Can't reach WebUI while using a VPN and a different port than 8080
LucaAlbanese297 opened this issue · 4 comments
my docker-compose.yml:
services:
qbittorrent:
container_name: qbittorrent
image: hotio/qbittorrent
ports:
- "8686:8686" #8080 is already bind
- "8118:8118"
environment:
- PUID=1001
- PGID=100
- UMASK=002
- TZ=Europe/London
- VPN_ENABLED=true
- VPN_LAN_NETWORK=192.168.1.4 #same private address of pi
- VPN_CONF=wg0
- PRIVOXY_ENABLED=false
- WEBUI_PORTS=8686/tcp,8686/udp #set new port fot the WebUI
volumes:
- /home/alba/DockerApps/qbitorrent/config/:/config
cap_add:
- NET_ADMIN
sysctls:
- net.ipv4.conf.all.src_valid_mark=1
- net.ipv6.conf.all.disable_ipv6=0
container log:
ENVIRONMENT
1
PGID=100
2
TZ=Europe/London
WEBUI_PORTS=8686/tcp,8686/udp
VPN_ENABLED=true
VPN_LAN_NETWORK=192.168.1.4
VPN_CONF=wg0
VPN_ADDITIONAL_PORTS=
PRIVOXY_ENABLED=false
Executing usermod...
Applying permissions to /config
[cont-init.d] 00-start-container: exited 0.
[cont-init.d] 01-configure-app: executing...
[cont-init.d] 01-configure-app: exited 0.
[cont-init.d] 02-setup-wg: executing...
[INFO] Docker network type is not set to "host".
[INFO] "sysctl net.ipv4.conf.all.src_valid_mark=1" is set.
[INFO] Configuration file "/config/wireguard/wg0.conf" was found.
[INFO] WireGuard is down. Continuing...
[INFO] Starting WireGuard...
[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add x.x.x.x/32 dev wg0
[#] ip -6 address add x : x : x : x : : x : x/128 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -6 route add ::/0 dev wg0 table 51820
[#] ip -6 rule add not fwmark 51820 table 51820
[#] ip -6 rule add table main suppress_prefixlength 0
[#] ip6tables-restore -n
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] echo skipping setting net.ipv4.conf.all.src_valid_mark
skipping setting net.ipv4.conf.all.src_valid_mark
[#] iptables-restore -n
[INFO] WireGuard is started.
[INFO] WebUI ports are "8686/tcp,8686/udp".
[INFO] Additional ports are "".
[INFO] WireGuard remote is "x.x.x.x:51820".
[INFO] Docker network interface is "eth0".
[INFO] Docker network IP is "172.27.0.2".
[INFO] Docker network CIDR is "172.27.0.0/16".
[INFO] Adding "192.168.1.4" as route via interface "eth0".
[INFO] ip route overview:
default via 172.27.0.1 dev eth0
172.27.0.0/16 dev eth0 proto kernel scope link src 172.27.0.2
192.168.1.4 via 172.27.0.1 dev eth0
[INFO] Configuring iptables...
[INFO] Configuring ip6tables...
[INFO] iptables overview:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i wg0 -p udp -m udp --dport 8686 -j DROP
-A INPUT -i wg0 -p tcp -m tcp --dport 8686 -j DROP
-A INPUT -i wg0 -p udp -j ACCEPT
-A INPUT -i wg0 -p tcp -j ACCEPT
-A INPUT -s 172.27.0.0/16 -d 172.27.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 51820 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8686 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8686 -j ACCEPT
-A OUTPUT -o wg0 -p udp -m udp --sport 8686 -j DROP
-A OUTPUT -o wg0 -p tcp -m tcp --sport 8686 -j DROP
-A OUTPUT -o wg0 -p udp -j ACCEPT
-A OUTPUT -o wg0 -p tcp -j ACCEPT
-A OUTPUT -s 172.27.0.0/16 -d 172.27.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8686 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8686 -j ACCEPT
[INFO] ip6tables overview:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i wg0 -p udp -m udp --dport 8686 -j DROP
-A INPUT -i wg0 -p tcp -m tcp --dport 8686 -j DROP
-A INPUT -i wg0 -p udp -j ACCEPT
-A INPUT -i wg0 -p tcp -j ACCEPT
-A OUTPUT -o wg0 -p udp -m udp --sport 8686 -j DROP
-A OUTPUT -o wg0 -p tcp -m tcp --sport 8686 -j DROP
-A OUTPUT -o wg0 -p udp -j ACCEPT
-A OUTPUT -o wg0 -p tcp -j ACCEPT
[INFO] Your old ipv4 is "x.x.x.x", your new ipv4 is "x.x.x.x".
[INFO] Your old ipv6 is "", your new ipv6 is "x : x : x : x : : x".
[cont-init.d] 02-setup-wg: exited 0.
[cont-init.d] 03-setup-privoxy: executing...
[cont-init.d] 03-setup-privoxy: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
192.168.1.4:8686 is unreachable from local network
fixed adding these two lines to wg0.conf:
PostUp = DROUTE=$(ip route | grep default | awk '{print $3}'); HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route add $HOMENET3 via $DROUTE;ip route add $HOMENET2 via $DROUTE; ip route add $HOMENET via $DROUTE;iptables -I OUTPUT -d $HOMENET -j ACCEPT;iptables -A OUTPUT -d $HOMENET2 -j ACCEPT; iptables -A OUTPUT -d
$HOMENET3 -j ACCEPT; iptables -A OUTPUT ! -o %i -m mark ! --mark $ (wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECTPreDown = HOMENET=192.168.0.0/16; HOMENET2=10.0.0.0/8; HOMENET3=172.16.0.0/12; ip route del $HOMENET3 via $DROUTE;ip route del $HOMENET2 via $DROUTE; ip route del $HOMENET via
$DROUTE; iptables -D OUTPUT ! -o %i -m mark ! --mark $ (wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT; iptables -D OUTPUT -d $HOMENET -j ACCEPT; iptables -D OUTPUT -d $HOMENET2 -j ACCEPT; iptables -D OUTPUT -d $HOMENET3 -j ACCEPT
not the correct solution, but ok
not the correct solution, but ok
What's the correct solution?
I'm having the same issue, did anyone found a better solution?
EDIT: Got it.
I got my wg0.conf files by downloading them from Mullvad. However, these files have a "PreDown" and a "PostUp" directive. Removing them solved the issue for me.