[Support] binhex - DelugeVPN


Recommended Posts

Hi

 

I've been trying to get this Docker container set up on my NAS. After a couple of minutes the docker container stops and dies. I've attached the full supervisord.log, from which the relevant bits appear to be as follows, at the end:

 

2018-04-15 20:01:52,906 WARN received SIGTERM indicating exit request
2018-04-15 20:01:52,906 DEBG killing privoxy-script (pid 137) with signal SIGTERM
2018-04-15 20:01:52,906 INFO waiting for start-script, deluge-script, deluge-web-script, privoxy-script to die
2018-04-15 20:01:52,906 DEBG fd 26 closed, stopped monitoring <POutputDispatcher at 139822088890272 for <Subprocess at 139822091459400 with name privoxy-script in state STOPPING> (stderr)>
2018-04-15 20:01:52,907 DEBG fd 22 closed, stopped monitoring <POutputDispatcher at 139822088889840 for <Subprocess at 139822091459400 with name privoxy-script in state STOPPING> (stdout)>
2018-04-15 20:01:52,907 INFO stopped: privoxy-script (terminated by SIGTERM)
2018-04-15 20:01:52,907 DEBG received SIGCLD indicating a child quit
2018-04-15 20:01:52,907 DEBG killing deluge-web-script (pid 136) with signal SIGTERM
2018-04-15 20:01:52,907 DEBG fd 17 closed, stopped monitoring <POutputDispatcher at 139822088888976 for <Subprocess at 139822091459256 with name deluge-web-script in state STOPPING> (stdout)>
2018-04-15 20:01:52,907 DEBG fd 21 closed, stopped monitoring <POutputDispatcher at 139822088889408 for <Subprocess at 139822091459256 with name deluge-web-script in state STOPPING> (stderr)>
2018-04-15 20:01:52,907 INFO stopped: deluge-web-script (terminated by SIGTERM)
2018-04-15 20:01:52,907 DEBG received SIGCLD indicating a child quit
2018-04-15 20:01:52,907 DEBG killing deluge-script (pid 135) with signal SIGTERM
2018-04-15 20:01:52,908 DEBG fd 16 closed, stopped monitoring <POutputDispatcher at 139822088888544 for <Subprocess at 139822091459112 with name deluge-script in state STOPPING> (stderr)>
2018-04-15 20:01:52,908 DEBG fd 11 closed, stopped monitoring <POutputDispatcher at 139822091460336 for <Subprocess at 139822091459112 with name deluge-script in state STOPPING> (stdout)>
2018-04-15 20:01:52,908 INFO stopped: deluge-script (terminated by SIGTERM)
2018-04-15 20:01:52,908 DEBG received SIGCLD indicating a child quit
2018-04-15 20:01:52,908 DEBG killing start-script (pid 134) with signal SIGTERM
2018-04-15 20:01:52,908 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 139822091459616 for <Subprocess at 139822091459544 with name start-script in state STOPPING> (stdout)>
2018-04-15 20:01:52,908 DEBG fd 10 closed, stopped monitoring <POutputDispatcher at 139822091459904 for <Subprocess at 139822091459544 with name start-script in state STOPPING> (stderr)>
2018-04-15 20:01:52,908 INFO stopped: start-script (terminated by SIGTERM)
2018-04-15 20:01:52,909 DEBG received SIGCLD indicating a child quit

Can anyone help me work out what is going wrong here? I'm not very expert in using Docker but have been working my way through problems as I learn. This one has me stumped, though.

 

Thanks!

supervisord.log

Link to comment

I'm trying to integrate sickbeard_mp4_validator  into this container.  I overloaded the base container image with the necessary python2 pre-requisites that it needs and it is now able to convert the downloaded files to .mp4.  The only piece that doesn't work is that the conversion script cannot contact my local sonarr and radarr containers to tell them that they have a file to import.  I can ping my local servers by IP from inside the container but I cannot resolve their names with dns nor can I curl their web pages by ip.  if I use nslookup and point it to my internal DNS server it can't reach it, and if I change the VPN DNS servers to my internal DNS Servers they fail to work as well.

 

Is there a way to allow a script running local on the box to resolve and access specific servers on my local network?  It kind of feels like a firewall issue ( and possibly for good reason since there is an active tunnel open ) but I haven't been able to figure out exactly what is blocking communication.  Ultimately I just need 53 open to my DNS server and 80 open to my radarr container and my sonarr container so the script can send them a message.

 

Any help would be appreciated, please point me to RTFM if that's my issue.

 

Thanks!

Edited by dark3phoenix
Link to comment

Hello all, I've just switched to pia from cryptostorm and I've found an issue I didn't have with cryptostorm.

I'm getting disconnected every few minutes which results if being unable to connect due to maximum allowed connections to pia, until they clear.

I'm getting this error in the container log:

 

2018-04-17 08:28:36,178 DEBG 'deluge-script' stderr output:
Unhandled Error

Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/deluge/main.py", line 241, in start_daemon
Daemon(options, args)
File "/usr/lib/python2.7/site-packages/deluge/core/daemon.py", line 180, in __init__
reactor.run()
File "/usr/lib/python2.7/site-packages/twisted/internet/base.py", line 1243, in run
self.mainLoop()
File "/usr/lib/python2.7/site-packages/twisted/internet/base.py", line 1252, in mainLoop
self.runUntilCurrent()
--- <exception caught here> ---
File "/usr/lib/python2.7/site-packages/twisted/internet/base.py", line 878, in runUntilCurrent
call.func(*call.args, **call.kw)
File "/usr/lib/python2.7/site-packages/deluge/core/preferencesmanager.py", line 263, in _on_set_listen_ports
self.session.listen_on(value[0], value[1], str(self.config["listen_interface"]).strip())
exceptions.RuntimeError: Cannot assign requested address

 

 

 

Any ideas?

It is working up until it disconnects, privoxy, torrenting etc.

 

EDIT:

Ok, nevermind. It was snort blocking the connections for 'fragmentation overlap' and 'teardrop attack'...

Edited by darkangelus
Link to comment
9 hours ago, dark3phoenix said:

overloaded the base container image with the necessary python2 pre-requisites that it needs and it is now able to convert the downloaded files to .mp4. 

 

im assuming you have created a fork of delugevpn and included the required stuff in the build of the image right?, if you are using docker exec then you will of course loose everything you have done if you need to update to the latest image, as this will delete the container (unraid does this automatically).

 

9 hours ago, dark3phoenix said:

Is there a way to allow a script running local on the box to resolve and access specific servers on my local network?  It kind of feels like a firewall issue ( and possibly for good reason since there is an active tunnel open )

 

dns lookup is not permitted for the lan/wan, its only permitted once the tunnel is up, this is to prevent ip leakage via dns lookup, if you want to change this behaviour then your best bet is to fork my code (if you havent done so already), and modify iptables to allow dns lookup, but the risk is yours.

Link to comment
On 12/04/2018 at 9:02 AM, trurl said:

 

Post your docker run command as seen here:

 

https://lime-technology.com/forums/topic/57181-real-docker-faq/#comment-564345

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='binhex-delugevpn' --net='bridge' --privileged=true -e TZ="America/New_York" -e HOST_OS="unRAID" -e 'VPN_ENABLED'='yes' -e 'VPN_USER'='' -e 'VPN_PASS'='' -e 'VPN_PROV'='pia' -e 'VPN_OPTIONS'='' -e 'STRICT_PORT_FORWARD'='yes' -e 'ENABLE_PRIVOXY'='yes' -e 'LAN_NETWORK'='192.168.1.0/24' -e 'NAME_SERVERS'='209.222.18.222,37.235.1.174,8.8.8.8,209.222.18.218,37.235.1.177,8.8.4.4' -e 'DEBUG'='false' -e 'UMASK'='000' -e 'PUID'='99' -e 'PGID'='100' -p '8115:8112/tcp' -p '58846:58846/tcp' -p '58946:58946/tcp' -p '58946:58946/udp' -p '8118:8118/tcp' -v '/mnt/cache/Downloads/':'/data':'rw' -v '/mnt/user/appdata/binhex-delugevpn':'/config':'rw' 'binhex/arch-delugevpn'
a40ea2dfa6fabe110a01766a0652200d5813a8c87b02453aeb322ff72b6099aa

The command finished successfully!

 

 

thx

Link to comment
5 hours ago, binhex said:

 

im assuming you have created a fork of delugevpn and included the required stuff in the build of the image right?, if you are using docker exec then you will of course loose everything you have done if you need to update to the latest image, as this will delete the container (unraid does this automatically).

 

 

dns lookup is not permitted for the lan/wan, its only permitted once the tunnel is up, this is to prevent ip leakage via dns lookup, if you want to change this behaviour then your best bet is to fork my code (if you havent done so already), and modify iptables to allow dns lookup, but the risk is yours.

11

 

1) Yes, I'm using your image as the base, then adding all the python2 modules that mp4_automator needs.  So I run my image, but it is created by using yours as the base

 

2) OK, that makes total sense.  I will have to think on how best to handle this.  Maybe I can export the hosts file outside the container and dynamically populate it with my server addresses.  I don't want a security breach through DNS.

 

Thank you for your quick response and or maintaining this great container!

Link to comment
9 minutes ago, dark3phoenix said:

 

1) Yes, I'm using your image as the base, then adding all the python2 modules that mp4_automator needs.  So I run my image, but it is created by using yours as the base

 

2) OK, that makes total sense.  I will have to think on how best to handle this.  Maybe I can export the hosts file outside the container and dynamically populate it with my server addresses.  I don't want a security breach through DNS.

 

Thank you for your quick response and or maintaining this great container!

 

you can perform the lookup early on, iptables arent defined until later on in the process, for instance see here:-

 

https://github.com/binhex/arch-openvpn/blob/master/run/root/start.sh

 

line 102 i issue the dig command, 120 i write it to the hosts file (used to do lookup of vpn endpoint), so you could do your lookup around this time in the start.sh, you would of course have to fork this image too (intermediate common docker image for all my vpn docker images).

Link to comment

What do I have to do to change the vpn port? I have reason to believe I am being throttled by my isp and want to try switching away from port 1198. I tried downloading the crt & pem file for the port I wanted and adding to the openvpn folder but i'm getting errors in deluge log.

 

https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-

 

Thank you!

Link to comment
11 hours ago, TUMS said:

What do I have to do to change the vpn port? I have reason to believe I am being throttled by my isp and want to try switching away from port 1198. I tried downloading the crt & pem file for the port I wanted and adding to the openvpn folder but i'm getting errors in deluge log.

 

https://helpdesk.privateinternetaccess.com/hc/en-us/articles/225274288-Which-encryption-auth-settings-should-I-use-for-ports-on-your-gateways-

 

Thank you!

 

you could try the following set of ovpn files, these use tcp port 443, so should appear to your isp as https:-

 

https://www.privateinternetaccess.com/openvpn/openvpn-ip-tcp.zip

 

extract this and put the endpoint ovpn file you want to connect to in /config/openvpn and the cert(s) too.

  • Like 1
Link to comment

Is anybody having trouble with privoxy lately?

 

I know the VPN is working for torrenting according to several popular IP checks, I thought I had it working with Jackett as per the [ -e "RUN_OPTS"="--ProxyConnection= ] line in extra parameters (even tried creating this as a variable), but I am still getting failed indexers in Jackett (both binhex and linuxserver containers). My country blocks most of the big name sites, but they all work when connected to my VPN.

 

I then tried to test by adding it as proxy for Radarr and Sonarr as per @gridrunner / Spaceinvader One's video and it fails for both leading me to believe it is a problem with this app and not Jackett?

 

Edited by samtrois
Link to comment
On 18.4.2018 at 11:48 AM, samtrois said:

Is anybody having trouble with privoxy lately?

 

I know the VPN is working for torrenting according to several popular IP checks, I thought I had it working with Jackett as per the [ -e "RUN_OPTS"="--ProxyConnection= ] line in extra parameters (even tried creating this as a variable), but I am still getting failed indexers in Jackett (both binhex and linuxserver containers). My country blocks most of the big name sites, but they all work when connected to my VPN.

 

I then tried to test by adding it as proxy for Radarr and Sonarr as per @gridrunner / Spaceinvader One's video and it fails for both leading me to believe it is a problem with this app and not Jackett?

 

You dont have to use the [ -e "RUN_OPTS"="--ProxyConnection= ] line anymore, Try removing it and add your proxy in the Jackett web UI.

Privproxy and Jackett runs fine here.

Edited by Handl3vogn
Link to comment
3 hours ago, Handl3vogn said:

You dont have to use the [ -e "RUN_OPTS"="--ProxyConnection= ] line anymore, Try removing it and add your proxy in the Jackett web UI.

Privproxy and Jackett runs fine here.

 

I still don't seem to be able to get it working in Jackett without that comment, and like I said it also doesn't work with Sonarr or Radarr with just the IP:port details.

 

Sonarr says : 

Failed to test proxy: http://services.sonarr.tv/v1/ping

Radarr says:

Failed to test proxy: Error getting response stream (ReadDone2): ReceiveFailure

 

 

Are there username:pw I need to set in deluge so I can use in proxy settings along with the ip:port?

Link to comment

Quite sure, like I said the VPN is definitely working for torrenting

ENABLE_PRIVOXY set to yes in deluge

Using the default port :8118

 

Also not working as proxy settings in windows

 

Pretty sure I don't need http:// in front of the IP for the proxy hostname/url ?

 

Here are the various lines from the deluge logs with privoxy stuff. 

2018-04-21 08:52:23.747265 [info] ENABLE_PRIVOXY defined as 'yes'
2018-04-21 08:52:23.770014 [info] Starting Supervisor...
2018-04-21 08:52:23,923 INFO Included extra file "/etc/supervisor/conf.d/delugevpn.conf" during parsing
2018-04-21 08:52:23,923 INFO Set uid to user 0 succeeded
2018-04-21 08:52:23,925 INFO supervisord started with pid 7
2018-04-21 08:52:24,927 INFO spawned: 'start-script' with pid 132
2018-04-21 08:52:24,929 INFO spawned: 'deluge-script' with pid 133
2018-04-21 08:52:24,931 INFO spawned: 'deluge-web-script' with pid 134
2018-04-21 08:52:24,932 INFO spawned: 'privoxy-script' with pid 135
2018-04-21 08:52:24,933 INFO reaped unknown pid 8
2018-04-21 08:52:24,936 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2018-04-21 08:52:24,936 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-04-21 08:52:24,936 INFO success: deluge-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-04-21 08:52:24,936 INFO success: deluge-web-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-04-21 08:52:24,936 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-04-21 08:52:24,940 DEBG 'deluge-script' stdout output:
[info] Deluge config file already exists, skipping copy


018-04-21 08:52:27,877 DEBG 'privoxy-script' stdout output:
[info] Configuring Privoxy...

2018-04-21 08:52:27,888 DEBG 'privoxy-script' stdout output:
[info] All checks complete, starting Privoxy...

2018-04-21 08:52:27,891 DEBG 'privoxy-script' stderr output:
2018-04-21 08:52:27.891 150c85e690c0 Info: Privoxy version 3.0.26


2018-04-21 08:52:27,891 DEBG 'privoxy-script' stderr output:
2018-04-21 08:52:27.891 150c85e690c0 Info: Program name: /usr/bin/privoxy

 

Edited by samtrois
added logs
Link to comment

I get multiple downloads in Deluge entered by Sonarr and Radarr  for the same movie/TV episode 

obviously from different torrents, but the same.

So Deluge is trying to download all of them in parallel. 

 

posting here cause I see this both in Radarr and Sonarr

 so I thought I find here people who use the same setup

 

it seams like Deluge is not updating back to Radarr/Sonarr the status of the download. So they think its not doing anything and they send more torrents..

 

What did I configure wrong ? where to look ?

 

P.S  I also have issue with plugins disabled after Deluge reset .  I reinstalled docker image from scratch with all the applications.  didnt help.   

 

Link to comment

Hi.  I'm unable to connect to the WebGUI when VPN is enabled (PIA). I'm getting this error when  openVPN tries to connect: 

 

Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.5)

 

2018-04-21 23:35:37,920 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'pia' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'swiss.privateinternetaccess.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 185.230.125.42 1198 udp --remote 185.230.125.38 1198 udp --remote 185.230.125.44 1198 udp --remote 185.230.125.45 1198 udp --remote 185.230.125.43 1198 udp --remote 185.230.125.41 1198 udp --remote 185.230.125.37 1198 udp --remote 185.230.125.94 1198 udp --remote 185.230.125.47 1198 udp --remote 185.230.125.50 1198 udp --remote 82.102.24.169 1198 udp --remote 82.102.24.162 1198 udp --remote 185.230.125.49 1198 udp --remote-random --keepalive 10 60 --setenv STRICT_PORT_FORWARD 'yes' --disable-occ --auth-user-pass credentials.conf 'swiss.privateinternetaccess.com' --cd /config/openvpn --config '/config/openvpn/Switzerland.ovpn'
[info] Starting OpenVPN...

2018-04-21 23:35:37,927 DEBG 'start-script' stdout output:
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.5)

Use --help for more information.

2018-04-21 23:35:37,928 DEBG 'start-script' stdout output:
[info] OpenVPN started

2018-04-21 23:35:37,928 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

Any ideas?  Seems like its not reading my PIA username and pw from that file properly.

Link to comment
Hi.  I'm unable to connect to the WebGUI when VPN is enabled (PIA). I'm getting this error when  openVPN tries to connect: 
 
Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.5)
 
2018-04-21 23:35:37,920 DEBG 'start-script' stdout output:[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'pia' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'swiss.privateinternetaccess.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 185.230.125.42 1198 udp --remote 185.230.125.38 1198 udp --remote 185.230.125.44 1198 udp --remote 185.230.125.45 1198 udp --remote 185.230.125.43 1198 udp --remote 185.230.125.41 1198 udp --remote 185.230.125.37 1198 udp --remote 185.230.125.94 1198 udp --remote 185.230.125.47 1198 udp --remote 185.230.125.50 1198 udp --remote 82.102.24.169 1198 udp --remote 82.102.24.162 1198 udp --remote 185.230.125.49 1198 udp --remote-random --keepalive 10 60 --setenv STRICT_PORT_FORWARD 'yes' --disable-occ --auth-user-pass credentials.conf 'swiss.privateinternetaccess.com' --cd /config/openvpn --config '/config/openvpn/Switzerland.ovpn'[info] Starting OpenVPN...2018-04-21 23:35:37,927 DEBG 'start-script' stdout output:Options error: Unrecognized option or missing or extra parameter(s) in [CMD-LINE]:1: auth-user-pass (2.4.5)Use --help for more information.2018-04-21 23:35:37,928 DEBG 'start-script' stdout output:[info] OpenVPN started2018-04-21 23:35:37,928 DEBG 'start-script' stdout output:[debug] Waiting for valid IP address from tunnel...

Any ideas?  Seems like its not reading my PIA username and pw from that file properly.

Remove everything defined as a value for vpn_options

Sent from my SM-G935F using Tapatalk

Link to comment

I can't seem to get the vpn to connect anymore. It was working fine until I migrated from a bunch of small drives to a single large one. After that the PIA seems to be refusing to connect. Why this caused it to start failing, I have no clue.

 

  • I was using a really old version of the configs for the unraid UI, so I deleted the container and added it again so it would grab the new xml file.
  • I have also deleted everything in the appdata folder for this container so it could start from scratch
  • I have tried several different PIA endpoints (all 3 of the canada ones)

I have looked though this forum thread, and another one I found on reddit, but none of the suggestions I found have worked so far.

 

https://pastebin.com/1zmW7cBJ

Link to comment
On 4/22/2018 at 4:10 AM, binhex said:

Remove everything defined as a value for vpn_options

Sent from my SM-G935F using Tapatalk
 

Hey binhex, can you help me with this warning line in the log file, Is it something I should worry about, Everything works just fine, have few extra plugins such as Extractor, Ltconfig, Blocklist and AutoAdd added, please. Thank you!!!

 

2018-05-03 13:31:19,995 DEBG 'deluge-web-script' stderr output:
/usr/lib/python2.7/site-packages/pkg_resources/__init__.py:1235: UserWarning: /home/nobody/.cache/Python-Eggs is writable by group/others and vulnerable to attack when used with get_resource_filename. Consider a more secure location (set with .set_extraction_path or the PYTHON_EGG_CACHE environment variable).
warnings.warn(msg, UserWarning)

 

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.