[Support] binhex - DelugeVPN


Recommended Posts

11 hours ago, Philby1975 said:

Port Forwarding Question.

 

Below photos show logs and 'open ports' according to the console. Does this confirm that PIA VPN is port forwarding the correct port ? If not what do I need to do to a) forward the correct port; and b) confirm it is forwarding correctly. All my research so far indicates that this docker should do it all.

 

image.png.be583a458b1ca6521b35b094702d700c.png

image.png.ea5d1d91309a210395857210994a8ffe.png

 

Thanks in advance for any help.

 

Q9. https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Link to comment
On 5/26/2021 at 8:46 AM, tetrapod said:

Maybe I missunderstand what you mean or I don't understand how this container work, but why would NAT on your router have anything to do with this container?
The VPN function of the container punch a hole through the router, to the service you use on the outside. The resulting VPN tunnel have all ports open until some of them are closed by the iptables stuff configured within the container.

Because the session is initiated from the LAN side of your router there is no need to configure any port forwarding rules - right?

 

Edit: I now see further up that you made a reference to open ports in connection with ipleak.net. Correct me if I'm wrong, but I think you made the test with the magnet link in the torrent client inside the container and looking for leakage in the ipleak.net interface - right? In that case the web browser isn't using the the same VPN as the container and wouldn't show the right information.
If your browser use the same VPN tunnel as the container I would like to know how you set that up. Would be a handy test for me to.

It's far more likely that I don't understand how this container works, and whilst my IT knowledge is intermediate my understanding of networking (and dockers/linux) is pretty rudimentary so forgive me if I have totally got this wrong.

I don't know if any of this is relevant, but I'll include it just in case. My setup is that I have PIA installed on my router. However traffic to my unraid server is routed outside the VPN tunnel as I only needed deluge to be included.

 

My understanding was that this container polled PIA for a forwarded port and then fed that back to the settings/config of the deluge client so that the correct static port was listed. However, I thought that (as with the standard deluge client) I still needed to take that port and forward it on my router, so that is what I have been trying to do.

When I do that if I go to portchecker.co to test my port using the external IP address in deluge, and the port provided by the container then the port shows as open. If I don't port forward on my router it appears to show as closed. Similarly, when I port forward on my router then I show as connectable on the private tracker but when I don't I show (after variable delay I must admit) as not-connectable.

 

You are correct I did use the magnet link on ipleak, though I hadn't considered that it wasn't in the same tunnel. I'm not sure I follow why that makes a difference though as the torrent that is used as a reference for the port probe is within the VPN tunnel and the browser site just reports the results. I guess I don't need to understand it though - if you do, and tell me that the information can't be relied upon I'm happy to accept that.

Link to comment
4 hours ago, be4con said:

It's far more likely that I don't understand how this container works, and whilst my IT knowledge is intermediate my understanding of networking (and dockers/linux) is pretty rudimentary so forgive me if I have totally got this wrong.

No problem, I'm fumbling around here also :-$ And take my rumblings with a grain of salt. I have no truth claims here at all. My knowledge profile is probably an outlier here. I have been on IT leave for 20 years when raising kids which means I know Unix and some networking, but are really lost when it comes to the actual apps.

 

4 hours ago, be4con said:

I don't know if any of this is relevant, but I'll include it just in case. My setup is that I have PIA installed on my router. However traffic to my unraid server is routed outside the VPN tunnel as I only needed deluge to be included.

Ok, you have one PIA VPN tunnel set up on your router, but only certain WAN IPs and/or services are using that tunnel?

 

4 hours ago, be4con said:

My understanding was that this container polled PIA for a forwarded port and then fed that back to the settings/config of the deluge client so that the correct static port was listed. However, I thought that (as with the standard deluge client) I still needed to take that port and forward it on my router, so that is what I have been trying to do.

Do you have VPN enabled in the container? If you have, and it's configured correctly, you will have a VPN tunnel from that container to your VPN provider. As I see it it wouldn't make any difference what so ever if you open a port on your access router. Your actual WAN address is not known to deluge, only the WAN address on your VPN exit point. 

 

4 hours ago, be4con said:

When I do that if I go to portchecker.co to test my port using the external IP address in deluge, and the port provided by the container then the port shows as open. If I don't port forward on my router it appears to show as closed.

If the external IP address in deluge is the same as your actual access router WAN address there is something wrong as I see it, or you do not have VPN configured in the container?

Link to comment

I'm trying to tunnel my traffic to deluge but I can not access my docker webui when I add the port like in space invader one YouTube video. I have read there was a update that now required you to add these ports to VPN_INPUT_PORT, but this option is not in my docker settings for deluge. Any help would be appreciated thanks.

Screenshot 2021-05-28 12.13.30.png

Link to comment
52 minutes ago, JebDuna said:

this option is not in my docker settings for deluge

Your template is too old and you need to add it yourself. On the bottom of the page click "Add another path,port..." And set it to variable, as the key you set "VPN_INPUT_PORTS", and as value you put the port. If you have multiple ports separate them with comma.

 

Edit: Also see Q27: https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Edited by strike
Link to comment

I'm sorry if this has been asked before, but I'm having an issue regarding seeding many torrents at the same time and someone made me aware of this. I'm not sure how to read the status of this bug, but if I understand correctly this is still not fixed? I suspect I might be affected by this bug as I am seeding around 2000 torrents and some are not showing up as active in the tracker where I seed. No error message from Deluge, but some torrents are showing "Next announce: ∞", and I suspect this bug might be the reason. Is there a way I can manually edit the default "active_tracker_limit"?

Link to comment
1 minute ago, dukiethecorgi said:

One workaround is to use multiple containers, limiting each one to 1200 or so torrents. I found that that's about the maximum number before the UI becomes unbearably slow. 

I'd prefer a more elegant solution, but if it's not possible I think I'm just gonna change to another client. For some reason it's impossible to mass-edit tracker info in Deluge(except custom scripts, which is a bit out of my comfort zone atm), and I fear one day I have to change my passkey for hundreds of torrents.

Link to comment
12 hours ago, Nimrad said:

Is there a way I can manually edit the default "active_tracker_limit"?


ItConfig can, although I have no way to actually test that for you. Refer to this post from raiditup for information on how to get it working.

 

Funny coincidence that I even knew about that plugin, dealing with an unrelated issue and only just bumped it myself.

-----------------

 

Has something changed on NordVPN's side which is getting me bottlenecked severely? I've tried several of their P2P servers now, which bumped me up from 3MiB/s to 5MiB/s initially. Following the above post I managed to get the speed up to 6MiB/s, but that's where I've hit another roadblock. I used to get speeds in the 10-14MiB/s range last year.


It wasn't that big of a deal, so I never really bothered looking into it, but now that I have some more time I'd like to find the root cause of it.

Disabling the VPN instantly sees speeds rise up to well over 25 38MiB/s, so it's not like the physical connection is too slow.

Speeds have been tested with the Ubuntu ISO download for consistency, extremely popular downloads from indexers show similar speeds. 

 

I'm well aware that PIA is a lot better pick for Torrents, but with my Nord subscription still being active for another year I'd prefer not switching over right now. 


Edit: It was doing 20MiB/s+ back in February last year, but I remember it consistently being about 12MiB/s up until at least August/September, first time I noticed that the download speed dropped down to 2-3MiB was early this year. (I rarely have need to look at the WebUI, only noticed it when I wanted to manually add a torrent)

 

Edit2: Gah, the more I toy around with this the more it seems to be Nord's servers being slow and inconsistent between configs. Tried like 8 more ovpn configs, fastest one so far peaks consistently around 8MiB/s, still a major improvement over what it was even a few hours ago - but nowhere near the speeds I used to have. 

Edited by iD4NG3R
Link to comment
21 hours ago, iD4NG3R said:

Gah, the more I toy around with this the more it seems to be Nord's servers being slow and inconsistent between configs. Tried like 8 more ovpn configs, fastest one so far peaks consistently around 8MiB/s, still a major improvement over what it was even a few hours ago - but nowhere near the speeds I used to have. 

Regarding the speed. I'm sure you're already aware of this, but NordVPN does not offer port forwarding. And as long as you keep using them you will never be able to fully utilize your connection, as that requires an open incoming port for other peers to connect to. So your speed will always fluctuate but you almost certainly will never be able to get full speed. So my advice is, stop trying to get better speed or switch vpn provider to one that offers port forwarding.

Link to comment
2 minutes ago, strike said:

Regarding the speed. I'm sure you're already aware of this, but NordVPN does not offer port forwarding. And as long as you keep using them you will never be able to fully utilize your connection, as that requires an open incoming port for other peers to connect to. So your speed will always fluctuate but you almost certainly will never be able to get full speed. So my advice is, stop trying to get better speed or switch vpn provider to one that offers port forwarding.

Read the entire thing;

Quote

I'm well aware that PIA is a lot better pick for Torrents, but with my Nord subscription still being active for another year I'd prefer not switching over right now. 

Combined with;

Quote

It was doing 20MiB/s+ back in February last year, but I remember it consistently being about 12MiB/s up until at least August/September, first time I noticed that the download speed dropped down to 2-3MiB was early this year. (I rarely have need to look at the WebUI, only noticed it when I wanted to manually add a torrent)

 

It doesn't explain the relatively sudden/huge drop in speed, speeds I was having for well over 3 years despite Nord never having supported P/F to begin with. I'm quite content with the 8MiB/s I'm getting right now, but would like to figure out why it dropped so harshly in the first place. ;)

Link to comment
30 minutes ago, iD4NG3R said:

Read the entire thing;

Combined with;

 

It doesn't explain the relatively sudden/huge drop in speed, speeds I was having for well over 3 years despite Nord never having supported P/F to begin with. I'm quite content with the 8MiB/s I'm getting right now, but would like to figure out why it dropped so harshly in the first place. ;)

it did read the entire thing. And why not? Why shouldn't that explain it? If noting else changed in your settings or network it's either that or slow vpn server.  If you don't have an open incoming port your speed will always fluctuate. Today you get 8MiB/s tomorrow you might get 2, 10 or 20. But as I said you almost certainly do not get full speed.

 

This guy from reddit says it well:

 

Quote

Imagine you can only make outgoing connections. Imagine your friend can only make outgoing connections. How will you talk to your friend? You can't.

 

Now, imagine a torrent that has 5 clients. It doesn't really matter for this discussion if they're seeding or leeching. Now, imagine all 5 of those clients are outgoing connection only. No one can connect to anyone, so no one makes any progress.

 

Now, a 6th guy connects and he has working incoming connections. He can't connect to anyone, but they can all connect to him. So, he ends up connected to many/all of the other clients, and begins downloading from them. In addition, he uploads what he gets from one client to all the other clients. Because this one guy joined, everyone can make progress.

 

So, a torrent needs at least SOME people with working inbound connections.

 

If you are outbound-only, you will be limited to only downloading/uploading from that limited selection of working inbound clients. If you have working inbound, you can download/upload to all other clients. It's better to have lots of sources than to have a few sources, so you're better off if you forward ports.

 

Imagine a torrent that has 100 seeds, but only 2 of them support inbound connections. If you're a leecher with no port forward, you only have 2 seeds to work with, and you have to share those 2 seeds with all the other leechers that don't have port forwards. If you do have port forwards, you get to use all seeds, and many of those seeds are less busy since only people with port forwards can talk to them, so you're almost certain to get better speeds.

 

Source: https://www.reddit.com/r/torrents/comments/agwhiq/why_opening_bittorrent_ports/

 

Edited by strike
  • Thanks 1
Link to comment

That still doesn't explain the static upper limit to the connection speed [per server] regardless of the amount of available connections. 

 

If available connections were the issue I'd see inconsistent maximum speeds but consistent speeds testing different ovpn servers. I'm seeing the exact opposite happen. 🤔

 

Has Nord started to bottleneck p2p connections in the past year? Has Nord started using slower servers in the past year? Any other changes that could relate to p2p speeds? That's what I'd like to have an answer to since available connections don't seem to be the [primary] cause..

 

'm gonna take that question to a different place though considering that doesn't have much to do with DelugeVPN at this point. I appreciate the response. 

 

Edited by iD4NG3R
Link to comment
57 minutes ago, iD4NG3R said:

Has Nord started to bottleneck p2p connections in the past year? Has Nord started using slower servers in the past year? Any other changes that could relate to p2p speeds? That's what I'd like to have an answer to

That can be an option as well, but you better take that up with them as you said. Speed will vary across vpn servers as some have higher load than others, and this will constantly change. So to pick a server that is better than the other is just pure hit and miss and can change fast. But European servers tend to be faster when using p2p. That's my experience anyway.

 

57 minutes ago, iD4NG3R said:

since available connections don't seem to be the [primary] cause..

How will you know tho? When you switch vpn servers your connection will reset, and you might not even get connected to the same peers as before. In your settings you probably have only about 150 total connections or something set up. As in the example in my last post. Say you have a torrent with 500 seeders, and you're connected to 100 seeds and 50 leechers on this torrent. That's a total of 150 connections. Only 2 have an open incoming port of those, so you get 8MiB/s, which is the max those peers can upload. You switch vpn server and connect again to 100 seeds and 50 leechers. And none of them are one of the peers you connected to before, and of those there are now 3 with an open incoming port so you get 10MiB/s. Say you switch vpn servers back and forth, you will connect to different peers every time, so the speed will also vary not only based on the load on the vpn server but the speed of those you are connected to as well which can change every time. So again, how can you know that, when you are not even connecting to the same peers as before?

 

IMHO available connections (an open incoming port) is the number one factor when it comes to speed in p2p. 

 

In any case, when your subscription is up you'd be better of with a provider that supports port forwarding.  In fact, not just you will be better off, but all the other peers that you will encounter will thank you too ;) 

Edited by strike
Link to comment
On 5/25/2021 at 3:35 PM, fritolays said:

So I am not able to get torguard working via wireguard.

I have generated a known good config that works on my phone via lte and on my desktop.

 

It does not work with this docker however.

Watching the log in debug mode it reads "Having issues resolving name 'www.google.com'"

Keeps trying for x times then just fails.

Connecting to the console of this docker, I cannot ping the dns and thus cant get any name resolution.

At this point it attempts to get the vpn public IP but fails as it can resolve any address.

 

Thus far I've completely removed docker and reinstalled it, completely removed deluge and reinstalled it...

Any ideas of what I can try?

 

Ok so I figured this out....

If you happen to connect via the official TorGuard desktop app it seems to change how TorGuard generates wireguard configs.

 

Specifically the allowedips line in wg0.conf, TorGuard may generate:

AllowedIPs = 0.0.0.0/1, 128.0.0.0/1

While binhex seems to only want:

AllowedIPs = 0.0.0.0/0

 

After correcting this I was able to once again connect without issue. I also switched to the official wireguard desktop app and that does not seem to cause config generator issues anymore.

Link to comment

Hey,

 

I'm using pia and I followed spaceinvaders tutorial (and hopefully didn't miss anything), but somehow I can not get a reasonable downloadspeed. I'm stuck at ~1MBit/s. I tested it with ubuntu, with normal qbittorrent I got to ~25Mbit/s (my max down speed), but as soon I'm using deluge with VPN I'm stuck at ~1Mbit/s. Tested it with some other torrents as well, all the same.

No tracker complains about missing port forwarding also I checked if the port is open (and hopefully didn't do anything wrong). I even used it as a proxy and went to speedtest.net where I got good speed.

So what I'm wondering, how am I stuck to ~1Mbit/s as soon I use the VPN?

 

[start of edit with additional information:]

 

setup:

  1. I followed spaceinvaders tutorial (also using pia)
  2. unraid and delugevpn latest version
  3. Router Linksys EA8300 with openwrt (19.xx)
  4. Router which is used as modem has been provided by my isp.

 

issues:

  1. down/upload speed limited to 1mbit/s
  2. as soon the container is running (even with 2 torrents) I get a bad ping (50-500ms) to my modem (modem is a modem-router combi, but set to modem mode only). As router I'm using an Linksys EA3800 with openwrt.

 

findings:

  1. ping to modem is good as soon delugevpn is off, as soon I've got some torrents (not even downloading) in delugevpn my ping to the modem drops significantly. Ping to websites does not drop, but websites are way slower.
  2. My Modem can handle 180+ torrents at the same time (tested with qbittorrent without vpn).

 

what I did:

  1. reinstall delugevpn container (no change)
  2. reset my router to factory defaults and used different versions of openwrt (no change)
  3. didn't use my own router, but used the isp provided router with all router settings active (no change)
  4. tested the speed using privoxy, I was able to get full speed out of my internet connection there
  5. downloaded some torrents using delugevpn and downloaded them using qbittorrent, qbittorrent always gave full speed (used ubuntu and other well shared torrents to make sure I can saturate my internet connection).

 

 

@binhex I have been doing some extensive research and it seems like delugevpn is putting way more pressure on my modem. I'm not sure what is going on and I don't know how to research any deeper, if you are interested to fix this, let me know.

 

Thank you in Advance,

Autchi

Edited by Autchirion
additional information
Link to comment

Can someone recommend settings here, it's been a long time.

 

image.png.a76dd1e92545aad1a6924f97d84470d6.png

 

 

ISSUE: unable to use blocker plugin, I tick the box but it instantly unticks itself. Any ideas?

 

 

These are the only Yellow log warnings I have:

 

 2021-06-04 09:26:39 us=423011 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results

2021-06-04 09:26:38 us=269288 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1569', remote='link-mtu 1549'
2021-06-04 09:26:38 us=269325 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth [null-digest]'
2021-06-04 09:26:38 us=269342 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'

Edited by The Lizard King
Link to comment

@binhex after update to latest docker version tonight the docker seen to be stuck at:

 

"021-06-07 00:02:24,105 DEBG 'start-script' stdout output:
[info] Successfully assigned and bound incoming port '44002'

2021-06-07 00:02:24,358 DEBG 'watchdog-script' stdout output:
[debug] Checking we can resolve name 'www.google.com' to address...

2021-06-07 00:02:24,459 DEBG 'watchdog-script' stdout output:
[debug] DNS operational, we can resolve name 'www.google.com' to address '142.250.64.100'

2021-06-07 00:02:24,459 DEBG 'watchdog-script' stdout output:
[debug] Waiting for iptables chain policies to be in place...

2021-06-07 00:02:24,464 DEBG 'watchdog-script' stdout output:
[debug] iptables chain policies are in place
[info] Deluge listening interface IP 0.0.0.0 and VPN provider IP 10.25.112.222 different, marking for reconfigure

2021-06-07 00:02:24,468 DEBG 'watchdog-script' stdout output:
[info] Deluge not running

2021-06-07 00:02:24,470 DEBG 'watchdog-script' stdout output:
[info] Deluge Web UI not running

2021-06-07 00:02:24,473 DEBG 'watchdog-script' stdout output:
[info] Privoxy not running

2021-06-07 00:02:24,473 DEBG 'watchdog-script' stdout output:
[info] Deluge incoming port 6890 and VPN incoming port 44002 different, marking for reconfigure

2021-06-07 00:02:24,473 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Deluge...
[info] Removing deluge pid file (if it exists)...

2021-06-07 00:02:24,775 DEBG 'watchdog-script' stdout output:
[info] Deluge key 'listen_interface' currently has a value of '10.24.112.166'
[info] Deluge key 'listen_interface' will have a new value '10.25.112.222'
[info] Writing changes to Deluge config file '/config/core.conf'...

2021-06-07 00:02:24,894 DEBG 'watchdog-script' stdout output:
[info] Deluge key 'outgoing_interface' currently has a value of 'tun0'
[info] Deluge key 'outgoing_interface' will have a new value 'tun0'
[info] Writing changes to Deluge config file '/config/core.conf'...

"

using 6.26% cpu and memory: 307MiB / 62.76GiB

I have PIA as VPN provider and this have worked great until the lastest update.

 

edit: additional info: did a top in the docker and config_deluge.p    is using 100% of cpu

edit2: tried to disable vpn and privoxy in the container. But still no deluge gui.

 

Any ideas on how to get this unstuck...? tnx

 

Edited by orlando500
Link to comment

I have lost the ability to get to the Webui for this docker and am looking for a bit of help resolving please. I have removed the docker image and installed fresh/latest version on my Unraid (6.9.2) server. I have tried clearing the cache in my browser. I get a message when trying to connect to it: 

 

This site can’t be reached

10.10.20.177 refused to connect.

Try:

Checking the connection

Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

 

I also tried rolling back to previous versions of the docker from March, when I know it was working. I have my server set to update my containers regularly for me. 

 

I am able to access the Webui of my other docker containers without issue. I have included my log file for review.

 

Edited by Strats
removed log file - contained personal info
Link to comment
9 hours ago, Strats said:

I have lost the ability to get to the Webui for this docker and am looking for a bit of help resolving please. I have removed the docker image and installed fresh/latest version on my Unraid (6.9.2) server. I have tried clearing the cache in my browser. I get a message when trying to connect to it: 

 

This site can’t be reached

10.10.20.177 refused to connect.

Try:

Checking the connection

Checking the proxy and the firewall

ERR_CONNECTION_REFUSED

 

I also tried rolling back to previous versions of the docker from March, when I know it was working. I have my server set to update my containers regularly for me. 

 

I am able to access the Webui of my other docker containers without issue. I have included my log file for review.

2021-06-06 Log File.txt 26.2 kB · 3 downloads

from your log:-

 

2021-06-06 22:52:05 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

2021-06-06 22:52:05 TLS Error: TLS handshake failed

so its either a issue with connectivity to the vpn endpoint or an issue with their certificate that they issued, try a different endpoint and/or downloading the latest openvpn config files.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.