January 25, 201610 yr Digging up this old thread... I don't know if this is even possible but I will throw it out there. I am still using binhex's Deluge+VPN docker but would like to move to a vanilla torrent client (no added packages/functionality). Is it possible to have one container (deluge or transmission) use another container (openvpn?) as a gateway? So... Deluge container --> VPN container --> VPN Provider --> Internet | Deluge container <-- VPN container <-- VPN Provider <------| It kinda looks like what StevenD is doing above (I think) but I want Docker containers to provide ALL of these functions. My other option is to configure my pfsense box to use my PIA VPN and then try and figure out how to have ONLY my deluge container use that connection. Has anyone done this? John
January 26, 201610 yr Digging up this old thread... I don't know if this is even possible but I will throw it out there. I am still using binhex's Deluge+VPN docker but would like to move to a vanilla torrent client (no added packages/functionality). Is it possible to have one container (deluge or transmission) use another container (openvpn?) as a gateway? So... Deluge container --> VPN container --> VPN Provider --> Internet | Deluge container <-- VPN container <-- VPN Provider <------| It kinda looks like what StevenD is doing above (I think) but I want Docker containers to provide ALL of these functions. My other option is to configure my pfsense box to use my PIA VPN and then try and figure out how to have ONLY my deluge container use that connection. Has anyone done this? John Definitely can be done in pfSense (and using the Pipework Docker in unRAID). I have mine configured so only a few Dockers use VPN while the others use regular Internet.
January 26, 201610 yr Digging up this old thread... I don't know if this is even possible but I will throw it out there. I am still using binhex's Deluge+VPN docker but would like to move to a vanilla torrent client (no added packages/functionality). Is it possible to have one container (deluge or transmission) use another container (openvpn?) as a gateway? So... Deluge container --> VPN container --> VPN Provider --> Internet | Deluge container <-- VPN container <-- VPN Provider <------| It kinda looks like what StevenD is doing above (I think) but I want Docker containers to provide ALL of these functions. My other option is to configure my pfsense box to use my PIA VPN and then try and figure out how to have ONLY my deluge container use that connection. Has anyone done this? John Definitely can be done in pfSense (and using the Pipework Docker in unRAID). I have mine configured so only a few Dockers use VPN while the others use regular Internet. On the pfsense side...did you follow the instructions here: https://www.privateinternetaccess.com/pages/client-support/pfsense If so, when you created the NAT outbound rules (result shown in step 16 at above link), rather than duplicate the existing ones and keep them exactly the same other than change the Interface (PIAVPN vs. WAN), do you also change the Source (i.e. 192.168.1.0/24 vs. 192.168.2.0/24)? And then you gave your containers that you want to use the VPN a 192.168.2.x IP? Am I thinking of this correctly? John
January 26, 201610 yr Digging up this old thread... ... My other option is to configure my pfsense box to use my PIA VPN and then try and figure out how to have ONLY my deluge container use that connection. Has anyone done this? John Definitely can be done in pfSense (and using the Pipework Docker in unRAID). I have mine configured so only a few Dockers use VPN while the others use regular Internet. On the pfsense side...did you follow the instructions here: https://www.privateinternetaccess.com/pages/client-support/pfsense If so, when you created the NAT outbound rules (result shown in step 16 at above link), rather than duplicate the existing ones and keep them exactly the same other than change the Interface (PIAVPN vs. WAN), do you also change the Source (i.e. 192.168.1.0/24 vs. 192.168.2.0/24)? And then you gave your containers that you want to use the VPN a 192.168.2.x IP? Am I thinking of this correctly? John The guide you posted will get the VPN running, though there are a couple quirks with it. I will post later today with the details when i get on a real computer.
January 26, 201610 yr The guide you posted will get the VPN running, though there are a couple quirks with it. I will post later today with the details when i get on a real computer. TY!
January 26, 201610 yr I just stummbled across this: https://www.privateinternetaccess.com/forum/discussion/18111/openvpn-step-by-step-setup-for-pfsense-firewall-router-with-video The second comment details how to direct different IPs to VPN vs. WAN. That's not you is it? I only ask because of the "un" in the username. John
January 26, 201610 yr I just stummbled across this: https://www.privateinternetaccess.com/forum/discussion/18111/openvpn-step-by-step-setup-for-pfsense-firewall-router-with-video The second comment details how to direct different IPs to VPN vs. WAN. That's not you is it? I only ask because of the "un" in the username. John Thats not me, i'm just bad with coming up with names. That second post covers aliases which is part of it. On the openvpn setup, you don't need to create the username/password file as there is a spot in the openvpn config screen to enter those. Also add route-nopull to the extra block at the bottom so that you can use rules to pass only what you want through the vpn. If your running a proxy like squid there are extra steps. I will post with pics later today after work. What hardware is your pfsense running on? A synopsis: install the pipework docker. You need that so you can specify an ip to each docker so you can create rules in pfsense for them. We will also be specifying a custom MAC address in the pipework config for each docker as well so we can create static bindings in pfsense. Create br0 bridge in unraid if not already done. If you run dhcp on pfsense, set aside a block of addresses outside your dhcp range. We then create an alias with the ip of the dockers you want to go to VPN. We create CA and user certs for openvpn. Configure and bring up the VPN without pulling routes, then create rules to route your alias list to the VPN gateway and a blocking rule to prevent traffic on that alias if VPN goes down. If running squid, exclude the alias from the proxy. We then run tests from each docker to verify we have VPN vs regular internet. You can create static arp bindings so instead of remembering a bunch of ip and ports, you use sabnzbd:8080, as example, to get to the containers. Will expand with details and do pics later this evening.
January 26, 201610 yr I don't run any kind of proxy. My pfsense box is pretty much just a firewall/router with port forwarding rules. Nothing fancy. What hardware is your pfsense running on? Dell PowerEdge 1750 I do have a PowerEdge 1950 at my disposal if I need more horsepower. It was my vCenter server but has been offline for 2 years now. EDIT: thanks for the info about the username/pass and especially the route-nopull part. Whenever I created the VPN in the past, all of my clients wanted to use it right away and I couldn't get out to the internet. Since adding that to the Advanced, I have the VPN connected and it is not interfering: I am going to continue and create the interface. I'll sit on all of the rules until you have a chance to post. Thanks a mil for the help! John
January 26, 201610 yr I don't run any kind of proxy. My pfsense box is pretty much just a firewall/router with port forwarding rules. Nothing fancy. What hardware is your pfsense running on? Dell PowerEdge 1750 CPU Type Intel® Xeon CPU 2.40GHz 4 CPUs: 2 package(s) x 1 core(s) x 2 HTT threads I do have a PowerEdge 1950 at my disposal if I need more horsepower. It was my vCenter server but has been offline for 2 years now. EDIT: thanks for the info about the username/pass and especially the route-nopull part. Whenever I created the VPN in the past, all of my clients wanted to use it right away and I couldn't get out to the internet. Since adding that to the Advanced, I have the VPN connected and it is not interfering: I am going to continue and create the interface. I'll sit on all of the rules until you have a chance to post. Thanks a mil for the help! John Your pfsense box certainly has the hardware to go up to the AES-256 encryption with 4096 key if you wanted. Will detail that this evening as well.
January 26, 201610 yr WOW...pipework is nice. Had it up in running in no time. I used LSIO's Transmission docker as a test and have it successfully running on its own IP.
January 27, 201610 yr WOW...pipework is nice. Had it up in running in no time. I used LSIO's Transmission docker as a test and have it successfully running on its own IP. I see in the Pipework Docker thread you figured out the IP and custom MAC for the Dockers. I also notice the other IPs that get assigned, haven't figured that part out of it. Though about limiting the CIDR to smaller range, but haven't tried it.
January 27, 201610 yr General disclaimer: Lots of ways to do this and this is the way I did it, feel free to comment. Using 4shared for the images so unblock if you don't see any pics. Pic size reduced for the post, click the image for fullsize view. unRAID: 1. Install Pipework Docker, no configuration changes for it are needed. 2. For the Docker you want to assign an IP for, set the Network type to none. In the extra parameters block add: -e 'pipework_cmd=br0 @CONTAINER_NAME@ {ipaddress/CIDR}@{gateway} {valid random MAC address}' Note: See this for information on proper MAC address format. I used the random MAC address generator tool on my Tomato wifi access point to generate a list of random MAC addresses for the Dockers. 3. in unRAID, under Network Settings, create br0 bridge pfSense OpenVPN Client: There are a few guides floating around to setup OpenVPN for PIA in pfSense. This one is from PIA. This guide is a bit dated, but core information is there. You do not need to create the file for username/password as that is now part of the OpenVPN config. We do not want to do all the steps, we only need to create the CA and the user cert and configure the OpenVPN client itself. Don't follow the rule creation there unless you want everything on your network to go through the VPN. That guide creates a CA for 'PIAVPN' and a user cert for 'PIA Client', which I also used the names. It also goes through the creation of a 'PIAVPN' interface. The CA you create using the guide will be good for the default BF-CBC (Blowfish 128-bit) encryption which is all they support with the standard ports on their servers unless you use their client. If you switch the UDP port to 1196 you can use AES-128-CBC (128-bit) with the same CA. You can use this cert to create a CA with 4096-bit key and use AES-256-CBC with SHA256 Auth. In the pics I have the hardware crypto enabled as my APU supports AES-NI. 1,2 3 Note: The critical item is the 'route-nopull;' in the Advanced Configuration in pic 3 and don't follow that guide to create any firewall rules. At this point you should have OpenVPN up and running (check service status and restart OpenVPN if necessary, check the OpenVPN log,and check the dashboard and see if an IP is there for the PIAVPN interface). The VPN should not be affecting any other traffic on your network at this time. It should be showing connected, but nothing going through it. DHCP Server: If using DHCP, leave a block of LAN address outside the DHCP address pool for your Dockers and whatever else you want to go through VPN. The example below gives .151 and higher in the available range. Earlier we set up Pipework and the Dockers, those should be running at this point. Go to the DHCP server config and add static mappings for the Dockers: Note: I only push SAB, CP, NZBSearch, and Sonarr to the VPN. Create Aliases: After creating the static mappings, take the IP list you want sent through VPN and go to Firewall->Aliases in pfSense and add an IP alias: Any future Dockers or devices you want sent over the VPN just add the (static) IP to this alias. Firewall Nat: Go to Firewall->NAT->Outbound. Here you can go several ways such as go right to manual entry, or choose Hybrid. Up to you, but keep in mind the order of the rules. Rules are processed top to bottom. Create a rule here to force the Alias you created to go to the PIAVPN interface: 1,2 Note: Only the first rule in this example is relevant Firewall Rules: We need to create two rules: The first is to push the Alias to use the gateway of the VPN and the second is to block the alias if the VPN gateway goes down (VPN down). First step is to tell pfSense how to handle rules when a gateway goes down: Go to System->Advanced->Miscellaneous. About 2/3 down the screen is a section called Gateway Monitoring. Tick the "Skip rules when gateway is down" Note: The VPN should be up/active for this next step. Go to Firewall->Rules->LAN (LAN = whatever your interface is called that has the unRAID server). Create a new rule, action is Pass, Interface LAN, TCP/IP Version IPV4, Protocol Any, Source: Type = single host or alias, type in the name of the Alias in the address box. Give a description, then move down to the bottom in the Advanced features to Gateway and select the PIAVPN gateway: Create a second new rule, action is Block, Interface is LAN, IPV4, protocol Any, Source: Alias, add description (Block if VPN down): The order of the two new rules is important, they both should be above any general pass rules and the block rule below the new pass rule: Squid: If you use a proxy (Squid), you will need to exclude the Alias from the proxy: The Docker Test: After the above is done you may need to (should) reboot pfSense to get everything working properly. Telnet/SSH into unRAID and issue this command: curl -s http://geoip.hidemyass.com | grep -A 1 "ISP:" The response should be that of your normal ISP (not VPN). In my case: <td>ISP:</td> <td>Time Warner Cable</td> Go into a Docker you have pushed through the VPN (ex: Sonarr) docker exec -it Sonarr bash From there issue the curl command and the result should be that of your VPN: To test the block rule when the VPN goes down, stop the OpenVPN service and issue the curl command in the Docker. It should show a long pause then just return to prompt. Enable the VPN service and issue it again and it should show the VPN ISP. Ending note: If you created static ARP bindings when you did the static mapping in the DHCP server config, the hostname you gave it will now allow you to go Sonarr:{port} instead of the IP:port. Makes things a little easier when dealing with a bunch of IP addresses. Another note is the port for the Docker is now the port that was originally built for the container since pipework is being used. Can go to Docker advanced view to see what the port is. ...
January 27, 201610 yr WOW...pipework is nice. Had it up in running in no time. I used LSIO's Transmission docker as a test and have it successfully running on its own IP. I see in the Pipework Docker thread you figured out the IP and custom MAC for the Dockers. I also notice the other IPs that get assigned, haven't figured that part out of it. Though about limiting the CIDR to smaller range, but haven't tried it. This is what I am seeing in the pfsense system logs: Jan 27 07:55:30 kernel: arp: 192.168.1.252 moved from 00:25:90:64:a7:d8 to 3a:a6:01:12:92:82 on bge0 Jan 27 07:44:00 kernel: arp: 192.168.1.253 moved from 00:25:90:64:a7:d8 to 3a:a6:01:12:92:82 on bge0 Jan 27 07:24:00 kernel: arp: 192.168.1.253 moved from 00:25:90:64:a7:d8 to 3a:a6:01:12:92:82 on bge0 Jan 27 07:05:30 kernel: arp: 192.168.1.254 moved from 00:25:90:64:a7:d8 to 76:44:cb:97:58:13 on bge0 I found some info here: https://doc.pfsense.org/index.php/ARP_moved_log_messages Log entries may appear in the system log showing something similar to the following: pfsense kernel: arp: 192.168.1.50 moved from c4:0c:5c:69:6c:05 to 62:1e:3e:43:04:0c on em1 This indicates that the firewall saw the specified IP address move between the first MAC address and the second. This can happen for several reasons. IP address conflict - Two hosts are configured with the same IP address ARP poisoning - Someone on the network is ARP poisoning hosts NIC teaming - Some NIC teaming or bonding configurations will routinely log messages such as this because of the way they function. In these cases, this message is normal. IP moved to a different host or NIC - if an actively used IP address is reassigned to a different system or different NIC, this message will be logged. This will only occur when an active IP is moved, for instance an expired DHCP lease that later is assigned to a different host will not trigger this as the IP must have an active ARP table entry on the firewall for this to occur. Apple Bonjour sleep proxy - Apple's Bonjour sleep proxy will cause these logs to appear because of its network behavior. If both of the listed MAC addresses are Apple vendor MACs, this is likely why and can be disregarded as normal behavior. This logging can be disabled by setting the tunable net.link.ether.inet.log_arp_movements to value 0 under System>Advanced, System Tunables. I thought I had it figured out since I discovered I had an old dhcp reservation for unraid using the wrong MAC. I updated the reservation and rebooted pfsense and unraid (just to be sure) but it hasn't corrected the problem. John
January 27, 201610 yr Success! I am going to try your testing method using curl in a few minutes but for now I just tested using Transmission. From Transmission using the checkmytorrentip.png torrent with OpenVPN up... Success, Your torrent client IP is: 208.x.x.x <-- my VPN IP. And when I stop OpenVPN... 0 B of 205.5 kB (0.00%) - remaining time unknown (never got the Success message) I then queued up a *real* torrent with OpenVPN up and started DL'ing. I the pulled the plug on OPVN and the DL promptly stopped and never started again. Going to test with curl now. THANK YOU SO MUCH!!!! I still need to figure out those rogue ARP entries. Honestly, they worry me a bit but at least now unraid is not reachable on any of them. I'm just afraid that it will run through all of my IPs. John
January 27, 201610 yr Success! I am going to try your testing method using curl in a few minutes but for now I just tested using Transmission. From Transmission using the checkmytorrentip.png torrent with OpenVPN up... Success, Your torrent client IP is: 208.x.x.x <-- my VPN IP. And when I stop OpenVPN... 0 B of 205.5 kB (0.00%) - remaining time unknown (never got the Success message) I then queued up a *real* torrent with OpenVPN up and started DL'ing. I the pulled the plug on OPVN and the DL promptly stopped and never started again. Going to test with curl now. THANK YOU SO MUCH!!!! I still need to figure out those rogue ARP entries. Honestly, they worry me a bit but at least now unraid is not reachable on any of them. I'm just afraid that it will run through all of my IPs. John No problem. I have the same arp entry issue you are seeing with pipework, but IP usage stays the same it seems for me. I believe it is caused by how Docker networking is configured on unRaid and using pipework. Is arping available in base os of unraid? Currently away from server. Perhaps in 6.2 more network configuration can be exposed for Docker on unraid perhaps addition of vswitch or the like.
January 27, 201610 yr Is there any reason to do this (as described in another guide): Prevent DNS leaks by setting PIA DNS only ===================== - Click "System" - Click "Setup Wizard" - Click "Next" - Click "Next" - For "Primary DNS Server:" type in "209.222.18.218" - For "Secondary DNS Server:" type in "209.222.18.222" - "Override DNS:" [unchecked] - Click "Next" - Click "Next" - Scroll to the bottom and click "Next" - Click "Next" - "Admin Password AGAIN:" type in your pfsensePassword for the WebGUI - Click "Next" - Click "Reload" and wait - Click the 2nd "here" where is says... - "Click here to continue on to pfSense webConfigurator" Or is the connection via OpenVPN providing the DNS entries (which I think I see in my pfsense logs): openvpn[14516]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.x.x.x,topology net30,ifconfig 10.x.x.x 10.x.x.x'
January 27, 201610 yr Ending note: If you created static ARP bindings when you did the static mapping in the DHCP server config, the hostname you gave it will now allow you to go Sonarr:{port} instead of the IP:port. Makes things a little easier when dealing with a bunch of IP addresses. Another note is the port for the Docker is now the port that was originally built for the container since pipework is being used. Can go to Docker advanced view to see what the port is. unevent...can you give a little more detail here? Is all that you need to do is check the box below: If so, I'm not getting any love when I try to browse to http://couchpotato:5050. John
January 28, 201610 yr My bad, tick "Register DHCP static mappings in the DNS Resolver" under DNS Resolver config".
January 28, 201610 yr Is there any reason to do this (as described in another guide): Prevent DNS leaks by setting PIA DNS only ===================== - Click "System" - Click "Setup Wizard" - Click "Next" - Click "Next" - For "Primary DNS Server:" type in "209.222.18.218" - For "Secondary DNS Server:" type in "209.222.18.222" - "Override DNS:" [unchecked] - Click "Next" - Click "Next" - Scroll to the bottom and click "Next" - Click "Next" - "Admin Password AGAIN:" type in your pfsensePassword for the WebGUI - Click "Next" - Click "Reload" and wait - Click the 2nd "here" where is says... - "Click here to continue on to pfSense webConfigurator" Or is the connection via OpenVPN providing the DNS entries (which I think I see in my pfsense logs): openvpn[14516]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 209.222.18.222,dhcp-option DNS 209.222.18.218,ping 10,comp-lzo no,route 10.x.x.x,topology net30,ifconfig 10.x.x.x 10.x.x.x' I use OpenDNS servers vs. my ISP so I already force use of non-ISP DNS. There might be a leak though, still tracking it down. Route-nopull prevents the dhcp-options from executing so you don't get the DNS servers. Actually contradicting info on it, some say it allows you to specify 'dhcp-option DNS {DNS server IP}' in advanced config after the route-nopull and the log states it can't do the dhcp-option because of the nopull, but it actually works. Regardless, I am getting a leak of my ISP IP (as DNS server, VPN IP is ok) on ipleak.net / dnsleaktest.com when I do leak tests so more digging to figure it out.
January 28, 201610 yr Update: Had a strange DNS leak where ipleak.net and dnsleaktest.com would show proper VPN IP, but with my ISP IP as DNS server. Not ISP DNS, but my actual assigned ISP IP as reported DNS server. To fix I removed the 'route-nopull' from the openvpn config advanced options and added one rule to Firewall->Rules->LAN above the two that were added to push everything but the alias to the WAN/ISP gateway. Pic attached. With this in place devices in the Alias now show the VPN IP as both IP and DNS IP. On non-VPN devices, the IP is my ISP and my DNS is the VPN DNS. Not the end of the world for me, but something to note. When the VPN goes down the block works for the Alias and non-VPN devices revert back to non-VPN DNS. Might be some quirk in pfSense I have yet to figure out as I already specify OpenDNS servers, but my ISP may be running a DNS proxy. Definitely an issue when things that are suppost to go over VPN do, but DNS does not. Could be how the DNS tests work, but regardless real IP was leaking. Perhaps someone with more knowledge can shed some light on it.
January 28, 201610 yr I have the same arp entry issue you are seeing with pipework, but IP usage stays the same it seems for me. I believe it is caused by how Docker networking is configured on unRaid and using pipework. Is arping available in base os of unraid? Currently away from server. Perhaps in 6.2 more network configuration can be exposed for Docker on unraid perhaps addition of vswitch or the like. Mystery partly solved regarding the ARP entries. I see these when I do an IFCONFIG on unraid: root@unRAID:~# ifconfig 01p196da1e55b63: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.254 netmask 255.255.255.0 broadcast 0.0.0.0 ether 46:85:65:f5:7e:5b txqueuelen 0 (Ethernet) RX packets 342764 bytes 109154848 (104.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 525916 bytes 396197762 (377.8 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 01p2b580d617c31: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.253 netmask 255.255.255.0 broadcast 0.0.0.0 ether 3e:2b:c6:f0:55:7a txqueuelen 0 (Ethernet) RX packets 358144 bytes 124928035 (119.1 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 12865 bytes 3641201 (3.4 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 01p775d079610f4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.251 netmask 255.255.255.0 broadcast 0.0.0.0 ether 72:59:a5:fe:78:7c txqueuelen 0 (Ethernet) RX packets 150572 bytes 42520566 (40.5 MiB) RX errors 0 dropped 3 overruns 0 frame 0 TX packets 10077 bytes 3265627 (3.1 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 01p8fb24babcbf0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.252 netmask 255.255.255.0 broadcast 0.0.0.0 ether e2:9e:6c:1d:f2:90 txqueuelen 0 (Ethernet) RX packets 124384 bytes 35109787 (33.4 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 10714 bytes 3427574 (3.2 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 It has to be pipework creating these interfaces. John
January 28, 201610 yr Update: Had a strange DNS leak where ipleak.net and dnsleaktest.com would show proper VPN IP, but with my ISP IP as DNS server. Not ISP DNS, but my actual assigned ISP IP as reported DNS server. To fix I removed the 'route-nopull' from the openvpn config advanced options and added one rule to Firewall->Rules->LAN above the two that were added to push everything but the alias to the WAN/ISP gateway. Pic attached. With this in place devices in the Alias now show the VPN IP as both IP and DNS IP. On non-VPN devices, the IP is my ISP and my DNS is the VPN DNS. Not the end of the world for me, but something to note. When the VPN goes down the block works for the Alias and non-VPN devices revert back to non-VPN DNS. Might be some quirk in pfSense I have yet to figure out as I already specify OpenDNS servers, but my ISP may be running a DNS proxy. Definitely an issue when things that are suppost to go over VPN do, but DNS does not. Could be how the DNS tests work, but regardless real IP was leaking. Perhaps someone with more knowledge can shed some light on it. OK...I added the rule and this is what I see from dnsleaktest.com: IP Hostname ISP Country 74.125.x.x none Google United States 74.125.x.x none Google United States 74.125.x.x none Google United States 74.125.x.x none Google United States 74.125.x.x none Google United States 74.125.x.x none Google United States Not good. Anyway...since I only care about my Sonarr, CP, SAB and Deluge dockers using the VPN, I'll just assign them PIA's DNS servers in the static maps. Tested on my laptop and all is good: IP Hostname ISP Country 208.167.x.x none Choopa, LLC United States John
January 28, 201610 yr Anyway...since I only care about my Sonarr, CP, SAB and Deluge dockers using the VPN, I'll just assign them PIA's DNS servers in the static maps. Tested on my laptop and all is good: IP Hostname ISP Country 208.167.x.x none Choopa, LLC United States John Well that didn't work for the dockers. When I exec into one of the dockers and do a 'cat /etc/resolv.conf, the Google DNS servers are listed (not PIAs even though I forced them in the static map). I think it may be due to br0...dockers are getting their DNS info from unraid? So, I am going to force unraid to use PIA's DNS servers and see of the dockers pick them up then John
January 28, 201610 yr That appears to have done the trick... root@unRAID:~# cat /etc/resolv.conf # Generated by dhcpcd from br0.dhcp # /etc/resolv.conf.head can replace this line domain workgroup nameserver 209.222.18.218 nameserver 209.222.18.222 # /etc/resolv.conf.tail can replace this line root@unRAID:~# docker exec -it Sonarr bash root@775d079610f4:/# cat /etc/resolv.conf # Generated by dhcpcd from br0.dhcp # /etc/resolv.conf.head can replace this line domain workgroup nameserver 209.222.18.218 nameserver 209.222.18.222 # /etc/resolv.conf.tail can replace this line unevent, do you know how to test dns leaks from a command line within a container (just to make sure)? John
Archived
This topic is now archived and is closed to further replies.