Jump to content

Globe89

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

 Content Type 

Posts posted by Globe89

    [Support] binhex - SABnzbd

    in Docker Containers

    Posted · Edited by Globe89

    I'm having an issue with sabnzbd sending SMTP messages to my local mail server (10.13.2.220) I configured VPN_OUTPUT_PORTS=25, which is the port for my SMTP server. But test emails are failing to be sent with the VPN up. 

      

    sabnzbdvpn:
    image: binhex/arch-sabnzbdvpn:4.0.3-1-03
    container_name: sabnzbdvpn
    privileged: true
    environment:
      - VPN_ENABLED=yes
      - VPN_PROV=protonvpn
      - VPN_CLIENT=wireguard
      - STRICT_PORT_FORWARD=no
      - ENABLE_PRIVOXY=yes
      - LAN_NETWORK=10.13.2.1/24,10.189.177.0/24
      - NAME_SERVERS=1.1.1.1
      - VPN_INPUT_PORTS=50005
      - VPN_OUTPUT_PORTS=25
      - DEBUG=true
      - UMASK=000
      - PUID=0
      - PGID=0
    volumes:
      - /mnt/data/:/data
      - /apps/docker/sabnzbd/config:/config
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 8080:8080
      - 8090:8090
      - 8119:8118
    restart: unless-stopped

     

    [Support] binhex - DelugeVPN

    in Docker Containers

    Posted · Edited by Globe89

    I use both Wireguard (via my Firewalla) and Tailscale for remote access to my home network. I added my Wireguard IP range to the LAN_NETWORK, and it works great. However, for the life of me I can't get my Tailscale range to work. For example, in the tailscale console all my IPs are 100.20.30.xxx. So for the LAN_NETWORK I added 100.20.30.0/24 but that doesn't work. My home exit node is on primary LAN address space, which is already listed in LAN_NETWORK.

    [Support] binhex - DelugeVPN

    in Docker Containers

    Posted

    4 minutes ago, strike said:

    Looks ok. Due you see any permissions error in the log? If you bash into the container and cd to that dir are you able to write to it?

    yes I went into the container console into /data. There were no files/directories. But I created 'incomplete' successfully. I also touched a file, and that worked. I then went to my Ubuntu host and that directory and touched file were on the host. 

    [Support] binhex - DelugeVPN

    in Docker Containers

    Posted · Edited by Globe89

    On 12/21/2023 at 4:14 AM, binhex said:

    that looks good to me!, it really is fairly simple, define incoming port at vpn provider end, configure deluge to use defined port, job done :-), obviously its more tricky for dynamic port vpn providers such as PIA and ProtonVPN, which is why i do it for ya :-).

    I got Deluge running and ProtonVPN WG config setup. WG tunnel comes up, and DNS resolution works. I also followed the FAQ to get the right Proton VPN port forwarding file. However, zero torrents are downloading. It is showing seeds and peers are online, but 0 bytes are downloaded. Not sure where to go from here to debug? The Docker container is running on a plain vanilla Ubuntu VM. 

     

    version: '3.7'
    services:
      delugevpn:
        image: binhex/arch-delugevpn
        container_name: delugevpn
        privileged: true
        ports:
          - 8112:8112
          - 8118:8118
          - 58846:58846
          - 58946:58946
        volumes:
          - /apps/docker/deluge/data:/data
          - /apps/docker/deluge/config:/config
          - /etc/localtime:/etc/localtime:ro
        environment:
          - VPN_ENABLED=yes
          - VPN_PROV=protonvpn
          - VPN_USER=user+pmp
          - VPN_CLIENT=wireguard
          - VPN_DEVICE_TYPE=wg0
          - STRICT_PORT_FORWARD=yes
          - ENABLE_PRIVOXY=yes
          - LAN_NETWORK=10.13.2.1/24,10.189.177.0/24
          - NAME_SERVERS=1.1.1.1
          - DELUGE_DAEMON_LOG_LEVEL=debug
          - DELUGE_WEB_LOG_LEVEL=debug
          - DELUGE_ENABLE_WEBUI_PASSWORD=yes
          - VPN_INPUT_PORTS=50004
          - VPN_OUTPUT_PORTS=56780
          - DEBUG=true
          - UMASK=000
          - PUID=1000
          - PGID=1000
     

    [Support] binhex - qBittorrentVPN

    in Docker Containers

    Posted

    On 12/31/2022 at 6:10 AM, Globe89 said:

    I have ProtonVPN and it supports user downloadable Wireguard configs. And I'm trying to run Qbittorrentvpn on a Synology NAS with DSM 7.1. After much troubleshooting, I did manage to get your docker container working. But it's a hack, so I'm hoping there is a more elegant solution.

     

    The tl;dr of the solution is that I had to add VPN_DEVICE_TYPE = wg0 to the container environment, or the binhex tunnel up script would not detect that the Wireguard tunnel came up. After I got past the hurdle there is apparently some oddity with how WG works on a Synology. I found a Reddit post (link below) that came to the rescue. It has additional postup/postdown steps that resolved the internet connectivity issue, along with tweaking AllowIPs = 0.0.0.0/1,128.0.0.0/1. 

     

    The biggest problem with my hack, is that if I modify the ProtonVPN WG config file to add the needed changes, when the container starts and it creates the wg0.conf file, the custom postup/postdown lines are lost. So I have to modify the wg0.conf file after the container starts and wait for the watchdog process to re-try the tunnel, at which point everything works. Not elegant. 

     

    www.reddit. com/r/synology/comments/xkxjfh/fya_how_to_connect_synology_to_a_wireguard_vpn/

     

    Hacked solution:

     

    Start binhex container, then open the generated wg0.conf file and modify it as follows (note it's important to run the Synology postup/postdown commands BEFORE the binhex inserted commands). Save the config file and wait for the watchdog process to re-try the tunnel, at which point it comes up and life is good. 

     

    [Interface]

    Table = 2468
    PostUp = wg set wg0 fwmark 1234
    PostUp = ip rule add not fwmark 1234 table 2468
    PostUp = ip rule add table main suppress_prefixlength 0
    PostUp = iptables -I FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
    PostUp = '/root/wireguardup.sh'
    PostDown = iptables -D FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
    PostDown = ip rule del table main suppress_prefixlength 0
    PostDown = ip rule del not fwmark 1234 table 2468
    PostDown = '/root/wireguarddown.sh'

    # Key for qbittorrent
    # Bouncing = 5
    # NetShield = 0
    # Moderate NAT = off
    # NAT-PMP (Port Forwarding) = on
    # VPN Accelerator = on
    PrivateKey = xxxxxx
    Address = 10.2.0.2/32
    DNS = 1.1.1.1

    [Peer]
    # CA#21
    PublicKey = xxxx
    AllowedIPs = 0.0.0.0/1,128.0.0.0/1
    Endpoint = xxxxx:51820

     

    I'll be the first to admit I have no idea what the additional IP rules do, but they work. Here's the container variables that work:

     

    DEBUG true

    ENABLE_PRIVOXY yes

    HOME /home/nobody

    LAN_NETWORK 10.13.2.1/24

    LAN Gen_GB.UTF-8

    NAME_SERVERS 1.1.1.1

    PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

    PGID 100

    PUID 1024

    STRICT_PORT_FORWARD yes

    TERM xterm

    UMASK 000

    VPN_CLIENT wireguard

    VPN_DEVICE_TYPE wg0

    VPN_ENABLED yes

    VPN_INPUT_PORTS 50004

    VPN_OUTPUT_PORTS 56780

    VPN_PROV protonvpn

    WEBUI_PORT 8080

     

    The biggest issue is the postup/postdown rules getting lost and for some reason I had to define VPN_DEVICE_TYPE which I didn't see documented anywhere (bug?).

     

    @binhex Any ideas on how this can be resolved? Seems like the container startup scripts that modify wg0.conf need a bit more logic added.

    [Support] binhex - qBittorrentVPN

    in Docker Containers

    Posted · Edited by Globe89
    updates

    I have ProtonVPN and it supports user downloadable Wireguard configs. And I'm trying to run Qbittorrentvpn on a Synology NAS with DSM 7.1. After much troubleshooting, I did manage to get your docker container working. But it's a hack, so I'm hoping there is a more elegant solution.

     

    The tl;dr of the solution is that I had to add VPN_DEVICE_TYPE = wg0 to the container environment, or the binhex tunnel up script would not detect that the Wireguard tunnel came up. After I got past the hurdle there is apparently some oddity with how WG works on a Synology. I found a Reddit post (link below) that came to the rescue. It has additional postup/postdown steps that resolved the internet connectivity issue, along with tweaking AllowIPs = 0.0.0.0/1,128.0.0.0/1. 

     

    The biggest problem with my hack, is that if I modify the ProtonVPN WG config file to add the needed changes, when the container starts and it creates the wg0.conf file, the custom postup/postdown lines are lost. So I have to modify the wg0.conf file after the container starts and wait for the watchdog process to re-try the tunnel, at which point everything works. Not elegant. 

     

    www.reddit. com/r/synology/comments/xkxjfh/fya_how_to_connect_synology_to_a_wireguard_vpn/

     

    Hacked solution:

     

    Start binhex container, then open the generated wg0.conf file and modify it as follows (note it's important to run the Synology postup/postdown commands BEFORE the binhex inserted commands). Save the config file and wait for the watchdog process to re-try the tunnel, at which point it comes up and life is good. 

     

    [Interface]

    Table = 2468
    PostUp = wg set wg0 fwmark 1234
    PostUp = ip rule add not fwmark 1234 table 2468
    PostUp = ip rule add table main suppress_prefixlength 0
    PostUp = iptables -I FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -A POSTROUTING -o %i -j MASQUERADE
    PostUp = '/root/wireguardup.sh'
    PostDown = iptables -D FORWARD -i %i -m state --state NEW -j DROP; iptables -t nat -D POSTROUTING -o %i -j MASQUERADE
    PostDown = ip rule del table main suppress_prefixlength 0
    PostDown = ip rule del not fwmark 1234 table 2468
    PostDown = '/root/wireguarddown.sh'

    # Key for qbittorrent
    # Bouncing = 5
    # NetShield = 0
    # Moderate NAT = off
    # NAT-PMP (Port Forwarding) = on
    # VPN Accelerator = on
    PrivateKey = xxxxxx
    Address = 10.2.0.2/32
    DNS = 1.1.1.1

    [Peer]
    # CA#21
    PublicKey = xxxx
    AllowedIPs = 0.0.0.0/1,128.0.0.0/1
    Endpoint = xxxxx:51820

     

    I'll be the first to admit I have no idea what the additional IP rules do, but they work. Here's the container variables that work:

     

    DEBUG true

    ENABLE_PRIVOXY yes

    HOME /home/nobody

    LAN_NETWORK 10.13.2.1/24

    LAN Gen_GB.UTF-8

    NAME_SERVERS 1.1.1.1

    PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

    PGID 100

    PUID 1024

    STRICT_PORT_FORWARD yes

    TERM xterm

    UMASK 000

    VPN_CLIENT wireguard

    VPN_DEVICE_TYPE wg0

    VPN_ENABLED yes

    VPN_INPUT_PORTS 50004

    VPN_OUTPUT_PORTS 56780

    VPN_PROV protonvpn

    WEBUI_PORT 8080

     

    The biggest issue is the postup/postdown rules getting lost and for some reason I had to define VPN_DEVICE_TYPE which I didn't see documented anywhere (bug?).

     

    [Support] binhex - DelugeVPN

    in Docker Containers

    Posted

    6 hours ago, strike said:

    ExpressVPN is not going to work well with torrenting due to the fact that they don't support port forwarding. Even if you were able to download anything it will be painfully slow and it would only work on public trackers. Do yourself a favor and change to a provider that supports port forwarding.

    Thanks for the tip! I switched to PIA, and everything is working as advertised.

    [Support] binhex - DelugeVPN

    in Docker Containers

    Posted

    I'm using a Synology DSM 6.2.2 with Docker. Deluge works if I don't have my VPN (ExpressVPN) configured (false). However, when I set VPN to true I can't download anything. I followed the "Tom the Great" guide to the letter, and rebooted my Synology as well. From the supervisord.log file it appears to me as if the VPN is coming up:

     

    Any ideas?

     

    2019-06-06 19:41:33,991 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:33 2019 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.48.0.1,comp-lzo no,route 10.48.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.48.0.190 10.48.0.189,peer-id 37,cipher AES-256-GCM'
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: timers and/or timeouts modified
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: compression parms modified
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: --ifconfig/up options modified
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: route options modified
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: peer-id set
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: adjusting link_mtu to 1629
    Thu Jun  6 19:41:33 2019 OPTIONS IMPORT: data channel crypto options modified
    Thu Jun  6 19:41:33 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
    Thu Jun  6 19:41:33 2019 NCP: overriding user-set keysize with default
    Thu Jun  6 19:41:33 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Thu Jun  6 19:41:33 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
    Thu Jun  6 19:41:33 2019 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02
    Thu Jun  6 19:41:33 2019 TUN/TAP device tun0 opened
    Thu Jun  6 19:41:33 2019 TUN/TAP TX queue length set to 100
    Thu Jun  6 19:41:33 2019 /usr/bin/ip link set dev tun0 up mtu 1500

    2019-06-06 19:41:33,994 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:33 2019 /usr/bin/ip addr add dev tun0 local 10.48.0.190 peer 10.48.0.189

    2019-06-06 19:41:33,997 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:33 2019 /root/openvpnup.sh tun0 1500 1557 10.48.0.190 10.48.0.189 init

    2019-06-06 19:41:34,085 DEBG 'watchdog-script' stdout output:
    [info] Deluge listening interface IP 0.0.0.0 and VPN provider IP 10.48.0.190 different, marking for reconfigure

    2019-06-06 19:41:34,092 DEBG 'watchdog-script' stdout output:
    [info] Deluge not running

    2019-06-06 19:41:34,099 DEBG 'watchdog-script' stdout output:
    [info] Deluge Web UI not running

    2019-06-06 19:41:34,133 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 140338604935880 for <Subprocess at 140338604879376 with name privoxy-script in state RUNNING> (stdout)>
    2019-06-06 19:41:34,133 DEBG fd 10 closed, stopped monitoring <POutputDispatcher at 140338605036488 for <Subprocess at 140338604879376 with name privoxy-script in state RUNNING> (stderr)>
    2019-06-06 19:41:34,134 INFO exited: privoxy-script (exit status 0; expected)
    2019-06-06 19:41:34,134 DEBG received SIGCHLD indicating a child quit
    2019-06-06 19:41:34,144 DEBG 'start-script' stdout output:
    Error: could not find any address for the name: `ns1.google.com'

    2019-06-06 19:41:34,155 DEBG 'start-script' stdout output:
    Error: could not find any address for the name: `resolver1.opendns.com'

    2019-06-06 19:41:34,215 DEBG 'start-script' stdout output:
    [warn] Cannot determine external IP address, exhausted retries setting to tunnel IP '10.48.0.190'

    2019-06-06 19:41:34,313 DEBG 'watchdog-script' stdout output:
    [info] Attempting to start Deluge...
    [info] Removing deluge pid file (if it exists)...

    2019-06-06 19:41:35,208 DEBG 'watchdog-script' stdout output:
    [info] Deluge listening interface currently defined as 0.0.0.0
    [info] Deluge listening interface will be changed to 0.0.0.0
    [info] Saving changes to Deluge config file /config/core.conf...

    2019-06-06 19:41:35,938 DEBG 'watchdog-script' stdout output:
    [info] Deluge process started
    [info] Waiting for Deluge process to start listening on port 58846...

    2019-06-06 19:41:36,168 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:36 2019 /usr/bin/ip route add 104.143.86.134/32 via 172.17.0.1

    2019-06-06 19:41:36,176 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:36 2019 /usr/bin/ip route add 0.0.0.0/1 via 10.48.0.189

    2019-06-06 19:41:36,181 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:36 2019 /usr/bin/ip route add 128.0.0.0/1 via 10.48.0.189

    2019-06-06 19:41:36,189 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:36 2019 /usr/bin/ip route add 10.48.0.1/32 via 10.48.0.189

    2019-06-06 19:41:36,191 DEBG 'start-script' stdout output:
    Thu Jun  6 19:41:36 2019 Initialization Sequence Completed

    2019-06-06 19:41:36,965 DEBG 'watchdog-script' stdout output:
    [info] Deluge process listening on port 58846

    2019-06-06 19:41:38,336 DEBG 'watchdog-script' stdout output:
    [info] No torrents with state 'Error' found

    2019-06-06 19:41:38,338 DEBG 'watchdog-script' stdout output:
    [info] Starting Deluge Web UI...
    [info] Deluge Web UI started

    2019-06-06 19:42:08,517 DEBG 'watchdog-script' stdout output:
    [info] Privoxy not running

    2019-06-06 19:42:08,676 DEBG 'watchdog-script' stdout output:
    [info] Attempting to start Privoxy...

    2019-06-06 19:42:09,688 DEBG 'watchdog-script' stdout output:
    [info] Privoxy process started
    [info] Waiting for Privoxy process to start listening on port 8118...

    2019-06-06 19:42:09,697 DEBG 'watchdog-script' stdout output:
    [info] Privoxy process listening on port 8118

     

    Some configuration parameters:

     

    2019-06-06 15:29:55.343993 [info] PUID defined as '1024'
    2019-06-06 15:29:55.622376 [info] PGID defined as '100'
    2019-06-06 15:29:55.906141 [info] UMASK defined as '000'
    2019-06-06 15:29:55.980167 [info] Setting permissions recursively on volume mappings...
    2019-06-06 15:29:56.181577 [info] DELUGE_DAEMON_LOG_LEVEL not defined,(via -e DELUGE_DAEMON_LOG_LEVEL), defaulting to 'info'
    2019-06-06 15:29:56.249941 [info] DELUGE_WEB_LOG_LEVEL not defined,(via -e DELUGE_WEB_LOG_LEVEL), defaulting to 'info'
    2019-06-06 15:29:56.353231 [info] VPN_ENABLED defined as 'yes'
    2019-06-06 15:29:56.483139 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn
    dos2unix: converting file /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn to Unix format...
    2019-06-06 15:29:56.594243 [info] VPN remote line defined as 'remote usa-losangeles-3-ca-version-2.expressnetw.com 1195'
    2019-06-06 15:29:56.661266 [info] VPN_REMOTE defined as 'usa-losangeles-3-ca-version-2.expressnetw.com'
    2019-06-06 15:29:56.742286 [info] VPN_PORT defined as '1195'
    2019-06-06 15:29:56.867163 [warn] VPN_PROTOCOL not found in /config/openvpn/my_expressvpn_usa_-_los_angeles_-_3_udp.ovpn, assuming udp
    2019-06-06 15:29:56.946233 [info] VPN_DEVICE_TYPE defined as 'tun0'
    2019-06-06 15:29:57.013061 [info] VPN_PROV defined as 'custom'
    2019-06-06 15:29:57.085656 [info] LAN_NETWORK defined as '10.13.2.0/24'
    2019-06-06 15:29:57.160046 [info] NAME_SERVERS defined as '1.1.1.1,1.0.0.1'
    2019-06-06 15:29:57.232250 [info] VPN_USER defined as 'redacted'
    2019-06-06 15:29:57.300635 [info] VPN_PASS defined as 'redacted'
    2019-06-06 15:29:57.374480 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
    2019-06-06 15:29:57.444065 [info] ENABLE_PRIVOXY defined as 'yes'

     

     

     

     

×
×
  • Create New...