VPN can not connect

[xonex2020]

hello everyone i always get this message when trying to connect to the vpn.
vpn-provider: hide.me on a raspberry pi 3

It would be great if someone could tell me what the problem is.

docker run --privileged -d
-v /media/extern1/config/:/config
-v /media/extern1/downloads/:/downloads
-v /media/extern2/downloads/:/downloads2
-e "VPN_ENABLED=yes"
-e "VPN_TYPE=openvpn"
-e "LAN_NETWORK=192.168.178.0/24"
-p 8080:8080
--restart unless-stopped
trigus42/qbittorrentvpn

thank you in advance :)

2022-03-24 10:51:21 /sbin/ip route add 194.127.173.223/32 via 172.17.0.1
2022-03-24 10:51:21 /sbin/ip route del 0.0.0.0/0
2022-03-24 10:51:21 /sbin/ip route add 0.0.0.0/0 via 10.129.162.1
[cont-init.d] 02-vpn: exited 0.
2022-03-24 10:51:21 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
2022-03-24 10:51:21 add_route_ipv6(::/3 -> :: metric -1) dev tun0
2022-03-24 10:51:21 /sbin/ip -6 route add ::/3 dev tun0
RTNETLINK answers: Permission denied
2022-03-24 10:51:21 ERROR: Linux route -6 add command failed: external program exited with error status: 2
2022-03-24 10:51:21 add_route_ipv6(2000::/4 -> :: metric -1) dev tun0
2022-03-24 10:51:21 /sbin/ip -6 route add 2000::/4 dev tun0
[cont-init.d] 03-network: executing...
RTNETLINK answers: Permission denied
2022-03-24 10:51:21 ERROR: Linux route -6 add command failed: external program exited with error status: 2
2022-03-24 10:51:21 add_route_ipv6(3000::/4 -> :: metric -1) dev tun0
2022-03-24 10:51:21 /sbin/ip -6 route add 3000::/4 dev tun0
RTNETLINK answers: Permission denied
2022-03-24 10:51:21 ERROR: Linux route -6 add command failed: external program exited with error status: 2
2022-03-24 10:51:21 add_route_ipv6(fc00::/7 -> :: metric -1) dev tun0
2022-03-24 10:51:21 /sbin/ip -6 route add fc00::/7 dev tun0
RTNETLINK answers: Permission denied
2022-03-24 10:51:21 ERROR: Linux route -6 add command failed: external program exited with error status: 2
2022-03-24 10:51:21 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2022-03-24 10:51:21 Initialization Sequence Completed
2022-03-24 10:51:21 [INFO] Docker network defined as 172.17.0.0/16
2022-03-24 10:51:21 [INFO] Adding 192.168.178.0/24 as route via docker eth0
2022-03-24 10:51:21 [WARNING] Error adding route for 192.168.178.0/24. The web interface won't be reachable for the affected network
[cont-init.d] 03-network: exited 0.
[cont-init.d] 04-qbittorrent-setup: executing...
2022-03-24 10:51:21 [WARNING] ENABLE_SSL is set to , SSL is not enabled. This could cause issues with logging if other apps use the same Cookie name (SID).
2022-03-24 10:51:21 [WARNING] If you manage the SSL config yourself, you can ignore this.
2022-03-24 10:51:21 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
[cont-init.d] 04-qbittorrent-setup: exited 0.
[cont-init.d] 05-install: executing...
[cont-init.d] 05-install: exited 0.
[cont-init.d] done.
[services.d] starting services
2022-03-24 10:51:21 [INFO] Logging to /config/qBittorrent/data/logs/qbittorrent.log.
[services.d] done.
2022-03-24 10:51:21 [INFO] Trying to ping 1.1.1.1 and 8.8.8.8 over the docker interface for 500ms each...
Terminated
Terminated
2022-03-24 10:51:23 [INFO] Success: Could not connect. This means the firewall is most likely working properly.
2022-03-24 10:51:23 [INFO] qBittorrent started with PID 474
2022-03-24 10:51:23 [INFO] HEALTH_CHECK_HOST is not set. Using default host one.one.one.one
2022-03-24 10:51:23 [INFO] HEALTH_CHECK_INTERVAL is not set. Using default interval of 5s
2022-03-24 10:51:23 write UDP: Operation not permitted (code=1)
2022-03-24 10:51:23 write UDP: Operation not permitted (code=1)
2022-03-24 10:51:23 write UDP: Operation not permitted (code=1)
2022-03-24 10:51:23 write UDP: Operation not permitted (code=1)
2022-03-24 10:51:23 write UDP: Operation not permitted (code=1)

[Trigus42]

Seems like your VPN config includes an IPv6 configuration. Your container, however probably does not have IPv6 connectivity and also this image isn't designed for IPv6.
Please post the upper part of your VPN config, which could look like this:

client
dev tun
proto udp
remote whiskergalaxy.com 443
verify-x509-name windscribe.com name

nobind


resolv-retry infinite

cipher AES-256-GCM
ncp-ciphers AES-256-GCM:AES-256-CBC:AES-128-GCM
auth SHA512

verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun

key-direction 1

[xonex2020]

Hey,
I can download the ovpn files from the provider's user interface. Therefore, unfortunately, I cannot individualize them from the provider's side

client
dev tun
proto udp
remote amsterdam2.hideservers.net 3000
cipher AES-256-CBC
auth SHA256
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
verb 3
auth-user-pass
reneg-sec 900
remote-cert-tls server
verify-x509-name "*.hide.me" name
tls-version-min 1.2

-----BEGIN CERTIFICATE-----

[Jomibe]

Hey there, I troubleshooted the issue together with @xonex2020. We solved the problem which affected our setups (both on raspberry pi 3) :

After appending --sysctl net.ipv6.conf.all.disable_ipv6=1 to the docker run command the write UDP: Operation not permitted (code=1) messages disappeared. We then were able to connect to the webserver, but only from inside the container. We noticed another error message Error adding route for 192.168.178.0/24. The web interface won't be reachable for the affected network. There may be an issue with route configuration in /rootfs/etc/cont-init.d/03-network.sh because after we added the route with ip route add "192.168.178.0/24" via "172.17.0.1" dev "eth0" when the container was fully started we were able to connect to the webserver from outside and everything worked as expected.

We might be able to provide a fix via pull request but please tell us first what do you think on these issues. Thank you and have a nice day.

[Trigus42]

Please try to add this to your VPN config:

pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "tun-ipv6"
pull-filter ignore "redirect-gateway ipv6"
pull-filter ignore "dhcp-option DNS6"

Edit: Didn't see your second message

[Trigus42]

We noticed another error message Error adding route for 192.168.178.0/24. The web interface won't be reachable for the affected network.

You can try out the image trigus42/qbittorrentvpn:testing. It should fix this issue.

[almereyda]

I always come back here to remember to delete the IPv6 addresses from the wireguard configuration file provided by the provider, in order to have this container working again, when credentials were cycled.

Seems like your VPN config includes an IPv6 configuration. Your container, however probably does not have IPv6 connectivity and also this image isn't designed for IPv6.