qbittorrent and gluetun using docker compose on my home server, using the free account of ProtonVPN.

on some posts I see that ports 8080, 6881 and 6881/UDP are open in gluetun. in the guide I followed instead only port 8080 is exposed. So I exposed port 8080 and it is not working. I launched the torrent of endeavourOS iso image (that my laptop (with the same vpn) downloads in a few minutes with plenty of peers and seeds at about 4Mb/s), and it downloaded at an EXTREME low speed (a few B/s) for a few seconds, and then got stuck at stalled. When it is stalled, the qbittorrent container has no internet access (ping linux.org fails).

So my questions are:

  1. Which ports do I need to open on gluetun? if I open 6881 wouldn’t my IP be exposed bypassing gluetun?
  2. What’s wrong with my setup? Why is internet connection so slow when there is, and why does it go away so often?
  3. Is this configuration secure? in case of gluetun fail, would my IP be leaked?

here’s the two docker-compose.yml files:


<span style="color:#323232;">version: "3"
</span><span style="color:#323232;">
</span><span style="color:#323232;">services:
</span><span style="color:#323232;">    gluetun:
</span><span style="color:#323232;">        image: qmcgaw/gluetun
</span><span style="color:#323232;">        container_name: gluetun
</span><span style="color:#323232;">        cap_add:
</span><span style="color:#323232;">            - NET_ADMIN
</span><span style="color:#323232;">        environment:
</span><span style="color:#323232;">            - VPN_SERVICE_PROVIDER=protonvpn
</span><span style="color:#323232;">            - OPENVPN_USER=MYUSERHERE
</span><span style="color:#323232;">            - OPENVPN_PASSWORD=MYPASSWORDHERE
</span><span style="color:#323232;">            - SERVER_COUNTRIES=Netherlands
</span><span style="color:#323232;">            - FREE_ONLY=on
</span><span style="color:#323232;">        volumes:
</span><span style="color:#323232;">            - ~/docker/gluetun/gluetun:/gluetun
</span><span style="color:#323232;">        ports:
</span><span style="color:#323232;">            - 8080:8080 # qBittorrent
</span><span style="color:#323232;">        restart: unless-stopped
</span>

and


<span style="color:#323232;">version: "3"
</span><span style="color:#323232;">services:
</span><span style="color:#323232;">  qbittorrent:
</span><span style="color:#323232;">    image: linuxserver/qbittorrent:latest
</span><span style="color:#323232;">    container_name: qbittorrent
</span><span style="color:#323232;">    environment:
</span><span style="color:#323232;">      - PUID=1000
</span><span style="color:#323232;">      - PGID=1000
</span><span style="color:#323232;">      - TZ=Europe/Rome
</span><span style="color:#323232;">      - WEBUI_PORT=8080
</span><span style="color:#323232;">    volumes:
</span><span style="color:#323232;">      - ~/docker/qbittorrent/config:/config
</span><span style="color:#323232;">      - ~/docker/qbittorrent/downloads:/downloads
</span><span style="color:#323232;">    network_mode: "container:gluetun"
</span><span style="color:#323232;">    #ports:
</span><span style="color:#323232;">    #  - 8080:8080
</span><span style="color:#323232;">    #  - 6881:6881
</span><span style="color:#323232;">    #  - 6881:6881/udp
</span><span style="color:#323232;">    restart: unless-stopped
</span>

and here’s some logs:


<span style="color:#323232;">024-01-22T19:07:15Z INFO Settings summary:
</span><span style="color:#323232;">├── VPN settings:
</span><span style="color:#323232;">|   ├── VPN provider settings:
</span><span style="color:#323232;">|   |   ├── Name: protonvpn
</span><span style="color:#323232;">|   |   └── Server selection settings:
</span><span style="color:#323232;">|   |       ├── VPN type: openvpn
</span><span style="color:#323232;">|   |       ├── Countries: netherlands
</span><span style="color:#323232;">|   |       ├── Free only servers: yes
</span><span style="color:#323232;">|   |       └── OpenVPN server selection settings:
</span><span style="color:#323232;">|   |           └── Protocol: UDP
</span><span style="color:#323232;">|   └── OpenVPN settings:
</span><span style="color:#323232;">|       ├── OpenVPN version: 2.5
</span><span style="color:#323232;">|       ├── User: [set]
</span><span style="color:#323232;">|       ├── Password: fL...BK
</span><span style="color:#323232;">|       ├── Network interface: tun0
</span><span style="color:#323232;">|       ├── Run OpenVPN as: root
</span><span style="color:#323232;">|       └── Verbosity level: 1
</span><span style="color:#323232;">├── DNS settings:
</span><span style="color:#323232;">|   ├── Keep existing nameserver(s): no
</span><span style="color:#323232;">|   ├── DNS server address to use: 127.0.0.1
</span><span style="color:#323232;">|   └── DNS over TLS settings:
</span><span style="color:#323232;">|       ├── Enabled: yes
</span><span style="color:#323232;">|       ├── Update period: every 24h0m0s
</span><span style="color:#323232;">|       ├── Unbound settings:
</span><span style="color:#323232;">|       |   ├── Authoritative servers:
</span><span style="color:#323232;">|       |   |   └── cloudflare
</span><span style="color:#323232;">|       |   ├── Caching: yes
</span><span style="color:#323232;">|       |   ├── IPv6: no
</span><span style="color:#323232;">|       |   ├── Verbosity level: 1
</span><span style="color:#323232;">|       |   ├── Verbosity details level: 0
</span><span style="color:#323232;">|       |   ├── Validation log level: 0
</span><span style="color:#323232;">|       |   ├── System user: root
</span><span style="color:#323232;">|       |   └── Allowed networks:
</span><span style="color:#323232;">|       |       ├── 0.0.0.0/0
</span><span style="color:#323232;">|       |       └── ::/0
</span><span style="color:#323232;">|       └── DNS filtering settings:
</span><span style="color:#323232;">|           ├── Block malicious: yes
</span><span style="color:#323232;">|           ├── Block ads: no
</span><span style="color:#323232;">|           ├── Block surveillance: no
</span><span style="color:#323232;">|           └── Blocked IP networks:
</span><span style="color:#323232;">|               ├── 127.0.0.1/8
</span><span style="color:#323232;">|               ├── 10.0.0.0/8
</span><span style="color:#323232;">|               ├── 172.16.0.0/12
</span><span style="color:#323232;">|               ├── 192.168.0.0/16
</span><span style="color:#323232;">|               ├── 169.254.0.0/16
</span><span style="color:#323232;">|               ├── ::1/128
</span><span style="color:#323232;">|               ├── fc00::/7
</span><span style="color:#323232;">|               ├── fe80::/10
</span><span style="color:#323232;">|               ├── ::ffff:127.0.0.1/104
</span><span style="color:#323232;">|               ├── ::ffff:10.0.0.0/104
</span><span style="color:#323232;">|               ├── ::ffff:169.254.0.0/112
</span><span style="color:#323232;">|               ├── ::ffff:172.16.0.0/108
</span><span style="color:#323232;">|               └── ::ffff:192.168.0.0/112
</span><span style="color:#323232;">├── Firewall settings:
</span><span style="color:#323232;">|   └── Enabled: yes
</span><span style="color:#323232;">├── Log settings:
</span><span style="color:#323232;">|   └── Log level: INFO
</span><span style="color:#323232;">├── Health settings:
</span><span style="color:#323232;">|   ├── Server listening address: 127.0.0.1:9999
</span><span style="color:#323232;">|   ├── Target address: cloudflare.com:443
</span><span style="color:#323232;">|   ├── Duration to wait after success: 5s
</span><span style="color:#323232;">|   ├── Read header timeout: 100ms
</span><span style="color:#323232;">|   ├── Read timeout: 500ms
</span><span style="color:#323232;">|   └── VPN wait durations:
</span><span style="color:#323232;">|       ├── Initial duration: 6s
</span><span style="color:#323232;">|       └── Additional duration: 5s
</span><span style="color:#323232;">├── Shadowsocks server settings:
</span><span style="color:#323232;">|   └── Enabled: no
</span><span style="color:#323232;">├── HTTP proxy settings:
</span><span style="color:#323232;">|   └── Enabled: no
</span><span style="color:#323232;">├── Control server settings:
</span><span style="color:#323232;">|   ├── Listening address: :8000
</span><span style="color:#323232;">|   └── Logging: yes
</span><span style="color:#323232;">├── OS Alpine settings:
</span><span style="color:#323232;">|   ├── Process UID: 1000
</span><span style="color:#323232;">|   └── Process GID: 1000
</span><span style="color:#323232;">├── Public IP settings:
</span><span style="color:#323232;">|   ├── Fetching: every 12h0m0s
</span><span style="color:#323232;">|   └── IP file path: /tmp/gluetun/ip
</span><span style="color:#323232;">└── Version settings:
</span><span style="color:#323232;">└── Enabled: yes
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [routing] adding route for 0.0.0.0/0
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [firewall] setting allowed subnets...
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [dns] using plaintext DNS at address 1.1.1.1
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [http server] http server listening on [::]:8000
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [healthcheck] listening on 127.0.0.1:9999
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [firewall] allowing VPN connection...
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.40.57.231:1194
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [openvpn] UDP link local: (not bound)
</span><span style="color:#323232;">2024-01-22T19:07:15Z INFO [openvpn] UDP link remote: [AF_INET]192.40.57.231:1194
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [vpn] stopping
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [vpn] starting
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [firewall] allowing VPN connection...
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov  2 2022
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.56.235:1194
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [openvpn] UDP link local: (not bound)
</span><span style="color:#323232;">2024-01-22T19:07:21Z INFO [openvpn] UDP link remote: [AF_INET]185.107.56.235:1194
</span><span style="color:#323232;">2024-01-22T19:07:22Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
</span><span style="color:#323232;">2024-01-22T19:07:22Z WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
</span><span style="color:#323232;">2024-01-22T19:07:22Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
</span><span style="color:#323232;">2024-01-22T19:07:22Z INFO [openvpn] [node-nl-164.protonvpn.net] Peer Connection Initiated with [AF_INET]185.107.56.235:1194
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [openvpn] setsockopt TCP_NODELAY=1 failed
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [openvpn] TUN/TAP device tun0 opened
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip addr add dev tun0 10.25.0.5/16
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [openvpn] UID set to nonrootuser
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [openvpn] Initialization Sequence Completed
</span><span style="color:#323232;">2024-01-22T19:07:23Z INFO [dns] downloading DNS over TLS cryptographic files
</span><span style="color:#323232;">2024-01-22T19:07:24Z INFO [healthcheck] healthy!
</span><span style="color:#323232;">2024-01-22T19:07:24Z INFO [dns] downloading hostnames and IP block lists
</span><span style="color:#323232;">2024-01-22T19:07:32Z INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
</span><span style="color:#323232;">2024-01-22T19:07:32Z INFO [dns] init module 0: validator
</span><span style="color:#323232;">2024-01-22T19:07:32Z INFO [dns] init module 1: iterator
</span><span style="color:#323232;">2024-01-22T19:07:32Z INFO [dns] start of service (unbound 1.17.1).
</span><span style="color:#323232;">2024-01-22T19:07:33Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
</span><span style="color:#323232;">2024-01-22T19:07:33Z INFO [healthcheck] healthy!
</span><span style="color:#323232;">2024-01-22T19:07:33Z INFO [dns] ready
</span><span style="color:#323232;">2024-01-22T19:07:33Z INFO [vpn] You are running on the bleeding edge of latest!
</span><span style="color:#323232;">2024-01-22T19:07:33Z INFO [ip getter] Public IP address is 185.107.56.251 (Netherlands, North Holland, Amsterdam)
</span>
Azzu, (edited )

Maybe your server just has Gluetun intolerance…

tubbadu,

I’ve tried to cd gluten thousands of times XD

R7KT, (edited )

I can’t answer all your questions but I am using a similar setup. To my knowledge the free tier on proton doesn’t allow torrent traffic, this could explain why you see the connection fail after some time.

You do have to open 6881 on gluetun. You do need to make sure that your qbit is utilizing your gluetun connection. I am using docker and have the qbit container use gluetun network. That way, if something happens to gluetun, qbit won’t failover to your host’s network and leak your ip.

tubbadu,

Thanks for the answer! On my desktop with the same account I’m able to torrent without any problems, I’ve done it for years, I don’t think it’s a problem

I’ll try to open the port and see if it works, thanks!

VelociCatTurd,

I don’t have any answers to your questions, I would just like to mention that you can get complete images that do both of these things together. I use this one, but there apparently to be a bunch of different ones.

github.com/MarkusMcNugen/docker-qBittorrentvpn

Was very easy to setup.

tubbadu,

Uh this is very interesting actually! I’ll try to install it and see if this works, thank you very much!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • selfhosted@lemmy.world
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #