Sharing a docker-compose.yaml example for Proton VPN

[jasonleexp]

Looks like ProtonVPN is now officially supported, but I didn't see any official documentation or examples of how to run the container with it.

Sharing my docker-compose.yaml in case anyone needs it in the future:

version: '3.9'
services:
    arch-qbittorrentvpn:
        image: binhex/arch-qbittorrentvpn
        container_name: qbittorrentvpn
        volumes:
            - '/volume1/docker/qbittorrentvpn/config:/config'
            - '/volume1/media/downloads:/data'
            - '/etc/localtime:/etc/localtime:ro'
        ports:
            - '49550:49550'
            - '49551:8118'
        environment:
            - VPN_ENABLED=yes
            - VPN_PROV=protonvpn
            - VPN_CLIENT=openvpn
            - VPN_USER=yourprotonvpnusernamehere+pmp
            - VPN_PASS=yourprotonvpnpasswordhere
            - STRICT_PORT_FORWARD=yes
            - 'NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
            - LAN_NETWORK=192.168.1.0/24
            - ENABLE_PRIVOXY=yes
            - PUID=1060
            - PGID=65536
            - WEBUI_PORT=49550
            - UMASK=000
            - DEBUG=false
        cap_add:
            - NET_ADMIN
        network_mode: bridge
        restart: unless-stopped

Notes:

• You must append +pmp at the end of your username to indicate you want port forwarding enabled by ProtonVPN as shown in their official documentation
• You'll need to change LAN_NETWORK to be your LAN network IP range (obviously). I used this site to convert to CIDR notation.
• I personally changed the WEBUI_PORT to be something other than the default port 8080 was already taken by another app. If you do this, you'll have to set the environment variable e.g., like I did, using WEBUI_PORT=49550. Also be sure to change your port mapping e.g., like I do to be 49550:49550.
• You'll need to change your PUID and PGID to be whatever local user and/or group you want it to be. I personally set the user to be ''1060'' and grant permissions to the /config directory on my machine.
• I enabled Privoxy and set the port to be 49551 (again, just personal preference)

[aevans1987]

Out of curiosity, Is the network_mode: bridge required?

[Damien2417]

anyone can help me how to port forward properly ? I mean I've added the +pmp, added my port in qbittorrent, and then ? my port seem still closed :(

[ItsCalebJones]

I've tried a half dozen other docker images as well ^ having the same issue using ProtonVPN - everything SEEMS okay but no upload.

[bashctrl]

Proton VPN's port forwarding sessions only last 60 seconds.
According to them, you need to continuously have NAT-PMP port forwarding both UDP and TCP.

You could potentially do this with the Dockerfile or a shell script, but I do it manually and it works for me.

• Run a new terminal on the Docker container
  docker exec -it qbittorrentvpn /bin/bash
• Run the following indefinitely
  while true ; do date ; natpmpc -a 1 0 udp 60 -g 10.2.0.1 && natpmpc -a 1 0 tcp 60 -g 10.2.0.1 || { echo -e "ERROR with natpmpc command \a" ; break ; } ; sleep 45 ; done

[binhex]

Proton VPN's port forwarding sessions only last 60 seconds. According to them, you need to continuously have NAT-PMP port forwarding both UDP and TCP.

You could potentially do this with the Dockerfile or a shell script, but I do it manually and it works for me.

• Run a new terminal on the Docker container
  docker exec -it qbittorrentvpn /bin/bash
• Run the following indefinitely
  while true ; do date ; natpmpc -a 1 0 udp 60 -g 10.2.0.1 && natpmpc -a 1 0 tcp 60 -g 10.2.0.1 || { echo -e "ERROR with natpmpc command \a" ; break ; } ; sleep 45 ; done

Thanks for sharing this, however i already do something very similar, but it obviously does not work for some reason:- https://github.com/binhex/arch-int-vpn/blob/9f1d204fecd8bad6162dc200959f9c1b10627a88/run/local/tools.sh#L911

[bashctrl]

Proton VPN's port forwarding sessions only last 60 seconds. According to them, you need to continuously have NAT-PMP port forwarding both UDP and TCP.
You could potentially do this with the Dockerfile or a shell script, but I do it manually and it works for me.

• Run a new terminal on the Docker container
  docker exec -it qbittorrentvpn /bin/bash
• Run the following indefinitely
  while true ; do date ; natpmpc -a 1 0 udp 60 -g 10.2.0.1 && natpmpc -a 1 0 tcp 60 -g 10.2.0.1 || { echo -e "ERROR with natpmpc command \a" ; break ; } ; sleep 45 ; done

Thanks for sharing this, however i already do something very similar, but it obviously does not work for some reason:- https://github.com/binhex/arch-int-vpn/blob/9f1d204fecd8bad6162dc200959f9c1b10627a88/run/local/tools.sh#L911

Your method is far more elegant.
Interesting, I just tested this again after grabbing a new WG conf file and it is working flawlessly.
At this stage, I'd be more inclined to say the issue was with ProtonVPN, not your beautiful handiwork.
Thanks.