[Support] dyonr - jackettvpn


Recommended Posts

6 minutes ago, Mizerka said:

Hey, thanks for your work;

 

lately jacketvpn has been turning itself off quite often with error

 

2020-08-08 17:04:58.977161 [ERROR] Network is down, exiting this Docker

 

Is this just down to tun closing so jacket is forcing to shutdown?

Hello, by default every 300 seconds the container sends out a ping to one.one.one.one by default. If this domain is unreachable the container will shutdown, and normally automatically restart. This normally happens if the connection with the VPN is not working anymore.

Could you verify the following:

Click the jackettvpn Docker, select Edit, in the top right change to slider to Advanced View and check if Extra Parameters has the following:

`--restart unless-stopped`

 

This makes it so that the container automatically restarts if it goes offline when the domain is unreachable.

 

 

  • Thanks 1
Link to comment
17 hours ago, Dyon said:

Hello, by default every 300 seconds the container sends out a ping to one.one.one.one by default. If this domain is unreachable the container will shutdown, and normally automatically restart. This normally happens if the connection with the VPN is not working anymore.

Could you verify the following:

Click the jackettvpn Docker, select Edit, in the top right change to slider to Advanced View and check if Extra Parameters has the following:

`--restart unless-stopped`

 

This makes it so that the container automatically restarts if it goes offline when the domain is unreachable.

 

 

makes sense,

 

can confirm, --restart unless-stopped wasn't there, I've added now and will see how it behaves.

 

thanks

Link to comment
  • 2 months later...

I've got boot looping because I'm using a custom IP. I've commented on a closed thread on Github, someone having the same issue back in August. 

2020-10-28 09:58:45.895894 [ERROR] It seems like the IP the container is using outside the default Docker DHCP range
2020-10-28 09:58:45.910462 [ERROR] Use bridge mode to run this container. Using a custom IP is not supported.
2020-10-28 09:58:45.924753 [ERROR] IP of the container: 192.168.1.20

My DHCP range for dockers is 192.168.1.0/24 so that's not right anyway. It was working recently, I noticed this morning that it wasn't.

Link to comment
49 minutes ago, OFark said:

I've got boot looping because I'm using a custom IP. I've commented on a closed thread on Github, someone having the same issue back in August. 


2020-10-28 09:58:45.895894 [ERROR] It seems like the IP the container is using outside the default Docker DHCP range
2020-10-28 09:58:45.910462 [ERROR] Use bridge mode to run this container. Using a custom IP is not supported.
2020-10-28 09:58:45.924753 [ERROR] IP of the container: 192.168.1.20

My DHCP range for dockers is 192.168.1.0/24 so that's not right anyway. It was working recently, I noticed this morning that it wasn't.

I've replied this on Github to you:

This shouldn't be possible since the lines that did the checking for the IP range got commented out on commit of the 3rd of August.  
See lines 26 to 36 in this file: https://github.com/DyonR/docker-Jackettvpn/blob/master/jackett/iptables.sh  
Please make sure you are using the latest version of the Docker container

Link to comment
52 minutes ago, Dyon said:

I've replied this on Github to you:

This shouldn't be possible since the lines that did the checking for the IP range got commented out on commit of the 3rd of August.  
See lines 26 to 36 in this file: https://github.com/DyonR/docker-Jackettvpn/blob/master/jackett/iptables.sh  
Please make sure you are using the latest version of the Docker container

I'm not going to post this particular comment in Github as I guess it's not Code related, but in response to looking at the commits I have a question: Why, if this project hasn't had any commits since September, is there a new Docker Build every day?

Edit: I only ask as I'm working on my first container project and I've yet to publish to Docker, so I don't know quite how it works.

Edited by OFark
Link to comment
8 minutes ago, OFark said:

I'm not going to post this particular comment in Github as I guess it's not Code related, but in response to looking at the commits I have a question: Why, if this project hasn't had any commits since September, is there a new Docker Build every day?

Edit: I only ask as I'm working on my first container project and I've yet to publish to Docker, so I don't know quite how it works.

On one if my servers a script checks every hour to see if Jackett has released a new version, which happens quite often since it does index a lot of websites, these websites often maken changes in how items are indexed. So, my code on GitHub is the code of the files and how to build the Docker. The Dockerfile just takes the last release from the Jackett GitHub page. Because of that, I do not need to change the source code to hard code a new release, but only check if they released a new version. That's why there are almost daily updates to the docker, but not the GitHub. I hope it makes sense 😃

Link to comment
1 minute ago, Dyon said:

On one if my servers a script checks every hour to see if Jackett has released a new version, which happens quite often since it does index a lot of websites, these websites often maken changes in how items are indexed. So, my code on GitHub is the code of the files and how to build the Docker. The Dockerfile just takes the last release from the Jackett GitHub page. Because of that, I do not need to change the source code to hard code a new release, but only check if they released a new version. That's why there are almost daily updates to the docker, but not the GitHub. I hope it makes sense 😃

It does, thank you.

Link to comment
  • 1 month later...

Dyon, thanks for sharing your work on this. I'm a noob at Linux / Docker and all that jazz, but getting by, day by day. I tried to get this working in Synology using the GUI, but it was hard to tell whether it was correctly working. I've then gone back to basics and done it all from SSH into my Synology, and the container is running and there are no obvious errors in the Synology docker log, the Jackett web GUI is available via http://192.168.1.40:9117 (.40 is my NAS obviously) - I can add indexers no problem, but I've no idea whether the VPN is actually running. The logging shown in the Synology GUI is limited. I'm trying to determine whether the ovpn file has worked... I have it configured to my NordVPN account, and I can see this in the Synology docker log for this container; 

 

2020-12-10 15:42:07.077997 [INFO] VPN_ENABLED defined as 'YES' 

 

but nothing more. (EDIT: 'nothing more' related to VPN referenced in the GUI log)

 

If I check the following folder for the logs; 

 

Logging to /config/Jackett/Logs/log.txt.

 

there is literally zero reference to vpn in any capacity. 

 

This is my run script with my own added variables; 

 

docker run --privileged  -d \
              -v /volume1/config/config2/:/config \.    <--- this has files in here
              -v /volume1/downloads/downloads2/:/blackhole \.    <--- there are no files in here
              -e "VPN_ENABLED=YES" \
              -e "VPN_TYPE=openvpn" \
              -e "LAN_NETWORK=192.168.1.0/24" \
              -e "NAME_SERVERS=1.1.1.1,1.0.0.1" \
              -e "PUID=1026" \
              -e "PGID=101" \
              -p 9117:9117 \
              --restart unless-stopped \
              dyonr/jackettvpn

 

I setup the config2 folder so I didn't risk breaking stuff in the folder above it - I'm learning as I go so being cautious. 

 

The file path /volume1/config/config2 is the file structure for the mount point /config, and inside /config I have /config/Jackett and /config/openvpn. The Jackett folder is clearly being used, there are a bunch of docker container files in there once it was booted the first time

 

Inside the openvpn folder I have my .ovpn downloaded from NordVPN. I amended the auth-user-pass line inside the .ovpn file to simply include credentials.conf after a space, so it that line looks like this; 

 

auth-user-pass credentials.conf

 

the credentials.conf is a file sat directly in the openvpn folder and the contents are just my username on the first line and my password on the second line. Saved, uploaded to the openvpn folder. I think that sounds right?

 

Does any of the above look terribly off? Is there a simple way to check whether the VPN is in use? The lack of any reference to 'vpn' in the logs.txt is a red flag to me. Here is a snippet; 

 

Hosting environment: Production
Content root path: /opt/Jackett/Content
Now listening on: http://[::]:9117
Application started. Press Ctrl+C to shut down.
12-10 16:42:21 Info Checking for updates... Jackett variant: CoreLinuxAmdx64 
12-10 16:42:21 Info Updates are disabled via --NoUpdates. 
12-10 18:07:21 Info Found 100 releases from Speed.cd 
12-10 18:14:36 Info Adding aggregate indexer ('all' indexer) ... 
12-10 18:14:37 Info Restarting webhost due to configuration change 
12-10 18:14:37 Info Restart of the web application host (not process) initiated 
12-10 18:14:37 Info Jackett stopped 
12-10 18:14:37 Info Environment version: 5.0.1 (/opt/Jackett/) 
12-10 18:14:37 Info OS version: Unix 4.4.59.0 (64bit OS) (64bit process) 
12-10 18:14:37 Info Jackett variant: CoreLinuxAmdx64 
12-10 18:14:37 Info File /etc/issue: Ubuntu 18.04.5 LTS \n \l 
12-10 18:14:37 Info Running in Docker: Yes (image build: unknown) 
12-10 18:14:37 Info ThreadPool MaxThreads: 32767 workerThreads, 1000 completionPortThreads 
12-10 18:14:37 Info App config/log directory: /config/Jackett 
12-10 18:14:37 Info Using proxy: Disabled 
12-10 18:14:37 Info Using HTTP Client: HttpWebClient2 
12-10 18:14:37 Info Loading Native indexers ... 
12-10 18:14:37 Info Loaded 96 Native indexers: abnormal, alpharatio, anidex, anidub, etc etc etc 

 

 

Sorry for the long post. I'm trying to improve, I just think somewhere the VPN isn't being triggered. 

 

Thanks

DVD

Edited by UWonBiDVD
ugh, multiple fails...
Link to comment

Rather than keep editing my above post, I will add here. I have removed the user-auth-pass reference to credentials.conf in the .ovpn file, and changed the docker run command to the following to include the VPN credentials - still no VPN reference in the logs...; 

 

docker run --privileged -d \

-v /volume1/config/config2/:/config \

-v /volume1/downloads/downloads2/:/blackhole \

-e "VPN_ENABLED=YES" \

-e "VPN_TYPE=openvpn" \

-e "VPN_USERNAME=my_VPN_username" \

-e "VPN_PASSWORD=my_VPN_password" \

-e "LAN_NETWORK=192.168.1.0/24" \

-e "NAME_SERVERS=1.1.1.1,1.0.0.1" \

-e "PUID=1026" \

-e "PGID=101" \

-p 9117:9117 \

--restart unless-stopped \

dyonr/jackettvpn

 

Log: 

12-10 19:28:56 Info Starting Jackett v0.17.11 
12-10 19:28:59 Info Environment version: 5.0.1 (/opt/Jackett/) 
12-10 19:28:59 Info OS version: Unix 4.4.59.0 (64bit OS) (64bit process) 
12-10 19:28:59 Info Jackett variant: CoreLinuxAmdx64 
12-10 19:28:59 Info File /etc/issue: Ubuntu 18.04.5 LTS \n \l 
12-10 19:28:59 Info Running in Docker: Yes (image build: unknown) 
12-10 19:28:59 Info ThreadPool MaxThreads: 32767 workerThreads, 1000 completionPortThreads 
12-10 19:28:59 Info App config/log directory: /config/Jackett 
12-10 19:28:59 Info Using proxy: Disabled 
12-10 19:28:59 Info Using HTTP Client: HttpWebClient2 
12-10 19:28:59 Info Loading Native indexers ... 
12-10 19:29:00 Info Loaded 96 Native indexers: removed them, there are lots here!
12-10 19:29:07 Info Loaded 537 indexers in total 
12-10 19:29:07 Info Adding aggregate indexer ('all' indexer) ... 
12-10 19:29:08 Info Jackett startup finished in 15.472 s 
Hosting environment: Production
Content root path: /opt/Jackett/Content
Now listening on: http://[::]:9117
Application started. Press Ctrl+C to shut down.

 

Can anyone point me in the direction of where to look? I'm really keen to learn this, just drawing a bit of a blank now. 

 

Thanks 
DVD

Link to comment

@UWonBiDVD I feel like you are looking at the logs in /volume1/config/config2/Jackett/log.txt

That is the log file of the Jackett application, but not of the container 😄

 

If you want to make sure if the VPN is working you can open the console of the Docker and enter the following:

apt update && apt install -y curl
curl ifconfig.me

After running 'curl ifconfig.me' you should see an IP that is not your own IP, but the IP your VPN Provider gave you.

  • Haha 1
Link to comment
1 hour ago, Dyon said:

@UWonBiDVD I feel like you are looking at the logs in /volume1/config/config2/Jackett/log.txt

That is the log file of the Jackett application, but not of the container 😄

 

If you want to make sure if the VPN is working you can open the console of the Docker and enter the following:


apt update && apt install -y curl
curl ifconfig.me

After running 'curl ifconfig.me' you should see an IP that is not your own IP, but the IP your VPN Provider gave you.

That gave me a chuckle. You are right, that's exactly where I was looking - I didn't know there was a difference! 😂

 

Another lesson learnt 👍

 

I have run the above code and the IP is my real IP. I will dig a bit more, it's odd because I can't see where my config has gone wrong, hmmm. I will revert my container back to using the .ovpn file with the credentials.conf file, see if that makes a difference. Thanks for the reply, that was a really useful bit of info :)

 

Thanks

DVD

 

 

 

Link to comment

Thanks Dyon, that's really cool of you. Not sure what you can find in this... is there a better command I can run? I ran the command below, it sets a random name every time I delete and start it over again - interestingly, when I'm logged in as my own admin user and I type 'ID', it does show me that my UID=1026, so I'm not sure why it says PUID does not exist; 

 

root@SYNOLOGY:~# docker logs infallible_margulis

2020-12-10 23:50:40.121961 [INFO] VPN_ENABLED defined as 'YES'

2020-12-10 23:50:40.178897 [INFO] DISABLE_IPV6 is set to ''

2020-12-10 23:50:40.234163 [INFO] Disabling IPv6 in sysctl

2020-12-10 23:50:40.310799 [INFO] Adding 1.1.1.1 to resolv.conf

2020-12-10 23:50:40.369540 [INFO] Adding 1.0.0.1 to resolv.conf

2020-12-10 23:50:40.424795 [INFO] PGID not defined. Defaulting to root group

2020-12-10 23:50:40.508336 [INFO] A group with PGID root already exists in /etc/group, nothing to do.

2020-12-10 23:50:40.565606 [INFO] An user with PUID 1026 does not exist, adding an user called 'jackett user' with PUID 1026

2020-12-10 23:50:41.605333 [WARNING] UMASK not defined (via -e UMASK), defaulting to '002'

2020-12-10 23:50:41.750987 [INFO] Starting Jackett daemon...

Logging to /config/Jackett/Logs/log.txt.

2020-12-10 23:50:42.904535 [INFO] Started Jackett daemon successfully...

2020-12-10 23:50:43.289049 [INFO] Jackett PID: 68

2020-12-10 23:50:43.349858 [INFO] HEALTH_CHECK_HOST is not set. For now using default host one.one.one.one

2020-12-10 23:50:43.405265 [INFO] HEALTH_CHECK_INTERVAL is not set. For now using default interval of 300

2020-12-10 23:50:43.461577 [INFO] HEALTH_CHECK_SILENT is not set. Because this variable is not set, it will be supressed by default

 

FYI I did run this with PGID set too, but took it out as a troubleshooting step. If there is a way to get more verbose logging, let me know. 

 

This is the current code I ran with slightly amended variables; 

 

docker run --privileged -d \

-v /volume1/config/config2/:/config \

-v /volume1/downloads/downloads2/:/blackhole \

-e "VPN_ENABLED=YES" \

-e "VPN_TYPE=openvpn" \

-e "LAN_NETWORK=192.168.1.0/24" \

-e "NAME_SERVERS=1.1.1.1,1.0.0.1" \

-e "PUID=1026" \

-p 9117:9117 \

--restart unless-stopped \

dyonr/jackettvpn

 

Appreciate your help. I will keep plugging away at it, probably something obvious I've messed up. 

 

EDIT: Have tried two different .ovpn files, no difference. I think my problem must be more fundamental, like my folder structure or something. My VPN credentials are valid, I'm successfully using them to run a SOCKS5 proxy for qBit direct in the GUI, and that does use the VPN IP, there is a magnet link you can download to confirm which IP you are connecting to the link with. 

 

Thanks

DVD

Edited by UWonBiDVD
Link to comment
6 minutes ago, Dyon said:

@UWonBiDVD I think, and this is so stupid, that it does not work because you did enter VPN_ENABLES=YES instead of VPN_ENABLED=yes

Please try if this fixes it, but looking at the code, that would be the issue.

Definitely would need to fix this so it doesn't matter if you say YES or yes 😅

Oh my, what an embarrassing mistake! That's a lesson I won't forget... CaSe SeNsItIvE!!!!

 

So, there is still an issue with the auth (right at the bottom), but I will look into it further; 

 

root@SYNOLOGY:~# docker logs pensive_kapitsa

2020-12-11 00:10:13.800848 [INFO] VPN_ENABLED defined as 'yes'

2020-12-11 00:10:13.857619 [INFO] DISABLE_IPV6 is set to ''

2020-12-11 00:10:13.913761 [INFO] Disabling IPv6 in sysctl

2020-12-11 00:10:13.977213 [INFO] VPN_TYPE defined as 'openvpn'

2020-12-11 00:10:14.066058 [WARNING] Unable to chown/chmod /config/openvpn/, assuming SMB mountpoint

2020-12-11 00:10:14.145708 [INFO] OpenVPN config file is found at /config/openvpn/uk1845.nordvpn.com.tcp.ovpn

dos2unix: converting file /config/openvpn/uk1845.nordvpn.com.tcp.ovpn to Unix format...

2020-12-11 00:10:14.273959 [INFO] VPN remote line defined as '185.169.255.42 443'

2020-12-11 00:10:14.332789 [INFO] VPN_REMOTE defined as '185.169.255.42'

2020-12-11 00:10:14.391232 [INFO] VPN_PORT defined as '443'

2020-12-11 00:10:14.451083 [INFO] VPN_PROTOCOL defined as 'tcp'

2020-12-11 00:10:14.509505 [INFO] VPN_DEVICE_TYPE defined as 'tun0'

2020-12-11 00:10:14.567897 [INFO] LAN_NETWORK defined as '192.168.1.0/24'

2020-12-11 00:10:14.626302 [INFO] NAME_SERVERS defined as '1.1.1.1,1.0.0.1'

2020-12-11 00:10:14.684894 [INFO] VPN_OPTIONS not defined (via -e VPN_OPTIONS)

2020-12-11 00:10:14.745784 [INFO] Adding 1.1.1.1 to resolv.conf

2020-12-11 00:10:14.804520 [INFO] Adding 1.0.0.1 to resolv.conf

2020-12-11 00:10:14.859948 [INFO] PGID not defined. Defaulting to root group

2020-12-11 00:10:14.915609 [INFO] Starting OpenVPN...

Fri Dec 11 00:10:15 2020 WARNING: file 'credentials.conf' is group or others accessible

Fri Dec 11 00:10:15 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019

Fri Dec 11 00:10:15 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08

Fri Dec 11 00:10:15 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Fri Dec 11 00:10:15 2020 NOTE: --fast-io is disabled since we are not using UDP

Fri Dec 11 00:10:15 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Fri Dec 11 00:10:15 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Fri Dec 11 00:10:15 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.169.255.42:443

Fri Dec 11 00:10:15 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]

Fri Dec 11 00:10:15 2020 Attempting to establish TCP connection with [AF_INET]185.169.255.42:443 [nonblock]

Fri Dec 11 00:10:16 2020 TCP connection established with [AF_INET]185.169.255.42:443

Fri Dec 11 00:10:16 2020 TCP_CLIENT link local: (not bound)

Fri Dec 11 00:10:16 2020 TCP_CLIENT link remote: [AF_INET]185.169.255.42:443

Fri Dec 11 00:10:16 2020 TLS: Initial packet from [AF_INET]185.169.255.42:443, sid=f55d3e64 82ba6bd7

Fri Dec 11 00:10:16 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Fri Dec 11 00:10:16 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

Fri Dec 11 00:10:16 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5

Fri Dec 11 00:10:16 2020 VERIFY KU OK

Fri Dec 11 00:10:16 2020 Validating certificate extended key usage

Fri Dec 11 00:10:16 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Fri Dec 11 00:10:16 2020 VERIFY EKU OK

Fri Dec 11 00:10:16 2020 VERIFY OK: depth=0, CN=uk1845.nordvpn.com

Fri Dec 11 00:10:18 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA

Fri Dec 11 00:10:18 2020 [uk1845.nordvpn.com] Peer Connection Initiated with [AF_INET]185.169.255.42:443

Fri Dec 11 00:10:19 2020 SENT CONTROL [uk1845.nordvpn.com]: 'PUSH_REQUEST' (status=1)

Fri Dec 11 00:10:19 2020 AUTH: Received control message: AUTH_FAILED

Fri Dec 11 00:10:19 2020 SIGTERM[soft,auth-failure] received, process exiting

 

I copied and pasted the user ID and password into the conf file. I will have a play and see what I can do to fix it. 

 

Damn, YES vs yes... 

 

Thank you for looking Dyon, hugely appreciate it. 

 

Regards

DVD

Link to comment

I've also updated it so that VPN_ENABLED is now case insensitive.

 

For my VPN provider, I get separate credentials to login with OpenVPN. NordVPN also requires this, in case you didn't know.

Just pass these through VPN_USERNAME and VPN_PASSWORD, and it should be fine.

Check out step 11 on this page: How to set up manual connection on Windows 7 and above | NordVPN Support

 

As a reference, here is the .ovpn file of my provider, I did not change anything of mine:

client
dev tun
proto udp
remote my.vpnprovider.com 443

nobind
auth-user-pass

resolv-retry infinite

auth SHA512
cipher AES-256-CBC
comp-lzo
verb 2
mute-replay-warnings
remote-cert-tls server
persist-key
persist-tun

key-direction 1
<ca>
-----BEGIN CERTIFICATE-----
###########################################################
###########################################################
###########################################################
###########################################################
###########################################################
###########################################################
###########################################################
etc.....
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
#######################################
#######################################
#######################################
#######################################
#######################################
etc.....
-----END OpenVPN Static key V1-----
</tls-auth>

 

Edited by Dyon
Link to comment

Thanks and I feel humbled you have updated it to be case insensitive haha, I will also have a look in more detail tomorrow. I found an invalid character in my password, I don't know why, it was copied and pasted from Nord VPN dashboard, anyway, get a different error now. I'll post it, but happy to work on it myself tomorrow. Will have a look at what you've shared above too, thanks! Oh yes, will also try using the VPN_USERNAME and PASSWORD variables as well. And try another VPN file seeing as I'm now a bit further :D

 

Fri Dec 11 00:25:42 2020 VERIFY EKU OK

Fri Dec 11 00:25:42 2020 VERIFY OK: depth=0, CN=uk1845.nordvpn.com

Fri Dec 11 00:25:42 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 4096 bit RSA

Fri Dec 11 00:25:42 2020 [uk1845.nordvpn.com] Peer Connection Initiated with [AF_INET]185.169.255.42:443

Fri Dec 11 00:25:43 2020 SENT CONTROL [uk1845.nordvpn.com]: 'PUSH_REQUEST' (status=1)

Fri Dec 11 00:25:44 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.3.2 255.255.255.0,peer-id 0,cipher AES-256-GCM'

Fri Dec 11 00:25:44 2020 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:6 is ignored by previous <connection> blocks

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: timers and/or timeouts modified

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: compression parms modified

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified

Fri Dec 11 00:25:44 2020 Socket Buffers: R=[367360->425984] S=[46080->425984]

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: --ifconfig/up options modified

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: route options modified

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: route-related options modified

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: peer-id set

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: adjusting link_mtu to 1659

Fri Dec 11 00:25:44 2020 OPTIONS IMPORT: data channel crypto options modified

Fri Dec 11 00:25:44 2020 Data Channel: using negotiated cipher 'AES-256-GCM'

Fri Dec 11 00:25:44 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Dec 11 00:25:44 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Dec 11 00:25:44 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02

Fri Dec 11 00:25:44 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

Fri Dec 11 00:25:44 2020 Exiting due to fatal error

 

 

Cheers

DVD

Link to comment

Good luck giving it another shot tomorrow.

If you run into an error and need someone to look at it, feel free to post the error here! I'll see if I can help then 😁

 

This error is often caused because the container is not running privileged by the way;

Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

 

Link to comment

Thanks, that's a good place for me to start looking. Another .ovpn file didn't help (tried UDP rather than TCP), and putting the credentials directly in the variables didn't help. I will see where my permissions / privileges are failing tomorrow. Thanks again, I will post back if I progress it or get stuck, maybe could help someone else you never know. 

 

Cheers

DVD

Link to comment

Hmm, it looks as though other Synology users have had similar issues with this error. Maybe Synology isn't honouring the privileges command, it doesn't seem to create the folders for tun, or so other users seem to suggest. It looks like at a GUI level this could be fixed by ticking the box to execute with highest privileges, so I need to see what I can find to set in the docker run code to achieve the same thing.... 

 

One question I wanted to ask Dyon is around the kill switch. I can see the health check defaults to 5 minute intervals. Is that how often it checks for the kill switch to take effect, or does the kill switch kick in as soon as the VPN connection drops? I'm thinking about web traffic leaking, in any capacity, when I'd prefer it not too ;-)

 

Thanks again

DVD 

Link to comment

OK, some progress. I found this article; https://www.synoforum.com/threads/device-dev-net-tun-not-working-anymore-after-docker-update-18-09-0-0513.3074/ and followed EVOTk's advice about downloading the TUN.sh file and executing it on my device. 

 

This now seems to allow the VPN to connect, and my logs look much healthier; 

 

2020-12-11 09:43:11.525031 [INFO] Starting OpenVPN...

Fri Dec 11 09:43:12 2020 WARNING: file 'credentials.conf' is group or others accessible

Fri Dec 11 09:43:12 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019

Fri Dec 11 09:43:12 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08

Fri Dec 11 09:43:12 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit

Fri Dec 11 09:43:12 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Fri Dec 11 09:43:12 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication

Fri Dec 11 09:43:12 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]194.35.233.190:1194

Fri Dec 11 09:43:12 2020 Socket Buffers: R=[212992->212992] S=[212992->212992]

Fri Dec 11 09:43:12 2020 UDP link local: (not bound)

Fri Dec 11 09:43:12 2020 UDP link remote: [AF_INET]194.35.233.190:1194

Fri Dec 11 09:43:12 2020 TLS: Initial packet from [AF_INET]194.35.233.190:1194, sid=862aa396 0158627b

Fri Dec 11 09:43:12 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Fri Dec 11 09:43:12 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA

Fri Dec 11 09:43:12 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5

Fri Dec 11 09:43:12 2020 VERIFY KU OK

Fri Dec 11 09:43:12 2020 Validating certificate extended key usage

Fri Dec 11 09:43:12 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication

Fri Dec 11 09:43:12 2020 VERIFY EKU OK

Fri Dec 11 09:43:12 2020 VERIFY OK: depth=0, CN=uk2166.nordvpn.com

Fri Dec 11 09:43:12 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA

Fri Dec 11 09:43:12 2020 [uk2166.nordvpn.com] Peer Connection Initiated with [AF_INET]194.35.233.190:1194

Fri Dec 11 09:43:13 2020 SENT CONTROL [uk2166.nordvpn.com]: 'PUSH_REQUEST' (status=1)

Fri Dec 11 09:43:13 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.8.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.3.10 255.255.255.0,peer-id 10,cipher AES-256-GCM'

Fri Dec 11 09:43:13 2020 Option 'explicit-exit-notify' in [PUSH-OPTIONS]:6 is ignored by previous <connection> blocks

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: timers and/or timeouts modified

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: explicit notify parm(s) modified

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: compression parms modified

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified

Fri Dec 11 09:43:13 2020 Socket Buffers: R=[212992->425984] S=[212992->425984]

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: --ifconfig/up options modified

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: route options modified

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: route-related options modified

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: peer-id set

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: adjusting link_mtu to 1657

Fri Dec 11 09:43:13 2020 OPTIONS IMPORT: data channel crypto options modified

Fri Dec 11 09:43:13 2020 Data Channel: using negotiated cipher 'AES-256-GCM'

Fri Dec 11 09:43:13 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Dec 11 09:43:13 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key

Fri Dec 11 09:43:13 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02

Fri Dec 11 09:43:13 2020 TUN/TAP device tun0 opened

 

 

However, the curl commands;

 

apt update && apt install -y curl

curl ifconfig.me

 

will not run, they time out. I will try another ovpn file and report back. 

 

Getting a bit further at least!

 

DVD

Link to comment

@Dyon YES YES YES!!!!

 

root@5819c8e9fda4:/opt# curl ifconfig.me                                                                    

131.255.4.108root@5819c8e9fda4

 

A new ovpn file fixed it! This is the VPN IP address, finally! 

 

Thank you for your help, that's helped me help myself and pick away at it. Still interested to know about the kill switch question I posted above, if you have the time to reply to it :D

 

Now I need to learn how to save this so I don't have to paste the config in every time in SSH... that's my next task

 

DVD

Edited by UWonBiDVD
Link to comment
  • 4 months later...

Hello I've been using this docker with PIA for a while with no issues and after PIA updated all ovpn files the docker stopped working. I've added a new PIA file and whenever It starts it will constantly restart after hitting the line "[ERROR] Password contains unsupported characters." Issue is it is a very normal password containing only numbers and letters. I've ensured there are no spaces or anything strange in it but it continues to fail. Has anyone else run into this issue and have a solution?

 

log https://pastebin.com/JDXKUWGk

Edited by imJohn
added log
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.