hassio-addons: [Qbittorrent] No longer working with my VPN provider
Which addon?
Qbittorrent
- Addon name : Qbittorrent
- Addon version : 4.4.3.1-r1-ls201
Describe the bug
With my Hotspot Shield VPN provider, I am now unable to download anything. This is what I see if I add a new download:
Full addon log
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid: 0
User gid: 0
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing...
[cont-init.d] 30-config: exited 0.
[cont-init.d] 30-nginx.sh: executing...
[cont-init.d] 30-nginx.sh: exited 0.
[cont-init.d] 90-custom-folders: executing...
[cont-init.d] 90-custom-folders: exited 0.
[cont-init.d] 90-dns_set.sh: executing...
[16:25:28] INFO: DNS SERVERS set to 1.1.1.1 8.8.8.8
[cont-init.d] 90-dns_set.sh: exited 0.
[cont-init.d] 91-qbittorrent_configuration.sh: executing...
[16:25:29] INFO: Downloads can be found in /share/qBittorrent
[16:25:29] INFO: Whitelisted subsets will not require a password : localhost,127.0.0.1,172.30.0.0/16,192.168.0.0/16
[16:25:30] INFO: WEBUI username set to qBTadmin
[16:25:30] INFO: Alternate UI enabled : vuetorrent. If webui don't work, disable this option
[16:25:32] INFO: Default username/password : admin/adminadmin
[16:25:32] INFO: Configuration can be found in /config/qBittorrent
[cont-init.d] 91-qbittorrent_configuration.sh: exited 0.
[cont-init.d] 92-local_mounts.sh: executing...
[cont-init.d] 92-local_mounts.sh: exited 0.
[cont-init.d] 92-smb_mounts.sh: executing...
[cont-init.d] 92-smb_mounts.sh: exited 0.
[cont-init.d] 93-openvpn.sh: executing...
[16:25:32] INFO: Configuring openvpn
[16:25:33] INFO: openvpn correctly set, qbittorrent will run tunnelled through openvpn
Using interface binding in the qBittorrent app
... deleting previous interface settings
... binding tun0 interface in qBittorrent configuration
... adding route-nopull to your config.ovpn
[cont-init.d] 93-openvpn.sh: exited 0.
[cont-init.d] 99-custom-files: executing...
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-files: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2022-06-16 16:25:34 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
2022-06-16 16:25:34 OpenVPN 2.5.7 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jun 2 2022
2022-06-16 16:25:34 library versions: OpenSSL 1.1.1o 3 May 2022, LZO 2.10
2022-06-16 16:25:34 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-06-16 16:25:34 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2022-06-16 16:25:34 TCP/UDP: Preserving recently used remote address: [AF_INET]x.y.z.k:8041
2022-06-16 16:25:34 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-06-16 16:25:34 UDP link local: (not bound)
2022-06-16 16:25:34 UDP link remote: [AF_INET]x.y.z.k:8041
2022-06-16 16:25:34 TLS: Initial packet from [AF_INET]x.y.z.k:8041, sid=91bf6375 3f50eb13
2022-06-16 16:25:34 VERIFY OK: depth=2, C=US, O=Internet Security Research Group, CN=ISRG Root X1
2022-06-16 16:25:34 VERIFY OK: depth=1, C=US, O=Let's Encrypt, CN=R3
2022-06-16 16:25:34 VERIFY KU OK
2022-06-16 16:25:34 Validating certificate extended key usage
2022-06-16 16:25:34 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-06-16 16:25:34 VERIFY EKU OK
2022-06-16 16:25:34 VERIFY X509NAME OK: CN=example.test
2022-06-16 16:25:34 VERIFY OK: depth=0, CN=example.test
2022-06-16 16:25:34 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1601', remote='link-mtu 1569'
2022-06-16 16:25:34 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
2022-06-16 16:25:34 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-06-16 16:25:34 [example.test] Peer Connection Initiated with [AF_INET]x.y.z.k:8041
2022-06-16 16:25:35 SENT CONTROL [example.test]: 'PUSH_REQUEST' (status=1)
2022-06-16 16:25:35 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,explicit-exit-notify,sndbuf 16384,rcvbuf 262144,dhcp-option DISABLE-NBT,redirect-gateway def1 bypass-dhcp,route-delay 5,inactive 172800 2048,route-gateway 10.254.128.1,topology subnet,ping 10,ping-restart 120,compress lz4-v2,ifconfig 10.254.128.6 255.255.128.0,peer-id 4,cipher AES-256-GCM'
2022-06-16 16:25:35 Pushed option removed by filter: 'dhcp-option DNS 8.8.8.8'
2022-06-16 16:25:35 Pushed option removed by filter: 'dhcp-option DNS 8.8.4.4'
2022-06-16 16:25:35 Pushed option removed by filter: 'dhcp-option DISABLE-NBT'
2022-06-16 16:25:35 Pushed option removed by filter: 'redirect-gateway def1 bypass-dhcp'
2022-06-16 16:25:35 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
2022-06-16 16:25:35 OPTIONS IMPORT: timers and/or timeouts modified
2022-06-16 16:25:35 OPTIONS IMPORT: explicit notify parm(s) modified
2022-06-16 16:25:35 OPTIONS IMPORT: compression parms modified
2022-06-16 16:25:35 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-06-16 16:25:35 Socket Buffers: R=[212992->524288] S=[212992->32768]
2022-06-16 16:25:35 OPTIONS IMPORT: --ifconfig/up options modified
2022-06-16 16:25:35 OPTIONS IMPORT: route-related options modified
2022-06-16 16:25:35 OPTIONS IMPORT: peer-id set
2022-06-16 16:25:35 OPTIONS IMPORT: adjusting link_mtu to 1656
2022-06-16 16:25:35 OPTIONS IMPORT: data channel crypto options modified
2022-06-16 16:25:35 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-06-16 16:25:35 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-06-16 16:25:35 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-06-16 16:25:35 TUN/TAP device tun0 opened
2022-06-16 16:25:35 /sbin/ip link set dev tun0 up mtu 1500
2022-06-16 16:25:35 /sbin/ip link set dev tun0 up
2022-06-16 16:25:35 /sbin/ip addr add dev tun0 10.254.128.6/17
2022-06-16 16:25:35 /etc/openvpn/up.sh tun0 1500 1584 10.254.128.6 255.255.128.0 init
******** Information ********
To control qBittorrent, access the WebUI at: http://localhost:8080
[16:25:37] INFO: VPN is up and running with ip a.b.c.d, based in country : AT
[16:25:37] INFO: Starting NGinx...
2022-06-16 16:25:40 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-06-16 16:25:40 Initialization Sequence Completed
Full addon config
DNS_server: 8.8.8.8,1.1.1.1
PGID: '0'
PUID: '0'
SavePath: /share/qBittorrent
Username: admin
certfile: fullchain.pem
customUI: vuetorrent
keyfile: privkey.pem
ssl: false
whitelist: localhost,127.0.0.1,172.30.0.0/16,192.168.0.0/16
TZ: ''
openvpn_config: HotspotShield_AT_v4.ovpn
openvpn_username: someuser
openvpn_password: somepass
openvpn_enabled: true
openvpn_alt_mode: false
silent: true
System
- Supervisor version: 2022.05.3
- Host system version: 8.2
Ideas
In order to remove the errors about push-options in the wrong context, I tried to add
pull-filter ignore "dhcp-option";
pull-filter ignore "redirect-gateway";
and this leads to the following lines:
2022-06-16 16:25:35 Pushed option removed by filter: 'dhcp-option DNS 8.8.8.8'
2022-06-16 16:25:35 Pushed option removed by filter: 'dhcp-option DNS 8.8.4.4'
2022-06-16 16:25:35 Pushed option removed by filter: 'dhcp-option DISABLE-NBT'
2022-06-16 16:25:35 Pushed option removed by filter: 'redirect-gateway def1 bypass-dhcp'
If I remove those pull-filter, this is what I get in the logs:
2022-06-16 17:25:10 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,explicit-exit-notify,sndbuf 16384,rcvbuf 262144,dhcp-option DISABLE-NBT,redirect-gateway def1 bypass-dhcp,route-delay 5,inactive 172800 2048,route-gateway 10.254.128.1,topology subnet,ping 10,ping-restart 120,compress lz4-v2,ifconfig 10.254.128.2 255.255.128.0,peer-id 0,cipher AES-256-GCM'
2022-06-16 17:25:10 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
2022-06-16 17:25:10 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
2022-06-16 17:25:10 Options error: option 'dhcp-option' cannot be used in this context ([PUSH-OPTIONS])
2022-06-16 17:25:10 Options error: option 'redirect-gateway' cannot be used in this context ([PUSH-OPTIONS])
Looking at the logs I reported in this previous issue, those errors were not there.
I think this is the PR that added “route-nopull”. I would consider commenting out the following lines:
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 20 (9 by maintainers)
Commits related to this issue
- Remove nopull for vpn normal mode https://github.com/alexbelgium/hassio-addons/issues/368 — committed to alexbelgium/hassio-addons by alexbelgium 2 years ago
That’s the most important, that it works ! Have fun with the addons
I really don’t know what happened, but, since it works now, it would be impossible to further debug, thus… Let’s close this issue 😄
Restoring an old version won’t work due to new HA securities that make a new config setting (init = false) mandatory which was not the case in the past. I can however try to pin a version, I’ll do that somewhat later.
I just tried, and, WITHOUT OPENVPN, downloading works: