[Support] binhex - DelugeVPN

MowMdown · September 9, 2017

55 minutes ago, krobson17 said:

Hello new user to the Deluge VPN docker but I have to say I am extremely impressed. One small issue that I'm hoping is a simple fix though. I am running 1.3.15 docker version, using PIA vpn and the netherlands ovpn file and cert. it appears that the fastest speed I am able to obtain is around 1 MB/s or about 8 Mb/s but doing the PIA speedtest from a win10 vm running on unraid shows a consistent speed to the netherlands server of around 100 mb/s. I'm looking in the docker logs and I noticed this line:

2017-09-08 18:53:59.496776 [warn] VPN_INCOMING_PORT not defined (via -e VPN_INCOMING_PORT), downloads may be slow

Could this be the issue?

Im using NordVPN on a P2P server and I also have this [warn] message, I too would like to know.

krobson17 · September 9, 2017

@MowMdown are you close to your full bandwidth or similar results as myself?

MowMdown · September 9, 2017

@krobson17 Same as you.

My connection maxes out around 1.2MiB in DelugeVPN and I have a 50Mbps fiber line.

normally though, its usually in the 600~700KiB range.

Edited September 9, 2017 by MowMdown

krobson17 · September 9, 2017

@MowMdown Ok glad to hear I'm not the only one having this issue. I was beginning to suspect it was an issue with PIA.

for reference in further troubleshooting I will be posting my startup log file below. (With username and pass redacted) Also worth noting that I have a 500 Mbps / 50 Mbps broadband connection.

DelugeVPN startup logs.txt

PeterB · September 9, 2017

Interesting that I recently set up with PIA, using the Netherlands server, and can achieve near to a full 50Mbps up and down. I didn't do anything to open/forward ports.

Experimenting with other VPN providers, my experience is that bandwidth is severely restricted. However, running speed tests is a little difficult within SE Asia at the moment, with a storm having knocked out some undersea cables close to HongKong.

My problem with PIA is that they don't mask the fact that I'm using VPN and this prevents me accessing BBC iPlayer. I'm trying to find a VPN service which supports DelugeVPN and allows access to iPlayer. ExpressVPN seems not to allow port forwarding, which restricts Deluge. PureVPN uses old MD5 certificates which are no longer accepted by latest versions of OpenSSL in DelugeVPN. Does anyone have experience of VyprVPN or can recommend other VPN providers?

This list of VPN providers who support port forwarding may be of interest. According to that, NordVPN does not allow port forwarding, so speeds will always be restricted.

MowMdown · September 9, 2017

17 minutes ago, PeterB said:

This list of VPN providers who support port forwarding may be of interest. According to that, NordVPN does not allow port forwarding, so speeds will always be restricted.

I knew they didn't port forward but they have P2P servers so I hoped that those specific servers has some kind of magic so my speeds weren't slow...

I guess I'm back to my search for a different VPN...

Edit: @krobson17 Just signed up with PIA and I still have the same warning as before.

Edited September 9, 2017 by MowMdown

PeterB · September 9, 2017

Further research suggests that Vypr, with their 'Chameleon' software, should do all I need. Chameleon, supposedly, hides the VPN proxy, and allows ports to be configured for forwarding. Their .ovpn files contain:

auth SHA256
cipher AES-256-CBC
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA

so I hope that there will be no problem with the latest OpenSSL.

However, their 'money back' offer only lasts for three days, so I need to make sure that I have sufficient time available to set up and test.

strike · September 9, 2017

1 hour ago, MowMdown said:

so I hoped that those specific servers has some kind of magic so my speeds weren't slow...

No vpn providers has magic servers.. To do p2p you MUST have an open incoming port to get decent speed. That is just the way it’s designed.

If you guys are using PIA, the only thing you must configure is VPN_PROV = PIA and STRICT_PORT FORWARD = yes. And you must be connected to one of the endpoints that support port forwarding. If you have done that, then this container will take care of the port forwarding for you automagically.

strike · September 9, 2017

1 hour ago, PeterB said:

Does anyone have experience of VyprVPN or can recommend other VPN providers?

I have tried vyprvpn (many years ago), PIA, Expressvpn and AirVPN. AirVPN is by far the best one of these, IMO anyway. AirVPN lets you mask that you’re using a vpn by connecting over SSH/SSL or even TOR. They also do some kind of sweet routing trick that lets you access certain websites like BBC iplayer form any of their endpoints, not just UK ones.

Regarding vyprvpn it might not work with delugevpn:

PeterB · September 9, 2017

1 hour ago, strike said:

Regarding vyprvpn it might not work with delugevpn:

Ooops, yes - I'd missed that. However, I'm not clear what Binhex has spotted in the log which indicates that it's a no-go. It all looks perfectly normal up to the UDP link remote. Then it just seems to hang, waiting 60 seconds for a timeout. Given that this is all a standard OpenVPN, it seems strange. I'm sure that Vypr does work with OpenVPN - perhaps this is another change in the latest OpenSSL?

What I've done with other providers is to connect to the docker with bash. Ensure that the start script has stopped, then try starting OpenVPN manually and see what happens. I can compare that with the same procedure on my Linux Mint desktop (using OpenSSL 1.0).

krobson17 · September 9, 2017

3 hours ago, strike said:

No vpn providers has magic servers.. To do p2p you MUST have an open incoming port to get decent speed. That is just the way it’s designed.

If you guys are using PIA, the only thing you must configure is VPN_PROV = PIA and STRICT_PORT FORWARD = yes. And you must be connected to one of the endpoints that support port forwarding. If you have done that, then this container will take care of the port forwarding for you automagically.

I still feel like I'm missing something because I double checked, everything was set as you described except I had Privoxy enabled. Disabled that and even changed my download location to my NVME SSD just to make sure it wasn't a disk limitation issue. Still not able to get above 1 MiB in Deluge connected to PIA's Netherlands server but on a win 10 machine running Utorrent and port forwarding through the PIA client connected to the same server I am seeing steady 25-30 MiB speeds.

zyke · September 9, 2017

I thought I was gonna be able to solve this on my own, but obviously I was mistaken.

supervisord.log provided.

It seems like I am not getting an IP address from the VPN provider. It works when trying it in Tunnelblick on my mac.

Second issue is that it all of the sudden is unable to resolve the VPN gateway addresses.

Issues:

Quote

2017-09-09 08:53:11,442 DEBG 'start-script' stdout output:
Sat Sep 9 08:53:11 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
[debug] Waiting for valid IP address from tunnel...

...

Quote

Sat Sep 9 08:53:11 2017 RESOLVE: Cannot resolve host address: openvpn4.integrity.st:1196 (Name or service not known)

...

Quote

Sat Sep 9 08:53:16 2017 RESOLVE: Cannot resolve host address: openvpn.integrity.st:1196 (Name or service not known)

Want to fix:

Files in /openvpn are set to chmod 777. Even if I set the umask to 377.

If you want me to provide more information, feel free to let me know.

UPDATE:

After reading into it I saw some people had problems with their DNS servers. So I did a dig on my VPN hostnames and received the IP addresses to the hostnames and added those as "remote" in the OpenVPN config instead. And:

2017-09-09 18:18:32,151 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address XXX.YYY.ZZZ.AAA

supervisord.log

Edited September 9, 2017 by zyke

MowMdown · September 9, 2017

10 hours ago, krobson17 said:

I still feel like I'm missing something because I double checked, everything was set as you described except I had Privoxy enabled. Disabled that and even changed my download location to my NVME SSD just to make sure it wasn't a disk limitation issue. Still not able to get above 1 MiB in Deluge connected to PIA's Netherlands server but on a win 10 machine running Utorrent and port forwarding through the PIA client connected to the same server I am seeing steady 25-30 MiB speeds.

I was able to get rid of my [warn] message about no VPN_INCOMING_PORT being defined.

Going to test my speeds here in a few minutes.

Seems to be downloading a lot quicker.

Add a Variable in the settings for Deluge

You want to add VPN_INCOMING_PORT and set it to 38265 (note this is for the NL server)

Edited September 9, 2017 by MowMdown

binhex · September 9, 2017

4 hours ago, MowMdown said:

I was able to get rid of my [warn] message about no VPN_INCOMING_PORT being defined.

Going to test my speeds here in a few minutes.

Seems to be downloading a lot quicker.

so im afraid this is just luck, that value is not actually used, its not currently wired up to do anything, it was an idea i had to allow people who are connecting to vpn providers that arent PIA and that have a statistically assigned incoming port, this then meant they didnt have the hassle of configuring the application to use the port as i would then use some coding to set it for them, but in hindsight i think its just too confusing for the average user, people tend to think they can connect to any vpn provider and setting this value will magically give them an incoming port, which is not the case.

so your supervisor log has highlighted one issue though that i have just resolved (pushed up, image not built yet), and that is dig will return cname as well as ip address, even in short format, this causes a poblem when writing to the hosts file, so i need to strip out cname and just use the resolved A record.

so onto your issue, so i dunno what vpn provider you're with, but unless they allow incoming ports you just wont get high dl speeds, its as simple as that, my recommendation, go with PIA or AirVPN, both high quality providers with incoming ports.

binhex · September 9, 2017

15 hours ago, PeterB said:

However, I'm not clear what Binhex has spotted in the log which indicates that it's a no-go

i saw no ping response from the endpoint specified in the ovpn file at the time (looks ok now), trying to use the (newer??) goldenfrog domain name did nothing to fix the issue, i just assumed they are going through changes and thus the issues, the hanging you commented about is a classic symptom of not being able to connect to the endpoint, unfortunately that is as far as i can take things (not using vypervpn), please feel free to dig further into the issue if you have an account with vypervpn.

MyKroFt · September 9, 2017

I have a VM that is a VPN forwarder on 192.168.0.3 - is there a way to tell rtorrent docker to use that connection for its outbound - this way multi devices can use the same connection to PIA

PeterB · September 10, 2017

3 hours ago, binhex said:

please feel free to dig further into the issue if you have an account with vypervpn.

Well, they have a three day 'money back' promise, so I may give it a try sometime. However, I chatted with a support person yesterday and learned two things:

1) He couldn't tell me whether their certificates are compatible with OpenSSL 1.1

2) Their 'chameleon' doesn't foil the latest BBC iPlayer blocking ... but they are working on it.

So, as far as I can tell, the only way to access iPlayer just now, is to use 'Unlocator'. Since unlocator works simply by changing dns servers, I presume that they are routing traffic through a proxy of some sort, and I'm not comfortable about doing that until I know more about exactly what they are doing.

Edited September 10, 2017 by PeterB

krobson17 · September 10, 2017

7 hours ago, binhex said:

so im afraid this is just luck, that value is not actually used, its not currently wired up to do anything, it was an idea i had to allow people who are connecting to vpn providers that arent PIA and that have a statistically assigned incoming port, this then meant they didnt have the hassle of configuring the application to use the port as i would then use some coding to set it for them, but in hindsight i think its just too confusing for the average user, people tend to think they can connect to any vpn provider and setting this value will magically give them an incoming port, which is not the case.

so your supervisor log has highlighted one issue though that i have just resolved (pushed up, image not built yet), and that is dig will return cname as well as ip address, even in short format, this causes a poblem when writing to the hosts file, so i need to strip out cname and just use the resolved A record.

so onto your issue, so i dunno what vpn provider you're with, but unless they allow incoming ports you just wont get high dl speeds, its as simple as that, my recommendation, go with PIA or AirVPN, both high quality providers with incoming ports.

Hi Binhex:

I just updated my docker to the latest version as I saw there was an update available. It appears that after the update I am still not able to achieve the same speeds for downloads that I do using Utorrent and port forwarding. I am using PIA and the netherlands server, and using the same hardware to test on both. averaging between 1-2 MiB in Deluge and on Utorrent with port forwarding I am averaging 20-30 MiB. Any ideas?

Ruckus42 · September 10, 2017

Others before me had this error, but I did not see a resolution:

Quote

Sun Sep 10 22:27:22 2017 neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.

No special characters in my password, and I have it defined in Key 3. Do I need to use --askpass somehow? And if so, is that something for Key 5? VPN_OPTIONS?

FYI, I'm using VPNSecure as my VPN service. Dunno how good or bad it is for this purpose yet.

supervisord.log

wgstarks · September 10, 2017

I'm seeing the same speeds (between 0 and 2MB/s) being reported by others. Deluge with PIA Netherlands. This docker is also really slowing down my system. CPU usage is very low (<5%) and network activity is also low of course, but my server really drags. Had to do a data rebuild on a disk replacement this weekend and realized that with Deluge running the rebuild ETA was being measured in months. Once I stopped the docker the rebuild proceeded at a decent speed. Makes me wonder if this isn't being caused by the number of files writing to the array even if most are doing it slowly? Right now I'm using a parity protected unRAID share for my Deluge /data path. Would it be better if I mounted a drive in UD via esata or USB3 for my /data instead of writing the torrents to a parity protected share?

binhex · September 11, 2017

@krobson17 @wgstarks take a look at Q7 in the faq (link below) and check each point:-

wgstarks · September 11, 2017

4 minutes ago, binhex said:

@krobson17 @wgstarks take a look at Q7 in the faq (link below) and check each point:-

Thanks. I've tried playing around with the upload limit, but didn't seem to make much difference. My speeds never seem to exceed about 10% of the theoretical limit so setting the upload limit to 300MB/s didn't change anything. I almost never get more than 1MB upload speeds.

Honestly, I can live with the slow speeds. My real concern is why the docker is bogging down my server so badly. IDK, maybe the two problems are related?

binhex · September 11, 2017

They could be related, its a possibility, if your array is for some reason suffering with poor performance (high fragmentation, low free disk space, or disk issues) then writing to the array will result in low speeds for deluge as well.

tbh most people write to a ssd cache drive to decrease the spin up time for their array, thus resulting in less load on the array, cheaper electricity bills and better write performance, so i would encourage you to consider this for both /config and /data, it may well fix your speed problems :-).

binhex · September 11, 2017

On 10/09/2017 at 1:43 PM, Ruckus42 said:

Others before me had this error, but I did not see a resolution:

No special characters in my password, and I have it defined in Key 3. Do I need to use --askpass somehow? And if so, is that something for Key 5? VPN_OPTIONS?

FYI, I'm using VPNSecure as my VPN service. Dunno how good or bad it is for this purpose yet.

supervisord.log

no VPN_USER or VPN_PASS defined, or did you remove them from the log to hide them?, if you didn't then you will need to add these in.

Ruckus42 · September 11, 2017

36 minutes ago, binhex said:

no VPN_USER or VPN_PASS defined, or did you remove them from the log to hide them?, if you didn't then you will need to add these in.

Odd, I have indeed entered them in correctly. Yep, Key 2 and Key 3. Just checked. Here's an updated file with the password manually redacted:

supervisord.log

Edit: I forgot to mention, I had to bump Host Port 5 up by one port number due to a clash with rutorrent on the unraid server. Does that make a difference?

Another edit: I swapped the ports between the two apps, but no change. So no, that's not an issue, apparently.

Edited September 11, 2017 by Ruckus42

[Support] binhex - DelugeVPN

Recommended Posts

Link to comment

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Ryanoc3ros

Dad_Rage

binhex

Posted Images

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Link to comment

Join the conversation