[Support] binhex - DelugeVPN


Recommended Posts

So I feel like other people have been having the same issue, but I've tried some of the fixes in this and the qbittorrent thread to no luck. I use PIA and recently the WebUI of deluge and qbittorrent won't load when I enable the VPN in the container settings, but it will when I disable it. I downloaded the most recent OpenVPN config files from PIA, with no luck. I also changed the files from Toronto to Ontario, as someone mentioned in this thread, also to no luck. Removing the container image and deleting all files with the CA cleanup utility and starting fresh also did nothing. Before the issue, I had set VPN client to OpenVPN in the settings, which seemed to cause a lot of errors in the logs when I noticed the WebUI stopped working (first image). Changing the client to Wireguard stopped the errors, but didn't fix the issue (2nd screenshot). I only had the chance to grab screenshots from qbittorrent, but everything's the same in my deluge container and only this thread has mentioned the issue so far. 

Run Command:

 

root@localhost:# /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name='binhex-qbittorrentvpn' --net='bridge' --privileged=true -e TZ="America/Chicago" -e HOST_OS="Unraid" -e 'VPN_ENABLED'='yes' -e 'VPN_USER'='p9059745' -e 'VPN_PASS'='Pchmielparry1' -e 'VPN_PROV'='pia' -e 'VPN_CLIENT'='openvpn' -e 'VPN_OPTIONS'='' -e 'STRICT_PORT_FORWARD'='yes' -e 'ENABLE_PRIVOXY'='yes' -e 'WEBUI_PORT'='8080' -e 'LAN_NETWORK'='10.0.0.0/24' -e 'NAME_SERVERS'='209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1' -e 'VPN_INPUT_PORTS'='' -e 'VPN_OUTPUT_PORTS'='' -e 'DEBUG'='false' -e 'UMASK'='000' -e 'PUID'='99' -e 'PGID'='100' -p '6881:6881/tcp' -p '6881:6881/udp' -p '8585:8080/tcp' -p '8118:8118/tcp' -v '/mnt/user/data/torrents/':'/data':'rw' -v '/mnt/user/data/torrents/':'/data/torrents/':'rw' -v '/mnt/user/appdata/binhex-qbittorrentvpn':'/config':'rw' --sysctl="net.ipv4.conf.all.src_valid_mark=1" 'binhex/arch-qbittorrentvpn'

9f17edc8fb8baa0a4136f909c6f274d3830d8042a5733616e7cb2a580d09f054

The command finished successfully!

 

I also attached pics of the ports and OpenVPN within Appdata. This is probably a pretty minor issue with something that I'm overlooking.

 

image.thumb.png.39c832e2be8c3c52ef1ec1c4b962bd2e.pngimage.thumb.png.4cfa5a1ece26516e0cbda3a8510401f6.pngimage.png.b54a9d8b1c7f5387f751d4369dfd4c43.pngimage.png.6dee7210b225745af00c86263579c43e.png

home-diagnostics-20210425-2215.zip

Edited by AlphaOmegaKappa
Link to comment
7 hours ago, AlphaOmegaKappa said:

I also attached pics of the ports and OpenVPN within Appdata

the cert looks to be invalid, re-download the .crt file from pia, also delete the files that start with '._' they might be causing issues.

  • Like 1
Link to comment

Suddenly today I'm getting 

2021-04-26 09:16:36,438 DEBG 'watchdog-script' stdout output:
[info] DNS failure, creating file '/tmp/dnsfailure' to indicate failure...

 

This error comes after a couple rounds of 

2021-04-26 09:14:01,357 DEBG 'start-script' stdout output:
[info] Failed on last attempt, attempting to get external IP using 'http://whatismyip.akamai.com'...


2021-04-26 09:14:29,394 DEBG 'start-script' stdout output:
[info] Failed on last attempt, attempting to get external IP using 'https://ifconfig.co/ip'...


2021-04-26 09:14:57,431 DEBG 'start-script' stdout output:
[info] Failed on last attempt, attempting to get external IP using 'https://showextip.azurewebsites.net'...

 

Is this something related to PIA? I haven't changed anything lately and it worked yesterday. I'm using:

  • Wireguard with PIA
  • Swiss endpoint in the wg0 file
  • Swiss > France > De-Berlin > De-Frankfurt for my openVPN config file 

I'm also now unable to upload / download. Deluge WebUI opens, but all my torrents are 0 up and 0 down.

Link to comment
On 4/20/2021 at 2:36 PM, ados said:

@tetrapod you might find Organizr interesting, check out the new guide. :)

Thank you @ados! I have now reach the point where I think this is the way to go. Will start with your writeup now.
If I can make one comment regarding the whole subject of security it would be that for me, and I'm sure a lot of other people using unraid as a springboard for setting up your home server, this is really complicated. Getting the arrs up and running is not so hard even if you never done anything like this before and the result if you do something wrong is usually that it doesn't work as expected and you have to troubleshoot.
I can get a multitude of security measures to work, but it's much more difficult to understand if it's actually secure - how would I do that?

Link to comment
On 4/20/2021 at 2:36 PM, ados said:

@tetrapod you might find Organizr interesting, check out the new guide. :)

Thank you @ados! I have now reach the point where I think this is the way to go. Will start with your writeup now.
If I can make one comment regarding the whole subject of security it would be that for me, and I'm sure a lot of other people using unraid as a springboard for setting up your home server, this is really complicated. Getting the arrs up and running is not so hard even if you never done anything like this before and the result if you do something wrong is usually that it doesn't work as expected and you have to troubleshoot.
I can get a multitude of security measures to work, but it's much more difficult to understand if it's actually secure - how would I do that?

Link to comment
16 hours ago, tetrapod said:

Thank you @ados! I have now reach the point where I think this is the way to go. Will start with your writeup now.
If I can make one comment regarding the whole subject of security it would be that for me, and I'm sure a lot of other people using unraid as a springboard for setting up your home server, this is really complicated. Getting the arrs up and running is not so hard even if you never done anything like this before and the result if you do something wrong is usually that it doesn't work as expected and you have to troubleshoot.
I can get a multitude of security measures to work, but it's much more difficult to understand if it's actually secure - how would I do that?

Sorry I don't know what your asking.

Are you wanting to know if your NGINX is secure?

Link to comment
On 3/27/2020 at 2:50 AM, crazykidguy said:

Anyone else getting an issue like below where the torrents stop announcing/ updating to the trackers? They seed perfectly normal for an amount of time and when I happen to check it after some time, they look like the ones below with (0) on Seeds and Peers. I have to manually pause and restart the seed to get the Seeds and Peers to display and the Tracker Status to read OK. 

 

Any idea what's causing this? I'm behind PIA and again, things seem to seed perfectly find initially after I restart the torrents. It's after some unknown time for some unknown reason they stop announcing. 

 

 

Annotation 2020-03-26 203954.png

 

 

Have you ever found a reason/solution to this?

I'm encountering this issue also.

Link to comment

If anyone here is using Mullvad, they made some changes in regard to port forwarding and an active subscription.

 

Quote

Update: A minor change in our Terms of service

22 March 2021  NEWS

 

As strong believers in privacy and as allergic to any static information we made a minor change in our Terms of service. Port forwarding is no longer allowed on an account with an active subscription.

 

This does not impact "one-time payments".

This is only applicable to PayPal or credit card subscriptions.

 

It is therefore not possible to:

 

Add forwarding ports to accounts that has a subscription

Add a subscription to an account that has forwarded ports

 

Link to comment
15 minutes ago, bugster said:

If anyone here is using Mullvad, they made some changes in regard to port forwarding and an active subscription.

 

 

damn!, thats a bit of a blow!, i guess i wont be switching over to mullvad any time soon, its a shame, they are a good vpn provider by all accounts.

Link to comment
Just now, binhex said:

damn!, thats a bit of a blow!, i guess i wont be switching over to mullvad any time soon, its a shame, they are a good vpn provider by all accounts.

 

The only solution is changing from a monthly account to a one time payment which is not bad.

  • Like 1
Link to comment

XPost from General Support

I have followed Spaceinvader One's video describing how to route the network traffic of one container through another on my Unraid 6.9.1 installation. Specifically, I have routed my binhex-jackett container traffic through my binhex-delugevpn network. To do so I first edited the jackett setup

  • Network type from "Bridge" to "None"
  • Added Extra Parameters: '--net:container:binhex-deluge'

image.png.e53faf6a79e59f14a6023dc70a82ea31.png

 

Then edited the delugevpn setup

  • Added new port utilizing jacket's (9117, 9117, TCP)

image.png.0b1b88da067a932d7bc4fe6ee420562f.png

 

Utilizing Spaceinvader One's trick to view the container's IP with `curl ifconfig.io` I can confirm that both containers share the same IP address. I can also view the logs of each container and both are running normally (based on what I have viewed in the log outputs before).

 

image.png.09e9dd872c958cf6f844f0d66f51d75c.png

I have also performed the same steps to route another container's, netdata, traffic through the delugevpn container to see if it is just an issue with jackett. I can also confirm that it shares the same IP address and the logs "look fine". Though for either container if I navigate to my server's IP address with the specific port for a given routed container, the WebUI still does not load.

image.png.bd7dfbca71db4ffb202ca77d6e5d53fa.png

 

Interestingly. While the Web UI for jackett does not load, after it has failed it seems to have resolved to the '/UI/Dashboard'

 

image.png.50b0e7fa58792df8270b008ca701faa3.png

Though, I have visited the Web UI prior to implementing these changes, so I assume that is just cached in my browser... But, this does not happen when attempting to navigate to netdata's address.

My only other guess is that I need to edit delugevpn's "Connection Manager" to allow for a new/another connection from the containers?.. I have tried a few seemingly logical connection settings to no avail.

 

image.png.ad45f362d5cae33ccd658b59f978f5a2.png

Potentially, should I disable 'STRICT_PORT_FORWARDING' in the container setup? I assume this is related to the IP tables of the container and does not have much to do with the described situation though..
 

Link to comment
On 4/26/2021 at 5:30 AM, binhex said:

the cert looks to be invalid, re-download the .crt file from pia, also delete the files that start with '._' they might be causing issues.

 

I'm having the exact same problem, but with TrustZone VPN. Reset all my credentials at the site and pulled down all new files including certs, and I get cert expired or unable to get local issuer certificate (depending on how the settings for the container are set. The files work fine on my Windows box, but not Unraid 6.8.3/qbittorrent or deluge containers. 

 

I changed things over to wireguard and it appears to be working, but have no way to verify it is actually hitting the VPN site. The curl ifconfig.me doesn't work. Just times out.

 

Link to comment
6 hours ago, binhex said:

you need to contact your vpn provider about that.

 

I would doubt it is my VPN provider as the exact same files work fine on my Windows box. But on Unraid, not so much. The only thing that has changed on my Unraid box was the docker (and maybe a few plugins were updated, can't remember). I know I saw references to tightening up iptables and such. Did that have any bearing on anything? I also didn't install the docker from scratch (because it is loaded with torrents) so did anything maybe get added in the way of options, keys, etc. that might need to be added to the template that could cause this? I did try it in a clean binhex-deluge container and it didn't work there either. Same error. Going to try and spin up a OpenVPN client docker and see what happens, but I've actually never been able to get one to work, which is how I wound up using the xxxxxxxvpn dockers instead of just the plain program docker. I'll let you know what happens. Just really weird.

Link to comment
On 3/26/2020 at 9:50 PM, crazykidguy said:

Anyone else getting an issue like below where the torrents stop announcing/ updating to the trackers? They seed perfectly normal for an amount of time and when I happen to check it after some time, they look like the ones below with (0) on Seeds and Peers. I have to manually pause and restart the seed to get the Seeds and Peers to display and the Tracker Status to read OK. 

 

Any idea what's causing this? I'm behind PIA and again, things seem to seed perfectly find initially after I restart the torrents. It's after some unknown time for some unknown reason they stop announcing. 

 

 

Annotation 2020-03-26 203954.png

Did you ever get an answer to this? It seems as though I'm encountering this issue too... only solution right now is to restart my container, and then everything clears up. After a couple days, my trackers will start showing HnR's and such, and they're not seeing any of my torrents being seeded.

Link to comment

Hi @binhex. I'm trying to test the speed within the container, and I'm following @SpaceInvaderOne video here https://www.youtube.com/watch?v=m7Qly7a_-M0 When I try the command

pacman -S speedtest-cli

I get the following errors:

Quote

failed retrieving file 'speedtest-cli-2.0.2-2-any.pkg.tar.xz' from mirror.pseudoform.org : Protocol "rsync" not supported or disabled in libcurl

 

Anything I should do, don't do? Google results are showing to update pacman with "pacman -Syyu"

Link to comment

I'm finally getting around to updating and getting things working again after the tightening. I've followed the stickied post and spent hours in the FAQ trying to get this working, but I can not get other docker web GUIs to load. b-delugevpn settings: 

 

463653760_Screenshotfrom2021-05-0219-47-23.png.78d50af211822056a3dd2b015d0f9e81.png

 

Lan Network is correct and been verified using the tool in Q4 on FAQ. I followed SpaceInvader One's video on routing through deluge and when typing "curl ifconfig.io" in each of the container's consoles I'm getting the IP from the vpn. Radarr's configuration:

 

414696827_Screenshotfrom2021-05-0219-52-15.png.263bc0c5885f0d2718271c89e81b0ede.png

 

As you can see the extra parameters are set, the network type is set to none, and I've removed any port designations. 

 

One thing I noticed is when the container starts, there's nothing under Port Mappings in the main docker page. See below:

 

326620368_Screenshotfrom2021-05-0219-54-31.png.4295f49945323a2a301853db1ec68254.png

 

I have never used NZB, I just downloaded it to see if the web gui would load, which it does not. I'm unable to get the web gui to load on any container going through delugevpn. I've changed ovpn files to try different servers, but still no web gui. Not using privoxy in Deluge. I've also made sure deluge was restarted then the other containers restarted once deluge is up and running, still no web guis. 

 

Radarr Log Output

Deluge Log Output

 

I've checked for spaces or weird line endings in the extra parameters box on each container, it's all correct. At this point I have no idea how to get the web guis to come back Thanks for any help!

Link to comment
17 hours ago, theoracle09 said:

I'm finally getting around to updating and getting things working again after the tightening. I've followed the stickied post and spent hours in the FAQ trying to get this working, but I can not get other docker web GUIs to load. b-delugevpn settings: 

 

463653760_Screenshotfrom2021-05-0219-47-23.png.78d50af211822056a3dd2b015d0f9e81.png

 

Lan Network is correct and been verified using the tool in Q4 on FAQ. I followed SpaceInvader One's video on routing through deluge and when typing "curl ifconfig.io" in each of the container's consoles I'm getting the IP from the vpn. Radarr's configuration:

 

414696827_Screenshotfrom2021-05-0219-52-15.png.263bc0c5885f0d2718271c89e81b0ede.png

 

As you can see the extra parameters are set, the network type is set to none, and I've removed any port designations. 

 

One thing I noticed is when the container starts, there's nothing under Port Mappings in the main docker page. See below:

 

326620368_Screenshotfrom2021-05-0219-54-31.png.4295f49945323a2a301853db1ec68254.png

 

I have never used NZB, I just downloaded it to see if the web gui would load, which it does not. I'm unable to get the web gui to load on any container going through delugevpn. I've changed ovpn files to try different servers, but still no web gui. Not using privoxy in Deluge. I've also made sure deluge was restarted then the other containers restarted once deluge is up and running, still no web guis. 

 

Radarr Log Output

Deluge Log Output

 

I've checked for spaces or weird line endings in the extra parameters box on each container, it's all correct. At this point I have no idea how to get the web guis to come back Thanks for any help!

 

Hey mate. No idea why you are using this way to route traffic via binhex-delugevpn. Just leave the defaults settings for Radarr, but within radarr > Settings > General > Proxy eEnable it and under hostname use binhex-delugevpn ip and the contairner port.

 

I'm talking about this guide.

 

Link to comment
On 5/1/2021 at 1:17 AM, jmbailey2000 said:

I would doubt it is my VPN provider as the exact same files work fine on my Windows box.

how are you using the exact same files on windows?, windows doesnt support openvpn natively, surely you are using a windows client supplied by your vpn provider right?.

 

in any case, if openvpn is saying the certs are out of date then they will be out of date, nothing i can do about that.

Link to comment
On 5/2/2021 at 9:08 PM, theoracle09 said:

I'm finally getting around to updating and getting things working again after the tightening. I've followed the stickied post and spent hours in the FAQ trying to get this working, but I can not get other docker web GUIs to load. b-delugevpn settings: 

 

463653760_Screenshotfrom2021-05-0219-47-23.png.78d50af211822056a3dd2b015d0f9e81.png

 

Lan Network is correct and been verified using the tool in Q4 on FAQ. I followed SpaceInvader One's video on routing through deluge and when typing "curl ifconfig.io" in each of the container's consoles I'm getting the IP from the vpn. Radarr's configuration:

 

414696827_Screenshotfrom2021-05-0219-52-15.png.263bc0c5885f0d2718271c89e81b0ede.png

 

As you can see the extra parameters are set, the network type is set to none, and I've removed any port designations. 

 

One thing I noticed is when the container starts, there's nothing under Port Mappings in the main docker page. See below:

 

326620368_Screenshotfrom2021-05-0219-54-31.png.4295f49945323a2a301853db1ec68254.png

 

I have never used NZB, I just downloaded it to see if the web gui would load, which it does not. I'm unable to get the web gui to load on any container going through delugevpn. I've changed ovpn files to try different servers, but still no web gui. Not using privoxy in Deluge. I've also made sure deluge was restarted then the other containers restarted once deluge is up and running, still no web guis. 

 

Radarr Log Output

Deluge Log Output

 

I've checked for spaces or weird line endings in the extra parameters box on each container, it's all correct. At this point I have no idea how to get the web guis to come back Thanks for any help!

 

Check your vpn container env. variables.  I had to add the VPN_INPUT_PORTS variable per the FAQ recently to fix this.

Link to comment

I tried adding an nzb to SABnzb tonight, and it won't download.  I went to settings, and tested my server settings (which seem to have worked when it last downloaded on Friday), and they fail.  I get

 

[Errno 99] Address not available
Check for internet or DNS problems

 

I've restarted SAB, tried news-us.newsnetserver.com, news.newsnetserver.com, ssl, not ssl, and nothing seems to connect.

 

I've searched for episodes in Sonarr and it searched fine, so the internet connection seems to be okay.

 

I suspect a newsnetserver issue, but wanted to ask here if anyone has seen this or has any ideas on how to further troubleshoot

Link to comment
On 4/29/2021 at 9:32 PM, kevindckr said:

XPost from General Support

I have followed Spaceinvader One's video describing how to route the network traffic of one container through another on my Unraid 6.9.1 installation. Specifically, I have routed my binhex-jackett container traffic through my binhex-delugevpn network. To do so I first edited the jackett setup

  • Network type from "Bridge" to "None"
  • Added Extra Parameters: '--net:container:binhex-deluge'

image.png.e53faf6a79e59f14a6023dc70a82ea31.png

 

Then edited the delugevpn setup

  • Added new port utilizing jacket's (9117, 9117, TCP)

image.png.0b1b88da067a932d7bc4fe6ee420562f.png

 

Utilizing Spaceinvader One's trick to view the container's IP with `curl ifconfig.io` I can confirm that both containers share the same IP address. I can also view the logs of each container and both are running normally (based on what I have viewed in the log outputs before).

 

image.png.09e9dd872c958cf6f844f0d66f51d75c.png

I have also performed the same steps to route another container's, netdata, traffic through the delugevpn container to see if it is just an issue with jackett. I can also confirm that it shares the same IP address and the logs "look fine". Though for either container if I navigate to my server's IP address with the specific port for a given routed container, the WebUI still does not load.

image.png.bd7dfbca71db4ffb202ca77d6e5d53fa.png

 

Interestingly. While the Web UI for jackett does not load, after it has failed it seems to have resolved to the '/UI/Dashboard'

 

image.png.50b0e7fa58792df8270b008ca701faa3.png

Though, I have visited the Web UI prior to implementing these changes, so I assume that is just cached in my browser... But, this does not happen when attempting to navigate to netdata's address.

My only other guess is that I need to edit delugevpn's "Connection Manager" to allow for a new/another connection from the containers?.. I have tried a few seemingly logical connection settings to no avail.

 

image.png.ad45f362d5cae33ccd658b59f978f5a2.png

Potentially, should I disable 'STRICT_PORT_FORWARDING' in the container setup? I assume this is related to the IP tables of the container and does not have much to do with the described situation though..
 

 

I have been going the same route and had some problems. Did you configure these ports in the binhex-delugevpn container config?

image.png.47d4ac14550c095091641189bfae93e1.png

 

I missed this and was struggling until I had read and fully understood Q24-27 in binhex exelent guide:
https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Link to comment
Posted (edited)
On 4/29/2021 at 9:11 AM, ados said:

Sorry I don't know what your asking.

Are you wanting to know if your NGINX is secure?

Well, yes, but probably no. NGINX seems to be a trustworthy product used by many big companies. It's more that I do not trust my knowledge about security to rely on my server setup and configuration of NGINX :-$ I can see that is working, but I have no idea if it's secure.

 

I'm now using Organizr as an authenticating wall in front of nginx. Your writeup helped me understand the concept, but I'm using Swag so I had to figure some of config out by myself (because I can't use NGINX Proxy Manager as a GUI to nginx in the Swag container - right?).

 

I still think I'm missing something here because it works great accessing/blocking all my container GUIs from WAN, except for the Ombi app. I'd guess that is because the app have no way of authenticating itself to Organizr. But, does that mean I have to leave it out of Organizer authentication all together, or is there a way to let the Ombi API through and still protect the GUI?
Maybe you can point me in the right direction @ados?

Edited by tetrapod
Clarification
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.