Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[Support] binhex - PrivoxyVPN

Featured Replies

  • Author
8 hours ago, melmurp said:

Could I get some insight into this?

yes that is currently the case, if the ovpn file contains multiple remote entries it will remove all entries leaving just one, if the remote line is a hostname of course this will normally resolve to multiple ip addresses (depends on vpn provider).

 

8 hours ago, melmurp said:

I like the idea of having the all in one (privoxy/socks/openvpn) in a single container but defeats the purpose if it removes all the hosts and just hardcodes to the first one.

not sure how this 'defeats the purpose' - the purpose of the privoxyvpn is to give you a secure container from which to use, this will always be the primary purpose, having the ability to connect to multiple remote endpoints is not. having said that i most probably will include an enhancement at some point in the future to do this, but it wont be any time soon as i have bigger fish to fry.

  • Replies 632
  • Views 145.3k
  • Created
  • Last Reply

Top Posters In This Topic

Most Popular Posts

  • @binhex, this absolutely works on your container. I am currently using this setup successfully with no major issues. I wanted a VPN "gateway" for specific other containers, where all their traffic cou

  • There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A n

  • Hi all, I have made some nice changes to the core code used for all the VPN docker images I produce, details as follows:- Randomly rotate between multiple remote endpoints (openvpn only) on di

Posted Images

  • Author
17 hours ago, metaMMA said:

Oh cool. I didn't see hexchat on your main images page, so I didn't know you had an IRC client! 

 

Correct me if I'm wrong, but I don't think this will quite solve my issue. I'd like to use a BNC on my server to be constantly connected to the IRC channels with playback support. Using hexchat, I could connect to my ZNC over a proxy (privoxy), but that doesn't protect my connection to the IRC networks/channels (would only anonymize the connection to my own server).

 

Ideally I'd like to find a way to have a BNC connect over privoxy, and then use hexchat or another client to connect to the BNC.

 

Perhaps I'm just not understanding the scope of your hexchat container, though. Thanks for the reply. Let me know if there is anything I can do to help.

i had no idea what ZNC was or what a BNC does, after a quick bit of googling it appears to be similar to a proxy server, so with that in mind why not just drop the use of ZNC and simply use hexchat - configured to use microsocks, that way you are protected and there are less moving parts to go wrong too, so probably improved performance, is there something that ZNC can do for you that a IRC client like hexchat cannot?.

15 hours ago, binhex said:

yes that is currently the case, if the ovpn file contains multiple remote entries it will remove all entries leaving just one, if the remote line is a hostname of course this will normally resolve to multiple ip addresses (depends on vpn provider).

 

not sure how this 'defeats the purpose' - the purpose of the privoxyvpn is to give you a secure container from which to use, this will always be the primary purpose, having the ability to connect to multiple remote endpoints is not. having said that i most probably will include an enhancement at some point in the future to do this, but it wont be any time soon as i have bigger fish to fry.

That's reasonable and I appreciate the reply... I know most providers tend to use a proper host name and not a direct IP so I can understand why it would be done this way. I just wanted to confirm it's as designed before I poke around :)

 

Again, thanks for all the work you do with these containers... you're making people's lives much easier!

  • 2 weeks later...

Sorry, sort of new to docker. I am trying this vpnproxy out but it appears it may have a firewall configured?

When i attempt to connect to a FTP site via socks5 i get through but fails directory listing:

 

Status:    Connecting to ftp.sunet.se through SOCKS5 proxy
Status:    Connecting to 1.1.1.56:9118...
Status:    Connection with proxy established, performing handshake...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Connection with proxy established, performing handshake...
Error:    Proxy request failed. Reply from proxy: Connection refused
Error:    Proxy handshake failed: ECONNABORTED - Connection aborted

 

What do i have to do to allow ftp connectivity via the socks? or have i missed something?

I also attempted to run this only as a socks proxy, i honestly don't even know what privoxy is, but if i set privoxy to false and socks to true i cannot connect to the proxy at all, is this docker even functional without privoxy = yes?

 

Thanks!

Edited by je82

Appears when configuring filezilla to use http 1.0 connect method as proxy the connection goes through

 

Status:    Connecting to ftp.sunet.se through HTTP proxy
Status:    Connecting to 1.1.1.56:8118...
Status:    Connection with proxy established, performing handshake...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Directory listing of "/" successful

 

Not sure if there's anything bad with using  http 1.1 connect method rather then socks?

 

image.png.3200c85870f71218ace1d8145570dcb2.png

 

(For some reason connection also works without entering the password or username when using http connect method ????)

Edited by je82

33 minutes ago, je82 said:

Appears when configuring filezilla to use http 1.0 connect method as proxy the connection goes through

 

Status:    Connecting to ftp.sunet.se through HTTP proxy
Status:    Connecting to 1.1.1.56:8118...
Status:    Connection with proxy established, performing handshake...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Directory listing of "/" successful

 

Not sure if there's anything bad with using  http 1.1 connect method rather then socks?

 

image.png.3200c85870f71218ace1d8145570dcb2.png

 

(For some reason connection also works without entering the password or username when using http connect method ????)

I just set up this docker container for use in Firefox. I am also unable to use SOCKS and have to use HTTP Proxy.

10 minutes ago, psycho_asylum said:

I just set up this docker container for use in Firefox. I am also unable to use SOCKS and have to use HTTP Proxy.

Yeah socks seems to be not working at all, all connections to the socks are refused :/ 

 

Attempting to use socks for email:

19/12/2019, 21:50:26: IMAP  - Connecting to IMAP server mail.myserver.com on port 993
!19/12/2019, 21:51:26: IMAP  - Could not connect to the server

 

Any ideas how to get socks to work?

Thanks!

  • Author
2 hours ago, je82 said:

Error:    Proxy request failed. Reply from proxy: Connection refused
Error:    Proxy handshake failed: ECONNABORTED - Connection aborted

this will most probably be this specific ftp server blocking connections from known vpn providers, for instance trying another linux distro site such as  ''ftp.nluug.nl' allows the connection through when using socks5 (port 9118) using filezilla (tested and working for me).

 

the money shot:-

 

Status:	Connecting to ftp.nluug.nl through SOCKS5 proxy
Status:	Resolving address of 192.168.1.xxx
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Connection established, waiting for welcome message...
Status:	Insecure server, it does not support FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Directory listing of "/" successful

 

Edited by binhex

3 minutes ago, binhex said:

this will most probably be this specific ftp server blocking connections from known vpn providers, for instance trying another linux distro site such as  ''ftp.nluug.nl' allows the connection through when using socks5 (port 9118) using filezilla (tested and working for me).

 

the money shot:-

 


Status:	Connecting to ftp.nluug.nl through SOCKS5 proxy
Status:	Resolving address of 192.168.1.xxx
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Connection established, waiting for welcome message...
Status:	Insecure server, it does not support FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Directory listing of "/" successful

 

Nope, i can socks5 proxy when i setup a socks5 proxy in windows with ccproxy to the same ftp server.

Strange :/

I cannot get socks5 to work with email client either, it won't connect at all works fine with ccproxy and socks5.

 

I am rather confused by the ports here, what service is running on which port?

 

8118 = socks?

9118 = privoxy?

 

Any more ideas? Would really like to slim down the memory footprint, your docker container takes nothing compared to my fully fledged window wms with ccproxy installed :)

  • Author
2 minutes ago, je82 said:

I am rather confused by the ports here, what service is running on which port?

 

8118 = socks?

9118 = privoxy?

nope thats not right, other way around, also note privoxy does NOT support authentication, whereas socks5 does.

  • Author
4 minutes ago, je82 said:

Nope, i can socks5 proxy when i setup a socks5 proxy in windows with ccproxy to the same ftp server.

and ccproxy server is connecting over a vpn tunnel like this container, with the same vpn provider connecting to the same vpn endpoint?

Edited by binhex

6 minutes ago, binhex said:

nope thats not right, other way around, also note privoxy does NOT support authentication, whereas socks5 does.

Thanks, i think the ports and combinations of me trying various things and not really documenting what i've tested resulting in weird results, mail works over socks5 now. The FTP returns directory listing error when using proxy, i have no idea why but i am pretty sure it is on their end the problem is because socks5 works fine when connecting to another ftp now. The strange thing is that socks5 works on the problematic ftp when i do it via ccproxy, but perhaps the guy on the other end has made some special allow for that particular ip i have when connecting through it.

 

Anyway, your docker container works fine!

  • Author
2 minutes ago, je82 said:

The strange thing is that socks5 works on the problematic ftp when i do it via ccproxy, but perhaps the guy on the other end has made some special allow for that particular ip i have when connecting through it.

read my previous comment, i doubt ccproxy is connecting in the same (more secure) manner that this container uses.

Just now, binhex said:

read my previous comment, i doubt ccproxy is connecting in the same (more secure) manner that this container uses.

yeah i think its not more secure but the ftp on the other end probably has made an exception for that ip ccproxy uses (different vpn endpoint from what i tested with your container).

 

is there any particular benefits to using privoxy over socks5 when tunneling traffic in the browser?

  • Author
3 minutes ago, je82 said:

is there any particular benefits to using privoxy over socks5 when tunneling traffic in the browser?

for basic surfing, http and https then either will do, if you however want other protocols also proxied then you would need to use socks5, so it all depends on your usage really.

12 minutes ago, binhex said:

for basic surfing, http and https then either will do, if you however want other protocols also proxied then you would need to use socks5, so it all depends on your usage really.

Most browsers have the option "proxy dns queries when using socks5" i guess this won't work with privoxy resulting in potential worse security?

  • Author
11 hours ago, je82 said:

Most browsers have the option "proxy dns queries when using socks5" i guess this won't work with privoxy resulting in potential worse security?

this is true, however a quick tweak of your dns on your home lan to something like 'DNS Watch' will get you a non logging nameserver, thus mitigating this completely, but yeah if you dont want to do this then socks5 will give prevent any dns leaks.

  • 3 weeks later...

may a question about using another docker to use this vpn docker

 

i saw some readme´s about the --net=container:<vpn_dockername>

so i tried by adding following to vpn docker

--cap-add=NET_ADMIN

--device /dev/net/tun  (alternative also added, same result)

 

on the client docker

--net=container:binhex-privoxyvpn

network off (or also kept in bridge mode, same result)

 

Error response from daemon: Container cannot be connected to network endpoints:container:binhex-privoxyvpn ..... none or bridge ...

question, does anyone using succesfully this kind of setup ?

Edited by alturismo

  • Author
5 hours ago, alturismo said:

i saw some readme´s about the --net=container:<vpn_dockername>

im not sure where you saw that but its not in any readme's for these vpn docker images as this will not work due to the highly tied down configuration using iptables. 

 

you can use privoxy for http/https connections and assuming the app you want to secure supports it, you can use microsocks (socks5 server) for everything else.

1 hour ago, binhex said:

im not sure where you saw that but its not in any readme's for these vpn docker images as this will not work due to the highly tied down configuration using iptables. 

 

you can use privoxy for http/https connections and assuming the app you want to secure supports it, you can use microsocks (socks5 server) for everything else.

thanks for the info, i thought so ...

 

someone pointed me to this way of proxying docker to docker with --net=.....

https://github.com/dperson/openvpn-client/blob/master/README.md#how-to-use-this-image

 

and mentioned he uses this method with your deluge-vpn docker as VPN docker on unraid ...

 

privoxy or socks doesnt work with the docker i provide (xteve) as http proxy is not supported by the app, nevermind, im clear now and know its not working ;)

Edited by alturismo

  • 2 weeks later...

Hi all,

 

this might be too too off topic for this thread but I've got a question: is there any way to use a proxy created by this docker to turn it into a DNS on the network? A device, more specifically my TV, does not have proxy settings but DNS settings, and I'd like to access some video content georistricted to the country I use this docker for  - which works great with the proxy from privoxy on other devices already. Is there maybe another docker that could work in conjunction with this one to make it happen and host the DNS? 

 

Appreciate any help!

  • Author
Hi all,
 
this might be too too off topic for this thread but I've got a question: is there any way to use a proxy created by this docker to turn it into a DNS on the network? A device, more specifically my TV, does not have proxy settings but DNS settings, and I'd like to access some video content georistricted to the country I use this docker for  - which works great with the proxy from privoxy on other devices already. Is there maybe another docker that could work in conjunction with this one to make it happen and host the DNS? 
 
Appreciate any help!
DNS will not get your past a geo blocked IP address, so that wouldn't work, even if it were possible.

Sent from my CLT-L09 using Tapatalk

Hm gotcha, just wondering how these "smart dns" services online do it. Might just have to use one of them then. Thank you!

On 1/10/2020 at 1:04 AM, alturismo said:

may a question about using another docker to use this vpn docker

 

i saw some readme´s about the --net=container:<vpn_dockername>

so i tried by adding following to vpn docker

--cap-add=NET_ADMIN

--device /dev/net/tun  (alternative also added, same result)

 

on the client docker

--net=container:binhex-privoxyvpn

network off (or also kept in bridge mode, same result)

 

Error response from daemon: Container cannot be connected to network endpoints:container:binhex-privoxyvpn ..... none or bridge ...

question, does anyone using succesfully this kind of setup ?

 

On 1/10/2020 at 6:13 AM, binhex said:

im not sure where you saw that but its not in any readme's for these vpn docker images as this will not work due to the highly tied down configuration using iptables.

 

 

@binhex, this absolutely works on your container. I am currently using this setup successfully with no major issues. I wanted a VPN "gateway" for specific other containers, where all their traffic could only ever go through the VPN for safety. I can't say I looked that closely at your iptables rules, but I can tell you this method works with what you have set up.

 

The readme I think @alturismo is referring to might be this, which is where I got started. It references a different OpenVPN client container, but the same setup works fine with yours.

 

Things have changed a little in 6.8, I found the correct method for setting up the Docker network on the instructions for this container.

 

I'm no Docker networking master, but as I understand it the way it works is you set up a bespoke Docker network shared between the VPN container and anything you want going through the VPN. You also have to remove any port translations from the "client" containers and add them to the "host" VPN container. This creates a sub-network bubble, where the VPN container acts as a router of sorts. I confirmed it was working when I was first testing it by attaching a basic desktop VNC container to the VPN container. When the VPN is connected, when I opened a browser in the desktop VNC one and without configuring any proxy settings etc, the public IP was always the VPN endpoint I was using. I also ran some online privacy tests to make sure no traffic was leaking out of the VPN and everything came back secure.

 

There are some complications that come with this setup, like every time the VPN container is updated its container ID (which the other "client" containers use as a network connection) changes, so the "clients" have to be rebuilt as well. The second container I linked to above actually automates this process specifically for this purpose, so it seems there is a bit of demand for using VPN containers in this way.

may also add to the feature request

 

 

and yes, i also got it working here.

 

probobly better handled there as binhex is not blocking this, but unraid doesnt support "out of the box"

Edited by alturismo

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.