[Support] binhex - DelugeVPN


Recommended Posts

On 1/19/2023 at 4:13 PM, another_hoarder said:

 

For those with the issue triggered by the most recent update, THIS IS THE WAY until new certs are provided.  Many thanks @nraygun for saving us the time.  I still don't get how sha256 or aes256 isn't safe enough any more but hopefully we'll all get new sha512 certs soon and can replace our ovpn configs for another decade of peace ;)

I'm also having a "ca md too weak" error, along with some other issues with depreciated options:

2023-01-31 22:46:51,441 DEBG 'start-script' stdout output:
2023-01-31 22:46:51 WARNING: file 'credentials.conf' is group or others accessible

2023-01-31 22:46:51,441 DEBG 'start-script' stdout output:
2023-01-31 22:46:51 OpenVPN 2.5.8 [git:makepkg/0357ceb877687faa+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Nov  1 2022
2023-01-31 22:46:51 library versions: OpenSSL 3.0.7 1 Nov 2022, LZO 2.10

2023-01-31 22:46:51,442 DEBG 'start-script' stdout output:
2023-01-31 22:46:51 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2023-01-31 22:46:51,443 DEBG 'start-script' stdout output:
2023-01-31 22:46:51 OpenSSL: error:0A00018E:SSL routines::ca md too weak
2023-01-31 22:46:51 Cannot load inline certificate file
2023-01-31 22:46:51 Exiting due to fatal error

2023-01-31 22:46:51,445 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2023-01-31 22:46:51,451 DEBG 'start-script' stdout output:
2023-01-31 22:46:51 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.

Will adding the  " tls-cipher "DEFAULT:@SECLEVEL=0" " line remove both errors (until my VPN provider updates their cipher to 512), or have I got another error in parallel to the sha512 update needed? Thanks.

Link to comment
On 1/31/2023 at 6:06 AM, lema said:

Hi All!
I've been experiencing issues getting an access to the WebUI for few days now. Before that, everything was working just fine.

What have I done:

* I've gone through the Q&A
* Checked the kernel modules
* Checked the VPN config files, VPN works.
* Checked the LAN config
* Deleted data files and did fresh install of the docker
* Tried to downgrade to 2.1.1-1-02

To me, everything looks good and I don't see any errors in logs. Still I don't get any access to the WebUI if VPN is enabled. Anything I'm missing or any other suggestions?

Here is the full dump of last reboot log:

Created by...
___.   .__       .__
\_ |__ |__| ____ |  |__   ____ ___  ___
 | __ \|  |/    \|  |  \_/ __ \\  \/  /
 | \_\ \  |   |  \   Y  \  ___/ >    <
 |___  /__|___|  /___|  /\___  >__/\_ \
     \/        \/     \/     \/      \/
   https://hub.docker.com/u/binhex/

2023-01-31 05:52:12.876853 [info] Host is running unRAID
2023-01-31 05:52:12.912645 [info] System information Linux 04a824aa28e5 5.19.14-Unraid #1 SMP PREEMPT_DYNAMIC Thu Oct 6 09:15:00 P
DT 2022 x86_64 GNU/Linux
2023-01-31 05:52:12.962294 [info] OS_ARCH defined as 'x86-64'
2023-01-31 05:52:13.008358 [info] PUID defined as '99'
2023-01-31 05:52:13.093884 [info] PGID defined as '100'
2023-01-31 05:52:13.190516 [info] UMASK defined as '000'
2023-01-31 05:52:13.234279 [info] Permissions already set for '/config'
2023-01-31 05:52:13.288329 [info] Deleting files in /tmp (non recursive)...
2023-01-31 05:52:13.344229 [info] VPN_ENABLED defined as 'yes'
2023-01-31 05:52:13.389382 [info] VPN_CLIENT defined as 'openvpn'
2023-01-31 05:52:13.428501 [info] VPN_PROV defined as 'custom'
2023-01-31 05:52:13.495014 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/PrivateVPN-SE-Stockholm-TUN-4
43.ovpn
2023-01-31 05:52:13.598294 [info] VPN remote server(s) defined as 'se-sto.pvdata.host,'
2023-01-31 05:52:13.636816 [info] VPN remote port(s) defined as '443,'
2023-01-31 05:52:13.676009 [info] VPN remote protcol(s) defined as 'tcp-client,'
2023-01-31 05:52:13.722568 [info] VPN_DEVICE_TYPE defined as 'tun0'
2023-01-31 05:52:13.766732 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2023-01-31 05:52:13.809064 [info] LAN_NETWORK defined as '192.168.1.0/24,192.168.50.0/24'
2023-01-31 05:52:13.849249 [info] NAME_SERVERS defined as '84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
2023-01-31 05:52:13.892369 [info] VPN_USER defined as <username>
2023-01-31 05:52:13.937794 [info] VPN_PASS defined as <password>
2023-01-31 05:52:13.982802 [info] ENABLE_PRIVOXY defined as 'no'
2023-01-31 05:52:14.032450 [info] VPN_INPUT_PORTS not defined (via -e VPN_INPUT_PORTS), skipping allow for custom incoming ports
2023-01-31 05:52:14.077110 [info] VPN_OUTPUT_PORTS not defined (via -e VPN_OUTPUT_PORTS), skipping allow for custom outgoing ports
2023-01-31 05:52:14.122897 [info] DELUGE_DAEMON_LOG_LEVEL defined as 'info'
2023-01-31 05:52:14.166538 [info] DELUGE_WEB_LOG_LEVEL defined as 'info'
2023-01-31 05:52:14.216605 [info] Starting Supervisor...
2023-01-31 05:52:14,820 INFO Included extra file "/etc/supervisor/conf.d/delugevpn.conf" during parsing
2023-01-31 05:52:14,821 INFO Set uid to user 0 succeeded
2023-01-31 05:52:14,827 INFO supervisord started with pid 7
2023-01-31 05:52:15,830 INFO spawned: 'start-script' with pid 186
2023-01-31 05:52:15,833 INFO spawned: 'watchdog-script' with pid 187
2023-01-31 05:52:15,834 INFO reaped unknown pid 8 (exit status 0)
2023-01-31 05:52:15,842 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2023-01-31 05:52:15,843 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2023-01-31 05:52:15,843 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs
)
2023-01-31 05:52:15,856 DEBG 'start-script' stdout output:
[warn] Username contains characters which could cause authentication issues, please consider changing this if possible

2023-01-31 05:52:15,958 DEBG 'start-script' stdout output:
[info] Adding 84.200.69.80 to /etc/resolv.conf

2023-01-31 05:52:15,964 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2023-01-31 05:52:15,970 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2023-01-31 05:52:15,977 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2023-01-31 05:52:15,984 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2023-01-31 05:52:15,990 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2023-01-31 05:52:26,201 DEBG 'start-script' stdout output:
[info] Default route for container is 192.168.50.1

2023-01-31 05:52:26,221 DEBG 'start-script' stdout output:
[info] Docker network defined as    192.168.50.0/24

2023-01-31 05:52:26,226 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via docker eth0

2023-01-31 05:52:26,236 DEBG 'start-script' stdout output:
[info] Adding 192.168.50.0/24 as route via docker eth0

2023-01-31 05:52:26,238 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2023-01-31 05:52:26,238 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2023-01-31 05:52:26,240 DEBG 'start-script' stdout output:
default via 192.168.50.1 dev eth0 
192.168.1.0/24 via 192.168.50.1 dev eth0 
192.168.50.0/24 dev eth0 proto kernel scope link src 192.168.50.203 

2023-01-31 05:52:26,241 DEBG 'start-script' stdout output:
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
local 192.168.50.203 dev eth0 table local proto kernel scope host src 192.168.50.203 
broadcast 192.168.50.255 dev eth0 table local proto kernel scope link src 192.168.50.203 

2023-01-31 05:52:26,241 DEBG 'start-script' stdout output:
--------------------

2023-01-31 05:52:26,247 DEBG 'start-script' stdout output:
iptable_mangle         16384  1
ip_tables              28672  5 iptable_filter,iptable_nat,iptable_mangle
x_tables               45056  12 ip6table_filter,xt_conntrack,iptable_filter,xt_tcpudp,xt_addrtype,xt_nat,ip6_tables,ip_tables,ipt
able_nat,xt_MASQUERADE,iptable_mangle,xt_mark

2023-01-31 05:52:26,248 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2023-01-31 05:52:26,462 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2023-01-31 05:52:26,464 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 192.168.50.0/24 -d 192.168.50.0/24 -j ACCEPT
-A INPUT -s 45.130.87.14/32 -i eth0 -j ACCEPT
-A INPUT -s 45.130.87.5/32 -i eth0 -j ACCEPT
-A INPUT -s 45.130.87.16/32 -i eth0 -j ACCEPT
-A INPUT -s 45.130.87.18/32 -i eth0 -j ACCEPT
-A INPUT -s 45.130.87.9/32 -i eth0 -j ACCEPT
-A INPUT -s 45.130.87.12/32 -i eth0 -j ACCEPT
-A INPUT -s 45.130.87.3/32 -i eth0 -j ACCEPT
-A INPUT -s 45.130.87.7/32 -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8112 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 192.168.50.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -s 192.168.50.0/24 -d 192.168.50.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -s 192.168.50.0/24 -d 192.168.50.0/24 -j ACCEPT
-A OUTPUT -d 45.130.87.14/32 -o eth0 -j ACCEPT
-A OUTPUT -d 45.130.87.5/32 -o eth0 -j ACCEPT
-A OUTPUT -d 45.130.87.16/32 -o eth0 -j ACCEPT
-A OUTPUT -d 45.130.87.18/32 -o eth0 -j ACCEPT
-A OUTPUT -d 45.130.87.9/32 -o eth0 -j ACCEPT
-A OUTPUT -d 45.130.87.12/32 -o eth0 -j ACCEPT
-A OUTPUT -d 45.130.87.3/32 -o eth0 -j ACCEPT
-A OUTPUT -d 45.130.87.7/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8112 -j ACCEPT
-A OUTPUT -s 192.168.50.0/24 -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -s 192.168.50.0/24 -d 192.168.50.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

2023-01-31 05:52:26,466 DEBG 'start-script' stdout output:
--------------------

2023-01-31 05:52:26,467 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2023-01-31 05:52:26,563 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.

2023-01-31 05:52:26,563 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 WARNING: file 'credentials.conf' is group or others accessible
2023-01-31 05:52:26 OpenVPN 2.5.7 [git:makepkg/a0f9a3e9404c8321+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11]
 [MH/PKTINFO] [AEAD] built on May 31 2022

2023-01-31 05:52:26,564 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10

2023-01-31 05:52:26,564 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2023-01-31 05:52:26,565 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key

2023-01-31 05:52:26,565 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
2023-01-31 05:52:26 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
2023-01-31 05:52:26 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication

2023-01-31 05:52:26,570 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 TCP/UDP: Preserving recently used remote address: [AF_INET]45.130.87.14:443
2023-01-31 05:52:26 Socket Buffers: R=[87380->87380] S=[65536->65536]
2023-01-31 05:52:26 Attempting to establish TCP connection with [AF_INET]45.130.87.14:443 [nonblock]

2023-01-31 05:52:26,620 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 TCP connection established with [AF_INET]45.130.87.14:443
2023-01-31 05:52:26 TCP_CLIENT link local: (not bound)
2023-01-31 05:52:26 TCP_CLIENT link remote: [AF_INET]45.130.87.14:443

2023-01-31 05:52:26,653 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 TLS: Initial packet from [AF_INET]45.130.87.14:443, sid=f24f2d23 6a3e1ca1

2023-01-31 05:52:26,767 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 VERIFY OK: depth=1, C=SE, ST=CA, L=Stockholm, O=PrivateVPN, CN=PrivateVPN CA, name=PrivateVPN, [email protected]

2023-01-31 05:52:26,768 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 VERIFY KU OK
2023-01-31 05:52:26 Validating certificate extended key usage
2023-01-31 05:52:26 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2023-01-31 05:52:26 VERIFY EKU OK
2023-01-31 05:52:26 VERIFY OK: depth=0, C=SE, ST=CA, L=Stockholm, O=PrivateVPN, CN=PrivateVPN, name=PrivateVPN, [email protected]

2023-01-31 05:52:26,923 DEBG 'start-script' stdout output:
2023-01-31 05:52:26 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2023-01-31 05:52:26 [PrivateVPN] Peer Connection Initiated with [AF_INET]45.130.87.14:443

2023-01-31 05:52:28,024 DEBG 'start-script' stdout output:
2023-01-31 05:52:28 SENT CONTROL [PrivateVPN]: 'PUSH_REQUEST' (status=1)

2023-01-31 05:52:28,147 DEBG 'start-script' stdout output:
2023-01-31 05:52:28 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,sndbuf 524288,rcvbuf 524288,redirect-gateway def1,dhcp
-option DISABLE-NBT,dhcp-option DNS 10.35.53.1,dhcp-option DNS 10.35.53.2,route-gateway 10.35.12.1,topology subnet,ping 20,ping-re
start 60,ifconfig 10.35.12.2 255.255.254.0,peer-id 0,cipher AES-256-GCM'

2023-01-31 05:52:28,147 DEBG 'start-script' stdout output:
2023-01-31 05:52:28 OPTIONS IMPORT: timers and/or timeouts modified
2023-01-31 05:52:28 OPTIONS IMPORT: compression parms modified
2023-01-31 05:52:28 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2023-01-31 05:52:28 Socket Buffers: R=[87380->1048576] S=[69120->1048576]
2023-01-31 05:52:28 OPTIONS IMPORT: --ifconfig/up options modified
2023-01-31 05:52:28 OPTIONS IMPORT: route options modified
2023-01-31 05:52:28 OPTIONS IMPORT: route-related options modified
2023-01-31 05:52:28 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2023-01-31 05:52:28 OPTIONS IMPORT: peer-id set
2023-01-31 05:52:28 OPTIONS IMPORT: adjusting link_mtu to 1627
2023-01-31 05:52:28 OPTIONS IMPORT: data channel crypto options modified
2023-01-31 05:52:28 Data Channel: using negotiated cipher 'AES-256-GCM'
2023-01-31 05:52:28 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-31 05:52:28 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2023-01-31 05:52:28 net_route_v4_best_gw query: dst 0.0.0.0
2023-01-31 05:52:28 net_route_v4_best_gw result: via 192.168.50.1 dev eth0
2023-01-31 05:52:28 ROUTE_GATEWAY 192.168.50.1/255.255.255.0 IFACE=eth0 HWADDR=02:42:c0:a8:32:cb

2023-01-31 05:52:28,148 DEBG 'start-script' stdout output:
2023-01-31 05:52:28 TUN/TAP device tun0 opened
2023-01-31 05:52:28 net_iface_mtu_set: mtu 1500 for tun0
2023-01-31 05:52:28 net_iface_up: set tun0 up
2023-01-31 05:52:28 net_addr_v4_add: 10.35.12.2/23 dev tun0

2023-01-31 05:52:28,148 DEBG 'start-script' stdout output:
2023-01-31 05:52:28 /root/openvpnup.sh tun0 1500 1555 10.35.12.2 255.255.254.0 init

2023-01-31 05:52:28,151 DEBG 'start-script' stdout output:
2023-01-31 05:52:28 net_route_v4_add: 45.130.87.14/32 via 192.168.50.1 dev [NULL] table 0 metric -1
2023-01-31 05:52:28 net_route_v4_add: 0.0.0.0/1 via 10.35.12.1 dev [NULL] table 0 metric -1

2023-01-31 05:52:28,152 DEBG 'start-script' stdout output:
2023-01-31 05:52:28 net_route_v4_add: 128.0.0.0/1 via 10.35.12.1 dev [NULL] table 0 metric -1
2023-01-31 05:52:28 Initialization Sequence Completed

2023-01-31 05:52:28,159 DEBG 'start-script' stdout output:
egrep: warning: egrep is obsolescent; using grep -E

2023-01-31 05:52:29,170 DEBG 'start-script' stdout output:
egrep: warning: egrep is obsolescent; using grep -E

2023-01-31 05:52:29,182 DEBG 'start-script' stdout output:
egrep: warning: egrep is obsolescent; using grep -E

2023-01-31 05:53:14,268 DEBG 'start-script' stdout output:
[info] Attempting to get external IP using 'http://checkip.amazonaws.com'...

2023-01-31 05:53:27,402 DEBG 'start-script' stdout output:
egrep: warning: egrep is obsolescent; using grep -E

2023-01-31 05:53:27,404 DEBG 'start-script' stdout output:
[info] Failed on last attempt, attempting to get external IP using 'http://whatismyip.akamai.com'...

2023-01-31 05:53:35,813 DEBG 'start-script' stdout output:
egrep: warning: egrep is obsolescent; using grep -E

2023-01-31 05:53:35,821 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 45.130.87.13

2023-01-31 05:53:35,826 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding or VPN provider is != pia, skipping incoming port assignment

2023-01-31 05:53:35,849 DEBG 'watchdog-script' stdout output:
[info] Deluge listening interface IP 0.0.0.0 and VPN provider IP 10.35.12.2 different, marking for reconfigure

2023-01-31 05:53:35,857 DEBG 'watchdog-script' stdout output:
[info] Deluge not running

2023-01-31 05:53:35,866 DEBG 'watchdog-script' stdout output:
[info] Deluge Web UI not running

2023-01-31 05:53:35,866 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Deluge...
[info] Removing deluge pid file (if it exists)...

2023-01-31 05:53:36,348 DEBG 'watchdog-script' stdout output:
[info] Deluge key 'listen_interface' currently has a value of '10.35.12.2'
[info] Deluge key 'listen_interface' will have a new value '10.35.12.2'
[info] Writing changes to Deluge config file '/config/core.conf'...

2023-01-31 05:53:36,699 DEBG 'watchdog-script' stdout output:
[info] Deluge key 'outgoing_interface' currently has a value of 'tun0'
[info] Deluge key 'outgoing_interface' will have a new value 'tun0'
[info] Writing changes to Deluge config file '/config/core.conf'...

2023-01-31 05:53:37,339 DEBG 'watchdog-script' stdout output:
[info] Deluge key 'default_daemon' currently has an undefined value
[info] Deluge key 'default_daemon' will have a new value 'e70cd18037d941598f42937bded346f4'
[info] Writing changes to Deluge config file '/config/web.conf'...

2023-01-31 05:53:38,009 DEBG 'watchdog-script' stdout output:
[info] Deluge process started
[info] Waiting for Deluge process to start listening on port 58846...

2023-01-31 05:53:38,357 DEBG 'watchdog-script' stdout output:
[info] Deluge process listening on port 58846

2023-01-31 05:53:42,197 DEBG 'watchdog-script' stderr output:
<Deferred at 0x149932da2680 current result: None>

2023-01-31 05:53:42,301 DEBG 'watchdog-script' stdout output:
[info] No torrents with state 'Error' found

2023-01-31 05:53:42,302 DEBG 'watchdog-script' stdout output:
[info] Starting Deluge Web UI...

2023-01-31 05:53:42,302 DEBG 'watchdog-script' stdout output:
[info] Deluge Web UI started

 

Today I tried to solve this issue by:

  • Installing qbittorrent vpn docker --> Same result.
  • I tried to access deluge through deluge-console -> Everything works. VPN is up and downloading works.
  • Tried other end devices. None of them load the WebUI.
  • Checked again that the kernel modules are found in unraid. To me all looks good and no errors in startup of deluge should support that.

Only thing I'm left with is that somehow the iptables is not allowing the web access. I ain't FW pro, but to me it looks that it should allow access to 8112 to/from local network.

 

Any ideas anyone?

Link to comment
5 hours ago, binhex said:

Limetech have changed something that broke the older style support links, this has been fixed but sadly the fix cannot be pushed out to existing users

Sent from my 22021211RG using Tapatalk
 

Will the next unraid update fix this issue? if not, what are the options for existing users?

Link to comment
1 hour ago, wirenut said:

Will the next unraid update fix this issue? if not, what are the options for existing users?

Doesn't have anything to do with unraid itself, just that when you install an app from CA a local copy of the template is made as it is at that moment, and then your installed app will always refer to that. 

 

If you go search for the app in CA and open the support link from there you should have the current one. 

 

The change was on the forum, not in unraid.

Edited by Kilrah
  • Like 1
Link to comment
On 1/9/2023 at 2:20 AM, binhex said:

dont do this.

Why not...?  It does actually work, I put in a couple of /24's that seem to cover my PIA VPN's IP ranges for my region so when I'm remote as long as I'm connected to the PIA VPN (in the same region of course, I don't have all of the PIA VPN regional IPs allowed) I can actually connect to the Deluge WebUI.  If I leave this value unconfigured (or just put my actual LAN IP subnet in) I cannot access Deluge when outside of my LAN.

On 1/9/2023 at 2:20 AM, binhex said:

and def dont do this!.

It didn't work anyways...

On 1/9/2023 at 2:20 AM, binhex said:

then port forward the deluge web ui port on your router and connect using your isp's ip address.

I already have the Deluge WebUI port forwarded - I assume the VPN is not 'split-tunnel' and the Deluge WebUI and daemon both route their traffic through the VPN tunnel - which means I won't be able to access the Deluge WebUI with my ISP's IP address.  Port forwarding works for my other docker containers (IE NzbGet, Medusa, etc) - so that's why I assume the VPN in this DelugeVPN docker container is not having the traffic split properly or at all?

Edited by arrrghhh
Link to comment
On 1/31/2023 at 1:13 AM, Mainfrezzer said:

You can just change the password under "Preferences -> Interface -> WebUI" from "deluge" to leaving it blank. The pop up will still appear but you can just press login.

Thank you for that solution, but I really just don't want to even see the prompt.

 

It honestly makes no sense to me why the deluge creator even has it in there.  none of my other dockers require a separate login, so there must be some way to just remove this prompt altogether.

 

I don't know enough programming to find the cause and remove it myself.  I have to believe someone smarter than me has been annoyed by this and has 'fixed' this, but I cannot figure out how.

 

Is there some other fork that disables this?

Link to comment
37 minutes ago, JustinChase said:

Thank you for that solution, but I really just don't want to even see the prompt.

If you don't want the prompt at all you can use the thin client instead of the webui and set it to automatically connect.  Doesn't solve the  webui issue, but it's an alternative. 

Link to comment

so I came across a weird little thing

 

so I decided to run 2 instances of deluge for my own organizational ease and to try and get more download per hour ( not sure its going to work but worth a try. Essentially movies through one tv shows through the other)

 

now the issue I came to find is if I try to open two windows in firefox each with a separate gui for each of the deluge instances ( both are working downloading and operating fine ), it instantly logs out the other one. I tried it with private browsing sessions thinking maybe it was a cookie thing, Still same effect. Had another user who has multiple instances try this aswell and he had the same result. He tried with 2 different browser (chrome and braver) and it didnt kick him out of the other ..

 

Something maybe to look into or maybe a setting that needs to be changed somewhere?

Link to comment

@JustinChase i got a hack for you to try, set your deluge password to blank for the web ui, then once done left click deluge icon in unraid web ui and select 'console' then copy and paste the following into the console and execute it, then restart the container - works for me, no more prompts for password 🙂

 

sed -i -E 's~this\.passwordField\.focus\(true,300\)~this.onLogin()~g' /usr/lib/python*/site-packages/deluge/ui/web/js/deluge-all.js

 

if this works then let me know and i can make something much more elegant.

 

inspired by this post:- https://forum.deluge-torrent.org/viewtopic.php?f=7&t=54769&p=227493

Link to comment
16 minutes ago, binhex said:

@JustinChase i got a hack for you to try, set your deluge password to blank for the web ui, then once done left click deluge icon in unraid web ui and select 'console' then copy and paste the following into the console and execute it, then restart the container - works for me, no more prompts for password 🙂

 

sed -i -E 's~this\.passwordField\.focus\(true,300\)~this.onLogin()~g' /usr/lib/python*/site-packages/deluge/ui/web/js/deluge-all.js

 

if this works then let me know and i can make something much more elegant.

 

inspired by this post:- https://forum.deluge-torrent.org/viewtopic.php?f=7&t=54769&p=227493

some days i just hate computers!

 

I tried adjusting the session timeout to be about 10 years, from a terminal, using MC to navigate to and open the web.conf file.  Saved and started deluge.

 

It was "unable to connect"

 

I figured I entered too large a number.  I changed it back.

 

Deluge refuses to start.

 

I restored the web.conf.bak file and restarted, still fails to restart

 

log file says this...

2023-02-02 13:34:48,919 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'

 

I didn't change anything to do with that.  I don't remember setting it to wireguard, so i tried openvpn, still wouldn't start

 

I checked the sabnzbd docker, and it is also set to wireguard.  I changed it back in deluge, same issue.

 

ARRRGGG!!!

 

I'll troubleshoot this issue later.  I thought/hoped this would be a 10 second test.  I do not have hours to spend on this right now.

 

I'll try your solution above once I get it running normally again.

 

Thanks again for all your help!

Link to comment
18 minutes ago, JustinChase said:

log file says this...

2023-02-02 13:34:48,919 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'

that will be pia endopoint related issue, switch to another endpoint or keep trying.

Link to comment
13 minutes ago, binhex said:

that will be pia endopoint related issue, switch to another endpoint or keep trying.

I just waited a while and tried again, and both deluge and sabnzbd are running.

 

I changed the password to none, then rebooted deluge.  it didn't start right away, so I'm waiting again...

 

...wait over.

 

Your solution worked!!

 

interface came right up, no password prompt!!

 

You are awesome.

 

Wish I hadn't waited almost a decade to inquire again about it :)

Link to comment
I just waited a while and tried again, and both deluge and sabnzbd are running.
 
I changed the password to none, then rebooted deluge.  it didn't start right away, so I'm waiting again...
 
...wait over.
 
Your solution worked!!
 
interface came right up, no password prompt!!
 
You are awesome.
 
Wish I hadn't waited almost a decade to inquire again about it
Keep in mind this is a code hack so it could stop working at any time and/or break shit, the real fix is to get deluge Devs to include an option in the web ui to disable Auth

Sent from my 22021211RG using Tapatalk


Link to comment
17 hours ago, binhex said:

if this works then let me know and i can make something much more elegant.

@JustinChase well i had a little time to polish this up a bit, so i have now included the code to flip flop between turning the deluge web ui password prompt off and on again, if you wish to test this then do the following:-

  1. change the repository from 'binhex/arch-delugevpn' to 'binhex/arch-delugevpn:test-disable-prompt' (will be pushed to tag latest once confirmed working).
  2. click on 'Add another Path, Port, Variable, Label or Device' at the bottom and select 'config type' 'variable'
  3. enter 'key' of 'DELUGE_ENABLE_WEBUI_PASSWORD' and 'value' of 'no' to turn off prompt and 'yes' to turn back on.
  4. select add and then hit apply
     

note:- the default is of course 'yes', please ensure you have alternative security in place if you do set this to no.

Link to comment
On 2/1/2023 at 2:47 PM, lema said:

Today I tried to solve this issue by:

  • Installing qbittorrent vpn docker --> Same result.
  • I tried to access deluge through deluge-console -> Everything works. VPN is up and downloading works.
  • Tried other end devices. None of them load the WebUI.
  • Checked again that the kernel modules are found in unraid. To me all looks good and no errors in startup of deluge should support that.

Only thing I'm left with is that somehow the iptables is not allowing the web access. I ain't FW pro, but to me it looks that it should allow access to 8112 to/from local network.

 

Any ideas anyone?

What network type do you use?

Link to comment
2 hours ago, binhex said:

@JustinChase well i had a little time to polish this up a bit, so i have now included the code to flip flop between turning the deluge web ui password prompt off and on again, if you wish to test this then do the following:-

  1. change the repository from 'binhex/arch-delugevpn' to 'binhex/arch-delugevpn:test-disable-prompt' (will be pushed to tag latest once confirmed working).
  2. click on 'Add another Path, Port, Variable, Label or Device' at the bottom and select 'config type' 'variable'
  3. enter 'key' of 'DELUGE_ENABLE_WEBUI_PASSWORD' and 'value' of 'no' to turn off prompt and 'yes' to turn back on.
  4. select add and then hit apply
     

note:- the default is of course 'yes', please ensure you have alternative security in place if you do set this to no.

Wow, you do work fast!

 

Thank you for this.  I have made the changes and saved.  Just waiting for it to fully start to test...

 

...no luck.  unable to get json file...

[info] Adding 209.222.18.222 to /etc/resolv.conf

2023-02-03 09:13:24,327 DEBG 'start-script' stdout output:
[info] Adding 84.200.69.80 to /etc/resolv.conf

2023-02-03 09:13:24,335 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2023-02-03 09:13:24,340 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2023-02-03 09:13:24,345 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2023-02-03 09:13:24,349 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2023-02-03 09:13:24,352 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2023-02-03 09:13:24,356 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2023-02-03 09:14:10,535 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 12 retries left
[info] Retrying in 10 secs...

2023-02-03 09:14:51,604 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 11 retries left
[info] Retrying in 10 secs...

2023-02-03 09:15:32,671 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 10 retries left
[info] Retrying in 10 secs...

2023-02-03 09:16:16,739 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 9 retries left
[info] Retrying in 10 secs...

2023-02-03 09:16:57,807 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 8 retries left
[info] Retrying in 10 secs...

2023-02-03 09:17:38,879 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 7 retries left
[info] Retrying in 10 secs...

2023-02-03 09:18:22,948 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 6 retries left
[info] Retrying in 10 secs...

2023-02-03 09:19:04,016 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 5 retries left
[info] Retrying in 10 secs...

2023-02-03 09:19:42,083 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 4 retries left
[info] Retrying in 10 secs...

2023-02-03 09:20:20,150 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 3 retries left
[info] Retrying in 10 secs...

2023-02-03 09:20:58,218 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 2 retries left
[info] Retrying in 10 secs...

2023-02-03 09:21:36,286 DEBG 'start-script' stdout output:
[warn] Unable to successfully download PIA json to generate token for wireguard from URL 'https://www.privateinternetaccess.com/gtoken/generateToken'
[info] 1 retries left
[info] Retrying in 10 secs...

2023-02-03 09:21:46,289 DEBG 'start-script' stdout output:
[crit] Unable to successfully download PIA json to generate token for wireguard, exiting script...

2023-02-03 09:21:46,289 DEBG fd 10 closed, stopped monitoring <POutputDispatcher at 23208325329152 for <Subprocess at 23208325323968 with name start-script in state RUNNING> (stderr)>
2023-02-03 09:21:46,289 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 23208325329200 for <Subprocess at 23208325323968 with name start-script in state RUNNING> (stdout)>
2023-02-03 09:21:46,289 WARN exited: start-script (exit status 1; not expected)
2023-02-03 09:21:46,289 DEBG received SIGCHLD indicating a child quit

 

It had been taking several minutes to work previously, so I'm not sure if this is a new issue, or just an extension of what was already a long process.

 

I wonder if I have something else set incorrectly that it was (and still is) taking so long to get this json.

 

I'll be here for a little while still this AM, if you have more for me to test, otherwise I'll be back this afternoon, and can test then.

 

Thank you again!!

Link to comment

I noticed that parity check was still running, so I paused that (so happy this functionality was added a while back) and restarted the docker.

 

It still took a bit to get up and running.  It seems to need to obtain the json at least twice in the process, but it did successfully complete this time.

 

When I opened the GUI I saw the prompt dialog box for the briefest of time, then it disappeared, and I was into deluge without any input from me.

 

So, SUCCESS!!

 

thank you again for taking the time to do this!

Link to comment
1 hour ago, JustinChase said:

...no luck.  unable to get json file...

[info] Adding 209.222.18.222 to /etc/resolv.conf

2023-02-03 09:13:24,327 DEBG 'start-script' stdout output:
[info] Adding 84.200.69.80 to /etc/resolv.conf

yeah thats not related to my change, i would suspect again pia issue, so either wait it out or flip to another endpoint.

Link to comment
On 1/6/2023 at 7:47 AM, binhex said:

this is the issue:-

 

2023-01-06 12:42:10 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)

so for some reason your linux distro (i assume you arent a unraid user) does not have permissions to access the tunnel adapter used by openvpn, you need to investigate why this is.

 

I am running Unraid and I recently had a RAM stick go bad which corrupted my cache.  I have identified and removed the bad stick, fixed cache, and restored from CA backup.

 

All is fine EXCEPT for my delugeVPN docker.  I am back to having DNS issues with it and stumped as to what the problem could be.

 

I had changed the DNS per issues reported above and all was working find up until the restore.  I have tried several opvn files but it doesn't really make a difference because DNS isn't working.  Any ideas?

 

image.thumb.png.366225fc8679ed7768c920865d1a5ff5.png

 

image.thumb.png.b9084fd028cc7d354c91da344b5dd492.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.