[Support] binhex - DelugeVPN

[strike]

@krobson17 Or this zip which connects over TCP 443, https://www.privateinternetaccess.com/openvpn/openvpn-ip-tcp.zip if @binhex's zip doesn't do the trick ( it uses TCP 502 rather than 443). But both are definitely worth a try, I found that trying different ports and protocols made a huge difference in speed. Unfortunately, some ISP's applies caps/blocks on some ports so if it works you know why.

 

Edit: Pasted the wrong link, fixed..   

Edited September 15, 2017 by strike

[wgstarks]

3 hours ago, strike said:

@krobson17 Or this zip which connects over TCP 443, https://www.privateinternetaccess.com/openvpn/openvpn-ip-tcp.zip if @binhex's zip doesn't do the trick ( it uses TCP 502 rather than 443). But both are definitely worth a try, I found that trying different ports and protocols made a huge difference in speed. Unfortunately, some ISP's applies caps/blocks on some ports so if it works you know why.

 

Edit: Pasted the wrong link, fixed..   

Could you post some details on how to do this? I really hate monkeying around with the docker template when I don't know what I'm doing.

[strike]

Just replace the .ovpn file you have in your /config/openvpn folder with one from the zip, I always recommend the Netherlands one. Then restart the container. You shouldn't need to change anything else in the template as of recent updates the container pulls all the needed info from the .ovpn file.

[strike]

Yeah, and also the .crt and .pem files, forgot about those.. I always do since I use AirVPN I only need the .ovpn file.. :P

Edited September 15, 2017 by strike

[krobson17]

@strike @binhex

 

I will give this a shot and post back - Thank you

[wgstarks]

On 9/11/2017 at 3:18 PM, MowMdown said:

 

 

Thoughts?

 

Set "incomplete" to the cache. (Current files get saved to cache)

Set "completed" to  the array. (Finished downloads are moved to the array then seeded)

 

That way the downloads are downloading to the cache and aren't spinning up the array until the download is complete where it seeds via array disk.

 

Feasible? Sensible? Unrealistic?

@MowMdown

Thanks for this. I modified it slightly, set /incomplete to a UD mounted disk outside the array, but still the same basic idea. Finally got a chance to test a little. Grabbed a decent sized torrent with a few hundred seeders. D/l speeds peaked around 30 MB/s. Never saw them drop below 10 MB/s. Average was probably about 25 MB/s. Looks like my problems were primarily caused by too many slow writes to parity.

 

Is there a good tool for testing speeds?

[MowMdown]

Just now, wgstarks said:

@MowMdown

Thanks for this. I modified it slightly, set /incomplete to a UD mounted disk outside the array, but still the same basic idea. Finally got a chance to test a little. Grabbed a decent sized torrent with a few hundred seeders. D/l speeds peaked around 30 MB/s. Never saw them drop below 10 MB/s. Average was probably about 25 MB/s. Looks like my problems were primarily caused by too many slow writes to parity.

 

Is there a good tool for testing speeds?

 

I've been having good DL speeds on decently seeded torrents. 6.5MiB/s is about 50Mbps so that would be most of my connection. (using PIA)

[nick5429]

So I've got everything configured and set up, and am getting great download speeds through the PIA Netherlands endpoint (20+ MB/sec) -- but my upload is all-but-nonexistent.  I'm on a symmetric gigabit fiber connection (1000Mbit/sec upload and download).

 

 "Test active port" in deluge comes back with a happy little green ball.  Strict port forwarding in the container config is enabled.

 

I loaded up about 10 test torrents on 3 different private trackers with a moderate number of peers, and see zero upload (as in, not even a number shown in the 'upload' column).  Just for funsies, I pulled up a public torrent with 60 seeds and 600 leechers and downloaded the whole thing.  I have a total of 30 KB/sec upload on that torrent.

 

Something is clearly wrong here.

 

I've seen several other comments about this throughout the thread, but no resolution.  Does uploading work correctly for anyone using this with PIA??

Edited September 16, 2017 by nick5429

[PeterB]

31 minutes ago, nick5429 said:

Does uploading work correctly for anyone using this with PIA??

 

Do you mean uploading of public torrents, or are you referring specifically to private torrents?

I'm on a 50Mb/s fibre connection and I regularly see 5+MB/s uploads through the Dutch PIA server - all public torrents.  However, speeds are somewhat variable at the moment - the whole of Asia is suffering because two Pacific cables were damaged by storms, recently, off the coast of HongKong

[nick5429]

11 hours ago, PeterB said:

Do you mean uploading of public torrents, or are you referring specifically to private torrents?

 

I tried it both ways.  When I wasn't seeing any uploading on my usual private torrents, I found the most active public torrent possible as a test -- and I see virtually no upload there either

[MowMdown]

39 minutes ago, nick5429 said:

 

I tried it both ways.  When I wasn't seeing any uploading on my usual private torrents, I found the most active public torrent possible as a test -- and I see virtually no upload there either

I'm currently seeding a torrent with PIA enabled for VPN on deluge and I think its just the leeches who are not on a good connection because I have 50/50 Mbps speeds (fiber) and it peaked around 750KiB upload.

[docker4dayz]

I feel like I'm so close to getting this container set up using SlickVPN. But the container has managed to come up completely only once, and it still didn't really work. Currently, this is where I'm at. The supervisord.log seems to indicate a good start, but always ends up in some sort of loop with messages like these:

 

2017-09-17 22:43:11,828 DEBG 'start-script' stdout output:
Sun Sep 17 22:43:11 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Sep 17 22:43:11 2017 TLS Error: TLS handshake failed

 

My host can hit the internet just fine, and so can my other docker containers so I don't think network connectivity is the issue.

 

I use the following script to create my container. Just so it's clear -

• check_root.sh checks that the script is executing under root privileges
• check_service_user.sh makes sure that the user in USERNAME exists, and parses out USERID and GROUPID for use later in the script
• create_shared_directory.sh makes sure DIRECTORY exists, and if it doesn't, creates it, chowns it to the deluge user and the media group (a group all my service accounts share)

Also, ifconfig reports that my IP address is 192.168.1.230 and my netmask as 255.255.255.0, so I think I have my value for LAN_NETWORK right. 

 

 

#!/bin/bash

. ~/check_root.sh

USERNAME=deluge

VPNUSER=$1
VPNPASS=$2

. ~/check_service_user.sh

CONFIGDIR=/srv/delugevpn
OPENVPNDIR=$CONFIGDIR/openvpn
DOWNLOADSDIR=/srv/downloads/delugevpn
INCOMPLETEDIR=$DOWNLOADSDIR/incomplete
TVDIR=$DOWNLOADSDIR/tv
MOVIESDIR=$DOWNLOADSDIR/movies

DIRECTORY=$CONFIGDIR
. ~/create_shared_directory.sh
DIRECTORY=$OPENVPNDIR
. ~/create_shared_directory.sh
DIRECTORY=$DOWNLOADSDIR
. ~/create_shared_directory.sh
DIRECTORY=$INCOMPLETEDIR
. ~/create_shared_directory.sh
DIRECTORY=$TVDIR
. ~/create_shared_directory.sh
DIRECTORY=$MOVIESDIR
. ~/create_shared_directory.sh
chmod -R g+x $DOWNLOADSDIR

echo Downloading SlickVPN config to $OPENVPNDIR
curl https://files-slickvpn.netdna-ssl.com/config_files/SlickVPN.ovpn > $OPENVPNDIR/SlickVPN.ovpn
chown $USERNAME:media $OPENVPNDIR/SlickVPN.ovpn

echo Creating Deluge+OpenVPN+Privoxy Docker container with user: $USERNAME[uid=$USERID,gid=$GROUPID]
	
docker run --restart=always \
	-d \
    --cap-add=NET_ADMIN \
    --name=delugevpn \
	-p 9905:8112 \
    -p 9906:8118 \
    -p 58846:58846 \
    -p 58946:58946 \
    -v $DOWNLOADSDIR:/data \
    -v $CONFIGDIR:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=$VPNUSER \
    -e VPN_PASS=$VPNPASS \
    -e VPN_PROV=custom \
    -e ENABLE_PRIVOXY=yes \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4 \
    -e DEBUG=true \
    -e PGID=$GROUPID \
	-e PUID=$USERID \
    binhex/arch-delugevpn

Anyone have an idea of what I'm doing wrong?

supervisord.log

SlickVPN.ovpn

Edited September 18, 2017 by docker4dayz
Added SlickVPN.ovpn

[binhex]

2 hours ago, docker4dayz said:

I feel like I'm so close to getting this container set up using SlickVPN. But the container has managed to come up completely only once, and it still didn't really work. Currently, this is where I'm at. The supervisord.log seems to indicate a good start, but always ends up in some sort of loop with messages like these:

 

2017-09-17 22:43:11,828 DEBG 'start-script' stdout output:
Sun Sep 17 22:43:11 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Sep 17 22:43:11 2017 TLS Error: TLS handshake failed

 

My host can hit the internet just fine, and so can my other docker containers so I don't think network connectivity is the issue.

 

I use the following script to create my container. Just so it's clear -

• check_root.sh checks that the script is executing under root privileges
• check_service_user.sh makes sure that the user in USERNAME exists, and parses out USERID and GROUPID for use later in the script
• create_shared_directory.sh makes sure DIRECTORY exists, and if it doesn't, creates it, chowns it to the deluge user and the media group (a group all my service accounts share)

Also, ifconfig reports that my IP address is 192.168.1.230 and my netmask as 255.255.255.0, so I think I have my value for LAN_NETWORK right. 

 

 

#!/bin/bash

. ~/check_root.sh

USERNAME=deluge

VPNUSER=$1
VPNPASS=$2

. ~/check_service_user.sh

CONFIGDIR=/srv/delugevpn
OPENVPNDIR=$CONFIGDIR/openvpn
DOWNLOADSDIR=/srv/downloads/delugevpn
INCOMPLETEDIR=$DOWNLOADSDIR/incomplete
TVDIR=$DOWNLOADSDIR/tv
MOVIESDIR=$DOWNLOADSDIR/movies

DIRECTORY=$CONFIGDIR
. ~/create_shared_directory.sh
DIRECTORY=$OPENVPNDIR
. ~/create_shared_directory.sh
DIRECTORY=$DOWNLOADSDIR
. ~/create_shared_directory.sh
DIRECTORY=$INCOMPLETEDIR
. ~/create_shared_directory.sh
DIRECTORY=$TVDIR
. ~/create_shared_directory.sh
DIRECTORY=$MOVIESDIR
. ~/create_shared_directory.sh
chmod -R g+x $DOWNLOADSDIR

echo Downloading SlickVPN config to $OPENVPNDIR
curl https://files-slickvpn.netdna-ssl.com/config_files/SlickVPN.ovpn > $OPENVPNDIR/SlickVPN.ovpn
chown $USERNAME:media $OPENVPNDIR/SlickVPN.ovpn

echo Creating Deluge+OpenVPN+Privoxy Docker container with user: $USERNAME[uid=$USERID,gid=$GROUPID]
	
docker run --restart=always \
	-d \
    --cap-add=NET_ADMIN \
    --name=delugevpn \
	-p 9905:8112 \
    -p 9906:8118 \
    -p 58846:58846 \
    -p 58946:58946 \
    -v $DOWNLOADSDIR:/data \
    -v $CONFIGDIR:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=$VPNUSER \
    -e VPN_PASS=$VPNPASS \
    -e VPN_PROV=custom \
    -e ENABLE_PRIVOXY=yes \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=208.67.222.222,208.67.220.220,8.8.8.8,8.8.4.4 \
    -e DEBUG=true \
    -e PGID=$GROUPID \
	-e PUID=$USERID \
    binhex/arch-delugevpn

Anyone have an idea of what I'm doing wrong?

supervisord.log

SlickVPN.ovpn

 

ok ive taken a look at your log and it looks like for whatever reason that your host/container cannot connect to the endpoint, and thus the timeout, everything else looks fine, so my only thoughts at the moment are:-

 

1. do you have a firewall on your host?, if so try temporarily disabling this to see if you can then connect, if so investigate rules

2. do you have iptables turned on for docker engine?, by default i think this is turned on for ubuntu and will block.

3. possibly your isp is blocking certain vpn providers?, only way to know if this is the cause is to try another provider

 

 

[docker4dayz]

Ok, so my username belies my actual experience. I'm using this project to teach myself docker, bash scripting, and general linux server setup. But lemme see if I can respond to your above thoughts with what you need.

 

Quote

1. do you have a firewall on your host?, if so try temporarily disabling this to see if you can then connect, if so investigate rules

2. do you have iptables turned on for docker engine?, by default i think this is turned on for ubuntu and will block.

So, here's the output of sudo iptables -L. Comparing this to what Ubuntu's Iptables How-To says is the default after a clean install, it does seem that I am running rules that are beyond what you get with a clean Ubuntu server install. I don't know what made that happen. Not really sure how disable these rules.

Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
DOCKER-USER  all  --  anywhere             anywhere
DOCKER-ISOLATION  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain DOCKER (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             172.17.0.2           tcp dpt:8989
ACCEPT     tcp  --  anywhere             172.17.0.3           tcp dpt:5075
ACCEPT     tcp  --  anywhere             172.17.0.4           tcp dpt:7878
ACCEPT     tcp  --  anywhere             172.17.0.6           tcp dpt:8181
ACCEPT     tcp  --  anywhere             172.17.0.8           tcp dpt:9090
ACCEPT     tcp  --  anywhere             172.17.0.8           tcp dpt:http-alt
ACCEPT     tcp  --  anywhere             172.17.0.5           tcp dpt:32469
ACCEPT     udp  --  anywhere             172.17.0.5           udp dpt:32414
ACCEPT     udp  --  anywhere             172.17.0.5           udp dpt:32413
ACCEPT     udp  --  anywhere             172.17.0.5           udp dpt:32412
ACCEPT     udp  --  anywhere             172.17.0.5           udp dpt:32410
ACCEPT     tcp  --  anywhere             172.17.0.5           tcp dpt:32400
ACCEPT     tcp  --  anywhere             172.17.0.5           tcp dpt:8324
ACCEPT     tcp  --  anywhere             172.17.0.5           tcp dpt:3005
ACCEPT     udp  --  anywhere             172.17.0.5           udp dpt:1900

Chain DOCKER-ISOLATION (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain DOCKER-USER (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

 

Quote

3. possibly your isp is blocking certain vpn providers?, only way to know if this is the cause is to try another provider

Pretty sure this is not the case. I was able to use the SlickVPN Windows client on my laptop on my network without issue.

 

 

 

EDIT: Well, I seem to have resolved the issue. It was the SlickVPN server I was connecting to. Turns out that the .ovpn file they tell you to download for Linux usage points to their Miami servers. I bet they were knocked out by the hurricane, hence the connection issues. I switched to another server from the list in the Windows client, and it connected with zero issues. And I verified it working using the "Check my torrent IP" torrent that TorGuard provides.

 

Thanks for your help though. It's much appreciated!

Edited September 19, 2017 by docker4dayz
I solved it!

[revilo951]

Is there something wrong with me, or this plugin?

 

I'm trying to set it up using spaceinvaderone's guide, (I have PIA), but the docker won't install whenever I try and use the VPN settings. When I try it with the VPN settings, it installs just fine. Any pointers?

[Guest]

7 minutes ago, revilo951 said:

Is there something wrong with me, or this plugin?

 

I'm trying to set it up using spaceinvaderone's guide, (I have PIA), but the docker won't install whenever I try and use the VPN settings. When I try it with the VPN settings, it installs just fine. Any pointers?

 

Spaceinvader one will be uploading a new deluge vpn video soon so that should help

I also am having issues, deluge vpn works fine without vpn, with vpn wont show the web gui

I have downloaded the ovpn from PIA and put the netherlands.ovpn and the crt and pem files in the config folder (also renamed them as deluge seemed to want a specific file name)

 

Dont think its the vpn because transmission vpn works fine

 

Any thoughts deluge gurus?

 

Cheers

[binhex]

@revilo951 @antaresuk as you correctly identified i have changed things around a bit (sorry @gridrunner more work for you) and thus we need a refresh of the excellent spaceinvader video, in the meantime i have written up a newbie guide which can be found in the link below (look for the newbie heading):-

 

https://forums.lime-technology.com/topic/44108-support-binhex-general/

 

 

[revilo951]

[mention=76129]revilo951[/mention] [mention=71798]antaresuk[/mention] as you correctly identified i have changed things around a bit (sorry [mention=67288]gridrunner[/mention] more work for you) and thus we need a refresh of the excellent spaceinvader video, in the meantime i have written up a newbie guide which can be found in the link below (look for the newbie heading):-
 
https://forums.lime-technology.com/topic/44108-support-binhex-general/
 
 

I see, I'll check out the guide. Thanks!

Sent from my SM-G935F using Tapatalk

[SpaceInvaderOne]

1 hour ago, binhex said:

@revilo951 @antaresuk as you correctly identified i have changed things around a bit (sorry @gridrunner more work for you) and thus we need a refresh of the excellent spaceinvader video, in the meantime i have written up a newbie guide which can be found in the link below (look for the newbie heading):-

 

https://forums.lime-technology.com/topic/44108-support-binhex-general/

 

 

@binhex lol, damn you and always  improving these great containers !!   Should have the new guide video up by the weekend but I'm off to EGX 2017 on Thursday, so weekend may be Sunday night...well that's still the weekend 

Edited September 19, 2017 by gridrunner

[revilo951]

@binhex

 

I've got the docker running now, but can't access the web UI. Here's the last part of the container's log - don't know if it's trying to tell me I have incorrect creds, but I don't think so:

 

Quote

2017-09-19 20:35:28,963 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --cd /config/openvpn --config '/config/openvpn/Netherlands.ovpn' --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --keepalive 10 60 --setenv VPN_PROV 'pia' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun' --setenv VPN_REMOTE 'nl.privateinternetaccess.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --setenv STRICT_PORT_FORWARD 'yes' --disable-occ --auth-user-pass credentials.conf 'nl.privateinternetaccess.com'

2017-09-19 20:35:28,963 DEBG 'start-script' stdout output:
[info] Starting OpenVPN...

2017-09-19 20:35:28,977 DEBG 'start-script' stdout output:
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.1)
Use --help for more information.

2017-09-19 20:35:28,978 DEBG 'start-script' stdout output:
[info] OpenVPN started

2017-09-19 20:35:28,979 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

 

 

I also had a fairly obscure character in my password, I've since changed it, just in case. Didn't help though.

 

Thanks for your help, and some great containers!

Edited September 19, 2017 by revilo951

[binhex]

3 minutes ago, revilo951 said:

@binhex

 

I've got the docker running now, but can't access the web UI. Here's the last part of the container's log - don't know if it's trying to tell me I have incorrect creds, but I don't think so:

 

 

I also had a fairly obscure character in my password, I've since changed it, just in case. Didn't help though.

 

Thanks for your help, and some great containers!

 

remove everything you have as a value for VPN_OPTIONS (its in the guide).

[revilo951]

@binhex

 

Duh!

 

Thanks. I had missed the .pem file too.

 

Do you use bitcoin? I'd like to buy you a coffee.

[binhex]

13 minutes ago, revilo951 said:

@binhex

 

Duh!

 

Thanks. I had missed the .pem file too.

 

Do you use bitcoin? I'd like to buy you a coffee.

 

i don't use bitcoin but i do take paypal donations (see OP), glad you got it sorted.

[revilo951]

Thanks for your help, and keep up the good work. Enjoy your coffee!

Sent from my SM-G935F using Tapatalk

[Guest]

i redownloaded the crt and pem files, i had the wrong ones. Still no webui, though no errors in the log:

 

2017-09-19 05:41:56,265 DEBG 'start-script' stdout output:
Tue Sep 19 05:41:56 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2017-09-19 05:41:56,266 DEBG 'start-script' stdout output:
Tue Sep 19 05:41:56 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]104.238.169.62:502
Tue Sep 19 05:41:56 2017 Attempting to establish TCP connection with [AF_INET]104.238.169.62:502 [nonblock]

2017-09-19 05:41:57,266 DEBG 'start-script' stdout output:
Tue Sep 19 05:41:57 2017 TCP connection established with [AF_INET]104.238.169.62:502
Tue Sep 19 05:41:57 2017 TCP_CLIENT link local: (not bound)
Tue Sep 19 05:41:57 2017 TCP_CLIENT link remote: [AF_INET]104.238.169.62:502

2017-09-19 05:41:57,471 DEBG 'start-script' stdout output:
Tue Sep 19 05:41:57 2017 [1cdbd24fdb7545d6583dded0148fa09a] Peer Connection Initiated with [AF_INET]104.238.169.62:502

2017-09-19 05:41:58,603 DEBG 'start-script' stdout output:
Tue Sep 19 05:41:58 2017 AUTH: Received control message: AUTH_FAILED

2017-09-19 05:41:58,604 DEBG 'start-script' stdout output:
Tue Sep 19 05:41:58 2017 SIGTERM[soft,auth-failure] received, process exiting

 

I tried two different PIA ovpn files, london & netherlands.

 

Any suggestions please?

 

Cheers