Solved Trouble Establishing Inbound Connections to qBittorrent over OpenVPN

Solved issue

ipkpjersi

New Member
Joined
Jun 7, 2023
Messages
8
Reaction score
5
Credits
88
Hi everyone,

I'm trying to establish a private torrenting setup using qBittorrent on my local whitebox server machine using Ubuntu 22.04 called seedbox-server and a Virtual Private Server (VPS) as a VPN using Ubuntu 22.04 and OpenVPN (I used GitHub - Nyr/openvpn-install: OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora) called openvpn-server. My local machine, acting as a private tracker seedbox, has qbittorrent-nox (Release qbittorrent 4.5.3 libtorrent 2.0.9 · userdocs/qbittorrent-nox-static) installed and configured to use port 15986 for inbound connections with tun0 as the network interface. My goal is to have all torrenting traffic from my seedbox go through my VPS, mostly for privacy reasons.

I've successfully set up a VPN connection between my seedbox and VPS using OpenVPN, and all traffic seems to flow fine through the VPN tunnel for regular tasks - or at least, curl ifconfig.me returns the public IP of my OpenVPN VPS server (5x.xx.xx.xx) on my seedbox while connected to the VPN. However, I've encountered a problem where my seedbox's qBittorrent service is unable to have working inbound connections over the VPN, the port appears closed and private tracker connection tests say things like the client on 5x.xx.xx.xx:15986 appears to be not connectable due to: Connection timed out

Despite seeing traffic on port 15986 (which indicates qBittorrent should be operational) on the seedbox via sudo tcpdump -i any port 15986, I can't seem to connect to the VPN IP 10.8.0.2 on that port via telnet 10.8.0.2 15986 from my OpenVPN server VPS and can't connect to the public OpenVPN server VPS IP (5x.xx.xx.xx) on port 15986. Also, traceroute -p 15986 10.8.0.1 on my seedbox returns 10.8.0.2, and vice versa with traceroute -p 15986 10.8.0.2 on my VPS/VPN server returning 10.0.8.2 - ping also works in both directions too.

My current issue lies in troubleshooting why I can't connect to the qBittorrent service on my seedbox through the VPN. It's unclear whether the problem stems from qBittorrent's configuration, the way my VPN routes traffic, or potential interference from other services or network hardware.

Here is my setup:

seedbox-server (client) VPN IP: 10.8.0.2

openvpn-server (server) VPN IP: 10.8.0.1

seedbox-server.ovpn (IP redacted):
Code:
    client
    dev tun
    proto udp
    remote 5x.xx.xx.xx 1194
    resolv-retry infinite
    nobind
    persist-key
    persist-tun
    remote-cert-tls server
    auth SHA512
    cipher AES-256-CBC
    ignore-unknown-option block-outside-dns
    verb 3

openvpn-server /etc/openvpn/server/server.conf (IPs redacted):
Code:
    local 5x.xx.xx.xx
    port 1194
    proto udp
    dev tun
    ca ca.crt
    cert server.crt
    key server.key
    dh dh.pem
    auth SHA512
    tls-crypt tc.key
    topology subnet
    server 10.8.0.0 255.255.255.0
    push "redirect-gateway def1 bypass-dhcp"
    ifconfig-pool-persist ipp.txt
    push "dhcp-option DNS 2xx.xx.xx.xx"
    push "block-outside-dns"
    keepalive 10 120
    cipher AES-256-CBC
    user nobody
    group nogroup
    persist-key
    persist-tun
    verb 3
    crl-verify crl.pem
    explicit-exit-notify

openvpn-server ip route (IPs redacted):
Code:
    default via 5x.xx.xx.1 dev ens3 proto dhcp src 5x.xx.xx.xx metric 100
    10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
    5x.xx.xx.1 dev ens3 proto dhcp scope link src 5x.xx.xx.xx metric 100
    2xx.xx.xx.xx via 5x.xx.xx.1 dev ens3 proto dhcp src 5x.xx.xx.xx metric 100

seedbox-server ip route (IPs redacted):
Code:
    0.0.0.0/1 via 10.8.0.1 dev tun0
    default via 192.168.x.1 dev ens6f0 proto static
    default via 192.168.x.1 dev ens6f0 proto dhcp src 192.168.x.xx metric 100
    10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.2
    5x.xx.xx.xx via 192.168.x.1 dev ens6f0
    128.0.0.0/1 via 10.8.0.1 dev tun0
    192.168.x.0/24 dev ens6f0 proto kernel scope link src 192.168.x.xx
    192.168.x.1 dev ens6f0 proto dhcp scope link src 192.168.x.xx metric 100

openvpn-server iptables: openvpn-server iptables

openvpn-server nat iptables: openvpn-server nat iptables

seedbox-server iptables: seedbox-server iptables

seedbox-server nat iptables: seedbox-server nat iptables

UFW is disabled on both servers. Please let me know if any more details are needed.

I would love any help or advice with this. Thank you for taking the time to read this, I really do appreciate it more than words can express.

UPDATE: I have fixed my networking issue. The issue was that I had an unnecessary iptables postrouting rule. I removed the postrouting rule, and the portforwarding is now working perfectly.
 
Last edited:


Nice work by the looks of it (above my paygrade) and thanks for sharing.

Welcome to linux.org :)

Chris Turner
wizardfromoz
 


Top