Jump to content

[Support] binhex - DelugeVPN

binhex

By binhex
in Docker Containers

Recommended Posts

Recommended

Posted by binhex,

There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A new image has now been rolled out for all vpn enabled docker images (25th Feb 2021) i produce with the fix in place, i would encourage everyone to update to the recently created 'latest' tagged image.   You can force the upgrade by toggling 'basic view' to 'advanced view' and then clicking on
Recommended by binhex
  • Thanks
  • Like

8 reactions

Go to this post
Recommended

Posted by Ryanoc3ros,

Found the solution on reddit.   Due to the recent change in the authentication process, using your email and password for the manual connection method will no longer work. You will need to use the service credentials instead. You can find your service credentials by following these steps: Please log in to your Nord Account by following this link: https://my.nordaccount.com/dashboard/nordvpn/ Click on the NordVPN tab on the left panel which is under the Services tab.

NordVPN authentication issues - Solution

Recommended by binhex

  • Upvote
  • Thanks
  • Like

13 reactions

Go to this post
  • Replies 10.5k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Ryanoc3ros
Ryanoc3ros

Found the solution on reddit.   Due to the recent change in the authentication process, using your email and password for the manual connection method will no longer work. You will need to u

Dad_Rage
Dad_Rage

I wanted to summarize how I got Mullvad working with DelugeVPN as I had to piece together several "solutions" from different comments in this thread and there was some incorrect info; likely old.

binhex
binhex

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).   What this means is that the im

Posted Images

binhex Mentor

binhex

Posted
  • Author
Posted
45 minutes ago, craigr said:

Also binhex, I have been meaning to ask, is your Q&A number 21 and 22 up to date?  I can't get rid of the cypher error for example.

  

2024-07-23 23:49:40,899 DEBG 'start-script' stdout output:
2024-07-23 23:49:40 DEPRECATED OPTION: --cipher set to 'aes-256-gcm' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-07-23 23:49:40 WARNING: file 'credentials.conf' is group or others accessible

 

well strictly speaking its not an error, its a deprecation ;-), not sure of the fix for that off the top of my head tbh.

  • Haha 1
Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
52 minutes ago, craigr said:

Also binhex, I have been meaning to ask, is your Q&A number 21 and 22 up to date?  I can't get rid of the cypher error for example.

  

2024-07-23 23:49:40,899 DEBG 'start-script' stdout output:
2024-07-23 23:49:40 DEPRECATED OPTION: --cipher set to 'aes-256-gcm' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305). OpenVPN ignores --cipher for cipher negotiations. 
2024-07-23 23:49:40 WARNING: file 'credentials.conf' is group or others accessible

 

try this, open your openvpn config file, change this line:- 

cipher aes-256-gcm

to:- 

data-ciphers AES-256-GCM

taken from here:- https://discuss.freedombox.org/t/solved-openvpn-depreciated-cipher/2625

  • Like 1
Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
7 hours ago, Penurious said:

No worries, I appreciate you taking a look. I might have to try a new vendor. My subscription with IPVanish is about to expire end of August anyway.

PIA are still doing OK in my opinion, cheap and more importantly have a track record for 0 logging, their latest transparency report is out:- 

 

  • Like 1
Link to comment
jermcel Noob

jermcel

Posted
Posted

Having issues with PIA Port Forwarding OVPN's.  They just stopped working in the last few days and I don't know why.  I was using CA Toronto. 

I queried the API to get valid port forward endpoints using the following:

 

$ curl -s https://serverlist.piaservers.net/vpninfo/servers/v6 | head -n1 | jq -r '.regions | .[] | select(.port_forward) | .name' | sort

 

I have tried every other Canada endpoint as well as Netherlands, Berlin and Mexico, but I get this in the log each time.

 

2024-07-26 08:11:36,228 DEBG 'start-script' stdout output:
[info] Script started to assign incoming port for 'pia'
[info] Port forwarding is enabled
[info] Checking endpoint 'de-berlin.privacy.network' is port forward enabled...

2024-07-26 08:11:37,275 DEBG 'start-script' stdout output:
[info] PIA endpoint 'de-berlin.privacy.network' is NOT in the list of endpoints that support port forwarding shown below:-

2024-07-26 08:11:38,324 DEBG 'start-script' stdout output:
[info] List of PIA endpoints that support port forwarding:-
[info] Script finished to assign incoming port

 

Am I missing something that has changed at PIA?  Can someone point me in the right direction?

Link to comment
strike Collaborator

strike

Posted
Posted

@binhex Do you use tailscale by any chance, or know the solution to this? It seems like when magic dns is enabled in tailscale I get no name resolution. When I disable magic dns it works. Delugevpn runs on custom bridge if that helps. I want to be able to use magic dns AND run containers on my custom bridge. When magic dns is on I just get this in the log:

  

2024-07-27 17:45:20.608155 [info] Host is running unRAID
2024-07-27 17:45:20.619784 [info] System information Linux 240d22a544ac 6.1.99-Unraid #1 SMP PREEMPT_DYNAMIC Tue Jul 16 10:06:03 PDT 2024 x86_64 GNU/Linux
2024-07-27 17:45:20.632875 [info] SHARED_NETWORK not defined (via -e SHARED_NETWORK), defaulting to 'no'
2024-07-27 17:45:20.645890 [info] PUID defined as '99'
2024-07-27 17:45:20.663483 [info] PGID defined as '100'
2024-07-27 17:45:20.688469 [warn] UMASK not defined (via -e UMASK), defaulting to '000'
2024-07-27 17:45:20.705787 [info] Permissions already set for '/config'
2024-07-27 17:45:20.719737 [info] Deleting files in /tmp (non recursive)...
2024-07-27 17:45:20.741498 [info] VPN_ENABLED defined as 'yes'
2024-07-27 17:45:20.755572 [warn] VPN_CLIENT not defined (via -e VPN_CLIENT), defaulting to 'openvpn'
2024-07-27 17:45:20.769771 [info] VPN_PROV defined as 'airvpn'
2024-07-27 17:45:20.786684 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/AirVPN_Netherlands_UDP-443-Entry3_linux.ovpn
2024-07-27 17:45:20.818304 [info] VPN remote server(s) defined as 'nl3.vpn.airdns.org,'
2024-07-27 17:45:20.831414 [info] VPN remote port(s) defined as '443,'
2024-07-27 17:45:20.844451 [info] VPN remote protcol(s) defined as 'udp,'
2024-07-27 17:45:20.861209 [info] VPN_DEVICE_TYPE defined as 'tun0'
2024-07-27 17:45:20.877452 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2024-07-27 17:45:20.890771 [info] NAME_SERVERS defined as '84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
2024-07-27 17:45:20.904216 [debug] iptables default policies available, setting policy to drop...
2024-07-27 17:45:20.919792 [debug] ip6tables default policies available, setting policy to drop...
2024-07-27 17:45:24.947585 [debug] Having issues resolving name 'nl3.vpn.airdns.org', sleeping before retry...
2024-07-27 17:45:33.980620 [debug] Having issues resolving name 'nl3.vpn.airdns.org', sleeping before retry...

 

Link to comment
strike Collaborator

strike

Posted
Posted
3 minutes ago, binhex said:

sorry no, what is 'magic dns'?

I just found the solution myself, working now. Magic dns is an option in tailscale that let you use hostnames instead of IP adresses to access your devices in an tailscale network when remote.  In other words, it works just as you where on that particular network. If somebody else stumbles upon this. The solution was to run  

tailscale up --accept-dns=false

 

When set to false it will use your local dns and if set to true it will use tailescale dns servers and overwrite /etc/resolv.conf which get copied to all freshly started containers from the host.

 

I just tested this now and both magic dns (on the other tailscale clients) and local dns on the unraid server is now working. I suspect magic dns will not work on the server when I have this set to false. But it isn't really needed on the server as all the clients connect to the server and not the other way around.

Link to comment
craigr Collaborator

craigr

Posted
Posted (edited)
On 7/24/2024 at 10:41 AM, binhex said:

well strictly speaking its not an error, its a deprecation ;-), not sure of the fix for that off the top of my head tbh.

 

On 7/24/2024 at 10:50 AM, binhex said:

try this, open your openvpn config file, change this line:- 

cipher aes-256-gcm

to:- 

data-ciphers AES-256-GCM

taken from here:- https://discuss.freedombox.org/t/solved-openvpn-depreciated-cipher/2625

 

Thanks for trying 🙂

  

2024-07-28 03:05:45,045 DEBG 'start-script' stdout output:
2024-07-28 03:05:45 Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

 

It just kinda cracks me up that it's the same "deprecation" message ;-)

 

"Computer says noooo... cough"

Edited by craigr
Link to comment
craigr Collaborator

craigr

Posted
Posted
On 7/24/2024 at 10:41 AM, binhex said:

well strictly speaking its not an error, its a deprecation ;-), not sure of the fix for that off the top of my head tbh.

 

What's crazy is PIA doesn't seem to allow any cipher to be defined due to their own errors.

Link to comment
EDACerton Enthusiast

EDACerton

Posted
Posted
On 7/27/2024 at 2:39 PM, strike said:

I just tested this now and both magic dns (on the other tailscale clients) and local dns on the unraid server is now working. I suspect magic dns will not work on the server when I have this set to false. But it isn't really needed on the server as all the clients connect to the server and not the other way around.

This is correct on both counts -- setting accept-dns to false will prevent MagicDNS from working on the server, but that's almost never needed.

 

My usual recommendation for anyone running Tailscale is to turn MagicDNS off for the Unraid server unless you have a specific need to use it.

Link to comment
heisenberg06 Noob

heisenberg06

Posted
Posted

Hello,

I've been switching from surfshark to ProtonVPN on my delugeVPN container (especially to enable port forwarding and seed properly), and i believe i configured everything as described in the help page Q31/A31 from vpn.md in github.

In my deluge configuration under Network,

 

  • in the Incoming ports the port is maintained automatically (as per history of "supervisord.log")
  • in the Outgoing ports, "use random ports" is ticked
  • in the Network Extras all the check boxes are ticked (UPNP, NAT-PMP, Peer Exchange, LSD, DHT)

Is my configuration optimized, should i untick anything ?

Because I have a fiber internet connexion and i have 8Gb in upload and download and would like to maximize also the upload rate as much as possible, i only see peaks around 1.3MiB/s , and in download i can reach 65 MiB/s.

 

Let me know if anything could be adjusted to maximize especially the upload speed (to also maximize my ratio)

 

Cheers!

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
52 minutes ago, heisenberg06 said:

Hello,

I've been switching from surfshark to ProtonVPN on my delugeVPN container (especially to enable port forwarding and seed properly), and i believe i configured everything as described in the help page Q31/A31 from vpn.md in github.

In my deluge configuration under Network,

 

  • in the Incoming ports the port is maintained automatically (as per history of "supervisord.log")
  • in the Outgoing ports, "use random ports" is ticked
  • in the Network Extras all the check boxes are ticked (UPNP, NAT-PMP, Peer Exchange, LSD, DHT)

Is my configuration optimized, should i untick anything ?

Because I have a fiber internet connexion and i have 8Gb in upload and download and would like to maximize also the upload rate as much as possible, i only see peaks around 1.3MiB/s , and in download i can reach 65 MiB/s.

 

Let me know if anything could be adjusted to maximize especially the upload speed (to also maximize my ratio)

 

Cheers!

That all sounds correct to me, not sure why you are suffering low ul rates, just double check the incoming port is visible from the outside, Please see Q9 from the following link:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

  • Like 1
Link to comment
heisenberg06 Noob

heisenberg06

Posted
Posted (edited)

I went to the website to test the port and it is opened. The only discrepancy i see is : at the bottom right of WebUI of Deluge i have an IP that is slightly different from IP mentionned in supervisord.log. The one specificed in supervisord.log is the correct one as the port is opened on this IP and not on the IP seen at the bottom in the UI of deluge.

 

Also i see these warnings in the supervisord.log:

 

  • 2024-08-06 13:02:48,025 DEBG 'watchdog-script' stdout output:
  • [warn] Incoming port site 'https://canyouseeme.org/' failed to web scrape, marking as failed
  •  
  • [warn] Incoming port site 'https://ifconfig.co/port/64055' failed json download, marking as failed

 

Don't know if this could be problematic but these warnings are happening quite often

Edit: I also used the OVPN file with TCP and not UDP, could it be problematic ?

Edited by heisenberg06
Link to comment
medmad Noob

medmad

Posted
Posted

Just upgraded to unraid 6.12.11 and starting up all my plugins and dockers and I am having problems with setting up the binhex delugevpn docker. I am using a disk installed with unassigned devices as the storage location for my download location. Once the container starts and you get to the web interface for deluge it shows an error in the bottom left corner of the interface (freespace in download folder). I think my problem is in the way that I have configured the SMB shares but not sure how to correct the problem. I cannot seem to configure the unassigned device that I want to use as an SMB share. Any help would be great. I posted this in unRaid general support but not sure if I should post in delugevpn support or unassigned device plugin support.

Link to comment
strike Collaborator

strike

Posted
Posted
5 hours ago, medmad said:

Just upgraded to unraid 6.12.11 and starting up all my plugins and dockers and I am having problems with setting up the binhex delugevpn docker. I am using a disk installed with unassigned devices as the storage location for my download location. Once the container starts and you get to the web interface for deluge it shows an error in the bottom left corner of the interface (freespace in download folder). I think my problem is in the way that I have configured the SMB shares but not sure how to correct the problem. I cannot seem to configure the unassigned device that I want to use as an SMB share. Any help would be great. I posted this in unRaid general support but not sure if I should post in delugevpn support or unassigned device plugin support.

Post your docker run command or a screenshot of your delugvpn docker template settings. And also a screenshot of the download section in the deluge webui. 

Link to comment
jermcel Noob

jermcel

Posted
Posted
On 7/26/2024 at 8:23 AM, jermcel said:

Having issues with PIA Port Forwarding OVPN's.  They just stopped working in the last few days and I don't know why.  I was using CA Toronto. 

I queried the API to get valid port forward endpoints using the following:

 

$ curl -s https://serverlist.piaservers.net/vpninfo/servers/v6 | head -n1 | jq -r '.regions | .[] | select(.port_forward) | .name' | sort

 

I have tried every other Canada endpoint as well as Netherlands, Berlin and Mexico, but I get this in the log each time.

 

2024-07-26 08:11:36,228 DEBG 'start-script' stdout output:
[info] Script started to assign incoming port for 'pia'
[info] Port forwarding is enabled
[info] Checking endpoint 'de-berlin.privacy.network' is port forward enabled...

2024-07-26 08:11:37,275 DEBG 'start-script' stdout output:
[info] PIA endpoint 'de-berlin.privacy.network' is NOT in the list of endpoints that support port forwarding shown below:-

2024-07-26 08:11:38,324 DEBG 'start-script' stdout output:
[info] List of PIA endpoints that support port forwarding:-
[info] Script finished to assign incoming port

 

Am I missing something that has changed at PIA?  Can someone point me in the right direction?

Bumping this.  I still have not resolved this issue and I am not sure what the problem is.  Can someone point me in the right direction.  Regardless of what PIA endpoint I choose, DelugeVPN says it is not in the list of endpoints that support port forwarding.

image.thumb.png.9ca29646d004da000e26c9f8ff239446.png

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
1 hour ago, jermcel said:

Bumping this.  I still have not resolved this issue and I am not sure what the problem is.  Can someone point me in the right direction.  Regardless of what PIA endpoint I choose, DelugeVPN says it is not in the list of endpoints that support port forwarding.

image.thumb.png.9ca29646d004da000e26c9f8ff239446.png

set STRICT_PORT_FORWARD to 'no' if you do not want an incoming port or switch to one of the endpoints listed in the log that does support port forwarding.

Link to comment
jermcel Noob

jermcel

Posted
Posted (edited)
1 hour ago, binhex said:

set STRICT_PORT_FORWARD to 'no' if you do not want an incoming port or switch to one of the endpoints listed in the log that does support port forwarding.

This is going to sound dumb, but here goes.  I am looking in the supervisord.log but I don't know where the "list" of approved items are at.  It is only showing "Info" level logs and I am not sure where to find this or how to elevate the supervisord.log to be verbose.  Am I looking in the wrong spot?  I tried setting the config for Debug to true, but that does not increase or provide the info in the log either.

Edited by jermcel
Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
6 minutes ago, JonathanM said:

, first is the ipmangle, I thought that was no longer an issue

mangle is still checked for and it CAN be dynamically loaded so generally that can be ignored, i may remove that from being logged.

The real weird issue here is that the list of port forward enabled endpoints is not being generated, which is leading to a false detection of the endpoint NOT being in the list, i need to account for that in the code, but the strange thing is i literally just restarted my container now and i got the list of port forward enabled endpoints no issue, so maybe it is a transitory issue, from @jermcel log:-
  

2024-08-08 12:46:41,868 DEBG 'start-script' stdout output:
[info] PIA endpoint 'ca-toronto.privacy.network' is NOT in the list of endpoints that support port forwarding shown below:-

2024-08-08 12:46:42,607 DEBG 'start-script' stdout output:
[info] List of PIA endpoints that support port forwarding:-

2024-08-08 12:46:42,608 DEBG 'start-script' stdout output:
[info] Script finished to assign incoming port

 

Link to comment
jermcel Noob

jermcel

Posted
Posted

Okay...I have resolved this issue finally.  It is always something small.  

 

In my ovpn file I have several remote access points that allow port forwarding

 

******

remote ca-toronto.privacy.network 1198
remote ca-montreal.privacy.network 1198
remote ca-vancouver.privacy.network 1198
remote de-berlin.privacy.network 1198
remote de-frankfurt.privacy.network 1198
remote france.privacy.network 1198
remote czech.privacy.network 1198
remote ro.privacy.network 1198

************

 

I did this incase an endpoint goes down that it would go to the next one.

 

I did a double check against PIA servers again for port forward enabled endpoints using this Curl command.  

curl.exe -s https://serverlist.piaservers.net/vpninfo/servers/v6 | head -n1 | jq -r '.regions | .[] | select(.port_forward) | .name' | sort

 

I checked the results against my ovpn list and it appears that Spain was removed from the port forward enabled endpoints.  

So the lesson learned here is that if your ovpn file has multiple endpoints and one of those is removed from the list in PIA, it will not connect correctly.  Once I removed Spain, it connected just fine.

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
Just now, jermcel said:

I checked the results against my ovpn list and it appears that Spain was removed from the port forward enabled endpoints.  

That is a good catch!, but ultimately the list of endpoints should of been shown, so something else was going on here - unless you removed them from the log file?.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...