I’m using a wireguard docker container to provide vpn connection to a qbittorrent container. When I compare it to wireguard on linux and the qbittorrent application, the same torrent is way slower. My server gets 2Mbit/s and my computer 15Mbit/s The 15Mbit/s is where my internet connection caps, while downloading that fast I can’t watch YT videos. They both are in the same network using the same vpn provider and same endpoint.

for qbittorrent docker-compose I use network_mode: service:wireguard

  • Guilvareux@feddit.ukEnglish
    3·
    1 year ago

    It depends how wireguard is implemented.

    The container may be running wireguard in userspace, instead of the OS’s kernel implementation.

  • bruchsturmOPEnglish
    1·
    1 year ago

    kinda fixed it, I think…

    Checked what image I’m using, its linuxserver, and they’re using the OS’s kernel implementation. Also saw that in my logs.

    I used this https://www.linuxserver.io/blog/routing-docker-host-and-container-traffic-through-wireguard and added these lines into my wg0.conf:

    PostUp = iptables -t nat -A POSTROUTING -o wg+ -j MASQUERADE
PreDown = iptables -t nat -D POSTROUTING -o wg+ -j MASQUERADE

    Then I regenerated my mullvad config with a different server.

    Now I’m downloading the Arch Linux iso with 11Mbit/s

    Honestly I’ve no idea what exactly solved the problem, iptables, networks and routing still feels likes witchcraft to me most of the time.

  • funkajunk@lemm.eeEnglish
    1·
    1 year ago

    Can you please share your compose file?

    I personally use a separate container instead of another service, not sure what difference it makes

    network_mode: "container:wireguard"

    Using the lscr.io/linuxserver/wireguard:latest image btw

    • bruchsturmOPEnglish
      1·
      1 year ago
      services:
  wireguard:
    image: lscr.io/linuxserver/wireguard:latest
    container_name: wireguard
    cap_add:
      - NET_ADMIN
      #- SYS_MODULE #needed if wireguard kernel module gets not loaded
    environment:
      - PUID=995
      - PGID=995
      - TZ=Europe/Vienna
    volumes:
      - wireguard_config:/config
      #- /lib/modules:/lib/modules stack #needed if wireguard kernel module gets not loaded
    ports:
      - 51820:51820
      - 51820:51820/udp
      - 8113:8113 #qbt WebUI - This is not necessary with trafik, I still have it for debug reasons and it's only reachable in my local network so I think its fine
    networks:
      - net
    labels:
      - traefik.enable=true
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
      - net.ipv6.conf.all.disable_ipv6=0
    restart: unless-stopped

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    network_mode: service:wireguard
    depends_on:
      - wireguard
    environment:
      - PUID=1004
      - PGID=1004
      - UMASK=002
      - TZ=Europe/Berlin
      - WEBUI_PORT=8113
    volumes:
      - qbt_config:/config
      - torrents:/data/torrents
      - media:/data/media
    labels:
      - traefik.enable=true
      - traefik.http.services.qbt.loadbalancer.server.port=8113
      - traefik.http.routers.qbt.rule=Host(`torrent.example.com`)
      - traefik.http.routers.qbt.middlewares=https-redirect@file
      - traefik.http.routers.qbt-secure.rule=Host(`torrent.example.com`)
      - traefik.http.routers.qbt-secure.entrypoints=websecure
      - traefik.http.routers.qbt-secure.tls=true
      - traefik.http.routers.qbt-secure.service=qbt
    restart: unless-stopped
      • funkajunk@lemm.eeEnglish
        2·
        1 year ago

        I would try it with the SYS_MODULE and /lib/modules lines uncommented. That’s how I have my container and it seems to perform just fine.

        • bruchsturmOPEnglish
          1·
          1 year ago

          It works without that. I commented it because the logs told me its already loaded and I should comment these lines.

          • funkajunk@lemm.eeEnglish
            1·
            1 year ago

            Any reason you need the traefik label on the wireguard container? Seems unnecessary.