[Support] binhex - PrivoxyVPN


binhex

Recommended Posts

8 hours ago, melmurp said:

Could I get some insight into this?

yes that is currently the case, if the ovpn file contains multiple remote entries it will remove all entries leaving just one, if the remote line is a hostname of course this will normally resolve to multiple ip addresses (depends on vpn provider).

 

8 hours ago, melmurp said:

I like the idea of having the all in one (privoxy/socks/openvpn) in a single container but defeats the purpose if it removes all the hosts and just hardcodes to the first one.

not sure how this 'defeats the purpose' - the purpose of the privoxyvpn is to give you a secure container from which to use, this will always be the primary purpose, having the ability to connect to multiple remote endpoints is not. having said that i most probably will include an enhancement at some point in the future to do this, but it wont be any time soon as i have bigger fish to fry.

Link to comment
17 hours ago, metaMMA said:

Oh cool. I didn't see hexchat on your main images page, so I didn't know you had an IRC client! 

 

Correct me if I'm wrong, but I don't think this will quite solve my issue. I'd like to use a BNC on my server to be constantly connected to the IRC channels with playback support. Using hexchat, I could connect to my ZNC over a proxy (privoxy), but that doesn't protect my connection to the IRC networks/channels (would only anonymize the connection to my own server).

 

Ideally I'd like to find a way to have a BNC connect over privoxy, and then use hexchat or another client to connect to the BNC.

 

Perhaps I'm just not understanding the scope of your hexchat container, though. Thanks for the reply. Let me know if there is anything I can do to help.

i had no idea what ZNC was or what a BNC does, after a quick bit of googling it appears to be similar to a proxy server, so with that in mind why not just drop the use of ZNC and simply use hexchat - configured to use microsocks, that way you are protected and there are less moving parts to go wrong too, so probably improved performance, is there something that ZNC can do for you that a IRC client like hexchat cannot?.

Link to comment
15 hours ago, binhex said:

yes that is currently the case, if the ovpn file contains multiple remote entries it will remove all entries leaving just one, if the remote line is a hostname of course this will normally resolve to multiple ip addresses (depends on vpn provider).

 

not sure how this 'defeats the purpose' - the purpose of the privoxyvpn is to give you a secure container from which to use, this will always be the primary purpose, having the ability to connect to multiple remote endpoints is not. having said that i most probably will include an enhancement at some point in the future to do this, but it wont be any time soon as i have bigger fish to fry.

That's reasonable and I appreciate the reply... I know most providers tend to use a proper host name and not a direct IP so I can understand why it would be done this way. I just wanted to confirm it's as designed before I poke around :)

 

Again, thanks for all the work you do with these containers... you're making people's lives much easier!

Link to comment
  • 2 weeks later...

Sorry, sort of new to docker. I am trying this vpnproxy out but it appears it may have a firewall configured?

When i attempt to connect to a FTP site via socks5 i get through but fails directory listing:

 

Status:    Connecting to ftp.sunet.se through SOCKS5 proxy
Status:    Connecting to 1.1.1.56:9118...
Status:    Connection with proxy established, performing handshake...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Connection with proxy established, performing handshake...
Error:    Proxy request failed. Reply from proxy: Connection refused
Error:    Proxy handshake failed: ECONNABORTED - Connection aborted

 

What do i have to do to allow ftp connectivity via the socks? or have i missed something?

I also attempted to run this only as a socks proxy, i honestly don't even know what privoxy is, but if i set privoxy to false and socks to true i cannot connect to the proxy at all, is this docker even functional without privoxy = yes?

 

Thanks!

Edited by je82
Link to comment

Appears when configuring filezilla to use http 1.0 connect method as proxy the connection goes through

 

Status:    Connecting to ftp.sunet.se through HTTP proxy
Status:    Connecting to 1.1.1.56:8118...
Status:    Connection with proxy established, performing handshake...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Directory listing of "/" successful

 

Not sure if there's anything bad with using  http 1.1 connect method rather then socks?

 

image.png.3200c85870f71218ace1d8145570dcb2.png

 

(For some reason connection also works without entering the password or username when using http connect method ????)

Edited by je82
Link to comment
33 minutes ago, je82 said:

Appears when configuring filezilla to use http 1.0 connect method as proxy the connection goes through

 

Status:    Connecting to ftp.sunet.se through HTTP proxy
Status:    Connecting to 1.1.1.56:8118...
Status:    Connection with proxy established, performing handshake...
Status:    Connection established, waiting for welcome message...
Status:    Initializing TLS...
Status:    Verifying certificate...
Status:    TLS connection established.
Status:    Logged in
Status:    Retrieving directory listing...
Status:    Directory listing of "/" successful

 

Not sure if there's anything bad with using  http 1.1 connect method rather then socks?

 

image.png.3200c85870f71218ace1d8145570dcb2.png

 

(For some reason connection also works without entering the password or username when using http connect method ????)

I just set up this docker container for use in Firefox. I am also unable to use SOCKS and have to use HTTP Proxy.

Link to comment
10 minutes ago, psycho_asylum said:

I just set up this docker container for use in Firefox. I am also unable to use SOCKS and have to use HTTP Proxy.

Yeah socks seems to be not working at all, all connections to the socks are refused :/ 

 

Attempting to use socks for email:

19/12/2019, 21:50:26: IMAP  - Connecting to IMAP server mail.myserver.com on port 993
!19/12/2019, 21:51:26: IMAP  - Could not connect to the server

 

Any ideas how to get socks to work?

Thanks!

Link to comment
2 hours ago, je82 said:

Error:    Proxy request failed. Reply from proxy: Connection refused
Error:    Proxy handshake failed: ECONNABORTED - Connection aborted

this will most probably be this specific ftp server blocking connections from known vpn providers, for instance trying another linux distro site such as  ''ftp.nluug.nl' allows the connection through when using socks5 (port 9118) using filezilla (tested and working for me).

 

the money shot:-

 

Status:	Connecting to ftp.nluug.nl through SOCKS5 proxy
Status:	Resolving address of 192.168.1.xxx
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Connection established, waiting for welcome message...
Status:	Insecure server, it does not support FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Directory listing of "/" successful

 

Edited by binhex
Link to comment
3 minutes ago, binhex said:

this will most probably be this specific ftp server blocking connections from known vpn providers, for instance trying another linux distro site such as  ''ftp.nluug.nl' allows the connection through when using socks5 (port 9118) using filezilla (tested and working for me).

 

the money shot:-

 


Status:	Connecting to ftp.nluug.nl through SOCKS5 proxy
Status:	Resolving address of 192.168.1.xxx
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Connection established, waiting for welcome message...
Status:	Insecure server, it does not support FTP over TLS.
Status:	Logged in
Status:	Retrieving directory listing...
Status:	Connecting to 192.168.1.xxx:9118...
Status:	Connection with proxy established, performing handshake...
Status:	Directory listing of "/" successful

 

Nope, i can socks5 proxy when i setup a socks5 proxy in windows with ccproxy to the same ftp server.

Strange :/

I cannot get socks5 to work with email client either, it won't connect at all works fine with ccproxy and socks5.

 

I am rather confused by the ports here, what service is running on which port?

 

8118 = socks?

9118 = privoxy?

 

Any more ideas? Would really like to slim down the memory footprint, your docker container takes nothing compared to my fully fledged window wms with ccproxy installed :)

Link to comment
4 minutes ago, je82 said:

Nope, i can socks5 proxy when i setup a socks5 proxy in windows with ccproxy to the same ftp server.

and ccproxy server is connecting over a vpn tunnel like this container, with the same vpn provider connecting to the same vpn endpoint?

Edited by binhex
Link to comment
6 minutes ago, binhex said:

nope thats not right, other way around, also note privoxy does NOT support authentication, whereas socks5 does.

Thanks, i think the ports and combinations of me trying various things and not really documenting what i've tested resulting in weird results, mail works over socks5 now. The FTP returns directory listing error when using proxy, i have no idea why but i am pretty sure it is on their end the problem is because socks5 works fine when connecting to another ftp now. The strange thing is that socks5 works on the problematic ftp when i do it via ccproxy, but perhaps the guy on the other end has made some special allow for that particular ip i have when connecting through it.

 

Anyway, your docker container works fine!

Link to comment
2 minutes ago, je82 said:

The strange thing is that socks5 works on the problematic ftp when i do it via ccproxy, but perhaps the guy on the other end has made some special allow for that particular ip i have when connecting through it.

read my previous comment, i doubt ccproxy is connecting in the same (more secure) manner that this container uses.

Link to comment
Just now, binhex said:

read my previous comment, i doubt ccproxy is connecting in the same (more secure) manner that this container uses.

yeah i think its not more secure but the ftp on the other end probably has made an exception for that ip ccproxy uses (different vpn endpoint from what i tested with your container).

 

is there any particular benefits to using privoxy over socks5 when tunneling traffic in the browser?

Link to comment
3 minutes ago, je82 said:

is there any particular benefits to using privoxy over socks5 when tunneling traffic in the browser?

for basic surfing, http and https then either will do, if you however want other protocols also proxied then you would need to use socks5, so it all depends on your usage really.

Link to comment
12 minutes ago, binhex said:

for basic surfing, http and https then either will do, if you however want other protocols also proxied then you would need to use socks5, so it all depends on your usage really.

Most browsers have the option "proxy dns queries when using socks5" i guess this won't work with privoxy resulting in potential worse security?

Link to comment
11 hours ago, je82 said:

Most browsers have the option "proxy dns queries when using socks5" i guess this won't work with privoxy resulting in potential worse security?

this is true, however a quick tweak of your dns on your home lan to something like 'DNS Watch' will get you a non logging nameserver, thus mitigating this completely, but yeah if you dont want to do this then socks5 will give prevent any dns leaks.

Link to comment
  • 3 weeks later...

may a question about using another docker to use this vpn docker

 

i saw some readme´s about the --net=container:<vpn_dockername>

so i tried by adding following to vpn docker

--cap-add=NET_ADMIN

--device /dev/net/tun  (alternative also added, same result)

 

on the client docker

--net=container:binhex-privoxyvpn

network off (or also kept in bridge mode, same result)

 

Error response from daemon: Container cannot be connected to network endpoints:container:binhex-privoxyvpn ..... none or bridge ...

question, does anyone using succesfully this kind of setup ?

Edited by alturismo
Link to comment
5 hours ago, alturismo said:

i saw some readme´s about the --net=container:<vpn_dockername>

im not sure where you saw that but its not in any readme's for these vpn docker images as this will not work due to the highly tied down configuration using iptables. 

 

you can use privoxy for http/https connections and assuming the app you want to secure supports it, you can use microsocks (socks5 server) for everything else.

Link to comment
1 hour ago, binhex said:

im not sure where you saw that but its not in any readme's for these vpn docker images as this will not work due to the highly tied down configuration using iptables. 

 

you can use privoxy for http/https connections and assuming the app you want to secure supports it, you can use microsocks (socks5 server) for everything else.

thanks for the info, i thought so ...

 

someone pointed me to this way of proxying docker to docker with --net=.....

https://github.com/dperson/openvpn-client/blob/master/README.md#how-to-use-this-image

 

and mentioned he uses this method with your deluge-vpn docker as VPN docker on unraid ...

 

privoxy or socks doesnt work with the docker i provide (xteve) as http proxy is not supported by the app, nevermind, im clear now and know its not working ;)

Edited by alturismo
Link to comment
  • 2 weeks later...

Hi all,

 

this might be too too off topic for this thread but I've got a question: is there any way to use a proxy created by this docker to turn it into a DNS on the network? A device, more specifically my TV, does not have proxy settings but DNS settings, and I'd like to access some video content georistricted to the country I use this docker for  - which works great with the proxy from privoxy on other devices already. Is there maybe another docker that could work in conjunction with this one to make it happen and host the DNS? 

 

Appreciate any help!

Link to comment
Hi all,
 
this might be too too off topic for this thread but I've got a question: is there any way to use a proxy created by this docker to turn it into a DNS on the network? A device, more specifically my TV, does not have proxy settings but DNS settings, and I'd like to access some video content georistricted to the country I use this docker for  - which works great with the proxy from privoxy on other devices already. Is there maybe another docker that could work in conjunction with this one to make it happen and host the DNS? 
 
Appreciate any help!
DNS will not get your past a geo blocked IP address, so that wouldn't work, even if it were possible.

Sent from my CLT-L09 using Tapatalk

Link to comment
On 1/10/2020 at 1:04 AM, alturismo said:

may a question about using another docker to use this vpn docker

 

i saw some readme´s about the --net=container:<vpn_dockername>

so i tried by adding following to vpn docker

--cap-add=NET_ADMIN

--device /dev/net/tun  (alternative also added, same result)

 

on the client docker

--net=container:binhex-privoxyvpn

network off (or also kept in bridge mode, same result)

 

Error response from daemon: Container cannot be connected to network endpoints:container:binhex-privoxyvpn ..... none or bridge ...

question, does anyone using succesfully this kind of setup ?

 

On 1/10/2020 at 6:13 AM, binhex said:

im not sure where you saw that but its not in any readme's for these vpn docker images as this will not work due to the highly tied down configuration using iptables.

 

 

@binhex, this absolutely works on your container. I am currently using this setup successfully with no major issues. I wanted a VPN "gateway" for specific other containers, where all their traffic could only ever go through the VPN for safety. I can't say I looked that closely at your iptables rules, but I can tell you this method works with what you have set up.

 

The readme I think @alturismo is referring to might be this, which is where I got started. It references a different OpenVPN client container, but the same setup works fine with yours.

 

Things have changed a little in 6.8, I found the correct method for setting up the Docker network on the instructions for this container.

 

I'm no Docker networking master, but as I understand it the way it works is you set up a bespoke Docker network shared between the VPN container and anything you want going through the VPN. You also have to remove any port translations from the "client" containers and add them to the "host" VPN container. This creates a sub-network bubble, where the VPN container acts as a router of sorts. I confirmed it was working when I was first testing it by attaching a basic desktop VNC container to the VPN container. When the VPN is connected, when I opened a browser in the desktop VNC one and without configuring any proxy settings etc, the public IP was always the VPN endpoint I was using. I also ran some online privacy tests to make sure no traffic was leaking out of the VPN and everything came back secure.

 

There are some complications that come with this setup, like every time the VPN container is updated its container ID (which the other "client" containers use as a network connection) changes, so the "clients" have to be rebuilt as well. The second container I linked to above actually automates this process specifically for this purpose, so it seems there is a bit of demand for using VPN containers in this way.

  • Like 3
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.