Docker-transmission-openvpn: PIA - TLS handshake failed

Created on 15 Nov 2020 · 9Comments · Source: haugene/docker-transmission-openvpn

I have been using the container with Surfshark but just signed up with PIA and wanted to start using that instead. I removed the old container and created a new one for PIA. Now Transmission does not start properly and I cannot access the web interface. The console output mentions a problem with TLS handshake:

Using OpenVPN provider: PIA
Starting OpenVPN using config France.ovpn
Setting OPENVPN credentials...
adding route to local network 192.168.1.0/24 via 10.0.3.1 dev eth0
Sun Nov 15 19:19:20 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 27 2020
Sun Nov 15 19:19:20 2020 library versions: OpenSSL 1.1.1c 28 May 2019, LZO 2.10
Sun Nov 15 19:19:20 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Nov 15 19:19:20 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.63.1:1198
Sun Nov 15 19:19:20 2020 UDP link local: (not bound)
Sun Nov 15 19:19:20 2020 UDP link remote: [AF_INET]156.146.63.1:1198
Sun Nov 15 19:20:20 2020 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Nov 15 19:20:20 2020 TLS Error: TLS handshake failed
Sun Nov 15 19:20:20 2020 SIGUSR1[soft,tls-error] received, process restarting
Sun Nov 15 19:20:25 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sun Nov 15 19:20:25 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.63.65:1198
Sun Nov 15 19:20:25 2020 UDP link local: (not bound)
Sun Nov 15 19:20:25 2020 UDP link remote: [AF_INET]156.146.63.65:1198

The command I use to create the container is:

docker run --cap-add=NET_ADMIN -d \
-v /share/Download/transmission:/data \
-v /etc/localtime:/etc/localtime:ro \
-e CREATE_TUN_DEVICE=true \
-e OPENVPN_PROVIDER=PIA \
-e PIA_OPENVPN_CONFIG_BUNDLE=openvpn-ip-nextgen \
-e OPENVPN_CONFIG=France \
-e OPENVPN_USERNAME= \
-e OPENVPN_PASSWORD= \
-e TRANSMISSION_BLOCKLIST_ENABLED=true \
-e TRANSMISSION_BLOCKLIST_URL="https://github.com/sahsu/transmission-blocklist/releases/download/1.0.0/blocklist.gz" \
-e WEBPROXY_ENABLED=false \
-e LOCAL_NETWORK=192.168.1.0/24 \
--log-driver json-file \
--log-opt max-size=10m \
--name="OVPN_Transmission_PIA" \
--restart unless-stopped \
-p 9091:9091 \
haugene/transmission-openvpn

Am I missing something here?

Source

beneix

All 9 comments

-e PIA_OPENVPN_CONFIG_BUNDLE=openvpn-ip-nextgen

I have this issue as well if i select openvpn-ip-nextgen , using openvpn-tcp-nextgen works without issue

clowrym on 15 Nov 2020

using openvpn-tcp-nextgen works without issue

Thanks @clowrym - I tried that, but it made no difference.

beneix on 16 Nov 2020

👍1

I added -e TZ="Europe/London" and changed OPENVPN_CONFIG to "UK London". Now the connection works and the web interface is accessible, but I also get a new error message about port forwarding:

STARTING TRANSMISSION
CONFIGURING PORT FORWARDING
Transmission startup script complete.
Wait for tunnel to be fully initialized and PIA is ready to give us a port
Mon Nov 16 16:43:30 2020 Initialization Sequence Completed
Generating new client id for PIA
Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding
curl encountered an error looking up new port: 7

beneix on 16 Nov 2020

I can confirm that this is an issue, I have not tried the solution mentioned by beneix yet, but I can confirm though I have begun getting the same error messages/issues of the web gui not loading due to a TLS handshake failure.

Americanzer0 on 16 Nov 2020

You seem to be running an old version of the image. Run docker pull haugene/transmission-openvpn and try again.

haugene on 16 Nov 2020

The issue is fixed for me after pulling

aig787 on 16 Nov 2020

👍1

The update worked for me but I also had to change my location from Canada to US for port forwarding. I've seen inconsistent problems in the past using Toronto. Otherwise all good. Big thanks to all that maintain the updates! I've been using this now for a few years.