[Support] binhex - PrivoxyVPN


Recommended Posts

19 minutes ago, mbc0 said:

🤣Thanks Mate Password now changed! 😄 

 

It was remove fairly quickly, but i could imagine using a bit more difficult password. It sounded a bit like the default welcome123 password company admins tend to use.

 

My jackett log ends with the following, its a fresh install with everything on default settings.

Hosting environment: Production
Content root path: /usr/lib/jackett/Content
Now listening on: http://[::]:9117
Application started. Press Ctrl+C to shut down.

I think the proxy settings binhex referred to are in the webui

 

@binhex previous post

I discovered something, I mentioned using firefox on my pc to access the jackett webui and the domains show up in pihole. On thesame pc I used a differend broser to access the jackett webui, chrome and edge, now it doesnt show up in pihole.

Interesting, doing thesame on my phone using chrome and it does show up in pihole. I fired up a vm, trying chrome, it shows up i pihole.

 

 

Edited by ZekerPixels
Link to comment
18 minutes ago, mbc0 said:

OK, something strange, of all the three dockers with a web ui (Deemix, Deluge & Jackett) Deluge has now started working, I can access it but not the other 2?

 

19 minutes ago, ZekerPixels said:

I discovered something, I mentioned using firefox on my pc to access the jackett webui and the domains show up in pihole. On thesame pc I used a differend broser to access the jackett webui, chrome and edge, now it doesnt show up in pihole.

Interesting, doing thesame on my phone using chrome and it does show up in pihole. I fired up a vm, trying chrome, it shows up i pihole.

hmm that is interesting", i wonder if a plugin or something in firefox is messing with the connection to jackett somehow?! its pretty weird!.

 

well i have some good news and some bad news, the good news is i cannot replicate the dns leak, i am using tcpdump running directly on my host and i see no sign of any dns queries yet when network binding jackett to privoxypn, the bad news is i cant replicate your issue and therefore have no idea whats causing it!!.

 

perhaps try resetting firefox, or run it in safe mode, this may tell you whether its a plugin/addon on in or not.

 

i think im going to go to bed and think about this overnight, its very late here!.

Link to comment

@ZekerPixels i couldnt let it go without one more dig into this and i think i know whats going on!.

 

if you look at your pihole logs carefully you should notice that all dns queries are coming from your pc, they are NOT coming from the container, if you click on "add" in the jackett ui and add an index site then the lookup (bluebird-hd.org being one) is done on the host running the browser, NOT on the jackett instance, this is surprising to me but its def the case, i can replicate it here.

 

however, if you click on manual search (or 'test all') and do a search in jackett ui then there is no dns query leak from your pc, it is all done in jackett, give it a test and let me know, i will check back in the morning, but i am pretty happy now that there is no dns leak from the container.

  • Like 1
Link to comment

 

1 hour ago, binhex said:

 

hmm that is interesting", i wonder if a plugin or something in firefox is messing with the connection to jackett somehow?! its pretty weird!.

 

well i have some good news and some bad news, the good news is i cannot replicate the dns leak, i am using tcpdump running directly on my host and i see no sign of any dns queries yet when network binding jackett to privoxypn, the bad news is i cant replicate your issue and therefore have no idea whats causing it!!.

 

perhaps try resetting firefox, or run it in safe mode, this may tell you whether its a plugin/addon on in or not.

 

i think im going to go to bed and think about this overnight, its very late here!.

 

Quite late here as well, goodnight. One thing to note, it is not only with firefox.

 

At first i thought i misconfigured something, but you saw those settings and I not doing something stupid in the config. I'm also not doing something really advanced, just pihole. There are lots of people using it, someone would have noticed if its a big issue. Thats why I suspected the browser at first, and why I tried some different browsers and on different devices. I a bit out of things to try for now, maybe I can come up with something tomorrow.

 

47 minutes ago, binhex said:

@ZekerPixels i couldnt let it go without one more dig into this and i think i know whats going on!.

 

if you look at your pihole logs carefully you should notice that all dns queries are coming from your pc, they are NOT coming from the container, if you click on "add" in the jackett ui and add an index site then the lookup (bluebird-hd.org being one) is done on the host running the browser, NOT on the jackett instance, this is surprising to me but its def the case, i can replicate it here.

 

however, if you click on manual search (or 'test all') and do a search in jackett ui then there is no dns query leak from your pc, it is all done in jackett, give it a test and let me know, i will check back in the morning, but i am pretty happy now that there is no dns leak from the container.

 

The first time i noticed the domain request i was playing with sonarr etc. and though hey that's not right. I can however not directly see the source of the request in pihole, because all have 192.168.1.1 (the router) as client. So, I see no difference in pihole between the server or pc. I think i can get it that way without to much hassle, will try I tomorrow. Its a bit weird the browser pings all those domains.

 

I had the webui still open, I just checked, clicking on "test all" and it pops up in pihole as well as using "manual search". So, that would still originate form the pc. I set pihole as dns on my pc and check the origin.

 

I'm sorry keeping you up at night (never thought I would say that) worrying about your container.

Thanks for support and effort making sure there are no issues with the container itself.

 

 

 

 

Edited by ZekerPixels
Link to comment
8 hours ago, ZekerPixels said:

 

 

Quite late here as well, goodnight. One thing to note, it is not only with firefox.

 

At first i thought i misconfigured something, but you saw those settings and I not doing something stupid in the config. I'm also not doing something really advanced, just pihole. There are lots of people using it, someone would have noticed if its a big issue. Thats why I suspected the browser at first, and why I tried some different browsers and on different devices. I a bit out of things to try for now, maybe I can come up with something tomorrow.

 

 

The first time i noticed the domain request i was playing with sonarr etc. and though hey that's not right. I can however not directly see the source of the request in pihole, because all have 192.168.1.1 (the router) as client. So, I see no difference in pihole between the server or pc. I think i can get it that way without to much hassle, will try I tomorrow. Its a bit weird the browser pings all those domains.

 

I had the webui still open, I just checked, clicking on "test all" and it pops up in pihole as well as using "manual search". So, that would still originate form the pc. I set pihole as dns on my pc and check the origin.

 

I'm sorry keeping you up at night (never thought I would say that) worrying about your container.

Thanks for support and effort making sure there are no issues with the container itself.

 

 

 

 

woke up after a night of dreaming about code (happens a lot to me!) and did one last test and i can confirm i see no leak on my end. i ran a jackett instance with no proxy or netowrk routing to see what a leak would look like, then ran the same add and search query on the secured jackett and no leak whatsoever, so im happy any dns leaks are coming from the pc running the browser, which IS still weird!, sounds like a bug in the jackett ui to me!.

  • Like 1
Link to comment

OK, so I have removed and started fresh

 

I notice that the new template does not have Container Port options only the additional ports I know you said that I need to enter the same ports in additional ports as well as one for each container I want to pass through but using just additional ports I have found that deluge webui is still working and still none of the others.  Is there any kind of log or info I can give you to help me get running please? I have read all through the guide and can see nothing wrong.  I have just added the 2 pull-filter lines in the ovpn file which I have never done before and was disappointed it didn't work 😞  

 

client
dev tun
proto udp
remote nl-amsterdam.privacy.network 1198
resolv-retry infinite
nobind
persist-key
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"

Link to comment
OK, so I have removed and started fresh
 
I notice that the new template does not have Container Port options only the additional ports I know you said that I need to enter the same ports in additional ports as well as one for each container I want to pass through but using just additional ports I have found that deluge webui is still working and still none of the others.  Is there any kind of log or info I can give you to help me get running please? I have read all through the guide and can see nothing wrong.  I have just added the 2 pull-filter lines in the ovpn file which I have never done before and was disappointed it didn't work   
 
client
dev tun
proto udp
remote nl-amsterdam.privacy.network 1198
resolv-retry infinite
nobind
persist-key
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
I will go through it tonight with you.

Sent from my iPlay_40 using Tapatalk

Link to comment
9 hours ago, binhex said:

woke up after a night of dreaming about code (happens a lot to me!) and did one last test and i can confirm i see no leak on my end. i ran a jackett instance with no proxy or netowrk routing to see what a leak would look like, then ran the same add and search query on the secured jackett and no leak whatsoever, so im happy any dns leaks are coming from the pc running the browser, which IS still weird!, sounds like a bug in the jackett ui to me!.

 

I set pihole as dns on my pc and the domain requests are indeed coming form my pc and not unraid.

When you click the list of indexers in the jackett webui, I copied all of those and made it into a blocklist. (not reliable, I know, just to test something out) Testing it again all the domains from jackett ui get a blocked status in pihole. Testing the indexers still work successfully with the domain blocked, indicating jackett is using the vpn. also pointing to the pc making the request is completely unnecessary.

  • Like 1
Link to comment
9 hours ago, mbc0 said:

Thanks Very Much, I REALLY appreciate that!

ok lets start from the top here:-

 

1. im going to assume you want to pass a number of containers through a single vpn enabled container, have i got this right, or do you want to use privoxy? (these are two quite different methods).

 

im going to assume yes to the above, if it is a no let me know!, so further questions are:-

2 please list the containers you want to pass through.

3. please screenshot 'edit' screen for the vpn container

4. please screenshot 'edit' screen for each container that you want to route through the vpn

Link to comment

Hi mate, thank you!

 

I think this is where I have got mixed up, I presumed this container did one thing which was pass containers of my choice through a VPN, I do not know what privoxy is!!

 

so yes is the answer

 

The containers I want to pass through are

 

xteve

deemix

deluge

jackett

 

image.thumb.png.9b6b1283db93e38db098d009616ba4f7.png

image.thumb.png.522ba7825838965f86ad613649cc4785.png

image.thumb.png.42887d3a2bfff60e60e232c1b35ea0db.png

image.thumb.png.08648099859e8223066cbcbe35f5296c.png

 

image.thumb.png.5f1f497ad6972b1b82676c301572bdf3.png

image.thumb.png.c1987f45c8d282d976d8b4619777cdae.png

image.thumb.png.3eb0d1cbeef749090142c55610cafaef.pngimage.thumb.png.e61ab220218bb2e5b3fbaccc3e4e4bd9.png

image.thumb.png.263cc76ad99d7a6f6a7a08af244c9408.png

image.thumb.png.1c203ca9996e5e7ca0a1e4d49a74fee5.png

 

image.thumb.png.710c9840e4bd91d3f4a8d8a53f29478b.png

image.thumb.png.6387953d8f3d9d515a2034b4ff28fb69.png

Link to comment
12 hours ago, mbc0 said:

The containers I want to pass through are

 

xteve

deemix

deluge

jackett

ok first off, one of your issues is that privoxyvpn is set to use a custom bridge, this is only permitted if the static ip address is in another network range to your lan (which is NOT the case fo you), but for now please set it back to the default, which is simply 'bridge'.

 

then you need to go through each container that you want to route through the vpn and delete ALL ports, there should be no port assignments for any of the containers that you want to pass through, to be clear do NOT delete ports for privoxyvpn, JUST the containers you want to run through the vpn.

 

once that is all done, restart each container you want to route through to ensure its bound to the new privoxyvpn container and then try the web ui.

Link to comment

Hi, 

 

I did try this yesterday but still couldn't access the webui so put everything back to how it used to be but have tried again now what you have suggested (thank you)

 

To simplify things I am only try to work with jackett

 

I have tried deleting the port number in the container and removing the port parameter completely from the template neither of which are working for me.

 

I also see that unraid shows :9117/TCP - :9117 is that right?

 

image.png.b23957ee07018c02716d0159dcc1f6fe.png

image.png.134221e13d82666e6d51f14f6e1ec9ba.png

image.thumb.png.a88f26e78c0f3a850206fe50ff1f515d.png

 

Link to comment
7 minutes ago, mbc0 said:

I also see that unraid shows :9117/TCP - :9117 is that right?

yes that is correct, however in your screenshot you have only defined the host side of the port, there is no container port defined, see from your screenshot it shows 'Container Port:' it should show something like 'Container Port: 9117':-

image.png.d06da21e78f84effe3acbe7e0c7deccf.png

 

edit - taken from Q24:- 

Quote

2. Click on 'Add another Path, Port, Variable, Label or Device' and add in a 'config type' of 'port'.

3. Enter in Web UI port for 'container port' and any non conflicting port number for 'Host Port' (host port must not be used by another container).

 

Link to comment

Ok!

 

In Business! (mostly) 

 

I now have a complete reversal as I can access the gui on the other 3 dockers except Deluge!

 

The container port was blank in each port selection for the 4 containers I want to pass through, only the container port was specified!

 

image.png.5f2dbc79634030ec73accc5dd14c3afc.png

 

I still only see "Container Port:" though and not "Container Port: 9117" etc

 

image.thumb.png.e271eb6d34d468c23658b8e77f2ab9c9.png

 

so all working except Deluge! weird how that was the one container that worked through all of these issues for me and now is the only one that doesn't? 

 

image.png.00e560b369270ac6e0209bb748de7da2.png

 

Thanks again for your time, I really appreciate your patience.

 

Link to comment
3 minutes ago, mbc0 said:

so all working except Deluge! weird how that was the one container that worked through all of these issues for me and now is the only one that doesn't? 

ok show me the 'edit' screen for deluge, also restart the deluge container first, it might just need the rebind to the vpn network.

Link to comment

I already tried restarting the container (restarted all of them after making changes to privoxy)

 

I have also noticed that radarr lidarr sonarr etc cannot connect to the new IP for jackett and presume this is why emby cannot connect to xteve (which is what started all this) do all containers have to be part of the privoxy cotainer to talk to each other now?

 

image.thumb.png.dd77c1d9b27486b4e7e5edc675491c38.png

image.thumb.png.3cef705265fbfea43084aaa4038be7b5.png

image.thumb.png.dccdc170e8a570d44073144e29f523ff.png

 

This is the end of the Deluge log if it is any help?

 

2021-03-01 12:47:30,143 DEBG 'deluge-script' stdout output:
[info] Starting Deluge Web UI...

2021-03-01 12:47:31,144 DEBG fd 8 closed, stopped monitoring <POutputDispatcher at 23226430477216 for <Subprocess at 23226430858864 with name deluge-script in state RUNNING> (stdout)>
2021-03-01 12:47:31,144 DEBG fd 10 closed, stopped monitoring <POutputDispatcher at 23226430857376 for <Subprocess at 23226430858864 with name deluge-script in state RUNNING> (stderr)>
2021-03-01 12:47:31,145 INFO exited: deluge-script (exit status 0; expected)
2021-03-01 12:47:31,145 DEBG received SIGCHLD indicating a child quit

Link to comment
3 minutes ago, mbc0 said:

I have also noticed that radarr lidarr sonarr etc cannot connect to the new IP for jackett and presume this is why emby cannot connect to xteve (which is what started all this) do all containers have to be part of the privoxy cotainer to talk to each other now?

 

OUTBOUND communication FROM the lan to the vpn network is permitted for the additonal_ports specified, however communication OUTBOUND from the vpn network to the lan network is not permitted (for ip leakage reasons), i am looking at loosening this restriction but its a very difficult balancing act between functionality that people want and security.

 

if you have an app inside the vpn network that needs to talk to another container outside of the vpn network then your only current solution is to either move that app inside the vpn network, or move the other app out of the vpn network.

 

so going back to your quote above, no they do not all have to be in the same network UNLESS the app in the vpn network needs to talk to another container running on the lan, so things like radarr talking to jackett should work fine, screenshot for your radarr config please for index jackett.

Link to comment

Ok, I have had to read that a few times to try and understand (sorry) 

 

From what I understand for radarr etc to talk to jackett I would have to include them in the vpn network, I would then have to move my SABNZBD as well.

 

My other main reason for using the vpn network is for xteve but for xteve to talk to emby I would then also have to move emby inside as well which would possibly lead to speed issues as the vpn is much slower.

 

Have I understood that correctly?

 

image.png.5827283b4c021bd8fcf1663d2622c115.png

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.