Globe89
-
Posts
13 -
Joined
-
Last visited
Content Type
Profiles
Forums
Downloads
Store
Gallery
Bug Reports
Documentation
Landing
Posts posted by Globe89
-
-
I use both Wireguard (via my Firewalla) and Tailscale for remote access to my home network. I added my Wireguard IP range to the LAN_NETWORK, and it works great. However, for the life of me I can't get my Tailscale range to work. For example, in the tailscale console all my IPs are 100.20.30.xxx. So for the LAN_NETWORK I added 100.20.30.0/24 but that doesn't work. My home exit node is on primary LAN address space, which is already listed in LAN_NETWORK.
-
4 minutes ago, strike said:
Looks ok. Due you see any permissions error in the log? If you bash into the container and cd to that dir are you able to write to it?
yes I went into the container console into /data. There were no files/directories. But I created 'incomplete' successfully. I also touched a file, and that worked. I then went to my Ubuntu host and that directory and touched file were on the host.
-
1 minute ago, strike said:
What path do you have in the downloads section in the deluge settings?
download to: /data/incomplete
I haven't changed any default Deluge settings.
-
On 12/21/2023 at 4:14 AM, binhex said:
that looks good to me!, it really is fairly simple, define incoming port at vpn provider end, configure deluge to use defined port, job done :-), obviously its more tricky for dynamic port vpn providers such as PIA and ProtonVPN, which is why i do it for ya :-).
I got Deluge running and ProtonVPN WG config setup. WG tunnel comes up, and DNS resolution works. I also followed the FAQ to get the right Proton VPN port forwarding file. However, zero torrents are downloading. It is showing seeds and peers are online, but 0 bytes are downloaded. Not sure where to go from here to debug? The Docker container is running on a plain vanilla Ubuntu VM.
version: '3.7'
services:
delugevpn:
image: binhex/arch-delugevpn
container_name: delugevpn
privileged: true
ports:
- 8112:8112
- 8118:8118
- 58846:58846
- 58946:58946
volumes:
- /apps/docker/deluge/data:/data
- /apps/docker/deluge/config:/config
- /etc/localtime:/etc/localtime:ro
environment:
- VPN_ENABLED=yes
- VPN_PROV=protonvpn
- VPN_USER=user+pmp
- VPN_CLIENT=wireguard
- VPN_DEVICE_TYPE=wg0
- STRICT_PORT_FORWARD=yes
- ENABLE_PRIVOXY=yes
- LAN_NETWORK=10.13.2.1/24,10.189.177.0/24
- NAME_SERVERS=1.1.1.1
- DELUGE_DAEMON_LOG_LEVEL=debug
- DELUGE_WEB_LOG_LEVEL=debug
- DELUGE_ENABLE_WEBUI_PASSWORD=yes
- VPN_INPUT_PORTS=50004
- VPN_OUTPUT_PORTS=56780
- DEBUG=true
- UMASK=000
- PUID=1000
- PGID=1000
-
On 12/31/2022 at 6:10 AM, Globe89 said:
I have ProtonVPN and it supports user downloadable Wireguard configs. And I'm trying to run Qbittorrentvpn on a Synology NAS with DSM 7.1. After much troubleshooting, I did manage to get your docker container working. But it's a hack, so I'm hoping there is a more elegant solution.
The tl;dr of the solution is that I had to add VPN_DEVICE_TYPE = wg0 to the container environment, or the binhex tunnel up script would not detect that the Wireguard tunnel came up. After I got past the hurdle there is apparently some oddity with how WG works on a Synology. I found a Reddit post (link below) that came to the rescue. It has additional postup/postdown steps that resolved the internet connectivity issue, along with tweaking AllowIPs = 0.0.0.0/1,128.0.0.0/1.
The biggest problem with my hack, is that if I modify the ProtonVPN WG config file to add the needed changes, when the container starts and it creates the wg0.conf file, the custom postup/postdown lines are lost. So I have to modify the wg0.conf file after the container starts and wait for the watchdog process to re-try the tunnel, at which point everything works. Not elegant.
www.reddit. com/r/synology/comments/xkxjfh/fya_how_to_connect_synology_to_a_wireguard_vpn/
Hacked solution:
Start binhex container, then open the generated wg0.conf file and modify it as follows (note it's important to run the Synology postup/postdown commands BEFORE the binhex inserted commands). Save the config file and wait for the watchdog process to re-try the tunnel, at which point it comes up and life is good.
[Interface]
Table = 2468
PostUp = wg set wg0 fwmark 1234
PostUp = ip rule add not fwmark 1234 table 2468
PostUp = ip rule add table main suppress_prefixlength 0
PostUp = iptables -I FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
PostUp = '/root/wireguardup.sh'
PostDown = iptables -D FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
PostDown = ip rule del table main suppress_prefixlength 0
PostDown = ip rule del not fwmark 1234 table 2468
PostDown = '/root/wireguarddown.sh'# Key for qbittorrent
# Bouncing = 5
# NetShield = 0
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = xxxxxx
Address = 10.2.0.2/32
DNS = 1.1.1.1[Peer]
# CA#21
PublicKey = xxxx
AllowedIPs = 0.0.0.0/1,128.0.0.0/1
Endpoint = xxxxx:51820I'll be the first to admit I have no idea what the additional IP rules do, but they work. Here's the container variables that work:
DEBUG true
ENABLE_PRIVOXY yes
HOME /home/nobody
LAN_NETWORK 10.13.2.1/24
LAN Gen_GB.UTF-8
NAME_SERVERS 1.1.1.1
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID 100
PUID 1024
STRICT_PORT_FORWARD yes
TERM xterm
UMASK 000
VPN_CLIENT wireguard
VPN_DEVICE_TYPE wg0
VPN_ENABLED yes
VPN_INPUT_PORTS 50004
VPN_OUTPUT_PORTS 56780
VPN_PROV protonvpn
WEBUI_PORT 8080
The biggest issue is the postup/postdown rules getting lost and for some reason I had to define VPN_DEVICE_TYPE which I didn't see documented anywhere (bug?).
@binhex Any ideas on how this can be resolved? Seems like the container startup scripts that modify wg0.conf need a bit more logic added.
-
I have ProtonVPN and it supports user downloadable Wireguard configs. And I'm trying to run Qbittorrentvpn on a Synology NAS with DSM 7.1. After much troubleshooting, I did manage to get your docker container working. But it's a hack, so I'm hoping there is a more elegant solution.
The tl;dr of the solution is that I had to add VPN_DEVICE_TYPE = wg0 to the container environment, or the binhex tunnel up script would not detect that the Wireguard tunnel came up. After I got past the hurdle there is apparently some oddity with how WG works on a Synology. I found a Reddit post (link below) that came to the rescue. It has additional postup/postdown steps that resolved the internet connectivity issue, along with tweaking AllowIPs = 0.0.0.0/1,128.0.0.0/1.
The biggest problem with my hack, is that if I modify the ProtonVPN WG config file to add the needed changes, when the container starts and it creates the wg0.conf file, the custom postup/postdown lines are lost. So I have to modify the wg0.conf file after the container starts and wait for the watchdog process to re-try the tunnel, at which point everything works. Not elegant.
www.reddit. com/r/synology/comments/xkxjfh/fya_how_to_connect_synology_to_a_wireguard_vpn/
Hacked solution:
Start binhex container, then open the generated wg0.conf file and modify it as follows (note it's important to run the Synology postup/postdown commands BEFORE the binhex inserted commands). Save the config file and wait for the watchdog process to re-try the tunnel, at which point it comes up and life is good.
[Interface]
Table = 2468
PostUp = wg set wg0 fwmark 1234
PostUp = ip rule add not fwmark 1234 table 2468
PostUp = ip rule add table main suppress_prefixlength 0
PostUp = iptables -I FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
PostUp = '/root/wireguardup.sh'
PostDown = iptables -D FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
PostDown = ip rule del table main suppress_prefixlength 0
PostDown = ip rule del not fwmark 1234 table 2468
PostDown = '/root/wireguarddown.sh'# Key for qbittorrent
# Bouncing = 5
# NetShield = 0
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = on
# VPN Accelerator = on
PrivateKey = xxxxxx
Address = 10.2.0.2/32
DNS = 1.1.1.1[Peer]
# CA#21
PublicKey = xxxx
AllowedIPs = 0.0.0.0/1,128.0.0.0/1
Endpoint = xxxxx:51820I'll be the first to admit I have no idea what the additional IP rules do, but they work. Here's the container variables that work:
DEBUG true
ENABLE_PRIVOXY yes
HOME /home/nobody
LAN_NETWORK 10.13.2.1/24
LAN Gen_GB.UTF-8
NAME_SERVERS 1.1.1.1
PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID 100
PUID 1024
STRICT_PORT_FORWARD yes
TERM xterm
UMASK 000
VPN_CLIENT wireguard
VPN_DEVICE_TYPE wg0
VPN_ENABLED yes
VPN_INPUT_PORTS 50004
VPN_OUTPUT_PORTS 56780
VPN_PROV protonvpn
WEBUI_PORT 8080
The biggest issue is the postup/postdown rules getting lost and for some reason I had to define VPN_DEVICE_TYPE which I didn't see documented anywhere (bug?).
-
4 hours ago, jonathanm said:
For what? Please describe what you need to accomplish.
I want a hardened OpenVPN server + firewall.
-
2 hours ago, jonathanm said:
Why are you trying to use the OpenVPN AS docker? Pfsense has OpenVPN functionality pretty much out of the box.
Which Docker image would you recommend for this?
-
6 hours ago, strike said:
ExpressVPN is not going to work well with torrenting due to the fact that they don't support port forwarding. Even if you were able to download anything it will be painfully slow and it would only work on public trackers. Do yourself a favor and change to a provider that supports port forwarding.
Thanks for the tip! I switched to PIA, and everything is working as advertised.
-
I'm using a Synology DSM 6.2.2 with Docker. Deluge works if I don't have my VPN (ExpressVPN) configured (false). However, when I set VPN to true I can't download anything. I followed the "Tom the Great" guide to the letter, and rebooted my Synology as well. From the supervisord.log file it appears to me as if the VPN is coming up:
Any ideas?
2019-06-06 19:41:33,991 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:33 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.48.0.1,comp-lzo no,route 10.48.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.48.0.190 10.48.0.189,peer-id 37,cipher AES-256-GCM'
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: timers and/or timeouts modified
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: compression parms modified
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: --ifconfig/up options modified
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: route options modified
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: peer-id set
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: adjusting link_mtu to 1629
Thu Jun 6 19:41:33 2019 OPTIONS IMPORT: data channel crypto options modified
Thu Jun 6 19:41:33 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Thu Jun 6 19:41:33 2019 NCP: overriding user-set keysize with default
Thu Jun 6 19:41:33 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jun 6 19:41:33 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Thu Jun 6 19:41:33 2019 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02
Thu Jun 6 19:41:33 2019 TUN/TAP device tun0 opened
Thu Jun 6 19:41:33 2019 TUN/TAP TX queue length set to 100
Thu Jun 6 19:41:33 2019 /usr/bin/ip link set dev tun0 up mtu 15002019-06-06 19:41:33,994 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:33 2019 /usr/bin/ip addr add dev tun0 local 10.48.0.190 peer 10.48.0.1892019-06-06 19:41:33,997 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:33 2019 /root/openvpnup.sh tun0 1500 1557 10.48.0.190 10.48.0.189 init2019-06-06 19:41:34,085 DEBG 'watchdog-script' stdout output:
[info] Deluge listening interface IP 0.0.0.0 and VPN provider IP 10.48.0.190 different, marking for reconfigure2019-06-06 19:41:34,092 DEBG 'watchdog-script' stdout output:
[info] Deluge not running2019-06-06 19:41:34,099 DEBG 'watchdog-script' stdout output:
[info] Deluge Web UI not running2019-06-06 19:41:34,133 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 140338604935880 for <Subprocess at 140338604879376 with name privoxy-script in state RUNNING> (stdout)>
2019-06-06 19:41:34,133 DEBG fd 10 closed, stopped monitoring <POutputDispatcher at 140338605036488 for <Subprocess at 140338604879376 with name privoxy-script in state RUNNING> (stderr)>
2019-06-06 19:41:34,134 INFO exited: privoxy-script (exit status 0; expected)
2019-06-06 19:41:34,134 DEBG received SIGCHLD indicating a child quit
2019-06-06 19:41:34,144 DEBG 'start-script' stdout output:
Error: could not find any address for the name: `ns1.google.com'2019-06-06 19:41:34,155 DEBG 'start-script' stdout output:
Error: could not find any address for the name: `resolver1.opendns.com'2019-06-06 19:41:34,215 DEBG 'start-script' stdout output:
[warn] Cannot determine external IP address, exhausted retries setting to tunnel IP '10.48.0.190'2019-06-06 19:41:34,313 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Deluge...
[info] Removing deluge pid file (if it exists)...2019-06-06 19:41:35,208 DEBG 'watchdog-script' stdout output:
[info] Deluge listening interface currently defined as 0.0.0.0
[info] Deluge listening interface will be changed to 0.0.0.0
[info] Saving changes to Deluge config file /config/core.conf...2019-06-06 19:41:35,938 DEBG 'watchdog-script' stdout output:
[info] Deluge process started
[info] Waiting for Deluge process to start listening on port 58846...2019-06-06 19:41:36,168 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 104.143.86.134/32 via 172.17.0.12019-06-06 19:41:36,176 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 0.0.0.0/1 via 10.48.0.1892019-06-06 19:41:36,181 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 128.0.0.0/1 via 10.48.0.1892019-06-06 19:41:36,189 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:36 2019 /usr/bin/ip route add 10.48.0.1/32 via 10.48.0.1892019-06-06 19:41:36,191 DEBG 'start-script' stdout output:
Thu Jun 6 19:41:36 2019 Initialization Sequence Completed2019-06-06 19:41:36,965 DEBG 'watchdog-script' stdout output:
[info] Deluge process listening on port 588462019-06-06 19:41:38,336 DEBG 'watchdog-script' stdout output:
[info] No torrents with state 'Error' found2019-06-06 19:41:38,338 DEBG 'watchdog-script' stdout output:
[info] Starting Deluge Web UI...
[info] Deluge Web UI started2019-06-06 19:42:08,517 DEBG 'watchdog-script' stdout output:
[info] Privoxy not running2019-06-06 19:42:08,676 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Privoxy...2019-06-06 19:42:09,688 DEBG 'watchdog-script' stdout output:
[info] Privoxy process started
[info] Waiting for Privoxy process to start listening on port 8118...2019-06-06 19:42:09,697 DEBG 'watchdog-script' stdout output:
[info] Privoxy process listening on port 8118Some configuration parameters:
2019-06-06 15:29:55.343993 [info] PUID defined as '1024'
2019-06-06 15:29:55.622376 [info] PGID defined as '100'
2019-06-06 15:29:55.906141 [info] UMASK defined as '000'
2019-06-06 15:29:55.980167 [info] Setting permissions recursively on volume mappings...
2019-06-06 15:29:56.181577 [info] DELUGE_DAEMON_LOG_LEVEL not defined,(via -e DELUGE_DAEMON_LOG_LEVEL), defaulting to 'info'
2019-06-06 15:29:56.249941 [info] DELUGE_WEB_LOG_LEVEL not defined,(via -e DELUGE_WEB_LOG_LEVEL), defaulting to 'info'
2019-06-06 15:29:56.353231 [info] VPN_ENABLED defined as 'yes'
2019-06-06 15:29:56.483139 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn
dos2unix: converting file /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn to Unix format...
2019-06-06 15:29:56.594243 [info] VPN remote line defined as 'remote usa-losangeles-3-ca-version-2.expressnetw.com 1195'
2019-06-06 15:29:56.661266 [info] VPN_REMOTE defined as 'usa-losangeles-3-ca-version-2.expressnetw.com'
2019-06-06 15:29:56.742286 [info] VPN_PORT defined as '1195'
2019-06-06 15:29:56.867163 [warn] VPN_PROTOCOL not found in /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn, assuming udp
2019-06-06 15:29:56.946233 [info] VPN_DEVICE_TYPE defined as 'tun0'
2019-06-06 15:29:57.013061 [info] VPN_PROV defined as 'custom'
2019-06-06 15:29:57.085656 [info] LAN_NETWORK defined as '10.13.2.0/24'
2019-06-06 15:29:57.160046 [info] NAME_SERVERS defined as '1.1.1.1,1.0.0.1'
2019-06-06 15:29:57.232250 [info] VPN_USER defined as 'redacted'
2019-06-06 15:29:57.300635 [info] VPN_PASS defined as 'redacted'
2019-06-06 15:29:57.374480 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2019-06-06 15:29:57.444065 [info] ENABLE_PRIVOXY defined as 'yes'
[Support] binhex - SABnzbd
in Docker Containers
Posted · Edited by Globe89
I'm having an issue with sabnzbd sending SMTP messages to my local mail server (10.13.2.220) I configured VPN_OUTPUT_PORTS=25, which is the port for my SMTP server. But test emails are failing to be sent with the VPN up.