Port Forwarding Troubles

[wah00kid]

Hey All,

First thanks for this community and YAMS!

So I have gotten my vpn provider Torguard hooked up to gluetun in a docker container running on debian 12 in a proxmox VM now twice. Once using wireguard and now using openvpn.. both times I got the setup to work and survive reboots where the yams check-vpn is successful. It wasnt easy for me either time but I have succeeded both ways.

I have not had success with portforwarding in either scenario. Here are my docker-compose for gluetun and my conf file

Code: Select all

client
dev tun
proto udp
remote XXX.XXX.XXX.XXX XXXX
remote-cert-tls server
auth SHA256
key-direction 1
setenv CLIENT_CERT 0
<tls-crypt>
-----BEGIN OpenVPN Static key V1-----
dsajflkajlkdsajfdslkajlk
-----END OpenVPN Static key V1-----
</tls-crypt>
resolv-retry infinite
nobind
tls-version-min 1.2
cipher AES-256-CBC
auth-user-pass
compress
tun-mtu-extra 32
<ca>
-----BEGIN CERTIFICATE-----
dskjaflkdajdslkfjalkjfl
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
sdkfajdksjlkfdsajdslkj
-----END CERTIFICATE-----
</ca>

Code: Select all

# Gluetun is our VPN, so you can download torrents safely
  gluetun:
    image: qmcgaw/gluetun:v3
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8003:8000/tcp # Admin
      - 8080:8080/tcp # qbittorrent
      - 8081:8081/tcp # gluetun
    volumes:
      - /mnt/xxx/xxx.conf:/gluetun/xxx.conf
   environment:
      - VPN_SERVICE_PROVIDER=custom
      - OPENVPN_CUSTOM_CONFIG=/gluetun/tor.conf
      - OPENVPN_USER="xjkdfkjfakjhfkjdk"
      - OPENVPN_PASSWORD="dskfajfdslkajflad"
      - FIREWALL_VPN_INPUT_PORTS=1XXXX 
    #  - VPN_PORT_FORWARDING=on
    #  - VPN_TYPE=openvpn
    #  - OPENVPN_USER=${VPN_USER}
    #  - OPENVPN_PASSWORD=${VPN_PASSWORD}
    #  - OPENVPN_CIPHERS=AES-256-GCM
    #  - PORT_FORWARD_ONLY=on
    #  - VPN_PORT_FORWARDING=on
    restart: unless-stopped

I also went into the client area Torguard and did the appropriate port forward requests and udp and tcp are both showing as active on my correct IP address. I checked the port numbers in all three places so many times...

I also set the correct port in the connections tab in the qbittorrent settings. i also have portforwarding from my router set

I have also put the port 1xxxx into the port forwarding section of my router pointed to the ip address of the debian 12 that is hosting the docker containers... it occurs to me right now if i shouldn;t forward the port in my router to point to the proxmox machine.. hmmm

Anway that is what I have done and I can't portwarding to correctly show up in the qbittorrent status check at the bottom of the gui. I also get this output from the port command for gluetun:

Code: Select all

user@host:/mnt/yams$ curl http://localhost:8003/v1/openvpn/portforwarded
{"port":0}

Well.. im stuck any ideas-im pretty low average at linux and a very beginner in proxmox

[rogs]

Hi @wah00kid!

Check the documentation for your VPN.

Gluetun does not support port forwarding with Torguard https://github.com/qdm12/gluetun-wiki/b ... orguard.md

Cheers!

Roger.

[wah00kid]

Hmm the documentation says that it natively supports only two providers for port forwarding but does indicate environmental variables to set if you are bringing your own VPN.

anyway i found this post on reddit which seems to indicate that it is possible with wireguard:

https://www.reddit.com/r/selfhosted/com ... etun_with/

Anyway the relevant part seems to be within the gluetun container port config which makes total sense:

Code: Select all

gluetun:
    image: qmcgaw/gluetun
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    networks:
      - mediarr
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 6881:6881
      - 6881:6881/udp
      - 6881:6881/tcp
      - 8081:8081 # qBittorrent
      - 9696:9696 # prowlarr
      - 8989:8989 # sonarr
      - 7878:7878 # radarr
      - 6767:6767 # bazarr
      - "${PORT:-8191}:8191" # flaresolverr
      - 51820:51820
      - 51821:51821
      - 9000:9000
    volumes:
      - /media/jellyfin/workhorse/gluetun:/gluetun
    environment: 
      # See 
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP=vps_ip_address
      - VPN_ENDPOINT_PORT=51820
      - WIREGUARD_PUBLIC_KEY=server_side_public_key
      - WIREGUARD_PRIVATE_KEY=client_side_private_key
      - WIREGUARD_ADDRESSES=allowed_ips_peer
      - FIREWALL_VPN_INPUT_PORTS=6881
      - TZ=America/New_York
      - UPDATER_PERIOD=24h

and then someone else:

Code: Select all

 gluetun:

image: qmcgaw/gluetun

cap_add:

- NET_ADMIN

network_mode: bridge

ports:

- 8999:8999

- :/tcp # Port forwarded port here

devices:

- /dev/net/tun:/dev/net/tun

environment:

- VPN_SERVICE_PROVIDER=custom

- VPN_TYPE=wireguard

- VPN_ENDPOINT_IP=

- VPN_ENDPOINT_PORT=

- WIREGUARD_PUBLIC_KEY=

- WIREGUARD_PRIVATE_KEY=

- WIREGUARD_ADDRESSES=

- FIREWALL_VPN_INPUT_PORTS=TORRENTING_PORT,QBIT_PORT

- FIREWALL_OUTBOUND_SUBNETS= 

I'm gonna play around with this but if anyone can make sense of this let me know

[rogs]

Read Gluetun's documentation. Gluetun does not support port forwarding with Torguard

See the screenshot:

If it did, the Torguard documentation would have a section for it, like

• ProtonVPN: https://github.com/qdm12/gluetun-wiki/b ... forwarding
• Perfect Privacy: https://github.com/qdm12/gluetun-wiki/b ... forwarding
• Private Internet Access: https://github.com/qdm12/gluetun-wiki/b ... forwarding
• PrivateVPN: https://github.com/qdm12/gluetun-wiki/b ... forwarding

[rogs]

It might be able to work as a custom VPN with Wireguard, but it's not guaranteed. If you find it works, try reporting it in Gluetun! Or even better, try pushing a PR with instructions on how to set it up!

[wah00kid]

Got it working!

in qbittorrent in connections tab:

peer connection protocol : tcp
then put in the port forwarded

Code: Select all

gluetun:
    image: qmcgaw/gluetun:v3
    container_name: gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8003:8000/tcp # Admin
      - 8080:8080/tcp # qbittorrent
      - 8081:8081/tcp # gluetun
      - xxxxx:xxxxx/tcp #port forward
      - xxxxx:xxxxx/udp #port forward
      - xxxxx:xxxxx #port forward
    volumes:
      - /mnt//xxxxx/xxx.conf:/gluetun/xxx.conf
      - /mnt/xxxxxx/ca.crt:/gluetun/ca.crt
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - OPENVPN_CUSTOM_CONFIG=/gluetun/xxx.conf
      - OPENVPN_USER="xxxxx"
      - OPENVPN_PASSWORD="xxxxxx"
      - FIREWALL_VPN_INPUT_PORTS=xxxx,8080
    #  - VPN_PORT_FORWARDING=on
    #  - VPN_TYPE=openvpn
    #  - OPENVPN_USER=${VPN_USER}
    #  - OPENVPN_PASSWORD=${VPN_PASSWORD}
    #  - OPENVPN_CIPHERS=AES-256-GCM
    #  - PORT_FORWARD_ONLY=on
    #  - VPN_PORT_FORWARDING=on
    restart: unless-stopped
    

[rogs]

Nice! Make sure you report it to the gluetun documentation! That way others can benefit of your discovery