[Support] binhex - rTorrentVPN

binhex

By binhex
in Docker Containers

Recommended Posts

Recommended

Posted by binhex,

There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A new image has now been rolled out for all vpn enabled docker images (25th Feb 2021) i produce with the fix in place, i would encourage everyone to update to the recently created 'latest' tagged image.   You can force the upgrade by toggling 'basic view' to 'advanced view' and then clicking on
Recommended by binhex
  • Thanks

3 reactions

Go to this post
Recommended

Posted by binhex,

Not much, no, i have spent WAY too long trying to improve reliability for this image and its always been flaky AF so i've given up, my advise is to use deluge or qbittorrent, both of which do not crash (in my experience).   Notification - This image is now deprecated, no further images will be produced, locking this thread.
Recommended by JonathanM
  • Confused
  • Thanks

3 reactions

Go to this post
binhex Mentor

binhex

Posted
  • Author
Posted

I have it defined here on my unRAID set - its stores the log(s) - rtorrent and nginx config files, rutorrent plugin files and rtorrent session stuff

 

 

Myk

 

Ok, it seems like it found 9 supervisord.log files, not sure which one I should look so I will have to look in all of them and paste it here.

Could you just give me a sample path that i can use?, becuase I guess I can use any path on the docker container drive?

 

binhex:

http://pastebin.com/5dvmZKUD

here is the Supervisor.log file, I grabbed the entries from today.

 

Thanks allot for your hard work btw.

 

ok so you will DEF need a /config volume defined (see docker hub examples if your stuck) this is where all the configuration files for the apps are stored, once you have added this to the docker run command see how you get on, if your still having issues then please post the latest supervisord.log file.

Link to comment
  • Replies 3k
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

binhex
binhex

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).   What this means is that the im

Beta
Beta

@binhex Any plans to update this docker now when ruTorrent 4.0.1 is released? Seems like a very nice update from them.

binhex
binhex

its very possible that there was an issue with autodl-irssi at the time of the build (pulls from master branch), and this issue has now been resolved, so subsequent builds are ok, i will create a new

Posted Images

LaserAllan Noob

LaserAllan

Posted
Posted

I have it defined here on my unRAID set - its stores the log(s) - rtorrent and nginx config files, rutorrent plugin files and rtorrent session stuff

 

 

Myk

 

Ok, it seems like it found 9 supervisord.log files, not sure which one I should look so I will have to look in all of them and paste it here.

Could you just give me a sample path that i can use?, becuase I guess I can use any path on the docker container drive?

 

binhex:

http://pastebin.com/5dvmZKUD

here is the Supervisor.log file, I grabbed the entries from today.

 

Thanks allot for your hard work btw.

 

ok so you will DEF need a /config volume defined (see docker hub examples if your stuck) this is where all the configuration files for the apps are stored, once you have added this to the docker run command see how you get on, if your still having issues then please post the latest supervisord.log file.

 

 

http://pastebin.com/7CVXJN6Q

So I had to do a full system reinstall due to some hardware failures last night and I decided to go from Linuxmint to Ubuntu Server 1604 LTS and see if it's made any difference.

So far I had to move the "tracklabels" plugin into the rutorrent folder for the trackers to appear in the left in the client.

 

But....when I start the container and then head over to log into the interface it for at least 2-3 times gives me the "permission denied" error. In the client this results in it not loading anything. I can give you a screenshot of that as well if needed.

 

But let's say after a couple of refreshes it works for some reason.

 

Anyway, thanks again for this awesome container. When it works, its really damn good. I couldn't be happier.

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

OK so the permissions issue might be related to the user and group defined, does user root and group root have rwx on the folder you specified for data and config on the host side?

 

Sent from my SM-G900F using Tapatalk

 

 

Link to comment
LaserAllan Noob

LaserAllan

Posted
Posted

OK so the permissions issue might be related to the user and group defined, does user root and group root have rwx on the folder you specified for data and config on the host side?

 

Sent from my SM-G900F using Tapatalk

 

 

How do I check that?

Just login through SSH and then login as root and go to the folders and just "ls al"?

 

I guess i should say this becuase I don't think i have.

The way i have it setup is FreeNAS has an NFS share active that I then mount on the host thar run the docker container. But the config folder is on the host system that runs the container. While data is the NFS share from the NAS.

 

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

Will there be anything us end users need to do or be aware of in light of PIA's mandatory update of desktop clients and new openvpn config files?

https://www.privateinternetaccess.com/forum/discussion/21779/we-are-removing-our-russian-presence

 

PIA users please read

Due to changes in certificates and the increasing of the encryption used you will need to do the following (affects PIA users only):-

 

1. Go to unraid docker ui, left click rtorrentvpn icon, and select stop

2. Delete all files in /config/openvpn/ on the host

3. Go to unraid docker ui, left click rtorrentvpn icon, and select edit

4. Change the port number, normally 1194 to port 1198

5. Ciick save

 

The action of saving will not only change your config but will force the pulldown of the latest docker image (unraid docker updates bug causes updates not to show).

 

If anybody is seeing issues please screenshot your edit screen with advanced view switched on, also post the supervisord.log file (located in /config).

 

Link to comment
LaserAllan Noob

LaserAllan

Posted
Posted

If i am running this on a dockerhost, can't i just change the port with I do docker run and change it to 1198?

 

Ok, I can confirm that when I pulled the latest docker image, it for some won't let me connect to the UI of the client outside the host. So I had to do localhost:9080, any idea of what might be causing this becuase I seem to have rwx as root on the host system. here is how the permissions looks:

 

drwxrwxr-x 17 root root  21 Jul  8 19:53 a

drwxrwxr-x  7 root root 4096 Jul 10 16:12 c

a beeing the volume that has the /data and c beeing the volume that has the /config inside it.

 

 

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

If i am running this on a dockerhost, can't i just change the port with I do docker run and change it to 1198?

 

For non unraid users it would be :-

 

PIA users please read

Due to changes in certificates and the increasing of the encryption used you will need to do the following (affects PIA users only):-

 

1. Stop the docker container using "docker stop <containername>"

2. Remove the existing container using "docker rm -f <containername>"

3. Delete all files in /config/openvpn/ on the host

4. Make sure to recreate the docker run command with VPN_PORT specified as port 1198

 

If anybody is seeing issues please screenshot your edit screen with advanced view switched on, also post the supervisord.log file (located in /config).

 

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

Hi binhex,

The port 1198 is OK but not 1197 (The strong Certs)

 

//Peter

 

Ive concentrated on including the recommended default certs for now which as you have correctly identified run on port 1198 and work fine. if you want to use the stronger alternative then please try doing the following (not tested):-

 

1. download strong cert zip from pia

2. stop the docker container

3. delete all files in in /config/openvpn/

4. extract zip and copy over the endpoint ovpn file you want to use and also the .crt and .pem file to /config/openvpn/

5. left click the container icon in unraid and select edit, change the port number to 1197 and click save.

6. the action of saving should start the container, but if not started then manually start it.

 

let me know how you get on.

Link to comment
peter_sm Rising Star

peter_sm

Posted
Posted

It's OK ;-)

 

see log

 

usermod: no changes
[info] Env var PUID defined as 99
[info] Env var PGID defined as 100
[info] Permissions already set for /config and /data
chsh: Shell not changed.
Changing shell for nobody.
[info] Starting Supervisor...
2016-07-13 11:36:18,003 CRIT Set uid to user 0
2016-07-13 11:36:18,003 INFO Included extra file "/etc/supervisor/conf.d/rtorrent.conf" during parsing
2016-07-13 11:36:18,007 INFO supervisord started with pid 25
2016-07-13 11:36:19,009 INFO spawned: 'start-script' with pid 28
2016-07-13 11:36:19,010 INFO spawned: 'rtorrent-script' with pid 29
2016-07-13 11:36:19,011 INFO spawned: 'webui-script' with pid 30
2016-07-13 11:36:19,012 INFO spawned: 'privoxy-script' with pid 31
2016-07-13 11:36:19,018 DEBG 'rtorrent-script' stdout output:
[info] rTorrent config file already exists, skipping copy

2016-07-13 11:36:19,018 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,018 INFO success: rtorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,018 INFO success: webui-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,018 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,019 DEBG 'rtorrent-script' stdout output:
[info] Removing any rtorrent session lock files left over from the previous run...

2016-07-13 11:36:19,019 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2016-07-13 11:36:19,020 DEBG 'rtorrent-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-13 11:36:19,021 DEBG 'privoxy-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-13 11:36:19,027 DEBG 'start-script' stdout output:
[info] VPN provider defined as pia
[info] VPN config file (ovpn extension) is located at /config/openvpn/Sweden.ovpn

2016-07-13 11:36:19,031 DEBG 'start-script' stdout output:
[info] Env vars defined via docker -e flags for remote host, port and protocol, writing values to ovpn file...

2016-07-13 11:36:19,039 DEBG 'start-script' stdout output:
[info] VPN provider remote gateway defined as sweden.privateinternetaccess.com
[info] VPN provider remote port defined as 1197
[info] VPN provider remote protocol defined as udp

2016-07-13 11:36:19,045 DEBG 'start-script' stdout output:
[info] VPN provider username defined as xyz

2016-07-13 11:36:19,050 DEBG 'start-script' stdout output:
[info] VPN provider password defined as qwerty

2016-07-13 11:36:19,069 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2016-07-13 11:36:19,074 DEBG 'start-script' stdout output:
[info] Setting permissions recursively on /config/openvpn...

2016-07-13 11:36:19,082 DEBG 'start-script' stdout output:
[info] Adding 192.168.0.0/24 as route via docker eth0

2016-07-13 11:36:19,082 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2016-07-13 11:36:19,083 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3
192.168.0.0/24 via 172.17.0.1 dev eth0

2016-07-13 11:36:19,083 DEBG 'start-script' stdout output:
--------------------

2016-07-13 11:36:19,086 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2016-07-13 11:36:19,118 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2016-07-13 11:36:19,119 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1197 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1197 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A OUTPUT -d 192.168.0.0/24 -o eth0 -p tcp -m tcp --sport 5000 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2016-07-13 11:36:19,119 DEBG 'start-script' stdout output:
--------------------

2016-07-13 11:36:19,119 DEBG 'start-script' stdout output:
[info] nameservers

2016-07-13 11:36:19,120 DEBG 'start-script' stdout output:
nameserver 8.8.8.8
nameserver 8.8.4.4

2016-07-13 11:36:19,120 DEBG 'start-script' stdout output:
--------------------
[info] Starting OpenVPN...

2016-07-13 11:36:19,123 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:19 2016 OpenVPN 2.3.11 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 12 2016
Wed Jul 13 11:36:19 2016 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Wed Jul 13 11:36:19 2016 WARNING: file 'credentials.conf' is group or others accessible


2016-07-13 11:36:19,128 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:19 2016 UDPv4 link local: [undef]
Wed Jul 13 11:36:19 2016 UDPv4 link remote: [AF_INET]91.108.183.186:1197

2016-07-13 11:36:19,135 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:19 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this


2016-07-13 11:36:20,657 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:20 2016 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'

Wed Jul 13 11:36:20 2016 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'

Wed Jul 13 11:36:20 2016 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'

Wed Jul 13 11:36:20 2016 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'


2016-07-13 11:36:20,658 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:20 2016 [de4ecb0426b08cbd4a50b7ea3c94393c] Peer Connection Initiated with [AF_INET]91.108.183.186:1197

2016-07-13 11:36:23,150 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:23 2016 TUN/TAP device tun0 opened
Wed Jul 13 11:36:23 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jul 13 11:36:23 2016 /usr/bin/ip link set dev tun0 up mtu 1500

2016-07-13 11:36:23,150 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:23 2016 /usr/bin/ip addr add dev tun0 local 10.100.1.6 peer 10.100.1.5

2016-07-13 11:36:23,154 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:23 2016 Initialization Sequence Completed

2016-07-13 11:36:23,249 DEBG 'privoxy-script' stdout output:
[info] Privoxy set to disabled

2016-07-13 11:36:23,249 DEBG fd 24 closed, stopped monitoring <POutputDispatcher at 47966863479296 for <Subprocess at 47966863307624 with name privoxy-script in state RUNNING> (stderr)>
2016-07-13 11:36:23,249 DEBG fd 20 closed, stopped monitoring <POutputDispatcher at 47966863478864 for <Subprocess at 47966863307624 with name privoxy-script in state RUNNING> (stdout)>
2016-07-13 11:36:23,249 INFO exited: privoxy-script (exit status 0; expected)
2016-07-13 11:36:23,249 DEBG received SIGCLD indicating a child quit
2016-07-13 11:36:23,256 DEBG 'rtorrent-script' stdout output:
[info] rTorrent not running, marking as first run

2016-07-13 11:36:23,959 DEBG 'rtorrent-script' stdout output:
[info] All checks complete, starting rTorrent...

2016-07-13 11:36:23,959 DEBG 'rtorrent-script' stdout output:
Script started, file is /home/nobody/typescript

2016-07-13 11:36:23,976 DEBG 'rtorrent-script' stdout output:
Script done, file is /home/nobody/typescript

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[info] rtorrent started, setting up webui...

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[warn] PHP timezone not set, this may cause issues with the ruTorrent Scheduler plugin, see here for a list of available PHP timezones, http://php.net/manual/en/timezones.php
[info] nginx cert files already exists, skipping copy
[info] nginx security file already exists, skipping copy
[info] nginx config file already exists, skipping copy

2016-07-13 11:36:24,005 DEBG 'webui-script' stdout output:
[info] rutorrent conf folder already exists, skipping copy

2016-07-13 11:36:24,006 DEBG 'webui-script' stdout output:
[info] rutorrent share folder already exists, skipping copy

2016-07-13 11:36:24,007 DEBG 'webui-script' stdout output:
[info] rutorrent plugins folder already exists, skipping copy

2016-07-13 11:36:24,132 DEBG 'webui-script' stdout output:
[info] starting php-fpm...

2016-07-13 11:36:24,149 DEBG 'webui-script' stderr output:
[NOTICE] [pool www] 'user' directive is ignored when FPM is not running as root
[NOTICE] [pool www] 'group' directive is ignored when FPM is not running as root

2016-07-13 11:36:24,152 DEBG 'webui-script' stdout output:
[info] starting nginx...

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[info] rtorrent started, setting up webui...

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[warn] PHP timezone not set, this may cause issues with the ruTorrent Scheduler plugin, see here for a list of available PHP timezones, http://php.net/manual/en/timezones.php
[info] nginx cert files already exists, skipping copy
[info] nginx security file already exists, skipping copy
[info] nginx config file already exists, skipping copy

2016-07-13 11:36:24,005 DEBG 'webui-script' stdout output:
[info] rutorrent conf folder already exists, skipping copy

2016-07-13 11:36:24,006 DEBG 'webui-script' stdout output:
[info] rutorrent share folder already exists, skipping copy

2016-07-13 11:36:24,007 DEBG 'webui-script' stdout output:
[info] rutorrent plugins folder already exists, skipping copy

2016-07-13 11:36:24,132 DEBG 'webui-script' stdout output:
[info] starting php-fpm...

2016-07-13 11:36:24,149 DEBG 'webui-script' stderr output:
[NOTICE] [pool www] 'user' directive is ignored when FPM is not running as root
[NOTICE] [pool www] 'group' directive is ignored when FPM is not running as root

2016-07-13 11:36:24,152 DEBG 'webui-script' stdout output:
[info] starting nginx...

 

And the ovpn file.

root@Tower:/mnt/appdata/binhex-rtorrentvpn/openvpn# more Sweden.ovpn
client
dev tun
resolv-retry infinite
nobind
persist-key
cipher aes-256-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.4096.pem
ca ca.rsa.4096.crt

 

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

It's OK ;-)

 

see log

 

usermod: no changes
[info] Env var PUID defined as 99
[info] Env var PGID defined as 100
[info] Permissions already set for /config and /data
chsh: Shell not changed.
Changing shell for nobody.
[info] Starting Supervisor...
2016-07-13 11:36:18,003 CRIT Set uid to user 0
2016-07-13 11:36:18,003 INFO Included extra file "/etc/supervisor/conf.d/rtorrent.conf" during parsing
2016-07-13 11:36:18,007 INFO supervisord started with pid 25
2016-07-13 11:36:19,009 INFO spawned: 'start-script' with pid 28
2016-07-13 11:36:19,010 INFO spawned: 'rtorrent-script' with pid 29
2016-07-13 11:36:19,011 INFO spawned: 'webui-script' with pid 30
2016-07-13 11:36:19,012 INFO spawned: 'privoxy-script' with pid 31
2016-07-13 11:36:19,018 DEBG 'rtorrent-script' stdout output:
[info] rTorrent config file already exists, skipping copy

2016-07-13 11:36:19,018 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,018 INFO success: rtorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,018 INFO success: webui-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,018 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-13 11:36:19,019 DEBG 'rtorrent-script' stdout output:
[info] Removing any rtorrent session lock files left over from the previous run...

2016-07-13 11:36:19,019 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2016-07-13 11:36:19,020 DEBG 'rtorrent-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-13 11:36:19,021 DEBG 'privoxy-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-13 11:36:19,027 DEBG 'start-script' stdout output:
[info] VPN provider defined as pia
[info] VPN config file (ovpn extension) is located at /config/openvpn/Sweden.ovpn

2016-07-13 11:36:19,031 DEBG 'start-script' stdout output:
[info] Env vars defined via docker -e flags for remote host, port and protocol, writing values to ovpn file...

2016-07-13 11:36:19,039 DEBG 'start-script' stdout output:
[info] VPN provider remote gateway defined as sweden.privateinternetaccess.com
[info] VPN provider remote port defined as 1197
[info] VPN provider remote protocol defined as udp

2016-07-13 11:36:19,045 DEBG 'start-script' stdout output:
[info] VPN provider username defined as xyz

2016-07-13 11:36:19,050 DEBG 'start-script' stdout output:
[info] VPN provider password defined as qwerty

2016-07-13 11:36:19,069 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2016-07-13 11:36:19,074 DEBG 'start-script' stdout output:
[info] Setting permissions recursively on /config/openvpn...

2016-07-13 11:36:19,082 DEBG 'start-script' stdout output:
[info] Adding 192.168.0.0/24 as route via docker eth0

2016-07-13 11:36:19,082 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2016-07-13 11:36:19,083 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3
192.168.0.0/24 via 172.17.0.1 dev eth0

2016-07-13 11:36:19,083 DEBG 'start-script' stdout output:
--------------------

2016-07-13 11:36:19,086 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2016-07-13 11:36:19,118 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2016-07-13 11:36:19,119 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1197 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A INPUT -s 192.168.0.0/24 -i eth0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1197 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A OUTPUT -d 192.168.0.0/24 -o eth0 -p tcp -m tcp --sport 5000 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2016-07-13 11:36:19,119 DEBG 'start-script' stdout output:
--------------------

2016-07-13 11:36:19,119 DEBG 'start-script' stdout output:
[info] nameservers

2016-07-13 11:36:19,120 DEBG 'start-script' stdout output:
nameserver 8.8.8.8
nameserver 8.8.4.4

2016-07-13 11:36:19,120 DEBG 'start-script' stdout output:
--------------------
[info] Starting OpenVPN...

2016-07-13 11:36:19,123 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:19 2016 OpenVPN 2.3.11 x86_64-unknown-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [MH] [iPv6] built on May 12 2016
Wed Jul 13 11:36:19 2016 library versions: OpenSSL 1.0.2h 3 May 2016, LZO 2.09
Wed Jul 13 11:36:19 2016 WARNING: file 'credentials.conf' is group or others accessible


2016-07-13 11:36:19,128 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:19 2016 UDPv4 link local: [undef]
Wed Jul 13 11:36:19 2016 UDPv4 link remote: [AF_INET]91.108.183.186:1197

2016-07-13 11:36:19,135 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:19 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this


2016-07-13 11:36:20,657 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:20 2016 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1570', remote='link-mtu 1542'

Wed Jul 13 11:36:20 2016 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'

Wed Jul 13 11:36:20 2016 WARNING: 'auth' is used inconsistently, local='auth SHA256', remote='auth SHA1'

Wed Jul 13 11:36:20 2016 WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'


2016-07-13 11:36:20,658 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:20 2016 [de4ecb0426b08cbd4a50b7ea3c94393c] Peer Connection Initiated with [AF_INET]91.108.183.186:1197

2016-07-13 11:36:23,150 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:23 2016 TUN/TAP device tun0 opened
Wed Jul 13 11:36:23 2016 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Wed Jul 13 11:36:23 2016 /usr/bin/ip link set dev tun0 up mtu 1500

2016-07-13 11:36:23,150 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:23 2016 /usr/bin/ip addr add dev tun0 local 10.100.1.6 peer 10.100.1.5

2016-07-13 11:36:23,154 DEBG 'start-script' stdout output:
Wed Jul 13 11:36:23 2016 Initialization Sequence Completed

2016-07-13 11:36:23,249 DEBG 'privoxy-script' stdout output:
[info] Privoxy set to disabled

2016-07-13 11:36:23,249 DEBG fd 24 closed, stopped monitoring <POutputDispatcher at 47966863479296 for <Subprocess at 47966863307624 with name privoxy-script in state RUNNING> (stderr)>
2016-07-13 11:36:23,249 DEBG fd 20 closed, stopped monitoring <POutputDispatcher at 47966863478864 for <Subprocess at 47966863307624 with name privoxy-script in state RUNNING> (stdout)>
2016-07-13 11:36:23,249 INFO exited: privoxy-script (exit status 0; expected)
2016-07-13 11:36:23,249 DEBG received SIGCLD indicating a child quit
2016-07-13 11:36:23,256 DEBG 'rtorrent-script' stdout output:
[info] rTorrent not running, marking as first run

2016-07-13 11:36:23,959 DEBG 'rtorrent-script' stdout output:
[info] All checks complete, starting rTorrent...

2016-07-13 11:36:23,959 DEBG 'rtorrent-script' stdout output:
Script started, file is /home/nobody/typescript

2016-07-13 11:36:23,976 DEBG 'rtorrent-script' stdout output:
Script done, file is /home/nobody/typescript

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[info] rtorrent started, setting up webui...

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[warn] PHP timezone not set, this may cause issues with the ruTorrent Scheduler plugin, see here for a list of available PHP timezones, http://php.net/manual/en/timezones.php
[info] nginx cert files already exists, skipping copy
[info] nginx security file already exists, skipping copy
[info] nginx config file already exists, skipping copy

2016-07-13 11:36:24,005 DEBG 'webui-script' stdout output:
[info] rutorrent conf folder already exists, skipping copy

2016-07-13 11:36:24,006 DEBG 'webui-script' stdout output:
[info] rutorrent share folder already exists, skipping copy

2016-07-13 11:36:24,007 DEBG 'webui-script' stdout output:
[info] rutorrent plugins folder already exists, skipping copy

2016-07-13 11:36:24,132 DEBG 'webui-script' stdout output:
[info] starting php-fpm...

2016-07-13 11:36:24,149 DEBG 'webui-script' stderr output:
[NOTICE] [pool www] 'user' directive is ignored when FPM is not running as root
[NOTICE] [pool www] 'group' directive is ignored when FPM is not running as root

2016-07-13 11:36:24,152 DEBG 'webui-script' stdout output:
[info] starting nginx...

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[info] rtorrent started, setting up webui...

2016-07-13 11:36:24,004 DEBG 'webui-script' stdout output:
[warn] PHP timezone not set, this may cause issues with the ruTorrent Scheduler plugin, see here for a list of available PHP timezones, http://php.net/manual/en/timezones.php
[info] nginx cert files already exists, skipping copy
[info] nginx security file already exists, skipping copy
[info] nginx config file already exists, skipping copy

2016-07-13 11:36:24,005 DEBG 'webui-script' stdout output:
[info] rutorrent conf folder already exists, skipping copy

2016-07-13 11:36:24,006 DEBG 'webui-script' stdout output:
[info] rutorrent share folder already exists, skipping copy

2016-07-13 11:36:24,007 DEBG 'webui-script' stdout output:
[info] rutorrent plugins folder already exists, skipping copy

2016-07-13 11:36:24,132 DEBG 'webui-script' stdout output:
[info] starting php-fpm...

2016-07-13 11:36:24,149 DEBG 'webui-script' stderr output:
[NOTICE] [pool www] 'user' directive is ignored when FPM is not running as root
[NOTICE] [pool www] 'group' directive is ignored when FPM is not running as root

2016-07-13 11:36:24,152 DEBG 'webui-script' stdout output:
[info] starting nginx...

 

And the ovpn file.

root@Tower:/mnt/appdata/binhex-rtorrentvpn/openvpn# more Sweden.ovpn
client
dev tun
resolv-retry infinite
nobind
persist-key
cipher aes-256-cbc
auth sha256
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.rsa.4096.pem
ca ca.rsa.4096.crt

 

excellent :-), now the question is do i go through the grunt work of including an env var to allow the user to select standard or strong encryption, hands up if you want this (excluding peter who obviously does) hehe.

Link to comment
peter_sm Rising Star

peter_sm

Posted
Posted

Hi,

 

Is it possible for you to create a nzbget docker with vpn ;-)

 

//Peter

 

anything is possible peter, its all a matter of motivation, oh and time :-), is bungy not up for this?

 

He has one, but I don't know if he maintain it ;-)

 

//P

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

Hi,

 

Is it possible for you to create a nzbget docker with vpn ;-)

 

//Peter

 

anything is possible peter, its all a matter of motivation, oh and time :-), is bungy not up for this?

 

He has one, but I don't know if he maintain it ;-)

 

//P

 

give him a couple of days to respond, if he is AWOL or not interested then give me a nudge, for now it should carry on working on port 1194 but there will obviously come a point where PIA dont allow connections on that port.

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

canvasing for interest, who would like to see an option adding to allow users to decide whether they wanted to use the default encryption (currently selected) or the stronger encryption type, its a bit of work, wont bother if its not required.

Link to comment
LaserAllan Noob

LaserAllan

Posted
Posted

I am all up for that.

 

Btw I am still having this issue when connecting to the webui:

2016/07/13 18:08:24 [crit] 751#751: *351 open() "/var/lib/nginx/fastcgi/1/01/0000000011" failed (13: Permission denied) while reading upstream, client: 192.168.1.123, server: localhost, request: "GET /php/getplugins.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:7777", host: "192.168.1.215:9080", referrer: "http://192.168.1.215:9080/"

 

I will post the supervisord, if i go into the folder where the config is poined which in this case on the host system is /mnt/c root has these privileges there:

 

drwxrwxr-x 17 root root  21 Jul 13 17:08 a

drwxrwxr-x  7 root root 4096 Jul 10 16:12 c

 

Anyway, thanks for an awesome container.

Also, is there anyway to change the password for the webui?

 

http://pastebin.com/0fBJirhw

The supervisord.log

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

ok inclusion of strong certs and higher encryption ciphers is now done, if you want to enable this then please do the following:-

 

1. go to unraid webui, left click docker container icon and select edit

2. click on advanced view (top right) and add in environment variable named "STRONG_CERTS" and set the value to "yes"

3. change the "VPN_PORT" value to "1197"

4. click on save.

 

The action of clicking on "save" should force a pull down of the latest image as well as saving the config changes, if this doesnt happen then please click on "advanced view" in the main list view showing all your containers, then select the small grey "force update" link.

Link to comment
MyKroFt Collaborator

MyKroFt

Posted
Posted

I dont use PIA, and with all these changes AirPVN/OpenVPN no longer works

 

Tried to come back to rtorrent after deluge failed big time and now because the docker updated, my old AirVPN template no longer works

 

So now I am without any client at all

 

usermod: no changes
[info] Env var PUID defined as 99
[info] Env var PGID defined as 100
[info] Permissions already set for /config and /data
Changing shell for nobody.
[info] Starting Supervisor...
chsh: Shell not changed.
2016-07-14 18:15:56,401 CRIT Set uid to user 0
2016-07-14 18:15:56,401 INFO Included extra file "/etc/supervisor/conf.d/rtorrent.conf" during parsing
2016-07-14 18:15:56,403 INFO supervisord started with pid 20
2016-07-14 18:15:57,405 INFO spawned: 'start-script' with pid 23
2016-07-14 18:15:57,406 INFO spawned: 'rtorrent-script' with pid 24
2016-07-14 18:15:57,407 INFO spawned: 'webui-script' with pid 25
2016-07-14 18:15:57,408 INFO spawned: 'privoxy-script' with pid 26
2016-07-14 18:15:57,412 DEBG 'rtorrent-script' stdout output:
[info] rTorrent config file already exists, skipping copy

2016-07-14 18:15:57,412 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,412 INFO success: rtorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,412 INFO success: webui-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,412 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,413 DEBG 'rtorrent-script' stdout output:
[info] Removing any rtorrent session lock files left over from the previous run...

2016-07-14 18:15:57,415 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2016-07-14 18:15:57,415 DEBG 'rtorrent-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:15:57,415 DEBG 'privoxy-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:15:57,425 DEBG 'start-script' stdout output:
[info] VPN provider defined as airvpn
[info] VPN config file (ovpn extension) is located at /config/openvpn/AirVPN_Canada_UDP-443.ovpn

2016-07-14 18:15:57,426 DEBG 'start-script' stdout output:
[crit] VPN provider remote gateway not defined (via -e VPN_REMOTE), exiting...

2016-07-14 18:15:57,426 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 47573314997280 for <Subprocess at 47573314997784 with name start-script in state RUNNING> (stderr)>
2016-07-14 18:15:57,426 DEBG fd 6 closed, stopped monitoring <POutputDispatcher at 47573314997136 for <Subprocess at 47573314997784 with name start-script in state RUNNING> (stdout)>
2016-07-14 18:15:57,426 INFO exited: start-script (exit status 1; not expected)
2016-07-14 18:15:57,426 DEBG received SIGCLD indicating a child quit

 

Not fun :(

Myk

 

Link to comment
binhex Mentor

binhex

Posted
  • Author
Posted

I dont use PIA, and with all these changes AirPVN/OpenVPN no longer works

 

Tried to come back to rtorrent after deluge failed big time and now because the docker updated, my old AirVPN template no longer works

 

So now I am without any client at all

 

usermod: no changes
[info] Env var PUID defined as 99
[info] Env var PGID defined as 100
[info] Permissions already set for /config and /data
Changing shell for nobody.
[info] Starting Supervisor...
chsh: Shell not changed.
2016-07-14 18:15:56,401 CRIT Set uid to user 0
2016-07-14 18:15:56,401 INFO Included extra file "/etc/supervisor/conf.d/rtorrent.conf" during parsing
2016-07-14 18:15:56,403 INFO supervisord started with pid 20
2016-07-14 18:15:57,405 INFO spawned: 'start-script' with pid 23
2016-07-14 18:15:57,406 INFO spawned: 'rtorrent-script' with pid 24
2016-07-14 18:15:57,407 INFO spawned: 'webui-script' with pid 25
2016-07-14 18:15:57,408 INFO spawned: 'privoxy-script' with pid 26
2016-07-14 18:15:57,412 DEBG 'rtorrent-script' stdout output:
[info] rTorrent config file already exists, skipping copy

2016-07-14 18:15:57,412 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,412 INFO success: rtorrent-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,412 INFO success: webui-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,412 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-07-14 18:15:57,413 DEBG 'rtorrent-script' stdout output:
[info] Removing any rtorrent session lock files left over from the previous run...

2016-07-14 18:15:57,415 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2016-07-14 18:15:57,415 DEBG 'rtorrent-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:15:57,415 DEBG 'privoxy-script' stdout output:
[info] VPN is enabled, checking VPN tunnel local ip is valid

2016-07-14 18:15:57,425 DEBG 'start-script' stdout output:
[info] VPN provider defined as airvpn
[info] VPN config file (ovpn extension) is located at /config/openvpn/AirVPN_Canada_UDP-443.ovpn

2016-07-14 18:15:57,426 DEBG 'start-script' stdout output:
[crit] VPN provider remote gateway not defined (via -e VPN_REMOTE), exiting...

2016-07-14 18:15:57,426 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 47573314997280 for <Subprocess at 47573314997784 with name start-script in state RUNNING> (stderr)>
2016-07-14 18:15:57,426 DEBG fd 6 closed, stopped monitoring <POutputDispatcher at 47573314997136 for <Subprocess at 47573314997784 with name start-script in state RUNNING> (stdout)>
2016-07-14 18:15:57,426 INFO exited: start-script (exit status 1; not expected)
2016-07-14 18:15:57,426 DEBG received SIGCLD indicating a child quit

 

Not fun :(

Myk

 

ok if you havent dont then please read my reply to your issue in the delugevpn thread, once you have read that you should also be able to fix this issue, in a nutshell this is the problem with this one:-

 

[crit] VPN provider remote gateway not defined (via -e VPN_REMOTE), exiting...

 

so for some reason it looks like the VPN_REMOTE (and possibly VPN_PORT and VPN_PROTOCOL) are missing from the unraid template definition for you, these are env variables and need to be defined, please define them the same as you have now done for delugevpn and you should be good to go,

Link to comment
  • binhex locked this topic
Guest
This topic is now closed to further replies.
Go to topic listing