[Support] binhex - DelugeVPN


Recommended Posts

2 minutes ago, mrlionman said:

I am running a fortinet firewall.  However I have removed all restrictions on outbound and inbound traffic for my unraid server.  btw I downloaded the windows PIA client and installed it on a machine and it connects just fine behind my firewall.

 

how are you defining outbound "traffic for my unraid server" if its via src ip range 192.168.0.xxx then this could your issue, as the src ip range for a docker container running in bridge mode (which is what this container will be running as) will be 172.17.0.0/16 by default, maybe you need to include this range as well?, if it's not this or you try it and it doesn't work then i'm afraid this is pretty much my last idea, will have to chalk this up to something on your network/isp causing the issue.

Link to comment

Ive been using your DelugeVPN Docker for about 8-9 months, When i notice that none of the torrents was downloading. So checked console, and for some reason VPN keep connecting & disconnecting. I seen that i was running a outdated version (Deluge was 1.3.14 or 1.3.13 cant remember), thinking that maybe the problem (a bug with that version that i have not experienced before now?) So i took screenshots of Docker conf., removed docker and reinstall with the newest version (1.3.15+2+g38d7b7cdf-1-12) reentered all config setting. And started docker UP. Same thing VPN keeps connecting then disconnecting. but this time i cant even connect to deluge webui (i was able to before the upgrade even with vpn acting up). So maybe that VPN Server acting up? tryed 3 more servers (endpoints) still the samething even tryed 2 more servers with different ports (was using 433 so tryed 53, 1194) I'm a (mid grade) noob when it comes to linux/docker so that was all the basic troubleshooting i did. Im hoping you can help me out.

 

Server Notes

Running on Qnap 4.3.4.0370 Build 20171103

Bridge Mode

Container ip/subnet 192.168.1.200/255.255.255.0

Run container in privileged mode = Checked (was the only way i could get docker to work in older version)

 

supervisord.log

Untitled.png

Edited by Alacard
Link to comment
9 minutes ago, Alacard said:

Ive been using your DelugeVPN Docker for about 8-9 months, When i notice that none of the torrents was downloading. So checked console, and for some reason VPN keep connecting & disconnecting. I seen that i was running a outdated version (Deluge was 1.3.14 or 1.3.13 cant remember), thinking that maybe the problem (a bug with that version that i have not experienced before now?) So i took screenshots of Docker conf., removed docker and reinstall with the newest version (1.3.15+2+g38d7b7cdf-1-12) reentered all config setting. And started docker UP. Same thing VPN keeps connecting then disconnecting. but this time i cant even connect to deluge webui (i was able to before the upgrade even with vpn acting up). So maybe that VPN Server acting up? tryed 3 more servers (endpoints) still the samething even tryed 2 more servers with different ports (was using 433 so tryed 53, 1194) I'm a (mid grade) noob when it comes to linux/docker so that was all the basic troubleshooting i did. Im hoping you can help me out.

 

Server Notes

Running on Qnap 4.3.4.0370 Build 20171103

Bridge Mode

Container ip/subnet 192.168.1.200/255.255.255.0

Run container in privileged mode = Checked (was the only way i could get docker to work in older version)

 

supervisord.log

Untitled.png

 

have a look here, things have changed over the last 6 months or so, you may be falling foul of out of date info, scroll down to the newbie vpn guide:-

 

 

Edited by binhex
Link to comment
3 hours ago, binhex said:

 

how are you defining outbound "traffic for my unraid server" if its via src ip range 192.168.0.xxx then this could your issue, as the src ip range for a docker container running in bridge mode (which is what this container will be running as) will be 172.17.0.0/16 by default, maybe you need to include this range as well?, if it's not this or you try it and it doesn't work then i'm afraid this is pretty much my last idea, will have to chalk this up to something on your network/isp causing the issue.

 

My firewall tracks by MAC address not src ip range.  I'm tracking off the MAC address of the unraid server and based on this I'm allowing to all destinations.  I would think that if my ISP or firewall were causing an issue then my windows 10 pc would also have a problem.  However I'm able to connect to PIA servers with the windows client just fine.

Link to comment

Ive add pull-filter ignore "route-ipv6", pull-filter ignore "ifconfig-ipv6" to vpn config file thinking that was it because of this error message "Linux route add command failed: external program exited with error status: 2" (that didnt work) but other then that i dont see anything else that would apply to me from the FAQ. Here a new log with debug set to true

supervisord.log

Link to comment
15 hours ago, Alacard said:

Ive add pull-filter ignore "route-ipv6", pull-filter ignore "ifconfig-ipv6" to vpn config file thinking that was it because of this error message "Linux route add command failed: external program exited with error status: 2" (that didnt work) but other then that i dont see anything else that would apply to me from the FAQ. Here a new log with debug set to true

supervisord.log

 

hmm so it looks like for whatever reason openvpn is getting shutdown part way through the sequence:-

 

[warn] OpenVPN process terminated, restarting OpenVPN...

not sure why this is happening, the only odd thing ive spotted so far is the fact you are connecting to a specific ip address rather than a hostname, it might be worth re-generating your ovpn file, maybe your using a remote endpoint that has been decommissioned?

 

one other thought - check your free memory, it is potentially possible OOM killer is kicking in if your low on memory and thus killing the openvpn process causing the restart of the process, maybe try shutting down some other containers temporarily, if this seems to improve things then you know what the issue is related to.

Edited by binhex
Link to comment
17 hours ago, mrlionman said:

I'm tracking off the MAC address of the unraid server and based on this I'm allowing to all destinations.

 

yes but Docker creates a vnic inside the container with its own mac address, this will be different to the mac address used on your unraid host - idea turn off outbound filtering for everything, quickly restart the container, if it connects you know the issue is related to your firewall, if it doesn't then its something else.

 

17 hours ago, mrlionman said:

I would think that if my ISP or firewall were causing an issue then my windows 10 pc would also have a problem

 

this is partially true, as in yes this does prove your ISP isn't blocking, but your windows pc is a very different beast to a docker container, thus it could still be to do with mac address filtering (see my first comment).

Link to comment
6 hours ago, binhex said:

 

hmm so it looks like for whatever reason openvpn is getting shutdown part way through the sequence:-

 


[warn] OpenVPN process terminated, restarting OpenVPN...

not sure why this is happening, the only odd thing ive spotted so far is the fact you are connecting to a specific ip address rather than a hostname, it might be worth re-generating your ovpn file, maybe your using a remote endpoint that has been decommissioned?

 

one other thought - check your free memory, it is potentially possible OOM killer is kicking in if your low on memory and thus killing the openvpn process causing the restart of the process, maybe try shutting down some other containers temporarily, if this seems to improve things then you know what the issue is related to.

 

Dont know what fixed the problem with OpenVPN closing  (rebooted everything nas,modem,router,switch) but that some how fixed itself. now ive ran in to another problem, i cant access deluge from web access or from daemon via 58846. So started troubleshooting. Made sure the subnet was set right (192.168.1.0/24) and it is. So ran a port scan to make sure the ports are even open via nmap a, came  back with

8112/tcp  open  unknown
8118/tcp  open  privoxy?
58846/tcp open  unknown

So ports are open, started to wonder if that was privoxy or deluge opening the ports so checked deluge config and it listen interface is set to 10.4.90.199 (vpn ip) so got to wondering if deluge is set to use vpn ip then privoxy is forwarding local ip traffic to the ip... checked to make sure that what was happening via ipconfigs --list, it came back with

Chain INPUT (policy DROP)                                                                                                                                   
target     prot opt source               destination                                                                                                       
ACCEPT     all  --  anywhere             anywhere                                                                                                           
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16                                                                                                     
ACCEPT     udp  --  anywhere             anywhere             udp spt:https                                                                                 
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8112                                                                                 
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:8112                                                                                 
ACCEPT     tcp  --  192.168.1.0/24       anywhere             tcp dpt:58846                                                                                 
ACCEPT     tcp  --  192.168.1.0/24       192.168.0.0/16                                                                                                     
ACCEPT     icmp --  anywhere             anywhere             icmp echo-reply                                                                               
ACCEPT     all  --  anywhere             anywhere                                                                                                           


Chain FORWARD (policy ACCEPT)                                                                                                                               
target     prot opt source               destination                                                                                                        

Chain OUTPUT (policy DROP)                                                                                                                                 
target     prot opt source               destination                                                                                                       
ACCEPT     all  --  anywhere             anywhere                                                                                                           
ACCEPT     all  --  192.168.0.0/16       192.168.0.0/16                                                                                                     
ACCEPT     udp  --  anywhere             anywhere             udp dpt:https                                                                                 
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:8112                                                                                 
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:8112                                                                                 
ACCEPT     tcp  --  anywhere             192.168.1.0/24       tcp spt:58846                                                                                 
ACCEPT     tcp  --  192.168.0.0/16       192.168.1.0/24                                                                                                     
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request                                                                             
ACCEPT     all  --  anywhere             anywhere 

Nothing was being forwarding. at this point i ran into a dead end. as a lost desperate attempt i checked deluge log and that really got me confused, some how my pc (192.168.1.250) was trying to connect and deluge shows that but the connection being dropped it seems.

[INFO    ] 09:48:56 configmanager:70 Setting config directory to: /config
[INFO    ] 09:48:57 daemon:127 Deluge daemon 1.3.15
[INFO    ] 09:48:57 configmanager:70 Setting config directory to: /config
[INFO    ] 09:48:57 core:87 Starting libtorrent 1.0.9.0 session..
[INFO    ] 09:48:57 rpcserver:369 Starting DelugeRPC server :58846
[INFO    ] 09:48:57 core:97 *** Start Label plugin ***
[INFO    ] 09:48:57 pluginmanagerbase:158 Plugin Label enabled..
[INFO    ] 09:48:57 pluginmanagerbase:158 Plugin AutoRemovePlus enabled..
[WARNING ] 09:49:02 core:131 check interval loop starting
[INFO    ] 09:49:40 rpcserver:206 Deluge Client connection made from: 192.168.1.250:65128
[INFO    ] 09:49:42 rpcserver:206 Deluge Client connection made from: 192.168.1.250:65129
[INFO    ] 09:49:59 rpcserver:226 Deluge client disconnected: Connection to the other side was lost in a non-clean fashion: Connection lost.
[INFO    ] 09:50:01 rpcserver:226 Deluge client disconnected: Connection to the other side was lost in a non-clean fashion: Connection lost.
[INFO    ] 09:52:18 torrentmanager:737 Saving the state at: /config/state/torrents.state
[INFO    ] 09:55:38 torrentmanager:737 Saving the state at: /config/state/torrents.state
[INFO    ] 09:58:58 torrentmanager:737 Saving the state at: /config/state/torrents.state
[INFO    ] 09:59:43 rpcserver:206 Deluge Client connection made from: 192.168.1.250:65258
[INFO    ] 09:59:45 rpcserver:206 Deluge Client connection made from: 192.168.1.250:65261
[INFO    ] 10:00:02 rpcserver:226 Deluge client disconnected: Connection to the other side was lost in a non-clean fashion: Connection lost.
[INFO    ] 10:00:04 rpcserver:226 Deluge client disconnected: Connection to the other side was lost in a non-clean fashion: Connection lost.

Here's a new log file. i hate to keep bugging you, hope you dont mine

deluged.log

supervisord.log

Link to comment
1 hour ago, binhex said:

 

so what url are you using to connect to deluge?, copy and paste your docker run command, or whatever it is you use to define the container on a qnap device.

For Web access using http://192.168.1.200:8112 but for the  daemon via 58846 i use deluge gui connection manager to connect to it

 

For the run command.. If you talking about the command it use when starting the container its "/usr/bin/tini -- /bin/bash /root/init.sh" but if you talking about the command it use when making the container for the first time. not sure on that one i maybe able to track that down by checking the logs

 

Edit: OMFG... found out the problem... for some reason qnap made a bridge with the subnet of 255.255.0.0 -.-, so i just corrected the subnet (255.255.255.0) in the config file and restarted docker/container. just sent them a bug report that its overwriting the settings you set with a default subnet of 255.255.0.0 on container creation. Sorry for wasting your time like that >.<

Edited by Alacard
Link to comment

If you drop the .crt and the .pem file in the same dir as the .ovpn file I think you should be good to go :) You'll find them in the same .zip from PIA. You should also change your password ASAP. Remember to remove it from the log next time

 

Edit: reported your post to remove the logfile

Edited by strike
  • Like 1
Link to comment
On 10/30/2017 at 11:10 AM, binhex said:

 

thats exactly what is shown in the log :-), check your supervisord.log file there will be a warning about your password containing special chars (or there should be) 

 

Sorry, I meant a warning on-screen, without having to go into logging to see what the problem is/was.  Not a big deal if it's not possible, but from a user-friendlyl experience point of view, not having to check logs is much more friendly.

Link to comment
9 minutes ago, JustinChase said:

 

Sorry, I meant a warning on-screen, without having to go into logging to see what the problem is/was.  Not a big deal if it's not possible, but from a user-friendlyl experience point of view, not having to check logs is much more friendly.

im afraid thats impossible, or at least difficult enough to not be practical to do, but glad you got it sorted.

Link to comment

Dear binhex,

 

Many thanks for the excellent docker image, it works exactly like I wanted and saved me quite a lot of time for configuring the whole thing.

 

One question remains, and it was probably answered somewhere, I just don't find any info. Basically, the deluge+vpn image quite huge, almost 1.5Gb. Is there *anything* I could do to minimize the size of the image/container?

 

For example, my own deluge container (that has no vpn and no privoxy) is about 100mb. Would it be possible to somehow reduce the arch-delugevpn image size? What is taking so much space?

 

Thank you!

Link to comment
30 minutes ago, Globby said:

Dear binhex,

 

Many thanks for the excellent docker image, it works exactly like I wanted and saved me quite a lot of time for configuring the whole thing.

 

One question remains, and it was probably answered somewhere, I just don't find any info. Basically, the deluge+vpn image quite huge, almost 1.5Gb. Is there *anything* I could do to minimize the size of the image/container?

 

For example, my own deluge container (that has no vpn and no privoxy) is about 100mb. Would it be possible to somehow reduce the arch-delugevpn image size? What is taking so much space?

 

Thank you!

 

not sure where your seeing 1.5GB? but the latest tagged image is currently 309 MB, not the smallest image, granted but acceptable:-

 

https://hub.docker.com/r/binhex/arch-delugevpn/tags/

 

keep in mind the total size is the size of all intermediary images (and thus layers) to make up the image, so the final image is constructed from:-

 

binhex/arch-scratch+binhex/arch-base+binhex/arch-openvpn+binhex/arch-delugevpn

 

reason its done like this is each image can then be re-used, so scratch and base are re-used for all docker images, and openvpn image is used for all vpn images i produce (3 in total), thus although it may seem large for a single image, if you have more than 1 image pulled down then images (and layers) that you already have on disk will be re-used, and thus the overhead reduces.

 

so in answer to your question, can i do anything, the only answer if you're really keen is to fork my code, rebase it with something nice and lightweight like alpine and then re-code everything to build the image using that new base os, it might take a teansy weansy bit of time though 8)

 

 

Edited by binhex
Link to comment
12 minutes ago, binhex said:

not sure where your seeing 1.5GB?

 

Sorry, I mixed up things a little bit (1.5GB was the used RAM in the container when it was downloading the torrents, heh).

 

The image size I get is 1.08GB, via command:

#>docker image ls
binhex/arch-delugevpn   latest              632ac0a72aee        12 days ago         1.08GB

Thanks for quick response!

Link to comment

One more question, if you don't mind.

 

I was wondering what would happen when the VPN connection is terminated (for any reason). Would the container attempt to re-connect automatically? Would the proxy still happily serve the requests over unprotected network?

 

Would deluge happily download/upload stuff even when there is no active VPN connection? (I sincerely hope not!) :)

Link to comment
6 minutes ago, Globby said:

Would the container attempt to re-connect automatically?

 

not the container, the OpenVPN client, yes.

 

6 minutes ago, Globby said:

Would the proxy still happily serve the requests over unprotected network?

 

no, its all protected via iptables, it doesnt matter whether the link is up or down there will never be any leakage from either privoxy or deluge.

Edited by binhex
Link to comment

Hi binhex, 

im trying to get perfect privacy vpn to run with delugevpn. Followed the instructions and copied the .ovpn over. Here it is without cert.

Quote

proto udp
tun-mtu 1500
fragment 1300
mssfix
cipher AES-128-CBC

remote zurich.perfect-privacy.com 149
remote zurich.perfect-privacy.com 1151
remote zurich.perfect-privacy.com 1150
remote zurich.perfect-privacy.com 1149
remote zurich.perfect-privacy.com 1148
remote zurich.perfect-privacy.com 148
remote zurich.perfect-privacy.com 151
remote zurich.perfect-privacy.com 150

auth SHA512
auth-user-pass
client
comp-lzo
dev tun
#float
hand-window 120
inactive 604800
mute-replay-warnings
nobind
ns-cert-type server
persist-key
persist-remote-ip
persist-tun
ping 5
ping-restart 120
redirect-gateway def1
remote-random
reneg-sec 3600
resolv-retry 60
route-delay 2
route-method exe
script-security 2
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-CAMELLIA-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
tls-timeout 5
verb 4
tun-ipv6

down /etc/openvpn/update-resolv-conf
up /etc/openvpn/update-resolv-conf

key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
...erased...
-----END CERTIFICATE-----

</ca>

<cert>
-----BEGIN CERTIFICATE-----
...erased...
-----END CERTIFICATE-----

</cert>

<key>
-----BEGIN PRIVATE KEY-----
...erased...
-----END PRIVATE KEY-----

</key>

<tls-auth>
#
# 2048 bit OpenVPN static key
#
-----BEGIN OpenVPN Static key V1-----
....erased...
-----END OpenVPN Static key V1-----

</tls-auth>
 

 

i get that error:

Quote

2017-11-16 15:40:25,110 DEBG 'start-script' stdout output:
Thu Nov 16 15:40:25 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Options error: --down script fails with '/etc/openvpn/update-resolv-conf': No such file or directory (errno=2)
Options error: Please correct this error.
Use --help for more information.

2017-11-16 15:40:25,110 DEBG 'start-script' stdout output:
[info] OpenVPN started
 

 

any Idea?

 

 

 

Link to comment
19 hours ago, charley said:

Hi binhex, 

im trying to get perfect privacy vpn to run with delugevpn. Followed the instructions and copied the .ovpn over. Here it is without cert.

 

i get that error:

 

any Idea?

 

 

 

 

so there are multiple tweaks that are required to get this particular vpn provider working, i have incorporated the tweaks now into the latest image, so if you pull it down you hopefully (obviously i cant test it) should get a successful start, please let me know either way, if its a fail then please do the following:-

 

 

Link to comment

Question / Problem:

I have been using DelugeVPN and I seem to be having issues with port forwarding with PIA. I know that DelugeVPN automatically designates Deluge's incoming port to reflect the single open port reported by PIA. Once I see this port in Deluge's settings I hop over to my router's GUI and open the port manually through my router. At this point, all of my torrents become connectable to each tracker's server.

 

My problem is that every day or so my torrents become unconnectable. If I go back into my settings the port has not changed and if I go back to my router the port is still open. In order to fix this problem I have to manually restart DelugeVPN every morning and go back through to open my ports.

 

What is going wrong? And how can I become connectable without restarting the docker every single day? Thanks a ton in advance.

Link to comment

Edited:  I'm just bought a subscription for airvpn to try. 

 

OH man...Ok I'm trying to install this to use with airvpn which I just purchased, having never used a vpn before. 

I'm a very casual user here and only installed Emby Server so really not sure what the heck I'm doing...

 

I'm trying to install this docker and am on the advanced page.  The only items I managed to figure out was to put in my IPVanish id and password, and select airvpn for vpn_prov.  My lan network I'm a little unsure about.  It seems to default to 192.168.1.0 but mine is 192.168.0.x...do I put 192.168.0.0?

 

After that I'm totally lost.  I've gone through the general vpn thread and quite a few here but in the end it's just a lot of confusing info that's going over my head.  

 

Would anyone be kind enough to help me out with the next steps...in easy to understand English? ;-)

Edited by DigitalDivide
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.