Describe the bug
I'm running bubuntux/nordvpn in a portainer stack with qbittorrent. I'm essentially running the docker-compose file example but modified for my usage. However, QBitorrent is not accessible on the local network.

I can run qbittorrent in it's own container and have no problems with port 8080. But once I run it through NordVPN, it's no longer accessible on the local network.
I've tested with sabnzbd, and I run access sabnzbd both inside the nordVPN container and on it's own via port 9080. It seems like bubuntux/nordvpn just doesn't trust qbittorrent.

To Reproduce using docker-compose
docker-compose.yml if used (hide credentials)

---
version: '3'


volumes:
  qbittorrent_config:
    external: true

services:

  vpn:
    image: ghcr.io/bubuntux/nordvpn
    cap_add:
      - NET_ADMIN
      - NET_RAW
    environment:
      - USER=XXX
      - PASS=XXX
      - CONNECT=Taiwan
      - TECHNOLOGY=NordLynx
      - NET_LOCAL=192.168.1.0/24
    ports:
      - 8080:8080 #qbittorent
    sysctls:
      - net.ipv6.conf.all.disable_ipv6=1

  torrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Asia/Taipei
    volumes:
      - qbittorrent_config:/config
      - /mnt/downloads/:/downloads
    restart: unless-stopped
    network_mode: service:vpn
    depends_on:
      - vpn

Expected behavior
I would expect the stack to create two containers, one for nordvpn and one for qbittorrent. This happens. Both containers appear to launch and are marked as "RUNNING" in Portainer. However, I would also expect QBitorrent to be accessible via port 8080 on the local network. This does not happen.

Logs
NordVPN logs show this:

Subnet 192.168.1.0/24 is whitelisted successfully.
You are connected to Taiwan #73 (tw73.nordvpn.com)!

So it whitelists the local network and connects successfully.

Qbittorrent logs show this:

"Web UI: Unable to bind to IP: 192.168.1.100, port: 8080. Reason: The address is not available"

That's all it shows.

Additional context

I've also tried adding the WEBUI option to the vpn and to the torrent. It makes no difference. I've tried ports 8080, 8090, and 8888. It makes no difference.

I've also tried using NETWORK= instead of NET_LOCAL=. In your docker-compose example, you use NETWORK, but in the environment variables, it lists NET_LOCAL. I've tried both. No change.

I was able to get linuxserver/sabnzbd successfully running and accessible through the vpn on port 9080 without any problems, so this seems limited to qbittorrent for some reason.

Is there anything else I can try to access the QBittorrent webui?

UPDATE:

I've checked wit a private tracker. QBitorrent is not connectable to them, so it is not being allowed through the tunnel created by bubuntux/nordvpn.

Why does it seem limited to QBittorrent and is this something on your end or their end? It seems to be on your end since the container is connectable when run separately, but not connectable to either a tracker or the WEBUI when connected through your tunnel.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Did you manage to solve this issue? I'm having the very same issue and I'm struggling with the solution

Did you manage to solve this issue? I'm having the very same issue and I'm struggling with the solution

No, I never did. I gave up trying to use the NordVPN container altogether since I couldn't get it to work.

@mpenguin would you mind sharing the alternative you found?

BTW, I managed to make it work.

The issue, at least for me, lie in the fact that, somehow (probably due security reasons, but I don't know), external routes aren't known by the container.

If you type ip r you will see that you have, probably, only 2 entries, default gateway and another one (not very relevant).

Since the network from the docker0 and your network are probably in different net, you must add your network, unfortunately, manually to the known routes.

First, you must find your network, you can find it through ifconfig or ip addr. Given your ip and mask, you can build your net CIDR, for example:

IP: 192.168.0.23
Subnet: 255.255.255.0

Your net will be 192.168.0.0/24.

Now you must find the ip of your docker0. Unless you manually changed, it should be 172.17.0.1 and your subnet is 172.17.0.0/16.

Then you can add your net into the container.

ip route add 192.168.0.0/24 via 172.17.0.1 dev eth0

After that, it will now shown on the ip r to check the routes. You won't be able to access it yet though.

Now you must whitelist the webui port with nordvpn whitelist add port 8080. If it don't work, you can try also whitelisting both docker network and your local network with nordvpn whitelist add subnet 192.168.0.0/24 and the docker one with nordvpn whitelist add subnet 172.16.0.0/16.

As last effort, restart Nord docker and after it's up and running, reboot the qbittorrent and it should work.

It worked for me. I know you gave up, but maybe you're still interested on one possible solution.

My setup:

• Proxmox
  • Portainer LXC (Bridge)
    • Docker qbittorrent (network container /NordVPN
    • Docker nordvpn (network bridge)

You can check on both containers that the internet is being router through the vpn with curl ifconfig.me on both containers, then try disconnecting the nordvpn client and checking both containers that the internet must've ceased.

PS.: I didn't run using docker-compose, I'll migrate from individuals containers to docker-compose tomorrow and keep testing, as sometimes the qbittorrent doesn't get internet connection.