Bug: Using qBittorrent with GlueTun v3.38.0 results in very low upload speeds and low ratio ( mostly 0 )

[schweppes-0x]

Is this urgent?

None

Host OS

DSM 7.2.1

CPU arch

x86_64

VPN service provider

NordVPN

What are you using to run the container

Portainer

What is the version of Gluetun

Running version v3.38.0 built on 2023-03-25 (commit b3ceece)

What's the problem 🤔

I have tried setting up qBittorrent to use gluetun + wireguard + nordvpn. Seems like gluetun succesfully connects to the VPN and is working well. However whenever I download something with qBittorrent, the uploading speed seems way too slow. It reaches 50Kb/s and goes down to 0 again. The ration stays mostly around 0 (max i have seen it get was 0.17). The download speeds also have declined form 1Gb/s to around 40Mb/s (not MB). There has to be an issue with how the port is forwarded on gluetun. I hope you can help me figure it out. The port i use in qbit for incoming connections is 6881

Share your logs (at least 10 lines)

|       ├── Unbound settings:
|       |   ├── Authoritative servers:
|       |   |   └── cloudflare
|       |   ├── Caching: yes
|       |   ├── IPv6: no
|       |   ├── Verbosity level: 1
|       |   ├── Verbosity details level: 0
|       |   ├── Validation log level: 0
|       |   ├── System user: root
|       |   └── Allowed networks:
|       |       ├── 0.0.0.0/0
|       |       └── ::/0
|       └── DNS filtering settings:
|           ├── Block malicious: yes
|           ├── Block ads: no
|           ├── Block surveillance: no
|           └── Blocked IP networks:
|               ├── 127.0.0.1/8
|               ├── 10.0.0.0/8
|               ├── 172.16.0.0/12
|               ├── 192.168.0.0/16
|               ├── 169.254.0.0/16
|               ├── ::1/128
|               ├── fc00::/7
|               ├── fe80::/10
|               ├── ::ffff:127.0.0.1/104
|               ├── ::ffff:10.0.0.0/104
|               ├── ::ffff:169.254.0.0/112
|               ├── ::ffff:172.16.0.0/108
|               └── ::ffff:192.168.0.0/112
├── Firewall settings:
|   ├── Enabled: yes
|   ├── VPN input ports:
|   |   ├── 1194
|   |   └── 443
|   └── Outbound subnets:
|       ├── 172.20.0.0/16
|       └── 192.168.0.0/24
├── Log settings:
|   └── Log level: info
├── Health settings:
|   ├── Server listening address: 127.0.0.1:9999
|   ├── Target address: cloudflare.com:443
|   ├── Duration to wait after success: 5s
|   ├── Read header timeout: 100ms
|   ├── Read timeout: 500ms
|   └── VPN wait durations:
|       ├── Initial duration: 6s
|       └── Additional duration: 5s
├── Shadowsocks server settings:
|   └── Enabled: no
├── HTTP proxy settings:
|   └── Enabled: no
├── Control server settings:
|   ├── Listening address: :8000
|   └── Logging: yes
├── OS Alpine settings:
|   ├── Process UID: 1026
|   ├── Process GID: 65536
|   └── Timezone: Europe/Amsterdam
├── Public IP settings:
|   ├── Fetching: every 12h0m0s
|   ├── IP file path: /tmp/gluetun/ip
|   └── Public IP data API: ipinfo
├── Server data updater settings:
|   ├── Update period: 24h0m0s
|   ├── DNS address: 1.1.1.1:53
|   ├── Minimum ratio: 0.8
|   └── Providers to update: nordvpn
└── Version settings:
    └── Enabled: yes
2024-06-12T17:50:03+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
2024-06-12T17:50:03+02:00 INFO [routing] adding route for 0.0.0.0/0
2024-06-12T17:50:03+02:00 INFO [firewall] setting allowed subnets...
2024-06-12T17:50:03+02:00 INFO [routing] default route found: interface eth0, gateway 172.20.0.1, assigned IP 172.20.0.2 and family v4
2024-06-12T17:50:03+02:00 INFO [routing] adding route for 172.20.0.0/16
2024-06-12T17:50:03+02:00 INFO [routing] adding route for 192.168.0.0/24
2024-06-12T17:50:03+02:00 INFO [dns] using plaintext DNS at address 1.1.1.1
2024-06-12T17:50:03+02:00 INFO [http server] http server listening on [::]:8000
2024-06-12T17:50:03+02:00 INFO [healthcheck] listening on 127.0.0.1:9999
2024-06-12T17:50:03+02:00 INFO [firewall] allowing VPN connection...
2024-06-12T17:50:03+02:00 INFO [wireguard] Using available kernelspace implementation
2024-06-12T17:50:03+02:00 INFO [wireguard] Connecting to [REDACTED_IP]:51820
2024-06-12T17:50:03+02:00 INFO [wireguard] Wireguard setup is complete. Note Wireguard is a silent protocol and it may or may not work, without giving any error message. Typically i/o timeout errors indicate the Wireguard connection is not working.
2024-06-12T17:50:03+02:00 INFO [healthcheck] healthy!
2024-06-12T17:50:03+02:00 INFO [firewall] setting allowed input port 1194 through interface tun0...
2024-06-12T17:50:03+02:00 INFO [firewall] setting allowed input port 443 through interface tun0...
2024-06-12T17:50:03+02:00 INFO [dns] downloading DNS over TLS cryptographic files
2024-06-12T17:50:04+02:00 INFO [dns] downloading hostnames and IP block lists
2024-06-12T17:50:14+02:00 INFO [dns] init module 0: validator
2024-06-12T17:50:14+02:00 INFO [dns] init module 1: iterator
2024-06-12T17:50:14+02:00 INFO [dns] start of service (unbound 1.20.0).
2024-06-12T17:50:14+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-12T17:50:14+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-12T17:50:14+02:00 INFO [dns] ready
2024-06-12T17:50:15+02:00 INFO [healthcheck] healthy!
2024-06-12T17:50:15+02:00 INFO [ip getter] Public IP address is [REDACTED_IP] (Netherlands, North Holland, Amsterdam)
2024-06-12T17:50:15+02:00 INFO [vpn] You are running on the bleeding edge of latest!
2024-06-12T18:57:16+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN
2024-06-12T19:59:23+02:00 INFO [dns] generate keytag query _ta-4a5c-4f66. NULL IN

Share your configuration

version: '3.9'
services:
 
  gluetun:
    image: qmcgaw/gluetun:latest
    container_name: gluetun
    network_mode: synobridge
    hostname: gluetun
    cap_add:
      - NET_ADMIN
    devices:
     - /dev/net/tun:/dev/net/tun
    ports:
      - 8888:8888/tcp # HTTP proxy
      - 8388:8388/tcp # Shadowsocks
      - 8388:8388/udp # Shadowsocks
      - 8080:8080 # qbittorrent
      - 6881:6881 # qbittorrent
      - 6881:6881/udp # qbittorrent
    volumes:
      - ${configPath}/gluetun:/gluetun
    environment:
      - PUID=${UID} 
      - PGID=${GID} 
      - TZ=${TZ}
      - VPN_SERVICE_PROVIDER=nordvpn
      - VPN_TYPE=wireguard 
      - WIREGUARD_PRIVATE_KEY=${wireguardPrivateKey}
      - SERVER_COUNTRIES=${VPN_COUNTRIES}
      - FIREWALL_OUTBOUND_SUBNETS=172.20.0.0/16,192.168.0.0/24
      - FIREWALL_VPN_INPUT_PORTS=1194,443
      - UPDATER_PERIOD=24h
    labels:
      - com.centurylinklabs.watchtower.enable=false
    security_opt:
      - no-new-privileges:true
    restart: always
 
  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent
    container_name: qbittorrent
    network_mode: service:gluetun
    environment:
      - PUID=${UID}
      - PGID=${GID}
      - TZ=${TZ}
      - VERSION=latest
      - WEBUI_PORT=8080
    volumes:
      - ${configPath}/qbit:/config
      - ${mediaPath}:/media
    depends_on:
      - gluetun
    restart: always

[github-actions]

@qdm12 is more or less the only maintainer of this project and works on it in his free time.
Please:

• do not ask for updates, be patient
• 👍 the issue to show your support instead of commenting
  @qdm12 usually checks issues at least once a week, if this is a new urgent bug,
  revert to an older tagged container image

[raph521]

I have tried setting up qBittorrent to use gluetun + wireguard + nordvpn.

There has to be an issue with how the port is forwarded on gluetun. I hope you can help me figure it out. The port i use in qbit for incoming connections is 6881

Looks like NordVPN does not support port forwarding:
https://nordvpn.com/blog/port-forwarding/

While NordVPN does not support port forwarding, it’s worth learning what it is and why it’s sometimes used.

I also do not see anything in your log about a port being forwarded

[mortiis]

I would add 6881 to FIREWALL_VPN_INPUT_PORTS, not sure it would make a difference.

[qdm12]

As @raph521 said (thanks 🎖️) you cannot use port forwarding, so disable it in qbittorrent, and no point setting FIREWALL_VPN_INPUT_PORTS (except opening a security hole for no reason).

The download speeds also have declined form 1Gb/s to around 40Mb/s (not MB).

What are you comparing it with? What's downloading at 1Gb/s?