9
submitted 1 year ago* (last edited 1 year ago) by bruchsturm@discuss.tchncs.de to c/selfhosted@lemmy.world

I'm using a wireguard docker container to provide vpn connection to a qbittorrent container. When I compare it to wireguard on linux and the qbittorrent application, the same torrent is way slower. My server gets 2Mbit/s and my computer 15Mbit/s The 15Mbit/s is where my internet connection caps, while downloading that fast I can't watch YT videos. They both are in the same network using the same vpn provider and same endpoint.

for qbittorrent docker-compose I use network_mode: service:wireguard

top 7 comments
sorted by: hot top controversial new old
[-] Guilvareux@feddit.uk 3 points 1 year ago

It depends how wireguard is implemented.

The container may be running wireguard in userspace, instead of the OS’s kernel implementation.

[-] bruchsturm@discuss.tchncs.de 1 points 1 year ago

kinda fixed it, I think...

Checked what image I'm using, its linuxserver, and they're using the OS's kernel implementation. Also saw that in my logs.

I used this https://www.linuxserver.io/blog/routing-docker-host-and-container-traffic-through-wireguard and added these lines into my wg0.conf:

PostUp = iptables -t nat -A POSTROUTING -o wg+ -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o wg+ -j MASQUERADE

Then I regenerated my mullvad config with a different server.

Now I'm downloading the Arch Linux iso with 11Mbit/s

Honestly I've no idea what exactly solved the problem, iptables, networks and routing still feels likes witchcraft to me most of the time.

[-] funkajunk@lemm.ee 1 points 1 year ago

Can you please share your compose file?

I personally use a separate container instead of another service, not sure what difference it makes

network_mode: "container:wireguard"

Using the lscr.io/linuxserver/wireguard:latest image btw

[-] bruchsturm@discuss.tchncs.de 0 points 1 year ago* (last edited 1 year ago)
services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      #- SYS_MODULE #needed if wireguard kernel module gets not loaded
    environment:
      - PUID=995
      - PGID=995
      - TZ=Europe/Vienna
    volumes:
      - wireguard_config:/config
      #- /lib/modules:/lib/modules stack #needed if wireguard kernel module gets not loaded
    ports:
      - 51820:51820
      - 51820:51820/udp
      - 8113:8113 #qbt WebUI - This is not necessary with trafik, I still have it for debug reasons and it's only reachable in my local network so I think its fine
    networks:
      - net
    labels:
      - traefik.enable=true
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
    restart: unless-stopped

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: service:wireguard
    depends_on:
      - wireguard
    environment:
      - PUID=1004
      - PGID=1004
      - UMASK=002
      - TZ=Europe/Berlin
      - WEBUI_PORT=8113
    volumes:
      - qbt_config:/config
      - torrents:/data/torrents
      - media:/data/media
    labels:
      - traefik.enable=true
      - traefik.http.services.qbt.loadbalancer.server.port=8113
      - traefik.http.routers.qbt.rule=Host(`torrent.example.com`)
      - traefik.http.routers.qbt.middlewares=https-redirect@file
      - traefik.http.routers.qbt-secure.rule=Host(`torrent.example.com`)
      - traefik.http.routers.qbt-secure.entrypoints=websecure
      - traefik.http.routers.qbt-secure.tls=true
      - traefik.http.routers.qbt-secure.service=qbt
    restart: unless-stopped
[-] funkajunk@lemm.ee 0 points 1 year ago

I would try it with the SYS_MODULE and /lib/modules lines uncommented. That's how I have my container and it seems to perform just fine.

[-] bruchsturm@discuss.tchncs.de 0 points 1 year ago

It works without that. I commented it because the logs told me its already loaded and I should comment these lines.

[-] funkajunk@lemm.ee 1 points 1 year ago

Any reason you need the traefik label on the wireguard container? Seems unnecessary.

this post was submitted on 18 Jun 2023
9 points (100.0% liked)

Selfhosted

40113 readers
732 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 1 year ago
MODERATORS