[SUPPORT] testdasi repo


Recommended Posts

Hello, First of all Testdasi, thank you for your work here.  I have gotten pi-hole with DOH working.  I am wondering if there is a way I can use a different DNS than Cloudflare?  Specifically, I would like to use cleanbrowsing.org which supports DOH.  cleanbrowsing.org give me the following information for their DNS over HTTPS implementation.  

DNS over HTTPS: 
https://doh.cleanbrowsing.org/doh/custom-filter/*somenumbershereIdeleted*/ 

 

This way, I could end run my ISPs DNS and use the content filtering provided by cleanbrowing.org.

 

thank you.  

Link to comment

Update (10/09/2020):

  • Added OpenVPN AIO Client which I wrote from scratch.
  • Maybe I'll work on exposing cloudflared / stubby config to allow changing underlying DNS services if I have time.
  • Still pondering if I should make a Pi-Hole with both DoH and DoT (cuz that's what I run on my actual RPi4)

 

On 9/9/2020 at 7:05 PM, Squid said:

Thanks but I'm a little OCD so I'll fix them regardless haha.

 

3 hours ago, dvap said:

Hello, First of all Testdasi, thank you for your work here.  I have gotten pi-hole with DOH working.  I am wondering if there is a way I can use a different DNS than Cloudflare?  Specifically, I would like to use cleanbrowsing.org which supports DOH.  cleanbrowsing.org give me the following information for their DNS over HTTPS implementation.  

DNS over HTTPS: 
https://doh.cleanbrowsing.org/doh/custom-filter/*somenumbershereIdeleted*/ 

 

This way, I could end run my ISPs DNS and use the content filtering provided by cleanbrowing.org.

 

thank you.  

I'll see if I have time to work on that. It sort of was in the to-do list.

 

  • Like 1
Link to comment

OpenVPN AIO Client not working here, looks like it can't find the openvpn.ovpn file (wich is where it's supposed to be).
Lots of errors in log file:

[info] Set up nftables rules
[info] Flusing ruleset
RTNETLINK answers: File exists
[info] Added route 10.0.1.0/24 via 10.0.1.2 dev eth0
[info] Editing ruleset
[info] Apply rules
/nftables.rules:11:36-39: Error: Could not resolve service: Servname not found in nft services list

add rule ip filter INPUT tcp sport om80 counter accept
^^^^
/nftables.rules:24:37-40: Error: Could not resolve service: Servname not found in nft services list
[info] Set up nftables rules
[info] Flusing ruleset
RTNETLINK answers: File exists
[info] Added route 10.0.1.0/24 via 10.0.1.2 dev eth0
[info] Editing ruleset
[info] Apply rules
/nftables.rules:11:36-39: Error: Could not resolve service: Servname not found in nft services list

add rule ip filter INPUT tcp sport om80 counter accept
^^^^
/nftables.rules:24:37-40: Error: Could not resolve service: Servname not found in nft services list

add rule ip filter OUTPUT tcp dport om80 counter accept
^^^^
[info] All rules created

[info] Quick block test. Expected result is time out. Actual result is [removed]

[info] Setting up OpenVPN tunnel
[info] Create tunnel device
[info] Allow DnS-over-TLS for openvpn to lookup VPN server
Error: Could not process rule: No such file or directory

add rule ip filter INPUT tcp sport 853 counter accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Could not process rule: No such file or directory

add rule ip filter OUTPUT tcp dport 853 counter accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[info] Connecting to VPN on port om80 with proto tcp...
[info] Your VPN public IP is [removed]
[info] Block DnS-over-TLS to force traffic through tunnel
Error: Could not process rule: No such file or directory

list table filter
^^^^^^
Error: syntax error, unexpected newline, expecting number

delete rule filter INPUT handle
^
Error: Could not process rule: No such file or directory

list table filter
^^^^^^
Error: syntax error, unexpected newline, expecting number

delete rule filter OUTPUT handle
^
[info] Change DNS servers to 10.0.1.3
[info] Adding 10.0.1.3 to /etc/resolv.conf
[info] Allowing DNS lookups (tcp, udp port 53) to server '10.0.1.3'
Error: Could not process rule: No such file or directory

add rule ip filter INPUT ip saddr 10.0.1.3 tcp sport 53 ct state established counter accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Could not process rule: No such file or directory

add rule ip filter OUTPUT ip daddr 10.0.1.3 tcp dport 53 ct state new,established counter accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Could not process rule: No such file or directory

add rule ip filter INPUT ip saddr 10.0.1.3 udp sport 53 ct state established counter accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error: Could not process rule: No such file or directory

add rule ip filter OUTPUT ip daddr 10.0.1.3 udp dport 53 ct state new,established counter accept
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
[info] Done

[info] Run danted in background on port 9118
Sep 11 14:41:12 (1599824472.472185) danted[88]: error: /etc/danted.conf: problem on line 2 near token "tun0": could not resolve hostname "tun0": Name or service not known. Please see the Dante manual for more information

Sep 11 14:41:12 (1599824472.472260) danted[88]: alert: mother[1/1]: shutting down

Any hint?

Edited by dhstsw
Link to comment
18 hours ago, dvap said:

Hello, First of all Testdasi, thank you for your work here.  I have gotten pi-hole with DOH working.  I am wondering if there is a way I can use a different DNS than Cloudflare?  Specifically, I would like to use cleanbrowsing.org which supports DOH.  cleanbrowsing.org give me the following information for their DNS over HTTPS implementation.  

On 2nd thought, you are probably better off using ICH777's DoH Client.

The intentention of my Pihole with DoH / DoT is to add DoH / DoT to Pihole for privacy reasons. Beside not letting your ISP sees your DNS queries, it also centralises blocking / filtering management within YOUR Pihole instead of in some 3rd-party servers. Using a filtering DNS with Pihole wouldn't be quite the use case for the docker.

ICH777's docker already allows your to pick different DoH services so you can use a filtering DNS with it.

 

9 hours ago, SudoGetMe said:

Just wanted to say thanks for your work with this! I'm new to Unraid, but I was able to get this up and running in just a few minutes.

Thanks. Glad to know it is helpful.

 

  • Thanks 1
Link to comment
7 minutes ago, dhstsw said:

Not working here, looks like it can't find the openvpn.ovpn file (wich is where it's supposed to be).
Lots of errors in log file:

Any hint?

Is your VPN running on port 80? That is a bit unusual.

In your OVPN config file, add 3 spaces before 80. (so it's blabla.com 80 -> blabla.com   80). See if it works.

Link to comment
4 minutes ago, testdasi said:

Is your VPN running on port 80? That is a bit unusual.

In your OVPN config file, add 3 spaces before 80. (so it's blabla.com 80 -> blabla.com   80). See if it works.

Well, that was weird.
With the 3 spaces it does work. Thanks!

One question: would it be possible to use the container as a gateway?
Currently i'm using an ubuntu server vm configured as in the video below (with mods).

That's because using an openvpn as a proxy the service i try to connect to detects the VPN (i guess there are leaks). With a gateway everything works as intended.

Thanks.

 

  • Haha 1
Link to comment
2 hours ago, dhstsw said:

Well, that was weird.
With the 3 spaces it does work. Thanks!

One question: would it be possible to use the container as a gateway?
Currently i'm using an ubuntu server vm configured as in the video below (with mods).

That's because using an openvpn as a proxy the service i try to connect to detects the VPN (i guess there are leaks). With a gateway everything works as intended.

Thanks.

If there's a use case for a VPN VM over VPN docker, it's yours.

Docker networking is extremely complex and I haven't seen anything that works in terms of making a VPN docker become a gateway.

 

Also I fixed the bug so you don't need to add extra space to the ovpn now.

Link to comment
17 hours ago, testdasi said:

If there's a use case for a VPN VM over VPN docker, it's yours.

Docker networking is extremely complex and I haven't seen anything that works in terms of making a VPN docker become a gateway.

 

Also I fixed the bug so you don't need to add extra space to the ovpn now.

Thanks for everything :)

C.

  • Thanks 1
Link to comment

Update (12/09/2020):

  • Added Pi-Hole DoT DoH. This This docker supercedes my previous Pi-Hole with DoH and Pi-Hole with DoT dockers.
  • Pondering if I should write a mod module to add VPN to LSIO dockers.

 

On 9/10/2020 at 6:18 PM, dvap said:

I am wondering if there is a way I can use a different DNS than Cloudflare?

Hey, my latest Pi-Hole DoT DoH docker has exposed config files so you can add additional services (and remove cloudflare). Just edit cloudflared.yml in your Unraid appdata folder. Note: Cloudflared is the app the enable DoH. Cloudflare (no "d") is the DNS service.

  • Thanks 1
Link to comment

It looks like I'm a little too stupid ...
At the moment pihole runs fine on a RaPi3, but I want to "move" this service to the unraid server.
Unfortunately, I can't get to the web console (website not available).

The docker is created with this settings:

root @ localhost: # /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name = 'Pihole-DoT-DoH' --net = 'bridge' -e TZ = "Europe / Berlin "-e HOST_OS =" Unraid "-e 'DNS1' = '127.1.1.1 # 5153' -e 'DNS2' = '127.2.2.2 # 5253' -e 'TZ' = 'Europe / London' -e ' WEBPASSWORD '=' password '-e' INTERFACE '=' br0 '-e' ServerIP '=' 192.168.2.9 '-e' ServerIPv6 '=' '-e' IPv6 '=' False '-e' DNSMASQ_LISTENING '=' all '-p' 10053: 10053 / tcp '-p' 10053: 10053 / udp '-p' 10067: 10067 / udp '-p' 10080: 10080 / tcp '-p' 10443: 10443 / tcp '-v' / mnt / user / appdata / pihole-dot-doh / pihole / ':' / etc / pihole / ':' rw '-v' /mnt/user/appdata/pihole-dot-doh/dnsmasq.d/ ': '/etc/dnsmasq.d/':'rw' -v '/ mnt / user / appdata / pihole-dot-doh / config /': '/ config /': 'rw' --cap-add = NET_ADMIN - -restart = unless-stopped 'testdasi / pihole-dot-doh: stable-amd64'

192.168.2.1 is my router and 192.168.2.4 the IP of the unraid-server. I think the problem is the "ServerIP"-Variable!? I've already tried a few variations. ;-)

 

I am grateful for every thought stimulus!

Edited by Toskache
Typo
  • Like 1
Link to comment
14 minutes ago, Toskache said:

It looks like I'm a little too stupid ...
At the moment pihole runs fine on a RaPi3, but I want to "move" this service to the unraid server.
Unfortunately, I can't get to the web console (website not available).

The docke is created with this settings:


root @ localhost: # /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name = 'Pihole-DoT-DoH' --net = 'bridge' -e TZ = "Europe / Berlin "-e HOST_OS =" Unraid "-e 'DNS1' = '127.1.1.1 # 5153' -e 'DNS2' = '127.2.2.2 # 5253' -e 'TZ' = 'Europe / London' -e ' WEBPASSWORD '=' password '-e' INTERFACE '=' br0 '-e' ServerIP '=' 192.168.2.9 '-e' ServerIPv6 '=' '-e' IPv6 '=' False '-e' DNSMASQ_LISTENING '=' all '-p' 10053: 10053 / tcp '-p' 10053: 10053 / udp '-p' 10067: 10067 / udp '-p' 10080: 10080 / tcp '-p' 10443: 10443 / tcp '-v' / mnt / user / appdata / pihole-dot-doh / pihole / ':' / etc / pihole / ':' rw '-v' /mnt/user/appdata/pihole-dot-doh/dnsmasq.d/ ': '/etc/dnsmasq.d/':'rw' -v '/ mnt / user / appdata / pihole-dot-doh / config /': '/ config /': 'rw' --cap-add = NET_ADMIN - -restart = unless-stopped 'testdasi / pihole-dot-doh: stable-amd64'

192.168.2.1 is my router and 192.168.2.4 the IP of the unraid-server. I think the problem is the "ServerIP"-Variable!? I've already tried a few variations. ;-)

 

I am grateful for every thought stimulus!

Also having this issue, worked fine, then did an update to the black pi logo and it refuses to start up, sits on the below, doesn't get any further unless i assign it as bridge and is the same ip as unraid - however this still won't let me access the webui

[i] Existing dnsmasq.conf found... it is not a Pi-hole file, leaving alone!
chown: cannot access '': No such file or directory
chmod: cannot access '': No such file or directory
chown: cannot access '/etc/pihole/dhcp.leases': No such file or directory
::: Pre existing WEBPASSWORD found
Using custom DNS servers: 127.1.1.1#5153 & 127.2.2.2#5253
DNSMasq binding to custom interface: custom : br0
Added ENV to php:
"PHP_ERROR_LOG" => "/var/log/lighttpd/error.log",

"ServerIP" => "192.168.1.6",
"VIRTUAL_HOST" => "192.168.1.6",
Using IPv4
::: Preexisting ad list /etc/pihole/adlists.list detected ((exiting setup_blocklists early))
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://mirror1.malwaredomains.com/files/justdomains
::: Testing pihole-FTL DNS: FTL started!
::: Testing lighttpd config: Syntax OK
::: All config checks passed, cleared for startup ...
::: Docker start setup complete
[✗] DNS resolution is currently unavailable

 

Link to comment
23 hours ago, Toskache said:

It looks like I'm a little too stupid ...
At the moment pihole runs fine on a RaPi3, but I want to "move" this service to the unraid server.
Unfortunately, I can't get to the web console (website not available).

The docker is created with this settings:


root @ localhost: # /usr/local/emhttp/plugins/dynamix.docker.manager/scripts/docker run -d --name = 'Pihole-DoT-DoH' --net = 'bridge' -e TZ = "Europe / Berlin "-e HOST_OS =" Unraid "-e 'DNS1' = '127.1.1.1 # 5153' -e 'DNS2' = '127.2.2.2 # 5253' -e 'TZ' = 'Europe / London' -e ' WEBPASSWORD '=' password '-e' INTERFACE '=' br0 '-e' ServerIP '=' 192.168.2.9 '-e' ServerIPv6 '=' '-e' IPv6 '=' False '-e' DNSMASQ_LISTENING '=' all '-p' 10053: 10053 / tcp '-p' 10053: 10053 / udp '-p' 10067: 10067 / udp '-p' 10080: 10080 / tcp '-p' 10443: 10443 / tcp '-v' / mnt / user / appdata / pihole-dot-doh / pihole / ':' / etc / pihole / ':' rw '-v' /mnt/user/appdata/pihole-dot-doh/dnsmasq.d/ ': '/etc/dnsmasq.d/':'rw' -v '/ mnt / user / appdata / pihole-dot-doh / config /': '/ config /': 'rw' --cap-add = NET_ADMIN - -restart = unless-stopped 'testdasi / pihole-dot-doh: stable-amd64'

192.168.2.1 is my router and 192.168.2.4 the IP of the unraid-server. I think the problem is the "ServerIP"-Variable!? I've already tried a few variations. ;-)

 

I am grateful for every thought stimulus!

Firstly, you picked "bridge" network. That will never work because Unraid sits on port 53, which is required for DNS lookup. You should pick br0 or br1 (i.e. the Unraid macvlan bridge. If you don't see br0/br1 option, go to Settings -> Dockers to enable it, you might have to disable docker for the option to show up).

Secondly, your port mappings are off. The 5 ports should be 53tcp 53udp 67 80 443. That probably was because of the bridge network mappings getting carried over.

The server IP should be the static IP you assign to the docker, not the IP of your Unraid server.

 

I made some changes to the template to make things clearer. I would suggest to uninstall the docker for now, wait about 2 hours for CA to pick up the change and reinstall. If you see "YOU MUST ASSIGN A STATIC IP TO THE DOCKER FOR PIHOLE TO WORK." in the description, that's the new template version.

 

23 hours ago, FlippinTurt said:

Also having this issue, worked fine, then did an update to the black pi logo and it refuses to start up, sits on the below, doesn't get any further unless i assign it as bridge and is the same ip as unraid - however this still won't let me access the webui

Hmm... same advice as above. Uninstall the docker and wait till you see "YOU MUST ASSIGN A STATIC IP TO THE DOCKER FOR PIHOLE TO WORK." in description (i.e. new version of the template was loaded to CA) and reinstall from CA template i.e. don't reuse your old template.

It runs fine on my server so I'm guessing the template was the issue.

  • Like 1
Link to comment

Just installed the OpenVPN HyDeSa container.  The kill switch does not seem to work correctly.  I just installed it and the container running and is reporting my real IP address(used curl ifconfig.io to verify).  I did not setup any OVPN config files yet so I would assume the container should refuse to start or at least refuse connection to the internet shouldn't it?

Edited by Aegisnir
  • Thanks 1
Link to comment
16 hours ago, Aegisnir said:

Just installed the OpenVPN HyDeSa container.  The kill switch does not seem to work correctly.  I just installed it and the container running and is reporting my real IP address(used curl ifconfig.io to verify).  I did not setup any OVPN config files yet so I would assume the container should refuse to start or at least refuse connection to the internet shouldn't it?

Thanks for reporting. I fixed that.

I was assuming users would follow the instructions (even added reminder "DON'T FORGET THE OVPN FILE!!!" in the docker description) but I guess just crashing the docker is a better approach.

Link to comment
1 hour ago, testdasi said:

Thanks for reporting. I fixed that.

I was assuming users would follow the instructions (even added reminder "DON'T FORGET THE OVPN FILE!!!" in the docker description) but I guess just crashing the docker is a better approach.

Yeah I read that step but it concerned me that the container was running when the VPN link was not up as there was no VPN configured yet.  Made me think that if my VPN ever stopped, the container would continue to run without it and reveal my IP and data.  Thanks.

Link to comment
1 hour ago, Aegisnir said:

Yeah I read that step but it concerned me that the container was running when the VPN link was not up as there was no VPN configured yet.  Made me think that if my VPN ever stopped, the container would continue to run without it and reveal my IP and data.  Thanks.

That shouldn't happen. I tested specifically for that scenario.

 

It's like doing car crash prevention technology. It has to assume you wear a seatbelt and build additional safety around that assumption e.g. some of the emergency braking is so sudden that at sufficient speed, you can break a few rib crashing into the steering wheel without wearing a seatbelt.

 

So in this particular case, I provided specific instructions that say "put on a seatbelt" and "DON'T FORGET THE SEATBELT" reminder so I assume people already wear a seatbelt.

 

Completely different scenarios. The new logic would not start the engine if there's no seatbelt.

Edited by testdasi
Link to comment
3 minutes ago, testdasi said:

That shouldn't happen. I tested specifically for that scenario.

 

It's like doing car crash prevention technology. It has to assume you wear a seatbelt and build additional safety around that assumption e.g. some of the emergency braking is so sudden that at sufficient speed, you can break a few rib crashing into the steering wheel without wearing a seatbelt.

 

So in this particular case, I provided specific instructions that say "put on a seatbelt" and "DON'T FORGET THE SEATBELT" reminder so I assume people already wear a seatbelt. The new logic would not start the engine if there's no seatbelt.

 

Completely different scenarios.

Understood.  Just a different approach from what I am used to seeing on other containers with VPNs where it simply refuses to run without a VPN link.  As a novice user, it scared me to see the container running without it.  I do not fully understand all the back end work that goes into this and simply reported it as it was something I did not expect and thought it may have been an issue.

Thank you for the explanation and updating the container. :) 

  • Thanks 1
Link to comment

Update (21/09/2020):

  • OpenVPN-based dockers now will crash out if the user doesn't provide an ovpn file as per instructions.
  • Deprecated rutorrent-plus-plus as binhex has implemented multi-remote functionality. Please use his docker instead.

  • Added Grafana Unraid Stack

Quick screenshot:

grafana-unraid-stack-screen.png

Edited by testdasi
Link to comment
10 hours ago, testdasi said:

Update (21/09/2020):

  • OpenVPN-based dockers now will crash out if the user doesn't provide an ovpn file as per instructions.
  • Added Grafana Unraid Stack

Quick screenshot:

grafana-unraid-stack-screen.png

Worked really nice, thank you for the Docker. I would also love to have monitoring of my APC UPS, or maybe it´s hard to add in your docker since ppl use different brands? I assume if I add that manually it would disappear on a future update?

 

Edit: Did just notice that CPU does not report temp. I have a Intel E5 2697 V3 if that helps

Edited by Sic79
Issue
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.