Connection refused when trying to access WebUI

[AidanTweedy]

Hi all,

I've run into an issue while using this Docker image where I am unable to access the WebUI due to a Connection Refused error message. I was able to exec into the container, and running curl ifconfig.io gave me a different IP address than outside the container, so I know the VPN is connected. I was also able to ping 8.8.8.8 from the container successfully, so it can access the internet.

The server running the image is running on 192.168.1.2 , so I set the LAN_NETWORK env variable accordingly. I am using Fedora 36 as the OS in this case.

I'm running nginx on the server as well, but it is only touching ports 80 and 443, and should not be touching this at all. I am attempting to access the WebUI with 192.168.1.2:8080, but get the connection is refused. When the service isn't running, I get a timeout so I know something is happening behind the scenes.

Any help would be appreciated.

docker-compose.yml:

version: "3.3"
services:
  dyonr-qbittorrent-openvpn:
    volumes:
      - "/media/seagate/qbittorrent/downloads:/downloads"
      - "/media/seagate/qbittorrent/config:/config"
    environment:
      - VPN_TYPE=openvpn
      - VPN_ENABLED=yes
      - VPN_USERNAME=<removed>
      - VPN_PASSWORD=<removed>
      - PUID=1000
      - PGID=1000
      - LAN_NETWORK=192.168.1.0/24
      - LEGACY_IPTABLES=no
    ports:
      - 8080:8080
    image: dyonr/qbittorrentvpn:latest      
    restart: unless-stopped
    devices:
      - /dev/net/tun
    cap_add:
      - NET_ADMIN

Container log:

2023-04-13 21:37:23.545757 [INFO] VPN_ENABLED defined as 'yes'
2023-04-13 21:37:23.574816 [INFO] LEGACY_IPTABLES is set to 'no'
2023-04-13 21:37:23.603468 [INFO] Not making any changes to iptables version
2023-04-13 21:37:23.634121 [INFO] The container is currently running iptables v1.8.7 (nf_tables).
2023-04-13 21:37:23.663719 [INFO] VPN_TYPE defined as 'openvpn'
2023-04-13 21:37:23.694721 [INFO] OpenVPN config file is found at /config/openvpn/config.ovpn
dos2unix: converting file /config/openvpn/config.ovpn to Unix format...
2023-04-13 21:37:23.736129 [INFO] VPN remote line defined as '146.70.168.2 1195 # us-nyc-ovpn-501'
2023-04-13 21:37:23.769821 [INFO] VPN_REMOTE defined as '146.70.168.2'
2023-04-13 21:37:23.806523 [INFO] VPN_PORT defined as '1195'
2023-04-13 21:37:23.839851 [INFO] VPN_PROTOCOL defined as 'udp'
2023-04-13 21:37:23.871445 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2023-04-13 21:37:23.906975 [INFO] LAN_NETWORK defined as '192.168.1.0/24'
2023-04-13 21:37:23.943296 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
2023-04-13 21:37:23.979292 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2023-04-13 21:37:24.011112 [INFO] Adding 1.1.1.1 to resolv.conf
2023-04-13 21:37:24.043830 [INFO] Adding 8.8.8.8 to resolv.conf
2023-04-13 21:37:24.080935 [INFO] Adding 1.0.0.1 to resolv.conf
2023-04-13 21:37:24.118387 [INFO] Adding 8.8.4.4 to resolv.conf
2023-04-13 21:37:24.147664 [INFO] Starting OpenVPN...
2023-04-13 21:37:24 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-04-13 21:37:24 WARNING: file 'credentials.conf' is group or others accessible
2023-04-13 21:37:24 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2023-04-13 21:37:24 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
2023-04-13 21:37:24 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.165.66:1195
2023-04-13 21:37:24 Socket Buffers: R=[212992->425984] S=[212992->425984]
2023-04-13 21:37:24 UDP link local: (not bound)
2023-04-13 21:37:24 UDP link remote: [AF_INET]146.70.165.66:1195
2023-04-13 21:37:24 TLS: Initial packet from [AF_INET]146.70.165.66:1195, sid=4d4e6c47 30d0f690
2023-04-13 21:37:24 VERIFY OK: depth=2, C=SE, ST=Gotaland, L=Gothenburg, O=Amagicom AB, OU=Mullvad, CN=Mullvad Root CA v2, [email protected]
2023-04-13 21:37:24 VERIFY OK: depth=1, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=Mullvad Intermediate CA v5, [email protected]
2023-04-13 21:37:24 VERIFY KU OK
2023-04-13 21:37:24 Validating certificate extended key usage
2023-04-13 21:37:24 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-04-13 21:37:24 VERIFY EKU OK
2023-04-13 21:37:24 VERIFY OK: depth=0, C=SE, ST=Gotaland, O=Amagicom AB, OU=Mullvad, CN=us-nyc-ovpn-504.mullvad.net, [email protected]
2023-04-13 21:37:24 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1558'
2023-04-13 21:37:24 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2023-04-13 21:37:24 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, 4096 bit RSA
2023-04-13 21:37:24 [us-nyc-ovpn-504.mullvad.net] Peer Connection Initiated with [AF_INET]146.70.165.66:1195
2023-04-13 21:37:25 SENT CONTROL [us-nyc-ovpn-504.mullvad.net]: 'PUSH_REQUEST' (status=1)
2023-04-13 21:37:26 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.9.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.9.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:1195::1006/64 fdda:d0d0:cafe:1195::,ifconfig 10.9.0.8 255.255.0.0,peer-id 6,cipher AES-256-GCM'
2023-04-13 21:37:26 Pushed option removed by filter: 'route-ipv6 0000::/2'
2023-04-13 21:37:26 Pushed option removed by filter: 'route-ipv6 4000::/2'
2023-04-13 21:37:26 Pushed option removed by filter: 'route-ipv6 8000::/2'
2023-04-13 21:37:26 Pushed option removed by filter: 'route-ipv6 C000::/2'
2023-04-13 21:37:26 Pushed option removed by filter: 'ifconfig-ipv6 fdda:d0d0:cafe:1195::1006/64 fdda:d0d0:cafe:1195::'
2023-04-13 21:37:26 OPTIONS IMPORT: compression parms modified
2023-04-13 21:37:26 OPTIONS IMPORT: --socket-flags option modified
2023-04-13 21:37:26 NOTE: setsockopt TCP_NODELAY=1 failed
2023-04-13 21:37:26 OPTIONS IMPORT: --ifconfig/up options modified
2023-04-13 21:37:26 OPTIONS IMPORT: route options modified
2023-04-13 21:37:26 OPTIONS IMPORT: route-related options modified
2023-04-13 21:37:26 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-04-13 21:37:26 OPTIONS IMPORT: peer-id set
2023-04-13 21:37:26 OPTIONS IMPORT: adjusting link_mtu to 1624
2023-04-13 21:37:26 OPTIONS IMPORT: data channel crypto options modified
2023-04-13 21:37:26 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-04-13 21:37:26 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-04-13 21:37:26 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-04-13 21:37:26 net_route_v4_best_gw query: dst 0.0.0.0
2023-04-13 21:37:26 net_route_v4_best_gw result: via 172.26.0.1 dev eth0
2023-04-13 21:37:26 ROUTE_GATEWAY 172.26.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:1a:00:02
2023-04-13 21:37:26 TUN/TAP device tun0 opened
2023-04-13 21:37:26 net_iface_mtu_set: mtu 1500 for tun0
2023-04-13 21:37:26 net_iface_up: set tun0 up
2023-04-13 21:37:26 net_addr_v4_add: 10.9.0.8/16 dev tun0
2023-04-13 21:37:26 net_route_v4_add: 146.70.165.66/32 via 172.26.0.1 dev [NULL] table 0 metric -1
2023-04-13 21:37:26 net_route_v4_add: 0.0.0.0/1 via 10.9.0.1 dev [NULL] table 0 metric -1
2023-04-13 21:37:26 net_route_v4_add: 128.0.0.0/1 via 10.9.0.1 dev [NULL] table 0 metric -1
2023-04-13 21:37:26 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-04-13 21:37:26 Initialization Sequence Completed
2023-04-13 21:37:27.333695 [INFO] Docker network defined as 172.26.0.0/16
2023-04-13 21:37:27.370301 [INFO] Adding 192.168.1.0/24 as route via docker eth0
2023-04-13 21:37:27.399872 [INFO] ip route defined as follows...
--------------------
0.0.0.0/1 via 10.9.0.1 dev tun0 
default via 172.26.0.1 dev eth0 
10.9.0.0/16 dev tun0 proto kernel scope link src 10.9.0.8 
128.0.0.0/1 via 10.9.0.1 dev tun0 
146.70.165.66 via 172.26.0.1 dev eth0 
172.26.0.0/16 dev eth0 proto kernel scope link src 172.26.0.2 
192.168.1.0/24 via 172.26.0.1 dev eth0 
--------------------
2023-04-13 21:37:27.504332 [INFO] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.26.0.0/16 -d 172.26.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1195 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.26.0.0/16 -d 172.26.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1195 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
2023-04-13 21:37:27.760853 [WARNING] ENABLE_SSL is set to '', SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2023-04-13 21:37:27.785556 [WARNING] Removing the SSL configuration from the config file...
2023-04-13 21:37:27.818286 [INFO] A group with PGID 1000 does not exist within this container, adding a group called 'qbittorrent' with PGID 1000
2023-04-13 21:37:27.970154 [INFO] An user with PUID 1000 does not exist within this container, adding an user called 'qbittorrent user' with PUID 1000
2023-04-13 21:37:28.256208 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2023-04-13 21:37:28.285504 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2023-04-13 21:37:29.318018 [INFO] Started qBittorrent daemon successfully...
2023-04-13 21:37:29.342021 [INFO] qBittorrent PID: 355
2023-04-13 21:37:29.365264 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one
2023-04-13 21:37:29.387449 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300
2023-04-13 21:37:29.410179 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default
2023-04-13 21:37:29.432181 [WARNING] RESTART_CONTAINER not defined,(via -e RESTART_CONTAINER), defaulting to 'yes'
2023-04-13 21:37:29.454711 [INFO] HEALTH_CHECK_AMOUNT is not set. For now using default interval of 1
2023-04-13 21:37:29.476976 [INFO] HEALTH_CHECK_AMOUNT is set to 1

[ybizeul]

I had the same issue, but it was user error in my case. I set the LAN to the subnet of my lab's but I was accessing from another network.
Once I set this network also everything worked