Doubts over Gluetun + QBitTorrent setup
Doubts over Gluetun + QBitTorrent setup
Hello! I'm trying to set up qbittorrent and gluetun using docker compose on my home server, using the free account of ProtonVPN.
on some posts I see that ports 8080, 6881 and 6881/UDP are open in gluetun. in the guide I followed instead only port 8080 is exposed. So I exposed port 8080 and it is not working. I launched the torrent of endeavourOS iso image (that my laptop (with the same vpn) downloads in a few minutes with plenty of peers and seeds at about 4Mb/s), and it downloaded at an EXTREME low speed (a few B/s) for a few seconds, and then got stuck at stalled. When it is stalled, the qbittorrent container has no internet access (ping linux.org fails).
So my questions are:
- Which ports do I need to open on gluetun? if I open 6881 wouldn't my IP be exposed bypassing gluetun?
- What's wrong with my setup? Why is internet connection so slow when there is, and why does it go away so often?
- Is this configuration secure? in case of gluetun fail, would my IP be leaked?
here's the two docker-compose.yml files:
undefined
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=protonvpn
- OPENVPN_USER=MYUSERHERE
- OPENVPN_PASSWORD=MYPASSWORDHERE
- SERVER_COUNTRIES=Netherlands
- FREE_ONLY=on
volumes:
- ~/docker/gluetun/gluetun:/gluetun
ports:
- 8080:8080 # qBittorrent
restart: unless-stopped
and
undefined
version: "3"
services:
qbittorrent:
image: linuxserver/qbittorrent:latest
container_name: qbittorrent
environment:
- PUID=1000
- PGID=1000
- TZ=Europe/Rome
- WEBUI_PORT=8080
volumes:
- ~/docker/qbittorrent/config:/config
- ~/docker/qbittorrent/downloads:/downloads
network_mode: "container:gluetun"
#ports:
# - 8080:8080
# - 6881:6881
# - 6881:6881/udp
restart: unless-stopped
and here's some logs:
undefined
024-01-22T19:07:15Z INFO Settings summary: ├── VPN settings: | ├── VPN provider settings: | | ├── Name: protonvpn | | └── Server selection settings: | | ├── VPN type: openvpn | | ├── Countries: netherlands | | ├── Free only servers: yes | | └── OpenVPN server selection settings: | | └── Protocol: UDP | └── OpenVPN settings: | ├── OpenVPN version: 2.5 | ├── User: [set] | ├── Password: fL...BK | ├── Network interface: tun0 | ├── Run OpenVPN as: root | └── Verbosity level: 1 ├── DNS settings: | ├── Keep existing nameserver(s): no | ├── DNS server address to use: 127.0.0.1 | └── DNS over TLS settings: | ├── Enabled: yes | ├── Update period: every 24h0m0s | ├── Unbound settings: | | ├── Authoritative servers: | | | └── cloudflare | | ├── Caching: yes | | ├── IPv6: no | | ├── Verbosity level: 1 | | ├── Verbosity details level: 0 | | ├── Validation log level: 0 | | ├── System user: root | | └── Allowed networks: | | ├── 0.0.0.0/0 | | └── ::/0 | └── DNS filtering settings: | ├── Block malicious: yes | ├── Block ads: no | ├── Block surveillance: no | └── Blocked IP networks: | ├── 127.0.0.1/8 | ├── 10.0.0.0/8 | ├── 172.16.0.0/12 | ├── 192.168.0.0/16 | ├── 169.254.0.0/16 | ├── ::1/128 | ├── fc00::/7 | ├── fe80::/10 | ├── ::ffff:127.0.0.1/104 | ├── ::ffff:10.0.0.0/104 | ├── ::ffff:169.254.0.0/112 | ├── ::ffff:172.16.0.0/108 | └── ::ffff:192.168.0.0/112 ├── Firewall settings: | └── Enabled: yes ├── Log settings: | └── Log level: INFO ├── Health settings: | ├── Server listening address: 127.0.0.1:9999 | ├── Target address: cloudflare.com:443 | ├── Duration to wait after success: 5s | ├── Read header timeout: 100ms | ├── Read timeout: 500ms | └── VPN wait durations: | ├── Initial duration: 6s | └── Additional duration: 5s ├── Shadowsocks server settings: | └── Enabled: no ├── HTTP proxy settings: | └── Enabled: no ├── Control server settings: | ├── Listening address: :8000 | └── Logging: yes ├── OS Alpine settings: | ├── Process UID: 1000 | └── Process GID: 1000 ├── Public IP settings: | ├── Fetching: every 12h0m0s | └── IP file path: /tmp/gluetun/ip └── Version settings: └── Enabled: yes 2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4 2024-01-22T19:07:15Z INFO [routing] adding route for 0.0.0.0/0 2024-01-22T19:07:15Z INFO [firewall] setting allowed subnets... 2024-01-22T19:07:15Z INFO [routing] default route found: interface eth0, gateway 172.29.0.1, assigned IP 172.29.0.2 and family v4 2024-01-22T19:07:15Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it... 2024-01-22T19:07:15Z INFO [dns] using plaintext DNS at address 1.1.1.1 2024-01-22T19:07:15Z INFO [http server] http server listening on [::]:8000 2024-01-22T19:07:15Z INFO [healthcheck] listening on 127.0.0.1:9999 2024-01-22T19:07:15Z INFO [firewall] allowing VPN connection... 2024-01-22T19:07:15Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022 2024-01-22T19:07:15Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10 2024-01-22T19:07:15Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]192.40.57.231:1194 2024-01-22T19:07:15Z INFO [openvpn] UDP link local: (not bound) 2024-01-22T19:07:15Z INFO [openvpn] UDP link remote: [AF_INET]192.40.57.231:1194 2024-01-22T19:07:21Z INFO [healthcheck] program has been unhealthy for 6s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md) 2024-01-22T19:07:21Z INFO [vpn] stopping 2024-01-22T19:07:21Z INFO [vpn] starting 2024-01-22T19:07:21Z INFO [firewall] allowing VPN connection... 2024-01-22T19:07:21Z INFO [openvpn] OpenVPN 2.5.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Nov 2 2022 2024-01-22T19:07:21Z INFO [openvpn] library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10 2024-01-22T19:07:21Z INFO [openvpn] TCP/UDP: Preserving recently used remote address: [AF_INET]185.107.56.235:1194 2024-01-22T19:07:21Z INFO [openvpn] UDP link local: (not bound) 2024-01-22T19:07:21Z INFO [openvpn] UDP link remote: [AF_INET]185.107.56.235:1194 2024-01-22T19:07:22Z WARN [openvpn] 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1634' 2024-01-22T19:07:22Z WARN [openvpn] 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500' 2024-01-22T19:07:22Z WARN [openvpn] 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' 2024-01-22T19:07:22Z INFO [openvpn] [node-nl-164.protonvpn.net] Peer Connection Initiated with [AF_INET]185.107.56.235:1194 2024-01-22T19:07:23Z INFO [openvpn] setsockopt TCP_NODELAY=1 failed 2024-01-22T19:07:23Z INFO [openvpn] TUN/TAP device tun0 opened 2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up mtu 1500 2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip link set dev tun0 up 2024-01-22T19:07:23Z INFO [openvpn] /sbin/ip addr add dev tun0 10.25.0.5/16 2024-01-22T19:07:23Z INFO [openvpn] UID set to nonrootuser 2024-01-22T19:07:23Z INFO [openvpn] Initialization Sequence Completed 2024-01-22T19:07:23Z INFO [dns] downloading DNS over TLS cryptographic files 2024-01-22T19:07:24Z INFO [healthcheck] healthy! 2024-01-22T19:07:24Z INFO [dns] downloading hostnames and IP block lists 2024-01-22T19:07:32Z INFO [healthcheck] unhealthy: dialing: dial tcp4: lookup cloudflare.com: i/o timeout 2024-01-22T19:07:32Z INFO [dns] init module 0: validator 2024-01-22T19:07:32Z INFO [dns] init module 1: iterator 2024-01-22T19:07:32Z INFO [dns] start of service (unbound 1.17.1). 2024-01-22T19:07:33Z INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN 2024-01-22T19:07:33Z INFO [healthcheck] healthy! 2024-01-22T19:07:33Z INFO [dns] ready 2024-01-22T19:07:33Z INFO [vpn] You are running on the bleeding edge of latest! 2024-01-22T19:07:33Z INFO [ip getter] Public IP address is 185.107.56.251 (Netherlands, North Holland, Amsterdam)