[Support] binhex - DelugeVPN


Recommended Posts

11 hours ago, UntouchedWagons said:

Do I use SOCKS5 or HTTP or what with privoxy? I tried both with curl and curl was unable to connect to privoxy both times

privoxy is a http/https proxy, no socks support. most people are targeting privoxy via applications such as sonarr/radarr etc not curl and that works fine, getting curl to honour the proxy would need further investigation, but i would assume its possible.

Link to comment
11 hours ago, binhex said:

privoxy is a http/https proxy, no socks support. most people are targeting privoxy via applications such as sonarr/radarr etc not curl and that works fine, getting curl to honour the proxy would need further investigation, but i would assume its possible.

I've tried

curl --proxy http://192.168.0.5:8118 https://ipinfo.io/ip

and

curl --proxy https://192.168.0.5:8118 https://ipinfo.io/ip

Neither work, curl times out in both instances. What is LAN_NETWORK used for? Is that for an ACL for Privoxy or something else?

 

[Edit] Apparently so, changing LAN_NETWORK to 192.168.0.0/24 lets me use the proxy

Edited by UntouchedWagons
Link to comment

This has probably been answered. Sorry if so. I could be blind or just suck on searching.

Is there a way to use the Privoxy from containers running on br0 with assigned ips? I think I understand the limitations when running on br0 (the custom one that came with unraid, using macvlan) and contacting containers running on the same machine on "bridge" network. The dream is running binhex-privoxy with vpn, on container running at br0. ;)

Sonarr and Radarr (amongst others) are running on br0. Only container running on bridge is this one. Because it requires it?
Can't use privoxy from sonarr or radarr if not moving them to bridge?

Edit: Using something like external socks proxy directly is not an option. Makes sonarr and radarr use like 200% cpu for hours and hours. Something about the proxy host resolving to many ip's and creating connections that never close..

Edited by Niklas
Spelling and stuff...
Link to comment
1 hour ago, Zenophobe said:

I have installed following Spaceinvaders video and I can add torrents but they will not start. They stay paused.

unRAID 6.6.2

i had the same thing happen to me, i never could find a solution i now use transmission, and everything is working as it should with radarr/sonarr

Link to comment
On 10/27/2018 at 4:12 AM, Zenophobe said:

I have installed following Spaceinvaders video and I can add torrents but they will not start. They stay paused.

unRAID 6.6.2

if they wont start then its possible you have one or more of the following issues:-

 

1. badly defined downloads folder - if this is not set correctly it wont be able to download, check your partial downloads folder as well as your completed folder.

2. no incoming port - if you dont have a open incoming port then you will be limited as to what peers you can connect to

Link to comment

Hello guys, I was having an issue and managed to solve it, However I'm not sure if this is the right place to post it.

 

I downloaded the OVPN files from PIA and copied all the necessary files and the supervisord.log kept showing there were no OVPN files... Took me too long to finally see that the OVPN file did not have the ".ovpn" extension. I simply had to edit the edit to add the extension and everything worked fine.

Every one of the files was missing the ".ovpn" extension. I downloaded it again to verify and could confirm. I'm not sure if this is for some reason only happening with me.

Link to comment
4 hours ago, Azyx said:

Hello guys, I was having an issue and managed to solve it, However I'm not sure if this is the right place to post it.

 

I downloaded the OVPN files from PIA and copied all the necessary files and the supervisord.log kept showing there were no OVPN files... Took me too long to finally see that the OVPN file did not have the ".ovpn" extension. I simply had to edit the edit to add the extension and everything worked fine.

Every one of the files was missing the ".ovpn" extension. I downloaded it again to verify and could confirm. I'm not sure if this is for some reason only happening with me.

yeah you are right, pia have changed their zipped ovpn config files and removed the extension, how annoying grrrrr. ok well you did the right thing, i will contact pia and see if they will change it to have the extension again, no promises though as pia support isnt too fantastic.

Link to comment

 

Afternoon all, I'm trying to setup delugevpn, I've got it installed and pointed to my downloads share on UnRaid, if I set VPN to no, then I can connect to the webui without any problems. If I enable the VPN it doesn't seem to connect to my VPN server. My log shows the following: IP address changed to 172.X.X.X for privacy but this is showing a real IP address.

 

In the openvpn folder I have the ovpn config file, Wdc.key and Ca.crt. I'm having the same issue with qbittorrentvpn but Transmission_VPN is connecting ok. (I'm moving from using a VM on unraid to using the dockers)

 

Any help would be appreciated.

 

ErrorWarningSystemArrayLogin


BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_LINENO=([0]="0")
BASH_SOURCE=([0]="/root/start.sh")

2018-10-30 15:44:29,245 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,245 INFO success: deluge-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,246 INFO success: deluge-web-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,246 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,247 DEBG 'start-script' stdout output:
BASH_VERSINFO=([0]="4" [1]="4" [2]="23" [3]="1" [4]="release" [5]="x86_64-unknown-linux-gnu")
BASH_VERSION='4.4.23(1)-release'
DEBUG=true
DIRSTACK=()
ENABLE_PRIVOXY=yes
EUID=0

)
HOME=/home/nobody
HOSTNAME=7dbaf2c713ab
HOSTTYPE=x86_64
HOST_OS=unRAID
IFS=$' \t\n'
LANG=en_GB.UTF-8
LAN_NETWORK=192.168.10.0/24
MACHTYPE=x86_64-unknown-linux-gnu
NAME_SERVERS=209.222.18.222,37.235.1.174,1.1.1.1,8.8.8.8,209.222.18.218,37.235.1.177,1.0.0.1,8.8.4.4
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID=100
PIPESTATUS=([0]="0")
PPID=7
PS4='+ '
PUID=99
PWD=/
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
STRICT_PORT_FORWARD=yes
SUPERVISOR_ENABLED=1
SUPERVISOR_GROUP_NAME=start-script
SUPERVISOR_PROCESS_NAME=start-script
TCP_PORT_58846=58846
TCP_PORT_58946=58946
TCP_PORT_8112=8112
TCP_PORT_8118=8118
TERM=xterm
TZ=Europe/London
UDP_PORT_58946=58946
UID=0

0
VPN_CONFIG=/config/openvpn/Romania-Bucharest-TCP.ovpn
VPN_DEVICE_TYPE=tun0
VPN_ENABLED=yes
VPN_OPTIONS=
VPN_PASS=mmocz7yy
VPN_PORT=80
VPN_PROTOCOL=tcp-client
VPN_PROV=custom
VPN_REMOTE=ro1-ovpn-tcp.pointtoserver.com
VPN_USER=purevpn0s4804519
_='[debug] Environment variables defined as follows'
[debug] Directory listing of files in /config/openvpn as follows

2018-10-30 15:44:29,248 DEBG 'deluge-script' stdout output:
[info] Deluge config file already exists, skipping copy

2018-10-30 15:44:29,252 DEBG 'deluge-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2018-10-30 15:44:29,253 DEBG 'deluge-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-10-30 15:44:29,256 DEBG 'start-script' stdout output:
total 16
drwxrwxr-x 1 nobody users 110 Oct 30 15:44 .
drwxrwxr-x 1 nobody users 80 Oct 30 14:26 ..
-rwxrwxr-x 1 nobody users 1667 Oct 30 14:18 ca.crt
-rwxrwxr-x 1 nobody users 26 Oct 30 15:43 credentials.conf
-rwxrwxr-x 1 nobody users 265 Oct 30 15:44 Romania-Bucharest-TCP.ovpn
-rwxrwxr-x 1 nobody users 657 Oct 30 14:18 Wdc.key

2018-10-30 15:44:29,260 DEBG 'privoxy-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-10-30 15:44:29,297 DEBG 'start-script' stdout output:
[debug] Contents of ovpn file /config/openvpn/Romania-Bucharest-TCP.ovpn as follows...

2018-10-30 15:44:29,297 DEBG 'start-script' stdout output:
remote ro1-ovpn-tcp.pointtoserver.com 80
client
dev tun
proto tcp-client
nobind
persist-key
cipher AES-256-CBC

key-direction 1

verb 1
mute 20
float
route-delay 2
auth-user-pass credentials.conf
auth-retry interact
ifconfig-nowarn
ca ca.crt
tls-auth Wdc.key 1

2018-10-30 15:44:29,303 DEBG 'start-script' stdout output:
[info] Default route for container is 192.168.10.254

2018-10-30 15:44:29,305 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.222 to /etc/resolv.conf

2018-10-30 15:44:29,307 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2018-10-30 15:44:29,309 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2018-10-30 15:44:29,310 DEBG 'start-script' stdout output:
[info] Adding 8.8.8.8 to /etc/resolv.conf

2018-10-30 15:44:29,312 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2018-10-30 15:44:29,314 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2018-10-30 15:44:29,316 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2018-10-30 15:44:29,317 DEBG 'start-script' stdout output:
[info] Adding 8.8.4.4 to /etc/resolv.conf

2018-10-30 15:44:39,467 DEBG 'start-script' stdout output:
[info] Remote VPN endpoint resolves to the following A record(s)...
172.X.X.X

2018-10-30 15:44:39,493 DEBG 'start-script' stdout output:
[debug] Show name servers defined for container

2018-10-30 15:44:39,494 DEBG 'start-script' stdout output:
nameserver 209.222.18.222
nameserver 37.235.1.174
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 209.222.18.218
nameserver 37.235.1.177
nameserver 1.0.0.1
nameserver 8.8.4.4

2018-10-30 15:44:39,495 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint ro1-ovpn-tcp.pointtoserver.com

2018-10-30 15:44:39,603 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40135
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; ro1-ovpn-tcp.pointtoserver.com.	IN	A

;; ANSWER SECTION:
ro1-ovpn-tcp.pointtoserver.com.	99	IN	CNAME	ro-ovpn-tcp.pointtoserver.com.
ro-ovpn-tcp.pointtoserver.com.	119	IN	A	172.X.X.X

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 105 msec
;; SERVER: 8.8.8.8
;; WHEN: Tue Oct 30 15:44:39 2018
;; MSG SIZE rcvd: 90

2018-10-30 15:44:39,604 DEBG 'start-script' stdout output:
[debug] Show contents of hosts file

2018-10-30 15:44:39,605 DEBG 'start-script' stdout output:
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
192.168.10.211	7dbaf2c713ab
172.X.X.X ro1-ovpn-tcp.pointtoserver.com

2018-10-30 15:44:39,612 DEBG 'start-script' stdout output:
[info] Adding 192.168.10.0/24 as route via docker eth0

2018-10-30 15:44:39,614 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2018-10-30 15:44:39,614 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2018-10-30 15:44:39,615 DEBG 'start-script' stdout output:
default via 192.168.10.254 dev eth0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.211

2018-10-30 15:44:39,616 DEBG 'start-script' stdout output:
--------------------
[debug] Modules currently loaded for kernel

2018-10-30 15:44:39,619 DEBG 'start-script' stdout output:
Module Size Used by
xt_CHECKSUM 16384 1
iptable_mangle 16384 1
ipt_REJECT 16384 2
nf_reject_ipv4 16384 1 ipt_REJECT
ebtable_filter 16384 0
ebtables 32768 1 ebtable_filter
ip6table_filter 16384 0
ip6_tables 24576 1 ip6table_filter
vhost_net 20480 0
vhost 32768 1 vhost_net
tap 20480 1 vhost_net
macvlan 20480 0
tun 32768 4 vhost_net
veth 16384 0
xt_nat 16384 23
ipt_MASQUERADE 16384 16
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
iptable_nat 16384 4
nf_conntrack_ipv4 16384 43
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
iptable_filter 16384 1
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat
nf_nat 24576 3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
xfs 630784 6
md_mod 49152 6
bonding 106496 0
e1000e 172032 0
igb 159744 0
ptp 20480 2 igb,e1000e
pps_core 16384 1 ptp
i2c_algo_bit 16384 1 igb
x86_pkg_temp_thermal 16384 0
intel_powerclamp 16384 0
coretemp 16384 0
kvm_intel 192512 0
kvm 339968 1 kvm_intel
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 0
ghash_clmulni_intel 16384 0
pcbc 16384 0
aesni_intel 184320 0
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
glue_helper 16384 1 aesni_intel
cryptd 20480 3 crypto_simd,ghash_clmulni_intel,aesni_intel
intel_cstate 16384 0
intel_uncore 102400 0
ahci 36864 10
intel_rapl_perf 16384 0
libahci 28672 1 ahci
mxm_wmi 16384 0
wmi_bmof 16384 0
wmi 20480 2 wmi_bmof,mxm_wmi
video 40960 0
i2c_i801 24576 0
i2c_core 36864 3 i2c_algo_bit,igb,i2c_i801
backlight 16384 1 video
acpi_pad 20480 0
button 16384 0

2018-10-30 15:44:39,624 DEBG 'start-script' stdout output:
iptable_mangle 16384 1
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat

2018-10-30 15:44:39,625 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2018-10-30 15:44:39,635 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2018-10-30 15:44:39,642 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 192.168.10.211

2018-10-30 15:44:39,648 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.255.0

2018-10-30 15:44:39,661 DEBG 'start-script' stdout output:
[info] Docker network defined as 192.168.10.0/24

2018-10-30 15:44:39,834 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2018-10-30 15:44:39,836 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.10.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2018-10-30 15:44:39,836 DEBG 'start-script' stdout output:
--------------------

2018-10-30 15:44:39,837 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'ro1-ovpn-tcp.pointtoserver.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 172.X.X.X 80 tcp-client --remote-random --keepalive 10 60 --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/Romania-Bucharest-TCP.ovpn'
[info] Starting OpenVPN...

2018-10-30 15:44:39,854 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:39 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 15:44:39,854 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:39 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 15:44:39 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 15:44:39 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 15:44:39,855 DEBG 'start-script' stdout output:
[info] OpenVPN started
Tue Oct 30 15:44:39 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 15:44:39 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 15:44:39,855 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-10-30 15:44:39,855 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:39 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]172.X.X.X:80
Tue Oct 30 15:44:39 2018 Attempting to establish TCP connection with [AF_INET]172.X.X.X:80 [nonblock]

2018-10-30 15:44:40,856 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:40 2018 TCP connection established with [AF_INET]172.X.X.X:80
Tue Oct 30 15:44:40 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 15:44:40 2018 TCP_CLIENT link remote: [AF_INET]172.X.X.X:80

2018-10-30 15:45:40,223 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting

2018-10-30 15:45:40,223 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 SIGHUP[soft,ping-restart] received, process restarting

2018-10-30 15:45:40,224 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 15:45:40,224 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 15:45:40 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 15:45:40 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 15:45:45,225 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:45 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 15:45:45 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 15:45:45,227 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:45 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]172.X.X.X:80
Tue Oct 30 15:45:45 2018 Attempting to establish TCP connection with [AF_INET]172.X.X.X:80 [nonblock]

2018-10-30 15:45:46,228 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:46 2018 TCP connection established with [AF_INET]172.X.X.X:80
Tue Oct 30 15:45:46 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 15:45:46 2018 TCP_CLIENT link remote: [AF_INET]172.X.X.X:80

2018-10-30 15:45:46,228 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:46 2018 TCP connection established with [AF_INET]172.X.X.X:80
Tue Oct 30 15:45:46 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 15:45:46 2018 TCP_CLIENT link remote: [AF_INET]172.X.X.X:80

 

Link to comment
8 hours ago, binhex said:

yeah you are right, pia have changed their zipped ovpn config files and removed the extension, how annoying grrrrr. ok well you did the right thing, i will contact pia and see if they will change it to have the extension again, no promises though as pia support isnt too fantastic.

and updated config files. The crt and pem included in the config now.

Link to comment
8 hours ago, binhex said:

yeah you are right, pia have changed their zipped ovpn config files and removed the extension, how annoying grrrrr. ok well you did the right thing, i will contact pia and see if they will change it to have the extension again, no promises though as pia support isnt too fantastic.

I have sent an email to them too. But maybe we should update the FAQ too :) 

 

Link to comment
2 hours ago, binhex said:

looks like its failing to connect to that endpoint, ensure your ovpn file is up to date, also try another endpoint if possible.

I seem to be getting the same no matter which endpoint I use. I downloaded the files yesterday. I'm using purevpn, and i've tried the Netherlands, Belgium, and Romania.

 

ErrorWarningSystemArrayLogin





auth-retry interact
ifconfig-nowarn
ca ca.crt
tls-auth Wdc.key

2018-10-30 19:04:13,643 DEBG 'start-script' stdout output:
[info] Default route for container is 192.168.12.254

2018-10-30 19:04:13,645 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.222 to /etc/resolv.conf

2018-10-30 19:04:13,646 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2018-10-30 19:04:13,648 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2018-10-30 19:04:13,650 DEBG 'start-script' stdout output:
[info] Adding 8.8.8.8 to /etc/resolv.conf

2018-10-30 19:04:13,652 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2018-10-30 19:04:13,653 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2018-10-30 19:04:13,655 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2018-10-30 19:04:13,656 DEBG 'start-script' stdout output:
[info] Adding 8.8.4.4 to /etc/resolv.conf

2018-10-30 19:04:13,788 DEBG 'start-script' stdout output:
[info] Remote VPN endpoint resolves to the following A record(s)...
213.X.X.X

2018-10-30 19:04:13,814 DEBG 'start-script' stdout output:
[debug] Show name servers defined for container

2018-10-30 19:04:13,816 DEBG 'start-script' stdout output:
nameserver 209.222.18.222
nameserver 37.235.1.174
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 209.222.18.218
nameserver 37.235.1.177
nameserver 1.0.0.1
nameserver 8.8.4.4

2018-10-30 19:04:13,816 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint nl1-ovpn-tcp.pointtoserver.com

2018-10-30 19:04:13,966 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9795
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; nl1-ovpn-tcp.pointtoserver.com.	IN	A

;; ANSWER SECTION:
nl1-ovpn-tcp.pointtoserver.com.	100	IN	CNAME	nl-ovpn-tcp.pointtoserver.com.
nl-ovpn-tcp.pointtoserver.com.	100	IN	A	213.X.X.X

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 145 msec
;; SERVER: 37.235.1.174
;; WHEN: Tue Oct 30 19:04:13 2018
;; MSG SIZE rcvd: 90

2018-10-30 19:04:13,967 DEBG 'start-script' stdout output:
[debug] Show contents of hosts file

2018-10-30 19:04:13,969 DEBG 'start-script' stdout output:
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
192.168.12.16	27db7cfdb07d
213.X.X.X nl1-ovpn-tcp.pointtoserver.com

2018-10-30 19:04:13,982 DEBG 'start-script' stdout output:
[info] Adding 192.168.10.0/24 as route via docker eth0

2018-10-30 19:04:13,985 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2018-10-30 19:04:13,988 DEBG 'start-script' stdout output:
default via 192.168.12.254 dev eth0
192.168.10.0/24 via 192.168.12.254 dev eth0
192.168.12.0/24 dev eth0 proto kernel scope link src 192.168.12.16

2018-10-30 19:04:13,988 DEBG 'start-script' stdout output:
--------------------
[debug] Modules currently loaded for kernel

2018-10-30 19:04:13,994 DEBG 'start-script' stdout output:
Module Size Used by
tun 32768 2
xt_CHECKSUM 16384 0
iptable_mangle 16384 1
ipt_REJECT 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
ebtable_filter 16384 0
ebtables 32768 1 ebtable_filter
ip6table_filter 16384 0
ip6_tables 24576 1 ip6table_filter
macvlan 20480 0
veth 16384 0
xt_nat 16384 45
ipt_MASQUERADE 16384 3
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
iptable_nat 16384 12
nf_conntrack_ipv4 16384 51
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
iptable_filter 16384 2
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat
nf_nat 24576 3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
xfs 630784 6
md_mod 49152 6
bonding 106496 0
e1000e 172032 0
igb 159744 0
ptp 20480 2 igb,e1000e
pps_core 16384 1 ptp
i2c_algo_bit 16384 1 igb
x86_pkg_temp_thermal 16384 0
intel_powerclamp 16384 0
coretemp 16384 0
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 0
ghash_clmulni_intel 16384 0
pcbc 16384 0
aesni_intel 184320 0
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
glue_helper 16384 1 aesni_intel
cryptd 20480 3 crypto_simd,ghash_clmulni_intel,aesni_intel
intel_cstate 16384 0
intel_uncore 102400 0
ahci 36864 10
intel_rapl_perf 16384 0
libahci 28672 1 ahci
mxm_wmi 16384 0
wmi_bmof 16384 0
wmi 20480 2 wmi_bmof,mxm_wmi
video 40960 0
i2c_i801 24576 0
i2c_core 36864 3 i2c_algo_bit,igb,i2c_i801
backlight 16384 1 video
acpi_pad 20480 0
button 16384 0

2018-10-30 19:04:14,000 DEBG 'start-script' stdout output:
iptable_mangle 16384 1
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat

2018-10-30 19:04:14,000 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2018-10-30 19:04:14,007 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2018-10-30 19:04:14,010 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 192.168.12.16

2018-10-30 19:04:14,014 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.255.0

2018-10-30 19:04:14,020 DEBG 'start-script' stdout output:
[info] Docker network defined as 192.168.12.0/24

2018-10-30 19:04:14,153 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2018-10-30 19:04:14,155 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.12.0/24 -d 192.168.12.0/24 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -d 192.168.12.0/24 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.12.0/24 -d 192.168.12.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.10.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -s 192.168.12.0/24 -d 192.168.10.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2018-10-30 19:04:14,156 DEBG 'start-script' stdout output:
--------------------

2018-10-30 19:04:14,157 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'nl1-ovpn-tcp.pointtoserver.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 213.X.X.X 80 tcp-client --remote-random --keepalive 10 60 --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/Netherlands-Amsterdam-TCP.ovpn'

2018-10-30 19:04:14,157 DEBG 'start-script' stdout output:
[info] Starting OpenVPN...

2018-10-30 19:04:14,166 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 WARNING: file 'Wdc.key' is group or others accessible

Tue Oct 30 19:04:14 2018 WARNING: file 'credentials.conf' is group or others accessible


2018-10-30 19:04:14,166 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:04:14 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:04:14,166 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:04:14 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:04:14,167 DEBG 'start-script' stdout output:
[info] OpenVPN started
[debug] Waiting for valid IP address from tunnel...

2018-10-30 19:04:14,167 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80

2018-10-30 19:04:14,168 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:04:15,168 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:04:15 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:04:15 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:04:15,169 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

Tue Oct 30 19:04:15 2018 Connection reset, restarting [0]
Tue Oct 30 19:04:15 2018 SIGHUP[soft,connection-reset] received, process restarting

2018-10-30 19:04:15,170 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 19:04:15,170 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:04:15 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:04:15 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:04:20,170 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:20 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:04:20 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:04:20,172 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:20 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:04:20 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:04:21,173 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:21 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:04:21 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:04:21 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:05:21,659 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting

2018-10-30 19:05:21,660 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 SIGHUP[soft,ping-restart] received, process restarting

2018-10-30 19:05:21,661 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 WARNING: file 'Wdc.key' is group or others accessible

Tue Oct 30 19:05:21 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:05:21 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018

2018-10-30 19:05:21,661 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:05:26,661 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:26 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:05:26 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:05:26,662 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:26 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:26 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:05:27,662 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:27 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:27 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:05:27 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:05:33,850 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

Tue Oct 30 19:05:33 2018 Connection reset, restarting [0]

2018-10-30 19:05:33,850 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 SIGHUP[soft,connection-reset] received, process restarting

2018-10-30 19:05:33,851 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 19:05:33,852 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:05:33 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:05:33 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:05:38,852 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:38 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:05:38 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:05:38,854 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:38 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:38 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:05:39,854 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:39 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:39 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:05:39 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:06:40,118 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:40 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting

2018-10-30 19:06:40,119 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:40 2018 SIGHUP[soft,ping-restart] received, process restarting

2018-10-30 19:06:40,120 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:40 2018 WARNING: file 'Wdc.key' is group or others accessible

Tue Oct 30 19:06:40 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:06:40 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:06:40 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:06:45,120 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:45 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:06:45 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:06:45,123 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:45 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:06:45 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:06:46,124 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:46 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:06:46 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:06:46 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

 

qbit.log

Edited by karldonteljames
Link to comment

I replaced the files with config to run on UDP rather than TCP, and I have the following errors:

2018-10-30 20:13:55,372 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:55 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:53
Tue Oct 30 20:13:55 2018 UDP link local: (not bound)
Tue Oct 30 20:13:55 2018 UDP link remote: [AF_INET]213.X.X.X:53

2018-10-30 20:13:57,694 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, [email protected]

Tue Oct 30 20:13:57 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

2018-10-30 20:13:57,694 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 TLS_ERROR: BIO read tls_read_plaintext error

Tue Oct 30 20:13:57 2018 TLS Error: TLS object -> incoming plaintext read error

Tue Oct 30 20:13:57 2018 TLS Error: TLS handshake failed

Tue Oct 30 20:13:57 2018 SIGHUP[soft,tls-error] received, process restarting

2018-10-30 20:13:57,696 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 WARNING: file 'Wdc.key' is group or others accessible

2018-10-30 20:13:57,697 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 20:13:57 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 20:13:57 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

 

Edited by karldonteljames
Link to comment

Is it possible that pfsense is stopping the OpenVPN traffic from getting out? These are the rules I have setup on my DMZ, but it doesn't look like the TCP port 80 rule is catching any traffic, the UDP rule was going up quite quickly, but there was no connection - shown in the error log above

.

image.thumb.png.986c057ccffb40421cd66f9d6c24feb6.png

 

When I use UDP, taken abot one minute after restarting the service:

 

image.thumb.png.b1fbcfb7be69ba59b231342425fcd411.png

 

 

Link to comment
3 minutes ago, karldonteljames said:

Is it possible that pfsense is stopping the OpenVPN traffic from getting out? These are the rules I have setup on my DMZ, but it doesn't look like the TCP port 80 rule is catching any traffic, the UDP rule was going up quite quickly, but there was no connection - shown in the error log above

.

image.thumb.png.986c057ccffb40421cd66f9d6c24feb6.png

 

When I use UDP, taken abot one minute after restarting the service:

 

image.thumb.png.b1fbcfb7be69ba59b231342425fcd411.png

 

 

its possible pfsense is blocking it, check your firewall logs/dynamic view and see if you can spot it being blocked in the log whilst you attempt the connection.

 

my guess is pfsense is blocking tcp port 80, udp is another story and this isnt working due to a weak certificate, as can be seen here in your log:-

VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak

so you could try contacting purevpn and see if they can send you a cert with a stronger cipher or try and work out what is blocking tcp port 80 outbound.

Link to comment

Hi all - Probably the easiest question in a while: DelugeVPN via docker-compose cannot find the PIA config file. What am I doing wrong ? 

No OpenVPN config file located in /config/openvpn/ (ovpn extension), please download from your VPN provider and then restart this container, exiting...

My docker-compose.yml:

 

arch-delugevpn:
        image: binhex/arch-delugevpn
        container_name: delugevpn
        restart: unless-stopped
        network_mode: 'bridge'
        ports:
            - '${IP_ADDRESS}:8112:8112'
            - '${IP_ADDRESS}:8118:8118'
            - '${IP_ADDRESS}:58846:58846'
            - '${IP_ADDRESS}:58946:58946'
        cap_add:
            - NET_ADMIN
        env_file:
            - .env
        volumes:
            - '/media/Media/Torrents:/data'
            - './delugevpn/config:/config'
            - '/opt/ovpn/pia:/config/openvpn'
            - '/etc/localtime:/etc/localtime:ro'

        environment:
            - VPN_ENABLED=yes
            - VPN_USER=${VPNUNAME}
            - VPN_PASS=${VPNPASS}
            - VPN_REMOTE=${VPN_REMOTE}
            - VPN_PORT=1198
            - VPN_PROTOCOL=udp
            - VPN_DEVICE_TYPE=tun
            - VPN_PROV=${VPNPROVIDER}
            - STRONG_CERTS=no
            - ENABLE_PRIVOXY=yes
            - STRICT_PORT_FORWARD=yes
            - LAN_NETWORK=${CIDR_ADDRESS}
            - NAME_SERVERS=37.235.1.174,8.8.8.8,37.235.1.177,8.8.4.4
            - DEBUG=false
            - PUID=${PUID}
            - PGID=${PGID}
            - VIRTUAL_HOST=deluge.${DOMAIN}
            - VIRTUAL_PORT=8112
            - LETSENCRYPT_HOST=deluge.${DOMAIN}
            - LETSENCRYPT_EMAIL=${EMAIL}

I believe the appropriate files are there:

drwxr-xr-x 2 root  root  4096 Oct 30 22:17  .
drwxrwxr-x 3 admin admin 4096 Oct 30 22:14  ..
-rwxr-xr-x 1 root  root  2025 Oct 30 22:17  ca.rsa.2048.crt
-rwxr-xr-x 1 root  root   869 Oct 30 22:17  crl.rsa.2048.pem
-rwxr-xr-x 1 root  root  3177 Oct 30 22:17 'US East'
admin@docker:/opt/delugevpn/config/openvpn$

Matt

Edited by mjb5038
Link to comment
32 minutes ago, mjb5038 said:

believe the appropriate files are there:

Looks like your <endpoint>.ovpn file is missing the ovpn extension in the name (I’m guessing that’s what “US East” is). I also have a credentials.conf file. Don’t think that’s what your error is complaining about though. The credentials file may not be needed or is auto generated.

Edited by wgstarks
Link to comment

Good Morning,

My UMASK is set to 000, All files are now showing as permission for "node" what do i need to set the umask to for root? I'm a windows user primarily!

I currently organise my files as follows:

 

Downloads:

-->Incomplete

-->Completed

 

Torrents:

-->In Progress

-->Completed

-->Start

 

What changes do I need to make to deluge to continue to use the current folder structure? is this correct?

 

image.png.2272b263302a63d18b3f6e24b8c7dd14.png

 

 

 

 

Link to comment
8 hours ago, mjb5038 said:

Hi all - Probably the easiest question in a while: DelugeVPN via docker-compose cannot find the PIA config file. What am I doing wrong ? 


No OpenVPN config file located in /config/openvpn/ (ovpn extension), please download from your VPN provider and then restart this container, exiting...

My docker-compose.yml:

 


arch-delugevpn:
        image: binhex/arch-delugevpn
        container_name: delugevpn
        restart: unless-stopped
        network_mode: 'bridge'
        ports:
            - '${IP_ADDRESS}:8112:8112'
            - '${IP_ADDRESS}:8118:8118'
            - '${IP_ADDRESS}:58846:58846'
            - '${IP_ADDRESS}:58946:58946'
        cap_add:
            - NET_ADMIN
        env_file:
            - .env
        volumes:
            - '/media/Media/Torrents:/data'
            - './delugevpn/config:/config'
            - '/opt/ovpn/pia:/config/openvpn'
            - '/etc/localtime:/etc/localtime:ro'

        environment:
            - VPN_ENABLED=yes
            - VPN_USER=${VPNUNAME}
            - VPN_PASS=${VPNPASS}
            - VPN_REMOTE=${VPN_REMOTE}
            - VPN_PORT=1198
            - VPN_PROTOCOL=udp
            - VPN_DEVICE_TYPE=tun
            - VPN_PROV=${VPNPROVIDER}
            - STRONG_CERTS=no
            - ENABLE_PRIVOXY=yes
            - STRICT_PORT_FORWARD=yes
            - LAN_NETWORK=${CIDR_ADDRESS}
            - NAME_SERVERS=37.235.1.174,8.8.8.8,37.235.1.177,8.8.4.4
            - DEBUG=false
            - PUID=${PUID}
            - PGID=${PGID}
            - VIRTUAL_HOST=deluge.${DOMAIN}
            - VIRTUAL_PORT=8112
            - LETSENCRYPT_HOST=deluge.${DOMAIN}
            - LETSENCRYPT_EMAIL=${EMAIL}

I believe the appropriate files are there:


drwxr-xr-x 2 root  root  4096 Oct 30 22:17  .
drwxrwxr-x 3 admin admin 4096 Oct 30 22:14  ..
-rwxr-xr-x 1 root  root  2025 Oct 30 22:17  ca.rsa.2048.crt
-rwxr-xr-x 1 root  root   869 Oct 30 22:17  crl.rsa.2048.pem
-rwxr-xr-x 1 root  root  3177 Oct 30 22:17 'US East'
admin@docker:/opt/delugevpn/config/openvpn$

Matt

do you see a file with a ovpn extension as per the warning in the log?, doesnt look like it to me, 'US East' doesnt have any extension.

Link to comment
24 minutes ago, karldonteljames said:

what do i need to set the umask to for root?

umask is used to set permissions for newly created files and folders, it doesn't set ownership, if you want to run the container as root then change PUID and GUID to 0, also delete the file /config/perms.txt then restart the container, this will ensure permissions are set correctly for existing files/folders for the user selected.

Link to comment

Thanks again binhex, am I correct in assuming that it is not recommended to run it as root?

 

I'm now trying to connect your sonarr to both qBit and deluge, however, I'm getting a timeout. each of the dockers is running on their own IP address, all within the same VLAN.

 

I am able to ping deluge and qbit from the sonarr docker.

 

IP of the sonarr is 192.168.12.218

deluge: 216

qbit: 217

 

Deluge:

one.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x000ca] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:58
--- End of inner exception stack trace ---

one.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x0019e] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:92
at NzbDrone.Common.Http.Dispatchers.FallbackHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x000b5] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\Dispatchers\FallbackHttpDispatcher.cs:53
at NzbDrone.Common.Http.HttpClient.ExecuteRequest (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookieContainer) [0x0007e] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\HttpClient.cs:121
at NzbDrone.Common.Http.HttpClient.Execute (NzbDrone.Common.Http.HttpRequest request) [0x00008] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\HttpClient.cs:57
at NzbDrone.Core.Download.Clients.Deluge.DelugeProxy.AuthenticateClient (NzbDrone.Common.Http.JsonRpcRequestBuilder requestBuilder, NzbDrone.Core.Download.Clients.Deluge.DelugeSettings settings, System.Boolean reauthenticate) [0x0005b] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\Deluge\DelugeProxy.cs:274
at NzbDrone.Core.Download.Clients.Deluge.DelugeProxy.BuildRequest (NzbDrone.Core.Download.Clients.Deluge.DelugeSettings settings) [0x0006d] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\Deluge\DelugeProxy.cs:187
at NzbDrone.Core.Download.Clients.Deluge.DelugeProxy.ProcessRequest[TResult] (NzbDrone.Core.Download.Clients.Deluge.DelugeSettings settings, System.String method, System.Object[] arguments) [0x00000] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\Deluge\DelugeProxy.cs:194
at NzbDrone.Core.Download.Clients.Deluge.DelugeProxy.GetVersion (NzbDrone.Core.Download.Clients.Deluge.DelugeSettings settings) [0x00000] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\Deluge\DelugeProxy.cs:51
at NzbDrone.Core.Download.Clients.Deluge.Deluge.TestConnection () [0x00000] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\Deluge\Deluge.cs:210


2018-10-31 13:37:46,681 DEBG 'sonarr' stdout output:
[Warn] NzbDroneErrorPipeline: Invalid request Validation failed:

 

qBitTorrent

[v2.0.0.5252] NzbDrone.Core.Download.Clients.DownloadClientUnavailableException: Failed to connect to qBittorrent, please check your settings. ---> System.Net.WebException: The operation has timed out.: 'http://192.168.12.217:8080/login' ---> System.Net.WebException: The operation has timed out.

at System.Net.HttpWebRequest.GetRequestStream () [0x0000e] in /build/mono/src/mono/mcs/class/System/System.Net/HttpWebRequest.cs:912

one.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x000ca] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:58
--- End of inner exception stack trace ---

one.Common.Http.Dispatchers.ManagedHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x0019e] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\Dispatchers\ManagedHttpDispatcher.cs:92
at NzbDrone.Common.Http.Dispatchers.FallbackHttpDispatcher.GetResponse (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookies) [0x000b5] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\Dispatchers\FallbackHttpDispatcher.cs:53
at NzbDrone.Common.Http.HttpClient.ExecuteRequest (NzbDrone.Common.Http.HttpRequest request, System.Net.CookieContainer cookieContainer) [0x0007e] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\HttpClient.cs:121
at NzbDrone.Common.Http.HttpClient.Execute (NzbDrone.Common.Http.HttpRequest request) [0x00008] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Common\Http\HttpClient.cs:57
at NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentProxy.AuthenticateClient (NzbDrone.Common.Http.HttpRequestBuilder requestBuilder, NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentSettings settings, System.Boolean reauthenticate) [0x000a4] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\QBittorrent\QBittorrentProxy.cs:286
--- End of inner exception stack trace ---
at NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentProxy.AuthenticateClient (NzbDrone.Common.Http.HttpRequestBuilder requestBuilder, NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentSettings settings, System.Boolean reauthenticate) [0x000f4] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\QBittorrent\QBittorrentProxy.cs:300
at NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentProxy.ProcessRequest (NzbDrone.Common.Http.HttpRequestBuilder requestBuilder, NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentSettings settings) [0x00000] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\QBittorrent\QBittorrentProxy.cs:227
at NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentProxy.ProcessRequest[TResult] (NzbDrone.Common.Http.HttpRequestBuilder requestBuilder, NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentSettings settings) [0x00000] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\QBittorrent\QBittorrentProxy.cs:220
at NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentProxy.GetVersion (NzbDrone.Core.Download.Clients.QBittorrent.QBittorrentSettings settings) [0x00012] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\QBittorrent\QBittorrentProxy.cs:48
at NzbDrone.Core.Download.Clients.QBittorrent.QBittorrent.TestConnection () [0x00000] in C:\BuildAgent\work\5d7581516c0ee5b3\src\NzbDrone.Core\Download\Clients\QBittorrent\QBittorrent.cs:197


2018-10-31 14:13:13,250 DEBG 'sonarr' stdout output:
[Warn] NzbDroneErrorPipeline: Invalid request Validation failed:

-- Unknown exception: Failed to connect to qBittorrent, please check your settings.

EDIT: I have just noted that if i change the port or IP address, I get a response straight away of "unable to connect" but get a timeout issue if use the correct ipaddress:port details.

 

image.png.286c3fb2d8a970eeaffb32b99c679436.png

image.png.8429e49ac7bce531f17c1bd89e8ba7e0.png

 

EDIT: Step forward, if I disable the built-in VPN for both Deluge and qBit it Sonarr will connect without an issue.

 

EDIT: I didn't realise I wasn't on the latest version of unraid (6.6.3) and was running 6.5.x (can't remember which) it looks like deluge and qBittorrent will now connect with Sonarr, but I cannot access the WebUI from my laptop.

 

I am getting an error that says "couldn't save naming settings" now though.

Edited by karldonteljames
Added screenshots of timeout and unable to connect for correct and incorrect details. - Added Progress of VPN
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.