ANSWERED No IPv4 port forwarding, IPv6 works fine

[ChehTan 1]

Hello there,

I currently have a specific setup :

I have a Docker container creating the VPN connection to AirVPN.
I have another Docker container for qBitTorrent that uses CT VPN's network to access internet (so the docker is always behind the VPN).

I enabled Port Forwarding into AirVPN, and then configured such port into qBitTorrent to use it.
But when I use the Test open button in AirVPN, only the IPv6 connection says Open. The IPv4 says Connection timed out.
The fact that IPv6 says Open tells me that I correctly configured qBitTorrent and it should be working fine.
However, with IPv4 timing out, qBitTorrent seems to not be seeding properly.

Is there anything wrong with my set-up, or is this problem AirVPN related?

Thank you in advance for you answer,

I can provide any config file if necessary.

Regards,

[OpenSourcerer 1435]

Definitely not AirVPN-related. Post your docker-compose.yml or other relevant configs; it's possible something v4-specific is misconfigured.

[ChehTan 1]

Hello there !

I assumed that ^^

Here is my docker-compose.yml:

The custom openvpn-client (on a private repo) is just to make openvpn compatible with Alpine 3
 

version: '3.8'
services:
  vpn:
    container_name: openVPN
    image: conservat.vwa.re/groupvware/docker/openvpn-client:latest #dperson/openvpn-client:latest
    cap_add:
      - net_admin # required to modify network interfaces
    restart: unless-stopped
    networks:
      vpn_net:
        aliases:
          - vpn-bit
    labels:
      - autoheal=true
    ports:
      - 8081:8081 # port for qbitTorrent
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - /host/path/vpn:/vpn # OpenVPN configuration
    security_opt:
      - label:disable
    dns:
      - 9.9.9.9
    sysctls:
     - net.ipv6.conf.all.disable_ipv6=0
    command: '-f "" -r 192.168.1.0/24'

  qBittorrent:
    container_name: qBittorrent 
    image: linuxserver/qbittorrent
    restart: unless-stopped
    labels:
      - autoheal=true
    network_mode: service:vpn # run on the VPN network
    volumes:
      - /host/path/qbittorrent:/config
      - /host/path/torrent_downloads:/downloads
      - /host/path/torrent_watchdog:/watchdog
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - UMASK=022
      - WEBUI_PORT=8081
    healthcheck:
      test: ["CMD-SHELL", "curl --fail http://127.0.0.1:8081/api/v2/app/version || exit 1"]
      interval: 1m30s
      timeout: 10s
      retries: 3
      start_period: 10s

AirVPN allowed me the port 16400, which have been configured into qBitTorrent. Edited ... by ChehTan

[OpenSourcerer 1435]

Does this qB container come with a GUI or WebUI only? Its log would be interesting to look at.

[ChehTan 1]

It seems to only have a WebGUI.

I've found the logs, which tells me it successfully listened on all IPs it has, on the port 16400 on both TCP and uTP.

I'll add them later tonight

Edited ... by ChehTan

[OpenSourcerer 1435]

30 minutes ago, ChehTan said:

and uTP

Disable that, while you're at it. It conflicts with VPNs.

[ChehTan 1]

Hello !

Here is the logs that I have when qB starts:
qbittorrent.log

[ChehTan 1]

Okay, I finally found the issue:

My OpenVPN container had an iptables configured that was dropping everthing.

Using the regular iptables -t filter -A INPUT -p tcp --dport <MyForwardedPort> -j ACCEPT solved the issue

[OpenSourcerer 1435]

The necessity to use iptables in such a container setup is one of those tidbits making troubleshooting difficult for those not familar with such setups. Personally, I thought you simply boot up the container and you're good to go, there was no mention of iptables being deployed anywhere.

I'm glad you solved it, and even more glad that you came back and provided your solution; I thank you very much on behalf of the future.

[ChehTan 1]

I agree. And to me, since each Container is in a private IP network, having a firewall above this setup is a non-sense. You have your Router's firewall, your Host's firewall (for Docker's NAT/PAT system) and an in-container firewall?

I know there's not too much security but here, it make things really complex for nothing...

And I'm glad to provide the solution, because I've found myself many time reading a « It found the issue », with no solution given at all...

[ChehTan 1]

Small update:

If anyone is using the same source image as me, in order to have qBitTorrent to work properly, you must add the environment variable VPNPORT with your Port Forwarded from AirVPN Client Area, like so :

vpn:
    container_name: openVPN
    image: conservat.vwa.re/groupvware/docker/openvpn-client:latest #dperson/openvpn-client:latest
    cap_add:
      - net_admin # required to modify network interfaces
    restart: unless-stopped
    networks:
      vpn_net:
        aliases:
          - vpn-bit
    labels:
      - autoheal=true
    ports:
      - 8081:8081 # port for qbitTorrent
    environment:
      - PUID=${PUID}
      - PGID=${PGID}
      - TZ=${TZ}
      - VPNPORT=<VPNPORTFROMAIR> # This one is TCP
      - VPNPORT_1=<VPNPORTFROMAIR>;udp
    devices:
      - /dev/net/tun:/dev/net/tun
    volumes:
      - /host/path/vpn:/vpn # OpenVPN configuration
    security_opt:
      - label:disable
    dns:
      - 9.9.9.9
    sysctls:
     - net.ipv6.conf.all.disable_ipv6=0
    command: '-f "" -r 192.168.1.0/24'