hassio-addons: [qbittorrent] Mullvad vpn : udp4 permission denied

Description

Long-time user. Addon doesn’t start after the 4.6.2 updates. I did read the breaking changes but fail to see what I need to do. I see the info about required password but the migration script did not add any. Tried adding QBT_PASSWORD: homeassistant into the config, to no avail. I use network SMB share and Mullvad VPN, have for years. HA 2023.12.1 as a Proxmox VM.

Reproduction steps

1. start addon

Addon Logs

2023-12-11 05:16:22 [INFO] Starting OpenVPN...
--------------------
2023-12-11 05:16:22 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2023-12-11 05:16:22 WARNING: file '/config/openvpn/mullvad_cz_prg_credentials.conf' is group or others accessible
2023-12-11 05:16:22 OpenVPN 2.6.5 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-12-11 05:16:22 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2023-12-11 05:16:22 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-11 05:16:22 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.129.162:1301
2023-12-11 05:16:22 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2023-12-11 05:16:22 UDPv4 link local: (not bound)
2023-12-11 05:16:22 UDPv4 link remote: [AF_INET]146.70.129.162:1301
2023-12-11 05:16:22 TLS: Initial packet from [AF_INET]146.70.129.162:1301, sid=7d24ce38 94fb0e7a
2023-12-11 05:16:22 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-12-11 05:16:22 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, emailAddress=security@mullvad.net
2023-12-11 05:16:22 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v6, emailAddress=security@mullvad.net
2023-12-11 05:16:22 VERIFY KU OK
2023-12-11 05:16:22 Validating certificate extended key usage
2023-12-11 05:16:22 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-12-11 05:16:22 VERIFY EKU OK
2023-12-11 05:16:22 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=cz-prg-ovpn-101.mullvad.net, emailAddress=security@mullvad.net
2023-12-11 05:16:22 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2023-12-11 05:16:22 [cz-prg-ovpn-101.mullvad.net] Peer Connection Initiated with [AF_INET]146.70.129.162:1301
2023-12-11 05:16:22 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-12-11 05:16:22 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-12-11 05:16:23 SENT CONTROL [cz-prg-ovpn-101.mullvad.net]: 'PUSH_REQUEST' (status=1)
2023-12-11 05:16:24 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.15.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway 10.15.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1301::1002/64 fdda:d0d0:cafe:1301::,ifconfig 10.15.0.4 255.255.0.0,peer-id 2,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2023-12-11 05:16:24 Pushed option removed by filter: 'route-ipv6 0000::/2'
2023-12-11 05:16:24 Pushed option removed by filter: 'route-ipv6 4000::/2'
2023-12-11 05:16:24 Pushed option removed by filter: 'route-ipv6 8000::/2'
2023-12-11 05:16:24 Pushed option removed by filter: 'route-ipv6 C000::/2'
2023-12-11 05:16:24 Pushed option removed by filter: 'ifconfig-ipv6 fdda:d0d0:cafe:1301::1002/64 fdda:d0d0:cafe:1301::'
2023-12-11 05:16:24 OPTIONS IMPORT: --socket-flags option modified
2023-12-11 05:16:24 NOTE: setsockopt TCP_NODELAY=1 failed
2023-12-11 05:16:24 OPTIONS IMPORT: --ifconfig/up options modified
2023-12-11 05:16:24 OPTIONS IMPORT: route options modified
2023-12-11 05:16:24 OPTIONS IMPORT: route-related options modified
2023-12-11 05:16:24 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-12-11 05:16:24 OPTIONS IMPORT: tun-mtu set to 1500
2023-12-11 05:16:24 ROUTE_GATEWAY 172.30.32.1/255.255.254.0 IFACE=eth0 HWADDR=02:42:ac:1e:21:05
2023-12-11 05:16:24 TUN/TAP device tun0 opened
2023-12-11 05:16:24 /sbin/ip link set dev tun0 up mtu 1500
2023-12-11 05:16:24 /sbin/ip link set dev tun0 up
2023-12-11 05:16:24 /sbin/ip addr add dev tun0 10.15.0.4/16
2023-12-11 05:16:24 /sbin/ip route add 146.70.129.162/32 via 172.30.32.1
2023-12-11 05:16:24 /sbin/ip route add 0.0.0.0/1 via 10.15.0.1
2023-12-11 05:16:24 /sbin/ip route add 128.0.0.0/1 via 10.15.0.1
2023-12-11 05:16:24 Initialization Sequence Completed
2023-12-11 05:16:24 Data Channel: cipher 'AES-256-GCM', peer-id: 2
2023-12-11 05:16:24 Timers: ping 10, ping-restart 60
2023-12-11 05:16:24 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
--------------------
[cont-init.d] 02-vpn.sh: exited 0.
[cont-init.d] 03-network.sh: executing... 
2023-12-11 05:16:25 [INFO] Adding localhost as route via docker eth0
2023-12-11 05:16:25 [WARNING] Error adding route for localhost. The web interface won't be reachable for the affected network
2023-12-11 05:16:25 [INFO] Adding 127.0.0.1 as route via docker eth0
2023-12-11 05:16:25 [INFO] Adding 172.30.0.0/16 as route via docker eth0
2023-12-11 05:16:25 [INFO] Adding 192.168.0.0/16 as route via docker eth0
2023-12-11 05:16:25 [INFO] Adding additional incoming port 59595 for eth0
2023-12-11 05:16:25 [INFO] Adding additional incoming port 6882 for eth0
2023-12-11 05:16:25 [INFO] Adding additional outgoing port 59595 for eth0
2023-12-11 05:16:25 [INFO] Adding additional outgoing port 6882 for eth0
[cont-init.d] 03-network.sh: exited 0.
[cont-init.d] 03-nginx_ssl.sh: executing... 
[cont-init.d] 03-nginx_ssl.sh: exited 0.
[cont-init.d] 04-qbittorrent-setup.sh: executing... 
2023-12-11 05:16:25 [WARNING] ENABLE_SSL is set to no, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2023-12-11 05:16:25 [WARNING] If you manage the SSL config yourself, you can ignore this.
2023-12-11 05:16:25 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
[cont-init.d] 04-qbittorrent-setup.sh: exited 0.
[cont-init.d] 05-install.sh: executing... 
[cont-init.d] 05-install.sh: exited 0.
[cont-init.d] 90-dns_set.sh: executing... 
2023-12-11 05:16:25 write UDPv4 []: Operation not permitted (fd=3,code=1)
[05:16:35] WARNING: DNS 8.8.8.8 was requested but can't be pinged. It won't be used
2023-12-11 05:16:35 write UDPv4 []: Operation not permitted (fd=3,code=1)
[05:16:45] WARNING: DNS 1.1.1.1 was requested but can't be pinged. It won't be used
2023-12-11 05:16:45 write UDPv4 []: Operation not permitted (fd=3,code=1)
[05:16:55] WARNING: DNS 192.168.0.1 was requested but can't be pinged. It won't be used
[05:16:55] WARNING: No valid DNS were found. Using default router (or HA) dns servers.
[cont-init.d] 90-dns_set.sh: exited 0.
[cont-init.d] 91-qbittorrent_configuration.sh: executing... 
2023-12-11 05:16:55 write UDPv4 []: Operation not permitted (fd=3,code=1)
[05:16:55] INFO: Downloads can be found in /mnt/Public/Downloads
2023-12-11 05:17:06 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-11 05:17:16 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-11 05:17:24 [cz-prg-ovpn-101.mullvad.net] Inactivity timeout (--ping-restart), restarting
2023-12-11 05:17:24 SIGUSR1[soft,ping-restart] received, process restarting
2023-12-11 05:17:24 Restart pause, 1 second(s)
2023-12-11 05:17:25 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-11 05:17:25 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.129.162:1301
2023-12-11 05:17:25 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2023-12-11 05:17:25 NOTE: setsockopt TCP_NODELAY=1 failed
2023-12-11 05:17:25 UDPv4 link local: (not bound)
2023-12-11 05:17:25 UDPv4 link remote: [AF_INET]146.70.129.162:1301
2023-12-11 05:17:25 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-11 05:17:28 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-11 05:17:32 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-11 05:17:40 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-11 05:17:56 write UDPv4 []: Operation not permitted (fd=3,code=1)



### Architecture

amd64

### OS

Virtual Machine

About this issue

  • Original URL
  • State: closed
  • Created 7 months ago
  • Comments: 66 (34 by maintainers)

Commits related to this issue

Most upvoted comments

it’s all rather brittle and hard to diagnose, but we’ve made it .) thanks!

+2
Stooovie on Dec 23, 2023

I tried with your script changing only ca mullvad_ca.crt to ca /etc/openvpn/mullvad_ca.crt and it worked too!

+2
alexbelgium on Dec 23, 2023

Here is my config :

client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288
cipher AES-256-GCM
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
proto tcp
auth-user-pass mullvad_userpass.txt
ca /etc/openvpn/mullvad_ca.crt
tun-ipv6
script-security 2
remote-random
remote 146.70.129.162 443 # cz-prg-ovpn-101
remote 146.70.129.194 443 # cz-prg-ovpn-102
+2
alexbelgium on Dec 23, 2023

thank you for sticking with it 😃 i do enjoy it very much

+1
Stooovie on Dec 24, 2023

So I was indeed placing the new VPN config files in the wrong folder AGAIN (/config/openvpn instead of /addon_config/db21ed7f_qbittorrent/openvpn - please update the addon’s docs as they tell me to put it in /config/openvpn) 😃 But even in the correct folder it does THIS

crond: crond (busybox 1.36.1) started, log level 5
100000000000000100000000000000100000000000000100000000000000
111111111111111111111111
11111111111111111111111111111111
111111111111
1111111
100000000000000000000000000000000000000000000000000000000000
111111111111111111111111
11111111111111111111111111111111
111111111111
1111111
100000000000000000000000000000000000000000000000000000000000
001000000000000000000000
11111111111111111111111111111111
111111111111
1111111
100000000000000000000000000000000000000000000000000000000000
000100000000000000000000
11111111111111111111111111111111
111111111111
0000001
100000000000000000000000000000000000000000000000000000000000
000001000000000000000000
01000000000000000000000000000000
111111111111
1111111
2023-12-22 17:30:04 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2023-12-22 17:30:04 Multiple --up scripts defined.  The previously configured script is overridden.
2023-12-22 17:30:04 Multiple --down scripts defined.  The previously configured script is overridden.
2023-12-22 17:30:04 OpenVPN 2.6.8 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-12-22 17:30:04 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2023-12-22 17:30:04 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-22 17:30:04 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.129.194:80
2023-12-22 17:30:04 Socket Buffers: R=[131072->1048576] S=[16384->1048576]
2023-12-22 17:30:04 Attempting to establish TCP connection with [AF_INET]146.70.129.194:80
2023-12-22 17:30:04 TCP connection established with [AF_INET]146.70.129.194:80
2023-12-22 17:30:04 TCPv4_CLIENT link local: (not bound)
2023-12-22 17:30:04 TCPv4_CLIENT link remote: [AF_INET]146.70.129.194:80
2023-12-22 17:30:04 TLS: Initial packet from [AF_INET]146.70.129.194:80, sid=63c8bf7f 96b11db2
2023-12-22 17:30:04 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-12-22 17:30:04 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, emailAddress=security@mullvad.net
2023-12-22 17:30:04 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v6, emailAddress=security@mullvad.net
2023-12-22 17:30:04 VERIFY KU OK
2023-12-22 17:30:04 Validating certificate extended key usage
2023-12-22 17:30:04 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-12-22 17:30:04 VERIFY EKU OK
2023-12-22 17:30:04 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=cz-prg-ovpn-102.mullvad.net, emailAddress=security@mullvad.net
2023-12-22 17:30:04 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bits RSA, signature: RSA-SHA256, peer temporary key: 253 bits X25519
2023-12-22 17:30:04 [cz-prg-ovpn-102.mullvad.net] Peer Connection Initiated with [AF_INET]146.70.129.194:80
2023-12-22 17:30:04 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-12-22 17:30:04 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-12-22 17:30:05 SENT CONTROL [cz-prg-ovpn-102.mullvad.net]: 'PUSH_REQUEST' (status=1)
2023-12-22 17:30:05 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.6.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway 10.6.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:80::1005/64 fdda:d0d0:cafe:80::,ifconfig 10.6.0.7 255.255.0.0,peer-id 2,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2023-12-22 17:30:05 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
2023-12-22 17:30:05 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
2023-12-22 17:30:05 Pushed option removed by filter: 'route-ipv6 0000::/2'
2023-12-22 17:30:05 Pushed option removed by filter: 'route-ipv6 4000::/2'
2023-12-22 17:30:05 Pushed option removed by filter: 'route-ipv6 8000::/2'
2023-12-22 17:30:05 Pushed option removed by filter: 'route-ipv6 C000::/2'
2023-12-22 17:30:05 Pushed option removed by filter: 'ifconfig-ipv6 fdda:d0d0:cafe:80::1005/64 fdda:d0d0:cafe:80::'
2023-12-22 17:30:05 OPTIONS IMPORT: --socket-flags option modified
2023-12-22 17:30:05 Socket flags: TCP_NODELAY=1 succeeded
2023-12-22 17:30:05 OPTIONS IMPORT: --ifconfig/up options modified
2023-12-22 17:30:05 OPTIONS IMPORT: route-related options modified
2023-12-22 17:30:05 OPTIONS IMPORT: tun-mtu set to 1500
2023-12-22 17:30:05 TUN/TAP device tun0 opened
2023-12-22 17:30:05 /sbin/ip link set dev tun0 up mtu 1500
2023-12-22 17:30:05 /sbin/ip link set dev tun0 up
2023-12-22 17:30:05 /sbin/ip addr add dev tun0 10.6.0.7/16
2023-12-22 17:30:05 /etc/openvpn/up.sh tun0 1500 0 10.6.0.7 255.255.0.0 init
2023-12-22 17:30:05 Initialization Sequence Completed
2023-12-22 17:30:05 Data Channel: cipher 'AES-256-GCM', peer-id: 2
2023-12-22 17:30:05 Timers: ping 10, ping-restart 60
2023-12-22 17:30:05 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
s6-notifyoncheck: fatal: s6-supervise not running.
100000000000000100000000000000100000000000000100000000000000
111111111111111111111111
11111111111111111111111111111111
111111111111
1111111
100000000000000000000000000000000000000000000000000000000000
111111111111111111111111
11111111111111111111111111111111
111111111111
1111111
100000000000000000000000000000000000000000000000000000000000
001000000000000000000000
11111111111111111111111111111111
111111111111
1111111
100000000000000000000000000000000000000000000000000000000000
000100000000000000000000
11111111111111111111111111111111
111111111111
0000001
100000000000000000000000000000000000000000000000000000000000
000001000000000000000000
01000000000000000000000000000000
111111111111
1111111

that’s new… hanging on this for half an hour now

+1
Stooovie on Dec 22, 2023

Wow, that is crazy. When wireguard is in the right place, i get this:

2023-12-14 11:03:19 [INFO] Choosen VPN config: 'cz-prg-wg-101.conf'
dos2unix: converting file /config/wireguard/cz-prg-wg-101.conf to Unix format...
2023-12-14 11:03:19 [INFO] VPN remote line defined as '146.70.129.98:51820'
2023-12-14 11:03:19 [INFO] VPN_REMOTE defined as '146.70.129.98'
2023-12-14 11:03:19 [INFO] VPN_PORT defined as '51820'
2023-12-14 11:03:19 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2023-12-14 11:03:19 [INFO] VPN_DEVICE_TYPE set as 'cz-prg-wg-101'
2023-12-14 11:03:19 [ERROR] Trying to run in unprivileged mode but net.ipv4.conf.all.src_valid_mark = 0
[cont-init.d] 02-vpn.sh: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

Trying empty line in ovpn next, thats even more insane 😃))

(BTW I do have valid Mullvad sub, I have had similar errors before when it ran out, but thats not the case now)

+1
Stooovie on Dec 14, 2023

I might be a complete eejit but I only see “Sponsoring” which is where I see you sponsor Frenck but no way for me to tip you 😃

Screenshot 2023-12-13 at 11 32 30

+1
Stooovie on Dec 13, 2023

I have paid for a mullvad account and can replicate with your exact setup. Therefore I’ll be able to provide a solution. A quick one could be to use the TCP config instead of UDP, but I’ll see for another solution.

+1
alexbelgium on Dec 13, 2023

With the new script I see this repeating bit:

2023-12-12 15:32:10 Restart pause, 1 second(s) 2023-12-12 15:32:11 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2023-12-12 15:32:11 NOTE: --fast-io is disabled since we are not using UDP 2023-12-12 15:32:11 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.129.162:1301 2023-12-12 15:32:11 Socket Buffers: R=[131072->1048576] S=[16384->1048576] 2023-12-12 15:32:11 Attempting to establish TCP connection with [AF_INET]146.70.129.162:1301 2023-12-12 15:34:11 TCP: connect to [AF_INET]146.70.129.162:1301 failed: Operation timed out 2023-12-12 15:34:11 SIGUSR1[connection failed(soft),connection-failed] received, process restarting 2023-12-12 15:34:11 Restart pause, 1 second(s) 2023-12-12 15:34:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2023-12-12 15:34:12 NOTE: --fast-io is disabled since we are not using UDP 2023-12-12 15:34:12 TCP/UDP: Preserving recently used remote address: [AF_INET]217.138.199.82:1301 2023-12-12 15:34:12 Socket Buffers: R=[131072->1048576] S=[16384->1048576] 2023-12-12 15:34:12 Attempting to establish TCP connection with [AF_INET]217.138.199.82:1301 2023-12-12 15:34:12 TCP: connect to [AF_INET]217.138.199.82:1301 failed: Connection refused 2023-12-12 15:34:12 SIGUSR1[connection failed(soft),connection-failed] received, process restarting 2023-12-12 15:34:12 Restart pause, 1 second(s) 2023-12-12 15:34:13 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2023-12-12 15:34:13 NOTE: --fast-io is disabled since we are not using UDP 2023-12-12 15:34:13 TCP/UDP: Preserving recently used remote address: [AF_INET]185.216.35.242:1301 2023-12-12 15:34:13 Socket Buffers: R=[131072->1048576] S=[16384->1048576] 2023-12-12 15:34:13 Attempting to establish TCP connection with [AF_INET]185.216.35.242:1301

+1
Stooovie on Dec 12, 2023

Would you have time to do a test for me? In my Filebrowser addon, open /addon_configs/db21ed7f_qbittorrent/, add a file named qbittorrent.sh with the content below, and reboot. It should appear at top of your log : to see if internet being inaccessible is due to the container itself or the code. Thanks!!!

The script will be called by 01-custom_script.sh, therefore prior to the 02-vpn.sh script. It will allow to check that the issue is really whey the udp value in the config.ovpn and not with the addon itself.

#!/bin/bash
echo "ping"
ping -c 1 8.8.8.8

here’s the output:

s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 00-banner.sh: executing... 

-----------------------------------------------------------
 Add-on: Qbittorrent
 qBittorrent is a bittorrent client
-----------------------------------------------------------
 Add-on version: 4.6.2-13wireguard_openvpn
 You are running the latest version of this add-on.
 System: Home Assistant OS 11.2  (amd64 / qemux86-64)
 Home Assistant Core: 2023.12.1
 Home Assistant Supervisor: 2023.11.6
-----------------------------------------------------------
 Please, share the above information when looking for help
 or support in, e.g., GitHub, forums
-----------------------------------------------------------
 Provided by: https://github.com/alexbelgium/hassio-addons 
-----------------------------------------------------------
 Defining permissions for main user : 
User UID: 0
User GID : 0
-----------------------------------------------------------
[cont-init.d] 00-banner.sh: exited 0.
[cont-init.d] 00-global_migration.sh: executing... 
... moved files from /config/openvpn to /addon_configs/db21ed7f-qbittorrent/openvpn
[cont-init.d] 00-global_migration.sh: exited 0.
[cont-init.d] 00-global_var.sh: executing... 
DNS_server='8.8.8.8,1.1.1.1,192.168.0.1'
LAN_NETWORK='localhost,127.0.0.1,172.30.0.0/16,192.168.0.0/16'
PGID='0'
PUID='0'
QBT_USERNAME='stooovie'
SavePath='/mnt/Public/Downloads'
VPN_ENABLED='yes'
VPN_PASSWORD=******
VPN_TYPE='openvpn'
VPN_USERNAME='xxxxxxxxxxxxxx'
certfile='fullchain.pem'
cifspassword='Sassword2'
cifsusername='stooovie'
customUI='vuetorrent'
keyfile='privkey.pem'
networkdisks='//192.168.0.216/Public'
qbit_manage='false'
ssl='false'
[cont-init.d] 00-global_var.sh: exited 0.
[cont-init.d] 00-ipleak.sh: executing... 
[cont-init.d] 00-ipleak.sh: exited 0.
[cont-init.d] 00-local_mounts.sh: executing... 
[cont-init.d] 00-local_mounts.sh: exited 0.
[cont-init.d] 00-openvpn.sh: executing... 
[cont-init.d] 00-openvpn.sh: exited 0.
[cont-init.d] 00-smb_mounts.sh: executing... 
[11:13:20] WARNING: ------------------------
[11:13:20] WARNING: This is a new code, please report any issues on https://github.com/alexbelgium/hassio-addons
[11:13:20] WARNING: ------------------------
Mounting smb share(s)...
... using PUID 0 and PGID 0
... mounting //192.168.0.216/Public

... mounting //192.168.0.216/Public
[11:13:21] INFO: ...... //192.168.0.216/Public successfully mounted to /mnt/Public with options ,uid=0,gid=0,iocharset=utf8
[cont-init.d] 00-smb_mounts.sh: exited 0.
[cont-init.d] 01-config_yaml.sh: executing... 
Setting permissions for the config.yaml directory

Load environment variables from /config/config.yaml if existing
If accessing the file with filebrowser it should be mapped to /addon_configs/db21ed7f-qbittorrent/config.yaml
---------------------------------------------------------
Wiki here on how to use : github.com/alexbelgium/hassio-addons/wiki/Add‐ons-feature-:-add-env-variables

... no env variables found, exiting
[cont-init.d] 01-config_yaml.sh: exited 0.
[cont-init.d] 01-custom_script.sh: executing... 
Execute /config/qbittorrent.sh if existing
---------------------------------------------------------
If accessing the file with filebrowser it should be mapped to /config/*-qbittorrent/qbittorrent.sh
Wiki here : github.com/alexbelgium/hassio-addons/wiki/Add-ons-feature-:-customisation
... script found, executing
dos2unix: converting file /config/qbittorrent.sh to Unix format...
ping
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=9.88 ms

--- 8.8.8.8 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.878/9.878/9.878/0.000 ms
[cont-init.d] 01-custom_script.sh: exited 0.
[cont-init.d] 01-environment.sh: executing... 
2023-12-12 11:13:21 [INFO] LAN_NETWORK defined as 'localhost,127.0.0.1,172.30.0.0/16,192.168.0.0/16'
2023-12-12 11:13:21 [INFO] Docker network defined as 172.30.32.0/23
2023-12-12 11:13:21 [INFO] PUID defined as 0
2023-12-12 11:13:21 [INFO] PGID defined as 0
2023-12-12 11:13:21 [INFO] An user with PUID 0 already exists in /etc/passwd, nothing to do.
2023-12-12 11:13:21 [INFO] VPN_ENABLED defined as 'yes'
2023-12-12 11:13:21 [INFO] VPN_TYPE defined as 'openvpn'
2023-12-12 11:13:21 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
2023-12-12 11:13:21 [INFO] Adding 1.1.1.1 to resolv.conf
2023-12-12 11:13:21 [INFO] Adding 8.8.8.8 to resolv.conf
2023-12-12 11:13:21 [INFO] Adding 1.0.0.1 to resolv.conf
2023-12-12 11:13:21 [INFO] Adding 8.8.4.4 to resolv.conf
[cont-init.d] 01-environment.sh: exited 0.
[cont-init.d] 02-vpn.sh: executing... 
2023-12-12 11:13:21 [INFO] Choosen VPN config: 'mullvad_cz_prg.ovpn'
2023-12-12 11:13:21 [INFO] Using credentials from /config/openvpn/mullvad_cz_prg_credentials.conf
dos2unix: converting file /config/openvpn/mullvad_cz_prg.ovpn to Unix format...
2023-12-12 11:13:21 [INFO] VPN remote line defined as '185.156.174.146 1301 # cz-prg-001'
2023-12-12 11:13:21 [INFO] VPN_REMOTE defined as '185.156.174.146'
2023-12-12 11:13:21 [INFO] VPN_PORT defined as '1301'
2023-12-12 11:13:21 [INFO] VPN_PROTOCOL defined as 'udp'
2023-12-12 11:13:21 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2023-12-12 11:13:21 [INFO] Starting OpenVPN...
--------------------
2023-12-12 11:13:21 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2023-12-12 11:13:21 WARNING: file '/config/openvpn/mullvad_cz_prg_credentials.conf' is group or others accessible
2023-12-12 11:13:21 OpenVPN 2.6.5 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
2023-12-12 11:13:21 library versions: OpenSSL 3.1.4 24 Oct 2023, LZO 2.10
2023-12-12 11:13:21 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-12 11:13:21 TCP/UDP: Preserving recently used remote address: [AF_INET]185.156.174.170:1301
2023-12-12 11:13:21 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2023-12-12 11:13:21 UDPv4 link local: (not bound)
2023-12-12 11:13:21 UDPv4 link remote: [AF_INET]185.156.174.170:1301
2023-12-12 11:14:21 [UNDEF] Inactivity timeout (--ping-restart), restarting
2023-12-12 11:14:21 SIGUSR1[soft,ping-restart] received, process restarting
2023-12-12 11:14:21 Restart pause, 1 second(s)
2023-12-12 11:14:22 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-12 11:14:22 TCP/UDP: Preserving recently used remote address: [AF_INET]185.216.35.242:1301
2023-12-12 11:14:22 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2023-12-12 11:14:22 UDPv4 link local: (not bound)
2023-12-12 11:14:22 UDPv4 link remote: [AF_INET]185.216.35.242:1301
2023-12-12 11:21:09 TLS: Initial packet from [AF_INET]146.70.129.194:1301, sid=960fcdc6 ac90f1c0
2023-12-12 11:21:09 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-12-12 11:21:09 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, emailAddress=security@mullvad.net
2023-12-12 11:21:09 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v6, emailAddress=security@mullvad.net
2023-12-12 11:21:09 VERIFY KU OK
2023-12-12 11:21:09 Validating certificate extended key usage
2023-12-12 11:21:09 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-12-12 11:21:09 VERIFY EKU OK
2023-12-12 11:21:09 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=cz-prg-ovpn-102.mullvad.net, emailAddress=security@mullvad.net
2023-12-12 11:21:09 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2023-12-12 11:21:09 [cz-prg-ovpn-102.mullvad.net] Peer Connection Initiated with [AF_INET]146.70.129.194:1301
2023-12-12 11:21:09 TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
2023-12-12 11:21:09 TLS: tls_multi_process: initial untrusted session promoted to trusted
2023-12-12 11:21:10 SENT CONTROL [cz-prg-ovpn-102.mullvad.net]: 'PUSH_REQUEST' (status=1)
2023-12-12 11:21:11 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.15.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway 10.15.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1301::1005/64 fdda:d0d0:cafe:1301::,ifconfig 10.15.0.7 255.255.0.0,peer-id 5,cipher AES-256-GCM,protocol-flags cc-exit tls-ekm dyn-tls-crypt,tun-mtu 1500'
2023-12-12 11:21:11 Pushed option removed by filter: 'route-ipv6 0000::/2'
2023-12-12 11:21:11 Pushed option removed by filter: 'route-ipv6 4000::/2'
2023-12-12 11:21:11 Pushed option removed by filter: 'route-ipv6 8000::/2'
2023-12-12 11:21:11 Pushed option removed by filter: 'route-ipv6 C000::/2'
2023-12-12 11:21:11 Pushed option removed by filter: 'ifconfig-ipv6 fdda:d0d0:cafe:1301::1005/64 fdda:d0d0:cafe:1301::'
2023-12-12 11:21:11 OPTIONS IMPORT: --socket-flags option modified
2023-12-12 11:21:11 NOTE: setsockopt TCP_NODELAY=1 failed
2023-12-12 11:21:11 OPTIONS IMPORT: --ifconfig/up options modified
2023-12-12 11:21:11 OPTIONS IMPORT: route options modified
2023-12-12 11:21:11 OPTIONS IMPORT: route-related options modified
2023-12-12 11:21:11 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-12-12 11:21:11 OPTIONS IMPORT: tun-mtu set to 1500
2023-12-12 11:21:11 ROUTE_GATEWAY 172.30.32.1/255.255.254.0 IFACE=eth0 HWADDR=02:42:ac:1e:21:05
2023-12-12 11:21:11 TUN/TAP device tun0 opened
2023-12-12 11:21:11 /sbin/ip link set dev tun0 up mtu 1500
2023-12-12 11:21:11 /sbin/ip link set dev tun0 up
2023-12-12 11:21:11 /sbin/ip addr add dev tun0 10.15.0.7/16
2023-12-12 11:21:11 /sbin/ip route add 146.70.129.194/32 via 172.30.32.1
2023-12-12 11:21:11 /sbin/ip route add 0.0.0.0/1 via 10.15.0.1
2023-12-12 11:21:11 /sbin/ip route add 128.0.0.0/1 via 10.15.0.1
2023-12-12 11:21:11 Initialization Sequence Completed
2023-12-12 11:21:11 Data Channel: cipher 'AES-256-GCM', peer-id: 5
2023-12-12 11:21:11 Timers: ping 10, ping-restart 60
2023-12-12 11:21:11 Protocol options: protocol-flags cc-exit tls-ekm dyn-tls-crypt
--------------------
[cont-init.d] 02-vpn.sh: exited 0.
[cont-init.d] 03-network.sh: executing... 
2023-12-12 11:21:11 [INFO] Adding localhost as route via docker eth0
2023-12-12 11:21:11 [WARNING] Error adding route for localhost. The web interface won't be reachable for the affected network
2023-12-12 11:21:11 [INFO] Adding 127.0.0.1 as route via docker eth0
2023-12-12 11:21:11 [INFO] Adding 172.30.0.0/16 as route via docker eth0
2023-12-12 11:21:11 [INFO] Adding 192.168.0.0/16 as route via docker eth0
2023-12-12 11:21:11 [WARNING] Error adding route for 192.168.0.0/16. The web interface won't be reachable for the affected network
2023-12-12 11:21:11 [INFO] Adding additional incoming port 59595 for eth0
2023-12-12 11:21:11 [INFO] Adding additional incoming port 6882 for eth0
2023-12-12 11:21:11 [INFO] Adding additional outgoing port 59595 for eth0
2023-12-12 11:21:11 [INFO] Adding additional outgoing port 6882 for eth0
[cont-init.d] 03-network.sh: exited 0.
[cont-init.d] 03-nginx_ssl.sh: executing... 
[cont-init.d] 03-nginx_ssl.sh: exited 0.
[cont-init.d] 04-qbittorrent-setup.sh: executing... 
2023-12-12 11:21:12 [WARNING] ENABLE_SSL is set to no, SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2023-12-12 11:21:12 [WARNING] If you manage the SSL config yourself, you can ignore this.
2023-12-12 11:21:12 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
[cont-init.d] 04-qbittorrent-setup.sh: exited 0.
[cont-init.d] 05-install.sh: executing... 
[cont-init.d] 05-install.sh: exited 0.
[cont-init.d] 90-dns_set.sh: executing... 
2023-12-12 11:21:12 write UDPv4 []: Operation not permitted (fd=3,code=1)
[11:21:22] WARNING: DNS 8.8.8.8 was requested but can't be pinged. It won't be used
2023-12-12 11:21:22 write UDPv4 []: Operation not permitted (fd=3,code=1)
[11:21:32] WARNING: DNS 1.1.1.1 was requested but can't be pinged. It won't be used
2023-12-12 11:21:32 write UDPv4 []: Operation not permitted (fd=3,code=1)
[11:21:42] WARNING: DNS 192.168.0.1 was requested but can't be pinged. It won't be used
[11:21:42] WARNING: No valid DNS were found. Using default router (or HA) dns servers.
[cont-init.d] 90-dns_set.sh: exited 0.
[cont-init.d] 91-qbittorrent_configuration.sh: executing... 
[11:21:42] INFO: Downloads can be found in /mnt/Public/Downloads
2023-12-12 11:21:43 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:21:53 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:22:03 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:22:11 [cz-prg-ovpn-102.mullvad.net] Inactivity timeout (--ping-restart), restarting
2023-12-12 11:22:11 SIGUSR1[soft,ping-restart] received, process restarting
2023-12-12 11:22:11 Restart pause, 1 second(s)
2023-12-12 11:22:12 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-12 11:22:12 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.129.194:1301
2023-12-12 11:22:12 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2023-12-12 11:22:12 NOTE: setsockopt TCP_NODELAY=1 failed
2023-12-12 11:22:12 UDPv4 link local: (not bound)
2023-12-12 11:22:12 UDPv4 link remote: [AF_INET]146.70.129.194:1301
2023-12-12 11:22:12 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:22:14 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:22:18 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:22:26 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:22:42 write UDPv4 []: Operation not permitted (fd=3,code=1)
2023-12-12 11:23:12 [UNDEF] Inactivity timeout (--ping-restart), restarting
2023-12-12 11:23:12 SIGUSR1[soft,ping-restart] received, process restarting
2023-12-12 11:23:12 Restart pause, 1 second(s)
2023-12-12 11:23:13 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2023-12-12 11:23:13 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.129.162:1301
2023-12-12 11:23:13 Socket Buffers: R=[212992->1048576] S=[212992->1048576]
2023-12-12 11:23:13 NOTE: setsockopt TCP_NODELAY=1 failed
2023-12-12 11:23:13 UDPv4 link local: (not bound)
2023-12-12 11:23:13 UDPv4 link remote: [AF_INET]146.70.129.162:1301
+1
Stooovie on Dec 13, 2023

This is my ovpn file:

client
dev tun
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA
proto tcp4 ####this gets reset to "udp" on every restart of the qb addon

reneg-sec 0
fast-io
remote-random
remote 185.156.174.146 1301 # cz-prg-001
remote 146.70.129.162 1301 # cz-prg-ovpn-101
remote 146.70.129.194 1301 # cz-prg-ovpn-102
remote 185.156.174.170 1301 # cz-prg-002
remote 217.138.199.82 1301 # cz-prg-005
remote 217.138.199.74 1301 # cz-prg-004
remote 185.216.35.242 1301 # cz-prg-003
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
<ca>
-----BEGIN CERTIFICATE-----


REDACTED

-----END CERTIFICATE-----
</ca>
+1
Stooovie on Dec 11, 2023
Read more comments on GitHub
← hassio-addons: [Qbittorrent] Add-on causes host server CPU temp rise
hassio-addons: [Qbittorrent] No longer working with my VPN provider →