[Support] binhex - DelugeVPN


Recommended Posts

17 minutes ago, binhex said:

remove the 'cipher' line in the file.

Huh, so I tried replacing the cipher line with the new one, but same error. "Failed to negotiate cipher."

image.png.937a7ba6678758c115fd9515bb36a717.png

 

And I tried making this edit in the Switzerland.ovpn and Spain.opvn files - both to no avail. (And I made sure only one .opvn file was in the openvpn folder at a time).

 

Appreciate you sticking with me here.

Edited by Magic815
Link to comment
5 minutes ago, diditstart said:

I was having the same issue with the cipher error. Redownloaded the whole package of next gen PIA config files and replaced all three (crt, pem and ovpn) files this time. Deluge started working again.

Did you have to add the extra line in the opvn file per answer 22 in his FAQ?

Link to comment
6 minutes ago, diditstart said:

Yes that's the one, I'm using Romania, as it supports port forwarding.

Interesting. So I just tried it with Romania - but had no luck. But then I went in and added the line from the FAQs A22, to the Romania file. And now it works!

 

I'm not sure if certain locations are just not working, or if it had to do with where I put the cipher-fallback line, but it's working for me now! Very curious that you didn't need to add the line, but oh well!

 

Appreciate your help @binhex and @diditstart!

image.png.6abd1c43933a61813242ccbfddd936de.png

  • Thanks 1
Link to comment
22 minutes ago, Magic815 said:

Interesting. So I just tried it with Romania - but had no luck. But then I went in and added the line from the FAQs A22, to the Romania file. And now it works!

 

I'm not sure if certain locations are just not working, or if it had to do with where I put the cipher-fallback line, but it's working for me now! Very curious that you didn't need to add the line, but oh well!

 

Appreciate your help @binhex and @diditstart!

image.png.6abd1c43933a61813242ccbfddd936de.png

I'm running into the same issue and have tried all of the same steps you have, including the one you had success with, but unfortunately have had no luck.

Link to comment

Still got the message :

020-11-03 00:09:23,774 DEBG 'start-script' stdout output:
2020-11-03 00:09:23 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
2020-11-03 00:09:23 ERROR: Failed to apply push options
2020-11-03 00:09:23 Failed to open tun/tap interface
2020-11-03 00:09:23 SIGHUP[soft,process-push-msg-failed] received, process restarting

 

when using this opvn file

 

client
dev tun
proto udp
remote no.privacy.network 1198
resolv-retry infinite
nobind
persist-key
data-ciphers-fallback aes-256-gcm
auth sha1
tls-client
remote-cert-tls server

auth-user-pass credentials.conf
compress
verb 1
<crl-verify>

 

Have copied in new .perm and cert in from newly downloaded zip file. 

Have tried 4 different ovpn files, and have used notepad++ to edit.

 

what are im doing wrong @binhex

Edited by orlando500
Link to comment
11 minutes ago, Magic815 said:

Try leaving the 'cipher aes-128-cbc' line in just above the line you added, maybe? That's the only thing I can see different between my final image and your paste. Otherwise, maybe it's an intermittent issue on PIAs end? Not sure.

tried that, same error. Did remove it because binhex said i should be removed in another post here.

Link to comment
1 hour ago, orlando500 said:

Still got the message :

020-11-03 00:09:23,774 DEBG 'start-script' stdout output:
2020-11-03 00:09:23 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
2020-11-03 00:09:23 ERROR: Failed to apply push options
2020-11-03 00:09:23 Failed to open tun/tap interface
2020-11-03 00:09:23 SIGHUP[soft,process-push-msg-failed] received, process restarting

 

when using this opvn file

 

client
dev tun
proto udp
remote no.privacy.network 1198
resolv-retry infinite
nobind
persist-key
data-ciphers-fallback aes-256-gcm
auth sha1
tls-client
remote-cert-tls server

auth-user-pass credentials.conf
compress
verb 1
<crl-verify>

 

Have copied in new .perm and cert in from newly downloaded zip file. 

Have tried 4 different ovpn files, and have used notepad++ to edit.

 

what are im doing wrong @binhex

I added ncp-disable to the config file after looking at the info at https://www.privateinternetaccess.com/helpdesk/kb/articles/what-s-the-difference-between-aes-cbc-and-aes-gcm and then it connected without errors...

Link to comment

Hi All,

 

My container updated again over-night and its not working. This time, I'm getting the same cipher error as others. Im using PIA. I have done the following with no success;

 

1) pulled down the latest nextgen openVPN files. replaced all three on my server with new versions.

2) removed the cipher line and replaced it with fallback line from Q22

3) I tried leaving the original cipher line in and adding the fallback line immediately beneath 

4) i've tried 3 different endpoints, all with the same error (Singapore, Romania, Perth)

5) i've tried with and without strict port forwarding enabled (PIA tell me all non US nextgen servers are now port forward enabled?)

 

Any suggestions? please :)

 

 

Screen Shot 2020-11-03 at 8.12.12 AM.png

Screen Shot 2020-11-03 at 8.12.38 AM.png

Screen Shot 2020-11-03 at 8.13.23 AM.png

Link to comment
Just now, DAVIDP said:

Hi All,

 

My container updated again over-night and its not working. This time, I'm getting the same cipher error as others. Im using PIA. I have done the following with no success;

 

1) pulled down the latest nextgen openVPN files. replaced all three on my server with new versions.

2) removed the cipher line and replaced it with fallback line from Q22

3) I tried leaving the original cipher line in and adding the fallback line immediately beneath 

4) i've tried 3 different endpoints, all with the same error (Singapore, Romania, Perth)

5) i've tried with and without strict port forwarding enabled (PIA tell me all non US nextgen servers are now port forward enabled?)

 

Any suggestions? please :)

 

 

Screen Shot 2020-11-03 at 8.12.12 AM.png

Screen Shot 2020-11-03 at 8.12.38 AM.png

Screen Shot 2020-11-03 at 8.13.23 AM.png

I added ncp-disable to the config file after looking at the info at https://www.privateinternetaccess.com/helpdesk/kb/articles/what-s-the-difference-between-aes-cbc-and-aes-gcm and then it connected without errors...

  • Like 1
Link to comment
1 hour ago, orlando500 said:

tried that, same error. Did remove it because binhex said i should be removed in another post here.

I was having same issue. Tried multiple ovpn configuration files with the q22 change. First the cipher error then when I changed locations it was still expecting the old file (still haven’t found where this setting is as I’ve forgotten from when I set it up previously). Anyway, I just deleted the entire openvpn folder contents and copied the .cert, .perm and .ovpn files again this time using same region as I had started with (Czech Republic) and voilà, it worked. 🤷🏼

Link to comment
On 6/24/2019 at 7:21 PM, binhex said:

You have messed up the commas the last line should have no comma, so just move those two lines from the bottom to the top

Sent from my EML-L29 using Tapatalk
 

Hi there,

 

First of all, thanks so much for your contributions here. You're awesome.

 

Secondly, I'm having some issues and I was wondering if you might be able to help, I'm probably doing something silly but...

 

I need to add those lines to my conf so I...

1) Stop the delugevpn container

2) Open core.conf in Visual Studio Code

3) Add the following lines:

"enable_incoming_tcp": false,

"enable_incoming_utp": false,

"enable_outgoing_utp": false,

"rate_limit_ip_overhead": false,

4) And run the containter again

 

This is where things get screwy though. When I start the container it reverts core.conf back to before I added those lines.

 

I'm confident that this is the fix I need as I used to have to set similar settings back when I was running a Windows box with qBittorrent.

 

Any help you could give in getting those settings to persist would be greatly appreciated

 

- A

Link to comment

so I did all of the above with the fallback option, ncp-disable, etc., and still can't get it working.  I can connect to the Web UI, where I see the downloads start upon docker restart, but then the downloads fall to 0 kb/s quickly.  It does this no matter what changes I make.  Disabling the VPN fixes the issue (obviously). I've also tried switching the client to wireguard (new feature) to no avail.  Not sure what to do at this point.

 

Binhex-delugevpn v2.0.4.dev38

PIA with active subscription

Link to comment
10 hours ago, Magic815 said:

Interesting. So I just tried it with Romania - but had no luck. But then I went in and added the line from the FAQs A22, to the Romania file. And now it works!

 

I'm not sure if certain locations are just not working, or if it had to do with where I put the cipher-fallback line, but it's working for me now! Very curious that you didn't need to add the line, but oh well!

 

Appreciate your help @binhex and @diditstart!

image.png.6abd1c43933a61813242ccbfddd936de.png

I can confirm re-downloading the ovpn files and adding the datacipher line has resolved the issue for me

Link to comment
1 minute ago, Sinister said:

I'm not sure if certain locations are just not working

correct, it looks like certain locations dont work with the newer openvpn client option 'data-ciphers-fallback' but from my testing using the older deprecated options seems to work for most/all locations, see my update to Q22:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

  • Like 1
Link to comment

hi All,

I had the same UI issue since yesterday and I did the following:

-Add the line for data-ciphers-fallback aes-256-gcm

-Remove AES 128 line (ad binhex said)

-add ncp-disable line

reboot the cointainer and it worked! :)

 

Many thanks for all your help guys and thanks to BinHex for preparing all these great release!

Link to comment

Still having issues with this... Current log file errors:

 

Current settings in the OVPN file:

 

client
dev tun
proto udp
remote ca-montreal.privacy.network 1198
resolv-retry infinite
nobind
persist-key
data-ciphers-fallback aes-256-gcm
ncp-disable
auth sha1
tls-client
remote-cert-tls server

auth-user-pass credentials.conf
compress
verb 1


 

2020-11-03 10:30:29,801 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 AUTH: Received control message: AUTH_FAILED

2020-11-03 10:30:29,801 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 SIGTERM[soft,auth-failure] received, process exiting

2020-11-03 10:30:29,802 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2020-11-03 10:30:29,807 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 DEPRECATED OPTION: ncp-disable. Disabling cipher negotiation is a deprecated debug feature that will be removed in OpenVPN 2.6

2020-11-03 10:30:29,807 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 WARNING: file 'credentials.conf' is group or others accessible

2020-11-03 10:30:29 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020
2020-11-03 10:30:29 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

2020-11-03 10:30:29,807 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-11-03 10:30:29,808 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
XXXXX
-----END X509 CRL-----


2020-11-03 10:30:29,808 DEBG 'start-script' stdout output:
2020-11-03 10:30:29 TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.71.91:1198
2020-11-03 10:30:29 UDP link local: (not bound)
2020-11-03 10:30:29 UDP link remote: [AF_INET]172.98.71.91:1198

2020-11-03 10:30:30,014 DEBG 'start-script' stdout output:
2020-11-03 10:30:30 [montreal402] Peer Connection Initiated with [AF_INET]172.98.71.91:1198

 

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.