Jump to content
binhex

[Support] binhex - DelugeVPN

6101 posts in this topic Last Reply

Recommended Posts

17 hours ago, methanoid said:

@binhex or any other clever persons

 

For uninteresting reasons, I need to run this Docker on a Windows machine. I installed Docker for Windows but I cannot seem to get my command line right. I'm using the default Linux containers

 

docker run -d --cap-add=NET_ADMIN -p 8112:8112 -p 8118:8118 -p 58846:58846 -p 58946:58946 --name=DelugeVPN -v F:\Downloads\:/data -v F:\:/config -v F:\:/etc/localtime:ro -e VPN_ENABLED=yes -e VPN_USER=username -e VPN_PASS=password -e VPN_PROV=Other -e STRICT_PORT_FORWARD=yes -e ENABLE_PRIVOXY=yes -e LAN_NETWORK=192.168.0.1/24 -e NAME_SERVERS=209.222.18.222,37.235.1.174,1.1.1.1,8.8.8.8,209.222.18.218,37.235.1.177,1.0.0.1,8.8.4.4 -e DEBUG=false -e UMASK=000 -e PUID=0 -e PGID=0 binhex/arch-delugevpn

 

Its the drive mappings that don't work. Exerpt:

-v <path for data files>:/data \ -v <path for config files>:/config \ -v /etc/localtime:/etc/localtime:ro \

 

I want my Downloads in F:\Downloads, my config files in WhoKnowsWhere?! and the Localtime???

 

docker: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \"rootfs_linux.go:58: mounting \\\"/host_mnt/f\\\" to rootfs \\\"/var/lib/docker/overlay2/c4d578ed905c47b432f86affb37da3fff086c054139b50eb45e1227f5ca3b8b1/merged\\\" at \\\"/var/lib/docker/overlay2/c4d578ed905c47b432f86affb37da3fff086c054139b50eb45e1227f5ca3b8b1/merged/usr/share/zoneinfo/UTC\\\" caused \\\"not a directory\\\"\"": unknown: Are you trying to mount a directory onto a file (or vice-versa)? Check if the specified host path exists and is the expected type.

 

And I am somewhat at a loss to work out where I can insert the appropriate OVPN file... was easy on unRAID - /mnt/cache/DelugeVPN or whatever!! On windows who knows!!

 

Anyone able to help please?

disclaimer - i have no experience with docker on windows.

 

so it looks like you need to do some setup before you can use the paths you want to use on the host, see here for a really good step by step guide on how to do this, watch out for the slashes, they need to be forward slashes not backslashes:-

 

https://rominirani.com/docker-on-windows-mounting-host-directories-d96f3f056a2c

Share this post


Link to post
17 minutes ago, binhex said:

disclaimer - i have no experience with docker on windows.

 

so it looks like you need to do some setup before you can use the paths you want to use on the host, see here for a really good step by step guide on how to do this, watch out for the slashes, they need to be forward slashes not backslashes:-

 

https://rominirani.com/docker-on-windows-mounting-host-directories-d96f3f056a2c

 

Thanks. I did have my slashes wrong but the issue seems to be how to map the /etc/localtime.. No idea what happens with Windows and that...   I guess I need to find another way to be able to run VPN/Privoxy where my Sonarr/Radarr/etc can access the VPN without having to run a "global" VPN that routes ALL my traffic through it...  Have to say it was all MUCH easier on the unRAID box... ;)

Share this post


Link to post
1 minute ago, methanoid said:

 

Thanks. I did have my slashes wrong but the issue seems to be how to map the /etc/localtime.. No idea what happens with Windows and that...   I guess I need to find another way to be able to run VPN/Privoxy where my Sonarr/Radarr/etc can access the VPN without having to run a "global" VPN that routes ALL my traffic through it...  Have to say it was all MUCH easier on the unRAID box... ;)

option perhaps?

Quote

but looks like you can solve this going to Hyper-V manager and setting time sync:
MobyLinuxVM > Settings > Integration Services > Time synchronization

you dont need that map to /etc/localtime that is purely there to sync time with the host, so it should start up if you dont do the sync, obviously time drift may occur.

Share this post


Link to post

Hi Synology users in case you missed the github issue the problem with dig has now been worked around and you can now pull latest tagged image, the same is true for the other VPN docker images that I have produced.

Sent from my SM-G935F using Tapatalk

Share this post


Link to post

My server crashed today, and when i restarted it DelugeVPN docker was just gone. I tried to reload the docker from Add Container > select a template > binnhex-delugevpn and i get an error message 

 

Error: failed to register layer: rename /var/lib/docker/image/btrfs/layerdb/tmp/write-set-892098440 /var/lib/docker/image/btrfs/layerdb/sha256/7a58580c00cb71299a3075ec8da5e0f417de5ed8d98983260b4aa8af9b99319c: file exists

Share this post


Link to post
1 hour ago, binhex said:

Hi Synology users in case you missed the github issue the problem with dig has now been worked around and you can now pull latest tagged image, the same is true for the other VPN docker images that I have produced.

Sent from my SM-G935F using Tapatalk
 

Awesome, thanks man!

Share this post


Link to post
11 hours ago, UntouchedWagons said:

Do I use SOCKS5 or HTTP or what with privoxy? I tried both with curl and curl was unable to connect to privoxy both times

privoxy is a http/https proxy, no socks support. most people are targeting privoxy via applications such as sonarr/radarr etc not curl and that works fine, getting curl to honour the proxy would need further investigation, but i would assume its possible.

Share this post


Link to post
11 hours ago, binhex said:

privoxy is a http/https proxy, no socks support. most people are targeting privoxy via applications such as sonarr/radarr etc not curl and that works fine, getting curl to honour the proxy would need further investigation, but i would assume its possible.

I've tried

curl --proxy http://192.168.0.5:8118 https://ipinfo.io/ip

and

curl --proxy https://192.168.0.5:8118 https://ipinfo.io/ip

Neither work, curl times out in both instances. What is LAN_NETWORK used for? Is that for an ACL for Privoxy or something else?

 

[Edit] Apparently so, changing LAN_NETWORK to 192.168.0.0/24 lets me use the proxy

Edited by UntouchedWagons

Share this post


Link to post

This has probably been answered. Sorry if so. I could be blind or just suck on searching.

Is there a way to use the Privoxy from containers running on br0 with assigned ips? I think I understand the limitations when running on br0 (the custom one that came with unraid, using macvlan) and contacting containers running on the same machine on "bridge" network. The dream is running binhex-privoxy with vpn, on container running at br0. ;)

Sonarr and Radarr (amongst others) are running on br0. Only container running on bridge is this one. Because it requires it?
Can't use privoxy from sonarr or radarr if not moving them to bridge?

Edit: Using something like external socks proxy directly is not an option. Makes sonarr and radarr use like 200% cpu for hours and hours. Something about the proxy host resolving to many ip's and creating connections that never close..

Edited by Niklas
Spelling and stuff...

Share this post


Link to post

I have installed following Spaceinvaders video and I can add torrents but they will not start. They stay paused.

unRAID 6.6.2

Edited by Zenophobe
added os

Share this post


Link to post
1 hour ago, Zenophobe said:

I have installed following Spaceinvaders video and I can add torrents but they will not start. They stay paused.

unRAID 6.6.2

i had the same thing happen to me, i never could find a solution i now use transmission, and everything is working as it should with radarr/sonarr

Share this post


Link to post
On 10/27/2018 at 4:12 AM, Zenophobe said:

I have installed following Spaceinvaders video and I can add torrents but they will not start. They stay paused.

unRAID 6.6.2

if they wont start then its possible you have one or more of the following issues:-

 

1. badly defined downloads folder - if this is not set correctly it wont be able to download, check your partial downloads folder as well as your completed folder.

2. no incoming port - if you dont have a open incoming port then you will be limited as to what peers you can connect to

Share this post


Link to post

Hello guys, I was having an issue and managed to solve it, However I'm not sure if this is the right place to post it.

 

I downloaded the OVPN files from PIA and copied all the necessary files and the supervisord.log kept showing there were no OVPN files... Took me too long to finally see that the OVPN file did not have the ".ovpn" extension. I simply had to edit the edit to add the extension and everything worked fine.

Every one of the files was missing the ".ovpn" extension. I downloaded it again to verify and could confirm. I'm not sure if this is for some reason only happening with me.

Share this post


Link to post
4 hours ago, Azyx said:

Hello guys, I was having an issue and managed to solve it, However I'm not sure if this is the right place to post it.

 

I downloaded the OVPN files from PIA and copied all the necessary files and the supervisord.log kept showing there were no OVPN files... Took me too long to finally see that the OVPN file did not have the ".ovpn" extension. I simply had to edit the edit to add the extension and everything worked fine.

Every one of the files was missing the ".ovpn" extension. I downloaded it again to verify and could confirm. I'm not sure if this is for some reason only happening with me.

yeah you are right, pia have changed their zipped ovpn config files and removed the extension, how annoying grrrrr. ok well you did the right thing, i will contact pia and see if they will change it to have the extension again, no promises though as pia support isnt too fantastic.

Share this post


Link to post

 

Afternoon all, I'm trying to setup delugevpn, I've got it installed and pointed to my downloads share on UnRaid, if I set VPN to no, then I can connect to the webui without any problems. If I enable the VPN it doesn't seem to connect to my VPN server. My log shows the following: IP address changed to 172.X.X.X for privacy but this is showing a real IP address.

 

In the openvpn folder I have the ovpn config file, Wdc.key and Ca.crt. I'm having the same issue with qbittorrentvpn but Transmission_VPN is connecting ok. (I'm moving from using a VM on unraid to using the dockers)

 

Any help would be appreciated.

 

ErrorWarningSystemArrayLogin


BASH_ARGC=()
BASH_ARGV=()
BASH_CMDS=()
BASH_LINENO=([0]="0")
BASH_SOURCE=([0]="/root/start.sh")

2018-10-30 15:44:29,245 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,245 INFO success: deluge-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,246 INFO success: deluge-web-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,246 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2018-10-30 15:44:29,247 DEBG 'start-script' stdout output:
BASH_VERSINFO=([0]="4" [1]="4" [2]="23" [3]="1" [4]="release" [5]="x86_64-unknown-linux-gnu")
BASH_VERSION='4.4.23(1)-release'
DEBUG=true
DIRSTACK=()
ENABLE_PRIVOXY=yes
EUID=0

)
HOME=/home/nobody
HOSTNAME=7dbaf2c713ab
HOSTTYPE=x86_64
HOST_OS=unRAID
IFS=$' \t\n'
LANG=en_GB.UTF-8
LAN_NETWORK=192.168.10.0/24
MACHTYPE=x86_64-unknown-linux-gnu
NAME_SERVERS=209.222.18.222,37.235.1.174,1.1.1.1,8.8.8.8,209.222.18.218,37.235.1.177,1.0.0.1,8.8.4.4
OPTERR=1
OPTIND=1
OSTYPE=linux-gnu
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PGID=100
PIPESTATUS=([0]="0")
PPID=7
PS4='+ '
PUID=99
PWD=/
SHELL=/bin/bash
SHELLOPTS=braceexpand:hashall:interactive-comments
SHLVL=1
STRICT_PORT_FORWARD=yes
SUPERVISOR_ENABLED=1
SUPERVISOR_GROUP_NAME=start-script
SUPERVISOR_PROCESS_NAME=start-script
TCP_PORT_58846=58846
TCP_PORT_58946=58946
TCP_PORT_8112=8112
TCP_PORT_8118=8118
TERM=xterm
TZ=Europe/London
UDP_PORT_58946=58946
UID=0

0
VPN_CONFIG=/config/openvpn/Romania-Bucharest-TCP.ovpn
VPN_DEVICE_TYPE=tun0
VPN_ENABLED=yes
VPN_OPTIONS=
VPN_PASS=mmocz7yy
VPN_PORT=80
VPN_PROTOCOL=tcp-client
VPN_PROV=custom
VPN_REMOTE=ro1-ovpn-tcp.pointtoserver.com
VPN_USER=purevpn0s4804519
_='[debug] Environment variables defined as follows'
[debug] Directory listing of files in /config/openvpn as follows

2018-10-30 15:44:29,248 DEBG 'deluge-script' stdout output:
[info] Deluge config file already exists, skipping copy

2018-10-30 15:44:29,252 DEBG 'deluge-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2018-10-30 15:44:29,253 DEBG 'deluge-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-10-30 15:44:29,256 DEBG 'start-script' stdout output:
total 16
drwxrwxr-x 1 nobody users 110 Oct 30 15:44 .
drwxrwxr-x 1 nobody users 80 Oct 30 14:26 ..
-rwxrwxr-x 1 nobody users 1667 Oct 30 14:18 ca.crt
-rwxrwxr-x 1 nobody users 26 Oct 30 15:43 credentials.conf
-rwxrwxr-x 1 nobody users 265 Oct 30 15:44 Romania-Bucharest-TCP.ovpn
-rwxrwxr-x 1 nobody users 657 Oct 30 14:18 Wdc.key

2018-10-30 15:44:29,260 DEBG 'privoxy-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-10-30 15:44:29,297 DEBG 'start-script' stdout output:
[debug] Contents of ovpn file /config/openvpn/Romania-Bucharest-TCP.ovpn as follows...

2018-10-30 15:44:29,297 DEBG 'start-script' stdout output:
remote ro1-ovpn-tcp.pointtoserver.com 80
client
dev tun
proto tcp-client
nobind
persist-key
cipher AES-256-CBC

key-direction 1

verb 1
mute 20
float
route-delay 2
auth-user-pass credentials.conf
auth-retry interact
ifconfig-nowarn
ca ca.crt
tls-auth Wdc.key 1

2018-10-30 15:44:29,303 DEBG 'start-script' stdout output:
[info] Default route for container is 192.168.10.254

2018-10-30 15:44:29,305 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.222 to /etc/resolv.conf

2018-10-30 15:44:29,307 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2018-10-30 15:44:29,309 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2018-10-30 15:44:29,310 DEBG 'start-script' stdout output:
[info] Adding 8.8.8.8 to /etc/resolv.conf

2018-10-30 15:44:29,312 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2018-10-30 15:44:29,314 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2018-10-30 15:44:29,316 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2018-10-30 15:44:29,317 DEBG 'start-script' stdout output:
[info] Adding 8.8.4.4 to /etc/resolv.conf

2018-10-30 15:44:39,467 DEBG 'start-script' stdout output:
[info] Remote VPN endpoint resolves to the following A record(s)...
172.X.X.X

2018-10-30 15:44:39,493 DEBG 'start-script' stdout output:
[debug] Show name servers defined for container

2018-10-30 15:44:39,494 DEBG 'start-script' stdout output:
nameserver 209.222.18.222
nameserver 37.235.1.174
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 209.222.18.218
nameserver 37.235.1.177
nameserver 1.0.0.1
nameserver 8.8.4.4

2018-10-30 15:44:39,495 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint ro1-ovpn-tcp.pointtoserver.com

2018-10-30 15:44:39,603 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 40135
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; ro1-ovpn-tcp.pointtoserver.com.	IN	A

;; ANSWER SECTION:
ro1-ovpn-tcp.pointtoserver.com.	99	IN	CNAME	ro-ovpn-tcp.pointtoserver.com.
ro-ovpn-tcp.pointtoserver.com.	119	IN	A	172.X.X.X

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 105 msec
;; SERVER: 8.8.8.8
;; WHEN: Tue Oct 30 15:44:39 2018
;; MSG SIZE rcvd: 90

2018-10-30 15:44:39,604 DEBG 'start-script' stdout output:
[debug] Show contents of hosts file

2018-10-30 15:44:39,605 DEBG 'start-script' stdout output:
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
192.168.10.211	7dbaf2c713ab
172.X.X.X ro1-ovpn-tcp.pointtoserver.com

2018-10-30 15:44:39,612 DEBG 'start-script' stdout output:
[info] Adding 192.168.10.0/24 as route via docker eth0

2018-10-30 15:44:39,614 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2018-10-30 15:44:39,614 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2018-10-30 15:44:39,615 DEBG 'start-script' stdout output:
default via 192.168.10.254 dev eth0
192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.211

2018-10-30 15:44:39,616 DEBG 'start-script' stdout output:
--------------------
[debug] Modules currently loaded for kernel

2018-10-30 15:44:39,619 DEBG 'start-script' stdout output:
Module Size Used by
xt_CHECKSUM 16384 1
iptable_mangle 16384 1
ipt_REJECT 16384 2
nf_reject_ipv4 16384 1 ipt_REJECT
ebtable_filter 16384 0
ebtables 32768 1 ebtable_filter
ip6table_filter 16384 0
ip6_tables 24576 1 ip6table_filter
vhost_net 20480 0
vhost 32768 1 vhost_net
tap 20480 1 vhost_net
macvlan 20480 0
tun 32768 4 vhost_net
veth 16384 0
xt_nat 16384 23
ipt_MASQUERADE 16384 16
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
iptable_nat 16384 4
nf_conntrack_ipv4 16384 43
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
iptable_filter 16384 1
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat
nf_nat 24576 3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
xfs 630784 6
md_mod 49152 6
bonding 106496 0
e1000e 172032 0
igb 159744 0
ptp 20480 2 igb,e1000e
pps_core 16384 1 ptp
i2c_algo_bit 16384 1 igb
x86_pkg_temp_thermal 16384 0
intel_powerclamp 16384 0
coretemp 16384 0
kvm_intel 192512 0
kvm 339968 1 kvm_intel
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 0
ghash_clmulni_intel 16384 0
pcbc 16384 0
aesni_intel 184320 0
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
glue_helper 16384 1 aesni_intel
cryptd 20480 3 crypto_simd,ghash_clmulni_intel,aesni_intel
intel_cstate 16384 0
intel_uncore 102400 0
ahci 36864 10
intel_rapl_perf 16384 0
libahci 28672 1 ahci
mxm_wmi 16384 0
wmi_bmof 16384 0
wmi 20480 2 wmi_bmof,mxm_wmi
video 40960 0
i2c_i801 24576 0
i2c_core 36864 3 i2c_algo_bit,igb,i2c_i801
backlight 16384 1 video
acpi_pad 20480 0
button 16384 0

2018-10-30 15:44:39,624 DEBG 'start-script' stdout output:
iptable_mangle 16384 1
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat

2018-10-30 15:44:39,625 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2018-10-30 15:44:39,635 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2018-10-30 15:44:39,642 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 192.168.10.211

2018-10-30 15:44:39,648 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.255.0

2018-10-30 15:44:39,661 DEBG 'start-script' stdout output:
[info] Docker network defined as 192.168.10.0/24

2018-10-30 15:44:39,834 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2018-10-30 15:44:39,836 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.10.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -s 192.168.10.0/24 -d 192.168.10.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2018-10-30 15:44:39,836 DEBG 'start-script' stdout output:
--------------------

2018-10-30 15:44:39,837 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'ro1-ovpn-tcp.pointtoserver.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 172.X.X.X 80 tcp-client --remote-random --keepalive 10 60 --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/Romania-Bucharest-TCP.ovpn'
[info] Starting OpenVPN...

2018-10-30 15:44:39,854 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:39 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 15:44:39,854 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:39 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 15:44:39 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 15:44:39 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 15:44:39,855 DEBG 'start-script' stdout output:
[info] OpenVPN started
Tue Oct 30 15:44:39 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 15:44:39 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 15:44:39,855 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-10-30 15:44:39,855 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:39 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]172.X.X.X:80
Tue Oct 30 15:44:39 2018 Attempting to establish TCP connection with [AF_INET]172.X.X.X:80 [nonblock]

2018-10-30 15:44:40,856 DEBG 'start-script' stdout output:
Tue Oct 30 15:44:40 2018 TCP connection established with [AF_INET]172.X.X.X:80
Tue Oct 30 15:44:40 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 15:44:40 2018 TCP_CLIENT link remote: [AF_INET]172.X.X.X:80

2018-10-30 15:45:40,223 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting

2018-10-30 15:45:40,223 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 SIGHUP[soft,ping-restart] received, process restarting

2018-10-30 15:45:40,224 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 15:45:40,224 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:40 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 15:45:40 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 15:45:40 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 15:45:45,225 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:45 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 15:45:45 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 15:45:45,227 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:45 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]172.X.X.X:80
Tue Oct 30 15:45:45 2018 Attempting to establish TCP connection with [AF_INET]172.X.X.X:80 [nonblock]

2018-10-30 15:45:46,228 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:46 2018 TCP connection established with [AF_INET]172.X.X.X:80
Tue Oct 30 15:45:46 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 15:45:46 2018 TCP_CLIENT link remote: [AF_INET]172.X.X.X:80

2018-10-30 15:45:46,228 DEBG 'start-script' stdout output:
Tue Oct 30 15:45:46 2018 TCP connection established with [AF_INET]172.X.X.X:80
Tue Oct 30 15:45:46 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 15:45:46 2018 TCP_CLIENT link remote: [AF_INET]172.X.X.X:80

 

Share this post


Link to post
55 minutes ago, karldonteljames said:

Tue Oct 30 15:45:40 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting

looks like its failing to connect to that endpoint, ensure your ovpn file is up to date, also try another endpoint if possible.

Share this post


Link to post
8 hours ago, binhex said:

yeah you are right, pia have changed their zipped ovpn config files and removed the extension, how annoying grrrrr. ok well you did the right thing, i will contact pia and see if they will change it to have the extension again, no promises though as pia support isnt too fantastic.

and updated config files. The crt and pem included in the config now.

Share this post


Link to post
8 hours ago, binhex said:

yeah you are right, pia have changed their zipped ovpn config files and removed the extension, how annoying grrrrr. ok well you did the right thing, i will contact pia and see if they will change it to have the extension again, no promises though as pia support isnt too fantastic.

I have sent an email to them too. But maybe we should update the FAQ too :) 

 

Share this post


Link to post
2 hours ago, binhex said:

looks like its failing to connect to that endpoint, ensure your ovpn file is up to date, also try another endpoint if possible.

I seem to be getting the same no matter which endpoint I use. I downloaded the files yesterday. I'm using purevpn, and i've tried the Netherlands, Belgium, and Romania.

 

ErrorWarningSystemArrayLogin





auth-retry interact
ifconfig-nowarn
ca ca.crt
tls-auth Wdc.key

2018-10-30 19:04:13,643 DEBG 'start-script' stdout output:
[info] Default route for container is 192.168.12.254

2018-10-30 19:04:13,645 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.222 to /etc/resolv.conf

2018-10-30 19:04:13,646 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2018-10-30 19:04:13,648 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2018-10-30 19:04:13,650 DEBG 'start-script' stdout output:
[info] Adding 8.8.8.8 to /etc/resolv.conf

2018-10-30 19:04:13,652 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2018-10-30 19:04:13,653 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2018-10-30 19:04:13,655 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2018-10-30 19:04:13,656 DEBG 'start-script' stdout output:
[info] Adding 8.8.4.4 to /etc/resolv.conf

2018-10-30 19:04:13,788 DEBG 'start-script' stdout output:
[info] Remote VPN endpoint resolves to the following A record(s)...
213.X.X.X

2018-10-30 19:04:13,814 DEBG 'start-script' stdout output:
[debug] Show name servers defined for container

2018-10-30 19:04:13,816 DEBG 'start-script' stdout output:
nameserver 209.222.18.222
nameserver 37.235.1.174
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 209.222.18.218
nameserver 37.235.1.177
nameserver 1.0.0.1
nameserver 8.8.4.4

2018-10-30 19:04:13,816 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint nl1-ovpn-tcp.pointtoserver.com

2018-10-30 19:04:13,966 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 9795
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; nl1-ovpn-tcp.pointtoserver.com.	IN	A

;; ANSWER SECTION:
nl1-ovpn-tcp.pointtoserver.com.	100	IN	CNAME	nl-ovpn-tcp.pointtoserver.com.
nl-ovpn-tcp.pointtoserver.com.	100	IN	A	213.X.X.X

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 145 msec
;; SERVER: 37.235.1.174
;; WHEN: Tue Oct 30 19:04:13 2018
;; MSG SIZE rcvd: 90

2018-10-30 19:04:13,967 DEBG 'start-script' stdout output:
[debug] Show contents of hosts file

2018-10-30 19:04:13,969 DEBG 'start-script' stdout output:
127.0.0.1	localhost
::1	localhost ip6-localhost ip6-loopback
fe00::0	ip6-localnet
ff00::0	ip6-mcastprefix
ff02::1	ip6-allnodes
ff02::2	ip6-allrouters
192.168.12.16	27db7cfdb07d
213.X.X.X nl1-ovpn-tcp.pointtoserver.com

2018-10-30 19:04:13,982 DEBG 'start-script' stdout output:
[info] Adding 192.168.10.0/24 as route via docker eth0

2018-10-30 19:04:13,985 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2018-10-30 19:04:13,988 DEBG 'start-script' stdout output:
default via 192.168.12.254 dev eth0
192.168.10.0/24 via 192.168.12.254 dev eth0
192.168.12.0/24 dev eth0 proto kernel scope link src 192.168.12.16

2018-10-30 19:04:13,988 DEBG 'start-script' stdout output:
--------------------
[debug] Modules currently loaded for kernel

2018-10-30 19:04:13,994 DEBG 'start-script' stdout output:
Module Size Used by
tun 32768 2
xt_CHECKSUM 16384 0
iptable_mangle 16384 1
ipt_REJECT 16384 0
nf_reject_ipv4 16384 1 ipt_REJECT
ebtable_filter 16384 0
ebtables 32768 1 ebtable_filter
ip6table_filter 16384 0
ip6_tables 24576 1 ip6table_filter
macvlan 20480 0
veth 16384 0
xt_nat 16384 45
ipt_MASQUERADE 16384 3
nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE
iptable_nat 16384 12
nf_conntrack_ipv4 16384 51
nf_defrag_ipv4 16384 1 nf_conntrack_ipv4
nf_nat_ipv4 16384 1 iptable_nat
iptable_filter 16384 2
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat
nf_nat 24576 3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
xfs 630784 6
md_mod 49152 6
bonding 106496 0
e1000e 172032 0
igb 159744 0
ptp 20480 2 igb,e1000e
pps_core 16384 1 ptp
i2c_algo_bit 16384 1 igb
x86_pkg_temp_thermal 16384 0
intel_powerclamp 16384 0
coretemp 16384 0
crct10dif_pclmul 16384 0
crc32_pclmul 16384 0
crc32c_intel 24576 0
ghash_clmulni_intel 16384 0
pcbc 16384 0
aesni_intel 184320 0
aes_x86_64 20480 1 aesni_intel
crypto_simd 16384 1 aesni_intel
glue_helper 16384 1 aesni_intel
cryptd 20480 3 crypto_simd,ghash_clmulni_intel,aesni_intel
intel_cstate 16384 0
intel_uncore 102400 0
ahci 36864 10
intel_rapl_perf 16384 0
libahci 28672 1 ahci
mxm_wmi 16384 0
wmi_bmof 16384 0
wmi 20480 2 wmi_bmof,mxm_wmi
video 40960 0
i2c_i801 24576 0
i2c_core 36864 3 i2c_algo_bit,igb,i2c_i801
backlight 16384 1 video
acpi_pad 20480 0
button 16384 0

2018-10-30 19:04:14,000 DEBG 'start-script' stdout output:
iptable_mangle 16384 1
ip_tables 24576 3 iptable_mangle,iptable_filter,iptable_nat

2018-10-30 19:04:14,000 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2018-10-30 19:04:14,007 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2018-10-30 19:04:14,010 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 192.168.12.16

2018-10-30 19:04:14,014 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.255.0

2018-10-30 19:04:14,020 DEBG 'start-script' stdout output:
[info] Docker network defined as 192.168.12.0/24

2018-10-30 19:04:14,153 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2018-10-30 19:04:14,155 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 192.168.12.0/24 -d 192.168.12.0/24 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -i eth0 -p tcp -m tcp --dport 58846 -j ACCEPT
-A INPUT -s 192.168.10.0/24 -d 192.168.12.0/24 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 192.168.12.0/24 -d 192.168.12.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8112 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8112 -j ACCEPT
-A OUTPUT -d 192.168.10.0/24 -o eth0 -p tcp -m tcp --sport 58846 -j ACCEPT
-A OUTPUT -s 192.168.12.0/24 -d 192.168.10.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2018-10-30 19:04:14,156 DEBG 'start-script' stdout output:
--------------------

2018-10-30 19:04:14,157 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'custom' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'nl1-ovpn-tcp.pointtoserver.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 213.X.X.X 80 tcp-client --remote-random --keepalive 10 60 --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/Netherlands-Amsterdam-TCP.ovpn'

2018-10-30 19:04:14,157 DEBG 'start-script' stdout output:
[info] Starting OpenVPN...

2018-10-30 19:04:14,166 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 WARNING: file 'Wdc.key' is group or others accessible

Tue Oct 30 19:04:14 2018 WARNING: file 'credentials.conf' is group or others accessible


2018-10-30 19:04:14,166 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:04:14 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:04:14,166 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:04:14 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:04:14,167 DEBG 'start-script' stdout output:
[info] OpenVPN started
[debug] Waiting for valid IP address from tunnel...

2018-10-30 19:04:14,167 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80

2018-10-30 19:04:14,168 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:14 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:04:15,168 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:04:15 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:04:15 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:04:15,169 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

Tue Oct 30 19:04:15 2018 Connection reset, restarting [0]
Tue Oct 30 19:04:15 2018 SIGHUP[soft,connection-reset] received, process restarting

2018-10-30 19:04:15,170 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 19:04:15,170 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:15 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:04:15 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:04:15 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:04:20,170 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:20 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:04:20 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:04:20,172 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:20 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:04:20 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:04:21,173 DEBG 'start-script' stdout output:
Tue Oct 30 19:04:21 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:04:21 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:04:21 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:05:21,659 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting

2018-10-30 19:05:21,660 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 SIGHUP[soft,ping-restart] received, process restarting

2018-10-30 19:05:21,661 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 WARNING: file 'Wdc.key' is group or others accessible

Tue Oct 30 19:05:21 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:05:21 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018

2018-10-30 19:05:21,661 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:21 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:05:26,661 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:26 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:05:26 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:05:26,662 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:26 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:26 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:05:27,662 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:27 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:27 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:05:27 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:05:33,850 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1626 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart...]

Tue Oct 30 19:05:33 2018 Connection reset, restarting [0]

2018-10-30 19:05:33,850 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 SIGHUP[soft,connection-reset] received, process restarting

2018-10-30 19:05:33,851 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 WARNING: file 'Wdc.key' is group or others accessible


2018-10-30 19:05:33,852 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:33 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:05:33 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:05:33 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:05:38,852 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:38 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:05:38 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:05:38,854 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:38 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:38 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:05:39,854 DEBG 'start-script' stdout output:
Tue Oct 30 19:05:39 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:05:39 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:05:39 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

2018-10-30 19:06:40,118 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:40 2018 [UNDEF] Inactivity timeout (--ping-restart), restarting

2018-10-30 19:06:40,119 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:40 2018 SIGHUP[soft,ping-restart] received, process restarting

2018-10-30 19:06:40,120 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:40 2018 WARNING: file 'Wdc.key' is group or others accessible

Tue Oct 30 19:06:40 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 19:06:40 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 19:06:40 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

2018-10-30 19:06:45,120 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:45 2018 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

Tue Oct 30 19:06:45 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2018-10-30 19:06:45,123 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:45 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:80
Tue Oct 30 19:06:45 2018 Attempting to establish TCP connection with [AF_INET]213.X.X.X:80 [nonblock]

2018-10-30 19:06:46,124 DEBG 'start-script' stdout output:
Tue Oct 30 19:06:46 2018 TCP connection established with [AF_INET]213.X.X.X:80
Tue Oct 30 19:06:46 2018 TCP_CLIENT link local: (not bound)
Tue Oct 30 19:06:46 2018 TCP_CLIENT link remote: [AF_INET]213.X.X.X:80

 

qbit.log

Edited by karldonteljames

Share this post


Link to post

I replaced the files with config to run on UDP rather than TCP, and I have the following errors:

2018-10-30 20:13:55,372 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:55 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]213.X.X.X:53
Tue Oct 30 20:13:55 2018 UDP link local: (not bound)
Tue Oct 30 20:13:55 2018 UDP link remote: [AF_INET]213.X.X.X:53

2018-10-30 20:13:57,694 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak: C=HK, ST=HK, L=HongKong, O=PureVPN, OU=IT, CN=PureVPN, name=PureVPN, emailAddress=mail@host.domain

Tue Oct 30 20:13:57 2018 OpenSSL: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

2018-10-30 20:13:57,694 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 TLS_ERROR: BIO read tls_read_plaintext error

Tue Oct 30 20:13:57 2018 TLS Error: TLS object -> incoming plaintext read error

Tue Oct 30 20:13:57 2018 TLS Error: TLS handshake failed

Tue Oct 30 20:13:57 2018 SIGHUP[soft,tls-error] received, process restarting

2018-10-30 20:13:57,696 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 WARNING: file 'Wdc.key' is group or others accessible

2018-10-30 20:13:57,697 DEBG 'start-script' stdout output:
Tue Oct 30 20:13:57 2018 WARNING: file 'credentials.conf' is group or others accessible

Tue Oct 30 20:13:57 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Tue Oct 30 20:13:57 2018 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

 

Edited by karldonteljames

Share this post


Link to post

Is it possible that pfsense is stopping the OpenVPN traffic from getting out? These are the rules I have setup on my DMZ, but it doesn't look like the TCP port 80 rule is catching any traffic, the UDP rule was going up quite quickly, but there was no connection - shown in the error log above

.

image.thumb.png.986c057ccffb40421cd66f9d6c24feb6.png

 

When I use UDP, taken abot one minute after restarting the service:

 

image.thumb.png.b1fbcfb7be69ba59b231342425fcd411.png

 

 

Share this post


Link to post
3 minutes ago, karldonteljames said:

Is it possible that pfsense is stopping the OpenVPN traffic from getting out? These are the rules I have setup on my DMZ, but it doesn't look like the TCP port 80 rule is catching any traffic, the UDP rule was going up quite quickly, but there was no connection - shown in the error log above

.

image.thumb.png.986c057ccffb40421cd66f9d6c24feb6.png

 

When I use UDP, taken abot one minute after restarting the service:

 

image.thumb.png.b1fbcfb7be69ba59b231342425fcd411.png

 

 

its possible pfsense is blocking it, check your firewall logs/dynamic view and see if you can spot it being blocked in the log whilst you attempt the connection.

 

my guess is pfsense is blocking tcp port 80, udp is another story and this isnt working due to a weak certificate, as can be seen here in your log:-

VERIFY ERROR: depth=0, error=CA signature digest algorithm too weak

so you could try contacting purevpn and see if they can send you a cert with a stronger cipher or try and work out what is blocking tcp port 80 outbound.

Share this post


Link to post

Not to worry. I spoke to purevpn and it turns out that they had the wrongs files on their website!!! I got the latest certificate and the latest server details and it started working!! Thanks for your help though!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.