[Support] binhex - rTorrentVPN


Recommended Posts

10 hours ago, LiQiuD said:

It looks like PIA is requiring their new next gen servers to work with the API to allow port forwarding. 

 

I've done a bunch of testing, it looks like the API is not responding on the non-nextgen VPN servers currently, and it also looks like API is not setup on the next gen servers at all.

 

Anyone come up with a work around for this?  Everything I've tried has failed.

 

32 minutes ago, kirk8999 said:

Ditto - I can't get this container to work with PIA at all any more. Is anyone else having more luck? I'm a little confused on the old API/new API, net gen server etc - I just know it's not working. Will there be an update so that the container works with PIA? If not anyone know of alternatives?

 

thanks!

I got port forwarding working with the Spainish server (one of the old ones), before that I could make it to work with servers in Switzerland but it no longer works for me.

Unfortunately, until PIA stabilises old servers or provide APIs to port forward on next-gen servers there's no much that can be done other than server hopping and praying. :(

Edited by Cat_Seeder
Link to comment
1 hour ago, tooviral said:

It may take some time for it to show open, took a day or two for me.

Can you provide more information about how you configured the container/router, because I set this up 4-5 days ago and it is still failing for me.

 

Here were my steps:

 

1. Set up the port forward on Mullvad. 
2. set up a port forwarding rule on my router from anywhere to my private IP and port I’ve set up on Mullvad.  It is set for both TCP/UDP.

3. Created two port entries in the container, one for UDP and one for TCP and specified the port on Mullvad and my router’s port forward rule. 
4. Edited the .torrent.rc file and specified the port like this: network.port_range.set = xxxx-xxxx where xxxx is the port number.

5. When starting the container and going to Settings > Connection > Port used for income connection shows my port. Yet the status still shows the exclamation mark with the port being closed. 

Link to comment

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).

 

What this means is that the image will now loop through the entire list, for example, pia port forward enabled endpoints, all you need to do is edit your ovpn config file and add the remote endpoints at the top and sort into the order you want them to be tried, an example pia ovpn file is below (mine):-

remote ca-toronto.privateinternetaccess.com 1198 udp
remote ca-montreal.privateinternetaccess.com 1198 udp
remote ca-vancouver.privateinternetaccess.com 1198 udp
remote de-berlin.privateinternetaccess.com 1198 udp
remote de-frankfurt.privateinternetaccess.com 1198 udp
remote france.privateinternetaccess.com 1198 udp
remote czech.privateinternetaccess.com 1198 udp
remote spain.privateinternetaccess.com 1198 udp
remote ro.privateinternetaccess.com 1198 udp
client
dev tun
resolv-retry infinite
nobind
persist-key
# -----faster GCM-----
cipher aes-128-gcm
auth sha256
ncp-disable
# -----faster GCM-----
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

 

I did look at multi ovpn file support, but this is easier to do and as openvpn supports multi remote lines, it felt like the most logical approach.

 

note:- Due to ns lookup for all remote lines, and potential failure and subsequent try of the next remote line, time to initialisation of the app may take longer.

 

p.s. I dont want to talk about how difficult this was to shoe horn in, i need to lie down in a dark room now and not think about bash for a while :-), any issues let me know!.

  • Like 1
  • Thanks 7
  • Haha 1
Link to comment

Has something changed recently as my VPN connection seems to be failing suddenly?

The connection to my VPN provider is timing out for some reason, I haven't changed credentials or anything recently, except now that I started troubleshooting this by pulling down new config files and certs from the provider.

 

There doesn't seem to be anything wrong with the IP that the openvpn client is trying to connect to, I tried pinging it from inside the container and there is a response. I also tried using the same .ovpn file from my deluge setup (binhex/arch-delugevpn) which works just fine, but the rtorrent container fails to connect with the same configuration.

 

I am running watchtower on my server where rtorrent is running, so it would have pulled the latest image automatically, is it possible that a something broke with a recently pushed image?

 

NOTE: I reverted to image v3.10-01 and the VPN connects successfully, there is indeed something wrong with the 'latest' tag.

 

In the beginning the connection acually results in a TCP connection error:

2020-09-18 22:36:44,887 DEBG 'start-script' stdout output:
Fri Sep 18 22:36:44 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]
Fri Sep 18 22:36:44 2020 Attempting to establish TCP connection with [AF_INET]<IP>:443 [nonblock]

2020-09-18 22:37:16,891 DEBG 'start-script' stdout output:
Fri Sep 18 22:37:16 2020 TCP: connect to [AF_INET]<IP>:443 failed: Connection timed out

Then the process just loops with this over and over:

2020-09-18 22:38:18,195 DEBG 'start-script' stdout output:
Fri Sep 18 22:38:18 2020 [UNDEF] Inactivity timeout (--ping-restart), restarting
Fri Sep 18 22:38:18 2020 SIGHUP[soft,ping-restart] received, process restarting
Fri Sep 18 22:38:18 2020 WARNING: file 'ovpn-tls.key' is group or others accessible
Fri Sep 18 22:38:18 2020 WARNING: file 'credentials.conf' is group or others accessible
Fri Sep 18 22:38:18 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Fri Sep 18 22:38:18 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Fri Sep 18 22:38:18 2020 Restart pause, 2 second(s)

2020-09-18 22:38:20,195 DEBG 'start-script' stdout output:
Fri Sep 18 22:38:20 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

2020-09-18 22:38:20,196 DEBG 'start-script' stdout output:
Fri Sep 18 22:38:20 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Fri Sep 18 22:38:20 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication

2020-09-18 22:38:20,196 DEBG 'start-script' stdout output:
Fri Sep 18 22:38:20 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]<IP>:443
Fri Sep 18 22:38:20 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]
Fri Sep 18 22:38:20 2020 UDP link local: (not bound)
Fri Sep 18 22:38:20 2020 UDP link remote: [AF_INET]<IP>:443

 

Link to comment
On 9/16/2020 at 8:33 PM, cardo said:

Can you provide more information about how you configured the container/router, because I set this up 4-5 days ago and it is still failing for me.

 

Here were my steps:

 

1. Set up the port forward on Mullvad. 
2. set up a port forwarding rule on my router from anywhere to my private IP and port I’ve set up on Mullvad.  It is set for both TCP/UDP.

3. Created two port entries in the container, one for UDP and one for TCP and specified the port on Mullvad and my router’s port forward rule. 
4. Edited the .torrent.rc file and specified the port like this: network.port_range.set = xxxx-xxxx where xxxx is the port number.

5. When starting the container and going to Settings > Connection > Port used for income connection shows my port. Yet the status still shows the exclamation mark with the port being closed. 

All I did was

 

1. Set up the port forward on Mullvad. 

2. Edited the .torrent.rc file and specified the port like this: network.port_range.set = xxxx-xxxx where xxxx is the port number and set "network.port_random.set = no"

 

and worked

Link to comment
1 hour ago, tooviral said:

All I did was

 

1. Set up the port forward on Mullvad. 

2. Edited the .torrent.rc file and specified the port like this: network.port_range.set = xxxx-xxxx where xxxx is the port number and set "network.port_random.set = no"

 

and worked

So, the port status shows open in the status bar?

Link to comment
11 hours ago, binhex said:

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).

 

What this means is that the image will now loop through the entire list, for example, pia port forward enabled endpoints, all you need to do is edit your ovpn config file and add the remote endpoints at the top and sort into the order you want them to be tried, an example pia ovpn file is below (mine):-


# -----faster GCM-----
auth sha256

 

was that built off the default pia files? looking at mine, the gcm and auth are different (quickly compared so probably more differences).

Link to comment
11 hours ago, binhex said:

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).

 

What this means is that the image will now loop through the entire list, for example, pia port forward enabled endpoints, all you need to do is edit your ovpn config file and add the remote endpoints at the top and sort into the order you want them to be tried, an example pia ovpn file is below (mine):-


remote ca-toronto.privateinternetaccess.com 1198 udp
remote ca-montreal.privateinternetaccess.com 1198 udp
remote ca-vancouver.privateinternetaccess.com 1198 udp
remote de-berlin.privateinternetaccess.com 1198 udp
remote de-frankfurt.privateinternetaccess.com 1198 udp
remote france.privateinternetaccess.com 1198 udp
remote czech.privateinternetaccess.com 1198 udp
remote spain.privateinternetaccess.com 1198 udp
remote ro.privateinternetaccess.com 1198 udp
client
dev tun
resolv-retry infinite
nobind
persist-key
# -----faster GCM-----
cipher aes-128-gcm
auth sha256
ncp-disable
# -----faster GCM-----
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

 

I did look at multi ovpn file support, but this is easier to do and as openvpn supports multi remote lines, it felt like the most logical approach.

 

note:- Due to ns lookup for all remote lines, and potential failure and subsequent try of the next remote line, time to initialisation of the app may take longer.

 

p.s. I dont want to talk about how difficult this was to shoe horn in, i need to lie down in a dark room now and not think about bash for a while :-), any issues let me know!.

Haha i'm looking at the code https://github.com/binhex/arch-rtorrentvpn/commit/4aeb0bb40542d8450bfb21dcc1c16978c6640ff0

I see what you mean, this would have been much easier with a real programming language. Python would have worked perfectly for this. Anyway, thanks for your help. I managed to get it working a week ago and it hasn't disconnected since so I plan on updating when it goes down, thank!

  • Thanks 1
Link to comment
Has something changed recently as my VPN connection seems to be failing suddenly?

The connection to my VPN provider is timing out for some reason, I haven't changed credentials or anything recently, except now that I started troubleshooting this by pulling down new config files and certs from the provider.

 

There doesn't seem to be anything wrong with the IP that the openvpn client is trying to connect to, I tried pinging it from inside the container and there is a response. I also tried using the same .ovpn file from my deluge setup (binhex/arch-delugevpn) which works just fine, but the rtorrent container fails to connect with the same configuration.

 

I am running watchtower on my server where rtorrent is running, so it would have pulled the latest image automatically, is it possible that a something broke with a recently pushed image?

 

NOTE: I reverted to image v3.10-01 and the VPN connects successfully, there is indeed something wrong with the 'latest' tag.

 

In the beginning the connection acually results in a TCP connection error:

2020-09-18 22:36:44,887 DEBG 'start-script' stdout output:Fri Sep 18 22:36:44 2020 Socket Buffers: R=[131072->131072] S=[16384->16384]Fri Sep 18 22:36:44 2020 Attempting to establish TCP connection with [AF_INET]:443 [nonblock]2020-09-18 22:37:16,891 DEBG 'start-script' stdout output:Fri Sep 18 22:37:16 2020 TCP: connect to [AF_INET]:443 failed: Connection timed out

Then the process just loops with this over and over:

 

2020-09-18 22:38:18,195 DEBG 'start-script' stdout output:Fri Sep 18 22:38:18 2020 [uNDEF] Inactivity timeout (--ping-restart), restartingFri Sep 18 22:38:18 2020 SIGHUP[soft,ping-restart] received, process restartingFri Sep 18 22:38:18 2020 WARNING: file 'ovpn-tls.key' is group or others accessibleFri Sep 18 22:38:18 2020 WARNING: file 'credentials.conf' is group or others accessibleFri Sep 18 22:38:18 2020 OpenVPN 2.4.9 [git:makepkg/9b0dafca6c50b8bb+] x86_64-pc-linux-gnu [sSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 20 2020Fri Sep 18 22:38:18 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10Fri Sep 18 22:38:18 2020 Restart pause, 2 second(s)2020-09-18 22:38:20,195 DEBG 'start-script' stdout output:Fri Sep 18 22:38:20 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts2020-09-18 22:38:20,196 DEBG 'start-script' stdout output:Fri Sep 18 22:38:20 2020 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authenticationFri Sep 18 22:38:20 2020 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication2020-09-18 22:38:20,196 DEBG 'start-script' stdout output:Fri Sep 18 22:38:20 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]:443Fri Sep 18 22:38:20 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]Fri Sep 18 22:38:20 2020 UDP link local: (not bound)Fri Sep 18 22:38:20 2020 UDP link remote: [AF_INET]:443

 

 

Is the 'remote' line in your ovpn file an IP address or a hostname? I'm assuming it's a single remote line right?

 

Sent from my CLT-L09 using Tapatalk

 

 

 

Link to comment

@7thSon ive had time to do a more thorough check, trying remote lines in my ovpn file with single ip, single hostname and multi remote hostnames specified and all work as expected, please can you post your ovpn file and also do the following:-

https://github.com/binhex/documentation/blob/master/docker/faq/help.md

 

i know privacy is a big concern but please leave in resolved ip's in the log if possible, just remove any credentials/keys shown in the log.

Link to comment
On 9/18/2020 at 7:02 AM, binhex said:

OK guys, multi remote endpoint support is now in for this image please pull down the new image (this change will be rolled out to all my vpn images shortly).

 

What this means is that the image will now loop through the entire list, for example, pia port forward enabled endpoints, all you need to do is edit your ovpn config file and add the remote endpoints at the top and sort into the order you want them to be tried, an example pia ovpn file is below (mine):-


remote ca-toronto.privateinternetaccess.com 1198 udp
remote ca-montreal.privateinternetaccess.com 1198 udp
remote ca-vancouver.privateinternetaccess.com 1198 udp
remote de-berlin.privateinternetaccess.com 1198 udp
remote de-frankfurt.privateinternetaccess.com 1198 udp
remote france.privateinternetaccess.com 1198 udp
remote czech.privateinternetaccess.com 1198 udp
remote spain.privateinternetaccess.com 1198 udp
remote ro.privateinternetaccess.com 1198 udp
client
dev tun
resolv-retry infinite
nobind
persist-key
# -----faster GCM-----
cipher aes-128-gcm
auth sha256
ncp-disable
# -----faster GCM-----
tls-client
remote-cert-tls server
auth-user-pass credentials.conf
comp-lzo
verb 1
crl-verify crl.rsa.2048.pem
ca ca.rsa.2048.crt
disable-occ

 

I did look at multi ovpn file support, but this is easier to do and as openvpn supports multi remote lines, it felt like the most logical approach.

 

note:- Due to ns lookup for all remote lines, and potential failure and subsequent try of the next remote line, time to initialisation of the app may take longer.

 

p.s. I dont want to talk about how difficult this was to shoe horn in, i need to lie down in a dark room now and not think about bash for a while :-), any issues let me know!.

I notice your examples are using UDP openvpn connection.. Is there a preferred method? The PIA OpenVPN config page has many options and ive never been sure if one method is better than another? Also, is there any reason to use fourth gen config files over the third gen?

Link to comment
On 9/19/2020 at 3:50 AM, binhex said:

Is a tweaked version for maximum speed on pia using gcm emoji16.png

Sent from my CLT-L09 using Tapatalk
 

 

3 hours ago, 2Piececombo said:

I notice your examples are using UDP openvpn connection.. Is there a preferred method? The PIA OpenVPN config page has many options and ive never been sure if one method is better than another? Also, is there any reason to use fourth gen config files over the third gen?

 

guessing it has to do with max speed tweaks, which i will look into after getting constant consistent connections and activity

 

EDIT:

now that i'm finally creating a combined file, the default ones i have start with the following, so maybe its always been udp by default (thought defaults were tcp)

client
dev tun
proto udp
remote LOCATION.privateinternetaccess.com 1198

 

Edited by Cull2ArcaHeresy
Link to comment
3 hours ago, Cull2ArcaHeresy said:

guessing it has to do with max speed tweaks, which i will look into after getting constant consistent connections and activity

 

EDIT:

now that i'm finally creating a combined file, the default ones i have start with the following, so maybe its always been udp by default (thought defaults were tcp)

udp will always be faster than tcp, so that is the preferred protocol for vpn connections.

Link to comment
20 minutes ago, cinico said:

I'm having the exact same issue after updating to latest version. I am using privado.io VPN (wlvpn.com?) and I did not change my OVPN file at all which had been working fine. It was single-line, DNS name, being properly resolved according to docker log. 
I have since tried multi-remote too, no change. Using the OVPN client from the provider I can connect from the same location.

Please can you post your ovpn file and also do the following:-

https://github.com/binhex/documentation/blob/master/docker/faq/help.md

 

i know privacy is a big concern but please leave in resolved ip's in the log if possible, just remove any credentials/keys shown in the log.

Link to comment
18 minutes ago, binhex said:

Please can you post your ovpn file and also do the following:-

https://github.com/binhex/documentation/blob/master/docker/faq/help.md

 

i know privacy is a big concern but please leave in resolved ip's in the log if possible, just remove any credentials/keys shown in the log.

I deleted my post because I realized I had dumped some old ovpn files into the folder while trying to resolve this. I corrected the ovpn files and rolled the container back two versions to rtorrent-ps-1.1.r54.ga787dd9-1-16 and it is connecting now. If you would like me to go back to latest and troubleshoot I am willing to do that. Otherwise I will just try a later version when available. Sorry for wasting your time.

Link to comment
2020-09-22 09:39:49,769 DEBG 'start-script' stdout output:
[crit] 'entries' cannot be resolved, possible DNS issues, exiting...
# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.

I'm using OpenVPN on my own remote server and by default, it includes "proto" and "remote" in the comments of the generated config file. These are being recognized as protocols and remote endpoints.

 

	vpn_remote_line=$(cat "${VPN_CONFIG}" | grep -P -o '(?<=remote\s).*' | paste -s -d, - || true)

I think you need a ^ in your regex for remote, probably the same for proto but I can't look further at the moment.

 

image.thumb.png.1ae77ad366170c81404fa80561281921.png

image.thumb.png.2d9809093792aa9a19df071e4ed19450.png

Edited by psycho_asylum
Link to comment
22 minutes ago, psycho_asylum said:

2020-09-22 09:39:49,769 DEBG 'start-script' stdout output:
[crit] 'entries' cannot be resolved, possible DNS issues, exiting...

# The hostname/IP and port of the server.
# You can have multiple remote entries
# to load balance between the servers.

Startup is failing because it is recognizing "entires" as a remote endpoint in my config even though it's part of a comment. 

ok i can see the bug, its due to a regex match, for now to get it going please remove the word remote from the comment.

Edited by binhex
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.