search

binhex / arch-rtorrentvpn

Docker build script for Arch Linux base with ruTorrent, rTorrent, autodl-irssi, Privoxy and OpenVPN
GNU General Public License v3.0
239 stars 36 forks source link

ruTorrent/flood isn't acessible with VPN (PIA) #84

Closed enoch85 closed 5 years ago

enoch85 commented 5 years ago

Hi!

Thanks for a great docker, and an easier way to enable VPN for rtorrent with ruTorrent GUI.

I have my own installation running on another server but now I'm looking to enable VPN and hide traffic, hence this Docker image.

Though being quite familiar with Linux in general I can't get ruTorrent up and running. I ran the docker run stuff with debug mode and everything seems to check out correctly, but when accessing http://host-ip:9080 it fails to connect from my laptop (which have * access to all subnets in my network).

So my question I guess is, do I need to install Nginx/APache on the host that runs the docker (Ubuntu 18.04.1) and reverse proxy the Docker container, or am I missing something here?

I run PIA and used the provided example config with my own changes ofc.

This is some of the DEBUG output:

2018-12-30 19:45:44,027 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2018-12-30 19:45:44,031 DEBG 'start-script' stdout output:
[info] Adding 9.9.9.9 to /etc/resolv.conf

2018-12-30 19:45:44,034 DEBG 'start-script' stdout output:
[info] Adding 149.112.112.112 to /etc/resolv.conf

2018-12-30 19:45:44,082 DEBG 'start-script' stdout output:
[info] Remote VPN endpoint resolves to the following A record(s)...
46.246.123.6 46.246.123.21

2018-12-30 19:45:44,117 DEBG 'start-script' stdout output:
[info] Attempting to load tun kernel module...

2018-12-30 19:45:44,126 DEBG 'start-script' stderr output:
modprobe: FATAL: Module tun not found in directory /lib/modules/4.15.0-29-generic

2018-12-30 19:45:44,127 DEBG 'start-script' stdout output:
[warn] Unable to load tun kernel module using modprobe, trying insmod...

2018-12-30 19:45:44,128 DEBG 'start-script' stderr output:
insmod: ERROR: could not load module /lib/modules/tun.ko: No such file or directory

2018-12-30 19:45:44,128 DEBG 'start-script' stdout output:
[warn] Unable to load tun kernel module, assuming its dynamically loaded

2018-12-30 19:45:44,140 DEBG 'start-script' stdout output:
[debug] Show name servers defined for container

2018-12-30 19:45:44,140 DEBG 'start-script' stdout output:
nameserver 9.9.9.9
nameserver 149.112.112.112

2018-12-30 19:45:44,141 DEBG 'start-script' stdout output:
[debug] Show name resolution for VPN endpoint sweden.privateinternetaccess.com

2018-12-30 19:45:44,208 DEBG 'start-script' stdout output:
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 46755
;; flags: qr rd ra ; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 
;; QUESTION SECTION:
;; sweden.privateinternetaccess.com.    IN  A

;; ANSWER SECTION:
sweden.privateinternetaccess.com.   300 IN  A   46.246.123.6
sweden.privateinternetaccess.com.   300 IN  A   46.246.123.21

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 65 msec
;; SERVER: 9.9.9.9
;; WHEN: Sun Dec 30 19:45:44 2018
;; MSG SIZE  rcvd: 82

2018-12-30 19:45:44,208 DEBG 'start-script' stdout output:
[debug] Show contents of hosts file

2018-12-30 19:45:44,209 DEBG 'start-script' stdout output:
127.0.0.1   localhost
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.17.0.2  d868bcf48159
46.246.123.6    sweden.privateinternetaccess.com

2018-12-30 19:45:44,213 DEBG 'start-script' stdout output:
[debug] Docker interface defined as eth0

2018-12-30 19:45:44,216 DEBG 'start-script' stdout output:
[debug] Docker IP defined as 172.17.0.2

2018-12-30 19:45:44,219 DEBG 'start-script' stdout output:
[debug] Docker netmask defined as 255.255.0.0

2018-12-30 19:45:44,230 DEBG 'start-script' stdout output:
[info] Docker network defined as    172.17.0.0/16

2018-12-30 19:45:44,233 DEBG 'start-script' stdout output:
[info] Adding 192.168.15.13/24 as route via docker eth0

2018-12-30 19:45:44,234 DEBG 'start-script' stderr output:
Error: Invalid prefix for given prefix length.

2018-12-30 19:45:44,234 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2018-12-30 19:45:44,235 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0 

2018-12-30 19:45:44,235 DEBG 'start-script' stdout output:
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.2 
--------------------
[debug] Modules currently loaded for kernel

2018-12-30 19:45:44,239 DEBG 'start-script' stdout output:
Module                  Size  Used by
xt_mark                16384  0
iptable_mangle         16384  0
xt_nat                 16384  4
xt_tcpudp              16384  12
veth                   16384  0
ipt_MASQUERADE         16384  5
nf_nat_masquerade_ipv4    16384  1 ipt_MASQUERADE
nf_conntrack_netlink    40960  0
nfnetlink              16384  2 nf_conntrack_netlink
xfrm_user              32768  1
xfrm_algo              16384  1 xfrm_user
iptable_nat            16384  1
nf_conntrack_ipv4      16384  11
nf_defrag_ipv4         16384  1 nf_conntrack_ipv4
nf_nat_ipv4            16384  1 iptable_nat
xt_addrtype            16384  2
iptable_filter         16384  1
xt_conntrack           16384  1
nf_nat                 32768  3 xt_nat,nf_nat_masquerade_ipv4,nf_nat_ipv4
nf_conntrack          131072  8 xt_nat,nf_conntrack_ipv4,ipt_MASQUERADE,nf_conntrack_netlink,nf_nat_masquerade_ipv4,xt_conntrack,nf_nat_ipv4,nf_nat
br_netfilter           24576  0
bridge                151552  1 br_netfilter
stp                    16384  1 bridge
llc                    16384  2 bridge,stp
aufs                  241664  0
overlay                77824  1
zfs                  3407872  4
zunicode              331776  1 zfs
zavl                   16384  1 zfs
icp                   258048  1 zfs
zcommon                69632  1 zfs
znvpair                77824  2 zcommon,zfs
spl                   106496  4 znvpair,zcommon,zfs,icp
sb_edac                24576  0
intel_rapl_perf        16384  0
joydev                 24576  0
input_leds             16384  0
serio_raw              16384  0
vmw_balloon            20480  0
shpchp                 36864  0
mac_hid                16384  0
vmw_vsock_vmci_transport    28672  1
vsock                  36864  2 vmw_vsock_vmci_transport
sch_fq_codel           20480  9
vmw_vmci               69632  2 vmw_balloon,vmw_vsock_vmci_transport
ib_iser                49152  0
rdma_cm                61440  1 ib_iser
iw_cm                  45056  1 rdma_cm
ib_cm                  53248  1 rdma_cm
ib_core               225280  4 ib_iser,ib_cm,rdma_cm,iw_cm
iscsi_tcp              20480  0
libiscsi_tcp           20480  1 iscsi_tcp
libiscsi               53248  3 ib_iser,libiscsi_tcp,iscsi_tcp
scsi_transport_iscsi    98304  4 ib_iser,libiscsi,iscsi_tcp
ip_tables              28672  3 iptable_mangle,iptable_filter,iptable_nat
x_tables               40960  9 xt_nat,iptable_mangle,ip_tables,iptable_filter,xt_mark,xt_tcpudp,ipt_MASQUERADE,xt_addrtype,xt_conntrack
autofs4                40960  2
btrfs                1122304  0
zstd_compress         163840  1 btrfs
raid10                 53248  0
raid456               143360  0
async_raid6_recov      20480  1 raid456
async_memcpy           16384  2 raid456,async_raid6_recov
async_pq               16384  2 raid456,async_raid6_recov
async_xor              16384  3 async_pq,raid456,async_raid6_recov
async_tx               16384  5 async_xor,async_pq,raid456,async_memcpy,async_raid6_recov
xor                    24576  2 async_xor,btrfs
raid6_pq              114688  4 async_pq,btrfs,raid456,async_raid6_recov
libcrc32c              16384  3 nf_conntrack,raid456,nf_nat
raid1                  40960  0
raid0                  20480  0
multipath              16384  0
linear                 16384  0
hid_generic            16384  0
usbhid                 49152  0
hid                   118784  2 hid_generic,usbhid
crct10dif_pclmul       16384  0
mptspi                 24576  2
crc32_pclmul           16384  0
ghash_clmulni_intel    16384  0
pcbc                   16384  0
mptscsih               40960  1 mptspi
vmwgfx                274432  1
aesni_intel           188416  0
aes_x86_64             20480  1 aesni_intel
crypto_simd            16384  1 aesni_intel
ttm                   106496  1 vmwgfx
glue_helper            16384  1 aesni_intel
cryptd                 24576  3 crypto_simd,ghash_clmulni_intel,aesni_intel
drm_kms_helper        172032  1 vmwgfx
psmouse               147456  0
syscopyarea            16384  1 drm_kms_helper
mptbase               102400  2 mptscsih,mptspi
sysfillrect            16384 
2018-12-30 19:45:44,239 DEBG 'start-script' stdout output:
 1 drm_kms_helper
sysimgblt              16384  1 drm_kms_helper
fb_sys_fops            16384  1 drm_kms_helper
scsi_transport_spi     32768  1 mptspi
drm                   401408  4 vmwgfx,ttm,drm_kms_helper
vmxnet3                57344  0
ahci                   36864  0
libahci                32768  1 ahci
i2c_piix4              24576  0
pata_acpi              16384  0

2018-12-30 19:45:44,243 DEBG 'start-script' stdout output:
iptable_mangle         16384  0
ip_tables              28672  3 iptable_mangle,iptable_filter,iptable_nat
x_tables               40960  9 xt_nat,iptable_mangle,ip_tables,iptable_filter,xt_mark,xt_tcpudp,ipt_MASQUERADE,xt_addrtype,xt_conntrack

2018-12-30 19:45:44,243 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2018-12-30 19:45:44,534 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2018-12-30 19:45:44,535 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP
-A INPUT -i tun0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 501 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 3000 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 3000 -j ACCEPT
-A INPUT -s 192.168.15.0/24 -i eth0 -p tcp -m tcp --dport 5000 -j ACCEPT
-A INPUT -s 192.168.15.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 501 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 9443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 9443 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 3000 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 3000 -j ACCEPT
-A OUTPUT -d 192.168.15.0/24 -o eth0 -p tcp -m tcp --sport 5000 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 192.168.15.0/24 -o eth0 -p tcp -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT

2018-12-30 19:45:44,536 DEBG 'start-script' stdout output:
--------------------

2018-12-30 19:45:44,537 DEBG 'start-script' stdout output:
[debug] OpenVPN command line:- /usr/bin/openvpn --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'pia' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun0' --setenv VPN_REMOTE 'sweden.privateinternetaccess.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --remote 46.246.123.6 501 tcp-client --remote 46.246.123.21 501 tcp-client --remote-random --keepalive 10 60 --setenv STRICT_PORT_FORWARD 'yes' --disable-occ --auth-user-pass credentials.conf --cd /config/openvpn --config '/config/openvpn/sweden-aes-256-cbc-tcp-ip.ovpn'
[info] Starting OpenVPN...

2018-12-30 19:45:44,833 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:44 2018 WARNING: file 'credentials.conf' is group or others accessible
Sun Dec 30 19:45:44 2018 OpenVPN 2.4.6 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Apr 24 2018
Sun Dec 30 19:45:44 2018 library versions: OpenSSL 1.1.1a  20 Nov 2018, LZO 2.10

2018-12-30 19:45:44,835 DEBG 'start-script' stdout output:
[info] OpenVPN started

2018-12-30 19:45:44,835 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:44 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
[debug] Waiting for valid IP address from tunnel...

2018-12-30 19:45:44,838 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:44 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]46.246.123.21:501

2018-12-30 19:45:44,838 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:44 2018 Attempting to establish TCP connection with [AF_INET]46.246.123.21:501 [nonblock]

2018-12-30 19:45:45,838 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:45 2018 TCP connection established with [AF_INET]46.246.123.21:501
Sun Dec 30 19:45:45 2018 TCP_CLIENT link local: (not bound)
Sun Dec 30 19:45:45 2018 TCP_CLIENT link remote: [AF_INET]46.246.123.21:501

2018-12-30 19:45:46,120 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:46 2018 [6d9f9675105f6809a5aa86c37d9f7bdf] Peer Connection Initiated with [AF_INET]46.246.123.21:501

2018-12-30 19:45:52,411 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:52 2018 auth-token received, disabling auth-nocache for the authentication token

2018-12-30 19:45:52,412 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:52 2018 TUN/TAP device tun0 opened

2018-12-30 19:45:52,412 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:52 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sun Dec 30 19:45:52 2018 /usr/bin/ip link set dev tun0 up mtu 1500

2018-12-30 19:45:52,414 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:52 2018 /usr/bin/ip addr add dev tun0 local 10.37.1.6 peer 10.37.1.5

2018-12-30 19:45:52,415 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:52 2018 /root/openvpnup.sh tun0 1500 1572 10.37.1.6 10.37.1.5 init

2018-12-30 19:45:52,420 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-12-30 19:45:52,421 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-12-30 19:45:52,422 DEBG 'start-script' stdout output:
Sun Dec 30 19:45:52 2018 Initialization Sequence Completed

2018-12-30 19:45:52,505 DEBG 'privoxy-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.37.1.6'
[info] Configuring Privoxy...

2018-12-30 19:45:52,505 DEBG 'irssi-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.37.1.6'

2018-12-30 19:45:52,510 DEBG 'start-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.37.1.6'

2018-12-30 19:45:52,516 DEBG 'watchdog-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.37.1.6'

2018-12-30 19:45:52,517 DEBG 'watchdog-script' stdout output:
[info] rTorrent listening interface IP 0.0.0.0 and VPN provider IP 10.37.1.6 different, marking for reconfigure

2018-12-30 19:45:52,530 DEBG 'start-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.37.1.6'
[info] Strict port forwarding enabled, attempting to assign an incoming port...

2018-12-30 19:45:52,530 DEBG 'irssi-script' stdout output:
Script started, file is /home/nobody/typescript

2018-12-30 19:45:52,530 DEBG 'start-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.37.1.6'

2018-12-30 19:45:52,531 DEBG 'start-script' stdout output:
[debug] Attempting to get external IP using Name Server 'ns1.google.com'...

2018-12-30 19:45:52,550 DEBG 'watchdog-script' stdout output:
[info] rTorrent not running

2018-12-30 19:45:52,634 DEBG 'start-script' stdout output:
[info] Attempting to curl http://209.222.18.222:2000/?client_id=0b0ce0040d05aa156424f6dbc473b6160138a3166b7b4ad10a34d42656fe9605...

2018-12-30 19:45:52,647 DEBG 'start-script' stdout output:
[info] Successfully retrieved external IP address 46.246.123.21

2018-12-30 19:45:52,651 DEBG 'watchdog-script' stdout output:
[debug] External IP address from tunnel is '46.246.123.21'

2018-12-30 19:45:52,652 DEBG 'watchdog-script' stdout output:
[debug] Waiting for file '/home/nobody/vpn_incoming_port.txt' to be generated (contains PIA API generated incoming port number)...

2018-12-30 19:45:52,687 DEBG 'irssi-script' stdout output:
Script done, file is /home/nobody/typescript

2018-12-30 19:45:52,691 DEBG fd 22 closed, stopped monitoring <POutputDispatcher at 139790632132048 for <Subprocess at 139790632306664 with name irssi-script in state RUNNING> (stdout)>
2018-12-30 19:45:52,691 DEBG fd 26 closed, stopped monitoring <POutputDispatcher at 139790632131616 for <Subprocess at 139790632306664 with name irssi-script in state RUNNING> (stderr)>
2018-12-30 19:45:52,691 INFO exited: irssi-script (exit status 0; expected)
2018-12-30 19:45:52,691 DEBG received SIGCLD indicating a child quit
2018-12-30 19:45:52,807 DEBG 'privoxy-script' stdout output:
[info] All checks complete, starting Privoxy...

2018-12-30 19:45:52,891 DEBG 'privoxy-script' stderr output:
2018-12-30 19:45:52.891 7feff7e9f100 Info: Privoxy version 3.0.26
2018-12-30 19:45:52.891 7feff7e9f100 Info: Program name: /usr/bin/privoxy

2018-12-30 19:45:53,871 DEBG 'start-script' stdout output:
[info] Curl successful for http://209.222.18.222:2000/?client_id=0b0ce0040d05aa156424f6dbc473b6160138a3166b7b4ad10a34d42656fe9605, response code 200

2018-12-30 19:45:53,949 DEBG 'start-script' stdout output:
[debug] Successfully assigned incoming port 22900

2018-12-30 19:45:54,655 DEBG 'watchdog-script' stdout output:
[debug] Incoming port for tunnel is '22900'

2018-12-30 19:45:54,655 DEBG 'watchdog-script' stdout output:
[info] rTorrent incoming port 49160 and VPN incoming port 22900 different, marking for reconfigure
[info] Removing any rTorrent session lock files left over from the previous run...

2018-12-30 19:45:54,656 DEBG 'watchdog-script' stdout output:
[info] Attempting to start rTorrent...

2018-12-30 19:45:54,657 DEBG 'watchdog-script' stdout output:
Script started, file is /home/nobody/typescript

2018-12-30 19:45:54,676 DEBG 'watchdog-script' stdout output:
Script done, file is /home/nobody/typescript

2018-12-30 19:45:54,680 DEBG 'watchdog-script' stdout output:
[debug] Waiting for rTorrent process to start...

2018-12-30 19:45:55,685 DEBG 'watchdog-script' stdout output:
[debug] Waiting for rTorrent process to start...

2018-12-30 19:45:55,800 DEBG 'flood-script' stdout output:
[info] Configuring Flood...
[info] Flood config file /config/flood/config/config.js doesnt exist, copying from container...

2018-12-30 19:45:55,802 DEBG 'flood-script' stdout output:
[info] Copying Flood config file /config/flood/config/config.js back to container...

2018-12-30 19:45:55,804 DEBG 'flood-script' stdout output:
[info] Starting Flood...

2018-12-30 19:45:56,690 DEBG 'watchdog-script' stdout output:
[info] rTorrent process started
[info] Waiting for rTorrent process to start listening on port 5000...

2018-12-30 19:45:56,695 DEBG 'watchdog-script' stdout output:
[info] rTorrent process listening

2018-12-30 19:45:56,699 DEBG 'watchdog-script' stdout output:
[info] Flood enabled, disabling initialisation of ruTorrent plugins...

2018-12-30 19:45:56,699 DEBG 'watchdog-script' stdout output:
[debug] VPN incoming port is 22900
[debug] rTorrent incoming port is 22900
[debug] VPN IP is 10.37.1.6
[debug] rTorrent IP is 10.37.1.6

This is my config:

docker run -d \
    --cap-add=NET_ADMIN \
    -p 9080:9080 \
    -p 9443:9443 \
    -p 8118:8118 \
    -p 3000:3000 \
    --name=rtorrentvpn \
    -v /home/remote/rutorrent/data:/data \
    -v /home/remote/rutorrent/config:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=USERNAME \
    -e VPN_PASS=SUPERSECRET \
    -e VPN_PROV=pia \
    -e STRICT_PORT_FORWARD=yes \
    -e ENABLE_PRIVOXY=yes \
    -e ENABLE_FLOOD=yes \
    -e ENABLE_AUTODL_IRSSI=yes \
    -e LAN_NETWORK=192.168.15.0/24 \
    -e NAME_SERVERS=9.9.9.9,149.112.112.112 \
    -e DEBUG=true \
    -e PHP_TZ=Europe/Stockholm \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
    binhex/arch-rtorrentvpn

Any help is greatly appreciated! Thanks!

binhex commented 5 years ago

this is the issue:-

-e ENABLE_FLOOD=yes \

if you enable flood (alternative ui to rutorrent) then you connect using a different port, in this case port 3000 (shown in readme), so either disable flood or connect using port 3000 instead of 9080.

note you can have both flood AND rutorrent web ui running by setting value of ENABLE_FLOOD to 'both'

enoch85 commented 5 years ago

Sorry, I posted a config from some debugging I did. With -e ENABLE_FLOOD=no \ it still doesn't work.

I'm having the same issues with MediaBox (based on your Docker container), but for Deluge. With MediaBox everything is setup automatically so there shoudln't be any error docker-wise.

Do I need to open some ports or something?

enoch85 commented 5 years ago

Here's my latest DEBUG log: https://0bin.net/paste/TTZAQ2hDwWxk16Un#ITXA-ARTydY89fey9yevJYwtX8TvpsRL9phuYmnBPKp

Please help! Thank you!

enoch85 commented 5 years ago

Tested to only enable flood now, and same result = timeout.

Thank you for your efforts!

Kevman323 commented 5 years ago

I'm having the same issue with the timeout. It works fine with VPN disabled. It keeps waiting for a valid IP address every 30 seconds. Using PIA vpn. Here's the lines that keep repeating. 

2018-12-31 02:53:02,883 DEBG 'watchdog-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-12-31 02:53:03,011 DEBG 'watchdog-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.74.10.6'

2018-12-31 02:53:03,017 DEBG 'watchdog-script' stdout output:
[debug] External IP address from tunnel is '199.229.249.152'

2018-12-31 02:53:03,017 DEBG 'watchdog-script' stdout output:
[debug] Incoming port for tunnel is '49785'

2018-12-31 02:53:03,024 DEBG 'watchdog-script' stdout output:
[debug] VPN incoming port is 49785
[debug] rTorrent incoming port is 49785

2018-12-31 02:53:03,024 DEBG 'watchdog-script' stdout output:
[debug] VPN IP is 10.74.10.6
[debug] rTorrent IP is 10.74.10.6

EDIT: I can't get haugene/transmission-openvpn to work either, so it's probably something I am doing wrong.

binhex commented 5 years ago

Here's my latest DEBUG log: https://0bin.net/paste/TTZAQ2hDwWxk16Un#ITXA-ARTydY89fey9yevJYwtX8TvpsRL9phuYmnBPKp

Please help! Thank you!

thats a successful start, so the issue is most probably one of the following:-

binhex commented 5 years ago

I'm having the same issue with the timeout. It works fine with VPN disabled. It keeps waiting for a valid IP address every 30 seconds. Using PIA vpn. Here's the lines that keep repeating.

2018-12-31 02:53:02,883 DEBG 'watchdog-script' stdout output:
[debug] Waiting for valid IP address from tunnel...

2018-12-31 02:53:03,011 DEBG 'watchdog-script' stdout output:
[debug] Valid IP address from tunnel acquired '10.74.10.6'

2018-12-31 02:53:03,017 DEBG 'watchdog-script' stdout output:
[debug] External IP address from tunnel is '199.229.249.152'

2018-12-31 02:53:03,017 DEBG 'watchdog-script' stdout output:
[debug] Incoming port for tunnel is '49785'

2018-12-31 02:53:03,024 DEBG 'watchdog-script' stdout output:
[debug] VPN incoming port is 49785
[debug] rTorrent incoming port is 49785

2018-12-31 02:53:03,024 DEBG 'watchdog-script' stdout output:
[debug] VPN IP is 10.74.10.6
[debug] rTorrent IP is 10.74.10.6

EDIT: I can't get haugene/transmission-openvpn to work either, so it's probably something I am doing wrong.

what timeout are you referring to?, there is no timeout in that snipet of the log, the snipet you posted is completely normal, you have debug turned on so it will spit out a message confirming the current vpn ip address, externa;l ip and port every 30 seconds, same deal as the previous post, the issue is most probably host/lan related.

Kevman323 commented 5 years ago

Sorry, I figured that 30 second message was a sign something wrong. I'll post my log here once the container goes back up, but I just want to make sure; This is what comes up when I do ifconfig. I want the middle entry for my LAN_NETWORK right? 

docker0   Link encap:Ethernet  HWaddr 02:42:24:76:96:95
          inet addr:172.17.0.1  Bcast:172.17.255.255  Mask:255.255.0.0
          inet6 addr: fe80::42:24ff:fe76:9695/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1487 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2067 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:170913 (170.9 KB)  TX bytes:706690 (706.6 KB)

enp0s25   Link encap:Ethernet  HWaddr 00:26:9e:9c:57:7c
          inet addr:69.XX.XX.XX  Bcast:69.XX.XX.XX  Mask:255.255.255.248
          inet6 addr: fe80::226:9eff:fe9c:577c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:113219 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22944 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:154079757 (154.0 MB)  TX bytes:7175395 (7.1 MB)
          Interrupt:20 Memory:df6e0000-df700000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:232 errors:0 dropped:0 overruns:0 frame:0
          TX packets:232 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:21806 (21.8 KB)  TX bytes:21806 (21.8 KB)
binhex commented 5 years ago

This is what comes up when I do ifconfig. I want the middle entry for my LAN_NETWORK right?

yes, so LAN_NETWORK will be something like 69.x.x.x/29

Kevman323 commented 5 years ago

Here's my log, although I think I see the problem now. https://0bin.net/paste/u235fRH-b--T0Hjx#hTtdlBy67w3b7FFyWY3hdS68Y4vn1v9NazRcSx08e0i

I'd imagine this line is the problem. "[warn] Unable to load iptable_mangle module, you will not be able to connect to the applications Web UI or Privoxy outside of your LAN"

binhex commented 5 years ago

I'd imagine this line is the problem. "[warn] Unable to load iptable_mangle module, you will not be able to connect to the applications Web UI or Privoxy outside of your LAN"

that will be your issue if you are attempting to access outside of your lan, yep.

enoch85 commented 5 years ago

@binhex

thats a successful start, so the issue is most probably one of the following:-

incorrect LAN_NETWORK - are you sure you have defined this correctly for your lan and CIDR is correct? apparmor - this can block access to apps on the host, try turning it off. firewall - you running anything like pfsense?, if so check this is not blocking

Thanks for the pointers!

So I double checked the firewall and nothing is blocked afaik. I even tried to opened everything (*) for that certain IP that the host is run on. Still no success.

My LAN is this

ens160: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.15.14  netmask 255.255.255.0  broadcast 192.168.15.255
        inet6 fe80::20c:29ff:fef4:3670  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:f4:36:70  txqueuelen 1000  (Ethernet)
        RX packets 3013  bytes 2667600 (2.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1703  bytes 2139185 (2.1 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

So my LAN variable becomes the one in the logs which is 192.168.15.0/24, though I'm trying to connect from 192.168.2.161 which is my laptop and have access to ALL the subnets in my network. So it should work.

Regarding AppArmor I purged that from my server, so it doesn't even exist at all now.

But I still can't connect via browser.

This is my docker ps -a if it helps (I'm only trying to access flood now hence I removed the lines regarding ports for ruTorrent):

065024a43c1b        binhex/arch-rtorrentvpn   "/usr/bin/tini -- /b…"   15 minutes ago      Up 15 minutes       0.0.0.0:3000->3000/tcp, 5000/tcp, 9080/tcp, 9443/tcp, 49160/tcp, 0.0.0.0:8118->8118/tcp, 49170/tcp   rtorrentvpn
binhex commented 5 years ago

hough I'm trying to connect from 192.168.2.161 which is my laptop and have access to ALL the subnets in my network

your laptop may have access to all subnets but the iptable rules are very tight for this image (for good reason) and thus if your laptop has a source ip of 192.168.2.xx then it wont be able to connect due to LAN_NETWORK being set to 192.168.15.0/24.

solution to this is to add in multiple networks, so try setting LAN_NETWORK to:-

-e LAN_NETWORK=192.168.15.0/24,192.168.2.0/24

enoch85 commented 5 years ago

@binhex Thanks I will try that.

I just tried to access without PIA and it worked.

Will get back to you. Thanks for your help so far!

enoch85 commented 5 years ago

@binhex

OMG! I can connect! :D

So far I've tried with flood and I get this: https://i.imgur.com/xLqUegu.png

Is it normal that it takes a while in the beginning or do I need to open ports in the firewall (OPNsense) for it to work properly?

A donation is coming your way when this is working, be sure about that!

enoch85 commented 5 years ago

Sorry, I needed to connect again (F5) and now it seems to work!

Will do some more tests and then close this issue and donate.

THANK YOU!

enoch85 commented 5 years ago

@binhex So I can add torrents but they won't download.

Which ports do I need to open for it to work? In my old installation I use 6881 - 6999, does the same rules apply to flood?

enoch85 commented 5 years ago

OK, so I opened 59292 which is the port in Connectivity in flood, still no success.

enoch85 commented 5 years ago

Oh, I needed to start it duuh

So everything works! I will donate later today!

Thanks a ton!

enoch85 commented 5 years ago

@binhex

One last question, which are the safest permissions to run this with?

Right now it's root:root and UID 000 which doesn't feel safe. Any advice here?

I'm thinking 1000:1000 and UID 750, or is there anything better?

binhex commented 5 years ago

One last question, which are the safest permissions to run this with?

you can run this with any user and group you want, but you must ensure that the the specified user and group have permissions to write to whatever your volumes are pointing at on the host side, also if you do change the PUID and PGID after installation then you will need to delete the file /config/perms.txt to force the permissions to be changed to the specified user and group (or alternatively delete everything and let it re-create it all with the new user and group).

enoch85 commented 5 years ago

JFTR, this is my final config:

docker run -d \
    --cap-add=NET_ADMIN \
    -p 3000:3000 \
    -p 8118:8118 \
    --name=rtorrentvpn \
    -v /mnt/PlexDownloads/:/data \
    -v /root/docker/config:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=pno01 \
    -e VPN_PASS=mmyeah \
    -e VPN_PROV=pia \
    -e STRICT_PORT_FORWARD=yes \
    -e ENABLE_PRIVOXY=yes \
    -e ENABLE_FLOOD=yes \
    -e ENABLE_AUTODL_IRSSI=yes \
    -e LAN_NETWORK=192.168.15.14/32,192.168.2.161/32 \
    -e NAME_SERVERS=9.9.9.9,149.112.112.112 \
    -e DEBUG=false \
    -e PHP_TZ=Europe/Stockholm \
    -e UMASK=022 \
    -e PUID=1001 \
    -e PGID=1001 \
    binhex/arch-rtorrentvpn

useradd rtorrentvpn and then set a strong password. UMASK 022 is Ubuntu default. Works like a charm.

binhex commented 5 years ago

excellent!, thanks for the donation.