Jump to content

Glassed Silver

Members
  • Content Count

    65
  • Joined

  • Last visited

Community Reputation

5 Neutral

About Glassed Silver

  • Rank
    Advanced Member

Converted

  • Location
    Germany

Recent Profile Visitors

533 profile views
  1. I understand that this will not replace certificates, but I want to have this level of control as an additional layer of not peace of mind. This will NOT be on at all times, but only during times that I want to LAN game with someone further away. If a hacker fakes the IP AND has the credentials whilst I am gaming with a friend then good on them, they deserve it.... Also I'm thinking of someone taking advantage of the open port and attacking the WG software behind it. Regardless of that. Think of my use case as allowing someone access to your guest WiFi, trusting them that much and that you let them use your computer, but you don't want them poking around in your network. Not even by bad intentions, but stumbling upon something. Is my desire to have a remote computer-to-computer ad-hoc connection that illegitimate? I have read the first post, hence my question if there is a way to do it. Because it wasn't answered in the first post. The way I understood it there is a way to expose a container to the outside world through this, but then it's one port only if I understand this correctly. Maybe I'm looking at the wrong approach, in that case I'd be glad to receive any further help. My idea is basically really just to have a self-hosted Hamachi-style ad-hoc connection for games. Low-latency, high reliability, free and open-source. Maybe a different software is the key? I understand obscurity isn't a replacement for security or a means for it. It does help with peace of mind though in addition to traditionally secure mechanisms. I feel the more I explain the more we will get lost in the details though... Again, any pointers at how to approach my goal are super appreciated.
  2. Forgive me that I am not reading 17 pages, but maybe someone knows how to do this: I would love to setup a connection from one client to a specific machine in my network, but in a way that all ports are accessible. My goal is to setup a Hamachi-like connection where two machines can play LAN-only multiplayer games together. So that means an unknown number of ports will need to pass through to ONE machine only. I do NOT want to give access to my entire network and most importantly not to my server and thereby all of its containers accessible on the same IP, etc... Any ideas or am I going to end up using another solution? Also would love to know if there is a way to whitelist connections, so whilst I know that keys should always be treated with confidentiality it'd be nice to know that unexpected IPs won't even make it to the authentication process. My setup would be monitored and not remote. I'd always be able to manually whitelist a new IP I expect to connect.
  3. I did because that's how I got it to work initially after trying all the other things like setting the md5 hash for an empty password, for an actual password I would use and nothing worked... As for mappings, I also mapped within the app itself to /books, I did see my test library when it worked for a short while. latest log: [s6-init] making user provided files available at /var/run/s6/etc...exited 0. [s6-init] ensuring user provided files have correct perms...exited 0. [fix-attrs.d] applying ownership & permissions fixes... [fix-attrs.d] done. [cont-init.d] executing container initialization scripts... [cont-init.d] 01-envfile: executing... [cont-init.d] 01-envfile: exited 0. [cont-init.d] 10-adduser: executing... ------------------------------------- _ () | | ___ _ __ | | / __| | | / \ | | \__ \ | | | () | |_| |___/ |_| \__/ Brought to you by linuxserver.io We gratefully accept donations at: https://www.linuxserver.io/donate/ ------------------------------------- GID/UID ------------------------------------- User uid: 99 User gid: 100 ------------------------------------- [cont-init.d] 10-adduser: exited 0. [cont-init.d] 11-moduser: executing... [cont-init.d] 11-moduser: exited 0. [cont-init.d] 12-prep_xrdp: executing... [cont-init.d] 12-prep_xrdp: exited 0. [cont-init.d] 13-update_app_name: executing... [cont-init.d] 13-update_app_name: exited 0. [cont-init.d] 14-configure_openbox: executing... [cont-init.d] 14-configure_openbox: exited 0. [cont-init.d] 30-update_webapp_context: executing... [cont-init.d] 30-update_webapp_context: exited 0. [cont-init.d] 35-update_guac_creds: executing... [cont-init.d] 35-update_guac_creds: exited 0. [cont-init.d] 50-config: executing... [cont-init.d] 50-config: exited 0. [cont-init.d] 99-custom-scripts: executing... [custom-init] no custom files found exiting... [cont-init.d] 99-custom-scripts: exited 0. [cont-init.d] done. [services.d] starting services [services.d] done. Unable to find an X display. Ensure you have permission to connect to the display. X.Org X Server 1.19.6 Release Date: 2017-12-20 X Protocol Version 11, Revision 0 Build Operating System: Linux 4.4.0-168-generic x86_64 Ubuntu Current Operating System: Linux 25535faebf2c 4.19.98-Unraid #1 SMP Sun Jan 26 09:15:03 PST 2020 x86_64 Kernel command line: BOOT_IMAGE=/bzimage initrd=/bzroot Build Date: 14 November 2019 06:20:00PM xorg-server 2:1.19.6-1ubuntu4.4 (For technical support please see http://www.ubuntu.com/support) Current version of pixman: 0.34.0 Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: "/var/log/Xorg.pid-424.log", Time: Tue Mar 10 21:43:34 2020 (++) Using config file: "/etc/X11/xrdp/xorg.conf" (==) Using system config directory "/usr/share/X11/xorg.conf.d" guacd[432]: INFO: Guacamole proxy daemon (guacd) version 0.9.14 started guacd[432]: INFO: Listening on host 127.0.0.1, port 4822 xorgxrdpSetup: xrdpdevSetup: rdpmousePlug: rdpkeybPlug: rdpIdentify: rdpDriverFunc: op 10 : rdpPreInit: rdpScreenInit: virtualX 800 virtualY 600 rgbBits 8 depth 24 rdpScreenInit: pfbMemory bytes 1920000 rdpScreenInit: pfbMemory 0x14f51879f010 rdpSimdInit: assigning yuv functions rdpSimdInit: cpuid ax 1 cx 0 return ax 0x000206d7 bx 0x0b200800 cx 0x1fbee3ff dx 0xbfebfbff rdpSimdInit: sse2 amd64 yuv functions assigned rdpXvInit: depth 24 rdpClientConInit: kill disconnected [0] timeout [0] sec rdpScreenInit: out rdpmousePreInit: drv 0x55937a891990 info 0x55937aa395b0, flags 0x0 rdpmouseControl: what 0 rdpmouseDeviceInit: rdpmouseCtrl: rdpRegisterInputCallback: type 1 proc 0x14f518b78c60 rdpmouseControl: what 1 rdpmouseDeviceOn: rdpkeybPreInit: drv 0x55937a8add70 info 0x55937abaa1e0, flags 0x0 rdpkeybControl: what 0 rdpkeybDeviceInit: rdpkeybChangeKeyboardControl: rdpkeybChangeKeyboardControl: autoRepeat on rdpRegisterInputCallback: type 0 proc 0x14f518975530 rdpkeybControl: what 1 rdpkeybDeviceOn: rdpSaveScreen: rdpDeferredRandR: rdpResizeSession: width 1024 height 768 calling RRScreenSizeSet rdpRRScreenSetSize: width 1024 height 768 mmWidth 271 mmHeight 203 rdpRRGetInfo: screen resized to 1024x768 RRScreenSizeSet ok 1 Warning: Cannot convert string "-*-helvetica-bold-r-normal--*-120-*-*-*-*-iso8859-1" to type FontStruct Warning: Cannot convert string "-*-courier-medium-r-normal--*-120-*-*-*-*-iso8859-1" to type FontStruct rdpRRGetInfo: Obt-Message: Xinerama extension is not present on the server rdpInDeferredUpdateCallback: rdpkeybChangeKeyboardControl: rdpkeybChangeKeyboardControl: autoRepeat off Openbox-Message: Unable to find a valid menu file "/var/lib/openbox/debian-menu.xml" guacd[432]: INFO: Guacamole connection closed during handshake s6-svwait: fatal: timed out s6-svwait: fatal: timed out Connection failure: Connection refused pa_context_connect() failed: Connection refused rdpRRGetInfo: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-abc' qt.qpa.xcb: QXcbConnection: XCB error: 148 (Unknown), sequence: 181, resource id: 0, major code: 140 (Unknown), minor code: 20 libpng warning: iCCP: known incorrect sRGB profile DBusExport: Failed to connect to DBUS session bus, with error: org.freedesktop.DBus.Error.NotSupported: Using X11 for dbus-daemon autolaunch was disabled at compile time, set your DBUS_SESSION_BUS_ADDRESS instead s6-svwait: fatal: timed out Traceback (most recent call last): File "site-packages/calibre/gui2/notify.py", line 159, in get_notifier File "site-packages/calibre/gui2/notify.py", line 89, in get_dbus_notifier File "site-packages/dbus/_dbus.py", line 211, in __new__ File "site-packages/dbus/_dbus.py", line 100, in __new__ File "site-packages/dbus/bus.py", line 122, in __new__ DBusException: org.freedesktop.DBus.Error.NotSupported: Using X11 for dbus-daemon autolaunch was disabled at compile time, set your DBUS_SESSION_BUS_ADDRESS instead s6-svwait: fatal: timed out s6-svwait: fatal: timed out s6-svwait: fatal: timed out s6-svwait: fatal: timed out s6-svwait: fatal: timed out s6-svwait: fatal: timed out s6-svwait: fatal: timed out XIO: fatal IO error 11 (Resource temporarily unavailable) on X server ":1" after 3787 requests (3534 known processed) with 0 events remaining. rdpmouseControl: what 2 rdpmouseDeviceOff: rdpkeybControl: what 2 rdpkeybDeviceOff: rdpkeybControl: what 3 rdpkeybUnInit: drv 0x55937a8add70 info 0x55937abaa1e0, flags 0x0 rdpUnregisterInputCallback: proc 0x14f518975530 rdpmouseControl: what 3 rdpmouseUnInit: drv 0x55937a891990 info 0x55937aa395b0, flags 0x0 rdpUnregisterInputCallback: proc 0x14f518b78c60 rdpCloseScreen: xorgxrdpDownDown: xorgxrdpDownDown: 1 rdpClientConDeinit: rdpClientConDeinit: deleting file /tmp/.xrdp/xrdp_display_1 rdpClientConDeinit: deleting file /tmp/.xrdp/xrdp_disconnect_display_1 (II) Server terminated successfully (0). Closing log file. s6-svwait: fatal: supervisor died [cont-finish.d] executing container finish scripts... [cont-finish.d] done. [s6-finish] waiting for services. The X11 connection broke (error 1). Did the X11 server die? s6-svwait: fatal: supervisor died [s6-finish] sending all processes the TERM signal. s6-svwait: fatal: timed out [s6-finish] sending all processes the KILL signal and exiting. (complete log from start to stop)
  4. Got it to work for one update I think... (one update was successful, iirc) Updated today after receiving a notification in calibre (updated the docker, mind you, as advised) and then it wouldn't load the WebGUI anymore... Well, what are my settings? These: Ports: 11415 for 8080 11416 for 8081 Paths: /mnt/user/EBooks/Calibre/ for /books /mnt/user/EBooks/CalibreImport/ for /import (these WORKED before, I don't have a cache drive and I doubt mapping to a drive would fix it, it didn't before) PUID/PGID default as well as the other settings /mnt/user/appdata/calibre is Appdata Before getting it to work what I did was to remove all folders and data from the appdata directory except for .config/calibre/ and deleting the guacamole user and pass fields from the template. With today's update the user and pass fields got inserted again (naturally) and removing them, the appdata content as mentioned above and re-installing the container, but no, stays broken... Edit: I hope it's not rude to ping you, @jonathanm? Appreciate any help I can get with this.
  5. Welcome to the party, at this point I'm convinced the container is fundamentally broken/way too finicky to be reasonably maintainable by an average user. I have no idea where to troubleshoot next and since only some of the users in here seem to have gotten the help they needed I think some got lucky and some didn't with their config. If only it was running once it's running... But to see it work once, then not anymore after a reset of the container is disheartening and frankly speaking has broken my trust I might have once it may be running for more than an hour. I'm out of ideas at this point.
  6. That didn't do the trick. (my setup doesn't have a cache drive by the way, so I used what's disk3 in my case) Why is it important not to restart the application? And why do I hear about this just now that it's so important when the application will literally asks you at several places to restart the application? I'm not questioning you btw, just trying to piece together how this being a common prompt and the container reacting sensitive to it fit together. (oh and I'm aware the Calibre developer isn't to blame either, they cannot anticipate the environment we are using Calibre in. My question isn't about that ) Extending on that, I suppose when Calibre asks me to restart the application in future I will just let it sit at that prompt and restart the container instead? Good to know that they are the same dev then, that certainly gives me hope that eventually when my setup IS running it will probably remain ok, since RDP-Calibre had been a nice little treat. Edit: browsed the log a little more and found this part, any ideas? rdpRRGetInfo: Obt-Message: Xinerama extension is not present on the server rdpInDeferredUpdateCallback: rdpkeybChangeKeyboardControl: rdpkeybChangeKeyboardControl: autoRepeat off Openbox-Message: Unable to find a valid menu file "/var/lib/openbox/debian-menu.xml" guacd[432]: INFO: Guacamole connection closed during handshake Connection failure: Connection refused pa_context_connect() failed: Connection refused s6-svwait: fatal: timed out s6-svwait: fatal: timed out rdpRRGetInfo: QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-abc' qt.qpa.xcb: QXcbConnection: XCB error: 148 (Unknown), sequence: 181, resource id: 0, major code: 140 (Unknown), minor code: 20 libpng warning: iCCP: known incorrect sRGB profile DBusExport: Failed to connect to DBUS session bus, with error: org.freedesktop.DBus.Error.NotSupported: Using X11 for dbus-daemon autolaunch was disabled at compile time, set your DBUS_SESSION_BUS_ADDRESS instead Traceback (most recent call last): File "site-packages/calibre/gui2/notify.py", line 159, in get_notifier File "site-packages/calibre/gui2/notify.py", line 89, in get_dbus_notifier File "site-packages/dbus/_dbus.py", line 211, in __new__ File "site-packages/dbus/_dbus.py", line 100, in __new__ File "site-packages/dbus/bus.py", line 122, in __new__ DBusException: org.freedesktop.DBus.Error.NotSupported: Using X11 for dbus-daemon autolaunch was disabled at compile time, set your DBUS_SESSION_BUS_ADDRESS instead s6-svwait: fatal: timed out s6-svwait: fatal: timed out s6-svwait: fatal: timed out Edit 2: not even removing the GUAC user and pass fields helped... whew lads... This container is a real princess. I really wanted to run with authentication, now I finally settled for skipping it (at least for now) and not even the workaround that seemed to help a few guys on the previous page has helped me. Now my strategy is to try two things: 1) remove (with image) the container and reinstall without those fields again. 2) figure out where GUAC settings are stored in contrast to Calibre's so I can try wiping the right bits rather than my Calibre settings?
  7. So after many WEEKS of not being able to run it... I was able to get into the web GUI this ONE time. (after deleting the appdata folder for calibre) I set it up nicely, manually carrying over my settings from my old RDP-Calibre install, trying to do it manually so I don't carry over old junk... I restarted the application itself (not the entire container) several times throughout whenever the Calibre suggested it's best to do for settings to take effect. Then I did one final restart of the container because I wanted to set a new password... And things went downhill. Again the same old problem: no login page. Just the good old timeout and the same error messages that apparently every other guy in this thread is getting. (s6-svwait: fatal: timed out) Changing back to the old empty password hash didn't do it either. I will NOT again delete the appdata folder, because that got it to work last time, because I REALLY don't want to set it all up again and then probably end up with a borked installation again after one reset of the container... Something must be fundamentally wrong here. Either way, here's the docker run command: docker run -d --name='calibre' --net='bridge' -e TZ="Europe/Berlin" -e HOST_OS="Unraid" -e 'GUAC_USER'='<MYNAME>' -e 'GUAC_PASS'='<MD5HASHOFPASSWORD>' -e 'PUID'='99' -e 'PGID'='100' -p '11415:8080/tcp' -p '11416:8081/tcp' -v '/mnt/user/EBooks/Calibre/':'/books':'rw' -v '/mnt/user/EBooks/CalibreImport/':'/import':'rw' -v '/mnt/user/appdata/calibre':'/config':'rw' 'linuxserver/calibre' I am losing my mind over this container... I really miss RDP-Calibre, because it at least worked. It's a shame it isn't maintained anymore. Kudos to its dev though for setting up a message so that Fix Common Problems would alert me to the fact that it's deprecated. That was a real gentleman move.
  8. Update: The part about removing a default entry and creating a custom port mapping worked, thanks! ____________________________________________________________________ Unfortunately the GUI page is timing out. I recently borked this container and had to reinstall and I might not have set the correct preferences at first... I used to have this running, but now several restarts of the container, forced updates, deleting the conf file and even redownloading the VPN profile didn't help. Here's my container's log: Created by... ___. .__ .__ \_ |__ |__| ____ | |__ ____ ___ ___ | __ \| |/ \| | \_/ __ \\ \/ / | \_\ \ | | \ Y \ ___/ > < |___ /__|___| /___| /\___ >__/\_ \ \/ \/ \/ \/ \/ https://hub.docker.com/u/binhex/ 2020-02-25 03:56:21.365543 [info] System information Linux 7e9db428b484 4.19.98-Unraid #1 SMP Sun Jan 26 09:15:03 PST 2020 x86_64 GNU/Linux 2020-02-25 03:56:21.410969 [info] PUID defined as '99' 2020-02-25 03:56:21.459279 [info] PGID defined as '100' 2020-02-25 03:56:24.783198 [info] UMASK defined as '000' 2020-02-25 03:56:24.828922 [info] Permissions already set for volume mappings 2020-02-25 03:56:24.879175 [info] VPN_ENABLED defined as 'yes' 2020-02-25 03:56:24.937854 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/yyyy.xxxxx.com.udp.ovpn 2020-02-25 03:56:25.021206 [info] VPN remote line defined as 'remote xxx.xxx.xx.xxx xxxx' 2020-02-25 03:56:25.066922 [info] VPN_REMOTE defined as 'xxx.xxx.xx.xxx' 2020-02-25 03:56:25.114339 [info] VPN_PORT defined as '1194' 2020-02-25 03:56:25.167858 [info] VPN_PROTOCOL defined as 'udp' 2020-02-25 03:56:25.212669 [info] VPN_DEVICE_TYPE defined as 'tun0' 2020-02-25 03:56:25.256315 [info] VPN_PROV defined as 'custom' 2020-02-25 03:56:25.021206 [info] VPN remote line defined as 'remote xxx.xxx.xx.xxx xxxxx' 2020-02-25 03:56:25.066922 [info] VPN_REMOTE defined as 'xxx.xxx.xx.xxx' 2020-02-25 03:56:25.114339 [info] VPN_PORT defined as '1194' 2020-02-25 03:56:25.167858 [info] VPN_PROTOCOL defined as 'udp' 2020-02-25 03:56:25.212669 [info] VPN_DEVICE_TYPE defined as 'tun0' 2020-02-25 03:56:25.256315 [info] VPN_PROV defined as 'custom' 2020-02-25 03:56:25.300492 [info] LAN_NETWORK defined as '192.168.1.0/24' 2020-02-25 03:56:25.344835 [info] NAME_SERVERS defined as '1.0.0.1,209.222.18.218,37.235.1.177,84.200.70.40,1.1.1.1' 2020-02-25 03:56:25.388497 [info] VPN_USER defined as 'XXXXXXXXXXXXXXXXXXXXXXXXX' 2020-02-25 03:56:25.432928 [info] VPN_PASS defined as 'XXXXXXXXXXXXXXXXXXXXXXXXX' 2020-02-25 03:56:25.477532 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2020-02-25 03:56:25.521353 [info] ENABLE_PRIVOXY defined as 'yes' 2020-02-25 03:56:25.565992 [info] WEBUI_PORT defined as 'XXXXXX' 2020-02-25 03:56:25.619047 [info] Deleting files in /tmp (non recursive)... 2020-02-25 03:56:25.660896 [info] Starting Supervisor... 2020-02-25 03:56:25,901 INFO Included extra file "/etc/supervisor/conf.d/qbittorrent.conf" during parsing 2020-02-25 03:56:25,902 INFO Set uid to user 0 succeeded 2020-02-25 03:56:25,905 INFO supervisord started with pid 6 2020-02-25 03:56:26,908 INFO spawned: 'start-script' with pid 151 2020-02-25 03:56:26,910 INFO spawned: 'watchdog-script' with pid 152 2020-02-25 03:56:26,911 INFO reaped unknown pid 7 2020-02-25 03:56:26,919 DEBG 'start-script' stdout output: [info] VPN is enabled, beginning configuration of VPN 2020-02-25 03:56:26,919 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2020-02-25 03:56:26,919 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2020-02-25 03:56:26,921 DEBG 'watchdog-script' stdout output: [info] qBittorrent config file already exists, skipping copy 2020-02-25 03:56:26,922 DEBG 'watchdog-script' stdout output: [info] Removing session lock file (if it exists)... 2020-02-25 03:56:26,928 DEBG 'start-script' stdout output: [warn] Username contains characters which could cause authentication issues, please consider changing this if possible 2020-02-25 03:56:26,933 DEBG 'start-script' stdout output: [warn] Password contains characters which could cause authentication issues, please consider changing this if possible 2020-02-25 03:56:26,999 DEBG 'start-script' stdout output: [info] Default route for container is 172.17.0.1 2020-02-25 03:56:27,004 DEBG 'start-script' stdout output: [info] Adding 1.0.0.1 to /etc/resolv.conf 2020-02-25 03:56:27,008 DEBG 'start-script' stdout output: [info] Adding 209.222.18.218 to /etc/resolv.conf 2020-02-25 03:56:27,012 DEBG 'start-script' stdout output: [info] Adding 37.235.1.177 to /etc/resolv.conf 2020-02-25 03:56:27,017 DEBG 'start-script' stdout output: [info] Adding 84.200.70.40 to /etc/resolv.conf 2020-02-25 03:56:27,021 DEBG 'start-script' stdout output: [info] Adding 1.1.1.1 to /etc/resolv.conf 2020-02-25 03:56:27,025 DEBG 'start-script' stdout output: xxx.xxx.xx.xxx 2020-02-25 03:56:27,062 DEBG 'start-script' stdout output: [info] Docker network defined as 172.17.0.0/16 2020-02-25 03:56:27,066 DEBG 'start-script' stdout output: [info] Adding 192.168.1.0/24 as route via docker eth0 2020-02-25 03:56:27,068 DEBG 'start-script' stdout output: [info] ip route defined as follows... -------------------- 2020-02-25 03:56:27,069 DEBG 'start-script' stdout output: default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.18 192.168.1.0/24 via 172.17.0.1 dev eth0 2020-02-25 03:56:27,070 DEBG 'start-script' stdout output: -------------------- 2020-02-25 03:56:27,073 DEBG 'start-script' stdout output: iptable_mangle 16384 3 ip_tables 24576 9 iptable_filter,iptable_nat,iptable_mangle 2020-02-25 03:56:27,074 DEBG 'start-script' stdout output: [info] iptable_mangle support detected, adding fwmark for tables 2020-02-25 03:56:27,131 DEBG 'start-script' stdout output: [info] iptables defined as follows... -------------------- 2020-02-25 03:56:27,133 DEBG 'start-script' stdout output: -P INPUT DROP -P FORWARD DROP -P OUTPUT DROP -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 33038 -j ACCEPT -A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT -A INPUT -s 192.168.1.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 33038 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT -A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 192.168.1.0/24 -o eth0 -p tcp -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT 2020-02-25 03:56:27,134 DEBG 'start-script' stdout output: -------------------- 2020-02-25 03:56:27,135 DEBG 'start-script' stdout output: [info] Starting OpenVPN... 2020-02-25 03:56:27,143 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 WARNING: file 'credentials.conf' is group or others accessible Tue Feb 25 03:56:27 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020 2020-02-25 03:56:27,144 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 2020-02-25 03:56:27,144 DEBG 'start-script' stdout output: [info] OpenVPN started 2020-02-25 03:56:27,145 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit Tue Feb 25 03:56:27 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2020-02-25 03:56:27,147 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Feb 25 03:56:27 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2020-02-25 03:56:27,148 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194 Tue Feb 25 03:56:27 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Tue Feb 25 03:56:27 2020 UDP link local: (not bound) Tue Feb 25 03:56:27 2020 UDP link remote: [AF_INET]xxx.xxx.xx.xxx:1194 2020-02-25 03:56:27,216 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:1194, sid=5d0da1d2 74133a14 2020-02-25 03:56:27,304 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA 2020-02-25 03:56:27,305 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA4 2020-02-25 03:56:27,305 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 VERIFY KU OK Tue Feb 25 03:56:27 2020 Validating certificate extended key usage Tue Feb 25 03:56:27 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Feb 25 03:56:27 2020 VERIFY EKU OK Tue Feb 25 03:56:27 2020 VERIFY OK: depth=0, CN=yyy.xxxxx.com 2020-02-25 03:56:27,004 DEBG 'start-script' stdout output: [info] Adding 1.0.0.1 to /etc/resolv.conf 2020-02-25 03:56:27,008 DEBG 'start-script' stdout output: [info] Adding 209.222.18.218 to /etc/resolv.conf 2020-02-25 03:56:27,012 DEBG 'start-script' stdout output: [info] Adding 37.235.1.177 to /etc/resolv.conf 2020-02-25 03:56:27,017 DEBG 'start-script' stdout output: [info] Adding 84.200.70.40 to /etc/resolv.conf 2020-02-25 03:56:27,021 DEBG 'start-script' stdout output: [info] Adding 1.1.1.1 to /etc/resolv.conf 2020-02-25 03:56:27,025 DEBG 'start-script' stdout output: xxx.xxx.xx.xxx 2020-02-25 03:56:27,062 DEBG 'start-script' stdout output: [info] Docker network defined as 172.17.0.0/16 2020-02-25 03:56:27,066 DEBG 'start-script' stdout output: [info] Adding 192.168.1.0/24 as route via docker eth0 2020-02-25 03:56:27,068 DEBG 'start-script' stdout output: [info] ip route defined as follows... -------------------- 2020-02-25 03:56:27,069 DEBG 'start-script' stdout output: default via 172.17.0.1 dev eth0 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.18 192.168.1.0/24 via 172.17.0.1 dev eth0 2020-02-25 03:56:27,070 DEBG 'start-script' stdout output: -------------------- 2020-02-25 03:56:27,073 DEBG 'start-script' stdout output: iptable_mangle 16384 3 ip_tables 24576 9 iptable_filter,iptable_nat,iptable_mangle 2020-02-25 03:56:27,074 DEBG 'start-script' stdout output: [info] iptable_mangle support detected, adding fwmark for tables 2020-02-25 03:56:27,131 DEBG 'start-script' stdout output: [info] iptables defined as follows... -------------------- 2020-02-25 03:56:27,133 DEBG 'start-script' stdout output: -P INPUT DROP -P FORWARD DROP -P OUTPUT DROP -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 1194 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 33038 -j ACCEPT -A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 33038 -j ACCEPT -A INPUT -s 192.168.1.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 1194 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 33038 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT -A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 33038 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 192.168.1.0/24 -o eth0 -p tcp -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT 2020-02-25 03:56:27,134 DEBG 'start-script' stdout output: -------------------- 2020-02-25 03:56:27,135 DEBG 'start-script' stdout output: [info] Starting OpenVPN... 2020-02-25 03:56:27,143 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 WARNING: file 'credentials.conf' is group or others accessible Tue Feb 25 03:56:27 2020 OpenVPN 2.4.8 [git:makepkg/3976acda9bf10b5e+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jan 3 2020 2020-02-25 03:56:27,144 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10 2020-02-25 03:56:27,144 DEBG 'start-script' stdout output: [info] OpenVPN started 2020-02-25 03:56:27,145 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit Tue Feb 25 03:56:27 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2020-02-25 03:56:27,147 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication Tue Feb 25 03:56:27 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication 2020-02-25 03:56:27,148 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]xxx.xxx.xx.xxx:1194 Tue Feb 25 03:56:27 2020 Socket Buffers: R=[212992->212992] S=[212992->212992] Tue Feb 25 03:56:27 2020 UDP link local: (not bound) Tue Feb 25 03:56:27 2020 UDP link remote: [AF_INET]xxx.xxx.xx.xxx:1194 2020-02-25 03:56:27,216 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 TLS: Initial packet from [AF_INET]xxx.xxx.xx.xxx:1194, sid=5d0da1d2 74133a14 2020-02-25 03:56:27,304 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 VERIFY OK: depth=2, <snip> 2020-02-25 03:56:27,305 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 VERIFY OK: depth=1, <snip> 2020-02-25 03:56:27,305 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 VERIFY KU OK Tue Feb 25 03:56:27 2020 Validating certificate extended key usage Tue Feb 25 03:56:27 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Feb 25 03:56:27 2020 VERIFY EKU OK Tue Feb 25 03:56:27 2020 VERIFY OK: depth=0, CN=yyy.xxxxx.com 2020-02-25 03:56:27,548 DEBG 'start-script' stdout output: Tue Feb 25 03:56:27 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA Tue Feb 25 03:56:27 2020 [yyy.xxxx.com] Peer Connection Initiated with [AF_INET]xxx.xxx.xx.xxx:1194 2020-02-25 03:56:28,652 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 SENT CONTROL [yyy.xxxxxx.com]: 'PUSH_REQUEST' (status=1) 2020-02-25 03:56:28,724 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.2.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.2.14 255.255.255.0,peer-id 22,cipher AES-256-GCM' 2020-02-25 03:56:28,724 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: timers and/or timeouts modified Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: explicit notify parm(s) modified Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: compression parms modified Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified Tue Feb 25 03:56:28 2020 Socket Buffers: R=[212992->1048576] S=[212992->1048576] Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: --ifconfig/up options modified Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: route options modified Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: route-related options modified Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: peer-id set Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: adjusting link_mtu to 1657 Tue Feb 25 03:56:28 2020 OPTIONS IMPORT: data channel crypto options modified Tue Feb 25 03:56:28 2020 Data Channel: using negotiated cipher 'AES-256-GCM' Tue Feb 25 03:56:28 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Feb 25 03:56:28 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Tue Feb 25 03:56:28 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:12 2020-02-25 03:56:28,725 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 TUN/TAP device tun0 opened Tue Feb 25 03:56:28 2020 TUN/TAP TX queue length set to 100 Tue Feb 25 03:56:28 2020 /usr/bin/ip link set dev tun0 up mtu 1500 2020-02-25 03:56:28,727 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 /usr/bin/ip addr add dev tun0 10.8.2.14/24 broadcast 10.8.2.255 2020-02-25 03:56:28,728 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 /root/openvpnup.sh tun0 1500 1585 10.8.2.14 255.255.255.0 init 2020-02-25 03:56:28,731 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 /usr/bin/ip route add xxx.xxx.xx.xxx/32 via 172.17.0.1 2020-02-25 03:56:28,733 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 /usr/bin/ip route add 0.0.0.0/1 via 10.8.2.1 2020-02-25 03:56:28,735 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 /usr/bin/ip route add 128.0.0.0/1 via 10.8.2.1 2020-02-25 03:56:28,736 DEBG 'start-script' stdout output: Tue Feb 25 03:56:28 2020 Initialization Sequence Completed 2020-02-25 03:56:28,856 DEBG 'start-script' stdout output: [info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment 2020-02-25 03:56:28,856 DEBG 'start-script' stdout output: [info] Checking we can resolve name 'www.google.com' to address... 2020-02-25 03:56:28,986 DEBG 'start-script' stdout output: [info] DNS operational, we can resolve name 'www.google.com' to address '216.58.210.196' 2020-02-25 03:56:28,988 DEBG 'start-script' stdout output: [info] Attempting to get external IP using Name Server 'ns1.google.com'... 2020-02-25 03:56:29,463 DEBG 'start-script' stdout output: [info] Successfully retrieved external IP address xxx.xxx.xx.xxx 2020-02-25 03:56:29,497 DEBG 'watchdog-script' stdout output: [info] qBittorrent listening interface IP 0.0.0.0 and VPN provider IP 10.8.2.14 different, marking for reconfigure 2020-02-25 03:56:29,501 DEBG 'watchdog-script' stdout output: [info] qBittorrent not running 2020-02-25 03:56:29,506 DEBG 'watchdog-script' stdout output: [info] Privoxy not running 2020-02-25 03:56:29,506 DEBG 'watchdog-script' stdout output: [info] Removing session lock file (if it exists)... 2020-02-25 03:56:29,508 DEBG 'watchdog-script' stdout output: [info] Attempting to start qBittorrent... 2020-02-25 03:56:29,532 DEBG 'watchdog-script' stdout output: [info] qBittorrent process started [info] Waiting for qBittorrent process to start listening on port 33038... 2020-02-25 03:56:29,658 DEBG 'watchdog-script' stdout output: [info] qBittorrent process listening on port 33038 2020-02-25 03:56:29,672 DEBG 'watchdog-script' stdout output: [info] Attempting to start Privoxy... 2020-02-25 03:56:30,678 DEBG 'watchdog-script' stdout output: [info] Privoxy process started [info] Waiting for Privoxy process to start listening on port 8118... 2020-02-25 03:56:30,688 DEBG 'watchdog-script' stdout output: [info] Privoxy process listening on port 8118 Anything obvious I'm missing?
  9. 2020-02-25T02:00:33+0000 ClamAV process starting Updating ClamAV scan DB LibClamAV Warning: Cannot dlopen libclamunrar_iface: file not found - unrar support unavailable ClamAV update process started at Tue Feb 25 02:00:35 2020 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.102.1 Recommended version: 0.102.2 DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav daily.cvd database is up to date (version: 25733, sigs: 2194234, f-level: 63, builder: raynman) main.cvd database is up to date (version: 59, sigs: 4564902, f-level: 60, builder: sigmgr) bytecode.cvd database is up to date (version: 331, sigs: 94, f-level: 63, builder: anvilleg) Freshclam updated the DB ClamAV 0.102.1/25733/Mon Feb 24 14:09:18 2020 Scanning /scan LibClamAV Warning: Cannot dlopen libclamunrar_iface: file not found - unrar support unavailable What's with the unrar error here? Thanks a lot for the container, very much appreciated to have a nifty app like this. Any possibility of adding unRAID warning notifications (which I would then also get through Pushbullet)?
  10. I just read about Docker > Add Container > pick from list. I feel like the biggest potato right now... My point still stands though, a container shouldn't be able to disappear due to a hanging install procedure. Thanks for your feedback though, at first I tried the usual Apps > search for app and add and that left me with a default config proposal. I borked my Plex now, because I followed what seems like way outdated advice (add normally, don't change anything, but apparantly that advice from... 5-6 years ago? I don't remember where I read it - didn't have Community Applications in mind)
  11. Hey community, maybe I'm missing something here, but I'm rather irritated that I'm currently dealing with a bunch of lost containers... Something must have timed out or such, but this isn't necessarily a thread about the cause of my problem, this is about my suggestion that during updating the old container should remain stored until the new version has succeeded. Alternatively keep the config overwrites stored... Something! So I don't have to start screen-shooting my configs and counting containers just to see if there is gonna be a lost one one day. Cheers!
  12. Which components are in your configuration? HBA card I hope? And also try another OS. Maybe it's specific to the OS running, that could help narrow it down. Try loading Ubuntu server (LTS). Is it also this noisy when you're in iLO? Speaking of iLO, check its system diagnostics for anomalies. Best of luck!
  13. Thanks for your contribution, but it's already long solved. (see the post above you) However it's never bad to make contributions even after an issue is solved, since people who google this problem might find the further tips helpful! :)
  14. Heya! So there's a bunch of requirements I have, I know I know, ... It should be easy to learn and maintain. I don't want to deal with subscription models, free would be nice. Especially FOSS. Absolute must: Many to many relational database. It shouldn't be a product without SOME history. (and when I hear the word "plugin" my first association is: asymmetrical development and eventual incompatibility. Version-pinning on steroids...) I want to have an easy way to attach pictures and other data type attachments. Inserting a path to a picture URL MySQL-style is iffy... That sounds like a horrible workflow. e.g.: I want to use the db to catalogue games, anime, manga and other things. I usually document the items with a cover like image and then varying amounts of pics that document the condition of the very item I own. (generic AND "as is") Now right now I'm using a HORRIBLE setup (Tap Forms on iPhone) and shoot pictures right from the app - they get inserted into the entry and everything's ok. Something similar would be nice. Web-based for all I care. If it somehow uses MySQL or something else that can be interfaced with in an open way that'd be nice. I want to queue and execute later some queries as well when I'm away from my server (which I will not open to the internet due to safety concerns) - e.g. I catalogue my games and usually I like logging my sessions as well. When I'm at home this is all fine and dandy, but when I play something away from home I would like to save those queries and execute them when a connection can be established again. Front-end: what I've looked into so far is MS Access with ODBC linking to MySQL, however a flexible amount of pictures seems impossible? Or rather convoluted. Then there's the limitation that I apparently cannot directly connect to MySQL from it? There's more I might have to add, but so far I think that knocks out so many programs or paths that I'll leave it at that. Cheers, let's hope this won't be a 0 replies thread, because I've been looking for solutions for the entire weekend and the stuff that is halfway powerful needs a lot of manual work or I may have just missed the right tools.
  15. Follow up for anyone wanting to do the same: the USB3 card I bought definitely needs additional power to function! No IOMMU disable is required, all I had to do was buy an adapter that turns full SATA into Slimline SATA. Attach the SATA cable that came with the card to the adapter and plug it into the full-size SATA port that is conveniently located right next to the PCIe expansion slots. You want an adapter like this one: "Slimline SATA to SATA Adapter with Power - F/M (SLSATAADAP)" Amazon.de link to check out the picture. No affiliate link! Cheers!