[Support] binhex - PrivoxyVPN


Recommended Posts

2 minutes ago, morethanenough said:

Also, I am trying the command

curl ipconfig.io

and it is still timing out without showing the public IP address acquired by the VPN provider.

Shouldn't I be getting a response there?

yes you should get a response, are you running that via 'console' of the container right? (not terminal for the server).

Link to comment
1 minute ago, morethanenough said:

As soon as I changed the proxy, the machine lost all Internet connectivity.

Yes, I am running it via "console" of the container.

ok, there maybe an issue with that particular endpoint on mullvad, can you generate a new wireguard config file for a different endpoint.

Link to comment
  • 4 weeks later...

Hello,

 

I can't seem to get DNS resolution to work once Wireguard comes up. Before it comes up, it can resolve - as the WG endpoint is a hostname. Once connected - nothing. I am using Cryptostorm VPN, if that matters.

 

I've tried various public nameservers in the container config, as well as wg0.conf, to no avail. I'm not sure where to go from here.

 

Any insight would be helpful. Thank you!

supervisord.log

Link to comment
  • 1 month later...

I have a question about configuring Privoxy VPN now that Unraid supports User Defined Networks for Docker.

 

Currently I have binhex-privoxyvpn set up on a user defined network.  I route a number of other containers through it using the extra parameter '--net=container:binhex-privoxyvpn'.  I have VPN Input & Output ports set up as necessary and have added additional ports for each container.  Everything works fine.

 

Is this still the best way to have privoxyvpn set up now that we have access to user defined networks?  Recently I've been having issues with my VPN provider and have been considering how to easily swap VPN node or provider.  At the moment I'd have to either drop a new OVPN file into the config/openvpn folder and restart the container (which will restart all the dependent containers) or stop the binhex-privoxyvpn container, start up a 'vpn_failover' container and manually alter the extra parameters on each of the dependent containers to point to the new vpn container.  Neither option is particularly quick and I'm wondering if there's something I'm missing here.  Is there an easy/quick way to change the VPN that multiple containers route through?

Link to comment
  • 1 month later...

Hi, today, I noticed that there appears to be potential leakage shortly after the start of the container when using the network of the privoxy docker container for other containers.

I set up a container to use the network of the privoxy container as described in A24 https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

When I start the privoxy container, then start the other container, quickly enter the shell of said other container and do curl ipinfo.io I can see my ISP's IP address -- which makes sense as indicated in A18 in the FAQ linked above but I think there should be a warning somewhere that this setup is potentially not safe during startup-phase of the privoxy container.

I guess this issue is not easy to mitigate as the privoxy container itself requires access to the internet in order to connect to the VPN. Maybe it could be possible to restrict the network access to the endpoint given in the VPN configuration initially? And only allow for other traffic after the connection has been established? Just some thoughts...

 

Kind regards

Link to comment
  • 1 month later...

I have successfully routed a container to the privoxyvpn container however I am struggling in getting the WebUI portion working. I added the WebUI port to privoxyvpn. In this case 9595:8686. Which port do I need to add under VPN_INPUT_PORTS/VPN_OUTPUT_PORTS? I have tried multiple combinations but none seem to bring up the webui.

Link to comment
19 minutes ago, arallop said:

I have successfully routed a container to the privoxyvpn container however I am struggling in getting the WebUI portion working. I added the WebUI port to privoxyvpn. In this case 9595:8686. Which port do I need to add under VPN_INPUT_PORTS/VPN_OUTPUT_PORTS? I have tried multiple combinations but none seem to bring up the webui.

see Q24:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md

Link to comment
49 minutes ago, arallop said:

I have successfully routed a container to the privoxyvpn container however I am struggling in getting the WebUI portion working. I added the WebUI port to privoxyvpn. In this case 9595:8686. Which port do I need to add under VPN_INPUT_PORTS/VPN_OUTPUT_PORTS? I have tried multiple combinations but none seem to bring up the webui.

Can you navigate using your browser address bar to http://yourserver:9595 ?

 

If that works, but you can't get there by clicking the web ui from the unraid docker page, try updating the advanced docker settings for that container to explicitly point to http://yourserver:9595 (the default is something like http://[IP]:[PORT]).

Link to comment
1 minute ago, DBJordan said:

Can you navigate using your browser address bar to http://yourserver:9595 ?

 

If that works, but you can't get there by clicking the web ui from the unraid docker page, try updating the advanced docker settings for that container to explicitly point to http://yourserver:9595 (the default is something like http://[IP]:[PORT]).

 

Thank you for the reply. I am not using UNRAID, just the binhex-privoxyvpn container. I know for a fact the container I am trying to use with the VPN is going through the VPN container because I can docker exec into it and do a curl ipinfo.io and it shows an IP coming from the VPN. 

Link to comment
21 minutes ago, binhex said:

that should be the host port as you will be accessing the web ui of the application from the host side.

 

Okay that is what I thought but I still cannot connect. Does anything look incorrect in my compose?

 

  privoxyvpn:
    image: binhex/arch-privoxyvpn
    privileged: true
    container_name: privoxyvpn
    ports:
      - 8118:8118
      - 9118:9118
      - 9595:8686
    volumes:
      - ${APPDATA}/privoxyvpn:/config
      - /etc/localtime:/etc/localtime:ro
    environment:
      - VPN_ENABLED=yes
      - VPN_USER=${VPN_USER}
      - VPN_PASS=${VPN_PASS}
      - VPN_PROV=pia
      - VPN_CLIENT=wireguard
      - LAN_NETWORK=10.0.1.0/24
      - NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1
      - SOCKS_USER=admin
      - SOCKS_PASS=socks
      - ENABLE_SOCKS=yes
      - ENABLE_PRIVOXY=yes
      - VPN_INPUT_PORTS=9595
      - VPN_OUTPUT_PORTS=
      - DEBUG=false
      - UMASK=000
      - PUID=${PUID}
      - PGID=${PGID}
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1
    restart: unless-stopped

 

 

UPDATE: I am able to access the webui now on the same host using localhost:9595 but I cannot access from another device on the same network by IP:PORT.

Edited by arallop
Link to comment
 
Okay that is what I thought but I still cannot connect. Does anything look incorrect in my compose?
 
  privoxyvpn:   image: binhex/arch-privoxyvpn   privileged: true   container_name: privoxyvpn   ports:     - 8118:8118     - 9118:9118     - 9595:8686   volumes:     - ${APPDATA}/privoxyvpn:/config     - /etc/localtime:/etc/localtime:ro   environment:     - VPN_ENABLED=yes     - VPN_USER=${VPN_USER}     - VPN_PASS=${VPN_PASS}     - VPN_PROV=pia     - VPN_CLIENT=wireguard     - LAN_NETWORK=10.0.1.0/24     - NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1     - SOCKS_USER=admin     - SOCKS_PASS=socks     - ENABLE_SOCKS=yes     - ENABLE_PRIVOXY=yes     - VPN_INPUT_PORTS=9595     - VPN_OUTPUT_PORTS=     - DEBUG=false     - UMASK=000     - PUID=${PUID}     - PGID=${PGID}   sysctls:     - net.ipv4.conf.all.src_valid_mark=1   restart: unless-stopped

 
 
UPDATE: I am able to access the webui now on the same host using localhost:9595 but I cannot access from another device on the same network by IP:PORT.

And what is the IP address of the machine running the web browser that cannot connect to the web ui of the app?

Sent from my 22021211RG using Tapatalk

Link to comment
19 hours ago, arallop said:

UPDATE: I am able to access the webui now on the same host using localhost:9595 but I cannot access from another device on the same network by IP:PORT.

ok that leads me to think that the firewall on the host is perhaps blocking inbound connections to port 9595, check that out first.

4 minutes ago, arallop said:

Per ifconfig on my macbook inet 10.0.1.5

that looks fine, reason i asked is that if the request is coming from a macine outside of the network defined in LAN_NETWORK then it will block.

Link to comment
14 minutes ago, binhex said:

ok that leads me to think that the firewall on the host is perhaps blocking inbound connections to port 9595, check that out first.

that looks fine, reason i asked is that if the request is coming from a macine outside of the network defined in LAN_NETWORK then it will block.

Docker host is running on Ubuntu. Just checked firewall status and it is inactive. Stumped as to what it could be.

Link to comment
1 minute ago, arallop said:

Docker host is running on Ubuntu. Just checked firewall status and it is inactive. Stumped as to what it could be.

i cant really tell from your compose file how the network is defined, is this using the default docker bridge?.

Link to comment
4 minutes ago, binhex said:

i cant really tell from your compose file how the network is defined, is this using the default docker bridge?.

Running docker inspect for the container shows:

 "Networks": {
                "documents_default": {
 

Looks to be a default network docker created.

Link to comment
  • 3 weeks later...

My container stopped working today

In logs I see this and its stuck there:

2023-03-24 18:31:51,381 DEBG 'start-script' stdout output:
[info] Attempting to bring WireGuard interface 'up'...

2023-03-24 18:31:51,395 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2023-03-24 18:31:51,408 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard

2023-03-24 18:31:51,411 DEBG 'start-script' stderr output:
[#] wg setconf wg0 /dev/fd/63

2023-03-24 18:31:51,412 DEBG 'start-script' stderr output:
[#] ip -4 address add xx.xx.xxx.78/32 dev wg0

2023-03-24 18:31:51,421 DEBG 'start-script' stderr output:
[#] ip link set mtu 1420 up dev wg0

2023-03-24 18:31:51,424 DEBG 'start-script' stderr output:
[#] resolvconf -a wg0 -m 0 -x

2023-03-24 18:31:51,444 DEBG 'start-script' stderr output:
[#] wg set wg0 fwmark 51820

2023-03-24 18:31:51,446 DEBG 'start-script' stderr output:
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820

2023-03-24 18:31:51,447 DEBG 'start-script' stderr output:
[#] ip -4 rule add not fwmark 51820 table 51820

2023-03-24 18:31:51,449 DEBG 'start-script' stderr output:
[#] ip -4 rule add table main suppress_prefixlength 0

2023-03-24 18:31:51,453 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1

2023-03-24 18:31:51,455 DEBG 'start-script' stderr output:
[#] iptables-restore -n

2023-03-24 18:31:51,459 DEBG 'start-script' stderr output:
[#] '/root/wireguardup.sh'

 

Link to comment

Is it possible to turn this off from the logging? I have lots of rotated logfiles filled with just info like this (for everything using socks, no logging to terminal for privoxy). It's not really needed for me. 🙂 Also, not good for privacy with everything logged. 

 

2023-03-26 20:23:28,168 DEBG 'watchdog-script' stderr output:
client[5] 192.168.1.5: connected to dl2.cdn.filezilla-project.org:443

 

Edited by Niklas
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.