I am setting up a new Odroid-N2 with Kodi, qbittorrent, and wireguard. However, using both the latest beta and stable build of DietPi, my network connection on my N2 is quote slow. Using iperf3, I am getting about 350 mbps on a gigabit network. I tried installing ubuntu-minimal, and I am back to around 930 mbps using iperf3 on the Odroid-N2. Sounds like a temporary solution until I can figure out why my DietPi install has such slow networking.

I installed qbittorrent-nox, everything seemed to work fine. I was able to access the qbittorrent web interface at 192.168.x.x:xxxx. However, once I installed and enabled Wireguard, I can no longer access my web interface at 192.168.x.x:xxxx. When I disable Wireguard (wg-quick down wg1) it works again. I don’t think it is a Wireguard issue since everything else works fine, I get internet connectivity and can SSH into the Odroid-N2.

It works with both qbittorrent and wireguard on my Odroid-C2 with DietPi I am still using. Is there some special setting or configuration I need to use to get qbittorrent to work with Wireguard VPN?

Thanks.

Hi,

do you use Wireguard as server or client on your DietPi installation?

I am using Wireguard as a client connecting to a commercial VPN service. In addition to qBittorrent not working, I can’t ping any PCs on my local network, though I can SSH into the Odroid box from my Windows PC on the local network.

I guess you device is sending all the traffic to the VPN tunnel. Maybe trendy could help as I guess some iptables would need to be adjusted/added.

Local network traffic should not be affected by the vpn.
VPN will install a new default route for the 0/0 through the vpn endpoint, so all other traffic will go that way.
Could you post here the output of

ip -4 addr; ip -4 ru; ip -4 ro list table all

before and after connecting to the vpn?

Sure. I noticed another wrinkle. I found that I can access my local network if I am root. So sudo ping 192.168.1.10 works fine, but when I am a regular user I get “Destination Host Unreachable”.

Here is the output of “ip -4 addr; ip -4 ru; ip -4 ro list table all”
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.1.16/24 brd 192.168.1.255 scope global dynamic noprefixroute eth0
valid_lft 82686sec preferred_lft 82686sec
5: mullvad-ch7: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1
inet 10.65.141.26/32 scope global mullvad-ch7
valid_lft forever preferred_lft forever
0: from all lookup local
32760: from all uidrange 0-0 lookup main suppress_prefixlength 0
32761: not from all fwmark 0xca6c uidrange 0-0 lookup 51820
32762: from all uidrange 0-0 lookup main suppress_prefixlength 0
32764: from all uidrange 0-0 lookup main suppress_prefixlength 0
32766: from all lookup main
32767: from all lookup default
default dev mullvad-ch7 table 51820 scope link
default via 192.168.1.1 dev eth0 proto dhcp metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.16 metric 100
local 10.65.141.26 dev mullvad-ch7 table local proto kernel scope host src 10.65.141.26
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth0 table local proto kernel scope link src 192.168.1.16
local 192.168.1.16 dev eth0 table local proto kernel scope host src 192.168.1.16
broadcast 192.168.1.255 dev eth0 table local proto kernel scope link src 192.168.1.16

This is quite a complicated setup with policy based routing based on fwmarks.
Did you set this up yourself or was it provided by Dietpi or some other script?
In any case, post also the iptables-save -c when vpn is connected.

Hello!

Please look at the VPN-clients config file in /etc/wireguard

To allow local network access, you need to set the AllowedIPs to the following:

AllowedIPs = 0.0.0.0/0

I am having this same issue. Checking to see if a solution was found. I have a basic setup: Fresh install of dietpi, install qbittorrnet and wireguard via dietpi-software, and add my wireguard .conf. I have AllowedIPs = 0.0.0.0/0 in my .conf. I can access dietpi via SSH and I can ping it from other machines without issue, however the qBittorrent web interface immediately becomes unreachable as soon as wireguard is activated. I have attached the return from iptables-save -c in case that helps.

Generated by iptables-save v1.8.7 on Mon Dec 27 01:21:01 2021

*mangle
:PREROUTING ACCEPT [4495:1034254]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [2368:561039]
[61:20064] -A PREROUTING -p udp -m comment --comment “wg-quick(8) rule for VPN” -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
[80:11264] -A POSTROUTING -p udp -m mark --mark 0xca6c -m comment --comment “wg-quick(8) rule for VPN” -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff
COMMIT

Completed on Mon Dec 27 01:21:01 2021

Generated by iptables-save v1.8.7 on Mon Dec 27 01:21:01 2021

*raw
:PREROUTING ACCEPT [4495:1034254]
:OUTPUT ACCEPT [0:0]
[0:0] -A PREROUTING -d 10.13.111.105/32 ! -i VPN -m addrtype ! --src-type LOCAL -m comment --comment “wg-quick(8) rule for VPN” -j DROP
COMMIT

Completed on Mon Dec 27 01:21:01 2021

Generated by iptables-save v1.8.7 on Mon Dec 27 01:21:01 2021

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2358:558654]
COMMIT

Completed on Mon Dec 27 01:21:01 20

is Wireguard running as server or client on your system?

It is set up as a client.
Also just to add, it seems to only be an issue with the Odroid N2. Exact same setup and .conf file with my raspberry PI works perfectly fine.

you could try to compare both iptables configs, to check if there are differences.