[Support] binhex - DelugeVPN

[nuhll]

I cant connect to the webui. (its 8112, correct?)

 

Ive set 192.168.86.0/24 so it should be correct.

 

Ive seen no errors in log

 

but where comes this ip from? -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT

 

Quote

 

2017-12-13 02:03:30,387 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.86.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.86.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
 

 

 

Doesnt make sense for me, it accepts on 172, which i dont use and accept 192.. on (not webui?) port.. 

Edited December 13, 2017 by nuhll

[joelstitch]

 
Okay so I got my deluge desktop GUI client working, I had to edit the /config/auth file to read admin:deluge:10, those were not the standard values in my case.
I have one question left;

• I have my downloads in a folder /mnt/disk1/downloads locally, but in the delugevpn container the mounted volume path to that folder is /downloads.
  This means that when I go into the desktop GUI client, I can't use "Open folder" function, or double click on a file to open, because I get a path error saying "/downloads is not found", since it's in the container. Is there a nice way to fix this, or do I need to set the path in the container to "/mnt/disk1/downloads"  too?

I have this same issue with other dockers containers like sonarr and radarr. The way I fixed it was by every container having the same exact path to the same folder. So if one used /downloads for the path /home/user the other containers have to also. I only encountered this issue because the programs I was using had to comunícate with each other.

Sent from my SM-N950U using Tapatalk

[nuhll]

OKay, i fixed my issue. Not even debug shown that port was wrong. (why does delunge ask for port, it should be if no port == use standard port) And it seems liek if it cant connect (which doesnt show in log) u cant access webui... 

How do i know the VPN is correct working and my ip wont show anywhere?

Edited December 13, 2017 by nuhll

[binhex]

7 hours ago, nuhll said:

How do i know the VPN is correct working and my ip wont show anywhere?

 

if you can access the deluge web interface AND the value for env var VPN_ENABLED = yes then you are protected, its as simple as that.

[unevent]

5 hours ago, binhex said:

 

if you can access the deluge web interface AND the value for env var VPN_ENABLED = yes then you are protected, its as simple as that.

 

Curious if you are routing DNS queries through the VPN tunnel or in the clear to Google servers?

[binhex]

1 hour ago, unevent said:

 

Curious if you are routing DNS queries through the VPN tunnel or in the clear to Google servers?

 

dns lookup is allowed to resolve the endpoint via the lan (stored in hosts file), after that dns lookup is vpn tunnel only (iptables prevent dns lookup on lan adapter).

[unevent]

2 hours ago, binhex said:

 

dns lookup is allowed to resolve the endpoint via the lan (stored in hosts file), after that dns lookup is vpn tunnel only (iptables prevent dns lookup on lan adapter).

 

Very good, thanks.

[xhaloz]

1 hour ago, unevent said:

 

Very good, thanks.

Isn't he a master at his containers?  I am fascinated.  I have a network background and I am very impressed with this.

[unevent]

1 minute ago, xhaloz said:

Isn't he a master at his containers?  I am fascinated.  I have a network background and I am very impressed with this.

 

Most of my containers are from Binhex, though I don't use any of the VPN wrapped which was why I asked the question.  I've found them to be the most stable and not crazy-fanatical about updating on what seems like every breath as some others do.  Which reminds me, need to send Christmas gift to put some kick in the eggnog.

[xhaloz]

14 minutes ago, unevent said:

 

Most of my containers are from Binhex, though I don't use any of the VPN wrapped which was why I asked the question.  I've found them to be the most stable and not crazy-fanatical about updating on what seems like every breath as some others do.  Which reminds me, need to send Christmas gift to put some kick in the eggnog.

Yeah I sent him an xmas gift today.  I like that it doesn't update all the time.  Updates make me nervous because it could break the kill switch which is no bueno. 

[7thSon]

How do I get plugin and connection manager settings to persist? No plugins remain enabled after container restart, and I have to manually go into the connection manager and click "connect" on every container launch to connect to the daemon.

[wgstarks]

26 minutes ago, 7thSon said:

and I have to manually go into the connection manager and click "connect" on every container launch to connect to the daemon.

You need to adjust your connection manager settings.

[nuhll]

I dont have this options, but i dont have problems (besides that sonarr and radarr are not really working for torrent downloading for non en movies)

[7thSon]

1 hour ago, wgstarks said:

You need to adjust your connection manager settings.

I have that setting checked already, just like in the picture, it doesn't auto-connect.

 

It actually does, but I had to give the container some time in my launch script to start up, then launch the Deluge GUI, and now it works.

Edited December 14, 2017 by 7thSon

[wgstarks]

1 minute ago, 7thSon said:

I have that setting checked already, just like in the picture, it doesn't auto-connect.

Might try posting in the Deluge forum. Probably a lot more experienced users there.

[7thSon]

Is there a way to get the delugevpn container's public/external ip from the host?

Want to put the container ip in conky, and hopefully grab it from a command in the host machine.

[Invincible]

Which port should i be forwarding if im using this with PIA? Is it just 58946?

[strike]

42 minutes ago, Invincible said:

Which port should i be forwarding if im using this with PIA? Is it just 58946?

None. Connect to one of the endpoints that support port forwarding, that's it. And enable strict port forwarding in the container settings

[mathgeek97]

On 12/5/2017 at 4:35 PM, Neo_999 said:

Just posting a NordVPN possible error fix:

 

I am a NordVPN user and this is my first time configuring DelugeVPN in unRaid. I have followed throughly the Newbie VPN Guide (in binhex - General thread) and have reconfigured the docker several times but, when launching the WebUI, I would always get the "Not connected" error.

 

I noticed that the supervisord.log file was ending with the line:

 

[debug] Waiting for valid IP address from tunnel...

 

And it would hang there indefinitely. A couples lines above that, there was this error:

 

Options error: --keepalive conflicts with --ping, --ping-exit, or --ping-restart.  If you use --keepalive, you don't need any of the other --ping directives.
Use --help for more information.

 

So opening the server .ovpn file turns out that it defines a couple of parameters, amongst them:

 

ping 15
ping-restart 0

 

I have deleted those two lines from the .ovpn file and after that DelugeVPN worked as supposed to.

 

Hope I can help someone out there.

 

I just noticed this post.  Did you ever get this to work with NordVPN? I've not had any problems.

I never edited the .ovpn file. Make sure you're grabbing a udp file, not tcp.

I have my dockers in a share, Container, which is not shared.  So, I end up putting the .ovpn file in

/mnt/user/Containers/appdata/binhex-delugevpn/openvpn/

This directory has two files,

credentials.conf

usNNNN.nordvpn.com.udp1194.ovpn

The credentials.conf file has two lines, my username and the plain-text password:

[email protected]

MyPlainTextPassword

 

Both files have chmod 775 and user.group is set to nobody.users

 

Under the DelugeVPN settings, you just need:

VPN_ENABLED       yes

VPN_PROV              custom

 

Nothing else was touched (but, I originally put my username/password as plain text in the settings page).

Hope this helps.

 

[Trexx]

DelugeVPN docker container had been working previously, now I am seeing continuous recycling of the openvpn connection.

 

This error message seems to be showing up all the time related to it:

 

2017-12-18 08:32:13,964 DEBG 'start-script' stdout output:
Mon Dec 18 08:32:13 2017 us=964106 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Dec 18 08:32:13 2017 us=964142 /usr/bin/ip route add 0.0.0.0/1 via 172.21.90.1

 

Any suggestions what is causing this?  I tried deleting rebuilding the container, no impact.

 

[binhex]

12 minutes ago, Trexx said:

DelugeVPN docker container had been working previously, now I am seeing continuous recycling of the openvpn connection.

 

This error message seems to be showing up all the time related to it:

 

2017-12-18 08:32:13,964 DEBG 'start-script' stdout output:
Mon Dec 18 08:32:13 2017 us=964106 ERROR: Linux route add command failed: external program exited with error status: 2
Mon Dec 18 08:32:13 2017 us=964142 /usr/bin/ip route add 0.0.0.0/1 via 172.21.90.1

 

Any suggestions what is causing this?  I tried deleting rebuilding the container, no impact.

 

 

not without a full log, no, do the following:-

 

 

 

[wgstarks]

18 minutes ago, zin105 said:

I sometimes get this error in my syslog and wanted to ask here what it's about:

HTPC kernel: TCP: request_sock_TCP: Possible SYN flooding on port 63167. Sending cookies. Check SNMP counters.

 

63167 is the incomming port I manually set in Deluge. I don't have SNMP installed on my unRAID box.

There was some discussion of this a while back. Typically the error is only generated immediately after the docker starts and seems to be related to multiple torrent seeds all starting at once. Couldn’t find a real solution for mine. I just ignore them as long as they aren’t recurring.

 

There is a work around of sorts if you really want to try to suppress the error-

https://forums.lime-technology.com/topic/61544-how-to-modify-etcsysctlconf-on-boot/

 

It worked for a while on my system until the number or torrents I was seeding became large enough to exceed the threshold I had set. If you don’t do much seeding it might work for you.

[Trexx]

2 hours ago, binhex said:

 

not without a full log, no, do the following:-

 

 

 

 

 

Here is the full log file.

supervisord.log

[binhex]

3 hours ago, Trexx said:

 

 

Here is the full log file.

supervisord.log

 

your lan is incorrectly defined, from your log:-

 

[info] LAN_NETWORK defined as '192.168.0.0/24'

 

see here for help, Q3:-

 

 

[Trexx]

5 minutes ago, binhex said:

 

your lan is incorrectly defined, from your log:-

 

[info] LAN_NETWORK defined as '192.168.0.0/24'

 

see here for help, Q3:-

 

 

 

Since the Docker NW is using a NAT network, I use the docker NAT scope then and not the physical host?