[Support] binhex - SABnzbdVPN


1291 posts in this topic Last Reply

Recommended Posts

Hey Binhex, saw that you added wireguard support to the github README, but I don't think it's working (dockerhub doesn't seem to be updated). Just wanted to check if you were still working on it or if something was wrong. Thanks!
It will be integrated imminently I am just waiting to ensure there are no bugs - test tagged for delugevpn

Sent from my CLT-L09 using Tapatalk

Link to post
  • Replies 1.3k
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

hi guys, spotted the issue regards dos2unix.sh and corrected it, image now  building, should be done in around an hour.. then pull and you should be back up and running.

The new image has built so if you now pull down latest it should work as expected Sent from my EML-L29 using Tapatalk

ok guys, spotted the issue. it was a legacy bug that the additional logging picked up causing the exit of sabnzbd (even though it was running). sadly i cannot currently build a new image with the fix

Posted Images

On 10/5/2020 at 4:21 AM, binhex said:

@mikesp18 @Crilith @Necrodomis hi guys, i cannot replicate the issue with the latest tagged version here, so i suspect its a vpn provider related problem. i think what is going on is that the provider you are using does not set the default gateway to be the vpn tunnel and thus the gaterway ip is not identified. 

 

can you please try this as a fix:-

1. revert back to latest

2. edit the ovpn file in /config/openvpn/ and add the following line:-


redirect-gateway def1

3. save the ovpn file and restart the container.

 

let me know if this works, as i need to make some code changes to do this automatically for you.

@binhexDoes it matter where I insert the line in the *.ovpn file? I tried inserting and it didn't work. I tried reverting to a prior build with no success. Any insight? both binhex vpn of sab and deluge do not bring up the web-ui. 

 

It seems to just hang and doesn't start sab. (Same with deluge)

 

LOG.txt

Edited by fartrhino
Added information and addressing binhex
Link to post

Wireguard support got added and it's working great so far! Only issue I have is when I change the endpoint to a specific WG Server IP rather than a hostname it seems to fail? Is there any way to select a specific server IP? Thanks!

 

I used the script: https://github.com/pia-foss/manual-connections

 

To find a wireguard IP since my provider wants a static IP. And then I used that in place of the hostname for ENDPOINT in the conf file.

Edited by AD24
Link to post

Hi, 

 

I spotted over on the DelugeVPN thread that WireGuard had been implemented and so I've taken out a month subscription with PIA to try it out. 

 

Everything seemed to go well however once SabnzbdVPN starts in the log, I can't get the GUI to load? I don't see any errors in the log and so I was hoping someone could shed some light? 

 

Many thanks. 

 

SabnzbdVPN log;

20201011_150957.jpg

 

GUI won't load;

20201011_151301.jpg

 

My SabnzbdVPN settings;

20201011_151030.jpg

20201011_151128.jpg

20201011_151157.jpg

 

***Edit - DOH.....I didn't update the lan_network address (I've recently moved house), all working now. 

Edited by LoneTraveler
Link to post
Quote

Hi all,

 

I've been using sabnzbdvpn a several months now and am very happy with the work of binhex.

Since the last update however I'm having trouble to get it working. The log of the container shows:


2020-10-12 15:52:44,477 DEBG 'start-script' stdout output:
Use --help for more information.

2020-10-12 15:52:44,477 DEBG 'start-script' stdout output:
[info] Starting OpenVPN (non daemonised)...

2020-10-12 15:52:44,481 DEBG 'start-script' stdout output:
Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client

Could this be an issue caused by the .ovpn-files provided by my VPN-provider?

 

 

Nevermind!

I've found a workaround. I'm connecting to my VPN-provider over udp in stead of tcp.

 

 

Edited by esto
Found a workaround
Link to post

Hi, 

 

How can I force Sabnzbdvpn to recreate the wg0.conf file? 

 

I've just noticed that Sabnzbdvpn stopped during the night and each time I restart it, I get the following error;

 

[crit] VPN configuration file /config/wireguard/wg0.conf does not contain 'Endpoint' line, showing contents of file before exit...

 

Checking the file however reveals that it is completely blank? 

 

I'm at a loss as to what's happened during the night. 

 

***Edit - Simply deleting the file and restarting seems to have done the trick. 

Edited by LoneTraveler
Link to post

I am having an issue when I start any of the virtual machine services and reboot with it on its like BR_netfilter gets loaded first and iptables stop working and I cant access the gui of the sab container but everything else still works.  If I restart with virtual machine services turned off in unraid it works fine. both my VMs and my Dockers are using br0 and have ip address assigned to them in the 192.168.1.0/24 range and Lan_Network is set to 192.168.1.0/24. I also made sure that the echo "# force iptable mangle module to load (required for *vpn dockers)" >> /boot/config/go echo "/sbin/modprobe iptable_mangle" >> /boot/config/go was done as well.  Is this a issue with BR_netfilter https://serverfault.com/questions/963759/docker-breaks-libvirt-bridge-network ? Is there an easy way to solve this ? I just want to be able to run docker and VMs on the same bridge. 

Link to post

Guys ... same issues as othere here inasmuch as webui not accessible following recent update. How do i get back to 3.0.2-1-03 which appears to be the fix? I did try adding a line to ovpn file as suggested but did nothing and i'm not sure just where that line needs to be inserted as are others it seems so its back to 3.0.2-1-03 for me, but how do i get there?

 

I'm using PIA if it helps.

Edited by superloopy1
Link to post
39 minutes ago, superloopy1 said:

Guys ... same issues as othere here inasmuch as webui not accessible following recent update. How do i get back to 3.0.2-1-03 which appears to be the fix? I did try adding a line to ovpn file as suggested but did nothing and i'm not sure just where that line needs to be inserted as are others it seems so its back to 3.0.2-1-03 for me, but how do i get there?

 

I'm using PIA if it helps.

What worked for me; I switched from an .ovpn which connected over TCP to an .ovpn which connects over UDP. Does PIA support UDP? Give it a try.

Link to post

I have had the same issues on clean installed unraid server, it blocks the webui when using old vpn technology when using PIA, even if you add the line from earlier post. 

Switch over to the new technology copy new ovpn file, delete everything else in ovpn folder, restart sabnzbd, and it will work like charm. 

download link described at the support page of deluge vpn. 

 

( Q19. I see that PIA has a new network called 'Next-Gen', does *VPN Docker Images that you produce support this, and if so how do i switch over to it?

A19. Yes, it's now fully supported including port forwarding, if you want to switch from PIA's current network to the 'next-gen' network then please generate a new ovpn file using the following procedure:-

Please make sure you have the latest Docker Image by issuing a docker pull.

Download next-gen ovpn config file - Click on the following link and then click on 'View OpenVPN Configurations' , please download a ovpn file for next-gen:- https://www.privateinternetaccess.com/pages/download#

Extract the zip and copy ONE of the ovpn files and any other certs etc to /config/openvpn/, ensuring you either rename the extension or delete the old current-gen network ovpn file.

Restart the container and monitor /config/supervisord.log file for any issues.) 

 

thnx for all your hard works, Binhex. 

Edited by DeNiX
additional info
  • Like 2
  • Thanks 1
Link to post

Just want to put this in here if anyone else is tired and fighting with the nextgen server connection for privoxy and PIA.... make sure you change your credentials in the docker to be your PIA login, don't keep trying to use the PPTP/SOCKS user and pass... if you were totally coherent and able to see the AUTH_FAILED right away, you can save yourself a massive headache :D

Link to post

I'm attempting to utilize the new wireguard setup after a successful openvpn setup.  I use Torguard for my VPN service.  I have wireguard selected and I utilized the tool here https://torguard.net/tgconf.php?action=vpn-openvpnconfig for creating a wireguard config from Torguard.  I entered in my details as requested to generate the config.  I then started and stopped wireguard service and replaced the information in the wg0.conf file w/ my config information.  I verified that the information stays after booting up the container.  I also updated "Extra Parameters" to be "--privileged=true".  The container starts buts that is all I get.  I attached a screenshot of my settings w/ user and pwd temporarily removed.  I would appreciate any assistance.  Thank you in advance.

Screenshot_2020-10-27 Tower UpdateContainer.png

Screenshot_2020-10-27 Client Area - TorGuard.png

Link to post
On 10/20/2020 at 9:50 AM, DeNiX said:

I have had the same issues on clean installed unraid server, it blocks the webui when using old vpn technology when using PIA, even if you add the line from earlier post. 

Switch over to the new technology copy new ovpn file, delete everything else in ovpn folder, restart sabnzbd, and it will work like charm. 

download link described at the support page of deluge vpn. 

 

( Q19. I see that PIA has a new network called 'Next-Gen', does *VPN Docker Images that you produce support this, and if so how do i switch over to it?

A19. Yes, it's now fully supported including port forwarding, if you want to switch from PIA's current network to the 'next-gen' network then please generate a new ovpn file using the following procedure:-

Please make sure you have the latest Docker Image by issuing a docker pull.

Download next-gen ovpn config file - Click on the following link and then click on 'View OpenVPN Configurations' , please download a ovpn file for next-gen:- https://www.privateinternetaccess.com/pages/download#

Extract the zip and copy ONE of the ovpn files and any other certs etc to /config/openvpn/, ensuring you either rename the extension or delete the old current-gen network ovpn file.

Restart the container and monitor /config/supervisord.log file for any issues.) 

 

thnx for all your hard works, Binhex. 

Thank you for the instructions.  I could not get into the GUI for Sab and Sonarr and Radarr were not working.  I followed these steps and i am back up and running!  Much appreciated!  

Link to post

I just updated my docker that was running fine. then ii got the error message informing me to update the PIA files which i did.

Now i am stuck in a loop of this and nothing is working:

 

2020-11-02 01:39:27,541 DEBG 'start-script' stdout output:
2020-11-02 01:39:27 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRl....
-----END X509 CRL-----

2020-11-02 01:39:27 TCP/UDP: Preserving recently used remote address: [AF_INET]45.132.138.222:1198
2020-11-02 01:39:27 UDP link local: (not bound)
2020-11-02 01:39:27 UDP link remote: [AF_INET]45.132.138.222:1198

2020-11-02 01:39:27,771 DEBG 'start-script' stdout output:
2020-11-02 01:39:27 [georgia402] Peer Connection Initiated with [AF_INET]45.132.138.222:1198

2020-11-02 01:39:28,977 DEBG 'start-script' stdout output:
2020-11-02 01:39:28 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:AES-128-CBC') if you want to connect to this server.
2020-11-02 01:39:28 ERROR: Failed to apply push options
2020-11-02 01:39:28 Failed to open tun/tap interface

2020-11-02 01:39:28,978 DEBG 'start-script' stdout output:
2020-11-02 01:39:28 SIGHUP[soft,process-push-msg-failed] received, process restarting

2020-11-02 01:39:28,979 DEBG 'start-script' stdout output:
2020-11-02 01:39:28 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.

2020-11-02 01:39:28,979 DEBG 'start-script' stdout output:
2020-11-02 01:39:28 WARNING: file 'credentials.conf' is group or others accessible
2020-11-02 01:39:28 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020

2020-11-02 01:39:28,980 DEBG 'start-script' stdout output:
2020-11-02 01:39:28 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

2020-11-02 01:39:33,980 DEBG 'start-script' stdout output:
2020-11-02 01:39:33 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-11-02 01:39:33,980 DEBG 'start-script' stdout output:
2020-11-02 01:39:33 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJb.....
-----END X509 CRL-----

2020-11-02 01:39:33 TCP/UDP: Preserving recently used remote address: [AF_INET]45.132.138.211:1198
2020-11-02 01:39:33 UDP link local: (not bound)
2020-11-02 01:39:33 UDP link remote: [AF_INET]45.132.138.211:1198

any ideas?

Link to post
20 minutes ago, Random.Name said:

how did you generate the files? I just went with the download link provided.

no need to generate just follow this:

 

 

Q19. I see that PIA has a new network called 'Next-Gen', does *VPN Docker Images that you produce support this, and if so how do i switch over to it?

A19. Yes, it's now fully supported including port forwarding, if you want to switch from PIA's current network to the 'next-gen' network then please generate a new ovpn file using the following procedure:-

Please make sure you have the latest Docker Image by issuing a docker pull.

Download next-gen ovpn config file - Click on the following link and then click on 'View OpenVPN Configurations' , please download a ovpn file for next-gen:- https://www.privateinternetaccess.com/pages/download#

Extract the zip and copy ONE of the ovpn files and any other certs etc to /config/openvpn/, ensuring you either rename the extension or delete the old current-gen network ovpn file.

Restart the container and monitor /config/supervisord.log file for any issues.) 

Link to post
49 minutes ago, DeNiX said:

I see that PIA has a new network called 'Next-Gen', does *VPN Docker Images that you produce support this, and if so how do i switch over to it?

A19. Yes, it's now fully supported including port forwarding, if you want to switch from PIA's current network to the 'next-gen' network then please generate a new ovpn file using the following procedure:-

 

49 minutes ago, DeNiX said:

no need to generate just follow this:

 

 

Q19. I see that PIA has a new network called 'Next-Gen', does *VPN Docker Images that you produce support this, and if so how do i switch over to it?

A19. Yes, it's now fully supported including port forwarding, if you want to switch from PIA's current network to the 'next-gen' network then please generate a new ovpn file using the following procedure:-

Please make sure you have the latest Docker Image by issuing a docker pull.

Download next-gen ovpn config file - Click on the following link and then click on 'View OpenVPN Configurations' , please download a ovpn file for next-gen:- https://www.privateinternetaccess.com/pages/download#

Extract the zip and copy ONE of the ovpn files and any other certs etc to /config/openvpn/, ensuring you either rename the extension or delete the old current-gen network ovpn file.

Restart the container and monitor /config/supervisord.log file for any issues.) 

 

I did the above, tested both the NextGen recommended default and the strong version. Removed old keys and ovpn files, uploaded the new versions. Errors Below, seems somthing wrong with parameters.

 

 

2020-11-02 09:52:58,586 DEBG 'start-script' stdout output:
2020-11-02 09:52:58 DEPRECATED OPTION: --cipher set to 'aes-256-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-cbc' to --data-ciphers or change --cipher 'aes-256-cbc' to --data-ciphers-fallback 'aes-256-cbc' to silence this warning.

2020-11-02 09:52:58,586 DEBG 'start-script' stdout output:
2020-11-02 09:52:58 WARNING: file 'credentials.conf' is group or others accessible
2020-11-02 09:52:58 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020
2020-11-02 09:52:58 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

2020-11-02 09:53:03,586 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-11-02 09:53:03,587 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
9w0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMd
KydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5
JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8Pp
LN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKv
IdvU3vH9+EuILZKKIskt+1dwdfA5Bkz1GLmiQG7+9ZZBQUjBG9Dos4hfX/rwJ3eU
8oUIm4WoTz9rb71SOEuUUjP5NPy9HNx2vx+cVvLsTF4ZDZaUztW9o9JmIURDtbey
qxuHN3prlPWB6aj73IIm2dsDQvs3XXwRIxs8NwLbJ6CyEuvEOVCskdM8rdADWx1J
0lRNlOJ0Z8ieLLEmYAA834VN1SboB6wJIAPxQU3rcBhXqO9y8aa2oRMg8NxZ5gr+
PnKVMqag1x0IxbIgLxtkXQvxXxQHEMSODzvcOfK/nBRBsqTj30P+R87sU8titOox
NeRnBDRNhdEy/QGAqGh62ShPpQUCJdnKRiRTjnil9hMQHevoSuFKeEMO30FQL7BZ
yo37GFU+q1WPCplVZgCP9hC8Rn5K2+f6KLFo5bhtowSmu+GY1yZtg+RTtsA=
-----END X509 CRL-----


2020-11-02 09:53:03,587 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 TCP/UDP: Preserving recently used remote address: [AF_INET]89.36.76.131:1197
2020-11-02 09:53:03 UDP link local: (not bound)
2020-11-02 09:53:03 UDP link remote: [AF_INET]89.36.76.131:1197

2020-11-02 09:53:03,813 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 [berlin409] Peer Connection Initiated with [AF_INET]89.36.76.131:1197

2020-11-02 09:53:04,828 DEBG 'start-script' stdout output:
2020-11-02 09:53:04 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:AES-256-CBC') if you want to connect to this server.
2020-11-02 09:53:04 ERROR: Failed to apply push options
2020-11-02 09:53:04 Failed to open tun/tap interface"

 

Edited by Plopsadude
Link to post
1 minute ago, Plopsadude said:

 

Hi Binhex,

 

I did the above, tested both the NextGen recommended default and the strong version. Removed old keys and ovpn files, uploaded the new versions. Errors Below, seems somthing wrong with parameters.

 

 

"2020-11-02 09:52:58,586 DEBG 'start-script' stdout output:
2020-11-02 09:52:58 DEPRECATED OPTION: --cipher set to 'aes-256-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-256-cbc' to --data-ciphers or change --cipher 'aes-256-cbc' to --data-ciphers-fallback 'aes-256-cbc' to silence this warning.

2020-11-02 09:52:58,586 DEBG 'start-script' stdout output:
2020-11-02 09:52:58 WARNING: file 'credentials.conf' is group or others accessible
2020-11-02 09:52:58 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020
2020-11-02 09:52:58 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

2020-11-02 09:53:03,586 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-11-02 09:53:03,587 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
MIIDWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
9w0BAQ0FAAOCAgEAppFfEpGsasjB1QgJcosGpzbf2kfRhM84o2TlqY1ua+Gi5TMd
KydA3LJcNTjlI9a0TYAJfeRX5IkpoglSUuHuJgXhP3nEvX10mjXDpcu/YvM8TdE5
JV2+EGqZ80kFtBeOq94WcpiVKFTR4fO+VkOK9zwspFfb1cNs9rHvgJ1QMkRUF8Pp
LN6AkntHY0+6DnigtSaKqldqjKTDTv2OeH3nPoh80SGrt0oCOmYKfWTJGpggMGKv
IdvU3vH9+EuILZKKIskt+1dwdfA5Bkz1GLmiQG7+9ZZBQUjBG9Dos4hfX/rwJ3eU
8oUIm4WoTz9rb71SOEuUUjP5NPy9HNx2vx+cVvLsTF4ZDZaUztW9o9JmIURDtbey
qxuHN3prlPWB6aj73IIm2dsDQvs3XXwRIxs8NwLbJ6CyEuvEOVCskdM8rdADWx1J
0lRNlOJ0Z8ieLLEmYAA834VN1SboB6wJIAPxQU3rcBhXqO9y8aa2oRMg8NxZ5gr+
PnKVMqag1x0IxbIgLxtkXQvxXxQHEMSODzvcOfK/nBRBsqTj30P+R87sU8titOox
NeRnBDRNhdEy/QGAqGh62ShPpQUCJdnKRiRTjnil9hMQHevoSuFKeEMO30FQL7BZ
yo37GFU+q1WPCplVZgCP9hC8Rn5K2+f6KLFo5bhtowSmu+GY1yZtg+RTtsA=
-----END X509 CRL-----


2020-11-02 09:53:03,587 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 TCP/UDP: Preserving recently used remote address: [AF_INET]89.36.76.131:1197
2020-11-02 09:53:03 UDP link local: (not bound)
2020-11-02 09:53:03 UDP link remote: [AF_INET]89.36.76.131:1197

2020-11-02 09:53:03,813 DEBG 'start-script' stdout output:
2020-11-02 09:53:03 [berlin409] Peer Connection Initiated with [AF_INET]89.36.76.131:1197

2020-11-02 09:53:04,828 DEBG 'start-script' stdout output:
2020-11-02 09:53:04 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:AES-256-CBC') if you want to connect to this server.
2020-11-02 09:53:04 ERROR: Failed to apply push options
2020-11-02 09:53:04 Failed to open tun/tap interface"

 

https://github.com/binhex/arch-sabnzbdvpn/issues/18

Link to post

So I'm in the same spot.  I had a working SABVPN docker before I updated, and now it is broken.  I have tried everything suggested here and on github.  (Switching to RSA4096, adding cipher AES-128-GCM to my ovpn file, adding cipher AES-256-GCM to my ovpn file) and nothing seems to be working.  I keep getting a looping warning in the logs saying:

 

Quote

2020-11-02 09:35:44 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM') if you want to connect to this server.
2020-11-02 09:35:44 ERROR: Failed to apply push options
2020-11-02 09:35:44 Failed to open tun/tap interface

2020-11-02 09:35:44,766 WARN received SIGTERM indicating exit request
2020-11-02 09:35:44,766 DEBG killing watchdog-script (pid 165) with signal SIGTERM
2020-11-02 09:35:44,766 INFO waiting for start-script, watchdog-script to die
2020-11-02 09:35:44,767 DEBG 'start-script' stdout output:
2020-11-02 09:35:44 SIGHUP[soft,process-push-msg-failed] received, process restarting
2020-11-02 09:35:44 WARNING: file 'credentials.conf' is group or others accessible

 

Link to post

I was having the same problem.  I fixed it by REPLACING the cipher in the new opvn file with the AES-256-GCM.  In a newbie at this stuff so I was confused at first if I just needed to add a line or replace the existing line.  It also appears to be case sensitive so make sure the cipher is in all caps.  Also, making the changes in notepad on my windows machine would not work.  I had to use Atom to make the changes.  Hope this helps.   

Link to post

Tried everything here, every cipher listed, and nothing worked. Seems there might be some incompatibility between PIA and OpenVPN 2.5? Reverted Docker to previous release from 10 days ago and all is working again.

 

Of note I think is that the OVPN files from PIA, even the NextGen ones, use the deprecated cipher instruction as opposed to the new data-ciphers.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.