VPN with killswitch and qBittorrent in docker-compose

[ghost]

Hi everyone.

I managed to configure this VPN container and attached a qBittorrent container to it. It seems to work fine so far, and checking the public IP addresses inside of both the VPN and the qBittorrent container show that they are connected to the VPN.

Still, I don't feel like I 100% understand everything relating to this setup, so I wanted to ask if someone could take a look at my docker compose file and tell me if it's fine like this or if I made a mistake anywhere. I especially want the qBittorrent container to never ever be able to connect to the internet if it's not through the VPN.

Thanks in advance!

version: '3.4'
services:
  vpn:
    container_name: vpn
    image: dperson/openvpn-client
    devices:
      - /dev/net/tun
    dns: 1.1.1.1
    environment:
      FIREWALL: ''
      TZ: 'Europe/Berlin'
    volumes:
      - /home/pi/docker/openvpn:/vpn
    restart: unless-stopped
    cap_add:
      - net_admin
    networks:
      - default
    ports:
      - 8081:8081
      - 6881:6881
      - 6881:6881/udp
  qbittorrent:
    container_name: qbittorrent
    image: lscr.io/linuxserver/qbittorrent:latest
    depends_on: 
      - vpn
    network_mode: service:vpn
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=Europe/Berlin
      - WEBUI_PORT=8081
    volumes:
      - /home/pi/docker/qbittorrent_linuxserver:/config
      - /mnt/Toshiba2TB/downloads:/downloads
    restart: unless-stopped
networks:
  default:

[CHerSun]

The config looks fine to me. I'm running similar one.

Just 1 problem - it looks like when OpenVPN client looses connection - the other container loses eth0 interface and never recovers it, so qBittorrent web UI becomes unreachable. Not sure why this happens tbh, would appreciate some help.

[ceramicwhite]

The config looks fine to me. I'm running similar one.

Just 1 problem - it looks like when OpenVPN client looses connection - the other container loses eth0 interface and never recovers it, so qBittorrent web UI becomes unreachable. Not sure why this happens tbh, would appreciate some help.

In qBittorrent the Advanced>Network Interface should be set to tun0 or you will leak your real IP.
I've never had that problem although I use nginx through swag to proxy the webui on my VPS, here's my setup as an example:

version: "3.7"
services:
  vpn:
    container_name: vpn
    image: dperson/openvpn-client
    cap_add:
      - net_admin
    sysctls: #Required for Mulvad
    - net.ipv6.conf.all.disable_ipv6=0
    ports:
      - 6380:6380
      - 4443:4443
      - 60730:60730     #qBittorrent
      - 60730:60730/udp #qBittorrent
      - 8080:8080     #qBittorrent
    devices:
      - '/dev/net:/dev/net:rwm'
    environment:
      TZ: 'America/Los_Angeles'
    read_only: true
    tmpfs:
      - /run
      - /tmp
    restart: unless-stopped
    security_opt:
      - label:disable
    stdin_open: true
    tty: true
    volumes:
      - ./vpn:/vpn
    networks:
      - default

  qbittorrent:
    image: lscr.io/linuxserver/qbittorrent:latest
    container_name: qbittorrent
    stop_grace_period: 1m
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles
      - WEBUI_PORT=8080
    volumes:
      - ./qbittorrent/config:/config
      - ./qbittorrent/downloads:/downloads
    restart: unless-stopped
    network_mode: "service:vpn"
    depends_on:
      - vpn

  swag:
    image: lscr.io/linuxserver/swag:latest
    container_name: swag
    stop_grace_period: 1m
    cap_add:
      - NET_ADMIN
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Los_Angeles
      - URL=mydomain.com
      - VALIDATION=dns
      - SUBDOMAINS=wildcard
      - DNSPLUGIN=cloudflare
      - [email protected]
      - STAGING=false
      - DOCKER_MODS=linuxserver/mods:swag-auto-reload
    volumes:
      - ./swag/config:/config
    ports:
      - 443:443
      - 80:80
    restart: unless-stopped

networks:
    default: