Hello! I'm trying to set up qbittorrent and gluetun using docker compose on my home server, using the free account of ProtonVPN.
on some posts I see that ports 8080, 6881 and 6881/UDP are open in gluetun. in the guide I followed instead only port 8080 is exposed. So I exposed port 8080 and it is not working. I launched the torrent of endeavourOS iso image (that my laptop (with the same vpn) downloads in a few minutes with plenty of peers and seeds at about 4Mb/s), and it downloaded at an EXTREME low speed (a few B/s) for a few seconds, and then got stuck at stalled. When it is stalled, the qbittorrent container has no internet access (ping linux.org fails).
So my questions are:
Which ports do I need to open on gluetun? if I open 6881 wouldn't my IP be exposed bypassing gluetun?
What's wrong with my setup? Why is internet connection so slow when there is, and why does it go away so often?
Is this configuration secure? in case of gluetun fail, would my IP be leaked?
Yep, their free servers are great for trying out the service and web browsing if you don't it being slow, but none of the free servers are p2p enabled. Only paid servers have p2p
uhm I just searched and yes, it shouldn't be allowed, but I have always did it on my desktop without issues, except for it being a bit slow but nothing to worry about. Perhaps they will block it after a certain rate?
They want you to install their client, but it's wireguard under the hood, so you can make it work with glutun.
You need to generate a wireguard config file with this tool: https://github.com/ViRb3/wgcf
There is a bug with gluten which make it not accept nameservers for a custom wireguard config: https://github.com/qdm12/gluetun/issues/2042
So you will need to resolve the IP yourself.
Personally, I set it up through TrueNAS, and I didn't managed to make it work with a file config, so I passed everything through environment variables.
Use this wiki if you are lost: https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers/custom.md#wireguard
It output in USA for me, it torrent with a very decent speed, 150-200/Mbps.
And yes, it's free.
I then configured gluetun with the following docker compose file:
version: "3"
services:
gluetun:
image: qmcgaw/gluetun
container_name: gluetun
cap_add:
- NET_ADMIN
environment:
- VPN_SERVICE_PROVIDER=custom
- VPN_TYPE=wireguard
- VPN_ENDPOINT_IP=162.159.192.1 # I resolved the ip running `host engage.cloudflareclient.com`
- VPN_ENDPOINT_PORT=2408 # Endpoint from wgcf-profile.conf (engage.cloudflareclient.com:2408)
- WIREGUARD_PUBLIC_KEY=asdfghjklqwertyuiopzxcvbnm # PublicKey from wgcf-profile.conf
- WIREGUARD_PRIVATE_KEY=lkjhgfdsapoiuytrewqmnbvcxz # PrivateKey from wgcf-profile.conf
# - WIREGUARD_PRESHARED_KEY= #I dnd't find anything about this in wgcf-profile.conf, but in gluetun wiki it says it's optional, so I removed it
- WIREGUARD_ADDRESSES=172.16.0.2/32 # Address from wgcf-profile.conf (the first one)
volumes:
- ./gluetun:/gluetun
ports:
- 8080:8080 # qBittorrent
restart: unless-stopped
However, it is stuck in a loop trying to authenticate:
2024-01-24T09:59:48Z INFO [vpn] starting
2024-01-24T09:59:48Z INFO [firewall] allowing VPN connection...
2024-01-24T09:59:48Z INFO [wireguard] Using available kernelspace implementation
2024-01-24T09:59:48Z INFO [wireguard] Connecting to 162.159.192.1:2480
2024-01-24T09:59:48Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-01-24T10:01:11Z INFO [healthcheck] program has been unhealthy for 1m21s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2024-01-24T10:01:11Z INFO [vpn] stopping
2024-01-24T10:01:11Z INFO [vpn] starting
2024-01-24T10:01:11Z INFO [firewall] allowing VPN connection...
2024-01-24T10:01:11Z INFO [wireguard] Using available kernelspace implementation
2024-01-24T10:01:11Z INFO [wireguard] Connecting to 162.159.192.1:2480
2024-01-24T10:01:11Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-01-24T10:01:19Z INFO [dns] downloading DNS over TLS cryptographic files
2024-01-24T10:01:34Z WARN [dns] cannot update files: Get "https://www.internic.net/domain/named.root": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
2024-01-24T10:01:34Z INFO [dns] attempting restart in 10m40s
2024-01-24T10:01:47Z ERROR [ip getter] Get "https://ipinfo.io/": context deadline exceeded (Client.Timeout exceeded while awaiting headers) - retrying in 10m40s
2024-01-24T10:02:38Z INFO [healthcheck] program has been unhealthy for 1m26s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2024-01-24T10:02:38Z INFO [vpn] stopping
2024-01-24T10:02:38Z INFO [vpn] starting
2024-01-24T10:02:38Z INFO [firewall] allowing VPN connection...
2024-01-24T10:02:38Z INFO [wireguard] Using available kernelspace implementation
2024-01-24T10:02:38Z INFO [wireguard] Connecting to 162.159.192.1:2480
2024-01-24T10:02:38Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-01-24T10:04:09Z INFO [healthcheck] program has been unhealthy for 1m31s: restarting VPN (see https://github.com/qdm12/gluetun-wiki/blob/main/faq/healthcheck.md)
2024-01-24T10:04:09Z INFO [vpn] stopping
2024-01-24T10:04:09Z INFO [vpn] starting
2024-01-24T10:04:09Z INFO [firewall] allowing VPN connection...
2024-01-24T10:04:09Z INFO [wireguard] Using available kernelspace implementation
2024-01-24T10:04:09Z INFO [wireguard] Connecting to 162.159.192.1:2480
2024-01-24T10:04:09Z INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
Is my configuration correct or am I missing something?
Configuration looks correct, it doesnt work ?
Mind that the ipinfo also fails on my end, but torrenting works.
There are websites to test if your torrent is using a VPN or not.
Their very existence in our capitalistic market would heavily raise my suspicions as to what they do with my traffic not to be immediately running at a loss.