[Support] binhex - DelugeVPN


Recommended Posts

6 minutes ago, diditstart said:

Yes that's the one, I'm using Romania, as it supports port forwarding.

Interesting. So I just tried it with Romania - but had no luck. But then I went in and added the line from the FAQs A22, to the Romania file. And now it works!

 

I'm not sure if certain locations are just not working, or if it had to do with where I put the cipher-fallback line, but it's working for me now! Very curious that you didn't need to add the line, but oh well!

 

Appreciate your help @binhex and @diditstart!

image.png.6abd1c43933a61813242ccbfddd936de.png

  • Thanks 1
Link to comment
22 minutes ago, Magic815 said:

Interesting. So I just tried it with Romania - but had no luck. But then I went in and added the line from the FAQs A22, to the Romania file. And now it works!

 

I'm not sure if certain locations are just not working, or if it had to do with where I put the cipher-fallback line, but it's working for me now! Very curious that you didn't need to add the line, but oh well!

 

Appreciate your help @binhex and @diditstart!

image.png.6abd1c43933a61813242ccbfddd936de.png

I'm running into the same issue and have tried all of the same steps you have, including the one you had success with, but unfortunately have had no luck.

Link to comment

Still got the message :

020-11-03 00:09:23,774 DEBG 'start-script' stdout output:
2020-11-03 00:09:23 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
2020-11-03 00:09:23 ERROR: Failed to apply push options
2020-11-03 00:09:23 Failed to open tun/tap interface
2020-11-03 00:09:23 SIGHUP[soft,process-push-msg-failed] received, process restarting

 

when using this opvn file

 

client
dev tun
proto udp
remote no.privacy.network 1198
resolv-retry infinite
nobind
persist-key
data-ciphers-fallback aes-256-gcm
auth sha1
tls-client
remote-cert-tls server

auth-user-pass credentials.conf
compress
verb 1
<crl-verify>

 

Have copied in new .perm and cert in from newly downloaded zip file. 

Have tried 4 different ovpn files, and have used notepad++ to edit.

 

what are im doing wrong @binhex

Edited by orlando500
Link to comment
11 minutes ago, Magic815 said:

Try leaving the 'cipher aes-128-cbc' line in just above the line you added, maybe? That's the only thing I can see different between my final image and your paste. Otherwise, maybe it's an intermittent issue on PIAs end? Not sure.

tried that, same error. Did remove it because binhex said i should be removed in another post here.

Link to comment
1 hour ago, orlando500 said:

Still got the message :

020-11-03 00:09:23,774 DEBG 'start-script' stdout output:
2020-11-03 00:09:23 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
2020-11-03 00:09:23 ERROR: Failed to apply push options
2020-11-03 00:09:23 Failed to open tun/tap interface
2020-11-03 00:09:23 SIGHUP[soft,process-push-msg-failed] received, process restarting

 

when using this opvn file

 

client
dev tun
proto udp
remote no.privacy.network 1198
resolv-retry infinite
nobind
persist-key
data-ciphers-fallback aes-256-gcm
auth sha1
tls-client
remote-cert-tls server

auth-user-pass credentials.conf
compress
verb 1
<crl-verify>

 

Have copied in new .perm and cert in from newly downloaded zip file. 

Have tried 4 different ovpn files, and have used notepad++ to edit.

 

what are im doing wrong @binhex

I added ncp-disable to the config file after looking at the info at https://www.privateinternetaccess.com/helpdesk/kb/articles/what-s-the-difference-between-aes-cbc-and-aes-gcm and then it connected without errors...

Link to comment

Hi All,

 

My container updated again over-night and its not working. This time, I'm getting the same cipher error as others. Im using PIA. I have done the following with no success;

 

1) pulled down the latest nextgen openVPN files. replaced all three on my server with new versions.

2) removed the cipher line and replaced it with fallback line from Q22

3) I tried leaving the original cipher line in and adding the fallback line immediately beneath 

4) i've tried 3 different endpoints, all with the same error (Singapore, Romania, Perth)

5) i've tried with and without strict port forwarding enabled (PIA tell me all non US nextgen servers are now port forward enabled?)

 

Any suggestions? please :)

 

 

Screen Shot 2020-11-03 at 8.12.12 AM.png

Screen Shot 2020-11-03 at 8.12.38 AM.png

Screen Shot 2020-11-03 at 8.13.23 AM.png

Link to comment
Just now, DAVIDP said:

Hi All,

 

My container updated again over-night and its not working. This time, I'm getting the same cipher error as others. Im using PIA. I have done the following with no success;

 

1) pulled down the latest nextgen openVPN files. replaced all three on my server with new versions.

2) removed the cipher line and replaced it with fallback line from Q22

3) I tried leaving the original cipher line in and adding the fallback line immediately beneath 

4) i've tried 3 different endpoints, all with the same error (Singapore, Romania, Perth)

5) i've tried with and without strict port forwarding enabled (PIA tell me all non US nextgen servers are now port forward enabled?)

 

Any suggestions? please :)

 

 

Screen Shot 2020-11-03 at 8.12.12 AM.png

Screen Shot 2020-11-03 at 8.12.38 AM.png

Screen Shot 2020-11-03 at 8.13.23 AM.png

I added ncp-disable to the config file after looking at the info at https://www.privateinternetaccess.com/helpdesk/kb/articles/what-s-the-difference-between-aes-cbc-and-aes-gcm and then it connected without errors...

  • Like 1
Link to comment
1 hour ago, orlando500 said:

tried that, same error. Did remove it because binhex said i should be removed in another post here.

I was having same issue. Tried multiple ovpn configuration files with the q22 change. First the cipher error then when I changed locations it was still expecting the old file (still haven’t found where this setting is as I’ve forgotten from when I set it up previously). Anyway, I just deleted the entire openvpn folder contents and copied the .cert, .perm and .ovpn files again this time using same region as I had started with (Czech Republic) and voilà, it worked. 🤷🏼

Link to comment
On 6/24/2019 at 7:21 PM, binhex said:

You have messed up the commas the last line should have no comma, so just move those two lines from the bottom to the top

Sent from my EML-L29 using Tapatalk
 

Hi there,

 

First of all, thanks so much for your contributions here. You're awesome.

 

Secondly, I'm having some issues and I was wondering if you might be able to help, I'm probably doing something silly but...

 

I need to add those lines to my conf so I...

1) Stop the delugevpn container

2) Open core.conf in Visual Studio Code

3) Add the following lines:

"enable_incoming_tcp": false,

"enable_incoming_utp": false,

"enable_outgoing_utp": false,

"rate_limit_ip_overhead": false,

4) And run the containter again

 

This is where things get screwy though. When I start the container it reverts core.conf back to before I added those lines.

 

I'm confident that this is the fix I need as I used to have to set similar settings back when I was running a Windows box with qBittorrent.

 

Any help you could give in getting those settings to persist would be greatly appreciated

 

- A

Link to comment

so I did all of the above with the fallback option, ncp-disable, etc., and still can't get it working.  I can connect to the Web UI, where I see the downloads start upon docker restart, but then the downloads fall to 0 kb/s quickly.  It does this no matter what changes I make.  Disabling the VPN fixes the issue (obviously). I've also tried switching the client to wireguard (new feature) to no avail.  Not sure what to do at this point.

 

Binhex-delugevpn v2.0.4.dev38

PIA with active subscription

Link to comment
10 hours ago, Magic815 said:

Interesting. So I just tried it with Romania - but had no luck. But then I went in and added the line from the FAQs A22, to the Romania file. And now it works!

 

I'm not sure if certain locations are just not working, or if it had to do with where I put the cipher-fallback line, but it's working for me now! Very curious that you didn't need to add the line, but oh well!

 

Appreciate your help @binhex and @diditstart!

image.png.6abd1c43933a61813242ccbfddd936de.png

I can confirm re-downloading the ovpn files and adding the datacipher line has resolved the issue for me

Link to comment
1 minute ago, Sinister said:

I'm not sure if certain locations are just not working

correct, it looks like certain locations dont work with the newer openvpn client option 'data-ciphers-fallback' but from my testing using the older deprecated options seems to work for most/all locations, see my update to Q22:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

  • Like 1
Link to comment

hi All,

I had the same UI issue since yesterday and I did the following:

-Add the line for data-ciphers-fallback aes-256-gcm

-Remove AES 128 line (ad binhex said)

-add ncp-disable line

reboot the cointainer and it worked! :)

 

Many thanks for all your help guys and thanks to BinHex for preparing all these great release!

Link to comment

Still having issues with this... Current log file errors:

 

Current settings in the OVPN file:

 

client
dev tun
proto udp
remote ca-montreal.privacy.network 1198
resolv-retry infinite
nobind
persist-key
data-ciphers-fallback aes-256-gcm
ncp-disable
auth sha1
tls-client
remote-cert-tls server

auth-user-pass credentials.conf
compress
verb 1


 

2020-11-03 10:30:29,801 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 AUTH: Received control message: AUTH_FAILED

2020-11-03 10:30:29,801 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 SIGTERM[soft,auth-failure] received, process exiting

2020-11-03 10:30:29,802 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2020-11-03 10:30:29,807 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6

2020-11-03 10:30:29,807 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 WARNING: file 'credentials.conf' is group or others accessible

2020-11-03 10:30:29 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020
2020-11-03 10:30:29 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

2020-11-03 10:30:29,807 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-11-03 10:30:29,808 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
XXXXX
-----END X509 CRL-----


2020-11-03 10:30:29,808 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.71.91:1198
2020-11-03 10:30:29 UDP link local: (not bound)
2020-11-03 10:30:29 UDP link remote: [AF_INET]172.98.71.91:1198

2020-11-03 10:30:30,014 DEBG 'start-script' stdout output:
2020-11-03 10:30:30 [montreal402] Peer Connection Initiated with [AF_INET]172.98.71.91:1198

 

Link to comment

I am also having a bit of trouble; for reference, unraid is behind pfsense, which I've been using for a while. The new update doesn't allow deluge to connect. On current build with nextgen files added. IPv6 enabled or disabled, still the same issue and won't get past this part:

kernel: docker0: port 4(veth5cfa152) entered disabled state
kernel: device veth5cfa152 left promiscuous mode
kernel: docker0: port 4(veth5cfa152) entered disabled state
avahi-daemon[7207]: Withdrawing address record for fe80::5c93:22ff:fef5:3030 on veth5cfa152.
kernel: docker0: port 4(vethebe7b8a) entered blocking state
kernel: docker0: port 4(vethebe7b8a) entered disabled state
kernel: device vethebe7b8a entered promiscuous mode
kernel: docker0: port 4(vethebe7b8a) entered blocking state
kernel: docker0: port 4(vethebe7b8a) entered forwarding state
kernel: eth0: renamed from vethe5d019a
kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethebe7b8a: link becomes ready
avahi-daemon[7207]: Joining mDNS multicast group on interface vethebe7b8a.IPv6 with address fe80::5c84:3aff:fe61:9d57.
avahi-daemon[7207]: New relevant interface vethebe7b8a.IPv6 for mDNS.
avahi-daemon[7207]: Registering new address record for fe80::5c84:3aff:fe61:9d57 on vethebe7b8a.*.     <--------won't get past this part

 

 

 

EDIT: if you are running into a similar problem, I found switching servers was the answer. Originally, I was trying to connect to DE Frankfurt, as it was part of the BETA, but wouldn't connect. UK Manchester does work though. More testing will need to be done to find an acceptable server.

Edited by Psycho249
Link to comment

Nada - the log file just keeps spitting out log errors. Web UI won't load and it starts to bog down the server.


 

2020-11-03 10:44:37,594 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2020-11-03 10:44:37,599 DEBG 'start-script' stdout output:
2020-11-03 10:44:37 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6

2020-11-03 10:44:37,599 DEBG 'start-script' stdout output:
2020-11-03 10:44:37 DEPRECATED OPTION: --cipher set to 'aes-256-gcm' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-gcm' to --data-ciphers or change --cipher 'aes-256-gcm' to --data-ciphers-fallback 'aes-256-gcm' to silence this warning.

2020-11-03 10:44:37 WARNING: file 'credentials.conf' is group or others accessible

2020-11-03 10:44:37 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020
2020-11-03 10:44:37 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

2020-11-03 10:44:37,599 DEBG 'start-script' stdout output:
2020-11-03 10:44:37 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-11-03 10:44:37,599 DEBG 'start-script' stdout output:
2020-11-03 10:44:37 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
xxxxxxx
-----END X509 CRL-----


2020-11-03 10:44:37,600 DEBG 'start-script' stdout output:
2020-11-03 10:44:37 TCP/UDP: Preserving recently used remote address: [AF_INET]199.36.223.212:1198
2020-11-03 10:44:37 UDP link local: (not bound)
2020-11-03 10:44:37 UDP link remote: [AF_INET]199.36.223.212:1198

2020-11-03 10:44:37,715 DEBG 'start-script' stdout output:
2020-11-03 10:44:37 [montreal410] Peer Connection Initiated with [AF_INET]199.36.223.212:1198

2020-11-03 10:44:38,888 DEBG 'start-script' stdout output:
2020-11-03 10:44:38 AUTH: Received control message: AUTH_FAILED

2020-11-03 10:44:38,888 DEBG 'start-script' stdout output:
2020-11-03 10:44:38 SIGTERM[soft,auth-failure] received, process exiting

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.