Jump to content
Dyon

[Support] dyonr - qbittorrentvpn

102 posts in this topic Last Reply

Recommended Posts

Posted (edited)
42 minutes ago, jonathanm said:

Darn! I totally misread what they were talking about, haha. That's an interesting site. I assumed they were talking about the qBittorrent WebUI that shows the download queue...

 

Edit: WOW the people in my apartment complex download a LOT of porn

Edited by Cassidy

Share this post


Link to post
Posted (edited)
1 hour ago, jonathanm said:

 

YES, that is what I was refering too......I saw SpaceInvader use it in a video but I couldn't recall the url nor which video. It seems nearly unthinkable that the info is that easily accessible. Then I believe someone in the comments said their ISP had sent them a email about downloading torrents and such, so they knew they had been. It just makes me want to add so much privacy to my internet connection that it looks like I don't even have one!  It bothers me that the ISP or anyone else with my IP address can see what goes in and out of my internet connection. 

Edited by SPOautos

Share this post


Link to post

Hi,

 

Awesome work! A question on the ports that are mapped and firewall rules in the docker.

 

I noticed it default maps 8999 TCP/UDP from the docker to the unraid host, why is this? I ask as if all traffic is routed via the VPN in the docker, then 8999 (BT) would never leave/come via the docker IP<>host. EDIT: Is it safer to not have it in case the kill switch doesn't work (I haven't looked to see how that is implemented so no idea if it could 'fail'). I noticed the firewall rules don't allow it in or out, so no issues with a leak, therefore the docker port mapping superfluous.

 

Also, is it possible to block all inbound traffic on the VPN tunnel, except the qtorrent BT port (8999 in the default config, but obviously make configurable). I think it's wide open at the moment, i can get to qtorrent UI on the VPN external IP on port 8080 - not ideal.

 

In addition, there are a few that probably aren't need, such as 8080 outbound, only inbound is needed for the UI, and 1195 inbound is not needed, VPN instantiates outbound only.

 

Many thanks!

Edited by johner
updated research and suggested changes

Share this post


Link to post

when i install this on my 6.8.3 when i running it with wireguard. after some time i cant reach unraid webgui. after that my services stops, my shared drives stops.

 

so i need to make a hard shutdown after that my server startsup again. when i remove this docker my server run normal again.

 

have ben trying this 3 times.

 

same happens every time.

 

 

 

 

Share this post


Link to post

I am trying to use with wireguard and it looks like it starts ok. But I can't access the webui. Does anyone have any tips ?

 

2020-09-08 07:55:37.050982 [INFO] VPN_ENABLED defined as 'yes'
2020-09-08 07:55:37.064807 [INFO] DISABLE_IPV6 is set to '1'
2020-09-08 07:55:37.080506 [INFO] Disabling IPv6 in sysctl
2020-09-08 07:55:37.100444 [INFO] VPN_TYPE defined as 'wireguard'
2020-09-08 07:55:37.121190 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2020-09-08 07:55:37.138884 [INFO] VPN remote line defined as '<hidden>:51820'
2020-09-08 07:55:37.155440 [INFO] VPN_REMOTE defined as '<hidden>'
2020-09-08 07:55:37.171694 [INFO] VPN_PORT defined as '51820'
2020-09-08 07:55:37.187473 [INFO] VPN_PROTOCOL set as 'udp', since WireGuard is always udp.
2020-09-08 07:55:37.203097 [INFO] VPN_DEVICE_TYPE set as 'wg0', since WireGuard will always be wg0.
2020-09-08 07:55:37.219644 [INFO] LAN_NETWORK defined as '192.168.0.0/24'
2020-09-08 07:55:37.237433 [INFO] NAME_SERVERS defined as '1.1.1.1,192.168.0.1'
2020-09-08 07:55:37.252383 [INFO] Adding 1.1.1.1 to resolv.conf
2020-09-08 07:55:37.267698 [INFO] Adding 192.168.0.1 to resolv.conf
2020-09-08 07:55:37.282799 [INFO] Starting WireGuard...
Warning: `/config/wireguard/wg0.conf' is world accessible

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add <hidden>/32 dev wg0
[#] ip link set mtu 1420 up dev wg0
[#] resolvconf -a wg0 -m 0 -x
[#] wg set wg0 fwmark 51820
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820
[#] ip -4 rule add not fwmark 51820 table 51820
[#] ip -4 rule add table main suppress_prefixlength 0
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1
[#] iptables-restore -n
[#] iptables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT && ip6tables -I OUTPUT ! -o wg0 -m mark ! --mark $(wg show wg0 fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
2020-09-08 07:55:37.403790 [INFO] Docker network defined as 172.17.0.0/16
2020-09-08 07:55:37.421942 [INFO] Adding 192.168.0.0/24 as route via docker eth0
2020-09-08 07:55:37.438087 [INFO] ip route defined as follows...
--------------------
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.7
192.168.0.0/24 via 172.17.0.1 dev eth0
--------------------
iptable_mangle 16384 1
ip_tables 24576 3 iptable_filter,iptable_nat,iptable_mangle
2020-09-08 07:55:37.460711 [INFO] iptable_mangle support detected, adding fwmark for tables
2020-09-08 07:55:37.542791 [INFO] iptables defined as follows...
--------------------
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i wg0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 51820 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT ! -o wg0 -m mark ! --mark 0xca6c -m addrtype ! --dst-type LOCAL -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o wg0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 51820 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
--------------------
2020-09-08 07:55:37.706126 [INFO] ENABLE_SSL is set to yes
2020-09-08 07:55:37.721200 [SYSTEM] If you use Unraid, and get something like a 'ERR_EMPTY_RESPONSE' in your browser, add https:// to the front of the IP, and/or do this:
2020-09-08 07:55:37.737314 [SYSTEM] Edit this Docker, change the slider in the top right to 'advanced view' and change http to https at the WebUI setting.
2020-09-08 07:55:37.753404 [INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUICertificate.crt loaded, nothing to do.
2020-09-08 07:55:37.769123 [INFO] /config/qBittorrent/config/qBittorrent.conf already has the line WebUIKey.key loaded, nothing to do.
2020-09-08 07:55:37.784654 [INFO] /config/qBittorrent/config/qBittorrent.conf does have the WebUI\HTTPS\Enabled already set to true.
2020-09-08 07:55:37.801460 [INFO] A group with PGID 100 already exists in /etc/group, nothing to do.
2020-09-08 07:55:37.817167 [INFO] An user with PUID 99 already exists in /etc/passwd, nothing to do.
2020-09-08 07:55:37.833101 [INFO] UMASK defined as '002'
2020-09-08 07:55:37.849904 [INFO] Starting qBittorrent daemon...
Logging to /config/qBittorrent/data/logs/qbittorrent.log.
2020-09-08 07:55:38.868764 [INFO] qBittorrent PID: 269
2020-09-08 07:55:38.874078 [INFO] Started qBittorrent daemon successfully...

The only thing I changed was the default port 8080 and that I tried adding my router ip as a nameserver (but that made no difference)

Edited by Cliff

Share this post


Link to post

what did you change the webUI port to (from the 8080)? The firewall rules are still only forwarding 8080 and 51820 (VPN port you've set?)

 

DNS value wouldn't affect the webui access but would affect tracker lookups, i assume you have something preventing you ISP snooping your DNS look ups on your router if you have changed it in the docker? although I still see 1.1.1.1 as the primary, so unlikely an issue, i'd still ditch the router one.

Share this post


Link to post
3 hours ago, johner said:

what did you change the webUI port to (from the 8080)? The firewall rules are still only forwarding 8080 and 51820 (VPN port you've set?)

 

DNS value wouldn't affect the webui access but would affect tracker lookups, i assume you have something preventing you ISP snooping your DNS look ups on your router if you have changed it in the docker? although I still see 1.1.1.1 as the primary, so unlikely an issue, i'd still ditch the router one.

changing the webui port in the host shouldn't matter, but changing it in the container would certainly keep it from working. If you need it remapped, use docker to do that - e.g.

docker container run <...> -p 8080:8081 <...>

If you instead remap it in the qBittorrent webui or using its .conf file, it won't be able to pass through the firewall (it also won't get forwarded by docker, since docker is expecting it to be listening on port 8080!).

Share this post


Link to post

Solved. My Wireguard VPN file was generated to include a killswitch. If I just generated a plain ipv4 wireguard-config it works.

Share this post


Link to post

Thanks for this docker. I created a wireguard conf file via mullvad. I renamed it and it looks like the docker is picking it up, but I am getting this error at the end of my log file and I can't access the webui. I do have WIreguard configured using the plugin, and I have a wg0 network - could this be the issue? 

 

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.65.227.55/32 dev wg0
[#] ip -6 address add fc00:bbbb:bbbb:bb01::2:e336/128 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0

Edited by ice pube

Share this post


Link to post
1 hour ago, ice pube said:

Thanks for this docker. I created a wireguard conf file via mullvad. I renamed it and it looks like the docker is picking it up, but I am getting this error at the end of my log file and I can't access the webui. I do have WIreguard configured using the plugin, and I have a wg0 network - could this be the issue? 

 

[#] ip link add wg0 type wireguard
[#] wg setconf wg0 /dev/fd/63
[#] ip -4 address add 10.65.227.55/32 dev wg0
[#] ip -6 address add fc00:bbbb:bbbb:bb01::2:e336/128 dev wg0
RTNETLINK answers: Permission denied
[#] ip link delete dev wg0

That error can be caused by a few different issues, but usually it's IPv6 network incompatibility. Try removing any IPv6-related lines from your config file (should be at the end of the 'Address=' line and the 'AllowedIPs=' line.

Edited by Cassidy
typo

Share this post


Link to post
44 minutes ago, Cassidy said:

That error can be caused by a few different issues, but usually it's IPv6 network incompatibility. Try removing any IPv6-related lines from your config file (should be at the end of the 'Address=' line and the 'AllowedIPs=' line.

Thanks - I made sure to not select IPV6 when creating my mullvad file, I will take a look.

 

Ah - I missed the second IPv6 option on mullvad. A new config file worked.

Edited by ice pube

Share this post


Link to post
4 minutes ago, ice pube said:

Thanks - I made sure to not select IPV6 when creating my mullvad file, I will take a look.

I could be wrong about the IPv6 issue, but I use Mullvad and had the exact same issue. I think Mullvad's "no IPv6" issue just puts in a loopback address instead of entirely removing the IPv6 lines, or something like that. Annoying, but thankfully WG conf files are super easy to audit :)

Share this post


Link to post

 

Just now, Cassidy said:

I could be wrong about the IPv6 issue, but I use Mullvad and had the exact same issue. I think Mullvad's "no IPv6" issue just puts in a loopback address instead of entirely removing the IPv6 lines, or something like that. Annoying, but thankfully WG conf files are super easy to audit :)

Do you know if you can use the same config file with multiple dockers? Looking to use this authors jacket docker.

Share this post


Link to post
5 minutes ago, ice pube said:

 

Do you know if you can use the same config file with multiple dockers? Looking to use this authors jacket docker.

Afraid not. You'll have to generate new keys with Mullvad's online key generator. This goes for all Wireguard VPNs - 1 key pair = 1 address. You can, however, route other dockers through this one but there's not much reason to do so when you can just generate a new set of keys.

 

EDIT: I feel like I glossed over some stuff. What I meant to say by "1 key pair = 1 address" is this:

 

If you connect using the same config file, then you're obviously trying to connect to the same endpoint IP and port. Now, because Wireguard assigns one IP for each incoming tunnel, it needs a different public key for each connected client in order to tell them apart. For instance, if server X receives two connections with identical public keys (Y1 and Y2), how does it know whether to give Y1 or Y2 the designated IP?

 

This is one of the potential shortcomings of the Wireguard protocol, as it's hardcoded into the protocol that more than one client cannot be connected with the same public key at the same time. The benefit to this is that the incoming IP can be literally anything as long as the public key is the same - this enables simple and reliable roaming as long as the server has a static address.

 

So that raises the question: what can you do if you want to have two VMs/containers VPNed? Well, there are a few different options. For one, you can connect to a different server with the same key. For Mullvad, this means you could use (for instance) server 'us6' for one client and server 'us18' for another. This way, while you are using the same key, the same key is never seen on the same server.

 

Another option is to generate another key pair for your second client. This option is the safest and easiest to maintain, although some VPN services limit the number of keys you can have. And, finally, the third option is to route multiple VMs/containers through the same tunnel. This can be done with iptables rules and static routes on the host, or by setting up a separate "VPN" container. I believe someone else already explained how to do that in this thread, but there are actually several different methods to get that result. That's a bit out of scope for this post though haha

 

Edited by Cassidy
adding some details

Share this post


Link to post

Hi,

 

I'm trying to run this with wireguard, but get the following error:

 

2020-09-11 01:35:52.218360 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...

 

I'm using a Mullvad configuration file, I've removed IPv6, and from what I've seen on the wireguard spec, there is no "remote" attribute.

 

Any ideas?

Thanks

Share this post


Link to post
5 hours ago, microbass said:

Hi,

 

I'm trying to run this with wireguard, but get the following error:

 

2020-09-11 01:35:52.218360 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...

 

I'm using a Mullvad configuration file, I've removed IPv6, and from what I've seen on the wireguard spec, there is no "remote" attribute.

 

Any ideas?

Thanks

Sounds to me like you definitely deleted too much of your config file! If you'd like to post it with your private key redacted, I should be able to spot the error.

 

Even the most minimal Wireguard client config needs an 'Addresses' and 'PrivateKey' line in the [Interface] section and a 'PublicKey', 'Endpoint', and 'AllowedIPs' line in the [Peer] section.

Share this post


Link to post
44 minutes ago, Cassidy said:

Sounds to me like you definitely deleted too much of your config file! If you'd like to post it with your private key redacted, I should be able to spot the error.

 

Even the most minimal Wireguard client config needs an 'Addresses' and 'PrivateKey' line in the [Interface] section and a 'PublicKey', 'Endpoint', and 'AllowedIPs' line in the [Peer] section.

More info:

 


2020-09-11 08:10:19.913233 [INFO] VPN_ENABLED defined as 'yes'
2020-09-11 08:10:19.937334 [INFO] DISABLE_IPV6 is set to '1'
2020-09-11 08:10:19.960857 [INFO] Disabling IPv6 in sysctl
2020-09-11 08:10:19.985348 [INFO] VPN_TYPE defined as 'wireguard'
2020-09-11 08:10:20.010864 [WARNING] Unable to chown/chmod /config/wireguard/, assuming SMB mountpoint

2020-09-11 08:10:20.034593 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2020-09-11 08:10:20.180219 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...

[Interface]
#Mullvad
PrivateKey=****
Address=10.64.10.167
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Remote=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

 

Share this post


Link to post
2 hours ago, microbass said:

More info:

 



2020-09-11 08:10:19.913233 [INFO] VPN_ENABLED defined as 'yes'
2020-09-11 08:10:19.937334 [INFO] DISABLE_IPV6 is set to '1'
2020-09-11 08:10:19.960857 [INFO] Disabling IPv6 in sysctl
2020-09-11 08:10:19.985348 [INFO] VPN_TYPE defined as 'wireguard'
2020-09-11 08:10:20.010864 [WARNING] Unable to chown/chmod /config/wireguard/, assuming SMB mountpoint

2020-09-11 08:10:20.034593 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2020-09-11 08:10:20.180219 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...

[Interface]
#Mullvad
PrivateKey=****
Address=10.64.10.167
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Remote=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

 

Try addinng "/32" to the end of your "Address" line and changing "Remote" to "Endpoint".

Share this post


Link to post
1 hour ago, Cassidy said:

Try addinng "/32" to the end of your "Address" line and changing "Remote" to "Endpoint".

Thanks for the suggestion, but I'm getting the same error.

Share this post


Link to post
3 hours ago, microbass said:

Thanks for the suggestion, but I'm getting the same error.

I find that hard to believe, that error specifically refers to a syntax error on the Endpoint line...

Share this post


Link to post
2 hours ago, Cassidy said:

I find that hard to believe, that error specifically refers to a syntax error on the Endpoint line...

Here is my new wg0.conf file:

 

[Interface]
#Mullvad
PrivateKey=*****
Address=10.64.10.167/32
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Endpoint=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

Here is the log output:

 


2020-09-11 17:22:39.157407 [INFO] VPN_ENABLED defined as 'yes'
2020-09-11 17:22:39.181077 [INFO] DISABLE_IPV6 is set to '1'
2020-09-11 17:22:39.203991 [INFO] Disabling IPv6 in sysctl
2020-09-11 17:22:39.228591 [INFO] VPN_TYPE defined as 'wireguard'
2020-09-11 17:22:39.253977 [WARNING] Unable to chown/chmod /config/wireguard/, assuming SMB mountpoint
2020-09-11 17:22:39.277530 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2020-09-11 17:22:39.427777 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...
[Interface]
#Mullvad
PrivateKey=*****
Address=10.64.10.167/32
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Endpoint=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

I've checked, and there are no weird line endings, and formatting looks good.

Share this post


Link to post
15 minutes ago, microbass said:

Here is my new wg0.conf file:

 


[Interface]
#Mullvad
PrivateKey=*****
Address=10.64.10.167/32
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Endpoint=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

Here is the log output:

 



2020-09-11 17:22:39.157407 [INFO] VPN_ENABLED defined as 'yes'
2020-09-11 17:22:39.181077 [INFO] DISABLE_IPV6 is set to '1'
2020-09-11 17:22:39.203991 [INFO] Disabling IPv6 in sysctl
2020-09-11 17:22:39.228591 [INFO] VPN_TYPE defined as 'wireguard'
2020-09-11 17:22:39.253977 [WARNING] Unable to chown/chmod /config/wireguard/, assuming SMB mountpoint
2020-09-11 17:22:39.277530 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2020-09-11 17:22:39.427777 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...
[Interface]
#Mullvad
PrivateKey=*****
Address=10.64.10.167/32
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Endpoint=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

I've checked, and there are no weird line endings, and formatting looks good.

That's really odd - I'm having trouble with this one. The only difference between your config file and mine is that I have a DNS set, and I'm using port 51820 on the server instead of 51819. Neither of those should cause an issue, though. The fact that it's missing the Endpoint line for some reason makes me think it's grabbing the wrong file... wg and wg-quick use different syntax so if the file is named incorrectly that could cause an issue. Assuming your file is named wg0.conf, that really shouldn't happen though. I've found this sometimes happens if you have trailing spaces in places where they shouldn't be. For some reason, Wireguard is picking up the 'wg' version rather than the 'wg-quick' version. If it helps at all, this is what it should be logging:

2020-09-11 17:07:01.046734 [INFO] VPN_ENABLED defined as 'yes'
2020-09-11 17:07:01.084589 [INFO] DISABLE_IPV6 is set to '1'
2020-09-11 17:07:01.121571 [INFO] Disabling IPv6 in sysctl
2020-09-11 17:07:01.193294 [INFO] VPN_TYPE defined as 'wireguard'
2020-09-11 17:07:01.254884 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2020-09-11 17:07:01.308905 [INFO] VPN remote line defined as '66.71.247.202:51820'
2020-09-11 17:07:01.348445 [INFO] VPN_REMOTE defined as '66.71.247.202'
2020-09-11 17:07:01.387536 [INFO] VPN_PORT defined as '51820'

 

Share this post


Link to post
17 hours ago, microbass said:

Here is my new wg0.conf file:

 


[Interface]
#Mullvad
PrivateKey=*****
Address=10.64.10.167/32
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Endpoint=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

Here is the log output:

 



2020-09-11 17:22:39.157407 [INFO] VPN_ENABLED defined as 'yes'
2020-09-11 17:22:39.181077 [INFO] DISABLE_IPV6 is set to '1'
2020-09-11 17:22:39.203991 [INFO] Disabling IPv6 in sysctl
2020-09-11 17:22:39.228591 [INFO] VPN_TYPE defined as 'wireguard'
2020-09-11 17:22:39.253977 [WARNING] Unable to chown/chmod /config/wireguard/, assuming SMB mountpoint
2020-09-11 17:22:39.277530 [INFO] WireGuard config file is found at /config/wireguard/wg0.conf
dos2unix: converting file /config/wireguard/wg0.conf to Unix format...
2020-09-11 17:22:39.427777 [ERROR] VPN configuration file /config/wireguard/wg0.conf does not contain 'remote' line, showing contents of file before exit...
[Interface]
#Mullvad
PrivateKey=*****
Address=10.64.10.167/32
PostUp=logger -t wireguard 'Tunnel WireGuard-wg0 started'
PostDown=logger -t wireguard 'Tunnel WireGuard-wg0 stopped'

[Peer]
PublicKey=DOunbHw/O5gnTNo1Ov/6rknpvJck9BlQ1zTMHE4JA38=
Endpoint=217.138.222.106:51819
AllowedIPs=0.0.0.0/0

I've checked, and there are no weird line endings, and formatting looks good.

 

This is caused by the 'sed' command used to get the Endpoint Line. It looks for 'Endpoint =', notice the space after the word enpoint.

I will push an update tomorrow/later tonight to fix this.

For now:

replace '=' with ' = ' in your config

 

 

 

Share this post


Link to post
7 minutes ago, Dyon said:

 

This is caused by the 'sed' command used to get the Endpoint Line. It looks for 'Endpoint =', notice the space after the word enpoint.

I will push an update tomorrow/later tonight to fix this.

For now:

replace '=' with ' = ' in your config

 

 

 

Wow, what an odd bug! I wonder if it might be a better idea to use some sort of TOML-reading library rather than a sed command? That way it would be less likely to have formatting discrepancies. Technically, it is proper practice in TOML to do " = " instead of simply "=", but most YAML or TOML parser should overlook that. It might cut down on extra work for you in the long run if you use something like this YAML/TOML parser.

 

This TOML wiki page lists popular parsers/libraries that could be helpful. I imagine you'd probably want to use Shell, Python, Go, or maybe Rust. But hey, if you're fine with just using sed that's OK too! I was just looking for a way to cut down on weird headaches like formatting inconsistency between VPN providers. 

Share this post


Link to post
1 hour ago, Cassidy said:

Wow, what an odd bug! I wonder if it might be a better idea to use some sort of TOML-reading library rather than a sed command? That way it would be less likely to have formatting discrepancies. Technically, it is proper practice in TOML to do " = " instead of simply "=", but most YAML or TOML parser should overlook that. It might cut down on extra work for you in the long run if you use something like this YAML/TOML parser.

 

This TOML wiki page lists popular parsers/libraries that could be helpful. I imagine you'd probably want to use Shell, Python, Go, or maybe Rust. But hey, if you're fine with just using sed that's OK too! I was just looking for a way to cut down on weird headaches like formatting inconsistency between VPN providers. 

A TOML parser might be nice, I also used a JSON parser for reading GitHub releases in the Docker File (jq). But, I only need to read 1 line from the WireGuard config file, for the iptables, so I don't think it would be worth switching. The only inconsistency that I could think of, would be this use-case. However, Mullvad, might be here to blame, since the TOML-spec doesn't give any examples without spaces around '='-signs.

I might look into it, but no promises 😉

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.