Jhp612 2 Posted October 29, 2020 Share Posted October 29, 2020 (edited) Can someone help me figure out what goes where? I Keep getting and AUTH_FAILED in my logs I am using PIA and PIA provides two logins - Your site login which looks like p000000 - What they provide and you can regenerate which looks like p00000 (which they say is for PTPP/L2TP/SOCKS) In trying to use openVPN with Socks ( I assume openVPN is using PTPP or L2TP) so I set: 1. credentials.conf file with x000000 user and password in the same folder as *.ovpn file 2. VPN_USER variable for docker to x000000 3. SOCKS_USER variable for docker to x000000 Should any of the above be p000000?? Edited October 29, 2020 by Jhp612 Quote Link to post
binhex 771 Posted October 29, 2020 Author Share Posted October 29, 2020 Can someone help me figure out what goes where? I Keep getting and AUTH_FAILED in my logs I am using PIA and PIA provides two logins - Your site login which looks like p000000 - What they provide and you can regenerate which looks like p00000 (which they say is for PTPP/L2TP/SOCKS) In trying to use openVPN with Socks ( I assume openVPN is using PTPP or L2TP) so I set: 1. credentials.conf file with x000000 user and password in the same folder as *.ovpn file 2. VPN_USER variable for docker to x000000 3. SOCKS_USER variable for docker to x000000 Should any of the above be p000000?? Yes use the pxxxxx loginSent from my CLT-L09 using Tapatalk Quote Link to post
Keelhaulers 1 Posted November 2, 2020 Share Posted November 2, 2020 Probably just me, I don't watch things until they break or don't work any longer. I use binhex-privoxyvpn for routing a virtual Windows 10 machine. This container stopped worker for me as of a few hours ago (that I noticed). Symptoms experienced: I would Start the docker and it would immediately Stop, wouldn't stay running. After a couple of hours of trying to figure things out, I finally realized that PIA put out NextGen OpenVPN files. You will have to replace the old files and certs and opvn files. All easy enough to replace. Once I did this, everything was back to normal. Like I said, completely my fault for not realizing this. But maybe there are some others out there like me who do not pay attention. -Keelhaulers ******* PIA users - The URL to download the OpenVPN configuration files and certs is:- https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder). Quote Link to post
mbc0 13 Posted November 2, 2020 Share Posted November 2, 2020 9 minutes ago, Keelhaulers said: Probably just me, I don't watch things until they break or don't work any longer. I use binhex-privoxyvpn for routing a virtual Windows 10 machine. This container stopped worker for me as of a few hours ago (that I noticed). Symptoms experienced: I would Start the docker and it would immediately Stop, wouldn't stay running. After a couple of hours of trying to figure things out, I finally realized that PIA put out NextGen OpenVPN files. You will have to replace the old files and certs and opvn files. All easy enough to replace. Once I did this, everything was back to normal. Like I said, completely my fault for not realizing this. But maybe there are some others out there like me who do not pay attention. -Keelhaulers ******* PIA users - The URL to download the OpenVPN configuration files and certs is:- https://www.privateinternetaccess.com/openvpn/openvpn-nextgen.zip Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder). I just replaced the openvpn file and all came back for me yesterday, Quote Link to post
dcoulson 1 Posted November 2, 2020 Share Posted November 2, 2020 22 minutes ago, mbc0 said: I just replaced the openvpn file and all came back for me yesterday, replaced it with what specifically - I have tried openvpn-nextgen and openvpn-strong-nextgen files and can't get past the cipher issues. Quote Link to post
binhex 771 Posted November 2, 2020 Author Share Posted November 2, 2020 (edited) On 11/2/2020 at 4:48 PM, dcoulson said: replaced it with what specifically - I have tried openvpn-nextgen and openvpn-strong-nextgen files and can't get past the cipher issues. see Q22:- https://github.com/binhex/documentation/blob/master/docker/faq/vpn.md Edited November 9, 2020 by binhex Quote Link to post
mbc0 13 Posted November 2, 2020 Share Posted November 2, 2020 1 minute ago, dcoulson said: replaced it with what specifically - I have tried openvpn-nextgen and openvpn-strong-nextgen files and can't get past the cipher issues. I just replaced the (in my case) Netherlands.ovpn with the new nextgen Netherlands.ovpn from PIA and all works perfectly. Hope that helps Quote Link to post
kyle1 0 Posted November 8, 2020 Share Posted November 8, 2020 For anyone unable to connect to the PIA next-gen servers: if you have a >99 character password and nothing else makes sense, shorten your password. It will probably work (remove symbols too, if you haven't) Quote Link to post
jwoolen 9 Posted November 14, 2020 Share Posted November 14, 2020 (edited) Anyone else having issues with DNS leaks since the changover with PIA? My DNS settings are set to the PIA DNS servers: 209.222.18.218, 209.222.18.222. No matter what it defaults to the one shown below. Privoxy PIA App Edited November 14, 2020 by jwoolen Quote Link to post
Jorgen 28 Posted November 15, 2020 Share Posted November 15, 2020 (edited) 2 hours ago, jwoolen said: Anyone else having issues with DNS leaks since the changover with PIA? My DNS settings are set to the PIA DNS servers: 209.222.18.218, 209.222.18.222. No matter what it defaults to the one shown below. I assume the screenshots are from a browser on your local PC and you have configured the browser to use Privoxy as the proxy server? In that case the browser routes http traffic via the proxy server and VPN tunnel. However, the browser will use the OS mechanism for DNS resolution (DNS is different to http). Since your OS doesn't use the privoxy proxy it will fail the DNS leak test. The DNS servers you set in the container setting has no effect on the browser behaviour in this case. I believe they are only used by the container before the VPN tunnel is established, but maybe @binhex can confirm this? When you are using the PIA app on teh other hand, all internet traffic is routed via the VPN tunnel on an OS level, including DNS resolution. So DNS passes the leak test. So how do you get the results you want? Two options that I know of that should work (but see note below): 1. If your browser supports it, set DNS resolution to use http protocol. In Firefox this is called "Enable DNS over HTTPS" under the proxy configuration settings. I assume other browsers have something similar. 2. Enable SOCKS v5 proxy in Privoxy and set up your browser to use that. See here for details on how that works: https://stackoverflow.com/questions/33099569/how-does-sock-5-proxy-ing-of-dns-work-in-browsers Now, I just tested both methods and could not get the browser to pass the DNS leak test for either. Not sure what I'm doing wrong but I'm not that worried about it as I use the PIA app on my PC anyway. But maybe this will point you in the right direction. Please report back if you try it and get it to work for you. Actually, you might also be able to set up your OS to use Privoxy as the proxy, but I have not tested that at all. Edit: looks like I need to use FoxyProxy extension for Firefox to be able to pass the username/password when using Socks. Hopefully other browser have better support for Socks... Edited November 15, 2020 by Jorgen edit Quote Link to post
jwoolen 9 Posted November 15, 2020 Share Posted November 15, 2020 (edited) Sorry. I should've been more specific. I'm not using proxy settings in my brower (Edge). I have the internet connection set up to run through a proxy. This was working fine until the recent changes with PIA. I even manually set the DNS in TCP/IP properties. The address was complete in the proxy server settings. I just removed some of it to take the snapshot. This is running on a VM. Edited November 15, 2020 by jwoolen Quote Link to post
Jorgen 28 Posted November 16, 2020 Share Posted November 16, 2020 [mention]jwoolen [/mention] sorry don’t know what might be wrong in that case. Hopefully someone with better networking knowledge than me can chip in.Sent from my iPhone using Tapatalk Quote Link to post
tjb_altf4 87 Posted November 16, 2020 Share Posted November 16, 2020 On 11/15/2020 at 6:28 AM, jwoolen said: Anyone else having issues with DNS leaks since the changover with PIA? My DNS settings are set to the PIA DNS servers: 209.222.18.218, 209.222.18.222. No matter what it defaults to the one shown below. Try these DNS addresses: 10.0.0.242 10.0.0.243 https://www.privateinternetaccess.com/helpdesk/kb/articles/next-generation-dns-custom-configuration Quote Link to post
jwoolen 9 Posted November 16, 2020 Share Posted November 16, 2020 (edited) When I use those addresses for the DNS I get the error message below in my log, and it repeats until I stop the docker. 2020-11-16 15:45:18,639 DEBG 'start-script' stdout output: [info] Adding 10.0.0.242 to /etc/resolv.conf 2020-11-16 15:45:18,641 DEBG 'start-script' stdout output: [info] Adding 10.0.0.243 to /etc/resolv.conf 2020-11-16 15:45:48,677 DEBG 'start-script' stderr output: Error: error sending query: Could not send or receive, because of network error Edited November 17, 2020 by jwoolen Quote Link to post
GreenEyedMonster 9 Posted November 23, 2020 Share Posted November 23, 2020 (edited) Does the webui work for anyone? It's an option so I imagine it would be? I type in my host ip:and port I'm using and nothing shows up. Thank you for all your hardwork! Edited November 23, 2020 by GreenEyedMonster Quote Link to post
jwoolen 9 Posted November 25, 2020 Share Posted November 25, 2020 On 11/15/2020 at 6:39 PM, tjb_altf4 said: Try these DNS addresses: 10.0.0.242 10.0.0.243 https://www.privateinternetaccess.com/helpdesk/kb/articles/next-generation-dns-custom-configuration This now works. Something must have changed with PIA recently. Thanks @tjb_altf4! Quote Link to post
binhex 771 Posted November 25, 2020 Author Share Posted November 25, 2020 (edited) On 11/23/2020 at 9:24 PM, GreenEyedMonster said: Does the webui work for anyone? It's an option so I imagine it would be? I type in my host ip:and port I'm using and nothing shows up. Thank you for all your hardwork! the web ui link should be 'http://config.privoxy.org/', if its taking you to a blank page with 'Invalid header received from client.' then that is also perfectly normal. if you want to use privoxy then configure your application to use it (assuming the app supports http(s) proxy). Edited November 25, 2020 by binhex Quote Link to post
jogaman 0 Posted December 27, 2020 Share Posted December 27, 2020 Hello, I got privoxy working (using it in the rTorrent and deluge images) in Firefox by adding it in the settings. Works great! However, then all traffic goes through the proxy. I'm hoping I can get it to work for certain containers through the 'container proxy' plugin (https://addons.mozilla.org/en-US/firefox/addon/container-proxy/), but no matter what I try I can't get it to connect. Anyone got it working? Many thanks! Quote Link to post
je82 18 Posted January 5 Share Posted January 5 i have previously used this with a vpn provider that didn't have "public ip" which means most incoming connections were automatically blocked. i have now switched to a vpn provider that provides no blockage so anything connected to the vpn is fully exposed the internet. is this container in its default setting safe to use this way? Quote Link to post
binhex 771 Posted January 5 Author Share Posted January 5 3 minutes ago, je82 said: i have previously used this with a vpn provider that didn't have "public ip" which means most incoming connections were automatically blocked. i have now switched to a vpn provider that provides no blockage so anything connected to the vpn is fully exposed the internet. is this container in its default setting safe to use this way? no, if its fully exposed to the internet then people will be able to connect and use the proxy, and anything else that maybe running through this container. Quote Link to post
je82 18 Posted January 5 Share Posted January 5 1 minute ago, binhex said: no, if its fully exposed to the internet then people will be able to connect and use the proxy, and anything else that maybe running through this container. I mean the docker is still on my internal network, the only thing that has changed is the vpn i use with the proxy now does not block any incoming traffic as the previous vpn provider was. Is this going to be a problem? The docker container is still only accessible via my internal network. Quote Link to post
binhex 771 Posted January 5 Author Share Posted January 5 Just now, je82 said: I mean the docker is still on my internal network, the only thing that has changed is the vpn i use with the proxy now does not block any incoming traffic as the previous vpn provider was. Is this going to be a problem? The docker container is still only accessible via my internal network. i understand what you are saying, and my previous comment still stands, if the vpn provider does not have any blocking in place then your container will be exposed to the internet via the vpn tunnel. Quote Link to post
je82 18 Posted January 5 Share Posted January 5 (edited) 9 minutes ago, binhex said: i understand what you are saying, and my previous comment still stands, if the vpn provider does not have any blocking in place then your container will be exposed to the internet via the vpn tunnel. ok so best practice is to use this docker with a vpn provider that does not allow public exposure (NATed / block all incoming)? Edited January 5 by je82 Quote Link to post
binhex 771 Posted January 5 Author Share Posted January 5 18 minutes ago, je82 said: ok so best practice is to use this docker with a vpn provider that does not allow public exposure (NATed / block all incoming)? correct, which nearly all vpn providers do, im only aware of 1 provider that exposes all ports, IPredator i think it was from memory. 1 Quote Link to post
je82 18 Posted January 5 Share Posted January 5 1 minute ago, binhex said: correct, which nearly all vpn providers do, im only aware of 1 provider that exposes all ports, IPredator i think it was from memory. Yeah, thanks for the clarification, cheers! Quote Link to post
255 posts in this topic Last Reply
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.