search

binhex / arch-sabnzbdvpn

Docker build script for Arch Linux base with SABnzbd, Privoxy and OpenVPN
GNU General Public License v3.0
52 stars 9 forks source link

Wireguard VPN Error #44

Closed sameleff closed 1 week ago

sameleff commented 1 week ago

Background: Container has been working w/out issues for over a year. It began experiencing connection issues today (logs indicated that it was creating the tmp/dnsfailures file, and also that it could not establish a public IP address). The webGUI confirmed the latter (unable to find a public IP). I suspected an issue with my wireguard VPN config, so I re-downloaded it, inserted it into the wireguard folder, and now the container won't start.

Here is my new wireguard config:

[Interface]
PrivateKey=<my private key>
Address=<vpn IP address>
PostUp=logger -t wireguard 'Tunnel WireGuard-wg4 started';/usr/local/emhttp/webGui/scripts/update_services
PostDown=logger -t wireguard 'Tunnel WireGuard-wg4 stopped';/usr/local/emhttp/webGui/scripts/update_services
PostUp=ip -4 route flush table 204
PostUp=ip -4 route add default via 10.14.0.2 dev wg4 table 204
PostUp=ip -4 route add 192.168.1.0/24 via 192.168.1.1 dev br0 table 204
PostDown=ip -4 route flush table 204
PostDown=ip -4 route add unreachable default table 204
PostDown=ip -4 route add 192.168.1.0/24 via 192.168.1.1 dev br0 table 204

[Peer]
PublicKey=<mypublickey>
Endpoint=<my endpoint>:51820
AllowedIPs=0.0.0.0/0

Here are the logs:

2024-10-14 17:41:46.237006 [info] Host is running unRAID
2024-10-14 17:41:46.258676 [info] System information: Linux 9bb8f779f553 6.1.74-Unraid #1 SMP PREEMPT_DYNAMIC Fri Feb  2 11:06:32 PST 2024 x86_64 GNU/Linux
2024-10-14 17:41:46.404381 [info] Image tags: INT_RELEASE_TAG=2024073001,IMAGE_RELEASE_TAG=4.3.3-1-01
2024-10-14 17:41:46.428909 [info] PUID defined as '99'
2024-10-14 17:41:46.453662 [info] PGID defined as '100'
2024-10-14 17:41:46.738084 [info] UMASK defined as '000'
2024-10-14 17:41:46.750908 [info] Permissions already set for '/config'
2024-10-14 17:41:46.783924 [info] Deleting files in /tmp (non recursive)...
2024-10-14 17:41:46.805903 [info] VPN_ENABLED defined as 'yes'
2024-10-14 17:41:46.820527 [info] VPN_CLIENT defined as 'wireguard'
2024-10-14 17:41:46.833300 [info] VPN_PROV defined as 'custom'
2024-10-14 17:41:46.856212 [info] WireGuard config file (conf extension) is located at /config/wireguard/wg0.conf
2024-10-14 17:41:46.874749 [crit] VPN configuration file /config/wireguard/wg0.conf does not contain 'Endpoint' line, showing contents of file before exit...
[Interface]
PrivateKey=<my private key>
Address=<vpn IP address>
PostUp=logger -t wireguard 'Tunnel WireGuard-wg4 started';/usr/local/emhttp/webGui/scripts/update_services
PostDown=logger -t wireguard 'Tunnel WireGuard-wg4 stopped';/usr/local/emhttp/webGui/scripts/update_services
PostUp=ip -4 route flush table 204
PostUp=ip -4 route add default via 10.14.0.2 dev wg4 table 204
PostUp=ip -4 route add 192.168.1.0/24 via 192.168.1.1 dev br0 table 204
PostDown=ip -4 route flush table 204
PostDown=ip -4 route add unreachable default table 204
PostDown=ip -4 route add 192.168.1.0/24 via 192.168.1.1 dev br0 table 204

[Peer]
PublicKey=<mypublickey>
Endpoint=<my endpoint>:51820
AllowedIPs=0.0.0.0/0

I'm unsure what to change, the Endpoint line is clearly included in the wg0.conf file...I suspect the error is elsewhere but I'm not sure where to look.

Here is my docker-compose file:

services:
  arch-sabnzbdvpn:
    image: binhex/arch-sabnzbdvpn
    container_name: binhex-sabnzbdvpn
    network_mode: medianet
    privileged: true
    environment:
      - TZ=<my timezone>
      - HOST_OS=Unraid
      - HOST_HOSTNAME=
      - HOST_CONTAINERNAME=binhex-sabnzbdvpn
      - VPN_ENABLED=yes
      - VPN_USER=vpn #these are default, should they be blank? They have always been included, even while the container worked.
      - VPN_PASS=vpn #these are default, should they be blank? They have always been included, even while the container worked.
      - VPN_PROV=custom
      - VPN_CLIENT=wireguard
      - VPN_OPTIONS=
      - STRICT_PORT_FORWARD=no
      - ENABLE_PRIVOXY=yes
      - LAN_NETWORK=<my LAN network, xxx.xxx.x.x/24>
      - 'NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
      - VPN_INPUT_PORTS=
      - VPN_OUTPUT_PORTS=
      - DEBUG=false
      - UMASK=000
      - PUID=99
      - PGID=100
      - sysctl='net.ipv4.conf.all.src_valid_mark=1'
    ports:
      - '8080:8080/tcp'
      - '8090:8090/tcp'
      - '8118:8118/tcp'
    volumes:
      - '/<my media files>/:/data/usenet:rw'
      - '/<my appdata>:/config:rw'
sameleff commented 1 week ago

For those coming later:

This was resolved by copying the Wireguard config that was exported by my VPN provider into the wireguard folder of binhex-sabnzbd. I was originally copying the Wireguard config that was exported by unRAID, which wasn't working. The version from my VPN provider is below in order to highlight the differences.

[Interface]
Address = <vpn address>/16
PrivateKey = <my private key>
DNS = <primary DNS>, <secondary DNS>
[Peer]
PublicKey = <my public key>
AllowedIPs = 0.0.0.0/0
Endpoint = <my endpoint:my port>