[Support] binhex - SABnzbdVPN


Recommended Posts

Update: I was able to make this work by adding the 'ncp-disable' flag to the ovpn file. Not really a  great solution, but it allows use of the latest version of the Docker. No other changes or additions needed to the ovpn file as downloaded from PIA, just adding this directive. It's a cheat as it stops any renegotiation of ciphers and forces use of the one defined in the (deprecated) 'cipher' directive so will likely fail again in the future.

I've also seen posts elsewhere that suggest this does indeed vary by PIA server and that the Toronto server is the best behaved at the moment. 🤨

Link to comment
1 hour ago, ctyke said:

Here is mine, I don't see "cipher aes-256-cbc" in yours. 

 


client
dev tun
proto udp
remote ca-toronto.privacy.network 1197
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-256-cbc
data-ciphers-fallback aes-256-gcm
auth sha256
tls-client
remote-cert-tls server

auth-user-pass
compress
verb 1
reneg-sec 0
<crl-verify>

 

Using the "openvpn-strong-nextgen" files from PIA and only adding the line "data-ciphers-fallback aes-256-gcm" to the OVPN file in use worked instantly.  In other words, copy ctyke's shown above.

Edited by DoItMyselfToo
Link to comment
1 hour ago, Lignumaqua said:

Update: I was able to make this work by adding the 'ncp-disable' flag to the ovpn file. Not really a  great solution, but it allows use of the latest version of the Docker. No other changes or additions needed to the ovpn file as downloaded from PIA, just adding this directive. It's a cheat as it stops any renegotiation of ciphers and forces use of the one defined in the (deprecated) 'cipher' directive so will likely fail again in the future.

I've also seen posts elsewhere that suggest this does indeed vary by PIA server and that the Toronto server is the best behaved at the moment. 🤨

Had to use this to get it back up and running. the suggested answer given before just didnt work for me at all. i tried several servers and standard and strong files but couldnt get it working unfortunately. this will do as a temporary fix. 

 

EDIT

 

Just an FYI and may have absolutely 0 to do with this but, on privoxyvpn I updated my files replaced everything except credentials.conf and it just worked. I didnt edit anything in the .ovpn file. I used the swiss server and was using the strong files. These however do not work with sabnzb for me.   

Edited by tazire
Link to comment

The newest version is working perfectly for me! If you are still having trouble and getting errors when using PIA try the following...

1) Download the new "NextGen" OpenVPN Configuration files from: https://www.privateinternetaccess.com/pages/download#

2) In your appdata folder replace the following files from the configuration files you just downloaded:

appdata/binhex-sabnzbdvpn/ca.rsa.2048.crt

appdata/binhex-sabnzbdvpn/crl.rsa.2048.pem

appdata/binhex-sabnzbdvpn/***.ovpn (*** the server of your choice)

3) Update the container with your PIA username and password (NOT the PPTP/L2TP/SOCKS username and password)

4) Restart SAB....you should be good to go.  

Link to comment
56 minutes ago, tazire said:

Had to use this to get it back up and running. the suggested answer given before just didnt work for me at all. i tried several servers and standard and strong files but couldnt get it working unfortunately. this will do as a temporary fix. 

 

EDIT

 

Just an FYI and may have absolutely 0 to do with this but, on privoxyvpn I updated my files replaced everything except credentials.conf and it just worked. I didnt edit anything in the .ovpn file. I used the swiss server and was using the strong files. These however do not work with sabnzb for me.   

I'm experiencing this as well. I tried all of the fixes mentioned here and nothing is working. My behavior may be a bit different though. Downloading works. What isn't working is the proxy. Interestingly, I also use binhex-delugevpn and it is working fine. I never swapped that container to PIA nextgen though. 

Link to comment

I'm hoping this is not complicated, and I feel like it should be fairly straight forward, but I wanted to check here first. I currently have the binhex-sabnzbd docker installed on my Unraid machine. I would like to move to the binhex-sabnzbdvpn container. Is there a way I can migrate all of my data from the current container to the sabnzbdvpn container? 

Link to comment
10 hours ago, Lignumaqua said:

Update: I was able to make this work by adding the 'ncp-disable' flag to the ovpn file. Not really a  great solution, but it allows use of the latest version of the Docker. No other changes or additions needed to the ovpn file as downloaded from PIA, just adding this directive. It's a cheat as it stops any renegotiation of ciphers and forces use of the one defined in the (deprecated) 'cipher' directive so will likely fail again in the future.

I've also seen posts elsewhere that suggest this does indeed vary by PIA server and that the Toronto server is the best behaved at the moment. 🤨

ive done some more testing this morning and came to the conclusion that the newer openvpn client option 'data-ciphers-fallback aes-256-gcm' does not work with ALL PIA endpoints, so i have now changed the documentation to recommend setting the following legacy options, this works for the troublesome endpoints that i was looking at yesterday night, so its the best we got right now until PIA can fix their shit (thanks pia! - again!!).

 

add/replace the cipher line with the following and add ncp-disable (if not present):-

cipher aes-256-gcm
ncp-disable

make sure you remove this line (if present):-

data-ciphers-fallback aes-256-gcm

 

Link to comment
26 minutes ago, tazire said:

does anyone know if PIA even realise this issue? Is it something they are actively working on or even in a queue to be fixed?

i would bloody hope so as its their misconfiguration on their servers, but yeah pia have dropped the ball a number of times so far so it wouldn't surprise me if they wern't aware of it - feel free to raise a support ticket with pia.

 

they are going to get more and more heat on this screw up, as openvpn 2.5 is now the latest stable, and this no longer hides the issue and correctly errors out, highlighting the misconfiguration (latest image now includes openvpn 2.5).

Edited by binhex
Link to comment
14 hours ago, David2376 said:

The newest version is working perfectly for me! If you are still having trouble and getting errors when using PIA try the following...

1) Download the new "NextGen" OpenVPN Configuration files from: https://www.privateinternetaccess.com/pages/download#

2) In your appdata folder replace the following files from the configuration files you just downloaded:

appdata/binhex-sabnzbdvpn/ca.rsa.2048.crt

appdata/binhex-sabnzbdvpn/crl.rsa.2048.pem

appdata/binhex-sabnzbdvpn/***.ovpn (*** the server of your choice)

3) Update the container with your PIA username and password (NOT the PPTP/L2TP/SOCKS username and password)

4) Restart SAB....you should be good to go.  

Step #3 fixed my issue! Thanks I was loosing my mind with this!

Link to comment

I've found the fix for the issue.... PIA have not updated their stack of ovpn config files. You need to go into their config file generator ( https://www.privateinternetaccess.com/pages/ovpn-config-generator ) and generate the .ovpn file for your particular server. I did this and replaced it with the existing .ovpn file and its working as it should... no need to make any changes to the file. 

 

EDIT

 

Just FYI... I chose nextgen servers and openvpn Version 2.4 or newer... and windows platform (by accident but it worked)... Switzerland server

Edited by tazire
Link to comment
1 hour ago, tazire said:

I've found the fix for the issue.... PIA have not updated their stack of ovpn config files. You need to go into their config file generator ( https://www.privateinternetaccess.com/pages/ovpn-config-generator ) and generate the .ovpn file for your particular server. I did this and replaced it with the existing .ovpn file and its working as it should... no need to make any changes to the file. 

 

EDIT

 

Just FYI... I chose nextgen servers and openvpn Version 2.4 or newer... and windows platform (by accident but it worked)... Switzerland server

I don't think so I'm afraid - at least, not for all servers.  The nextgen 2.4+ ovpn file from the config file generator for the Bahamas server is essentially the same as the zip file version, and doesn't work without adding in npc-disable.

Link to comment
12 minutes ago, David2376 said:

All servers are working for me.....You have to use your PIA username and password in the container. For some reason PPTP/L2TP/SOCKS username and password are not being accepted. 

I always have used that username and pw. Most recent update seems to have revealed that I was wrong. back to the same issue as before. facepalm!

Link to comment
On 11/2/2020 at 5:34 PM, DoItMyselfToo said:

Using the "openvpn-strong-nextgen" files from PIA and only adding the line "data-ciphers-fallback aes-256-gcm" to the OVPN file in use worked instantly.  In other words, copy ctyke's shown above.

This was the answer right here. Had to download the "Strong" Nextgen files and insert that line. Instantly started working. 

Link to comment
On 11/3/2020 at 3:43 PM, tazire said:

I've found the fix for the issue.... PIA have not updated their stack of ovpn config files. You need to go into their config file generator ( https://www.privateinternetaccess.com/pages/ovpn-config-generator ) and generate the .ovpn file for your particular server. I did this and replaced it with the existing .ovpn file and its working as it should... no need to make any changes to the file. 

 

EDIT

 

Just FYI... I chose nextgen servers and openvpn Version 2.4 or newer... and windows platform (by accident but it worked)... Switzerland server

 

FYI I started having problems (again) with the Toronto server, and my logs would repeatedly end with "Peer connection Initiated" and then it would go through the connect dance again. I used the config generator above (selected Linux and Nextgen), dropped it in the openvpn directory and the container was able to connect.

 

This docker has been a bastion of reliability until the last week... hopefully gets itself sorted.

Link to comment
3 hours ago, binhex said:

thanks for the detailed explanation of your issue \s, before i whip out my crystal ball can you tell me what 'issues' you are having?

Im sorry my intent was just to make a light comment. I expected for me not to be the only one and I know its frustrating when you think you are alone with issues so my comment was meant to let others know not alone. My issues have been mentioned already by others so I am just patiently waiting to see how solutions keep coming and I will keep trying, im positive as always a solution will come that will work.

Link to comment
35 minutes ago, NeoSys said:

I expected for me not to be the only one and I know its frustrating when you think you are alone with issues so my comment was meant to let others know not alone.

i think you are alone with your issue, thats why i need to know what it is, until that time i cannot help.

35 minutes ago, NeoSys said:

My issues have been mentioned already by others

and that issue is? i have looked at your profile and you have made no other posts in this thread.

Link to comment

@NeoSys - You aren't being clear, but just to try and clarify what I think is going on here if your 'issue' is with PIA.

 

1. PIA's support for OpenVPN V2.5 is very spotty and varies from server to server. 

2. I also think this is changing as they upgrade servers, so a server that worked yesterday might not today, or vice-versa.

3. As far as I can tell, best advice right now, no matter what cipher you are using, is to make sure you have the 'ncp-disable' line in your ovpn file. It might work without on some servers but it's a dynamic situation.

4. Also make sure you are using your PIA login username and password which start with p--------, not the SOCKS one.

 

Edited by Lignumaqua
Link to comment

I've been struggling with this too. I downloaded the strong files and dropped them in (Toronto). Before editing the opvn file, I restarted just to test and it worked!

 

My problem now is that Sonarr isn't going through the proxy. I tested this by opening the console and typing curl ifconfig.io and get my IP from my ISP. Doing the same with SAB's docker I get an IP in Toronto. If I change my browser to use the proxy it works. Any idea why?

 

Thanks

Link to comment
11 hours ago, jcato said:

I tested this by opening the console and typing curl ifconfig.io and get my IP from my ISP.

completely expected, a proxy server works at an application layer NOT an os layer, so unless you get curl to use the proxy then it will go out through your isp's connection.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.