Globe89

I'm having an issue with sabnzbd sending SMTP messages to my local mail server (10.13.2.220) I configured VPN_OUTPUT_PORTS=25, which is the port for my SMTP server. But test emails are failing to be sent with the VPN up. sabnzbdvpn: image: binhex/arch-sabnzbdvpn:4.0.3-1-03 container_name: sabnzbdvpn privileged: true environment: - VPN_ENABLED=yes - VPN_PROV=protonvpn - VPN_CLIENT=wireguard - STRICT_PORT_FORWARD=no - ENABLE_PRIVOXY=yes - LAN_NETWORK=10.13.2.1/24,10.189.177.0/24 - NAME_SERVERS=1.1.1.1 - VPN_INPUT_PORTS=50005 - VPN_OUTPUT_PORTS=25 - DEBUG=true - UMASK=000 - PUID=0 - PGID=0 volumes: - /mnt/data/:/data - /apps/docker/sabnzbd/config:/config - /etc/localtime:/etc/localtime:ro ports: - 8080:8080 - 8090:8090 - 8119:8118 restart: unless-stopped

I use both Wireguard (via my Firewalla) and Tailscale for remote access to my home network. I added my Wireguard IP range to the LAN_NETWORK, and it works great. However, for the life of me I can't get my Tailscale range to work. For example, in the tailscale console all my IPs are 100.20.30.xxx. So for the LAN_NETWORK I added 100.20.30.0/24 but that doesn't work. My home exit node is on primary LAN address space, which is already listed in LAN_NETWORK.

yes I went into the container console into /data. There were no files/directories. But I created 'incomplete' successfully. I also touched a file, and that worked. I then went to my Ubuntu host and that directory and touched file were on the host.

download to: /data/incomplete I haven't changed any default Deluge settings.

I got Deluge running and ProtonVPN WG config setup. WG tunnel comes up, and DNS resolution works. I also followed the FAQ to get the right Proton VPN port forwarding file. However, zero torrents are downloading. It is showing seeds and peers are online, but 0 bytes are downloaded. Not sure where to go from here to debug? The Docker container is running on a plain vanilla Ubuntu VM. version: '3.7' services: delugevpn: image: binhex/arch-delugevpn container_name: delugevpn privileged: true ports: - 8112:8112 - 8118:8118 - 58846:58846 - 58946:58946 volumes: - /apps/docker/deluge/data:/data - /apps/docker/deluge/config:/config - /etc/localtime:/etc/localtime:ro environment: - VPN_ENABLED=yes - VPN_PROV=protonvpn - VPN_USER=user+pmp - VPN_CLIENT=wireguard - VPN_DEVICE_TYPE=wg0 - STRICT_PORT_FORWARD=yes - ENABLE_PRIVOXY=yes - LAN_NETWORK=10.13.2.1/24,10.189.177.0/24 - NAME_SERVERS=1.1.1.1 - DELUGE_DAEMON_LOG_LEVEL=debug - DELUGE_WEB_LOG_LEVEL=debug - DELUGE_ENABLE_WEBUI_PASSWORD=yes - VPN_INPUT_PORTS=50004 - VPN_OUTPUT_PORTS=56780 - DEBUG=true - UMASK=000 - PUID=1000 - PGID=1000

@binhex Any ideas on how this can be resolved? Seems like the container startup scripts that modify wg0.conf need a bit more logic added.

I have ProtonVPN and it supports user downloadable Wireguard configs. And I'm trying to run Qbittorrentvpn on a Synology NAS with DSM 7.1. After much troubleshooting, I did manage to get your docker container working. But it's a hack, so I'm hoping there is a more elegant solution. The tl;dr of the solution is that I had to add VPN_DEVICE_TYPE = wg0 to the container environment, or the binhex tunnel up script would not detect that the Wireguard tunnel came up. After I got past the hurdle there is apparently some oddity with how WG works on a Synology. I found a Reddit post (link below) that came to the rescue. It has additional postup/postdown steps that resolved the internet connectivity issue, along with tweaking AllowIPs = 0.0.0.0/1,128.0.0.0/1. The biggest problem with my hack, is that if I modify the ProtonVPN WG config file to add the needed changes, when the container starts and it creates the wg0.conf file, the custom postup/postdown lines are lost. So I have to modify the wg0.conf file after the container starts and wait for the watchdog process to re-try the tunnel, at which point everything works. Not elegant. www.reddit. com/r/synology/comments/xkxjfh/fya_how_to_connect_synology_to_a_wireguard_vpn/ Hacked solution: Start binhex container, then open the generated wg0.conf file and modify it as follows (note it's important to run the Synology postup/postdown commands BEFORE the binhex inserted commands). Save the config file and wait for the watchdog process to re-try the tunnel, at which point it comes up and life is good. [Interface] Table = 2468 PostUp = wg set wg0 fwmark 1234 PostUp = ip rule add not fwmark 1234 table 2468 PostUp = ip rule add table main suppress_prefixlength 0 PostUp = iptables -I FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -A POSTROUTING -o %i -j MASQUERADE PostUp = '/root/wireguardup.sh' PostDown = iptables -D FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -D POSTROUTING -o %i -j MASQUERADE PostDown = ip rule del table main suppress_prefixlength 0 PostDown = ip rule del not fwmark 1234 table 2468 PostDown = '/root/wireguarddown.sh' # Key for qbittorrent # Bouncing = 5 # NetShield = 0 # Moderate NAT = off # NAT-PMP (Port Forwarding) = on # VPN Accelerator = on PrivateKey = xxxxxx Address = 10.2.0.2/32 DNS = 1.1.1.1 [Peer] # CA#21 PublicKey = xxxx AllowedIPs = 0.0.0.0/1,128.0.0.0/1 Endpoint = xxxxx:51820 I'll be the first to admit I have no idea what the additional IP rules do, but they work. Here's the container variables that work: DEBUG true ENABLE_PRIVOXY yes HOME /home/nobody LAN_NETWORK 10.13.2.1/24 LAN Gen_GB.UTF-8 NAME_SERVERS 1.1.1.1 PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PGID 100 PUID 1024 STRICT_PORT_FORWARD yes TERM xterm UMASK 000 VPN_CLIENT wireguard VPN_DEVICE_TYPE wg0 VPN_ENABLED yes VPN_INPUT_PORTS 50004 VPN_OUTPUT_PORTS 56780 VPN_PROV protonvpn WEBUI_PORT 8080 The biggest issue is the postup/postdown rules getting lost and for some reason I had to define VPN_DEVICE_TYPE which I didn't see documented anywhere (bug?).

I want a hardened OpenVPN server + firewall.

Which Docker image would you recommend for this?

Thanks for the tip! I switched to PIA, and everything is working as advertised.

I'm using a Synology DSM 6.2.2 with Docker. Deluge works if I don't have my VPN (ExpressVPN) configured (false). However, when I set VPN to true I can't download anything. I followed the "Tom the Great" guide to the letter, and rebooted my Synology as well. From the supervisord.log file it appears to me as if the VPN is coming up: Any ideas? 2019-06-06 19:41:33,991 DEBG 'start-script' stdout output: Thu Jun 6 19:41:33 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.48.0.1,comp-lzo no,route 10.48.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.48.0.190 10.48.0.189,peer-id 37,cipher AES-256-GCM' Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: timers and/or timeouts modified Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: compression parms modified Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: --ifconfig/up options modified Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: route options modified Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: peer-id set Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: adjusting link_mtu to 1629 Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: data channel crypto options modified Thu Jun 6 19:41:33 2019 Data Channel: using negotiated cipher 'AES-256-GCM' Thu Jun 6 19:41:33 2019 NCP: overriding user-set keysize with default Thu Jun 6 19:41:33 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu Jun 6 19:41:33 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Thu Jun 6 19:41:33 2019 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02 Thu Jun 6 19:41:33 2019 TUN/TAP device tun0 opened Thu Jun 6 19:41:33 2019 TUN/TAP TX queue length set to 100 Thu Jun 6 19:41:33 2019 /usr/bin/ip link set dev tun0 up mtu 1500 2019-06-06 19:41:33,994 DEBG 'start-script' stdout output: Thu Jun 6 19:41:33 2019 /usr/bin/ip addr add dev tun0 local 10.48.0.190 peer 10.48.0.189 2019-06-06 19:41:33,997 DEBG 'start-script' stdout output: Thu Jun 6 19:41:33 2019 /root/openvpnup.sh tun0 1500 1557 10.48.0.190 10.48.0.189 init 2019-06-06 19:41:34,085 DEBG 'watchdog-script' stdout output: [info] Deluge listening interface IP 0.0.0.0 and VPN provider IP 10.48.0.190 different, marking for reconfigure 2019-06-06 19:41:34,092 DEBG 'watchdog-script' stdout output: [info] Deluge not running 2019-06-06 19:41:34,099 DEBG 'watchdog-script' stdout output: [info] Deluge Web UI not running 2019-06-06 19:41:34,133 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 140338604935880 for <Subprocess at 140338604879376 with name privoxy-script in state RUNNING> (stdout)> 2019-06-06 19:41:34,133 DEBG fd 10 closed, stopped monitoring <POutputDispatcher at 140338605036488 for <Subprocess at 140338604879376 with name privoxy-script in state RUNNING> (stderr)> 2019-06-06 19:41:34,134 INFO exited: privoxy-script (exit status 0; expected) 2019-06-06 19:41:34,134 DEBG received SIGCHLD indicating a child quit 2019-06-06 19:41:34,144 DEBG 'start-script' stdout output: Error: could not find any address for the name: `ns1.google.com' 2019-06-06 19:41:34,155 DEBG 'start-script' stdout output: Error: could not find any address for the name: `resolver1.opendns.com' 2019-06-06 19:41:34,215 DEBG 'start-script' stdout output: [warn] Cannot determine external IP address, exhausted retries setting to tunnel IP '10.48.0.190' 2019-06-06 19:41:34,313 DEBG 'watchdog-script' stdout output: [info] Attempting to start Deluge... [info] Removing deluge pid file (if it exists)... 2019-06-06 19:41:35,208 DEBG 'watchdog-script' stdout output: [info] Deluge listening interface currently defined as 0.0.0.0 [info] Deluge listening interface will be changed to 0.0.0.0 [info] Saving changes to Deluge config file /config/core.conf... 2019-06-06 19:41:35,938 DEBG 'watchdog-script' stdout output: [info] Deluge process started [info] Waiting for Deluge process to start listening on port 58846... 2019-06-06 19:41:36,168 DEBG 'start-script' stdout output: Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 104.143.86.134/32 via 172.17.0.1 2019-06-06 19:41:36,176 DEBG 'start-script' stdout output: Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 0.0.0.0/1 via 10.48.0.189 2019-06-06 19:41:36,181 DEBG 'start-script' stdout output: Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 128.0.0.0/1 via 10.48.0.189 2019-06-06 19:41:36,189 DEBG 'start-script' stdout output: Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 10.48.0.1/32 via 10.48.0.189 2019-06-06 19:41:36,191 DEBG 'start-script' stdout output: Thu Jun 6 19:41:36 2019 Initialization Sequence Completed 2019-06-06 19:41:36,965 DEBG 'watchdog-script' stdout output: [info] Deluge process listening on port 58846 2019-06-06 19:41:38,336 DEBG 'watchdog-script' stdout output: [info] No torrents with state 'Error' found 2019-06-06 19:41:38,338 DEBG 'watchdog-script' stdout output: [info] Starting Deluge Web UI... [info] Deluge Web UI started 2019-06-06 19:42:08,517 DEBG 'watchdog-script' stdout output: [info] Privoxy not running 2019-06-06 19:42:08,676 DEBG 'watchdog-script' stdout output: [info] Attempting to start Privoxy... 2019-06-06 19:42:09,688 DEBG 'watchdog-script' stdout output: [info] Privoxy process started [info] Waiting for Privoxy process to start listening on port 8118... 2019-06-06 19:42:09,697 DEBG 'watchdog-script' stdout output: [info] Privoxy process listening on port 8118 Some configuration parameters: 2019-06-06 15:29:55.343993 [info] PUID defined as '1024' 2019-06-06 15:29:55.622376 [info] PGID defined as '100' 2019-06-06 15:29:55.906141 [info] UMASK defined as '000' 2019-06-06 15:29:55.980167 [info] Setting permissions recursively on volume mappings... 2019-06-06 15:29:56.181577 [info] DELUGE_DAEMON_LOG_LEVEL not defined,(via -e DELUGE_DAEMON_LOG_LEVEL), defaulting to 'info' 2019-06-06 15:29:56.249941 [info] DELUGE_WEB_LOG_LEVEL not defined,(via -e DELUGE_WEB_LOG_LEVEL), defaulting to 'info' 2019-06-06 15:29:56.353231 [info] VPN_ENABLED defined as 'yes' 2019-06-06 15:29:56.483139 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn dos2unix: converting file /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn to Unix format... 2019-06-06 15:29:56.594243 [info] VPN remote line defined as 'remote usa-losangeles-3-ca-version-2.expressnetw.com 1195' 2019-06-06 15:29:56.661266 [info] VPN_REMOTE defined as 'usa-losangeles-3-ca-version-2.expressnetw.com' 2019-06-06 15:29:56.742286 [info] VPN_PORT defined as '1195' 2019-06-06 15:29:56.867163 [warn] VPN_PROTOCOL not found in /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn, assuming udp 2019-06-06 15:29:56.946233 [info] VPN_DEVICE_TYPE defined as 'tun0' 2019-06-06 15:29:57.013061 [info] VPN_PROV defined as 'custom' 2019-06-06 15:29:57.085656 [info] LAN_NETWORK defined as '10.13.2.0/24' 2019-06-06 15:29:57.160046 [info] NAME_SERVERS defined as '1.1.1.1,1.0.0.1' 2019-06-06 15:29:57.232250 [info] VPN_USER defined as 'redacted' 2019-06-06 15:29:57.300635 [info] VPN_PASS defined as 'redacted' 2019-06-06 15:29:57.374480 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2019-06-06 15:29:57.444065 [info] ENABLE_PRIVOXY defined as 'yes'