[Support] binhex - rTorrentVPN


Recommended Posts

Please be nice but I can't seem to get RSS feeds working. I have never used feeds before. My private tracker site has a step by step how to generate a URL then paste in to feeds. When I hit submit I get an error. Does this docker support RSS? Do I have to activate something I'm settings before using it? I have not touched anything in settings it is all default.

Thank you

 

Sent from my Nexus 5X using Tapatalk

 

Link to comment

Hello,

 

I am trying to install this docker but it becomes an orphaned image.

I ensures the volume mappings exist in my cache, i tried host and bridged mode and it continues to show orphaned.

 

I have Binhex sickbeard and sab installed and works perfectly.

Any advise?

Link to comment

I can't seem to figure out what ports to forward, I'm using the default setup, anyone mind helping?

 

the only optional port to forward is for the web interface, and thats only if you want to get access to rutorrent whilst out and about. all other ports are talking over the vpn tunnel, so you dont need to worry about opening up an incoming/outgoing port on your router for torrent traffic.

Link to comment

I can't seem to figure out what ports to forward, I'm using the default setup, anyone mind helping?

 

the only optional port to forward is for the web interface, and thats only if you want to get access to rutorrent whilst out and about. all other ports are talking over the vpn tunnel, so you dont need to worry about opening up an incoming/outgoing port on your router for torrent traffic.

 

None of my private trackers are reporting I'm seeding/leeching.  I set the report ip to my actual IP (seeing how they don't allow VPN website access).  Is there something I'm doing wrong?

Link to comment
None of my private trackers are reporting I'm seeding/leeching.  I set the report ip to my actual IP (seeing how they don't allow VPN website access).  Is there something I'm doing wrong?

Not sure what you mean by not allowing VPN website access. Port forwarding is handled automatically if you are using PIA, and then only if you are using one of the gateways that has it enabled. If you are using another VPN provider, you will need to refer to their support to figure out if they even support incoming ports, many VPN providers don't.
Link to comment

Sonarr adds everything as "pausing" for some reason.  I have looked extensively and it appears as though it is permissions or a path not being seen.  I have confirmed the path variables I am passing through the containers and set the directories as permissive as possible (0777) and it shows as paused in both.  Honestly, thinking of skipping sonarr as it has been nothing but finicky within a container although in fairness, I am certain it is me, not sonarr.  I use a private tracker for 95% of everything I get and would just like the shows to come down automatically, but is seems incredibly difficult to get these pieces working where it downloads and then moves into final destination under the show directories....

 

These containers are fantastic though, the VPN insertion makes life so easy to get them spun up.  Just cannot seem to get the shows coming down without showing up as paused when called from Sonarr.  If I do a torrent on it's own, it completes and seeds fine.  Thanks for any insight.

Link to comment

None of my private trackers are reporting I'm seeding/leeching.  I set the report ip to my actual IP (seeing how they don't allow VPN website access).  Is there something I'm doing wrong?

Not sure what you mean by not allowing VPN website access. Port forwarding is handled automatically if you are using PIA, and then only if you are using one of the gateways that has it enabled. If you are using another VPN provider, you will need to refer to their support to figure out if they even support incoming ports, many VPN providers don't.

 

Meaning when I'm on the trackers site, I'm not connected via VPN, therefore the docker reports whatever VPN I'm connected to (example 10.10.1.10) where my actual IP is 104.104.12.192.  The tracker I'm using doesn't show me any stats (no ratio, dl, upld etc).

Link to comment

I've been trying to get this to work with reverse proxy on my nginx installation, but no luck so far.

 

It's set up like this:

 

location /rutorrent {
    include /config/nginx/include/proxy-control.conf;
    proxy_pass http://192.168.0.5:9080;
    proxy_redirect default;
}

 

proxy-control.conf contains:

client_max_body_size 10m;
client_body_buffer_size 128k;

#Timeout if the real server is dead
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;

# Advanced Proxy Config
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;

# Basic Proxy Config
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect  http://  $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 32 4k;

 

When i visit mydomain.tld/rutorrent i get the nginx auth prompt but then it just throws a 404.

 

Any ideas on what i'm doing wrong?

I have reverse proxy working fine with CP, Sonarr, Plexpy, Trasmission and unRaid itself.

 

Edit: i can see in the docket log that it outputs the following error:

2016/10/11 01:11:23 [error] 687#687: *1 "/usr/share/webapps/rutorrent/rutorrent/index.html" is not found (2: No such file or directory)

 

with the second rutorrent being my reverse proxy location (mydomain.tld/rutorrent) which is obviously breaking functionality since it's looking for ruTorrent in the wrong pace. How is this solved?

Link to comment

Hello every time i try to install this it becomes an orphaned image.

 

I've deleted the settings folders, tried moving them to a different locaiton but still i get the same problem.

 

Can anyone help please?

This is what we need to see: http://lime-technology.com/forum/index.php?topic=40937.msg481150#msg481150

 

Thanks squid, actually one of your earlier posts suggested to update the UI for unraid and it fixed it.

 

FYI though, the Rutorrent WebGUI config doesn't make any updates to rtorrent.rc.

 

I have to manually go in and make the changes via terminal.

So things like changing ports and limiting speed connections on the WebGUI don't work.

Link to comment

Hey @binhex. Thanks again for this docker, its awesome.

 

I'm wondering if you have any suggestions with my issue. Are you aware of a way to have rtorrent download torrents labeled "movies" (from couch) to one folder and labeled "tv" from sonarr to a different folder? I believe this setup would prevent couch from incorrectly trying to process tv shows added by sonarr.

 

Any suggestions/input would help

 

Thanks!

Link to comment
  • 2 weeks later...

Does this docker support RSS FEEDS out of the box or do I need to do some additional set up? Also I there a guide out there for this dock that shows how to set things up that someone can point me towards.

 

Thank you

 

Sent from my Nexus 5X using Tapatalk

 

 

Link to comment

Does this docker support RSS FEEDS out of the box or do I need to do some additional set up? Also I there a guide out there for this dock that shows how to set things up that someone can point me towards.

 

Thank you

 

Sent from my Nexus 5X using Tapatalk

Yes it does support RSS feeds, as far as guides are concerned you just need to configure the env vars by switching to advanced mode, once this is fine then you can configure the application as you see fit. If this is your first docker then you might consider something simpler to get you used to volume mappings and port mappings first.

 

Sent from my LG-V500 using Tapatalk

 

 

Link to comment

Does this docker support RSS FEEDS out of the box or do I need to do some additional set up? Also I there a guide out there for this dock that shows how to set things up that someone can point me towards.

 

Thank you

 

Sent from my Nexus 5X using Tapatalk

Yes it does support RSS feeds, as far as guides are concerned you just need to configure the env vars by switching to advanced mode, once this is fine then you can configure the application as you see fit. If this is your first docker then you might consider something simpler to get you used to volume mappings and port mappings first.

 

Sent from my LG-V500 using Tapatalk

Thank you for the response. I have been using this docker for 6 months now adding files manually. I am new to unRAID and dockers as a whole.

So your telling me that I have to turn on this function? What is "Env Vars"?

 

Sent from my Nexus 5X using Tapatalk

 

Link to comment

Hello,

 

i've been running this for a couple of weeks now and seems to work fine.

 

In the log file I see the below output every hour.

I did some research and apparently the keys are being renegotiated and it should not cause any interruption in the connection. I just want to confirm that this is in fact what is going on here.

 

Thanks

 

2016-10-24 11:02:05,170 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:05 2016 TLS: tls_process: killed expiring key

2016-10-24 11:02:11,163 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-10-24 11:02:11,313 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected]

2016-10-24 11:02:11,314 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate key usage

2016-10-24 11:02:11,315 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has key usage 00a0, expects 00a0

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY KU OK

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate extended key usage

2016-10-24 11:02:11,317 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2016-10-24 11:02:11,318 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY EKU OK

2016-10-24 11:02:11,319 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, [email protected]

2016-10-24 11:02:15,204 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-10-24 11:02:15,216 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

Link to comment

Hello,

 

i've been running this for a couple of weeks now and seems to work fine.

 

In the log file I see the below output every hour.

I did some research and apparently the keys are being renegotiated and it should not cause any interruption in the connection. I just want to confirm that this is in fact what is going on here.

 

Thanks

 

2016-10-24 11:02:05,170 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:05 2016 TLS: tls_process: killed expiring key

2016-10-24 11:02:11,163 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-10-24 11:02:11,313 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected]

2016-10-24 11:02:11,314 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate key usage

2016-10-24 11:02:11,315 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has key usage 00a0, expects 00a0

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY KU OK

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate extended key usage

2016-10-24 11:02:11,317 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2016-10-24 11:02:11,318 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY EKU OK

2016-10-24 11:02:11,319 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, [email protected]

2016-10-24 11:02:15,204 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-10-24 11:02:15,216 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

 

can you post the contents of your ovpn file, im assuming it has "reneg" defined in there but i would like to take a look.

Link to comment

Hello,

 

i've been running this for a couple of weeks now and seems to work fine.

 

In the log file I see the below output every hour.

I did some research and apparently the keys are being renegotiated and it should not cause any interruption in the connection. I just want to confirm that this is in fact what is going on here.

 

Thanks

 

2016-10-24 11:02:05,170 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:05 2016 TLS: tls_process: killed expiring key

2016-10-24 11:02:11,163 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-10-24 11:02:11,313 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected]

2016-10-24 11:02:11,314 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate key usage

2016-10-24 11:02:11,315 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has key usage 00a0, expects 00a0

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY KU OK

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate extended key usage

2016-10-24 11:02:11,317 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2016-10-24 11:02:11,318 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY EKU OK

2016-10-24 11:02:11,319 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, [email protected]

2016-10-24 11:02:15,204 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-10-24 11:02:15,216 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

 

can you post the contents of your ovpn file, im assuming it has "reneg" defined in there but i would like to take a look.

 

It does not, here it is;

 

client
dev tun
resolv-retry infinite
nobind
persist-key
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
<ca>
-----BEGIN CERTIFICATE-----

 

Also the container config is;

 

<Variable>
      <Name>VPN_ENABLED</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>VPN_USER</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PASS</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PORT</Name>
      <Value>443</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROTOCOL</Name>
      <Value>udp</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROV</Name>
      <Value>custom</Value>
    </Variable>
    <Variable>
      <Name>STRONG_CERTS</Name>
      <Value>no</Value>
    </Variable>
    <Variable>
      <Name>ENABLE_PRIVOXY</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>LAN_NETWORK</Name>
      <Value>192.168.1.0/24</Value>
    </Variable>
    <Variable>
      <Name>DEBUG</Name>
      <Value>false</Value>
    </Variable>
    <Variable>
      <Name>PHP_TZ</Name>
      <Value>UTC</Value>
    </Variable>
    <Variable>
      <Name>PUID</Name>
      <Value>99</Value>
    </Variable>
    <Variable>
      <Name>PGID</Name>
      <Value>100</Value>
    </Variable>
    <Variable>
      <Name>VPN_REMOTE</Name>
      <Value>fr.vpn.airdns.org</Value>
    </Variable>

Link to comment

Hello,

 

i've been running this for a couple of weeks now and seems to work fine.

 

In the log file I see the below output every hour.

I did some research and apparently the keys are being renegotiated and it should not cause any interruption in the connection. I just want to confirm that this is in fact what is going on here.

 

Thanks

 

2016-10-24 11:02:05,170 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:05 2016 TLS: tls_process: killed expiring key

2016-10-24 11:02:11,163 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-10-24 11:02:11,313 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected]

2016-10-24 11:02:11,314 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate key usage

2016-10-24 11:02:11,315 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has key usage 00a0, expects 00a0

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY KU OK

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate extended key usage

2016-10-24 11:02:11,317 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2016-10-24 11:02:11,318 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY EKU OK

2016-10-24 11:02:11,319 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, [email protected]

2016-10-24 11:02:15,204 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-10-24 11:02:15,216 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

 

can you post the contents of your ovpn file, im assuming it has "reneg" defined in there but i would like to take a look.

 

It does not, here it is;

 

client
dev tun
resolv-retry infinite
nobind
persist-key
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
<ca>
-----BEGIN CERTIFICATE-----

 

Also the container config is;

 

<Variable>
      <Name>VPN_ENABLED</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>VPN_USER</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PASS</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PORT</Name>
      <Value>443</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROTOCOL</Name>
      <Value>udp</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROV</Name>
      <Value>custom</Value>
    </Variable>
    <Variable>
      <Name>STRONG_CERTS</Name>
      <Value>no</Value>
    </Variable>
    <Variable>
      <Name>ENABLE_PRIVOXY</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>LAN_NETWORK</Name>
      <Value>192.168.1.0/24</Value>
    </Variable>
    <Variable>
      <Name>DEBUG</Name>
      <Value>false</Value>
    </Variable>
    <Variable>
      <Name>PHP_TZ</Name>
      <Value>UTC</Value>
    </Variable>
    <Variable>
      <Name>PUID</Name>
      <Value>99</Value>
    </Variable>
    <Variable>
      <Name>PGID</Name>
      <Value>100</Value>
    </Variable>
    <Variable>
      <Name>VPN_REMOTE</Name>
      <Value>fr.vpn.airdns.org</Value>
    </Variable>

OK it must be forced from the server end then, regen-sec 0 is already set by me so if it's still doing it then there is nothing you can do to prevent it.

 

Sent from my SM-G900F using Tapatalk

 

 

Link to comment

Hello,

 

i've been running this for a couple of weeks now and seems to work fine.

 

In the log file I see the below output every hour.

I did some research and apparently the keys are being renegotiated and it should not cause any interruption in the connection. I just want to confirm that this is in fact what is going on here.

 

Thanks

 

2016-10-24 11:02:05,170 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:05 2016 TLS: tls_process: killed expiring key

2016-10-24 11:02:11,163 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-10-24 11:02:11,313 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected]

2016-10-24 11:02:11,314 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate key usage

2016-10-24 11:02:11,315 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has key usage 00a0, expects 00a0

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY KU OK

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate extended key usage

2016-10-24 11:02:11,317 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2016-10-24 11:02:11,318 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY EKU OK

2016-10-24 11:02:11,319 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, [email protected]

2016-10-24 11:02:15,204 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-10-24 11:02:15,216 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

 

can you post the contents of your ovpn file, im assuming it has "reneg" defined in there but i would like to take a look.

 

It does not, here it is;

 

client
dev tun
resolv-retry infinite
nobind
persist-key
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
<ca>
-----BEGIN CERTIFICATE-----

 

Also the container config is;

 

<Variable>
      <Name>VPN_ENABLED</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>VPN_USER</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PASS</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PORT</Name>
      <Value>443</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROTOCOL</Name>
      <Value>udp</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROV</Name>
      <Value>custom</Value>
    </Variable>
    <Variable>
      <Name>STRONG_CERTS</Name>
      <Value>no</Value>
    </Variable>
    <Variable>
      <Name>ENABLE_PRIVOXY</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>LAN_NETWORK</Name>
      <Value>192.168.1.0/24</Value>
    </Variable>
    <Variable>
      <Name>DEBUG</Name>
      <Value>false</Value>
    </Variable>
    <Variable>
      <Name>PHP_TZ</Name>
      <Value>UTC</Value>
    </Variable>
    <Variable>
      <Name>PUID</Name>
      <Value>99</Value>
    </Variable>
    <Variable>
      <Name>PGID</Name>
      <Value>100</Value>
    </Variable>
    <Variable>
      <Name>VPN_REMOTE</Name>
      <Value>fr.vpn.airdns.org</Value>
    </Variable>

OK it must be forced from the server end then, regen-sec 0 is already set by me so if it's still doing it then there is nothing you can do to prevent it.

 

Sent from my SM-G900F using Tapatalk

 

Thanks,

 

is it an issue though? I don't mind it renegotiating it hourly, as long as i remain connected during this process

Link to comment

Hello,

 

i've been running this for a couple of weeks now and seems to work fine.

 

In the log file I see the below output every hour.

I did some research and apparently the keys are being renegotiated and it should not cause any interruption in the connection. I just want to confirm that this is in fact what is going on here.

 

Thanks

 

2016-10-24 11:02:05,170 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:05 2016 TLS: tls_process: killed expiring key

2016-10-24 11:02:11,163 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-10-24 11:02:11,313 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, [email protected]

2016-10-24 11:02:11,314 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate key usage

2016-10-24 11:02:11,315 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has key usage 00a0, expects 00a0

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY KU OK

2016-10-24 11:02:11,316 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 Validating certificate extended key usage

2016-10-24 11:02:11,317 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

2016-10-24 11:02:11,318 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY EKU OK

2016-10-24 11:02:11,319 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:11 2016 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, [email protected]

2016-10-24 11:02:15,204 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mon Oct 24 11:02:15 2016 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

2016-10-24 11:02:15,216 DEBG 'start-script' stdout output:
Mon Oct 24 11:02:15 2016 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

 

can you post the contents of your ovpn file, im assuming it has "reneg" defined in there but i would like to take a look.

 

It does not, here it is;

 

client
dev tun
resolv-retry infinite
nobind
persist-key
remote-cert-tls server
cipher AES-256-CBC
comp-lzo no
route-delay 5
verb 3
explicit-exit-notify 5
<ca>
-----BEGIN CERTIFICATE-----

 

Also the container config is;

 

<Variable>
      <Name>VPN_ENABLED</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>VPN_USER</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PASS</Name>
      <Value>#######</Value>
    </Variable>
    <Variable>
      <Name>VPN_PORT</Name>
      <Value>443</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROTOCOL</Name>
      <Value>udp</Value>
    </Variable>
    <Variable>
      <Name>VPN_PROV</Name>
      <Value>custom</Value>
    </Variable>
    <Variable>
      <Name>STRONG_CERTS</Name>
      <Value>no</Value>
    </Variable>
    <Variable>
      <Name>ENABLE_PRIVOXY</Name>
      <Value>yes</Value>
    </Variable>
    <Variable>
      <Name>LAN_NETWORK</Name>
      <Value>192.168.1.0/24</Value>
    </Variable>
    <Variable>
      <Name>DEBUG</Name>
      <Value>false</Value>
    </Variable>
    <Variable>
      <Name>PHP_TZ</Name>
      <Value>UTC</Value>
    </Variable>
    <Variable>
      <Name>PUID</Name>
      <Value>99</Value>
    </Variable>
    <Variable>
      <Name>PGID</Name>
      <Value>100</Value>
    </Variable>
    <Variable>
      <Name>VPN_REMOTE</Name>
      <Value>fr.vpn.airdns.org</Value>
    </Variable>

OK it must be forced from the server end then, regen-sec 0 is already set by me so if it's still doing it then there is nothing you can do to prevent it.

 

Sent from my SM-G900F using Tapatalk

 

Thanks,

 

is it an issue though? I don't mind it renegotiating it hourly, as long as i remain connected during this process

According to the openvpn docs it shouldn't, but I have seen people reporting that it can cause a drop in the connection, thus why I attempt to disable this feature. I would say keep an eye on it and if it does cause an issue then it's time to start logging the issue with your VPN provider.

 

Sent from my SM-G900F using Tapatalk

 

 

Link to comment
  • binhex locked this topic
Guest
This topic is now closed to further replies.