[Support] binhex - SABnzbdVPN


Recommended Posts

I've been working on this for a while, mostly just cleaning up/reorganizing the keys, port and paths to match what deluge has, so it was easier to compare (I wish there was an easy way to simply re-organize the existing entries).

 

I added yes|no as default to fields where that's the option and true|false to the debug field, and all those fields show an arrow button to let you just pick.

 

I'm not sure why the sabnzbdvpn container includes these keys, but delugevpn doesn't

 

VPN_OPTIONS

NAME_SERVERS

UMASK

PUID

PGID

ADDITIONAL_PORTS

 

I have no idea what would go in VPN_OPTIONS, and it remains blank

I removed the entry in NAME_SERVERS

I left UMASK, PUID & PGID with the values that were there

I have no need for additional ports, so it remains blank

 

I also re-created Host Port 3 to use 8100, so it wasn't the same as deluge, and I didn't have to change just the container path.

 

when I saved, I kept getting a duplicate /config error

 

I finally clicked on the show more settings line in blue at the bottom and found a hidden container path, and once I removed that, the container saved properly and started.

 

Viola!  it's working again.

 

TLDL; remove the NAME_SERVERS list from that field and all works again.

 

If there is some reason those need to be there, I'd love to know, but as of now, the GUI loads, and it seems to work fine again.

 

I don't know any way to confirm it's actually using the VPN with this change, but I do have it enabled, and per binhex, it will not load GUI if VPN isn't connected, so I assume it's all good now.

settings1.jpg

settings2.jpg

Link to comment
9 minutes ago, JustinChase said:

I'm not sure why the sabnzbdvpn container includes these keys, but delugevpn doesn't

 

VPN_OPTIONS

NAME_SERVERS

UMASK

PUID

PGID

ADDITIONAL_PORTS

err it does have all those env vars and more, you must have a VERY out of date template if they are missing those env vars.

 

10 minutes ago, JustinChase said:

I have no idea what would go in VPN_OPTIONS, and it remains blank

the correct decision, this is for advanced openvpn options, only use this if you know what you are doing.

11 minutes ago, JustinChase said:

I removed the entry in NAME_SERVERS

not such a good decision, this defines the name servers used when the tunnel is up, if you remove this then it will fall back to defaults.

12 minutes ago, JustinChase said:

I left UMASK, PUID & PGID with the values that were there

I have no need for additional ports, so it remains blank

fine and fine again.

12 minutes ago, JustinChase said:

TLDL; remove the NAME_SERVERS list from that field and all works again.

this is not the fix, trust me, more likely this is it:-

13 minutes ago, JustinChase said:

I finally clicked on the show more settings line in blue at the bottom and found a hidden container path, and once I removed that, the container saved properly and started.

 

Link to comment
32 minutes ago, binhex said:

err it does have all those env vars and more, you must have a VERY out of date template if they are missing those env vars.

 

the correct decision, this is for advanced openvpn options, only use this if you know what you are doing.

not such a good decision, this defines the name servers used when the tunnel is up, if you remove this then it will fall back to defaults.

fine and fine again.

this is not the fix, trust me, more likely this is it:-

 

yeah, i grabbed your deluge and sab containers right after docker was added to unraid.  I was unaware you'd expanded the template, and I don't know how to get the new template, or update the one I have.

 

I'd like to get the newest, but don't want to 'start over' having to reset everything.

 

I tested sab with the name servers in place, and it didn't work, removed them and it worked, added them and it didn't work, and finally removed them to get it to work.

 

After reading this, I added them back again to triple check before writing this, and now it is working with the name servers in there.

 

I don't think removing the /config path was the issue, since it wasn't even saving the config, and the container was actually getting orphaned until I found and removed the duplicate.  Then it saved and started, but i still couldn't get to the GUI.  Maybe it was just taking a long time.

 

Regardless, it's working, with the name servers, and downloading a small file as a test (I have really terribly slow internet).

 

If you know a good/easy way to get my template up to date with your latest, I'd like to do that.

 

i wonder if there is any way to do that automatically, or at least get notified when you make updates, since I had no idea until you said so.

 

Thanks again for all you do, and for your help.

 

 

***Forgot to ask; what is best practice for handling both sab and deluge having port 8118 in the template.  Once one is saved, the next give an error because that port is already used.  I gather that port is for privoxy, but I'm not sure how best to handle the conflict.  I assume just assign a container port, but it seems odd to force us to figure this out, since both templates have 8118 as the container template by default also.

Edited by JustinChase
forgot to ask
Link to comment
7 hours ago, JustinChase said:

If you know a good/easy way to get my template up to date with your latest, I'd like to do that.

easiest way is to expand all options (with advanced view showing) and screenshot the entire page.

 

then delete the existing 'My' template and finally go into CA and re-install, then re-enter the values you have in the screenshot, not ideal i know but thats the best way of doing it to my knowledge.

 

7 hours ago, JustinChase said:

Forgot to ask; what is best practice for handling both sab and deluge having port 8118 in the template.  Once one is saved, the next give an error because that port is already used.  I gather that port is for privoxy, but I'm not sure how best to handle the conflict.  I assume just assign a container port, but it seems odd to force us to figure this out, since both templates have 8118 as the container template by default also.

simply change the host side port to a port number that isnt in use, e.g. 8119, or remove the port entirely if you arent using privoxy for one of the containers.

 

whilst it might seem a bit odd to use the same port for multiple templates, not everybody is running multiple vpn containers, and having a different port for each docker image would be a support headache, not to mention a coding headache.

Link to comment
On 4/3/2020 at 9:53 AM, binhex said:

ok well it could simply be a vpn provider outage, to confirm its nothing else please do the following:-

https://github.com/binhex/documentation/blob/master/docker/faq/help.md

 

Purevpn is continuing to give troubles.... I just registered an openvpn account with MULLVAD. Worked out of the box.... Also does WIRESHARK by the way... Would be nice if we could get the option to use that within the container also ?

 

(EDIT) BTW... MULLVAD is -extremely fast... I am getting 60MB/s where purevpn would give me 5/6 MB/s for the same content..

Edited by Helmonder
Link to comment
18 hours ago, Helmonder said:

Also does WIRESHARK by the way... Would be nice if we could get the option to use that within the container also ?

ive had a few requests for wireguard, but its non trivial so im shying away from it for now.

 

18 hours ago, Helmonder said:

(EDIT) BTW... MULLVAD is -extremely fast... I am getting 60MB/s where purevpn would give me 5/6 MB/s for the same content..

yeah ive heard mullvad are pretty good, purevpn are crap from all accounts.

Link to comment

Well, I'm still having trouble.  Same thing with both binhex-delugevpn and binhex-sabnzbdvpn.  Works fine with the VPN_ENABLED set to "no".  Once I turn that setting to "yes", can't get to the gui.  It seems to start fine, gives me a green play sign on the docker tab.  But I cannot access the WebUI to see what's going on.

Link to comment
15 hours ago, mikesp18 said:

Well, I'm still having trouble.  Same thing with both binhex-delugevpn and binhex-sabnzbdvpn.  Works fine with the VPN_ENABLED set to "no".  Once I turn that setting to "yes", can't get to the gui.  It seems to start fine, gives me a green play sign on the docker tab.  But I cannot access the WebUI to see what's going on.

please do the following:-

https://github.com/binhex/documentation/blob/master/docker/faq/help.md

Link to comment

Hi.

 

In the description it says, "It also includes Privoxy to allow unfiltered access to index sites, to use Privoxy please point your application at "host ip:8118"

 

Can anyone tell me what that means?  I have been using it with PIA VPN (am getting ready to change so I went back to see if there were updates and noticed that description) and didn't know I could (should?) be using a proxy?

 

Link to comment
14 minutes ago, tucansam said:

Hi.

 

In the description it says, "It also includes Privoxy to allow unfiltered access to index sites, to use Privoxy please point your application at "host ip:8118"

 

Can anyone tell me what that means?  I have been using it with PIA VPN (am getting ready to change so I went back to see if there were updates and noticed that description) and didn't know I could (should?) be using a proxy?

 

Q3:-

https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Link to comment
13 minutes ago, mikesp18 said:

well this is def your issue:-

2020-05-21 10:46:51,069 DEBG 'start-script' stdout output:
Thu May 21 10:46:51 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu May 21 10:46:51 2020 TLS Error: TLS handshake failed

2020-05-21 10:46:51,070 DEBG 'start-script' stdout output:

so i would get hold of the latest ovpn file from your vpn privider and all certificates as well and update what you have in /config/openvpn/ something is out of date or your vpn provider is having issues with the endpoint you are connecting to.

Link to comment
1 hour ago, binhex said:

well this is def your issue:-


2020-05-21 10:46:51,069 DEBG 'start-script' stdout output:
Thu May 21 10:46:51 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu May 21 10:46:51 2020 TLS Error: TLS handshake failed

2020-05-21 10:46:51,070 DEBG 'start-script' stdout output:

so i would get hold of the latest ovpn file from your vpn privider and all certificates as well and update what you have in /config/openvpn/ something is out of date or your vpn provider is having issues with the endpoint you are connecting to.

Huh.  TheOVPN file is the one I downloaded from the provider, SlickVPN (should I just change VPN provider?) It's worth mentioning that I've been using this service under Windows for a while without major issues, and the username and password work fine.

 

There are not any certificates to download, like the PIA config files have, maybe this is a problem.  This is the info in the OVPN file. Does this help?

remote gw2.ams1.slickvpn.com 443 udp

# host/port of vpn server

# prompt for authentication
auth-user-pass credentials.conf

# equivalent to pull, tls-client
client

# redirect all outgoing traffic to the vpn gateway
redirect-gateway

# verify the server certificate for authenticity
remote-cert-tls server

cipher AES-256-CBC

proto udp
dev tun
keepalive 10 120
nobind

persist-key

# ssl certificate / key used for tls
#ca certs/ca.crt

<ca>
-----BEGIN CERTIFICATE-----
MIIDQDCCAqmgAwIBAgIJAM8Brk2pUr0KMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4x
DDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkq
hkiG9w0BCQEWA1ZQTjAeFw0xMjAzMDMwMjExNDJaFw0yMjAzMDEwMjExNDJaMHQx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQK
EwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4x
EjAQBgkqhkiG9w0BCQEWA1ZQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
wY2K08N7or1Br/EsD9XBon7gs7dKflWYuymgMLJfeMFWuJloNdsn+3GARIhYBbN6
zhvFGFE214qKPqAydW1WmIIK7KoC0sgndr+Vk/au9gssFzVmmvr6+WN/nfo2L9Kv
vBMoYLrMAiyw/D4cRapZi2pXJLcMDfC+p1VWAX8TYWkCAwEAAaOB2TCB1jAdBgNV
HQ4EFgQUmyvO4rTnu5/ABnp0FngU+SdR8WAwgaYGA1UdIwSBnjCBm4AUmyvO4rTn
u5/ABnp0FngU+SdR8WCheKR2MHQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEM
MAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UE
AxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAM8Brk2p
Ur0KMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAoB0kOuGvrzPBTIRX
IDHCCxBMdny+3sKAOllmH4+51j2aWhAJ4Pyc/yBTYyQGNoriABjmNzp+R05oiaxA
D3vTgR80juKDPtQb8LoGLBF18gL7Vtc3+hJXcJasXZaDSSoyh5f+TtGvytIT+ece
JWIrKnFXzlHOvKlyLkcZn15gwKQ=
-----END CERTIFICATE-----
</ca>

 

Link to comment
20 minutes ago, mikesp18 said:

Huh.  TheOVPN file is the one I downloaded from the provider, SlickVPN (should I just change VPN provider?) It's worth mentioning that I've been using this service under Windows for a while without major issues, and the username and password work fine.

 

There are not any certificates to download, like the PIA config files have, maybe this is a problem.  This is the info in the OVPN file. Does this help?


remote gw2.ams1.slickvpn.com 443 udp

# host/port of vpn server

# prompt for authentication
auth-user-pass credentials.conf

# equivalent to pull, tls-client
client

# redirect all outgoing traffic to the vpn gateway
redirect-gateway

# verify the server certificate for authenticity
remote-cert-tls server

cipher AES-256-CBC

proto udp
dev tun
keepalive 10 120
nobind

persist-key

# ssl certificate / key used for tls
#ca certs/ca.crt

<ca>
-----BEGIN CERTIFICATE-----
MIIDQDCCAqmgAwIBAgIJAM8Brk2pUr0KMA0GCSqGSIb3DQEBBQUAMHQxCzAJBgNV
BAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4x
DDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkq
hkiG9w0BCQEWA1ZQTjAeFw0xMjAzMDMwMjExNDJaFw0yMjAzMDEwMjExNDJaMHQx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEMMAoGA1UEBxMDVlBOMQwwCgYDVQQK
EwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UEAxMDVlBOMQwwCgYDVQQpEwNWUE4x
EjAQBgkqhkiG9w0BCQEWA1ZQTjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
wY2K08N7or1Br/EsD9XBon7gs7dKflWYuymgMLJfeMFWuJloNdsn+3GARIhYBbN6
zhvFGFE214qKPqAydW1WmIIK7KoC0sgndr+Vk/au9gssFzVmmvr6+WN/nfo2L9Kv
vBMoYLrMAiyw/D4cRapZi2pXJLcMDfC+p1VWAX8TYWkCAwEAAaOB2TCB1jAdBgNV
HQ4EFgQUmyvO4rTnu5/ABnp0FngU+SdR8WAwgaYGA1UdIwSBnjCBm4AUmyvO4rTn
u5/ABnp0FngU+SdR8WCheKR2MHQxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEM
MAoGA1UEBxMDVlBOMQwwCgYDVQQKEwNWUE4xDDAKBgNVBAsTA1ZQTjEMMAoGA1UE
AxMDVlBOMQwwCgYDVQQpEwNWUE4xEjAQBgkqhkiG9w0BCQEWA1ZQToIJAM8Brk2p
Ur0KMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADgYEAoB0kOuGvrzPBTIRX
IDHCCxBMdny+3sKAOllmH4+51j2aWhAJ4Pyc/yBTYyQGNoriABjmNzp+R05oiaxA
D3vTgR80juKDPtQb8LoGLBF18gL7Vtc3+hJXcJasXZaDSSoyh5f+TtGvytIT+ece
JWIrKnFXzlHOvKlyLkcZn15gwKQ=
-----END CERTIFICATE-----
</ca>

 

the tls error really is telling you that openvpn client is unable to communicate with the vpn endpoint you are attempting to connect to, if you can switch the endpoint/server you are connecting to then try that, else you will need to contact your vpn provider for further help, or simply switch vpn provider, mullvad are top dog at the mo.

Link to comment

Hello, 

 

Only recently joined as I'm in the process of migrating from Synology to unRaid. I wanted to firstly say many thanks for all of your work on this fantastic programme, it has been running perfectly for several weeks on my Synology once I got it set up after reading this forum. 

 

Today however I have updated my DSM to the latest pushed OS version (6.2.3-25426) and after a restart SabnzbdVPN is throwing up the following error;

Quote

2020-05-28 18:14:29,360 DEBG 'start-script' stdout output:

Thu May 28 18:14:29 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)

Thu May 28 18:14:29 2020 Exiting due to fatal error

 

I've tried;

*Replacing the configuration file from NordVPN, 

*Deleting all files and the docker image followed by a complete fresh reinstall, 

*Logged into NordVPN directly to ensure that there are no issues with my account, 

*Checked that NordVPN has no issues, 

*Tried another configuration file for another NordVPN server location,

*Double checked all parameters / variables within the docker image (these have not been touched since initial setup). 

*Read the linked sabnzbdvpn documentation. 

 

Unfortunately however I am still receiving the same error message and nothing seems to work. Any help would be greatly appreciated. 

 

 

***Update***

After endless Googling I find a page with the following details, which worked (I have know idea what I've just done following the below, but I'm hoping it hasn't made me system vulnerable);

 

Check if you have the tun module installed:

❯ lsmod | grep tun

 

If the result comes out empty, try installing it:

❯ insmod /lib/modules/tun.ko

 

Now let’s make sure the tun.ko module works as expected:

❯ mkdir /dev/net

❯ mknod /dev/net/tun c 10 200

❯ chmod 600 /dev/net/tun

❯ cat /dev/net/tun

 

If the result of the cat command was "File descriptor in bad state", it means the module has been correctly installed.

 

The module installation needs to be made persistent otherwise on every Synology restart, you’ll have to repeat the insmod command.

 

Create the following file to run on every system boot:

❯ cat <<EOF > /usr/local/etc/rc.d/tun.sh #!/bin/sh -e

 

insmod /lib/modules/tun.ko EOF

 

Make the script executable:

❯ chmod a+x /usr/local/etc/rc.d/tun.sh

 

Reboot your Synology NAS or execute the script manually once. Done!

 

Edited by Mike12421
Solution found
Link to comment
  • 4 weeks later...

I've been getting this error lately:

 

Server news.newsdemon.com uses an untrusted certificate [Certificate hostname mismatch: the server hostname is not listed in the certificate. This is a server issue.] - Wiki: https://sabnzbd.org/certificate-errors

 

I can't seem to figure this one out.   I'm using NordVPN and have tried different config files. In my OpenVPN folder, there is ...udp.ovpn, .crt, and .key files along with the credentials.conf file.  

 

I checked the server here: and it looks as though the certificates are good.  Hoping someone has some insight on this.

Thanks.

Link to comment
5 hours ago, chizll said:

I can't seem to figure this one out.   I'm using NordVPN and have tried different config files. In my OpenVPN folder, there is ...udp.ovpn, .crt, and .key files along with the credentials.conf file.  

i very much doubt the issue is related to the vpn, it looks like its a root certificate that needs updating in the image, i will push an update out and hopefully this should resolve your issue, look out for a new image in about an hour.

Link to comment
10 minutes ago, binhex said:

i very much doubt the issue is related to the vpn, it looks like its a root certificate that needs updating in the image, i will push an update out and hopefully this should resolve your issue, look out for a new image in about an hour.

Ok, thank you!

Link to comment

Hi, 

 

Unfortunately I've been getting the following error a couple of times a day for the past few weeks;

 

Server News.newsgroup.Ninja uses an untrusted certificate [Certificate hostname mismatch: the server hostname is not listed in the certificate. This is a server issue.] - Wiki: https://sabnzbd.org/certificate-errors

 

I thought it would just go away on its own and I thought it had after you addressed the certificate issue above, however its just happened again. 

 

Any advice would be greatly appreciated. 

Link to comment

Hi eki eki eki patang, I hope you're well.

 

I wonder if you'd be able to assist me with an issue that I am having please. I have installed SABNZBDVPN and have set up the VPN configuration and it appears to be set up ok and the docker starts fine. The issue I am having is the WebUI doesn't load at all for me when activated. When I turn off the VPN within the settings the WebUI loads just fine. I have tried this with 2 separate VPN's and neither work. I also tried my access on my friends server who has the exacts same set up as me and it worked just fine for him.

 

I also downloaded binhex DelugeVPN and I am also having the same issue with that too.

 

I wondered if you may know what might be the cause of this?

Link to comment
19 hours ago, Mike12421 said:

Hi, 

 

Unfortunately I've been getting the following error a couple of times a day for the past few weeks;

 

Server News.newsgroup.Ninja uses an untrusted certificate [Certificate hostname mismatch: the server hostname is not listed in the certificate. This is a server issue.] - Wiki: https://sabnzbd.org/certificate-errors

 

I thought it would just go away on its own and I thought it had after you addressed the certificate issue above, however its just happened again. 

 

Any advice would be greatly appreciated. 

This issue still persists on my end.  I don't think it' has been addressed yet

Link to comment
3 minutes ago, chizll said:

This issue still persists on my end.  I don't think it' has been addressed yet

Hi, 

 

Thanks for the update......I thought it might have been just my setup. 

 

I have three usenet providers so it hasn't had a massive impact on me up to now, but I am thinking about dropping Newsgroup.ninja. 

 

Regards. 

Link to comment
2 hours ago, chizll said:

This issue still persists on my end.  I don't think it' has been addressed yet

i think you will find the issue persists on newsgroup ninja's end, the cert they use does not match their server name, so your connection is no longer secured correctly and is potentially susceptible to a 'man in the middle' attack. this image is fully up to date so should include the latest root and intermediate CA certs.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.