[Support] binhex - DelugeVPN


Recommended Posts

All this stuff you have changed for PIA has hosed the AirVpn setup.

Decided to come back to deluge as I was tired of rtorrent crashing once a day and having to wipe the session dir and reseed everything

But now I cant even get AirVPN/OpenVPN to work - its hollaring about PIA port 1198 - I dont use that, in the past all I had to do was select AirVPN as the vpn source and put my file in the openvpn dir

 

:(

Myk

Link to comment

usermod: no changes
[info] Env var PUID defined as 99
[info] Env var PGID defined as 100
[info] Permissions already set for /config and /data
[info] Starting Supervisor...
2016-07-14 18:13:07,667 CRIT Set uid to user 0
2016-07-14 18:13:07,667 INFO Included extra file "/etc/supervisor/conf.d/delugevpn.conf" during parsing
2016-07-14 18:13:07,669 INFO supervisord started with pid 19
2016-07-14 18:13:08,671 INFO spawned: 'start-script' with pid 22
2016-07-14 18:13:08,672 INFO spawned: 'webui-script' with pid 23
2016-07-14 18:13:08,673 INFO spawned: 'deluge-script' with pid 24
2016-07-14 18:13:08,674 INFO spawned: 'privoxy-script' with pid 25
2016-07-14 18:13:08,680 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2016-07-14 18:13:08,680 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 INFO success: webui-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 INFO success: deluge-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 DEBG 'deluge-script' stdout output:
[info] deluge config file already exists, skipping copy

2016-07-14 18:13:08,681 DEBG 'deluge-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:13:08,682 DEBG 'privoxy-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:13:08,688 DEBG 'start-script' stdout output:
[info] VPN provider defined as airvpn
[info] VPN config file (ovpn extension) is located at /config/openvpn/AirVPN_Canada_UDP-443.ovpn

2016-07-14 18:13:08,689 DEBG 'start-script' stdout output:
[info] Env vars defined via docker -e flags for remote host, port and protocol, writing values to ovpn file...

2016-07-14 18:13:08,697 DEBG 'start-script' stdout output:
[info] VPN provider remote gateway defined as nl.privateinternetaccess.com
[info] VPN provider remote port defined as 1198

2016-07-14 18:13:08,697 DEBG 'start-script' stdout output:
[info] VPN provider remote protocol defined as udp

2016-07-14 18:13:08,711 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2016-07-14 18:13:08,716 DEBG 'start-script' stdout output:
[info] Setting permissions recursively on /config/openvpn...

2016-07-14 18:13:08,722 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via docker eth0

2016-07-14 18:13:08,722 DEBG 'start-script' stdout output:
[info] ip route defined as follows...

2016-07-14 18:13:08,722 DEBG 'start-script' stdout output:
--------------------

2016-07-14 18:13:08,723 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0

2016-07-14 18:13:08,723 DEBG 'start-script' stdout output:
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.1.0/24 via 172.17.0.1 dev eth0
--------------------

2016-07-14 18:13:08,725 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2016-07-14 18:13:08,748 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2016-07-14 18:13:08,748 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
--------------------

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
[info] nameservers

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
nameserver 8.8.8.8
nameserver 8.8.4.4

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
--------------------
[info] Starting OpenVPN...

2016-07-14 18:13:08,751 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 OpenVPN 2.3.11 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 12 2016
Thu Jul 14 18:13:08 2016 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09

2016-07-14 18:13:08,752 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 Control Channel Authentication: tls-auth using INLINE static key file

2016-07-14 18:13:08,752 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 14 18:13:08 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 14 18:13:08 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]

2016-07-14 18:13:08,824 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 UDPv4 link local: [undef]
Thu Jul 14 18:13:08 2016 UDPv4 link remote: [AF_INET]46.166.188.216:1198

2016-07-14 18:13:09,000 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:09 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:09 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:10,418 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:10 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:10 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:10,418 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:10 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:10 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:14,325 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:14 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:14 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:22,303 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:22 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:22 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

over and over and over

 

Link to comment

usermod: no changes
[info] Env var PUID defined as 99
[info] Env var PGID defined as 100
[info] Permissions already set for /config and /data
[info] Starting Supervisor...
2016-07-14 18:13:07,667 CRIT Set uid to user 0
2016-07-14 18:13:07,667 INFO Included extra file "/etc/supervisor/conf.d/delugevpn.conf" during parsing
2016-07-14 18:13:07,669 INFO supervisord started with pid 19
2016-07-14 18:13:08,671 INFO spawned: 'start-script' with pid 22
2016-07-14 18:13:08,672 INFO spawned: 'webui-script' with pid 23
2016-07-14 18:13:08,673 INFO spawned: 'deluge-script' with pid 24
2016-07-14 18:13:08,674 INFO spawned: 'privoxy-script' with pid 25
2016-07-14 18:13:08,680 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2016-07-14 18:13:08,680 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 INFO success: webui-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 INFO success: deluge-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:13:08,680 DEBG 'deluge-script' stdout output:
[info] deluge config file already exists, skipping copy

2016-07-14 18:13:08,681 DEBG 'deluge-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:13:08,682 DEBG 'privoxy-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:13:08,688 DEBG 'start-script' stdout output:
[info] VPN provider defined as airvpn
[info] VPN config file (ovpn extension) is located at /config/openvpn/AirVPN_Canada_UDP-443.ovpn

2016-07-14 18:13:08,689 DEBG 'start-script' stdout output:
[info] Env vars defined via docker -e flags for remote host, port and protocol, writing values to ovpn file...

2016-07-14 18:13:08,697 DEBG 'start-script' stdout output:
[info] VPN provider remote gateway defined as nl.privateinternetaccess.com
[info] VPN provider remote port defined as 1198

2016-07-14 18:13:08,697 DEBG 'start-script' stdout output:
[info] VPN provider remote protocol defined as udp

2016-07-14 18:13:08,711 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2016-07-14 18:13:08,716 DEBG 'start-script' stdout output:
[info] Setting permissions recursively on /config/openvpn...

2016-07-14 18:13:08,722 DEBG 'start-script' stdout output:
[info] Adding 192.168.1.0/24 as route via docker eth0

2016-07-14 18:13:08,722 DEBG 'start-script' stdout output:
[info] ip route defined as follows...

2016-07-14 18:13:08,722 DEBG 'start-script' stdout output:
--------------------

2016-07-14 18:13:08,723 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0

2016-07-14 18:13:08,723 DEBG 'start-script' stdout output:
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2
192.168.1.0/24 via 172.17.0.1 dev eth0
--------------------

2016-07-14 18:13:08,725 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2016-07-14 18:13:08,748 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2016-07-14 18:13:08,748 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
--------------------

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
[info] nameservers

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
nameserver 8.8.8.8
nameserver 8.8.4.4

2016-07-14 18:13:08,749 DEBG 'start-script' stdout output:
--------------------
[info] Starting OpenVPN...

2016-07-14 18:13:08,751 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 OpenVPN 2.3.11 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 12 2016
Thu Jul 14 18:13:08 2016 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09

2016-07-14 18:13:08,752 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 Control Channel Authentication: tls-auth using INLINE static key file

2016-07-14 18:13:08,752 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 14 18:13:08 2016 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Thu Jul 14 18:13:08 2016 Socket Buffers: R=[212992->212992] S=[212992->212992]

2016-07-14 18:13:08,824 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:08 2016 UDPv4 link local: [undef]
Thu Jul 14 18:13:08 2016 UDPv4 link remote: [AF_INET]46.166.188.216:1198

2016-07-14 18:13:09,000 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:09 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:09 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:10,418 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:10 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:10 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:10,418 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:10 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:10 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:14,325 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:14 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:14 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

2016-07-14 18:13:22,303 DEBG 'start-script' stdout output:
Thu Jul 14 18:13:22 2016 TLS: Initial packet from [AF_INET]46.166.188.216:1198, sid=8051c536 9a2b907b
Thu Jul 14 18:13:22 2016 TLS Error: cannot locate HMAC in incoming packet from [AF_INET]46.166.188.216:1198

over and over and over

 

hi MyKroFt, ok so as part of the strong certs work i remove some messy code that parsed the ovpn file, this was originally put in there as a way of capturing the remote endpoint, port and protocol, i later on then moved onto allowing people to specify this via environment variable, this gives the user the flexibility to switch endpoint without having to redownload the ovpn file, as all ovpn settings are typically common for all endpoints except for the remote endpoint fqdn. so with this removed your falling foul of this, as it looks like you havent configured this docker container correctly, see below for the problem in a nutshell:-

 

2016-07-14 18:13:08,697 DEBG 'start-script' stdout output:
[info] VPN provider remote gateway defined as nl.privateinternetaccess.com
[info] VPN provider remote port defined as 1198

2016-07-14 18:13:08,697 DEBG 'start-script' stdout output:
[info] VPN provider remote protocol defined as udp

 

so to correct this, go to unraid webui, left click the container, select edit now the important bit, click on "advanced view" at the top right, this will show you all settings for this docker, including the important env vars. so now simply edit these with the correct values for airvpn, then click save at the bottom, example settings shown below for airvpn netherlands endpoint:-

 

VPN_REMOTE=nl.vpn.airdns.org

VPN_PORT=443 \

VPN_PROTOCOL=udp

 

a similar issue with rtorrent, will respond in that thread.

Link to comment

Just want to ask a quick question in regards the new port change for pia.

 

What is likely to happen or fail should I say if I go back to using port 1194?

 

My poor CPU is maxing out at 99% with the new encryption.

 

i cant say for sure, but i would expect PIA to sunset that port shortly, meaning you wont be able to connect, now it might take them a few days, it might take them a few months, tricky to say.

 

interesting feedback regards your cpu usage btw!, approx what level was it running at previously?

Link to comment

So I tried to go back to my original certs and now the docker overwrites the openvpn folder each boot clobbering the tcp certs (I believe this is a result of the new STRONG_CERTS variable.

 

I had to change my provider to "custom" and move my certs back to get it up on TCP/443.

 

I know my use case is a bit of an edge case because my ISP is a arse, but I appreciate the help.

 

i wonder if the certs are different depending on whether you choose tcp or udp, i wasnt really expecting them to be, but it might be the case, let me do some md5 checks, i will get back to you.

 

p.s changing the name of the ovpn file to "custom.ovpn" will prevent the overwrite.

Link to comment
hi MyKroFt, ok so as part of the strong certs work i remove some messy code that parsed the ovpn file, this was originally put in there as a way of capturing the remote endpoint, port and protocol, i later on then moved onto allowing people to specify this via environment variable, this gives the user the flexibility to switch endpoint without having to redownload the ovpn file, as all ovpn settings are typically common for all endpoints except for the remote endpoint fqdn. so with this removed your falling foul of this, as it looks like you havent configured this docker container correctly, see below for the problem in a nutshell:-

 

Then the vpn providor selection needs to be removed - it is very missleading as all the recent posts state for PIA users nothing for AirVPN as when that was selected over rode all the manual options which I just left as is and it ignored and used the config file downloaded from AirVPN.

 

You have made this 10 times harder for newer vpn users that dont know about all the other stuff and just wanted it to work like it used to.

 

I will have to go thru all this and reconfigure all my vpn templates from scratch when I get home from work today.

 

Myk

Link to comment

Then the vpn providor selection needs to be removed - it is very missleading as all the recent posts state for PIA users nothing for AirVPN as when that was selected over rode all the manual options which I just left as is and it ignored and used the config file downloaded from AirVPN.

 

the vpn provider is still required, if the provider is set to pia then i copy the ovpn and certs over, if airvpn is selected then i dont pass through authentication from text file (done via ovpn), if custom selected then i do pass authentication via text file but do not copy ovpn and certs (user supplied).

 

You have made this 10 times harder for newer vpn users that dont know about all the other stuff and just wanted it to work like it used to.

 

im sorry you feel like that but i disagree, the settings are visible in the unraid webui, the only thing that might be argued as marking it "harder" is the fact you need to know the endpoint fqdn, i dont think configuring 3 additional fields will cause anybody too much pain and misery, most people on here are doing just that. the plus to this is that you can basically switch to any endpoint you want without having to download the ovpn, simply change the VPN_REMOTE value and your done.

 

if this just seems plain wrong to you and causing you restless sleep then please go ahead and fork my code and create your own docker images, its all on github, im not forcing anybody to use what ive produced.

 

I will have to go thru all this and reconfigure all my vpn templates from scratch when I get home from work today.

 

you dont need to reconfigure from "scratch", just click on the "my template" from the dropdown and add in the missing values, click save and your done, should take you no longer than 2 mins per  container tops.

Link to comment

So I tried to go back to my original certs and now the docker overwrites the openvpn folder each boot clobbering the tcp certs (I believe this is a result of the new STRONG_CERTS variable.

 

I had to change my provider to "custom" and move my certs back to get it up on TCP/443.

 

I know my use case is a bit of an edge case because my ISP is a arse, but I appreciate the help.

 

i wonder if the certs are different depending on whether you choose tcp or udp, i wasnt really expecting them to be, but it might be the case, let me do some md5 checks, i will get back to you.

 

p.s changing the name of the ovpn file to "custom.ovpn" will prevent the overwrite.

 

hmm ok its not the certs, md5 checksum matches for udp and tcp (both default and strong) so its not that, i wonder if pia just have an issue right now with tcp connections with their new certs and encryption ciphers, worth a look on their forum perhaps?.

Link to comment

So I tried to go back to my original certs and now the docker overwrites the openvpn folder each boot clobbering the tcp certs (I believe this is a result of the new STRONG_CERTS variable.

 

I had to change my provider to "custom" and move my certs back to get it up on TCP/443.

 

I know my use case is a bit of an edge case because my ISP is a arse, but I appreciate the help.

 

i wonder if the certs are different depending on whether you choose tcp or udp, i wasnt really expecting them to be, but it might be the case, let me do some md5 checks, i will get back to you.

 

p.s changing the name of the ovpn file to "custom.ovpn" will prevent the overwrite.

 

hmm ok its not the certs, md5 checksum matches for udp and tcp (both default and strong) so its not that, i wonder if pia just have an issue right now with tcp connections with their new certs and encryption ciphers, worth a look on their forum perhaps?.

 

I'll see what I can find there.

 

I did try the tcp certs from their site and opened the ovpn file to check on ports etc. Configured the docker with the same settings and no go. I think it has to do with the AES vs BF decipher as that's the error that pops up.

 

Going back to TCP/443 w/ the old certs everything works fine so that's what I'll use in the mean time.

 

I'll let you know if I find anything on their forums.

Link to comment

So I tried to go back to my original certs and now the docker overwrites the openvpn folder each boot clobbering the tcp certs (I believe this is a result of the new STRONG_CERTS variable.

 

I had to change my provider to "custom" and move my certs back to get it up on TCP/443.

 

I know my use case is a bit of an edge case because my ISP is a arse, but I appreciate the help.

 

i wonder if the certs are different depending on whether you choose tcp or udp, i wasnt really expecting them to be, but it might be the case, let me do some md5 checks, i will get back to you.

 

p.s changing the name of the ovpn file to "custom.ovpn" will prevent the overwrite.

 

hmm ok its not the certs, md5 checksum matches for udp and tcp (both default and strong) so its not that, i wonder if pia just have an issue right now with tcp connections with their new certs and encryption ciphers, worth a look on their forum perhaps?.

 

I'll see what I can find there.

 

I did try the tcp certs from their site and opened the ovpn file to check on ports etc. Configured the docker with the same settings and no go. I think it has to do with the AES vs BF decipher as that's the error that pops up.

 

Going back to TCP/443 w/ the old certs everything works fine so that's what I'll use in the mean time.

 

I'll let you know if I find anything on their forums.

 

ok cool, if it is an issue at pia's end then i would expect it to get sorted fairly quickly.

Link to comment

Seems like PIA might have borked some of the ovpn files.

 

 

Several people are reporting issues with the new ovpn-files (both the regular and strong config). Myself and others have had success with editing the ovpn-files and changing he cipher and auth settings to uppercase, before importing the file:

 

cipher AES-256-CBC

auth SHA256

Link to comment

Seems like PIA might have borked some of the ovpn files.

 

 

Several people are reporting issues with the new ovpn-files (both the regular and strong config). Myself and others have had success with editing the ovpn-files and changing he cipher and auth settings to uppercase, before importing the file:

 

cipher AES-256-CBC

auth SHA256

 

good catch!, so is this for tcp and udp (and default and strong variants?).

Link to comment

Seems like PIA might have borked some of the ovpn files.

 

 

Several people are reporting issues with the new ovpn-files (both the regular and strong config). Myself and others have had success with editing the ovpn-files and changing he cipher and auth settings to uppercase, before importing the file:

 

cipher AES-256-CBC

auth SHA256

 

good catch!, so is this for tcp and udp (and default and strong variants?).

 

That's my undestanding (all certs since July 12).

 

To add to this, apparently there was a delay in updating the actual servers to use the new certs as well.

 

Some servers are still using BF-CBC instead of AES-128-CBC (for default certs).

 

See here for details: https://www.privateinternetaccess.com/forum/discussion/21782/mismatch-config-client-and-server

Link to comment

Seems like PIA might have borked some of the ovpn files.

 

 

Several people are reporting issues with the new ovpn-files (both the regular and strong config). Myself and others have had success with editing the ovpn-files and changing he cipher and auth settings to uppercase, before importing the file:

 

cipher AES-256-CBC

auth SHA256

 

good catch!, so is this for tcp and udp (and default and strong variants?).

 

That's my undestanding (all certs since July 12).

 

To add to this, apparently there was a delay in updating the actual servers to use the new certs as well.

 

Some servers are still using BF-CBC instead of AES-128-CBC (for default certs).

 

See here for details: https://www.privateinternetaccess.com/forum/discussion/21782/mismatch-config-client-and-server

 

hmm ugly!, ok is there any way you can try and test the uppercase fix, if it looks good i can at least alter this so we are good to go once PIA get their bits updated.

Link to comment

Is it possible to assign multiple data locations on this docker? I want to have an incomplete downloads share where the files download to that is cache only, and then when it's complete, i want them to move to a Downloads share that is on the array.

 

My cache is only a 500GB SSD, and i'm running 75-90% full at all times due to files, so I want to separate them off to the array to alleviate this issue. I want to make sure that it doesn't invoke the mover on a file that is currently in process of downloading though..

 

Thanks a bunch! Awesome docker!

Link to comment

Is it possible to assign multiple data locations on this docker? I want to have an incomplete downloads share where the files download to that is cache only, and then when it's complete, i want them to move to a Downloads share that is on the array.

 

My cache is only a 500GB SSD, and i'm running 75-90% full at all times due to files, so I want to separate them off to the array to alleviate this issue. I want to make sure that it doesn't invoke the mover on a file that is currently in process of downloading though..

 

Thanks a bunch! Awesome docker!

Yes, just select two different directories for incomplete and complete downloads within the docker itself

Link to comment

So I'll essentially have two lines for /data in the docker config?

 

/data -> /mnt/user/Downloads

/data -> /mnt/user/Incomplete-Downloads

 

?

 

Also, unrelated but just happened:

 

I just updated my docker, which was working perfectly, but now it's unable to load for me... log gives me these errors:

 

2016-07-15 15:39:57,119 DEBG 'start-script' stdout output:

Fri Jul 15 15:39:55 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]

Fri Jul 15 15:39:55 2016 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed

Fri Jul 15 15:39:55 2016 TLS_ERROR: BIO read tls_read_plaintext error

Fri Jul 15 15:39:55 2016 TLS Error: TLS object -> incoming plaintext read error

Fri Jul 15 15:39:55 2016 TLS Error: TLS handshake failed

Fri Jul 15 15:39:55 2016 SIGUSR1[soft,tls-error] received, process restarting

Link to comment
Guest dranani

I just logged back into my server and updated my PIA credentials as they have recently expired. I haven't touched deluge in over a month until now and now after the new credentials have been put in it's not allowing me to get into the docker.

 

I'll be honest that I've tried to read the last few pages of this thread to see if my question was answered there but a lot of it is going over my head as I still don't have all of this down very well.

 

If you need anymore info let me know.

Link to comment

I just logged back into my server and updated my PIA credentials as they have recently expired. I haven't touched deluge in over a month until now and now after the new credentials have been put in it's not allowing me to get into the docker.

 

I'll be honest that I've tried to read the last few pages of this thread to see if my question was answered there but a lot of it is going over my head as I still don't have all of this down very well.

 

If you need anymore info let me know.

 

I just posted the same issue (I believe) right above you. Something about the latest version of the docker doesn't allow it to connect to PIA so it shuts down the access to protect your identity.

Link to comment
Guest dranani

I just logged back into my server and updated my PIA credentials as they have recently expired. I haven't touched deluge in over a month until now and now after the new credentials have been put in it's not allowing me to get into the docker.

 

I'll be honest that I've tried to read the last few pages of this thread to see if my question was answered there but a lot of it is going over my head as I still don't have all of this down very well.

 

If you need anymore info let me know.

 

I just posted the same issue (I believe) right above you. Something about the latest version of the docker doesn't allow it to connect to PIA so it shuts down the access to protect your identity.

Yupp, that is my exact issue. Down to the log and everything
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.