[Support] binhex - DelugeVPN


Recommended Posts

Having the issue where Deluge will not load the WebUi portal if VPN is set to 'yes'. Odd thing is no errors in logs (says WebUi started) and it was working for several days without any changes just stopped. If the VPN is set to 'no' the page loads immediately. I have tested setting to force port forwarding and appropriate forwarding server but same issue, was previously not using port forwarding and speed was fine.

 

#probably worth noting that I went to Deluge as Qbittorrent stopped the same way after working for months. Deluge is soo much better but why the random stop I'm not sure

 

 

Update:

Somehow the subnet was change, no idea how but once I noticed and correct working as expected.

Edited by ados
Wanted to add some extra
Link to comment

So I switched from QBT cause I couldn't get it running. Now I can't get this running. Or more specifically, the web UI.

 

Log says auth failed, but I know creds are correct. Using usenetserver.com. 

 

Thanks.

 

2019-04-24 17:27:23,103 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'chi-a27.wlvpn.com' --script-security 2 --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 209.107.210.29 1194 udp --remote-random --up /root/openvpnup.sh --up-delay --up-restart --keepalive 10 60 --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/chi-a27.ovpn'
[info] Starting OpenVPN...

2019-04-24 17:27:23,108 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 WARNING: file 'credentials.conf' is group or others accessible
Wed Apr 24 17:27:23 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Wed Apr 24 17:27:23 2019 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10

2019-04-24 17:27:23,108 DEBG 'start-script' stdout output:
[info] OpenVPN started

2019-04-24 17:27:23,108 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
[debug] Waiting for valid IP address from tunnel...

2019-04-24 17:27:23,109 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.210.29:1194

2019-04-24 17:27:23,109 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Apr 24 17:27:23 2019 UDP link local: (not bound)
Wed Apr 24 17:27:23 2019 UDP link remote: [AF_INET]209.107.210.29:1194

2019-04-24 17:27:23,143 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 TLS: Initial packet from [AF_INET]209.107.210.29:1194, sid=683e78dd 97d0f1ce

2019-04-24 17:27:23,176 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN

2019-04-24 17:27:23,176 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 VERIFY KU OK
Wed Apr 24 17:27:23 2019 Validating certificate extended key usage
Wed Apr 24 17:27:23 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Apr 24 17:27:23 2019 VERIFY EKU OK
Wed Apr 24 17:27:23 2019 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN

2019-04-24 17:27:24,346 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:24 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Apr 24 17:27:24 2019 [vpn] Peer Connection Initiated with [AF_INET]209.107.210.29:1194

2019-04-24 17:27:25,470 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:25 2019 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)

2019-04-24 17:27:25,504 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:25 2019 AUTH: Received control message: AUTH_FAILED
Wed Apr 24 17:27:25 2019 SIGTERM[soft,auth-failure] received, process exiting

 

image.thumb.png.db4bd1727436b656e327d6e4c01dc9f0.png

 

 

Link to comment
1 hour ago, dbinott said:

So I switched from QBT cause I couldn't get it running. Now I can't get this running. Or more specifically, the web UI.

 

Log says auth failed, but I know creds are correct. Using usenetserver.com. 

 

Thanks.

 


2019-04-24 17:27:23,103 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'chi-a27.wlvpn.com' --script-security 2 --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 209.107.210.29 1194 udp --remote-random --up /root/openvpnup.sh --up-delay --up-restart --keepalive 10 60 --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/chi-a27.ovpn'
[info] Starting OpenVPN...

2019-04-24 17:27:23,108 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 WARNING: file 'credentials.conf' is group or others accessible
Wed Apr 24 17:27:23 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Wed Apr 24 17:27:23 2019 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10

2019-04-24 17:27:23,108 DEBG 'start-script' stdout output:
[info] OpenVPN started

2019-04-24 17:27:23,108 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
[debug] Waiting for valid IP address from tunnel...

2019-04-24 17:27:23,109 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.107.210.29:1194

2019-04-24 17:27:23,109 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Apr 24 17:27:23 2019 UDP link local: (not bound)
Wed Apr 24 17:27:23 2019 UDP link remote: [AF_INET]209.107.210.29:1194

2019-04-24 17:27:23,143 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 TLS: Initial packet from [AF_INET]209.107.210.29:1194, sid=683e78dd 97d0f1ce

2019-04-24 17:27:23,176 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 VERIFY OK: depth=1, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=VPN, name=VPN, emailAddress=VPN

2019-04-24 17:27:23,176 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:23 2019 VERIFY KU OK
Wed Apr 24 17:27:23 2019 Validating certificate extended key usage
Wed Apr 24 17:27:23 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Apr 24 17:27:23 2019 VERIFY EKU OK
Wed Apr 24 17:27:23 2019 VERIFY OK: depth=0, C=US, ST=VPN, L=VPN, O=VPN, OU=VPN, CN=vpn, name=VPN

2019-04-24 17:27:24,346 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:24 2019 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
Wed Apr 24 17:27:24 2019 [vpn] Peer Connection Initiated with [AF_INET]209.107.210.29:1194

2019-04-24 17:27:25,470 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:25 2019 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)

2019-04-24 17:27:25,504 DEBG 'start-script' stdout output:
Wed Apr 24 17:27:25 2019 AUTH: Received control message: AUTH_FAILED
Wed Apr 24 17:27:25 2019 SIGTERM[soft,auth-failure] received, process exiting

 

image.thumb.png.db4bd1727436b656e327d6e4c01dc9f0.png

 

 

Who is your VPN provider?

Ensure you have their OpenVPN file and certificate in the relevant folder (/mnt/user/appdata/binhex-delugevpn/openvpn/)

Recheck your configuration i.e. passwords, VPN enpoint details

Link to comment

Just changed ISP to virgin Media from BT infinity...

 

Speeds seem to be capped at about 7-800KB now, anyone else epxeicned this? Is this a limitation on Virgins part?

 

Using Switzerland as my PIA destination with port forwarding set up, although I can't be sure this is working. Is there a way to confirm the port is indeed open?

 

 

Link to comment
11 minutes ago, Chamzamzoo said:

Just changed ISP to virgin Media from BT infinity...

 

Speeds seem to be capped at about 7-800KB now, anyone else epxeicned this? Is this a limitation on Virgins part?

 

Using Switzerland as my PIA destination with port forwarding set up, although I can't be sure this is working. Is there a way to confirm the port is indeed open?

 

 

my brother in law dumped virgin media for this reason he got the exact same speeds as you using this image and pia, i believe its not virgin media directly throttling traffic, its more to do with their so called "super" hubs which arent so super, options are put super hub in bridge mode and buy a real router to do the routing, or dump virgin media and go with another isp.

 

edit - worth a shot:- https://community.virginmedia.com/t5/Networking-and-WiFi/VPN-and-Super-Hub-3-fix/td-p/3800103

Edited by binhex
Link to comment
1 minute ago, binhex said:

my brother in law dumped virgin media for this reason he got the exact same speeds as you using this image and pia, i believe its not virgin media directly throttling traffic, its more to do with their so called "super" hubs which arent so super, options are put super hub in bridge mode and buy a real router to do the routing, or dump virgin media and go with another isp.

I've done the latter - got myself a better router (then built a pfSense box), and run it in modem mode (an old SuperHub was massively unreliable).  Get decent speeds, but worth doing anyway - saves you having to reconfigure everything when your ISP/box changes.

Link to comment

It was completely crippling the rest of my conneciton when DLing a torrent, speedtest.net wouldn't get a ping to begin the test, testmy.net was reporting 2Mbps.. 

 

I did find this:

https://www.privateinternetaccess.com/archive/forum/discussion/23112/anyone-having-torrent-slowdowns-please-read-this

 

Mushroom's post about Deluge and the ITConfig plugin to unset incoming and outgoing utp has helped the rest of the connection become uncrippled, but the torrents are still slow.

 

I am using the hub in Modem mode... my Velop router is taking care of the rest.. just outside my cooling off period as well.. 

 

1 minute ago, Cessquill said:

I've done the latter - got myself a better router (then built a pfSense box), and run it in modem mode (an old SuperHub was massively unreliable).  Get decent speeds, but worth doing anyway - saves you having to reconfigure everything when your ISP/box changes.

Did you get a new Modem or still using the superhub? I am in Modem mode at the minute and it's not really helping. 

Link to comment

im also a pfsense box convert, yes it cost me a LOT more (£280) than a commercial grade router BUT its significantly better in every way, you do get what you pay for.

 

To be clear im not a VM customer, im with a small ISP that lets me run any hardware i want.

Edited by binhex
Link to comment
4 minutes ago, Chamzamzoo said:

Did you get a new Modem or still using the superhub? I am in Modem mode at the minute and it's not really helping. 

Just the Superhub.  I'm in a town where CityFibre are currently laying Vodafone FTTP, so I'm in the queue there.

 

Oddly enough, I was looking at speedtest last night - sometimes couldn't connect at all, sometimes slow, sometimes great.  Trying to work out whether I'd got the latest 35 meg upload speed increase (I have).  I don't know much about Virgin's infrastructure (or networks in general), but Speedtest seemed to work better if speedtest connected to a Virgin server...

 

Fast.com seemed to get reliable results though.  I'll have a look at your findings later - thanks for sharing

Link to comment

I seem to have absolutley terrible performance with PIA in Sweden/Switzerland. Rubbish compared to NordVPN for downloads, and despite ports being forwarded correctly (as reported by the tracker) - still just crap upload too. Miserable would describe it :)

 

FWIW I used a Virgin Superhub 3 as a passthrough device (PPPoE) to a Mikrotik router that cost about £100 and it absolutely flew, line rate on anything I liked, as long as I wasn't using PIA (obviously their infrastructure comes into play there).

Edited by jmbrnt
Link to comment
3 minutes ago, Chamzamzoo said:

did you have more success with a different country, or just move to Nord?

 

Have you managed to configure Binhex Deluge with Nord? that's my next thing to try.

 

I have to say Sweden seems better than Switzerland, but my uploads are still messed up and my ratios are all taking a major hit compared to "no vpn". NORD was simple to set up, but as it doesn't support port forwarding at all you might find it not so great for uploads. Downloads however, fine.

 

I have used both but honestly I think PIA was a waste of money and I'll just risk it with no VPN :D

Link to comment
13 minutes ago, jmbrnt said:

I seem to have absolutley terrible performance with PIA in Sweden/Switzerland. Rubbish compared to NordVPN for downloads, and despite ports being forwarded correctly (as reported by the tracker) - still just crap upload too. Miserable would describe it :)

 

FWIW I used a Virgin Superhub 3 as a passthrough device (PPPoE) to a Mikrotik router that cost about £100 and it absolutely flew, line rate on anything I liked, as long as I wasn't using PIA (obviously their infrastructure comes into play there).

 

See I was fine the PIA on BT infinity, practically full linespeed for torrents. 

 

Only thing I've changed is moved to virgin media and now it sucks. Limited to ~900KB tops. 

 

Tried all the above, router is in modem mode..  don't really know if there's anything else to be done other than ditch VM.

Link to comment

One thing to try would be downloading a big binary file from a well hosted location, like an Ubuntu ISO (not torrent).

 

This one is hosted at Oxford uni, so should be pretty fast http://mirror.ox.ac.uk/sites/releases.ubuntu.com/releases/bionic/ubuntu-18.04.2-desktop-amd64.iso

 

I would wget it from inside Binhex's container and check the speed of the PIA tunnel against something that _should_ blast on Virgin Media

 

You'll need to add wget first:

 

pacman -S wget

then wget http://mirror.ox.ac.uk/sites/releases.ubuntu.com/releases/bionic/ubuntu-18.04.2-desktop-amd64.iso

(from inside the container's shell)

 

----

I just tried it and installing wget failed.. You could use a browser and the Privoxy function of the container, or the PIA application on your desktop etc to do the same test.

 

Edited by jmbrnt
Link to comment
1 hour ago, jmbrnt said:

would wget it from inside Binhex's container and check the speed of the PIA tunnel against something that _should_ blast on Virgin Media

i dont think this is going to get you anywhere, its not slow due to the fact that the user is using a torrent client (in fact the isp will not have a clue as to what is going on in the vpn tunnel), its more that virgin media super hub 3 chokes on encrypted traffic and thus the slow speeds. i would suspect if you were to do use wget then the speeds would be exactly the same, hitting a limit of somewhere around 1MB/s. there have been speculation that VM is throttling vpn traffic but i dont know of anybody who has proved this without doubt.

Link to comment

Yeah that's kind of what I was thinking, if the performance of a raw HTTP download is just as crappy as the torrent, then the problem is narrowed down to the VPN, or as you say, the hub. L2TP tunnel to AA.net.uk for a tenner a month? :)

Edited by jmbrnt
Link to comment

Could it be the type of VPN that VM is slow with? 

Using the OS X PIA app with killswitch on and IP checked to make sure, I DL'ed that file above at 5MB/s using the PIA client. Changed to Czech Republic and it was MUCH faster than France. 

Not sure if the app would be using OpenVPN or not..

Changed the Deluge VPN to Czech republic and restarted Deluge, just as slow.

 

Or is it a port issue? When you change locations with PIA you get a new forwarded port. Do you put this in the WebGUI Deluge preferences incoming and outgoing ports or in the Docker settings?
 

 

Also couldn't get wget to work:
 

Total Download Size:   0.61 MiB

Total Installed Size:  2.81 MiB

 

:: Proceed with installation? [Y/n] y

:: Retrieving packages...

error: failed retrieving file 'wget-1.20.1-3-x86_64.pkg.tar.xz' from mirror.pseudoform.org : The requested URL returned error: 404

error: failed retrieving file 'wget-1.20.1-3-x86_64.pkg.tar.xz' from mirror.pseudoform.org : The requested URL returned error: 404

error: failed retrieving file 'wget-1.20.1-3-x86_64.pkg.tar.xz' from archlinux.dynamict.se : The requested URL returned error: 404

error: failed retrieving file 'wget-1.20.1-3-x86_64.pkg.tar.xz' from arch.mirror.far.fi : Protocol "rsync" not supported or disabled in libcurl

error: failed retrieving file 'wget-1.20.1-3-x86_64.pkg.tar.xz' from mirror.pseudoform.org : Protocol "rsync" not supported or disabled in libcurl

warning: failed to retrieve some files

error: failed to commit transaction (download library error)

Errors occurred, no packages were upgraded.

 

 

Link to comment
7 minutes ago, Chamzamzoo said:

Could it be the type of VPN that VM is slow with? 

Using the OS X PIA app with killswitch on and IP checked to make sure, I DL'ed that file above at 5MB/s using the PIA client. Changed to Czech Republic and it was MUCH faster than France. 

Not sure if the app would be using OpenVPN or not..

Changed the Deluge VPN to Czech republic and restarted Deluge, just as slow.

 

Or is it a port issue? When you change locations with PIA you get a new forwarded port. Do you put this in the WebGUI Deluge preferences incoming and outgoing ports or in the Docker settings?
 

 

Also couldn't get wget to work:

 

 

Yeah sorry, as I said that didn't work. You can probably spend time to get wget working in the container - but it might not be worth it. It ~might~ be a different type of encryption being used in the application versis the .ovpn file that deluge container is using - binhex has a help thread where he mentions selecting a different algorithm if it's supported by the vpn endpoint, but I've not got any experience with that.

 

When you change location (or even reload the container) you will get a new port and likely a new IP. Binhex is very clever and his container automatically negotiates and configures this port inside deluge for you (as long as you're using PIA) - so you don't need to touch it.

Edited by jmbrnt
Link to comment

I see, that certainly is clever :)

 

Opening the ovpn files for the app and the one I uploaded to app-data, they are both using aes-128-cbc and other the settings are the same.

 

What do you do with the incoming and outgoing port settings in Deluge, they need a value? Set it to random? or is it irrelevant whatever you put in it?

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.