[Support] binhex - PrivoxyVPN

binhex

By binhex,
in Docker Containers

Followers 21

260 posts in this topic Last Reply

Recommended Posts

Recommended

Posted by binhex,

There has been an issue raised on GitHub related to tracker announce request IP leakage under certain circumstances, after careful review of iptables i have tightened up the rules to prevent this. A new image has now been rolled out for all vpn enabled docker images (25th Feb 2021) i produce with the fix in place, i would encourage everyone to update to the recently created 'latest' tagged image.   You can force the upgrade by toggling 'basic view' to 'advanced view' and then clicking on
Recommended by binhex

0 reactions

Go to this post
Recommended

Posted by binhex,

looks like your template is out of date, sadly changes to the template do not automatically get pushed out, so you will need to add in the env var, give it a key name of 'ADDITIONAL_PORTS' and value of the ports you want accessible.

Instructions for users with existing installs

Recommended by jonathanm

0 reactions

Go to this post
Jhp612

Jhp612 2

Posted
Posted (edited)

Can someone help me figure out what goes where? I Keep getting and AUTH_FAILED in my logs

 

I am using PIA and PIA provides two logins 

- Your site login which looks like p000000

- What they provide and you can regenerate which looks like p00000 (which they say is for PTPP/L2TP/SOCKS)

 

In trying to use openVPN with Socks ( I assume openVPN is using PTPP or L2TP) so I set:

1. credentials.conf file with x000000 user and password in the same folder as *.ovpn file

2. VPN_USER variable for docker to x000000

3. SOCKS_USER variable for docker to x000000

 

Should any of the above be p000000?? 

 

 

 

Edited by Jhp612
Link to post
  • Replies 259
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

IceNine451

@binhex, this absolutely works on your container. I am currently using this setup successfully with no major issues. I wanted a VPN "gateway" for specific other containers, where all their traffic cou

IceNine451

I don't know of a way to use a proxy with Plex either, but you can do what I have done with some of my containers and run *all* of the Plex traffic through a VPN container. Since you won't be doing re

binhex

ive figured it out, privoxy requires additional relaxed iptables in order to operate due to the proxying nature, thus if you do not have enable_privoxy set to yes then you wont be able to use delugevp

Posted Images

binhex

binhex 814

Posted
  • Author
Posted
Can someone help me figure out what goes where? I Keep getting and AUTH_FAILED in my logs
 
I am using PIA and PIA provides two logins 
- Your site login which looks like p000000
- What they provide and you can regenerate which looks like p00000 (which they say is for PTPP/L2TP/SOCKS)
 
In trying to use openVPN with Socks ( I assume openVPN is using PTPP or L2TP) so I set:
1. credentials.conf file with x000000 user and password in the same folder as *.ovpn file
2. VPN_USER variable for docker to x000000
3. SOCKS_USER variable for docker to x000000
 
Should any of the above be p000000?? 
 
 
 
Yes use the pxxxxx login

Sent from my CLT-L09 using Tapatalk

Link to post
Keelhaulers

Keelhaulers 1

Posted
Posted

Probably just me, I don't watch things until they break or don't work any longer.

 

I use binhex-privoxyvpn for routing a virtual Windows 10 machine.  This container stopped worker for me as of a few hours ago (that I noticed).

 

Symptoms experienced: I would Start the docker and it would immediately Stop, wouldn't stay running.

 

After a couple of hours of trying to figure things out, I finally realized that PIA put out NextGen OpenVPN files.  You will have to replace the old files and certs and opvn files.

 

All easy enough to replace.  Once I did this, everything was back to normal.

 

Like I said, completely my fault for not realizing this.  But maybe there are some others out there like me who do not pay attention.

 

-Keelhaulers

 

*******

PIA users - The URL to download the OpenVPN configuration files and certs is:-

https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip

Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder).

 

 

Link to post
mbc0

mbc0 13

Posted
Posted
9 minutes ago, Keelhaulers said:

Probably just me, I don't watch things until they break or don't work any longer.

 

I use binhex-privoxyvpn for routing a virtual Windows 10 machine.  This container stopped worker for me as of a few hours ago (that I noticed).

 

Symptoms experienced: I would Start the docker and it would immediately Stop, wouldn't stay running.

 

After a couple of hours of trying to figure things out, I finally realized that PIA put out NextGen OpenVPN files.  You will have to replace the old files and certs and opvn files.

 

All easy enough to replace.  Once I did this, everything was back to normal.

 

Like I said, completely my fault for not realizing this.  But maybe there are some others out there like me who do not pay attention.

 

-Keelhaulers

 

*******

PIA users - The URL to download the OpenVPN configuration files and certs is:-

https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip

Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder).

 

 

I just replaced the openvpn file and all came back for me yesterday, 

Link to post
mbc0

mbc0 13

Posted
Posted
1 minute ago, dcoulson said:

replaced it with what specifically - I have tried openvpn-nextgen and openvpn-strong-nextgen files and can't get past the cipher issues.

I just replaced the (in my case) Netherlands.ovpn with the new nextgen Netherlands.ovpn from PIA and all works perfectly.  Hope that helps

Link to post
jwoolen

jwoolen 10

Posted
Posted (edited)

Anyone else having issues with DNS leaks since the changover with PIA? My DNS settings are set to the PIA DNS servers: 209.222.18.218, 209.222.18.222. No matter what it defaults to the one shown below.

 

Privoxy

image.png.0757dc6de47045e32c1ce4d24280956f.png

 

PIA App

image.png.6608aa12c58cef346ea08f43c339393a.png

 

 

Edited by jwoolen
Link to post
Jorgen

Jorgen 28

Posted
Posted (edited)
2 hours ago, jwoolen said:

Anyone else having issues with DNS leaks since the changover with PIA? My DNS settings are set to the PIA DNS servers: 209.222.18.218, 209.222.18.222. No matter what it defaults to the one shown below.

I assume the screenshots are from a browser on your local PC and you have configured the browser to use Privoxy as the proxy server?

In that case the browser routes http traffic via the proxy server and VPN tunnel. However, the browser will use the OS mechanism for DNS resolution (DNS is different to http). Since your OS doesn't use the privoxy proxy it will fail the DNS leak test. The DNS servers you set in the container setting has no effect on the browser behaviour in this case. I believe they are only used by the container before the VPN tunnel is established, but maybe @binhex can confirm this?

 

When you are using the PIA app on teh other hand, all internet traffic is routed via the VPN tunnel on an OS level, including DNS resolution. So DNS passes the leak test.

 

So how do you get the results you want? Two options that I know of that should work (but see note below):

1. If your browser supports it, set DNS resolution to use http protocol. In Firefox this is called "Enable DNS over HTTPS" under the proxy configuration settings. I assume other browsers have something similar.

2. Enable SOCKS v5 proxy in Privoxy and set up your browser to use that. See here for details on how that works: https://stackoverflow.com/questions/33099569/how-does-sock-5-proxy-ing-of-dns-work-in-browsers

 

Now, I just tested both methods and could not get the browser to pass the DNS leak test for either. Not sure what I'm doing wrong but I'm not that worried about it as I use the PIA app on my PC anyway. But maybe this will point you in the right direction. Please report back if you try it and get it to work for you.

 

Actually, you might also be able to set up your OS to use Privoxy as the proxy, but I have not tested that at all.

 

Edit: looks like I need to use FoxyProxy extension for Firefox to be able to pass the username/password when using Socks. Hopefully other browser have better support for Socks...

 

Edited by Jorgen
edit
Link to post
jwoolen

jwoolen 10

Posted
Posted (edited)

Sorry. I should've been more specific. I'm not using proxy settings in my brower (Edge). I have the internet connection set up to run through a proxy. This was working fine until the recent changes with PIA. I even manually set the DNS in TCP/IP properties. The address was complete in the proxy server settings. I just removed some of it to take the snapshot. This is running on a VM.

 

    image.png.1b493550c18aa5dd1e8b8d9bed9c5e12.png       image.png

Edited by jwoolen
Link to post
tjb_altf4

tjb_altf4 94

Posted
Posted
On 11/15/2020 at 6:28 AM, jwoolen said:

Anyone else having issues with DNS leaks since the changover with PIA? My DNS settings are set to the PIA DNS servers: 209.222.18.218, 209.222.18.222. No matter what it defaults to the one shown below.

Try these DNS addresses: 

10.0.0.242
10.0.0.243

https://www.privateinternetaccess.com/helpdesk/kb/articles/next-generation-dns-custom-configuration

Link to post
jwoolen

jwoolen 10

Posted
Posted (edited)

When I use those addresses for the DNS I get the error message below in my log, and it repeats until I stop the docker. 

2020-11-16 15:45:18,639 DEBG 'start-script' stdout output:
[info] Adding 10.0.0.242 to /etc/resolv.conf

2020-11-16 15:45:18,641 DEBG 'start-script' stdout output:
[info] Adding 10.0.0.243 to /etc/resolv.conf

2020-11-16 15:45:48,677 DEBG 'start-script' stderr output:
Error: error sending query: Could not send or receive, because of network error

 

Edited by jwoolen
Link to post
binhex

binhex 814

Posted
  • Author
Posted (edited)
On 11/23/2020 at 9:24 PM, GreenEyedMonster said:

Does the webui work for anyone?  It's an option so I imagine it would be? I type in my host ip:and port I'm using and nothing shows up.



Thank you for all your hardwork!

the web ui link should be 'http://config.privoxy.org/', if its taking you to a blank page with 'Invalid header received from client.' then that is also perfectly normal. if you want to use privoxy then configure your application to use it (assuming the app supports http(s) proxy).

Edited by binhex
Link to post
  • 1 month later...
jogaman

jogaman 0

Posted
Posted

Hello,

I got privoxy working (using it in the rTorrent and deluge images) in Firefox by adding it in the settings. Works great! However, then all traffic goes through the proxy.

 

I'm hoping I can get it to work for certain containers through the 'container proxy' plugin (https://addons.mozilla.org/en-US/firefox/addon/container-proxy/), but no matter what I try I can't get it to connect. Anyone got it working? Many thanks!

Link to post
  • 2 weeks later...
je82

je82 19

Posted
Posted

i have previously used this with a vpn provider that didn't have "public ip" which means most incoming connections were automatically blocked.

 

i have now switched to a vpn provider that provides no blockage so anything connected to the vpn is fully exposed the internet.

 

is this container in its default setting safe to use this way?

Link to post
binhex

binhex 814

Posted
  • Author
Posted
3 minutes ago, je82 said:

i have previously used this with a vpn provider that didn't have "public ip" which means most incoming connections were automatically blocked.

 

i have now switched to a vpn provider that provides no blockage so anything connected to the vpn is fully exposed the internet.

 

is this container in its default setting safe to use this way?

no, if its fully exposed to the internet then people will be able to connect and use the proxy, and anything else that maybe running through this container.

Link to post
je82

je82 19

Posted
Posted
1 minute ago, binhex said:

no, if its fully exposed to the internet then people will be able to connect and use the proxy, and anything else that maybe running through this container.

I mean the docker is still on my internal network, the only thing that has changed is the vpn i use with the proxy now does not block any incoming traffic as the previous vpn provider was. Is this going to be a problem? The docker container is still only accessible via my internal network.

Link to post
binhex

binhex 814

Posted
  • Author
Posted
Just now, je82 said:

I mean the docker is still on my internal network, the only thing that has changed is the vpn i use with the proxy now does not block any incoming traffic as the previous vpn provider was. Is this going to be a problem? The docker container is still only accessible via my internal network.

i understand what you are saying, and my previous comment still stands, if the vpn provider does not have any blocking in place then your container will be exposed to the internet via the vpn tunnel.

Link to post
je82

je82 19

Posted
Posted (edited)
9 minutes ago, binhex said:

i understand what you are saying, and my previous comment still stands, if the vpn provider does not have any blocking in place then your container will be exposed to the internet via the vpn tunnel.

ok so best practice is to use this docker with a vpn provider that does not allow public exposure (NATed / block all incoming)?

Edited by je82
Link to post
binhex

binhex 814

Posted
  • Author
Posted
18 minutes ago, je82 said:

ok so best practice is to use this docker with a vpn provider that does not allow public exposure (NATed / block all incoming)?

correct, which nearly all vpn providers do, im only aware of 1 provider that exposes all ports, IPredator i think it was from memory.

  • Like 1
Link to post
je82

je82 19

Posted
Posted
1 minute ago, binhex said:

correct, which nearly all vpn providers do, im only aware of 1 provider that exposes all ports, IPredator i think it was from memory.

Yeah, thanks for the clarification, cheers!

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Followers 21
Go to topic listing