December 2, 20214 yr Hello I am trying to start the passthroughvpn container. I have used as provider airvpn, and perfect-privacy. With Airvpn I try WireGuard and openvpn and with perfect-privacy only OpenVpn. With both providers I do not get a VPN connection. I have tested ipv4+6 with both providers but also ipv4 only. With Openvpn I have tested TCP as well as UDP, unfortunately it does not work. With AirVPN/OpenVPN I get this message "2021-12-02 11:50:22.299038 [ERROR] Network is possibly down. Edited December 2, 20214 yr by netsrot303
December 11, 20214 yr I tried following the guide for setting up the passthroughvpn. I am trying to get a mysterium node docker up which uses webui-port 4449. I have added `--net=container:passthroughvpn` to the extra options in the mysterium container. But if I also change the network to None it will not start. I also created the port 4449:4449 and added 4449 to the additional port settings in passthrougvpn. But I cant reach the webui of the mysterium container. Have I missed something ? I can see that the wireguard config works as I get the correct ip.
December 28, 20214 yr On 8/12/2021 at 4:49 AM, hackersarchangel said: Good evening I have the container installed and so far the logs say everything is working as expected. However I’m attempting to access other containers, and I believe I have followed your guide properly, but it’s not working. Edit: I forgot to mention… I added a network using the following: docker network create container:passthroughvpn Which then made it a selectable option in the drop down menu. I added a port using the “Add another path,port,variable,device” and here is where my possible confusion is coming in. Your guide says the container port is the exposed port but that I need to access it using the host port you specified in the directions on GitHub. Want to confirm I have that correct in setting the port the service is expecting to be reached at as the Container port, and whatever port I want to use as the Host port. That said, I like using the default ports of each service, so is that a possibility for me to do so? Also, I know the container itself is working as it was working with the other VPN container I was using until I decided to switch. Edit: I resolved the issue. I am accessing the web interfaces from my Wireguard VPN to the network, which reports me as being 172.x.x.x and in setting the LAN_NETWORK to match that resolved my issue. However, I did try setting it to 0.0.0.0/0 and that did not work, also doing “172.x.x.x/24, 192.x.x.x./24” did not work as well. I was still able to access via 172.x.x.x, but not 192.x.x.x. If that could be fixed somehow to allow access from multiple IP ranges that would be fantastic. That said, great work! Glad to have found a “generic” VPN container, and if there is anything I can do to help out, let me know. Could you explain this some more ? If I have another docker container which uses port 5555 for webui i select the container:passthroughvpn network in the docker container and also remove the webui port ? And then I add the webui as a port in passthroughvpn ?
December 28, 20214 yr @Dyon Hey, it seems this container should be updated to work properly with IPv6 and WireGuard. The following error shows up currently when using a IPv6-enabled VPN configuration: RTNETLINK answers: Permission denied RTNETLINK answers: Permission denied You can see the fix here: https://bodhilinux.boards.net/thread/450/wireguard-rtnetlink-answers-permission-denied Can you fix this in your container?
January 27, 20224 yr @Dyon maybe you container is DNS leaking? i recognised many DNS request on my Pihole from a passthroughed container. So i found that DNS leak script and tested it on the passthroughed container: /app # apk add curl OK: 58 MiB in 32 packages /app # apk add python3 OK: 58 MiB in 32 packages /app # curl https://raw.githubusercontent.com/macvk/dnsleaktest/master/dnsleaktest.py -o dnsleaktest.py % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2132 100 2132 0 0 7780 0 --:--:-- --:--:-- --:--:-- 7781 /app # chmod +x dnsleaktest.py /app # ./dnsleaktest.py Your IP: 91.148.xxx.xxx [Germany, AS50525 PRIVADO NETWORKS AG] You use 3 DNS servers: 79.201.xxx.xxx [Germany, AS3320 Deutsche Telekom AG] 91.148.xxx.xxx [Germany, AS50525 PRIVADO NETWORKS AG] 2003:c0:cf12:1a00:xxx6:xxxa:xxx9:xxxx [Germany, AS3320 Deutsche Telekom AG] Conclusion: DNS may be leaking. /app # 91.148.x.x is the VPN IP 79.201.x.x and 2003:c0:cf12:1a00:xxx6:xxxa:xxx9:xxxx are my private addresses Edited January 27, 20224 yr by sonic6
January 27, 20224 yr Author 3 minutes ago, sonic6 said: @Dyon maybe you container is DNS leaking? i recognised many DNS request on my Pihole from a passthroughed container. So i found that DNS leak script and tested it on the passthroughed container: /app # apk add curl OK: 58 MiB in 32 packages /app # apk add python3 OK: 58 MiB in 32 packages /app # curl https://raw.githubusercontent.com/macvk/dnsleaktest/master/dnsleaktest.py -o dnsleaktest.py % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2132 100 2132 0 0 7780 0 --:--:-- --:--:-- --:--:-- 7781 /app # chmod +x dnsleaktest.py /app # ./dnsleaktest.py Your IP: 91.148.xxx.xxx [Germany, AS50525 PRIVADO NETWORKS AG] You use 3 DNS servers: 79.201.xxx.xxx [Germany, AS3320 Deutsche Telekom AG] 91.148.xxx.xxx [Germany, AS50525 PRIVADO NETWORKS AG] 2003:c0:cf12:1a00:xxx6:xxxa:xxx9:xxxx [Germany, AS3320 Deutsche Telekom AG] Conclusion: DNS may be leaking. /app # 91.148.x.x is the VPN IP 91.148.x.x and 2003:c0:cf12:1a00:xxx6:xxxa:xxx9:xxxx are my private addresses On my own system, I was never able to confirm DNS leakage. I tested it on 3 containers, my own 'docker-passthroughvpn', 'binhex/arch-mineos-node' and 'ich777/teamspeak', all giving me the same results. My results (37.xxx.xxx.xxx is my VPN IP): root@6cb7b6696c1d:/tmp# ./dnsleaktest.sh Your IP: 37.xxx.xxx.xxx [Netherlands, AS9009 M247 Ltd] You use 4 DNS servers: 141.101.64.196 [Netherlands, AS13335 CloudFlare Inc] 141.101.64.197 [Netherlands, AS13335 CloudFlare Inc] 141.101.75.126 [Netherlands, AS13335 CloudFlare Inc] 141.101.75.147 [Netherlands, AS13335 CloudFlare Inc] Conclusion: DNS may be leaking. root@6cb7b6696c1d:/tmp# While running it on Unraid itself yields a different result, showing my actual IP addresses root@Dyon-unRAID:/tmp# ./dnsleaktest.sh Your IP: 2001:xxxx:xxx:xxxx:xxxx:xxxx:xxxx:xxxx [Netherlands AS33915 Vodafone Libertel B.V.] You use 2 DNS servers: 94.xx.xx.xx [Netherlands AS33915 Vodafone Libertel B.V.] 2001:xxxx:xxxx:x:xxxx:xxxx:xxxx:xxxx [Netherlands AS33915 Vodafone Libertel B.V.] Conclusion: DNS is not leaking. It's hard for me to look into an issues that I can't replicate obviously. Could you share the log of your passthroughvpn container? Obviously, don't forget to mask out any sensitive information like IP-addresses, but keep them so that I can tell them apart. You can also open a console to the container and "cat /etc/resolv.conf". In there for me, it also lists the local IP of my router. What you can try is to install vi(m) and remove the line of your router to see if that fixes it maybe. If that's the case, I'll look into fixing that.
April 30, 20224 yr On 3/7/2022 at 11:43 AM, Nirizmo said: Where do I add the .conf file for Wireguard? It should be added here: /mnt/user/appdata/passthroughvpn/wireguard/wg0.conf Edited April 30, 20224 yr by themarv
June 18, 20224 yr Im trying to get a torrent client working from home using this vpn docker. Howerver, It has been a no go. Ive tried many clients. I suspect it has something to do with the ports. Is there anyone that can assist me? I would be greatful.
June 18, 20224 yr Just now, qw3r7yju4n said: Im trying to get a torrent client working from home using this vpn docker. Howerver, It has been a no go. Ive tried many clients. I suspect it has something to do with the ports. Is there anyone that can assist me? I would be greatful. Do i need to do some kind of configuration for the ports that are not webGUI? I can only get binhex-deluge to respond on the WEbGUI port after passthru is configured. The log shows it trying to establish connections on various high ports to no avail. Anyone have a clue?
October 1, 20223 yr How do I enable outbound lan so my services in the vpn container can access services outside of it on the lan? Also is there an option for port forwarding so I can get improved torrent p2p performance?
October 1, 20223 yr Author 2 hours ago, Awooiel said: How do I enable outbound lan so my services in the vpn container can access services outside of it on the lan? Also is there an option for port forwarding so I can get improved torrent p2p performance? I am not in the position to to write an extensive reply, but you might want to read the two scenarios I described in the GitHub page, I'll get back to you later, but this is some info already. https://github.com/DyonR/docker-passthroughvpn
October 1, 20223 yr Author 7 hours ago, Awooiel said: How do I enable outbound lan so my services in the vpn container can access services outside of it on the lan? Also is there an option for port forwarding so I can get improved torrent p2p performance? If you want another container to access the passthroughvpn container, you must use the internal docker IP. Next to the container, you will see something like "172.17.0.7:25570/TCP <----> 192.168.0.240:25570" in this case 172.17.0.7 is the internal IP of the container, so if you want another container to be able to access the container via the passthroughvpn container, you need to enter, in this case, 172.17.0.7 (with the correct port). Accessing the passthroughvpn container outside of you LAN is possible via port forwards. You could either forward the ports of your LAN (to access it via your own home IP), or, if your provider supports it, forward ports at the VPN Provider's side. Port-forwarding in both cases should be pretty straight forward. I hope it's clear, if not, let me know
February 12, 20233 yr I'll start off by saying that I have read the big bold text on your guide. Quote ANY CONTAINER THAT GETS ROUTED THROUGH THIS CONTAINER WILL (BRIEFLY) USE YOUR REAL IP. THIS IS BECAUSE THE PASSTHROUGHVPN CONTAINER NEEDS TO ESTABLISH A CONNECTION WITH THE VPN FIRST. TILL THAT IS DONE, THE CONTAINER(S) YOU PASSTHROUGH THIS CONTAINER WILL EXPOSE YOUR REAL IP. DO NOT USE THIS CONTAINER IF YOU WISH TO EXPOSE YOUR REAL IP FOR NOT A SINGLE SECOND. NORMALLY ESTABLISHING A VPN CONNECTION WILL TAKE A COUPLE SECONDS. HOWEVER, IF YOUR VPN PROVIDER IS UNREACHABLE, IT WILL KEEP ON USING YOUR REAL IP. This is different than using any of my other 'vpn' containers, since with those the application (for example qBittorrent or Jackett) will start AFTER establishing the connection. By using this container, you will have a connection before connecting to the VPN. I have been using a few of these referenced VPN-bundled containers for a while. My VPN provider only offers three client connections at a time though. So, I would like change my setup model to use your container or one like it for the connection and use normal images connected to it. But, more than one of my containers will try to do their thing immediately and I don't want them to EVER use my public IP. Especially if my VPN Provider is unreachable. I don't want it to just keep trying Quote THE PASSTHROUGHVPN CONTAINER NEEDS TO ESTABLISH A CONNECTION WITH THE VPN FIRST. TILL THAT IS DONE, THE CONTAINER(S) YOU PASSTHROUGH THIS CONTAINER WILL EXPOSE YOUR REAL IP. I've been reading through the start.sh and iptables.sh files and I was curious why we can not just use IPTables to block all outgoing packets on the docker bridge, except by either wireguard or openvpn? I am not too knowledgeable on how all of this works, so please correct me if I am misunderstanding something. It seems like if you were to block all outgoing connections in start.sh after checking if VPN_ENABLED == "yes", if [[ $VPN_ENABLED == "yes" ]]; then # Check if VPN_TYPE is set. if [[ -z "${VPN_TYPE}" ]]; then Then you could allow wireguard in an iptable before it's started or allow openvpn before it's started in the code below. if [[ $VPN_ENABLED == "yes" ]]; then if [[ "${VPN_TYPE}" == "openvpn" ]]; then echo "[INFO] Starting OpenVPN..." | ts '%Y-%m-%d %H:%M:%.S' cd /config/openvpn exec openvpn --pull-filter ignore route-ipv6 --pull-filter ignore ifconfig-ipv6 --config "${VPN_CONFIG}" & #exec /bin/bash /etc/openvpn/openvpn.init start & else echo "[INFO] Starting WireGuard..." | ts '%Y-%m-%d %H:%M:%.S' cd /config/wireguard if ip link | grep -q `basename -s .conf $VPN_CONFIG`; then wg-quick down $VPN_CONFIG || echo "WireGuard is down already" | ts '%Y-%m-%d %H:%M:%.S' # Run wg-quick down as an extra safeguard in case WireGuard is still up for some reason sleep 0.5 # Just to give WireGuard a bit to go down fi wg-quick up $VPN_CONFIG #exec /bin/bash /etc/openvpn/openvpn.init start & fi exec /bin/bash /etc/passthrough/iptables.sh Then you could keep the call to iptables.sh to finalize the iptables configuration once it is started successfully. That should block the passed through apps from using the public IP. Right? Am I on to something here or not?
March 26, 20233 yr I've been using this docker successfully for months but it stopped working yesterday. I'm unable to start it. I've not made any changes to my system. 2023-03-26 16:29:31.078671 [INFO] VPN_ENABLED defined as 'yes' 2023-03-26 16:29:31.099255 [INFO] VPN_TYPE defined as 'wireguard' 2023-03-26 16:29:31.120809 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf 2023-03-26 16:29:31.144734 [INFO] VPN remote line defined as 'atl-331-wg.whiskergalaxy.com:1194' 2023-03-26 16:29:31.162835 [INFO] VPN_REMOTE defined as 'atl-331-wg.whiskergalaxy.com' 2023-03-26 16:29:31.180867 [INFO] VPN_PORT defined as '1194' 2023-03-26 16:29:31.197038 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp. 2023-03-26 16:29:31.214796 [INFO] VPN_DEVICE_TYPE set as 'wg0', since WireGuard will always be wg0. 2023-03-26 16:29:31.233300 [INFO] LAN_NETWORK defined as '192.168.1.0/24' 2023-03-26 16:29:31.254009 [INFO] NAME_SERVERS defined as '1.1.1.1,1.0.0.1' 2023-03-26 16:29:31.274231 [INFO] Adding 1.1.1.1 to resolv.conf 2023-03-26 16:29:31.294288 [INFO] Adding 1.0.0.1 to resolv.conf 2023-03-26 16:29:31.309907 [INFO] Starting WireGuard... I do have this error: [#] '/root/wireguardup.sh' /usr/bin/wg-quick: line 295: /root/wireguardup.sh: No such file or directory I re-did my wg0.conf file to make sure that the server is valid. I tested the conf file with a different docker and it worked fine.
August 31, 20232 yr So I am new to all this so sorry if ask/answered already some where, I have passthroughvpn up and running, I have NZBGET and Qbittorrent running through it successfully for a while (wish I had come here earlier, as wrote my own script to test connection and restart vpn and dependent containers). But have an issue I can't seem to find a resolve for. Installed Prowlarr, and working via passthroughvpn, but Prowlarr cant see the other arr's and visa, have the local network noted in the passthroughvpn, which is really interesting as the arrs can get to NZBGet and Qbittorent so not sure what is going on. Done some hunting but all I can find is to exception the local network which I have done, so any thoughts? Edited August 31, 20232 yr by Kiwiconcord
October 9, 20241 yr Container has been working great for long time, however the past day or so it's stuck in a boot loop. I noticed this error in the log: [ERROR] Network is possibly down. However, all networks are up and running. Please advise! Thank you EDIT: resolved! Was an issue with VPN server's IP Edited October 9, 20241 yr by itlists
December 25, 20241 yr No issues, just wanna say good shit. I have tried a bunch of other VPN docker containers but yours just WORKS for port forwarding.
December 27, 20241 yr Author On 12/25/2024 at 9:08 AM, Bfox135 said: No issues, just wanna say good shit. I have tried a bunch of other VPN docker containers but yours just WORKS for port forwarding. Great to hear I'm glad to hear that the container is still working as desired - since that means I won't need to fix anything Was already afraid something broke when I saw a notification on this post, and I had to get working on fixing the container, which I honestly doing due to a shift in personal interests and life. I am still using Unraid myself, and using my own containers also. I may look into updating the container soon, since it running old versions of the software that's used in it.
January 4, 20251 yr On 12/26/2024 at 7:08 PM, Dyon said: Great to hear I'm glad to hear that the container is still working as desired - since that means I won't need to fix anything Was already afraid something broke when I saw a notification on this post, and I had to get working on fixing the container, which I honestly doing due to a shift in personal interests and life. I am still using Unraid myself, and using my own containers also. I may look into updating the container soon, since it running old versions of the software that's used in it. I am using a Branched off version of your container that supports UDP port Forwarding. BUT I will give credit where credit it due! I was pulling my hair out trying to get Glutun to work so this was a night and day difference in ease of use.
October 5, 2025Oct 5 Hi, just wanted to say that this still works, I was able to setup a container to pass through here for Game Server port forwarding with ease.I was hoping that I could still set a custom IP on the game server container however it looks like it's not supported. I can probably still get away with something similar by setting it on the Unraid server itself.
March 9Mar 9 It looks like the container cannot establish the VPN connection because it detects that the network may be unavailable. The error “Network is possibly down” usually appears when the container cannot reach the VPN server or when the internal network configuration is incorrect.First, check if the container has internet access before the VPN starts by pinging a public address like 8.8.8.8. If that fails, the issue is likely with the container’s network setup. You should also confirm that the required permissions (such as NET_ADMIN) and the correct VPN configuration files from AirVPN or Perfect-Privacy are properly mounted in the container.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.