[Support] binhex - DelugeVPN


8725 posts in this topic Last Reply

Recommended Posts

  • Replies 8.7k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).   What this means is that the im

There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A n

I wanted to summarize how I got Mullvad working with DelugeVPN as I had to piece together several "solutions" from different comments in this thread and there was some incorrect info; likely old.

Posted Images

I (believe) I have moved over to the NextGen servers successfuly. I am in the UK so using UK based servers from PIA.

 

Now trying to move to wireguard support but not having any joy. I attach two log files - one with wireguard enabled and one using OpenVPN.

There are a few errors in the wireguard one with this one being worrisome?

2020-10-12 11:03:56,914 DEBG 'start-script' stdout output:
[warn] PIA VPN info API currently down, skipping endpoint port forward check

The switch should be easy? Just swap to the "test" repository and add in the wireguard variable? Any ideas?

Thanks!

OpenVPN.txt Wireguard.txt

Link to post
On 10/10/2020 at 8:57 PM, binhex said:

testing is now over, looks like its solid enough for me to release as latest, images now built for all VPN images i produce, please remove tag ':test' from the repository to pull down 'latest' again and 'force update' to ensure it is the latest image thats on disk.

 

If you wish to switch from openvpn to wireguard then please see Q21 from the following link:-

https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

 

 

6 minutes ago, TexasDave said:

The switch should be easy? Just swap to the "test" repository and add in the wireguard variable? Any ideas?

Not test, no.  And there's a second setting to make in the docker parameters (see link above).

Link to post
7 minutes ago, TexasDave said:

I (believe) I have moved over to the NextGen servers successfuly. I am in the UK so using UK based servers from PIA.

 

Now trying to move to wireguard support but not having any joy. I attach two log files - one with wireguard enabled and one using OpenVPN.

There are a few errors in the wireguard one with this one being worrisome?


2020-10-12 11:03:56,914 DEBG 'start-script' stdout output:
[warn] PIA VPN info API currently down, skipping endpoint port forward check

The switch should be easy? Just swap to the "test" repository and add in the wireguard variable? Any ideas?

Thanks!

OpenVPN.txt 14.33 kB · 0 downloads Wireguard.txt 11.76 kB · 1 download

firstly dont use the 'test' tagged version, i have now pushed the button so 'latest' now includes wireguard support and should be used.

 

the error you are seeing is actually just a warning:-

2020-10-12 11:01:52,025 DEBG 'start-script' stdout output:
[info] Port forwarding is enabled
[info] Checking endpoint 'uk-london.privacy.network' is port forward enabled...

2020-10-12 11:03:56,914 DEBG 'start-script' stdout output:
[warn] PIA VPN info API currently down, skipping endpoint port forward check

so can be ignored, pia obviously had issues at the time you ran the container, everything else looks fine in the log, can you access the web ui?.

Link to post

Hello--

 

Thank you Binhex for creating this.

 

I'm having some trouble getting my VPN connection established through Wireguard. My VPN provider is Mullvad.

 

First, I was getting an error stating RTNETLINK Permission denied. But, I added this to extra parameters and it seems to have solved that issue.

--sysctl net.ipv6.conf.all.disable_ipv6=0

 

Now, I am getting an error with resolvconf--I tried installing openresolv, but I can't seem to do that. I also tried adding the DNS listed in my wg0.conf to the nameservers variable. I'm kinda stuck at the moment--any help would be much appreciated. My supervisord log and wireguard conf are attached.

 

supervisord.log wg0.conf

Link to post
29 minutes ago, chris_netsmart said:

a quick question:   I am in the progress of moving my VPN settings from my delugevpn to PFsense as this will resolve a few other issues I have on my network,. but I would like to ask:

 

will delugevpn still working, if I just turn off the VPN part  ' VPN_ENABLED = No '  ?

yes

Link to post
34 minutes ago, Lucict said:

Now, I am getting an error with resolvconf--I tried installing openresolv,

try removing the line 'DNS = 193.138.218.74' from your wg0.conf file, save and restart the container.

Link to post
On 10/11/2020 at 11:36 PM, iLaurens said:

@binhex great work for fixing it. It all works like a charm again with PIA port forwarding. Been a big fan of this for a long time already. There is just one thing that used to work that does not work anymore; connecting to a specific IP of PIA's VPN severs. Before next-gen, I could replace the domain name (example: de-frankfurt.privacy.network) and replace it with an IP to ensure I'd get the same public IP assigned after a restart of the container. The connection to PIA still works when I select a specific IP, but the port forwarding somehow fails. It says that the port serving page of PIA refuses the connection (http://209.222.18.222:2000/?client_id=xxxx). I have no idea why the port forwarding suddenly breaks when trying to fix the IP in the openvpn configuration file, but is this something you could still have a look at? Some torrent sites are really paranoid and require me to provide a static IP :( The domain names rotate between a set of IPs for each region so you'll almost always have a different public IP after restarting the container or if the connection resets.

I figured out what the likely culprit is. I see from your github that the nextgen PIA servers also require a new method of obtaining a port. Hence the two functions: `get_incoming_port_nextgen` and `get_incoming_port_legacy`. The nextgen function is only chosen if the VPN_REMOTE_SERVER env variable contains `privacy.network`. However when I explicitly set an IP in my openvpn config (from the nextgen servers) it will still select the old `get_incoming_port_legacy`. Could you possibly add an optional docker environment var that forces the get_incoming_port_nextgen to be selected? Maybe make it such that:

 

if [[ "${VPN_REMOTE_SERVER}" == *"privacy.network"* || "${FORCE_PIA_NEXTGEN:-false}" == "true"]]; then

Notice how I set a default value for FORCE_PIA_NEXTGEN (but you can also set default in Dockerfile). So you can leave it out of your dockerman definition and people need not know it even exists. However people that know about this environment variable setting (perhaps if you put it in the FAQ) could use this to force nextgen functionality. This would help people like me that want a static VPN IP from PIA.

Edited by iLaurens
Link to post
5 hours ago, binhex said:

try removing the line 'DNS = 193.138.218.74' from your wg0.conf file, save and restart the container.

I'm also unable to get Mullvad wireguard to work. My log looks identical to Lucict's. Adding "--sysctl net.ipv6.conf.all.disable_ipv6=0" to parameters got rid of "RTNETLINK Permission denied." But I have the same resolvconf issue.

 

Deleting the DNS line from wg0.conf gives me this:

 

 

2020-10-12 16:54:26,444 DEBG 'start-script' stderr output:
Error: Rule family not supported.

2020-10-12 16:54:26,452 DEBG 'start-script' stderr output:
[#] ip link delete dev wg0

2020-10-12 16:54:26,501 DEBG 'start-script' stdout output:
[warn] WireGuard interface failed to come 'up', exit code is '1'
 

Edited by Herman Terds
Forgot to add that I'm using Mullvad wireguard.
Link to post

Hi, 

WIreGuard also does not work for me. I tried to run wg-quick manually in the container console and I got the following error:

 

/usr/sbin/wg-quick: line 32: resolvconf: command not found

 

I can't install the package since I can't access the package repositories, but I think a change to the Dockerfile could maybe fix this?

Link to post

I did a little more screwing around. I really don't know what I'm doing but from referencing this thread: https://forum.armbian.com/topic/4861-wireguard-on-armbian-tinkerboard/ , if I delete ", ::/0" from "AllowedIPs = 0.0.0.0/0" in wg0.conf, I can avoid "Error: Rule family not supported." and get to "[info] WireGuard interface 'up' "

 

But I still get connection refused for the Deluge web interface and proxy connections.
 

Link to post
10 hours ago, iLaurens said:

The nextgen function is only chosen if the VPN_REMOTE_SERVER env variable contains `privacy.network`. However when I explicitly set an IP in my openvpn config (from the nextgen servers) it will still select the old `get_incoming_port_legacy`. Could you possibly add an optional docker environment var that forces the get_incoming_port_nextgen to be selected? Maybe make it such that:

legacy will be ripped out shortly, so there will be no checks from then on as there will only be next-gen, so this will fix your issue, no real point doing the extra work to create an env var at this late stage (pia confirmed legacy network removed on 31st of oct).

Link to post

@Herman Terds @benevo9971 can you both do the following:-

 

1. set privileged to on and remove any extra parameters

2. edit the wg0.conf file and change this line:-

AllowedIPs = 0.0.0.0/0,::0/0

to

AllowedIPs = 0.0.0.0/0

3. attempt a start of the container, if still no go then try removing this line from the wg0.conf:-

DNS = 193.138.218.74

4. restart container and see if it comes up.

 

note - im really flying blind on this as im a pia user, so i have not been able to test this with any other providers, but with some tweaking i see no reason why it wouldnt work.

Link to post
6 hours ago, AD24 said:

Anyone know of a way to connect to a specific PIA IP via Wireguard rather than a hostname? I tried putting the IP in the .conf file but that doesn't seem to work. 

this is not possible at this time due to the way pia has implemented wireguard, it uses multiple api calls to generate the wireguard config file, and the lookup must be a hostname not an ip address.

Link to post
[info] Attempting to bring WireGuard interface 'up'...




2020-10-13 12:07:41,369 DEBG 'start-script' stderr output:


Warning: `/config/wireguard/wg0.conf' is world accessible




2020-10-13 12:07:41,376 DEBG 'start-script' stderr output:


[#] ip link add wg0 type wireguard




2020-10-13 12:07:41,378 DEBG 'start-script' stderr output:


[#] wg setconf wg0 /dev/fd/63




2020-10-13 12:07:41,397 DEBG 'start-script' stderr output:


[#] ip -4 address add 100.66.110.13/32 dev wg0




2020-10-13 12:07:41,403 DEBG 'start-script' stderr output:


[#] ip link set mtu 1420 up dev wg0




2020-10-13 12:07:41,421 DEBG 'start-script' stderr output:


[#] resolvconf -a wg0 -m 0 -x




2020-10-13 12:07:41,421 DEBG 'start-script' stderr output:


/usr/sbin/wg-quick: line 32: resolvconf: command not found




2020-10-13 12:07:41,423 DEBG 'start-script' stderr output:


[#] ip link delete dev wg0

still get the resolvconf error 

Link to post
7 minutes ago, binhex said:

ok can you exec into the container and do this:-


pacman -S openresolv --noconfirm

then restart the container.

Had to docker cp the package into it because I had no internet access in it.

 

[#] ip -4 rule add table main suppress_prefixlength 0




2020-10-13 12:47:09,722 DEBG 'start-script' stderr output:


[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1




2020-10-13 12:47:09,723 DEBG 'start-script' stderr output:


sysctl: permission denied on key "net.ipv4.conf.all.src_valid_mark"




2020-10-13 12:47:09,724 DEBG 'start-script' stderr output:


[#] resolvconf -d wg0 -f




2020-10-13 12:47:09,763 DEBG 'start-script' stderr output:


[#] ip -4 rule delete table 51820

I'm running Manjaro so kernel version should not be an issue 

Link to post
6 minutes ago, benevo9971 said:

sysctl: permission denied on key "net.ipv4.conf.all.src_valid_mark"

i dont think you are running with --privileged=true are you?

Edited by binhex
Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.