Home Assistant addon : qbittorrent (supports openvpn & smb mounts)

Thanks again for your help! I’ve tried your new version and good news, the VPN from Private Internet Access is now working! I had to change the config filename from “pia” to “pia.ovpn” but then it worked.

As for SMB: I have a external drive connected to my Home Assistant host, which is mounted to /mnt/data (and therefor inaccessible by addons). I could mount the drive to /usr/share/hassio/media instead and have it available for all addons but I rather keep it seperated and manually mount it via Samba for those addons that need it (and this is the only one so far).

I’ve tried your different approaches for mounting and this is my full log now:

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-envfile: executing... 
[cont-init.d] 01-envfile: exited 0.
[cont-init.d] 10-adduser: executing... 
-------------------------------------
          _         ()
         | |  ___   _    __
         | | / __| | |  /  \
         | | \__ \ | | | () |
         |_| |___/ |_|  \__/
Brought to you by linuxserver.io
-------------------------------------
To support LSIO projects visit:
https://www.linuxserver.io/donate/
-------------------------------------
GID/UID
-------------------------------------
User uid:    0
User gid:    0
-------------------------------------
[cont-init.d] 10-adduser: exited 0.
[cont-init.d] 30-config: executing... 
chown: cannot access '/config/data/qBittorrent': No such file or directory
[cont-init.d] 30-config: exited 0.
[cont-init.d] 30-nginx.sh: executing... 
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:01 --:--:--     0
  0     0    0     0    0     0      0      0 --:--:--  0:00:02 --:--:--     0
100   622  100   622    0     0    280      0  0:00:02  0:00:02 --:--:--   280

 43 3321k   43 1444k    0     0   459k      0  0:00:07  0:00:03  0:00:04  459k
100 3321k  100 3321k    0     0   918k      0  0:00:03  0:00:03 --:--:-- 3994k
[cont-init.d] 30-nginx.sh: exited 0.
[cont-init.d] 91-configuration.sh: executing... 
[10:16:33] INFO: Downloads can be found in /mnt/Data
[10:16:33] INFO: Whitelisted subsets will not require a password : localhost,127.0.0.1,172.30.0.0/16,10.0.0.0/16
[10:16:33] INFO: WEBUI username set to admin
[10:16:33] INFO: Default username/password : admin/adminadmin
[10:16:33] INFO: Configuration can be found in /config/qBittorrent
[cont-init.d] 91-configuration.sh: exited 0.
[cont-init.d] 92-smb_mounts_v1.2.sh: executing... 
[10:16:34] INFO: Mounting smb share(s)...
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) and kernel log messages (dmesg)
/var/run/s6/etc/cont-init.d/92-smb_mounts_v1.2.sh: line 70: bashio::log.critical: command not found
[cont-init.d] 92-smb_mounts_v1.2.sh: exited 127.
[cont-init.d] 93-openvpn.sh: executing... 
[10:16:34] INFO: Configuring openvpn
[10:16:34] INFO: openvpn correctly set, please modify manually qbittorrent options to select it
sed: -e expression #1, char 66: unknown option to `s'
[cont-init.d] 93-openvpn.sh: exited 1.
[cont-init.d] 99-custom-scripts: executing... 
[custom-init] no custom files found exiting...
[cont-init.d] 99-custom-scripts: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Mon Apr 26 10:16:34 2021 WARNING: file '/etc/openvpn/credentials' is group or others accessible
Mon Apr 26 10:16:34 2021 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019
Mon Apr 26 10:16:34 2021 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Mon Apr 26 10:16:34 2021 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mon Apr 26 10:16:36 2021 TCP/UDP: Preserving recently used remote address: [AF_INET]143.244.41.31:1198
Mon Apr 26 10:16:36 2021 UDP link local: (not bound)
Mon Apr 26 10:16:36 2021 UDP link remote: [AF_INET]143.244.41.31:1198
Mon Apr 26 10:16:36 2021 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Apr 26 10:16:37 2021 [amsterdam420] Peer Connection Initiated with [AF_INET]143.244.41.31:1198
Mon Apr 26 10:16:38 2021 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Mon Apr 26 10:16:38 2021 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Mon Apr 26 10:16:38 2021 TUN/TAP device tun0 opened
Mon Apr 26 10:16:38 2021 /sbin/ip link set dev tun0 up mtu 1500
Mon Apr 26 10:16:38 2021 /sbin/ip addr add dev tun0 10.30.112.76/24 broadcast 10.30.112.255
Mon Apr 26 10:16:38 2021 /etc/openvpn/up.sh tun0 1500 1553 10.30.112.76 255.255.255.0 init
[10:16:38] INFO: Starting NGinx...

Notice the warning about ‘/etc/openvpn/credentials’ and the ‘sed’ expression that failed about OpenVPN. It still works though. This is the config I use: https://www.privateinternetaccess.com/openvpn/openvpn.zip (I use the Netherlands config).

I believe Samba not mounting is a security measure from Docker which can only be properly circumvented by running the container in privileged mode. I tried to mount the several commands directly from the host (so not in the container), and they all ran succesfully:

root@minos:/tmp# # test full
root@minos:/tmp# umount /tmp/data
root@minos:/tmp# mount -v -t cifs -o rw,relatime,vers=default,cache=strict,username=milenco,password=somepassword,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1 //10.0.0.100/Data/Data /tmp/data
mount: //10.0.0.100/Data/Data mounted on /tmp/data.
root@minos:/tmp# mount|grep /tmp/data|grep 10.0.0.100
//10.0.0.100/Data/Data on /tmp/data type cifs (rw,relatime,vers=default,cache=strict,username=milenco,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)
root@minos:/tmp# # test smbv1
root@minos:/tmp# umount /tmp/data
root@minos:/tmp# mount -v -t cifs -o rw,relatime,vers=1.0,cache=strict,username=milenco,password=somepassword,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1 //10.0.0.100/Data/Data /tmp/data
mount: //10.0.0.100/Data/Data mounted on /tmp/data.
root@minos:/tmp# mount|grep /tmp/data|grep 10.0.0.100
//10.0.0.100/Data/Data on /tmp/data type cifs (rw,relatime,vers=1.0,cache=strict,username=milenco,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=131007,echo_interval=60,actimeo=1)
root@minos:/tmp# #test smbv3
root@minos:/tmp# umount /tmp/data
root@minos:/tmp# mount -v -t cifs -o rw,relatime,vers=3.0,cache=strict,username=milenco,password=somepassword,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1 //10.0.0.100/Data/Data /tmp/data
mount: //10.0.0.100/Data/Data mounted on /tmp/data.
root@minos:/tmp# mount|grep /tmp/data|grep 10.0.0.100
//10.0.0.100/Data/Data on /tmp/data type cifs (rw,relatime,vers=3.0,cache=strict,username=milenco,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)
root@minos:/tmp# # test security
root@minos:/tmp# umount /tmp/data
root@minos:/tmp# mount -v -t cifs -o username=milenco,password=somepassword,sec=ntlmv2 //10.0.0.100/Data/Data /tmp/data
mount: //10.0.0.100/Data/Data mounted on /tmp/data.
root@minos:/tmp# mount|grep /tmp/data|grep 10.0.0.100
//10.0.0.100/Data/Data on /tmp/data type cifs (rw,relatime,vers=default,sec=ntlmv2,cache=strict,username=milenco,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)
root@minos:/tmp# # test domain
root@minos:/tmp# umount /tmp/data
root@minos:/tmp# mount -v -t cifs -o username=milenco,password=somepassword,domain=WORKGROUP //10.0.0.100/Data/Data /tmp/data
mount: //10.0.0.100/Data/Data mounted on /tmp/data.
root@minos:/tmp# mount|grep /tmp/data|grep 10.0.0.100
//10.0.0.100/Data/Data on /tmp/data type cifs (rw,relatime,vers=default,cache=strict,username=milenco,domain=WORKGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.0.100,file_mode=0755,dir_mode=0755,soft,nounix,serverino,mapposix,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1)
1 Like

New feature : openvpn addition

Starting from version *ls129-ov2, the addon supports optional OpenVPN - and this time it works!
Thanks very much to @Milenco for helping troubleshoot and allowing local webUI in tunnelled mode!

To enable it, you need to add your ovpn config file in the folder /config/openvpn/, then modify the 4 addon options below.

openvpn_enabled: true/false # openvpn required to start qbittorrent
openvpn_config: For example “config.ovpn” # name of the file located in /config/openvpn.
openvpn_username: USERNAME
openvpn_password: YOURPASSWORD

1 Like

We (@alexbelgium annd myself) did some troubleshooting together to get both VPN and Samba working properly. VPN now seems to work properly (at least, using Private Internet Access). We had to add some route manually to private networks, so we can still access the WebUI outside of Home Assistant (otherwise it would only work in the sidepanel).

We are still having troubles mounting Samba drives. It could be my setup (I’m using supervised Home Assistant) that gives the permission denied errors, but it could be something with the addon as well. Are there other persons using this addon with Samba without issues? I got it fixed myself by mounting my USB to another folder so the addon has access through HA’s share-folder, but I’d still like to have the issue resolved for others. At least, if there are people with issues using Samba together with this addon…

Many thanks for @alexbelgium for building this addon :+1:

1 Like

New feature : custom DNS setting

Starting from version *ls132, the addon supports optional setting of specific DNS. By default, they are set to 8.8.8.8 (google) and 1.1.1.1 (cloudflare).
Why : The objective is to avoid using the router’s default DNS in case you have enabled a DNS ad-blocker like adguard home or pihole. Although the DNS is only used for the initial connection and not during downloads, I noticed that the high levels of connection increased by 3x the adguard home response time (+ cpu usage).
How : to enable it, don’t change anything (it is by default). If you want to use your own custom DNS, just add the IP address in the option box, separated by commas. If you still want to use the router’s default DNS, just keep it blank.

“DNS_server”: “8.8.8.8,1.1.1.1” # Keep blank to use router’s DNS, or set custom DNS to avoid spamming in case of local DNS ad-remover

Updated feature : smb mount

A script was established with @Milenco (thanks very much!) that tests iteratively until it works many common options for mounting of smb shares (different smb & security protocols, forcing ID…). This should allow eaiser mounting for most people.

1 Like

Just a little problem: I’ve installed Portainer and found that I’ve a LOT of version of Qbittorrent addons images, taking up a lot of space on my SD card. It seems that when upgrading, they’re not uninstalled/Deleted .

1 Like

Thanks, I had the same… 30go of unused images from various addons… However I believe this is an HA issue I’m not sure what can be done from the addon side. The issue is that it is updated very frequently as it is kept aligned with the upstream images and that HA seems to keep a lot of residual images.

The solution is to run “docker image prune - a - f” in the Web terminal addon to remove all those unused images… It is an issue that seems to exist since 2017 Unused containers/images not deleted by hass.io, and regularly highlighted like here a few weeks ago… No space :( - #19 by alexbelgium

If someone has a solution I would be very happy to implement it!

2 Likes

Hey Alex

After enabled OpenVPN at qbittorrent, i cant access WebUI outside of my local network, only inside with IP:PORT . If i disable openvpn i have access at WebUI inside and outside at my local network
And, im not changing any port mapping that i have in my router…!

I received this error at internet browser:
“ERR_TUNNEL_CONNECTION_FAILED”

Can you help me with this? Thank you!

Hi Wilson,

I would need some additional info to help troubleshoot.

The normal behavior is that webUI is only available from within the local network through HA_IP:ADDONPORT/ (as the port is normally not exposed by the router, unless you specify it specifically), but Ingress is available both from internal and external network (in the HA app).

  • Which one is impacted by openVPN addition, the Ingress one ?
  • Could you please provide any messages in your addon log when the issue occur ? (connection failures issues should appear)
  • Have you tried with/without ssl ?
  • Does this occur with all devices / browsers ? I know that some browsers can cause specific issues (microsoft edge prevents ingress working on my computer for some reason, other browsers work)

Thanks

Ok, i will show you with more information:

i have in my router a PORT FORWARDING redirect external port 8081 to local IP_of_HA:8081
in my config yaml i have this (i’ve tried with and without ssl):

  1. when i have OpenVPN Disabled:
  • i can access localy, at browser with IP:8081 or at Ingress HA.
  • and remotly with myddns:8081
  1. when i have OpenVPN Enabled
  • i can acCess localy, at browser with IP:8081 or at Ingress HA.
  • but, I CANT ACCESS remotly with myddns:8081 and i receive an error at browser tell me this: " ERR_TUNNEL_CONNECTION_FAILED

In log, i cant find an error to explain this, but i think is related with tuneling, because i dont have this problem without VPN in last months.

LOG WITHOUT VPN:

LOG WITH VPN:

I hope this additional information can help to troubleshooting.
Thks

1 Like

Actually this is normal behavior… When we implemented openvpn with Milenco, we had to route specific IP to allow bypassing VPN to connect to the webUI. We routed most universally used local networks, but it is not possible to route all external IP…

I see three possibilities here :

  • either using Ingress to access the webUI from external networks (meaning that only the 8123 HA port is exposed, and that qBittorrent is managed from the HA app)
  • that I add an option in the addon so that we can specify some external IP that can access the webUI and bypass the VPN
  • or that I rewrite the VPN to only tunnel qbittorrent and not the webUI. This is not a preferred option as people have reported (like here)that it throttles qbittorrent speeds and decreases torrenting stability…

@wilsonlspacheco Another idea : if you add “route-nopull” at the end of your openvpn config file, it will prevent this behavior. But you then need to go in the qbittorrent options and select tun0 as network interface in the advanced options to allow openvpn to tunnel qbittorrent. Then, you’ll achieve locally what I described in my option 3 above. If you confirm it works, I’ll create a boolean option to activate this automatically (alternate openvpn connection method). Thanks!

1 Like

Hey @alexbelgium, sorry for my late reply…! I tried this your last suggestion/idea, add “route-nopull” to my .ovpn file and change connection in Advanced Options to “tun0”, and now i can access to my qbittorrent remotly ! This is the best solutions ! Many Thks! you are the best ! :smiley: :facepunch:

1 Like

Perfect! Thanks for the feedback. I’ll add this as an option so everyone can use that if necessary

1 Like

@wilsonlspacheco

New version : 14.3.5.99202105022253-7365-063844ed4ubuntu20.04.1-ls133-dev2

New feature : option openvpn_alternative_mode added. This boolean activates an alternative openvpn connection mode that binds only qbittorrent but not the webui to the vpn. This is allows to reach webui from an external network (thanks @wilsonlspacheco for testing!) but there is a slight risk of decreased performance. Please let me know if this should be the default, instead of the alternative.

1 Like

No problem @alexbelgium, my pleasure ! :smiley: :facepunch:

1 Like

Hello! Ive got problems finding my mounted directory. In my logs it says
[21:49:12] INFO: … //192.168.1.xxx/Seagate successfully mounted to /mnt/Seagate with options

But when i use terminal and cd into/mnt and do ”ls -a” There is nothing?

What am i missing?

1 Like

Hi, this is a normal behavior due to how docker works. Mounted folders are only mounted in the container - the terminal is in a separate container (of the host). However, if you install portainer, you can have a console inside the container and see the mounted folder.

That’s why each of my addon has a separate mount option for smb drives.

@adamoutler has another solution : an addon that can execute the mount code at addon startup : see here ✔️🏃Run On Startup.d

So if you don’t log in the container with ssh or portainer, you need to trust it to work and go see in your smb disk files appearing after download.

1 Like

Need help. I cant enable incomplete folder. Whenever I check “Keep incomplete torrenet in” and save. It become uncheck the next time. It also greyed out on the path field.
What is the work around ?
Nothing on the logs, I dont use network mount.

@tyjtyj Hi! That’s strange, I have this option enabled and it works fine, including changing it from the UI… Do you use the latest version of the addon? (at one point I had added temp folder mgt in addon options, but removed it afterwards)

Some options :

  • you can try setting PUID / GUID to 0 and 0 in addon options (perhaps I made a permission issue)
  • you can try to set it manually by editing the qbittorrent.conf file in /config/qBittorrent /qBittorrent.conf and add
Downloads\TempPath=/data/incomplete/
Downloads\TempPathEnabled=true

Thanks !

And have you checked that the folder exists also?

Thanks!