Everything looking fine but jackett unable to connect on the port

[NiceManiac]

Hello, once again i am ripping my hair out trying to get this to work.
I have been running jackettvpn flawlessly with wireguard for over a year, but as i have now switched to PureVPN for my vpn wireguard configurations are one time use. I am now trying to set it up using OpenVPN but having a weird issue where everything looks good in the logs both in jackett logs and the docker logs for my container, but i am unable to connect to the webui or thru sonarr.
Here is my launch script:

sudo docker run --privileged -d \
-v /home/pentonit/jackettvpn/config:/config \
-v /home/pentonit/jackettvpn/blackhole:/blackhole \
-e "VPN_ENABLED=yes" \
-e "VPN_TYPE=openvpn" \
-e "LAN_NETWORK=192.168.68.0/24" \
-e "PUID=1000" \
-e "PGID=1000" \
-e "LEGACY_IPTABLES=yes" \
-e "HEALTH_CHECK_HOST=1.1.1.1" \
-e "HEALTH_CHECK_INTERVAL=300" \
-e "HEALTH_CHECK_SILENT=1" \
-e "HEALTH_CHECK_AMOUNT=1" \
-p 9117:9117 \
--cap-add NET_ADMIN \
--sysctl net.ipv6.conf.all.disable_ipv6=1 \
--name jackettvpn \
--env "VPN_OPTIONS=--inactive 3600 --ping 10 --ping-exit 60" \
--restart unless-stopped \
dyonr/jackettvpn

and here is my docker container logs:

2023-09-08 08:06:27.785395 [INFO] VPN_ENABLED defined as 'yes'
2023-09-08 08:06:27.814679 [INFO] The container is currently running iptables v1.8.7 (nf_tables).
2023-09-08 08:06:27.842609 [INFO] LEGACY_IPTABLES is set to 'yes'
2023-09-08 08:06:27.872651 [INFO] Setting iptables to iptables (legacy)
update-alternatives: using /usr/sbin/iptables-legacy to provide /usr/sbin/iptables (iptables) in manual mode
2023-09-08 08:06:27.904917 [INFO] The container is now running iptables v1.8.7 (legacy).
2023-09-08 08:06:27.929474 [INFO] VPN_TYPE defined as 'openvpn'
2023-09-08 08:06:27.964992 [INFO] OpenVPN config file is found at /config/openvpn/no2-ovpn-udp.ovpn
dos2unix: converting file /config/openvpn/no2-ovpn-udp.ovpn to Unix format...
2023-09-08 08:06:27.994445 [INFO] VPN remote line defined as 'no2-auto-udp.ptoserver.com 53'
2023-09-08 08:06:28.025409 [INFO] VPN_REMOTE defined as 'no2-auto-udp.ptoserver.com'
2023-09-08 08:06:28.051761 [INFO] VPN_PORT defined as '53'
2023-09-08 08:06:28.080474 [INFO] VPN_PROTOCOL defined as 'udp'
2023-09-08 08:06:28.107541 [INFO] VPN_DEVICE_TYPE defined as 'tun0'
2023-09-08 08:06:28.134343 [INFO] LAN_NETWORK defined as '192.168.68.0/24'
2023-09-08 08:06:28.163974 [WARNING] NAME_SERVERS not defined (via -e NAME_SERVERS), defaulting to CloudFlare and Google name servers
2023-09-08 08:06:28.189263 [INFO] VPN_OPTIONS defined as '--inactive 3600 --ping 10 --ping-exit 60'
2023-09-08 08:06:28.215171 [INFO] Adding 1.1.1.1 to resolv.conf
2023-09-08 08:06:28.240545 [INFO] Adding 8.8.8.8 to resolv.conf
2023-09-08 08:06:28.265978 [INFO] Adding 1.0.0.1 to resolv.conf
2023-09-08 08:06:28.291572 [INFO] Adding 8.8.4.4 to resolv.conf
2023-09-08 08:06:28.315390 [INFO] Starting OpenVPN...
2023-09-08 08:06:28 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2023-09-08 08:06:28 WARNING: file 'credentials.conf' is group or others accessible
2023-09-08 08:06:28 OpenVPN 2.5.1 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2021
2023-09-08 08:06:28 library versions: OpenSSL 1.1.1n  15 Mar 2022, LZO 2.10
2023-09-08 08:06:28 TCP/UDP: Preserving recently used remote address: [AF_INET]146.70.170.39:53
2023-09-08 08:06:28 UDP link local: (not bound)
2023-09-08 08:06:28 UDP link remote: [AF_INET]146.70.170.39:53
2023-09-08 08:06:28 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1557', remote='link-mtu 1550'
2023-09-08 08:06:28 WARNING: 'auth' is used inconsistently, local='auth SHA1', remote='auth [null-digest]'
2023-09-08 08:06:28 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo'
2023-09-08 08:06:28 [Secure-Server] Peer Connection Initiated with [AF_INET]146.70.170.39:53
2023-09-08 08:06:29 TUN/TAP device tun0 opened
2023-09-08 08:06:29 net_iface_mtu_set: mtu 1500 for tun0
2023-09-08 08:06:29 net_iface_up: set tun0 up
2023-09-08 08:06:29 net_addr_v4_add: 10.42.23.40/27 dev tun0
2023-09-08 08:06:29 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2023-09-08 08:06:29 Initialization Sequence Completed
2023-09-08 08:06:30.514919 [INFO] Docker network defined as 172.17.0.0/16
2023-09-08 08:06:30.546252 [INFO] Adding 192.168.68.0/24 as route via docker eth0
Error: Nexthop has invalid gateway.
2023-09-08 08:06:30.577518 [INFO] ip route defined as follows...
--------------------
0.0.0.0/1 via 10.42.23.33 dev tun0 
default via 10.42.23.33 dev tun0 
10.42.23.32/27 dev tun0 proto kernel scope link src 10.42.23.40 
128.0.0.0/1 via 10.42.23.33 dev tun0 
146.70.170.39 via 172.17.0.1 dev eth0 
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2 
--------------------
iptable_mangle         16384  2
ip_tables              32768  14 iptable_filter,iptable_raw,iptable_nat,iptable_mangle
x_tables               53248  29 ip6table_filter,xt_conntrack,ip6table_raw,iptable_filter,xt_cgroup,ip6table_nat,nft_compat,xt_LOG,xt_multiport,xt_tcpudp,xt_addrtype,xt_recent,xt_nat,ip6t_rt,xt_comment,xt_owner,ip6_tables,ipt_REJECT,xt_connmark,iptable_raw,ip_tables,iptable_nat,xt_limit,xt_hl,ip6table_mangle,xt_MASQUERADE,ip6t_REJECT,iptable_mangle,xt_mark
2023-09-08 08:06:30.621053 [INFO] iptable_mangle support detected, adding fwmark for tables
2023-09-08 08:06:30.748781 [INFO] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9117 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9117 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9117 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9117 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
2023-09-08 08:06:30.782780 [INFO] A group with PGID 1000 does not exist, adding a group called 'jackett' with PGID 1000
2023-09-08 08:06:30.822370 [INFO] An user with PUID 1000 does not exist, adding an user called 'jackett user' with PUID 1000
2023-09-08 08:06:30.871558 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'
2023-09-08 08:06:30.956402 [INFO] Generating password hash
2023-09-08 08:06:31.012094 [INFO] Password hashes match, nothing to change.
2023-09-08 08:06:31.036446 [INFO] Starting Jackett daemon...
Logging to /config/Jackett/Logs/log.txt.
2023-09-08 08:06:32.072902 [INFO] Started Jackett daemon successfully...
2023-09-08 08:06:32.079554 [INFO] Jackett PID: 232
2023-09-08 08:06:32.108591 [WARNING] RESTART_CONTAINER not defined,(via -e RESTART_CONTAINER), defaulting to 'yes'
2023-09-08 08:06:32.135030 [INFO] HEALTH_CHECK_AMOUNT is set to 1

My jackett logs just says that jackett has started and that it is listening to port 9117.

I do not understand why it does not work, when i scanned my servers ip with Nmap it showed port 9117 as "filtered", not sure if this can have something to do with not being able to access it. I cant even access it from the server itself using localhost:9117

[matdave]

Started having the same issue. Just migrated my server and my new Jackett instance times out when I try to access it by the 9117 port, but everything looks fine in the logs.

[ICULikeMac]

Did anyone ever figure out what is happening here? I have the same issue, no issues in the logs and can't access the WebUI?

[NiceManiac]

Did anyone ever figure out what is happening here? I have the same issue, no issues in the logs and can't access the WebUI?

I gave up on openvpn and switched to a vpn provider with wireguard instead as i could never get openvpn to work again. Some update that seemingly broke it. Havent bothered trying openvpn again since

[ICULikeMac]

Thanks for the response! And the UI worked when not using openvpn?

[NiceManiac]

Thanks for the response! And the UI worked when not using openvpn?

Yep everything work fine after switching from openvpn to wireguard, seems like maybe the openvpn module makes it not finish starting up or something

[ICULikeMac]

Thanks for the response! And the UI worked when not using openvpn?

Yep everything work fine after switching from openvpn to wireguard, seems like maybe the openvpn module makes it not finish starting up or something

Thanks so much for the info.

[CupcakePWR]

Apologies for necro, but just had the same issue..
I believe the problem stems from the message "Error: Nexthop has invalid gateway." - Why that is I do not know, but I made a garbage solution by entering the container and adding static route.. Probably better with wireguard or something.

In my case this works..:

docker exec -it jackettvpn /bin/bash
ip route add 10.0.1.0/24 via 192.168.208.1 dev eth0

of course, change 10.0.1.10/24 to your own LAN, and 192.168.208.1 is just the docker gateway, it can change and you can pick it up multiple ways..
ip add shows ip/subnets for your interfaces - grab the one attached to eth0..

Again this is a garbage solution, but in my case right now I just want to get it to work right now, maybe someone out there need the same