Hello! I’m trying to set up qbittorrent and gluetun using docker compose on my home server, using the free account of ProtonVPN.
on some posts I see that ports 8080, 6881 and 6881/UDP are open in gluetun. in the guide I followed instead only port 8080 is exposed. So I exposed port 8080 and it is not working. I launched the torrent of endeavourOS iso image (that my laptop (with the same vpn) downloads in a few minutes with plenty of peers and seeds at about 4Mb/s), and it downloaded at an EXTREME low speed (a few B/s) for a few seconds, and then got stuck at stalled. When it is stalled, the qbittorrent container has no internet access (ping linux.org fails).
So my questions are:
- Which ports do I need to open on gluetun? if I open 6881 wouldn’t my IP be exposed bypassing gluetun?
- What’s wrong with my setup? Why is internet connection so slow when there is, and why does it go away so often?
- Is this configuration secure? in case of gluetun fail, would my IP be leaked?
here’s the two docker-compose.yml files:
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=protonvpn
- OPENVPN_USER=MYUSERHERE
- OPENVPN_PASSWORD=MYPASSWORDHERE
- SERVER_COUNTRIES=Netherlands
- FREE_ONLY=on
volumes:
- ~/docker/gluetun/gluetun:/gluetun
ports:
- 8080:8080 # qBittorrent
restart: unless-stopped
and
version: "3"
services:
qbittorrent:
image: linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Rome
- WEBUI_PORT=8080
volumes:
- ~/docker/qbittorrent/config:/config
- ~/docker/qbittorrent/downloads:/downloads
network_mode: "container:gluetun"
#ports:
# - 8080:8080
# - 6881:6881
# - 6881:6881/udp
restart: unless-stopped
and here’s some logs:
024-01-22T19:07:15Z INFO Settings summary:
├── VPN settings:
| ├── VPN provider settings:
| | ├── Name: protonvpn
| | └── Server selection settings:
| | ├── VPN type: openvpn
| | ├── Countries: netherlands
| | ├── Free only servers: yes
| | └── OpenVPN server selection settings:
| | └── Protocol: UDP
| └── OpenVPN settings:
| ├── OpenVPN version: 2.5
| ├── User: [set]
| ├── Password: fL...BK
| ├── Network interface: tun0
| ├── Run OpenVPN as: root
| └── Verbosity level: 1
├── DNS settings:
| ├── Keep existing nameserver(s): no
| ├── DNS server address to use: 127.0.0.1
| └── DNS over TLS settings:
| ├── Enabled: yes
| ├── Update period: every 24h0m0s
| ├── Unbound settings:
| | ├── Authoritative servers:
| | | └── cloudflare
| | ├── Caching: yes
| | ├── IPv6: no
| | ├── Verbosity level: 1
| | ├── Verbosity details level: 0
| | ├── Validation log level: 0
| | ├── System user: root
| | └── Allowed networks:
| | ├── 0.0.0.0/0
| | └── ::/0
| └── DNS filtering settings:
| ├── Block malicious: yes
| ├── Block ads: no
| ├── Block surveillance: no
| └── Blocked IP networks:
| ├── 127.0.0.1/8
| ├── 10.0.0.0/8
| ├── 172.16.0.0/12
| ├── 192.168.0.0/16
| ├── 169.254.0.0/16
| ├── ::1/128
| ├── fc00::/7
| ├── fe80::/10
| ├── ::ffff:127.0.0.1/104
| ├── ::ffff:10.0.0.0/104
| ├── ::ffff:169.254.0.0/112
| ├── ::ffff:172.16.0.0/108
| └── ::ffff:192.168.0.0/112
├── Firewall settings:
| └── Enabled: yes
├── Log settings:
| └── Log level: INFO
├── Health settings:
| ├── Server listening address: 127.0.0.1:9999
| ├── Target address: cloudflare.com:443
| ├── Duration to wait after success: 5s
| ├── Read header timeout: 100ms
| ├── Read timeout: 500ms
| └── VPN wait durations:
| ├── Initial duration: 6s
| └── Additional duration: 5s
├── Shadowsocks server settings:
| └── Enabled: no
├── HTTP proxy settings:
| └── Enabled: no
├── Control server settings:
| ├── Listening address: :8000
| └── Logging: yes
├── OS Alpine settings:
| ├── Process UID: 1000
| └── Process GID: 1000
├── Public IP settings:
| ├── Fetching: every 12h0m0s
| └── IP file path: /tmp/gluetun/ip
└── Version settings:
└── Enabled: yes
2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-01-22T19:07:15Z INFO [routing] adding route for 0.0.0.0/0
2024-01-22T19:07:15Z INFO [firewall] setting allowed subnets...
2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4
2024-01-22T19:07:15Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-01-22T19:07:15Z INFO [dns] using plaintext DNS at address 1.1.1.1
2024-01-22T19:07:15Z INFO [http server] http server listening on [::]:8000
2024-01-22T19:07:15Z INFO [healthcheck] listening on 127.0.0.1:9999
2024-01-22T19:07:15Z INFO [firewall] allowing VPN connection...
2024-01-22T19:07:15Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
2024-01-22T19:07:15Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-01-22T19:07:15Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.40.57.231:1194
2024-01-22T19:07:15Z INFO [openvpn] UDP link local: (not bound)
2024-01-22T19:07:15Z INFO [openvpn] UDP link remote: [AF_INET]192.40.57.231:1194
2024-01-22T19:07:21Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2024-01-22T19:07:21Z INFO [vpn] stopping
2024-01-22T19:07:21Z INFO [vpn] starting
2024-01-22T19:07:21Z INFO [firewall] allowing VPN connection...
2024-01-22T19:07:21Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022
2024-01-22T19:07:21Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2024-01-22T19:07:21Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.56.235:1194
2024-01-22T19:07:21Z INFO [openvpn] UDP link local: (not bound)
2024-01-22T19:07:21Z INFO [openvpn] UDP link remote: [AF_INET]185.107.56.235:1194
2024-01-22T19:07:22Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634'
2024-01-22T19:07:22Z WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2024-01-22T19:07:22Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2024-01-22T19:07:22Z INFO [openvpn] [node-nl-164.protonvpn.net] Peer Connection Initiated with [AF_INET]185.107.56.235:1194
2024-01-22T19:07:23Z INFO [openvpn] setsockopt TCP_NODELAY=1 failed
2024-01-22T19:07:23Z INFO [openvpn] TUN/TAP device tun0 opened
2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500
2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up
2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip addr add dev tun0 10.25.0.5/16
2024-01-22T19:07:23Z INFO [openvpn] UID set to nonrootuser
2024-01-22T19:07:23Z INFO [openvpn] Initialization Sequence Completed
2024-01-22T19:07:23Z INFO [dns] downloading DNS over TLS cryptographic files
2024-01-22T19:07:24Z INFO [healthcheck] healthy!
2024-01-22T19:07:24Z INFO [dns] downloading hostnames and IP block lists
2024-01-22T19:07:32Z INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout
2024-01-22T19:07:32Z INFO [dns] init module 0: validator
2024-01-22T19:07:32Z INFO [dns] init module 1: iterator
2024-01-22T19:07:32Z INFO [dns] start of service (unbound 1.17.1).
2024-01-22T19:07:33Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-01-22T19:07:33Z INFO [healthcheck] healthy!
2024-01-22T19:07:33Z INFO [dns] ready
2024-01-22T19:07:33Z INFO [vpn] You are running on the bleeding edge of latest!
2024-01-22T19:07:33Z INFO [ip getter] Public IP address is 185.107.56.251 (Netherlands, North Holland, Amsterdam)
Configuration looks correct, it doesnt work ?
Mind that the ipinfo also fails on my end, but torrenting works.
There are websites to test if your torrent is using a VPN or not.
the container has no internet connection at all :(
if I enter in the container shell and try to ping anything it says “bad address”
tubbadu@fedoraserver:~/docker/gluetun$ docker exec -it gluetun sh / # ping linux.org ping: bad address 'linux.org'Can you ping an IP instead ?