[Support] binhex - PrivoxyVPN


Recommended Posts

Hi BinHex,

Great container - thanks for your work.

Is there any way we could compile a DNS server into this container (DNSMasq?) so that people can pipe their Apple TV through the container?

I have a PIA account and have a VM to route my content through it so I can watch content in different geographies.  A DNS service built-in to the container would enable me to run the container and point the Apple TV to its IP.

 

If you don't want to compile it in, can you point me in the direction for instructions on how to do it myself? (I'm new to docker and don't know where to start)

 

Thanks,

 

Pigeonkeeper

Link to comment

Hi.  Thanks for all the hard work for this and all your other containers. I am having issues with getting Privoxy to function in any of your containers.  I am running 6.7.0-rc5.  When I run your rtorrent container, with privoxy flag set to yes, rtorrent works, vpn works, I can DL and UP torrents just fine. However, I cannot access the Privoxy port.  Just firing this container up on its own results in the same behavior.  When I set the proxy address in my browser all internet access dies until I remove it.  Using Wireshark I see TCP Retransmission like the container is not listening on the port, but netstat confirms its listening.  Look at the container itself, it looks like IPTables is dropping all my packets.  I can watch the DROP packets grow as I attempt to make requests to the container.

 

Chain INPUT (policy DROP 5735 packets, 345672 bytes)
    pkts      bytes target     prot opt in     out     source               destination
     415   446337 ACCEPT     all  --  tun0   *       0.0.0.0/0            0.0.0.0/0
       6     1437 ACCEPT     all  --  *      *       172.17.0.0/16        172.17.0.0/16
     613   508227 ACCEPT     udp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp spt:1197
     184    17355 ACCEPT     tcp  --  eth0   *       192.168.100.0/24     172.17.0.0/16
       0        0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0
       0        0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0

 

I am not sure what is causing the issue at this point. 

 

EDIT: I have multiple networks I access the container from, but none are working.  The LAN_NETWORK variable I passed through is the local network my Unraid host lives on. 

 

Logs...

 

2019-03-27 20:08:41.014813 [info] System information Linux 0e63eb64d91b 4.19.31-Unraid #1 SMP Mon Mar 25 09:52:30 PDT 2019 x86_64 GNU/Linux
2019-03-27 20:08:41.037510 [info] PUID defined as '99'
2019-03-27 20:08:41.061268 [info] PGID defined as '100'
2019-03-27 20:08:41.141993 [info] UMASK defined as '000'
2019-03-27 20:08:41.161737 [info] Permissions already set for volume mappings
2019-03-27 20:08:41.183974 [info] VPN_ENABLED defined as 'yes'
2019-03-27 20:08:41.207072 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/CA Toronto.ovpn
dos2unix: converting file /config/openvpn/CA Toronto.ovpn to Unix format...
2019-03-27 20:08:41.237058 [info] VPN remote line defined as 'remote ca-toronto.privateinternetaccess.com 1197'
2019-03-27 20:08:41.257092 [info] VPN_REMOTE defined as 'ca-toronto.privateinternetaccess.com'
2019-03-27 20:08:41.277559 [info] VPN_PORT defined as '1197'
2019-03-27 20:08:41.300507 [info] VPN_PROTOCOL defined as 'udp'
2019-03-27 20:08:41.320781 [info] VPN_DEVICE_TYPE defined as 'tun0'
2019-03-27 20:08:41.340612 [info] VPN_PROV defined as 'pia'
2019-03-27 20:08:41.360414 [info] LAN_NETWORK defined as '192.168.100.0/24'
2019-03-27 20:08:41.380493 [info] NAME_SERVERS defined as '209.222.18.222,209.222.18.218'
2019-03-27 20:08:41.400990 [info] VPN_USER defined as '##########'
2019-03-27 20:08:41.420590 [info] VPN_PASS defined as '###########'
2019-03-27 20:08:41.440432 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2019-03-27 20:08:41.460092 [info] Starting Supervisor...
2019-03-27 20:08:41,551 INFO Included extra file "/etc/supervisor/conf.d/privoxy.conf" during parsing
2019-03-27 20:08:41,551 INFO Set uid to user 0 succeeded
2019-03-27 20:08:41,553 INFO supervisord started with pid 6
2019-03-27 20:08:42,554 INFO spawned: 'start-script' with pid 126
2019-03-27 20:08:42,555 INFO spawned: 'watchdog-script' with pid 127
2019-03-27 20:08:42,556 INFO spawned: 'privoxy-script' with pid 128
2019-03-27 20:08:42,556 INFO reaped unknown pid 7
2019-03-27 20:08:42,559 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2019-03-27 20:08:42,560 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2019-03-27 20:08:42,560 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2019-03-27 20:08:42,560 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2019-03-27 20:08:42,561 DEBG fd 17 closed, stopped monitoring <POutputDispatcher at 23044378945584 for <Subprocess at 23044378470160 with name privoxy-script in state RUNNING> (stdout)>
2019-03-27 20:08:42,561 DEBG fd 21 closed, stopped monitoring <POutputDispatcher at 23044379402824 for <Subprocess at 23044378470160 with name privoxy-script in state RUNNING> (stderr)>
2019-03-27 20:08:42,561 INFO exited: privoxy-script (exit status 0; expected)
2019-03-27 20:08:42,561 DEBG received SIGCLD indicating a child quit
2019-03-27 20:08:42,598 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2019-03-27 20:08:42,600 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.222 to /etc/resolv.conf

2019-03-27 20:08:42,602 DEBG 'start-script' stdout output:
[info] Adding 209.222.18.218 to /etc/resolv.conf

2019-03-27 20:08:42,650 DEBG 'start-script' stdout output:
[info] Docker network defined as    172.17.0.0/16

2019-03-27 20:08:42,653 DEBG 'start-script' stdout output:
[info] Adding 192.168.100.0/24 as route via docker eth0

2019-03-27 20:08:42,653 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2019-03-27 20:08:42,654 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.4
192.168.100.0/24 via 172.17.0.1 dev eth0

2019-03-27 20:08:42,654 DEBG 'start-script' stdout output:
--------------------

2019-03-27 20:08:42,674 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2019-03-27 20:08:42,674 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 1197 -j ACCEPT
-A INPUT -s 192.168.100.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1197 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 192.168.100.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2019-03-27 20:08:42,675 DEBG 'start-script' stdout output:
--------------------

2019-03-27 20:08:42,676 DEBG 'start-script' stdout output:
[info] Starting OpenVPN...

2019-03-27 20:08:42,731 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:42 2019 WARNING: file 'credentials.conf' is group or others accessible
Wed Mar 27 20:08:42 2019 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Wed Mar 27 20:08:42 2019 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10

2019-03-27 20:08:42,732 DEBG 'start-script' stdout output:
[info] OpenVPN started

2019-03-27 20:08:42,732 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:42 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]172.98.67.41:1197

2019-03-27 20:08:42,732 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:42 2019 UDP link local: (not bound)
Wed Mar 27 20:08:42 2019 UDP link remote: [AF_INET]172.98.67.41:1197

2019-03-27 20:08:43,023 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:43 2019 [5f2d76bec334993911ead2379ec24b00] Peer Connection Initiated with [AF_INET]172.98.67.41:1197

2019-03-27 20:08:44,198 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:44 2019 auth-token received, disabling auth-nocache for the authentication token

2019-03-27 20:08:44,198 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:44 2019 TUN/TAP device tun0 opened
Wed Mar 27 20:08:44 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=0

2019-03-27 20:08:44,198 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:44 2019 /usr/bin/ip link set dev tun0 up mtu 1500

2019-03-27 20:08:44,199 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:44 2019 /usr/bin/ip addr add dev tun0 local 10.6.10.10 peer 10.6.10.9

2019-03-27 20:08:44,202 DEBG 'start-script' stdout output:
Wed Mar 27 20:08:44 2019 Initialization Sequence Completed

2019-03-27 20:08:44,291 DEBG 'watchdog-script' stdout output:
[info] Privoxy not running

2019-03-27 20:08:44,291 DEBG 'watchdog-script' stdout output:
[info] Attempting to start Privoxy...

2019-03-27 20:08:45,295 DEBG 'watchdog-script' stdout output:
[info] Privoxy process started
[info] Waiting for Privoxy process to start listening on port 8118...

2019-03-27 20:08:45,298 DEBG 'watchdog-script' stdout output:
[info] Privoxy process listening on port 8118

 

Edited by hammsandwich
Link to comment
  • 2 weeks later...

So I have narrowed this down to being an issue with Unraid VMs accessing any binhex containers on the same Unraid host.  From a separate client (i.e.laptop), everything works perfectly fine.  I can access rutorrent UI, Privoxy, all working perfectly.  From a VM on Unraid, I can access all my container UIs (netdata, radarr & sonarr [linuxserver]), but Privoxy and rutorrent UI remain inaccessible.  Any ideas?

Link to comment
So I have narrowed this down to being an issue with Unraid VMs accessing any binhex containers on the same Unraid host.  From a separate client (i.e.laptop), everything works perfectly fine.  I can access rutorrent UI, Privoxy, all working perfectly.  From a VM on Unraid, I can access all my container UIs (netdata, radarr & sonarr [linuxserver]), but Privoxy and rutorrent UI remain inaccessible.  Any ideas?
Most probably a different lan range so add it to lan_network (comma separated)

Sent from my EML-L29 using Tapatalk

Link to comment
  • 2 weeks later...

Question: I've tried using the env flag such as this:

--env HTTPS_PROXY="https://192.168.1.200:8888"

for docker containers that do not support an HTTP proxy from within. (such as sonar/radar/hydra) This flag doesn't seem to work putting the specified containers behind the proxy. Is what I'm attempting to do not possible using the privoxy container?

 

I was following this: https://docs.docker.com/network/proxy/

Edited by MowMdown
Link to comment
10 hours ago, binhex said:

You sure about this? I would be surprised if that was the case.

 

 

Sent from my EML-L29 using Tapatalk

 

 

 

I mean excluding those, that's my bad. Those I listed DO support proxies, I was talking about basically all other dockers that don't. I wanted to put anything that DOESNT have proxy support behind a proxy using the --env flag. However it doesn't seem to work.


For example (bad example) my pihole docker, it dosent have proxy support form within, and if I wanted to run it behind a proxy the --env flag doesn't actually put it behind the proxy.

 

I took your delugevpn docker, disabled the VPN/Privoxy settings and used the --env flag to try it that way and it didn't mask the IP address.

Edited by MowMdown
Link to comment
  • 1 month later...
  • 4 weeks later...

Most recent update broke my setup. 

 

Quote

2019-07-09 14:08:43,782 DEBG 'start-script' stdout output:
[info] Docker network defined as    10.1.0.0/16

2019-07-09 14:08:43,791 DEBG 'start-script' stdout output:
[info] Adding 10.1.10.0/8 as route via docker eth0

2019-07-09 14:08:43,793 DEBG 'start-script' stderr output:
Error: Invalid prefix for given prefix length.

2019-07-09 14:08:43,794 DEBG 'start-script' stdout output:
[info] ip route defined as follows...

 

Link to comment
  • 1 month later...

quick heads up, privoxyvpn now includes socks5 proxy with authentication, if you want to use it then add the following:-

 

add in variables
key SOCKS_USER value myusername
key SOCKS_PASS value mypassword
key ENABLE_SOCKS value yes|no
*optional key ENABLE_PRIVOXY value yes|no

add in port
container 9118 host <anything you like>

 

if you dont do any of the above then the default is privoxy enabled, socks disabled.

Link to comment
On 8/14/2019 at 10:54 AM, binhex said:

quick heads up, privoxyvpn now includes socks5 proxy with authentication, if you want to use it then add the following:-

 


add in variables
key SOCKS_USER value myusername
key SOCKS_PASS value mypassword
key ENABLE_SOCKS value yes|no
*optional key ENABLE_PRIVOXY value yes|no

add in port
container 9118 host <anything you like>

 

if you dont do any of the above then the default is privoxy enabled, socks disabled.

Is this why I keep getting this spammed in my container logs?

 

2019-08-19 17:27:29,249 DEBG 'watchdog-script' stdout output:
[info] microsocks not running

 

Link to comment
8 hours ago, MowMdown said:

Is this why I keep getting this spammed in my container logs?

 


2019-08-19 17:27:29,249 DEBG 'watchdog-script' stdout output:
[info] microsocks not running

 

thanks i have implemented further checks so this should silence this in the next image.

  • Upvote 1
Link to comment
  • 2 weeks later...
12 hours ago, madcap_magician said:

Binhex, thank you for all your hard work!

 

I have a question for you.  I'm using TorGuard and am wondering how I can go about using their built in DNS service.  Right now I'm using the docker's default name servers.  Here's what TorGuard lists for their nameservers:

https://torguard.net/tgspec.php

I'm a networking/linux noob.  Thank you and Sorry in advance. :)

find out what your vpn providers dns ip addresses are, then set the value of env var NAME_SERVERS to use them.

Link to comment
  • 3 weeks later...

Hi, 

 

I am sorry for asking but wondering if someone can help me out please?

 

I have the docker installed and it is running using my pia login.  I have made no other changes to the settings other than changing the port from 8118 to 8119 due to binhex-delugevpn

 

my end goal is to have my xteve iptv docker hidden through pia but I cannot find any instructions on how to do this? can anyone please point me in the right direction?

 

Thank you

Link to comment
Hi, 
 
I am sorry for asking but wondering if someone can help me out please?
 
I have the docker installed and it is running using my pia login.  I have made no other changes to the settings other than changing the port from 8118 to 8119 due to binhex-delugevpn
 
my end goal is to have my xteve iptv docker hidden through pia but I cannot find any instructions on how to do this? can anyone please point me in the right direction?
 
Thank you
Does xteve support http and/or socks proxy configuration? If it does then configure it to use privoxy or socks5 proxy

Sent from my CLT-L09 using Tapatalk

Link to comment
9 hours ago, Speedious said:
@binhex Is this the same Privoxy/VPN/IPTables solution you integrate into the VPN version of your other containers, like DelugeVPN and qBittorrentVPN?

Yes, this image now has the added functionality of a socks5 proxy as well which isn't included in the other VPN images, but other than that its exactly the same.

Sent from my CLT-L09 using Tapatalk
 

Edited by binhex
  • Thanks 1
Link to comment

Hi,

 

as I use your delugevpn docker, 8118 is already used, I have changed everything to 8119 but the log still shows 8118 being used (and obviously not working)

is there somewhere else I need to change to 8119?

 

 

 

 

2019-09-24 09:08:18,994 DEBG 'watchdog-script' stdout output:
[info] Privoxy process started
[info] Waiting for Privoxy process to start listening on port 8118...

2019-09-24 09:08:19,003 DEBG 'watchdog-script' stdout output:
[info] Privoxy process listening on port 8118

Annotation 2019-09-24 091522.jpg

Link to comment
Hi,
 
as I use your delugevpn docker, 8118 is already used, I have changed everything to 8119 but the log still shows 8118 being used (and obviously not working)
is there somewhere else I need to change to 8119?
 
 
 
 
2019-09-24 09:08:18,994 DEBG 'watchdog-script' stdout output:
[info] Privoxy process started
[info] Waiting for Privoxy process to start listening on port 8118...

2019-09-24 09:08:19,003 DEBG 'watchdog-script' stdout output:
[info] Privoxy process listening on port 8118
89944515_Annotation2019-09-24091522.thumb.jpg.fb7e589e779aa656334c941f31ef47e6.jpg
do not change the container port this will always be 8118 and should not be changed and you will always see it in the log as 818 this is perfectly normal. The only port you should be changing is the host port and this can be changed safely

Sent from my CLT-L09 using Tapatalk

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.