[Support] binhex - SABnzbdVPN

binhex

By binhex
in Docker Containers

Recommended Posts

Recommended

Posted by binhex,

There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A new image has now been rolled out for all vpn enabled docker images (25th Feb 2021) i produce with the fix in place, i would encourage everyone to update to the recently created 'latest' tagged image.   You can force the upgrade by toggling 'basic view' to 'advanced view' and then clicking on
Recommended by binhex
  • Thanks

1 reaction

Go to this post
tucansam Collaborator

tucansam

Posted
Posted

Here's something interesting:

 

root@ffs2:/mnt/disks# ls -al
total 0
drwxrwxrwx  4 nobody users  80 Jun 28 18:07 ./
drwxr-xr-x 12 root   root  240 Jun 28 19:17 ../
drwxrwxrwx  2 root   root    0 Jun 28 19:16 192.168.0.4_tv_shows/
drwxrwxrwx  5 nobody users 114 Jun 25 04:43 wd500/
root@ffs2:/mnt/disks# chown bob:users 192.168.0.4_tv_shows
root@ffs2:/mnt/disks# ls -al
total 0
drwxrwxrwx  4 nobody users  80 Jun 28 18:07 ./
drwxr-xr-x 12 root   root  240 Jun 28 19:17 ../
drwxrwxrwx  2 root   root    0 Jun 28 19:16 192.168.0.4_tv_shows/
drwxrwxrwx  5 nobody users 114 Jun 25 04:43 wd500/
root@ffs2:/mnt/disks#
 

 

I am using user "bob" to mount via SMB 192.168.0.4/tv_shows remotely, using unassigned devices.  Despite all attempts, I cannot change the mount point (the sab docker container mounts local "/mnt/disks/192.168.0.4_tv_shows" as its "/mnt/tv_shows" folder) permissions.

 

Despite 777 permissions, sab still can't seem to write to this folder.  Moreover, the file downloads, unpacks, and then the log shows the permissions error.  Meanwhile, the downloaded file, unpacked files, etc (all of which appear to happen without issue) are nowhere to be found, anywhere, they literally are gone.  So sab not only cannot unpack, but it nukes all of the working files even though the unpack failed.  Thus, I can't even retrieve the files from the download or working folders and move by hand.

 

Link to comment
  • Replies 1.6k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

binhex
binhex

hi guys, spotted the issue regards dos2unix.sh and corrected it, image now  building, should be done in around an hour.. then pull and you should be back up and running.

binhex
binhex

there are ongoing issues with PIA DNS, you can try setting NAME_SERVERS to the following (removes PIA DNS):- 84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1  

binhex
binhex

ok guys, spotted the issue. it was a legacy bug that the additional logging picked up causing the exit of sabnzbd (even though it was running). sadly i cannot currently build a new image with the fix

Posted Images

binhex Mentor

binhex

Posted
  • Author
Posted
7 hours ago, tucansam said:

Here's something interesting:

 

root@ffs2:/mnt/disks# ls -al
total 0
drwxrwxrwx  4 nobody users  80 Jun 28 18:07 ./
drwxr-xr-x 12 root   root  240 Jun 28 19:17 ../
drwxrwxrwx  2 root   root    0 Jun 28 19:16 192.168.0.4_tv_shows/
drwxrwxrwx  5 nobody users 114 Jun 25 04:43 wd500/
root@ffs2:/mnt/disks# chown bob:users 192.168.0.4_tv_shows
root@ffs2:/mnt/disks# ls -al
total 0
drwxrwxrwx  4 nobody users  80 Jun 28 18:07 ./
drwxr-xr-x 12 root   root  240 Jun 28 19:17 ../
drwxrwxrwx  2 root   root    0 Jun 28 19:16 192.168.0.4_tv_shows/
drwxrwxrwx  5 nobody users 114 Jun 25 04:43 wd500/
root@ffs2:/mnt/disks#
 

 

I am using user "bob" to mount via SMB 192.168.0.4/tv_shows remotely, using unassigned devices.  Despite all attempts, I cannot change the mount point (the sab docker container mounts local "/mnt/disks/192.168.0.4_tv_shows" as its "/mnt/tv_shows" folder) permissions.

 

Despite 777 permissions, sab still can't seem to write to this folder.  Moreover, the file downloads, unpacks, and then the log shows the permissions error.  Meanwhile, the downloaded file, unpacked files, etc (all of which appear to happen without issue) are nowhere to be found, anywhere, they literally are gone.  So sab not only cannot unpack, but it nukes all of the working files even though the unpack failed.  Thus, I can't even retrieve the files from the download or working folders and move by hand.

 

 

ok so i would dig more into the permissions being set via the unassigned disks plugin (something ive never used) also look to see if permissions can be set at the mount point and what the permissions are on the source file system, is /mnt/disks/192.168.0.4_tv_shows/ really set to user 'root' group 'root' as per your ls -al output?.

Link to comment
tucansam Collaborator

tucansam

Posted
Posted

I am half tempted to just start over from scratch.  The only dockers I am running are sab, sonarr, and plex.  I can rebuild all of it if necessary, or at least the sab/sonarr part.  I am in the process of moving my media to a new server, but its going to take about a week to transfer it over the network.  In the meantime I would like to continue to get media downloading; that media is stored on the old server that is being decomissioned.  Thus sab and sonarr will continue to need the unassigned devices mapping to the old server.

 

Permissions hadn't changed when the errors began, however now, of course, with all of my attempts to correct it, I've tried various permission changes here and there to no avail.

 

First question: will running "new perms" on a system with dockers effect anything adversely?  I am the primary user in the house, so of course my username is associated with nearly everything on the servers.  Can the dockers run as nobody, or root (dangerous?), etc?  I always get confused on this point, unix vs smb permissions, and I often have problems deleting files from certain shares as my username, usually having to log in from the command line as root to delete.

 

What are the preferred,generic permissions for docker/sab/sonarr/media folders etc?

 

Thanks.

Link to comment
  • 5 weeks later...
DreamsVoid Noob

DreamsVoid

Posted
Posted

Hi,

 

So I spent a short while trying to figure out why the VPN wasn't initializing, turns out the issue was my password.

I'm unsure why, but while it was being parsed, the $2 that was in there didn't get passed through... at all...

 

So with it failing to authorize, the VPN wouldn't start, therefore nor would SAB, WOO! FAQ was useful,

 

binhex, thanks for your good work, keep it up.

 

Cheers,

 

Log for good measure, maybe another issue is in there that I didn't notice :)

supervisord.log

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
On 30/05/2017 at 8:55 PM, binhex said:

Hi guys, so an important change is coming to this VPN docker image (and others in time - staggered change), in short i will be dropping the ability to configure the remote endpoint, tunnel device type, port, protocol and strong certs, instead the image will parse the ovpn file and use the values from the ovpn file.

 

Why am i doing this change?

1. less for the user to get wrong - if there are less env variables then hopefully there will be less chance of misconfiguration, im still seeing a fair bit of this happening.

2. less chance of mismatched configuration for endpoints - for certain vpn providers they require different ovpn options depending on the endpoint your connecting to, this will reduce this happening by forcing the user to download the correct ovpn file from the provider.

3. changes to port and/or certs wont break the image - currently i bake in the PIA ovpn file and cert, whilst this is convenient for the end user it also means any changes to either of these files breaks the image, thus a decision to push the responsibility of this back to the user is another reason to drop env vars.

4. No re-creation of Docker container - whilst this isnt a hassle for unraid users as we have a web ui (dynamix) to do this for us, for other users this is a big hassle, being able to switch endpoint by simply dropping in a new ovpn file is actually more convenient.

 

It does of course come with a couple of disadvantages:-

1. possible breakage during the switch over - im testing this right now and will be trying my hardest to not break any existing configuration, the aim of this is for you not to really notice the change, until of course you attempt to use the env vars to change your endpoint and discover it no longer does anything :-) (see below)

2. switching endpoint for PIA users is slightly more tricky - so when wanting to switch endpoint for PIA a end user would have to download the ovpn file for the endpoint they want to connect to, as opposed to just modifying the env var, which in some cases maybe taken as a disadvantage (slower, maybe?), but it would be relatively easy to keep a library of ovpn files and just drop in what you want to use or even edit the existing file, so its not too onerous.

 

So what do YOU have to do? - in short nothing, i have code in the latest release that ive just built that will sync up your env vars to the ovpn file, so when the final change occurs you shouldn't notice any changes, it should still connect to the same endpoint with the same port and protocol, After the date below if you wish to switch endpoint you will need to drop in the correct ovpn file (or edit it) to point at the endpoint you want to switch to, if you switch provider then you will need to download the ovpn file and all referenced certs, keys, etc.

 

So when is this happening? - the final switch over to using ovpn file only will be around the middle of June 2017, im leaving a gap to ensure all existing users have their env vars written to the ovpn file (will happen on start/restart of the docker after image update).

 

This work is now complete and will be active in the latest image, any issues please post your supervisord.log file (with debug turned on).

Link to comment
cyberrad Noob

cyberrad

Posted
Posted

Hey Binhex, I just updated to the newest version and recieve the following error:

 

2017-07-31 13:54:20.435434 [crit] VPN configuration file /config/openvpn//config/openvpn/custom.ovpn does not contain 'remote' line, exiting...

 

VPN_REMOTE is defined so I am unsure why it is not going to the custom.ovpn file.

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
1 hour ago, cyberrad said:

Hey Binhex, I just updated to the newest version and recieve the following error:

 

2017-07-31 13:54:20.435434 [crit] VPN configuration file /config/openvpn//config/openvpn/custom.ovpn does not contain 'remote' line, exiting...

 

VPN_REMOTE is defined so I am unsure why it is not going to the custom.ovpn file.

 

the values are now parsed from the ovpn file, can you post the contents of file /config/openvpn/custom.ovpn here, i would be interested to see how the remote line is formed.

Link to comment
rix Enthusiast

rix

Posted
Posted

Hi binhex, I am using your delugevpn and sabnzbdvpn containers simultaneously (for different countries, the latter for privoxy to use OCH/Scrape the Web).

 

On boot, it seems sabnzbd is always a bit too fast for the vpn to come up: 

[01/Aug/2017:11:34:12] ENGINE Error in HTTPServer.tick
Traceback (most recent call last):
  File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2024, in start
    self.tick()
  File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2091, in tick
    s, ssl_env = self.ssl_adapter.wrap(s)
  File "/opt/sabnzbd/cherrypy/wsgiserver/ssl_builtin.py", line 67, in wrap
    server_side=True)
  File "/usr/lib/python2.7/ssl.py", line 363, in wrap_socket
    _context=self)
  File "/usr/lib/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 840, in do_handshake
    self._sslobj.do_handshake()
error: [Errno 0] Error

This error message shows up after every (re)start of the container. Otherwise the connection is fine.

 

Secondly, the openvpn config is not recreated on my system. I tried to switch servers and had to manually edit the openvpn.conf to the new url/port/protocoll. Somehow the environment variables were unable to refresh the config file.

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
22 hours ago, rix said:

Hi binhex, I am using your delugevpn and sabnzbdvpn containers simultaneously (for different countries, the latter for privoxy to use OCH/Scrape the Web).

 

On boot, it seems sabnzbd is always a bit too fast for the vpn to come up: 


[01/Aug/2017:11:34:12] ENGINE Error in HTTPServer.tick
Traceback (most recent call last):
  File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2024, in start
    self.tick()
  File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2091, in tick
    s, ssl_env = self.ssl_adapter.wrap(s)
  File "/opt/sabnzbd/cherrypy/wsgiserver/ssl_builtin.py", line 67, in wrap
    server_side=True)
  File "/usr/lib/python2.7/ssl.py", line 363, in wrap_socket
    _context=self)
  File "/usr/lib/python2.7/ssl.py", line 611, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 840, in do_handshake
    self._sslobj.do_handshake()
error: [Errno 0] Error

This error message shows up after every (re)start of the container. Otherwise the connection is fine.

 

 

this is not to do with the vpn, its a known cosmetic bug in sabnzbd, the sabnzbd dev's have yet to fix it:- https://github.com/sabnzbd/sabnzbd/issues/853

 

22 hours ago, rix said:

Secondly, the openvpn config is not recreated on my system. I tried to switch servers and had to manually edit the openvpn.conf to the new url/port/protocoll. Somehow the environment variables were unable to refresh the config file.

 

switched from env vars to parse of ovpn file:-

 

 

Link to comment
rix Enthusiast

rix

Posted
Posted
1 hour ago, binhex said:

 

this is not to do with the vpn, its a known cosmetic bug in sabnzbd, the sabnzbd dev's have yet to fix it:- https://github.com/sabnzbd/sabnzbd/issues/853

 

 

switched from env vars to parse of ovpn file:-

 

 

Stupid me didn't bother to read the posts above. I just assumed things were still ENV-based. :P

 

The change makes sense, and should be much more robust for future users and provider switches.

 

Also thanks for the heads up on the SABnzbd bug. Seems to be of low priority,.. which makes sense for a cosmetic one.

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
7 hours ago, Alphairri said:

Hi,

I'm new to unRAID and everything pointed me to this thread.

I just loaded the docker for binhex-sabnzbdvpn and placed the *.ovpn file to  /mnt/user/appdata/binhex-sabnzbdvpn/openvpn/custom.ovpn

I am using NewsHosting as my VPN provider.

Set Host Path 2: /mnt/user/downloads/

Set Key 2/3/4: user/pass/custom

Set Key 8: 192.168.1.0/24

 

After starting and going to the WebUI, I get: "This site can’t be reached. 192.168.1.34 refused to connect"

 

Any help would be really appreciated!

 

follow these steps:-

 

 

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
3 minutes ago, IrishBiker said:

Not a problem, here is the file

supervisord.log

 

ok spotted the issue, for some bizare reason you have two remote lines in your ovpn file:-

  

remote uk8.ibvpn.com 1196
remote uk8.ibvpn.com 1196

so you need to remove one of these lines in the file /config/openvpn/ibVPN_UK_Manchester_2.ovpn save it and then restart the container.

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted
32 minutes ago, bhinkle50 said:

I'm getting the no remote error as well. I removed the container and re-installed and it's still present. Attached is my supervisord.log file.

 

I don't see the script it's referencing in the /config directory, but I may not have followed the container paths correctly.

 

 

 

 

supervisord.log

 

well its not lying, you def have no remote line there :-). so what have you got set for VPN_REMOTE and VPN_PORT via your env vars?, if you still have that then you need to edit the file /config/openvpn/openvpn.ovpn and add in the remote line like this:-

  

remote <the value of your env var VPN_REMOTE> <the value of your env var VPN_PORT>
  
e.g.:-
  
remote myfavvpn.provider.com 1234

If you dont know these values then the easiest thing is to re-download the ovpn file from your vpn provider and paste it into the /config/openvpn/ folder ensuring that you delete the old ovpn file.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing