[Support] binhex - DelugeVPN


Recommended Posts

24 minutes ago, stevep94 said:

Morning all,

 

I've not used Deluge for quite a wile but I've come to it this morning and I can't get the web UI to even load!?!?

 

I've had this issue before but it has usually just sorted itself out after a minute or so and the UI loads but today I've been trying for 20 minutes or so and nothing!

 

I've read some of the last couple of pages, specifically in relation to PIA having changed some settings (Sweden rings a bell for me but it's so long ago that I get it set up I can't remember how to check!) - but could this change be affecting whether I can get into the UI??

Temporarily set VPN_ENABLED to no and see if that fixes your access issue. 

  • Like 1
Link to comment
Just now, stridemat said:

Temporarily set VPN_ENABLED to no and see if that fixes your access issue. 

Thanks for the quick reply!

 

I actually took a chance (not understanding the vast majority of this!) and generated a new VPN config via the PIA website and replaced my old Sweden one and it's now working!

 

The thing I couldn't get my head around was the UI itself not loading - I mean I could understand if I'd tried to download a torrent and it didn't work but I assumed my local access to the UI wouldn't be affected by the VPN configuration!?!? (but again, I don't understand most of these settings anyway!)

Link to comment
1 minute ago, stevep94 said:

Thanks for the quick reply!

 

I actually took a chance (not understanding the vast majority of this!) and generated a new VPN config via the PIA website and replaced my old Sweden one and it's now working!

 

The thing I couldn't get my head around was the UI itself not loading - I mean I could understand if I'd tried to download a torrent and it didn't work but I assumed my local access to the UI wouldn't be affected by the VPN configuration!?!? (but again, I don't understand most of these settings anyway!)

If VPN_ENABLED is set to yes but there is no valid VPN connection/configuration then the web GUI will not open. 

  • Like 1
Link to comment

I've noticed some strange problems over the past few weeks-- mostly torrent time-out errors, and now I'm getting the "Error: end of file" on random files from one particular tracker. I thought it might be a problem with the particular AirVPN server I was using, so I restarted the container a few days ago, but the errors just creeped back. Any idea what might  be going wrong? My fear is that might be because of the number of torrents I have (~2500 unpaused). I have the ltConfig plugin set up and adjusted, and that fixed errors that arose when I hit around 2,000 torrents, so I'm hoping it's something that can be fixed by playing around with those settings. Strange that rebooting the Deluge docker fixes the timeout errors for a few days.

 

Actually, it seems the "Error: end of file" error I'm receiving from torrents for one particular tracker is not fixed by rebooting the container, so I have no clue what's going on there.

 

I'm running the latest version of the Binhex DockerDelugeVPN via AirVPN.

 

e: rechecking the torrents does not seem to fix the "Error: end of file" problem

Edited by Ranzingabon Hagglesmith
Link to comment

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).

 

What this means is that the image will now loop through the entire list, for example, pia port forward enabled endpoints, all you need to do is edit your ovpn config file and add the remote endpoints at the top and sort into the order you want them to be tried, an example pia ovpn file is below (mine):-

remote ca-toronto.privateinternetaccess.com 1198 udp
remote ca-montreal.privateinternetaccess.com 1198 udp
remote ca-vancouver.privateinternetaccess.com 1198 udp
remote de-berlin.privateinternetaccess.com 1198 udp
remote de-frankfurt.privateinternetaccess.com 1198 udp
remote france.privateinternetaccess.com 1198 udp
remote czech.privateinternetaccess.com 1198 udp
remote spain.privateinternetaccess.com 1198 udp
remote ro.privateinternetaccess.com 1198 udp
client
dev tun
resolv-retry infinite
nobind
persist-key
# -----faster GCM-----
cipher aes-128-gcm
auth sha256
ncp-disable
# -----faster GCM-----
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

 

I did look at multi ovpn file support, but this is easier to do and as openvpn supports multi remote lines, it felt like the most logical approach.

 

note:- Due to ns lookup for all remote lines, and potential failure and subsequent try of the next remote line, time to initialisation of the app may take longer.

 

p.s. I dont want to talk about how difficult this was to shoe horn in, i need to lie down in a dark room now and not think about bash for a while :-), any issues let me know!.

  • Like 4
  • Thanks 4
Link to comment

I'm currently set to use the Czech endpoint.  We had a power outage this afternoon and it took two hours for the connection to come up afterwards.  I think that all the endpoints still work but (depending on load?) it may take some considerable time for the connection to establish.

Link to comment
1 minute ago, PeterB said:

I'm currently set to use the Czech endpoint.  We had a power outage this afternoon and it took two hours for the connection to come up afterwards.  I think that all the endpoints still work but (depending on load?) it may take some considerable time for the connection to establish.

give my code changes above a whirl, whilst i am still seeing exit code 52/56 reported it now cycles through the different endpoints and on average im now getting a working incoming port and web ui within around 5 mins.

Link to comment

Just updated, working fine now. I did have to remove Montreal from the config code, as in the logs it seemed to stick at the "attempting to get a dynamically assigned port" part, but not sure what that would be down to (I assume PIA or me!). After that, I reordered them to try Spain first, which failed, then Berlin which worked. Appreciate the work, binhex!

 

Link to comment

After updating the container, I was able to connect after the logs showed "7 retries left".  To help me understand what's going on here, did it retry several times on my top endpoint and just got lucky after 7 attempts on the same endpoint (Toronto) or was the script cycling through endpoints on each try (success on Chezch endpoint using the same list as you)?

Link to comment
31 minutes ago, xxDeadbolt said:

as in the logs it seemed to stick at the "attempting to get a dynamically assigned port" part,

yeah it should timeout after a max of 120 secs, basically the pia api is so sick/overloaded it wont respond, and thus curl is left attempting to connect with multiple retries, if it happens again then leave it and see if it eventually continues to the next host.

Link to comment
56 minutes ago, ThatCanuck said:

After updating the container, I was able to connect after the logs showed "7 retries left".  To help me understand what's going on here, did it retry several times on my top endpoint and just got lucky after 7 attempts on the same endpoint (Toronto) or was the script cycling through endpoints on each try (success on Chezch endpoint using the same list as you)?

check the /config/supervisord.log file, it will tell you

Link to comment

I haven't been able to connect since after the updated it just hangs on trying to make a connection to mullvad vpn. Was working yesterday. Tried restarting multiple times and waited for it to connect for 15+ minutes. Connection works from other computers fine. I can telnet to the IP over port 443 from the unraid server

 

Any help would be appreciated

 


2020-09-21 10:42:55,790 DEBG 'start-script' stdout output:
Mon Sep 21 10:42:55 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]104.200.129.150:443
Mon Sep 21 10:42:55 2020 Socket Buffers: R=[87380->1048576] S=[65536->1048576]
Mon Sep 21 10:42:55 2020 Attempting to establish TCP connection with [AF_INET]104.200.129.150:443 [nonblock]

2020-09-21 10:43:27,794 DEBG 'start-script' stdout output:
Mon Sep 21 10:43:27 2020 TCP: connect to [AF_INET]104.200.129.150:443 failed: Connection timed out
Mon Sep 21 10:43:27 2020 SIGHUP[connection failed(soft),init_instance] received, process restarting

2020-09-21 10:43:27,795 DEBG 'start-script' stdout output:
Mon Sep 21 10:43:27 2020 WARNING: file 'credentials.conf' is group or others accessible
Mon Sep 21 10:43:27 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Mon Sep 21 10:43:27 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10

2020-09-21 10:43:27,796 DEBG 'start-script' stdout output:
Mon Sep 21 10:43:27 2020 Restart pause, 5 second(s)

 

Here is my openvpn script

 

remote 104.200.129.150 443
client
dev tun
proto tcp-client

remote-random

cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288

auth-user-pass credentials.conf
ca mullvad_ca.crt

tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"

Edited by Zervun
Link to comment

Hey Binhex!!!

Huge fan of all the great apps you make.

I like other people have been having quite a few issues with PIA regarding previous/current configurations and their mess with Next Gen Servers

 

Do you have any comprehensive guides to what has to be done to get current connections? What specific OVPN files we need to use?

 

Any testing or validation I can help with?

 

EDIT: Just found this, the info added an hour ago may be helpful

 

 

Edited by Blindkitty38
Link to comment
1 hour ago, Zervun said:

I haven't been able to connect since after the updated it just hangs on trying to make a connection to mullvad vpn. Was working yesterday. Tried restarting multiple times and waited for it to connect for 15+ minutes. Connection works from other computers fine. I can telnet to the IP over port 443 from the unraid server

 

Any help would be appreciated

 


2020-09-21 10:42:55,790 DEBG 'start-script' stdout output:
Mon Sep 21 10:42:55 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]104.200.129.150:443
Mon Sep 21 10:42:55 2020 Socket Buffers: R=[87380->1048576] S=[65536->1048576]
Mon Sep 21 10:42:55 2020 Attempting to establish TCP connection with [AF_INET]104.200.129.150:443 [nonblock]

2020-09-21 10:43:27,794 DEBG 'start-script' stdout output:
Mon Sep 21 10:43:27 2020 TCP: connect to [AF_INET]104.200.129.150:443 failed: Connection timed out
Mon Sep 21 10:43:27 2020 SIGHUP[connection failed(soft),init_instance] received, process restarting

2020-09-21 10:43:27,795 DEBG 'start-script' stdout output:
Mon Sep 21 10:43:27 2020 WARNING: file 'credentials.conf' is group or others accessible
Mon Sep 21 10:43:27 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Mon Sep 21 10:43:27 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10

2020-09-21 10:43:27,796 DEBG 'start-script' stdout output:
Mon Sep 21 10:43:27 2020 Restart pause, 5 second(s)

 

Here is my openvpn script

 

remote 104.200.129.150 443
client
dev tun
proto tcp-client

remote-random

cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288

auth-user-pass credentials.conf
ca mullvad_ca.crt

tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"

please do the following:- https://github.com/binhex/documentation/blob/master/docker/faq/help.md

 

Link to comment
19 minutes ago, Blindkitty38 said:

Hey Binhex!!!

Huge fan of all the great apps you make.

I like other people have been having quite a few issues with PIA regarding previous/current configurations and their mess with Next Gen Servers

 

Do you have any comprehensive guides to what has to be done to get current connections? What specific OVPN files we need to use?

 

Any testing or validation I can help with?

https://forums.unraid.net/topic/44109-support-binhex-delugevpn/?do=findComment&comment=894942

 

Link to comment
7 hours ago, binhex said:

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).

 

What this means is that the image will now loop through the entire list, for example, pia port forward enabled endpoints, all you need to do is edit your ovpn config file and add the remote endpoints at the top and sort into the order you want them to be tried, an example pia ovpn file is below (mine):-


remote ca-toronto.privateinternetaccess.com 1198 udp
remote ca-montreal.privateinternetaccess.com 1198 udp
remote ca-vancouver.privateinternetaccess.com 1198 udp
remote de-berlin.privateinternetaccess.com 1198 udp
remote de-frankfurt.privateinternetaccess.com 1198 udp
remote france.privateinternetaccess.com 1198 udp
remote czech.privateinternetaccess.com 1198 udp
remote spain.privateinternetaccess.com 1198 udp
remote ro.privateinternetaccess.com 1198 udp
client
dev tun
resolv-retry infinite
nobind
persist-key
# -----faster GCM-----
cipher aes-128-gcm
auth sha256
ncp-disable
# -----faster GCM-----
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

 

I did look at multi ovpn file support, but this is easier to do and as openvpn supports multi remote lines, it felt like the most logical approach.

 

note:- Due to ns lookup for all remote lines, and potential failure and subsequent try of the next remote line, time to initialisation of the app may take longer.

 

p.s. I dont want to talk about how difficult this was to shoe horn in, i need to lie down in a dark room now and not think about bash for a while :-), any issues let me know!.

This seems to have worked. Thank you!

Link to comment
19 minutes ago, Zervun said:

Done and attached - could it be something to do with the fact that I have remote as IP addresses and not names? I read that it does an nslookup on all remote

supervisord.log 51.67 kB · 0 downloads

thanks for the log, ive spotted the issue, its this:-

2020-09-21 11:50:01,367 DEBG 'start-script' stderr output:
iptables v1.8.5 (legacy): unknown protocol "tcp-client" specified
Try `iptables -h' or 'iptables --help' for more information.

2020-09-21 11:50:01,394 DEBG 'start-script' stderr output:
iptables v1.8.5 (legacy): unknown protocol "tcp-client" specified
Try `iptables -h' or 'iptables --help' for more information.

so annoyingly openvpn uses 'tcp-client' and iptables uses 'tcp' so there has to be some modification of the value to account for this, i did previously have this in place but things have changed so i need to rework the check, on a fix now, should have something within the hour...

Link to comment

Just wanted to chime and say thank you to all who have been discussing the recently issues with PIA VPN and Deluge. I noticed today that my Sonarr+Deluge setup had not been working for a couple weeks (I ran out of new content to watch in Plex). After reading around 15 pages of posts on this matter here, I was able to try a dozen different variables within Deluge and my PIA OpenVPN files until one combo finally worked.

 

I reused my old ca-toronto OVPN file with new versions of the PEM/Cert files and disabled port forwarding in the Deluge config. That was the magic solution that worked for me. I also learned about Jackett today and got that implemented within minutes.

 

Thank you again to everyone who posted info about this issue. It was much appreciated!

Link to comment
6 minutes ago, binhex said:

thanks for the log, ive spotted the issue, its this:-


2020-09-21 11:50:01,367 DEBG 'start-script' stderr output:
iptables v1.8.5 (legacy): unknown protocol "tcp-client" specified
Try `iptables -h' or 'iptables --help' for more information.

2020-09-21 11:50:01,394 DEBG 'start-script' stderr output:
iptables v1.8.5 (legacy): unknown protocol "tcp-client" specified
Try `iptables -h' or 'iptables --help' for more information.

so annoyingly openvpn uses 'tcp-client' and iptables uses 'tcp' so there has to be some modification of the value to account for this, i did previously have this in place but things have changed so i need to rework the check, on a fix now, should have something within the hour...

Ah makes sense - annoying. I see it now and missed it when looking through the log.

 

Thanks for looking at this! I really appreciate it!

Link to comment
18 minutes ago, Zervun said:

Ah makes sense - annoying. I see it now and missed it when looking through the log.

 

Thanks for looking at this! I really appreciate it!

fix is tested and in, image is building, please pull down the image in about 1 hour from now.

 

edit - docker hub was fast tonight, please pull down now

Edited by binhex
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.