[Support] binhex - PrivoxyVPN

[R0BB13]

Is there a possibility to use the socks5 part without authentication so it can be used in firefox? I believe microsocks does support this. Thanks.

Edited September 14, 2021 by R0BB13
typo

[binhex]

51 minutes ago, R0BB13 said:

Is there a possibility to use the socks5 part without authentication so it can be used in firefox? I believe microsocks does support this. Thanks.

that is already implemented, set values for SOCKS_USER and SOCKS_PASS to empty string.

[binhex]

11 hours ago, WuZiMu said:

but where are the instructions for passing the proxy through to another client?

you havent really defined what application you want to use the proxy for on the 'other client', assuming its a web browser it should be as simple as defining the proxy as <unraid ip address> and port as <host port for privoxy> e.g. setting proxy for Internet Explorer/Edge on Windows using 'Internet Options/Connections tab/LAN Settings'

addresss: 192.168.1.1 Port: 8118

 

[WuZiMu]

5 hours ago, binhex said:

you havent really defined what application you want to use the proxy for on the 'other client', assuming its a web browser it should be as simple as defining the proxy as <unraid ip address> and port as <host port for privoxy> e.g. setting proxy for Internet Explorer/Edge on Windows using 'Internet Options/Connections tab/LAN Settings'

addresss: 192.168.1.1 Port: 8118

 

 

I’m using it with the proxy settings in Hakuneko, The proxy appears to be working fine since it doesn’t show my IP address when in use. But there appears to be an issue establishing the tunnel for some sites. But the proxy itself works fine within Edge and the webpages load.  So I’ll chalk it up to an issue between the website and the application itself as other websites work within the application. Thanks for the help diagnosing! 

Edited September 14, 2021 by WuZiMu

[dalben]

For anyone struggling to get PIA & Wireguard working together with this container (as I was), 

 

Edit: Try changing the default PIA Wireguard server from Amsterdam to something closer.  Firing up speedtest.net showed a ping response of 175ms.  That caused most of the sites I was trying to reach to timeout and fail.  I'm not sure if there is a cleaner way to do it but I ended up editing the wg0.conf file manually and replacing the amsterdam server with one closer to me.  Seems to be working a lot better now.

Edited September 19, 2021 by dalben
Resolved the issue without needing other scripts

[binhex]

For anyone struggling to get PIA & Wireguard working together with this container (as I was), I used @Dor's PIA Wireguard conf file maker found HERE, copied the files into the Privoxy Wiregaurd config directory and it all worked straight away.

I appreciate the effort I'm posting this but it should not be necessary as I automatically generate the PIA wireguard configuration file dynamically for you, can you please detail what exactly you struggled with, as it should be very simple

You simply set the VPN_CLIENT value to wireguard insuring you have username and password defined and that's it, it should generate the configuration file for you

Sent from my CLT-L09 using Tapatalk

[dalben]

17 hours ago, binhex said:

I appreciate the effort I'm posting this but it should not be necessary as I automatically generate the PIA wireguard configuration file dynamically for you, can you please detail what exactly you struggled with, as it should be very simple

You simply set the VPN_CLIENT value to wireguard insuring you have username and password defined and that's it, it should generate the configuration file for you

Sent from my CLT-L09 using Tapatalk

 

No errors but I couldn't reach any website when wet to PIA and Wireguard.  Flip it over to OpenVPN and it worked fine.  This was after a couple of re-installs.

 

I've edited my post.

 

I wiped the container and config directory then reinstalled everything again.  Same thing.  All the sites I needed to reach were just timing out.  I then compared the new config with the working one I had.  Only difference was the wireguard server being used.  I replaced the default amsterdam with one closer to me and things started working again.  Pings on speedtest.net went from 175ms to 4ms.  Websites are reachable.

Edited September 19, 2021 by dalben

[binhex]

No errors but I couldn't reach any website when wet to PIA and Wireguard.  Flip it over to OpenVPN and it worked fine.  This was after a couple of re-installs.
 
I've edited my post.
 
I wiped the container and config directory then reinstalled everything again.  Same thing.  All the sites I needed to reach were just timing out.  I then compared the new config with the working one I had.  Only difference was the wireguard server being used.  I replaced the default amsterdam with one closer to me and things started working again.  Pings on speedtest.net went from 175ms to 4ms.  Websites are reachable.

If the only change you made in order for it to work was to switch the server then I would assume you're seeing geoip blocking or VPN provider IP range blocking for the Netherlands

Sent from my CLT-L09 using Tapatalk

[dalben]

1 hour ago, binhex said:

If the only change you made in order for it to work was to switch the server then I would assume you're seeing geoip blocking or VPN provider IP range blocking for the Netherlands

Sent from my CLT-L09 using Tapatalk

 

I need to refine my "Doesn't work".  It's not a geo block or vpn range block scenario.  It's latency.

 

I did get to some sites straight out of the box(container) eventually.  But most were failing with a timeout.

speedtest.net eventually loaded.  Ping test of 175ms.  That must be why a lot of sites were failing with a timeout.

When I changed to a server closer to me (SE Asia), ping were 4ms and all of my sites loaded fine.

 

In summary, using the Amsterdam endpoint when in SE Asia will cause some issues with websites timing out.

[binhex]

46 minutes ago, dalben said:

 

I need to refine my "Doesn't work".  It's not a geo block or vpn range block scenario.  It's latency.

 

I did get to some sites straight out of the box(container) eventually.  But most were failing with a timeout.

speedtest.net eventually loaded.  Ping test of 175ms.  That must be why a lot of sites were failing with a timeout.

When I changed to a server closer to me (SE Asia), ping were 4ms and all of my sites loaded fine.

 

In summary, using the Amsterdam endpoint when in SE Asia will cause some issues with websites timing out.

ahh i understand, well at least you now know the solution is simply switching to an endpoint closer to home :-), netherlands historically has been high speed for most people, thus why its defaulted to that endpoint out of the box.

[binhex]

Just now, binhex said:

ahh i understand, well at least you now know the solution is simply switching to an endpoint closer to home :-), netherlands historically has been high speed for most people (obviously not you in this case), thus why its defaulted to that endpoint out of the box.

 

[progrockusa]

I'm having an issue where this container will not use the specified port for the privoxy, always defaults to 8118 which conflicts with delugevpn privoxy. I've always had this container set to use 8119. I think the last update broke something in the template. 

 

 

[JonathanM]

10 minutes ago, progrockusa said:

I'm having an issue where this container will not use the specified port for the privoxy,

Bridge mode?

[progrockusa]

1 minute ago, JonathanM said:

Bridge mode?

 

No I have it pointing to my custom network

[More-Pilot-7077]

Forgive me if this has already been asked. but how can I use plex behind the VPN. I'm using the binhex plexpass docker. I have it mostly working going thru the VPN with --net=container:vpn in extra paramaters, but I cant use remote access with plex. I'm using Mullvad VPN and I have assigned a forwarded port (56000) with wireguard. In Privoxyvpn I have opened ports 32400 and 56000.  I have added both ports to VPN_OUTPUT_PORTS and VPN_INPUT_PORTS. Also have forwarded both ports in my router. In plex I have 56000 as the Manually specify public port.

 

I can direct play content on my phone and PC on the same network, but my apple TV wont direct play. Its limited to 2kbps bandwidth and transcodes. I'm guessing its connecting using the plex relay? If I turn it off, my Apple TV won’t connect. I’m guessing my pc and phone work because they are also on the vpn but the Apple TV isn’t?

 

My remote users are now also limited to 2kbps bandwidth and cant direct play most content. I had remote access working and everyone/everything was able to direct play before I tried to put it behind the VPN.

Edited November 9, 2021 by More-Pilot-7077

[binhex]

9 hours ago, More-Pilot-7077 said:

Forgive me if this has already been asked.

unlikely most people are not doing what you are trying to achieve, its difficult, and tbh ive never done this.

 

9 hours ago, More-Pilot-7077 said:

I'm using Mullvad VPN and I have assigned a forwarded port (56000) with wireguard.

a good start!

 

9 hours ago, More-Pilot-7077 said:

In Privoxyvpn I have opened ports 32400 and 56000.  I have added both ports to VPN_OUTPUT_PORTS and VPN_INPUT_PORTS.

not so good, you should NOT be adding port 56000 to VPN_INPUT_PORTS or VPN_OUTPUT_PORTS, its a port used to communicate externally only over the vpn tunnel.

 

9 hours ago, More-Pilot-7077 said:

Also have forwarded both ports in my router.

this is also a bad idea, the incoming port 56000 should not be forwarded on your router, please remove it.

 

9 hours ago, More-Pilot-7077 said:

In plex I have 56000 as the Manually specify public port.

 

that is good!.

 

you will also need to add ALL of the following ports as VPN_INPUT_PORTS:-

  -p 1900:1900/udp \
  -p 3005:3005 \
  -p 5353:5353/udp \
  -p 8324:8324 \
  -p 32410:32410/udp \
  -p 32412:32412/udp \
  -p 32413:32413/udp \
  -p 32414:32414/udp \
  -p 32469:32469

 

with all of the above done it MAY work, good luck.

[More-Pilot-7077]

On 11/9/2021 at 1:37 AM, binhex said:

you will also need to add ALL of the following ports as VPN_INPUT_PORTS:-

  -p 1900:1900/udp \
  -p 3005:3005 \
  -p 5353:5353/udp \
  -p 8324:8324 \
  -p 32410:32410/udp \
  -p 32412:32412/udp \
  -p 32413:32413/udp \
  -p 32414:32414/udp \
  -p 32469:32469

 

with all of the above done it MAY work, good luck.

 

Thank you for the reply. My apple TV can now direct play on my home network, but remote users are still limited to 2k bps and transcode. I changed almost everything you suggested. The only thing I couldn't do was open port 5353. I get an error saying its already being used. Looks like its being used by 0.0.0.0:5353 avahi-daemon. I tried disabling that service, but it made it so I couldn't browse files using my Ubuntu PC anymore. It didn't even show up on the network. And all my docker containers failed when I tried to reinstall them. Ill look into if I can change that port in avahi-daemon.

[progrockusa]

In my UNraid config template

 

 

but in the logs, it's still trying to use 8118, Any idea why this is happening. I've always used this separately from the DelugeVPN privoxy for a web browser. 

 

 

[binhex]

11 hours ago, progrockusa said:

but in the logs, it's still trying to use 8118, Any idea why this is happening.

yes, you should not change the container port, you should only ever change the host port, the container port is hard set to 8118 and cannot be changed.

[progrockusa]

4 hours ago, binhex said:

yes, you should not change the container port, you should only ever change the host port, the container port is hard set to 8118 and cannot be changed.

was this a recent change? I've been using port 8118 on the deluge app and 8119 on the privoxy app for about 6 or 7 months without an issue.

[binhex]

8 minutes ago, progrockusa said:

was this a recent change? I've been using port 8118 on the deluge app and 8119 on the privoxy app for about 6 or 7 months without an issue.

nope, its never been 8119 for the container port, to be clear here you can choose whatever port you want on the host side (as long as its not in use) and that will work just fine, so you can set it to 8119 on the HOST side no problems.

[progrockusa]

7 hours ago, binhex said:

nope, its never been 8119 for the container port, to be clear here you can choose whatever port you want on the host side (as long as its not in use) and that will work just fine, so you can set it to 8119 on the HOST side no problems.

I find it strange, I'd been using privoxy along with deluge VPN for some time now. Deluge used 8118, privoxy used 8119. used privoxy for web browser only, used Deluge for all other. Never had an issue until recently. 

 

So my next question is can these both be using together? If so please explain how I can push privoxy traffic over an alternate port so it doesn't conflict with Deluge. 

[JonathanM]

2 minutes ago, progrockusa said:

I find it strange, I'd been using privoxy along with deluge VPN for some time now. Deluge used 8118, privoxy used 8119. used privoxy for web browser only, used Deluge for all other. Never had an issue until recently. 

 

So my next question is can these both be using together? If so please explain how I can push privoxy traffic over an alternate port so it doesn't conflict with Deluge. 

He told you what to do in the post you replied to. Change the HOST port to 8119 and leave the container port as 8118.

[progrockusa]

16 minutes ago, JonathanM said:

He told you what to do in the post you replied to. Change the HOST port to 8119 and leave the container port as 8118.

Found something interesting. I think the actual logs are not reflecting the changes I've made to the host port. When I point my browser to <IP> <port 8119> and lookup my IP address it matches whats in privoxy. even though privoxy is showing 8118 in the logs. 

 

I point my browser proxy to <IP> <port 8118> and it comes up with the IP my Deluge privoxy is using. 

 

So it doesn't appear the app is broken, it's just not logging the correct host port changes. 

[binhex]

16 minutes ago, progrockusa said:

Found something interesting. I think the actual logs are not reflecting the changes I've made to the host port.

correct, the reason is that the processes running inside of the container are not aware of any host port assignments, so you can change the port to anything and the process (in this case privoxy) isnt aware of that change, this is all managed by docker and is transparent to container processes.