Docker-transmission-openvpn: VPNSEcure
Hi!
I tried with the custom settings, but I wasn't lucky :D
I'm a newbie :D
Can someone help me?
I have installed the container with composer:
transmission-vpn:
container_name: transmission-vpn
image: haugene/transmission-openvpn
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
restart: always
ports:
- "9191:9191"
dns:
- 1.1.1.1
- 1.0.0.1
volumes:
- /etc/localtime:/etc/localtime:ro
- ${USERDIR}/docker/transmission-vpn:/data
- ${USERDIR}/docker/shared:/shared
- /HD/Server/Downloads:/data/watch
- /HD/Server/Downloads:/data/completed
- /HD/Server/Downloads/incomplete:/data/incomplete
- /home/dario/docker/OVPN/:/etc/openvpn/custom/
environment:
- OPENVPN_PROVIDER=CUSTOM
- OPENVPN_USERNAME=usernameVPN
- OPENVPN_PASSWORD=passwordVPN
- OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
- LOCAL_NETWORK=192.168.0.0/24
- PUID=1000
- PGID=1000
- TZ=${TZ}
- TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
- TRANSMISSION_RPC_HOST_WHITELIST="127.0.0.1,192.168.*.*"
- TRANSMISSION_RPC_PASSWORD=user
- TRANSMISSION_RPC_USERNAME=password
- TRANSMISSION_UMASK=002
- TRANSMISSION_RATIO_LIMIT=1.00
- TRANSMISSION_RATIO_LIMIT_ENABLED=true
I have the files .key .crt, ca.crt and .pem.
I have include the key and the .crt in the ovpn file configuration:
client
proto udp
dev tun
dh /etc/openvpn/custom/dh2048.pem
ca /etc/openvpn/custom/ca.crt
remote us3.bukbukimachicken.me 1191
cipher DES-CBC
verb 2
mute 20
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
<cert>
-----BEGIN CERTIFICATE-----
key...
-----END CERTIFICATE-----
</cert>
<key>
-----BEGIN ENCRYPTED PRIVATE KEY-----
key....
-----END ENCRYPTED PRIVATE KEY-----
</key>
the log is:
Using OpenVPN provider: CUSTOM
No VPN configuration provided. Using default.
Setting OPENVPN credentials...
adding route to local network 192.168.0.0/24 via 172.18.0.1 dev eth0
WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Private Key Password:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Exiting due to fatal error
dar8
All 15 comments
Try adding auth-user-pass /config/openvpn-credentials.txt line to the config file.
haugene
on 23 Feb 2019
Thank you for your work ;)
I tried but still same error
This file "/config/openvpn-credentials.txt" is the default one or I have to change something?
dar8
on 23 Feb 2019
You're welcome.
Aha. Reading the error again I see that it's not asking for regular ovpn authentication. It probably would if it had come as far...
But now it's asking for a private key password. So it's a password protected key. That's a first for me actually.
Need to check the openvpn manual then. We're supplying username and password to openvpn via a file that is persisted from the environment variables. We could easily do the same for private key password if openvpn supports it. If not you would need to manually start openvpn in the container because the password then needs to be provided in the shell at startup. There might be hacks around this though.
haugene
on 23 Feb 2019
thanks again for your help.
On ubuntu 18.10 I added the VPN settings only uploading the ovpn file (automatically recognizes the other files) and inserting the user and psw... I don't know if can be useful, but in this case I'm not able to access to my server remotely :D
dar8
on 24 Feb 2019
Hi, it seems to work adding "askpass /etc/openvpn/custom/auth.txt" where I created the file auth.txt only for the psw.
But now I'm not able to connect to web UI :(
EDIT: from local network
No VPN configuration provided. Using default.
Setting OPENVPN credentials...
adding route to local network 192.168.0.0/24 via 172.18.0.1 dev eth0
WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
WARNING: file '/etc/openvpn/custom/vpnsecure.key' is group or others accessible
WARNING: file '/etc/openvpn/custom/auth.txt' is group or others accessible
OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
TCP/UDP: Preserving recently used remote address: [AF_INET][IPVPN]
UDP link local: (not bound)
UDP link remote: [AF_INET][IPVPN]
dar8
on 24 Feb 2019
And there are no more logs than the ones you post here?
Is the container running or does it exit? Can you curl localhost:9091 inside the container? (exec into the container and curl from there)
haugene
on 25 Feb 2019
I'm having the same problems with VPNSecure and getting it to work.
solarplex
on 25 Feb 2019
The container is running, with docker container ls i have
haugene/transmission-openvpn:latest "haugene/transmission-openvpn "dumb-init /etc/open…" About a minute ago Up 41 seconds 8888/tcp, 9091/tcp, 0.0.0.0:9191->9191/tcp transmission-vpn
I opened the port 9191 because in meantime I'm using another container with a normal transmission
with curl localhost:9191 :
Recv failure: Connection reset by peer
dar8
on 26 Feb 2019
@dar8 And then you're curl'ing from inside the container? Or from the host?
Sounds like a LOCAL_NETWORK problem by the error from curl (if you're running from the host). What is the IP address of the host and your client?
haugene
on 26 Feb 2019
I run curl from the host that has the ip 192.168.0.200 (htpc), the client has ip 192.168.0.108 (laptop).
With docker exec -it transmission-vpn curl http://localhost:9191 :
curl: (7) Failed to connect to localhost port 9191: Connection refused
I'm able to do the access to sickrage and other containers of course without VPN
Thanks again for your help :)
dar8
on 27 Feb 2019
I have installed again the container but only with the minimum lines:
docker run --cap-add=NET_ADMIN --device=/dev/net/tun -d \
-v /home/dario/docker/transmission-vpn:/data \
-v /etc/localtime:/etc/localtime:ro \
-v /home/dario/docker/OVPN/:/etc/openvpn/custom \
-e OPENVPN_PROVIDER=CUSTOM \
-e OPENVPN_USERNAME=myuser \
-e OPENVPN_PASSWORD=mypsw \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.0.0/24 \
--log-driver json-file \
--log-opt max-size=10m \
-p 9191:9191 \
haugene/transmission-openvpn
Now te log is:
Using OpenVPN provider: CUSTOM
No VPN configuration provided. Using default.
Setting OPENVPN credentials...
adding route to local network 192.168.0.0/16 via 172.17.0.1 dev eth0
Thu Mar 7 09:15:37 2019 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Thu Mar 7 09:15:37 2019 WARNING: file '/etc/openvpn/custom/vpnsecure.key' is group or others accessible
Thu Mar 7 09:15:37 2019 WARNING: file '/etc/openvpn/custom/auth.txt' is group or others accessible
Thu Mar 7 09:15:37 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
Thu Mar 7 09:15:37 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Thu Mar 7 09:15:38 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 7 09:15:38 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]"ip VPN"
Thu Mar 7 09:15:38 2019 UDP link local: (not bound)
Thu Mar 7 09:15:38 2019 UDP link remote: [AF_INET]"ip VPN"
Thu Mar 7 09:16:38 2019 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Thu Mar 7 09:16:38 2019 TLS Error: TLS handshake failed
Thu Mar 7 09:16:38 2019 SIGUSR1[soft,tls-error] received, process restarting
Thu Mar 7 09:16:43 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Mar 7 09:16:43 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]"ip VPN"
Thu Mar 7 09:16:43 2019 UDP link local: (not bound)
Thu Mar 7 09:16:43 2019 UDP link remote: [AF_INET]"ip VPN"
Every 60 seconds the same error
dar8
on 7 Mar 2019
It fails on key negotiation. So it might have to do with askpass /etc/openvpn/custom/auth.txt that you said you added. If that wasn't the right passphrase for the key.
This doesn't sound like an issue with this container. It sounds like a general setup thing for VPNSecure and OpenVPN. Have you ran OpenVPN with one of these configs successfully? Do they have a guide, and is there no mention of this?
If you could make it work on a ubuntu with openvpn from the command line then I think this should be the same. Have you asked VPNSecure support?
haugene
on 17 Mar 2019
Hi Haugene Thanks :)
My fault, wrong "proto" parameter based on server :D
I've just run the container and it works!!!
My ovpn file now is:
client
proto tcp
dev tun
dh dh2048.pem
ca /etc/openvpn/custom/ca.crt
cert /etc/openvpn/custom/vpnsecure.crt
key /etc/openvpn/custom/vpnsecure.key
askpass /etc/openvpn/custom/auth.txt
remote tcp-ie1.isponeder.com 110
cipher AES-256-CBC
verb 2
mute 20
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
auth-nocache
remote-cert-tls server
dar8
on 18 Mar 2019
I'm having problems with trying to get this to connect to vpnsecure with a custom config. Not sure what to do about protocol errors. I'm a bit of a noob -- TIA.
docker run --cap-add=NET_ADMIN -d -v /home/me/openvpn/:/etc/openvpn/ -v /etc/openvpn:/etc/openvpn/custom -v /home/me/tmp:/data -v /etc/localtime:/etc/localtime:ro -e CREATE_TUN_DEVICE=true -e OPENVPN_PROVIDER=CUSTOM -e OPENVPN_USERNAME=userid -e OPENVPN_PASSWORD=password -e WEBPROXY_ENABLED=false -e LOCAL_NETWORK=10.0.1.0/24 --log-driver json-file --log-opt max-size=10m -p 9091:9091 haugene/transmission-openvpn
opvn file:
client
proto tcp
dev tun
dh dh2048.pem
ca /etc/openvpn/custom/ca.crt
cert /etc/openvpn/custom/vpnsecure.crt
key /etc/openvpn/custom/vpnsecure.key
askpass /etc/openvpn/custom/auth.txt
remote tcp-ie1.isponeder.com 110
cipher AES-256-CBC
verb 2
mute 20
comp-lzo
persist-key
persist-tun
float
resolv-retry infinite
nobind
auth-nocache
remote-cert-tls server
docker logs:
Using OpenVPN provider: CUSTOM
No VPN configuration provided. Using default.
Setting OPENVPN credentials...
adding route to local network 10.0.1.0/24 via 172.17.0.1 dev eth0
Sun Aug 4 22:54:11 2019 WARNING: Ignoring option 'dh' in tls-client mode, please only include this in your server configuration
Sun Aug 4 22:54:11 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 19 2019
Sun Aug 4 22:54:11 2019 library versions: OpenSSL 1.0.2g 1 Mar 2016, LZO 2.08
Sun Aug 4 22:54:11 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Aug 4 22:54:11 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]217.78.6.187:110
Sun Aug 4 22:54:11 2019 Attempting to establish TCP connection with [AF_INET]217.78.6.187:110 [nonblock]
Sun Aug 4 22:54:12 2019 TCP connection established with [AF_INET]217.78.6.187:110
Sun Aug 4 22:54:12 2019 TCP_CLIENT link local: (not bound)
Sun Aug 4 22:54:12 2019 TCP_CLIENT link remote: [AF_INET]217.78.6.187:110
Sun Aug 4 22:54:13 2019 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=NY, L=New York, O=vpnsecure.me, [email protected]
Sun Aug 4 22:54:13 2019 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Sun Aug 4 22:54:13 2019 TLS_ERROR: BIO read tls_read_plaintext error
Sun Aug 4 22:54:13 2019 TLS Error: TLS object -> incoming plaintext read error
Sun Aug 4 22:54:13 2019 TLS Error: TLS handshake failed
Sun Aug 4 22:54:13 2019 Fatal TLS error (check_tls_errors_co), restarting
Sun Aug 4 22:54:13 2019 SIGUSR1[soft,tls-error] received, process restarting
w-racz
on 5 Aug 2019
I've set up the docker container as described above, the final lines in the log look like this:
[...]
Wed Dec 11 08:32:35 2019 TUN/TAP device tun0 opened
Wed Dec 11 08:32:35 2019 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec 11 08:32:35 2019 /sbin/ip addr add dev tun0 local 172.22.2.62 peer 172.22.2.61
Wed Dec 11 08:32:35 2019 /etc/openvpn/tunnelUp.sh tun0 1500 1560 172.22.2.62 172.22.2.61 init
Up script executed with tun0 1500 1560 172.22.2.62 172.22.2.61 init
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 172.22.2.62
Generating transmission settings.json from env variables
sed'ing True to true
-------------------------------------
Transmission will run as
-------------------------------------
User name: root
User uid: 0
User gid: 0
-------------------------------------
STARTING TRANSMISSION
NO PORT UPDATER FOR THIS PROVIDER
Transmission startup script complete.
Wed Dec 11 08:32:36 2019 Initialization Sequence Completed
However I can't open localhost:9191 even though I've exposed it via docker [...] -p 9191:9191. Also docker exec $container curl http://localhost:9191 gives me:
curl: (7) Failed to connect to localhost port 9191: Connection refused
What am I missing?
heyarne
on 11 Dec 2019
Related issues
beneix
·
3Comments
kyxap
·
3Comments
jorgelsaba
·
3Comments
ovizii
·
3Comments
avDownloads
·
4Comments
Most helpful comment
Hi Haugene Thanks :)
My fault, wrong "proto" parameter based on server :D
I've just run the container and it works!!!
My ovpn file now is: