Transmission GUI Not Responding

mcrowson commented 5 years ago

I'm following your example and trying to get to the transmission GUI and validate the VPN is used via this: https://torguard.net/checkmytorrentipaddress.php

docker run -it --cap-add=NET_ADMIN --device /dev/net/tun --name vpn \
            -v /some/path:/vpn -d dperson/openvpn-client \
            -v 'vpn.server.name;username;password'
docker run -it --name bit --net=container:vpn -d dperson/transmission
docker run -it --name web -p 80:80 -p 443:443 --link vpn:bit \
            -d dperson/nginx -w "http://bit:9091/transmission;/transmission"

If I don't specify the FIREWALL option then my IP is the one used rather than the VPN.

If I do specify the FIREWALL option, then i can't get the transmission GUI to load.

on OSX running Docker 18.06.1
Just using the commands in the README and changing the relative things such as directories and VPN auth stuff.

the VPN container logs indicate that the VPN connection is getting created successfully

docker logs vpn
Tue Jan 15 01:20:56 2019 OpenVPN 2.4.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jul  8 2018
Tue Jan 15 01:20:56 2019 library versions: LibreSSL 2.7.4, LZO 2.10
Tue Jan 15 01:20:56 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.58.147.42:1194
Tue Jan 15 01:20:56 2019 UDP link local: (not bound)
Tue Jan 15 01:20:56 2019 UDP link remote: [AF_INET]209.58.147.42:1194
Tue Jan 15 01:21:56 2019 [UNDEF] Inactivity timeout (--ping-restart), restarting
Tue Jan 15 01:21:56 2019 SIGUSR1[soft,ping-restart] received, process restarting
Tue Jan 15 01:22:01 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]198.52.36.19:1194

What else should I be looking at to troubleshoot this thing?

When I look at the bridge network used by the vpn container I don't see the bit container. Not sure if this is related:

docker network inspect bridge
[
    {
        "Name": "bridge",
        "Id": "dfcd25315a02a68cb63d699b346037da01f7d7d77e51c78f6ffb5af5f3530d75",
        "Created": "2019-01-14T21:29:29.650157178Z",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.17.0.0/16",
                    "Gateway": "172.17.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": false,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": {
            "ca0343b3c5554d5b171bf0ece6d591a9659c082f71cd478c39c1533f6f97fa70": {
                "Name": "web",
                "EndpointID": "ecc789f13fe7c82715d2b99d17467de90098b506daccb211fe7436b5ba27a79c",
                "MacAddress": "02:42:ac:11:00:03",
                "IPv4Address": "172.17.0.3/16",
                "IPv6Address": ""
            },
            "d4bfa78948f7288d3395dc17c06177ccd079e97967ebf19f61cf4424f7e94b32": {
                "Name": "vpn",
                "EndpointID": "b4181b42d6f521d0b35638d7515b73019d99f9033db5b63131186e6b377ccab9",
                "MacAddress": "02:42:ac:11:00:02",
                "IPv4Address": "172.17.0.2/16",
                "IPv6Address": ""
            }
        },
        "Options": {
            "com.docker.network.bridge.default_bridge": "true",
            "com.docker.network.bridge.enable_icc": "true",
            "com.docker.network.bridge.enable_ip_masquerade": "true",
            "com.docker.network.bridge.host_binding_ipv4": "0.0.0.0",
            "com.docker.network.bridge.name": "docker0",
            "com.docker.network.driver.mtu": "1500"
        },
        "Labels": {}
    }
]

dperson commented 5 years ago

First, thank you for the very good/thorough bug report.

Well --net=container:vpn in the 'bit' container tells docker not to create a separate network stack for the container but to reuse the one from the 'vpn' container.

When you say that when you don't start the firewall that the ip is your own, where are you seeing your IP address show up (how are you checking https://torguard.net/checkmytorrentipaddress.php)?

I see one thing weird in the logs, with the following 2 lines:

Tue Jan 15 01:20:56 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]209.58.147.42:1194
Tue Jan 15 01:22:01 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]198.52.36.19:1194

You're timing out and reconnecting within 2 minutes... something seems off there.

mcrowson commented 5 years ago

Just tried again and the VPN does keep restarting. Here is the contents of the vpn.conf it is using:

client
dev tun
proto udp
remote us.protonvpn.com 1194
resolv-retry infinite
keepalive 10 60
nobind
persist-key
persist-tun
tls-client
remote-cert-tls server
auth-user-pass /vpn/vpn.auth
comp-lzo
verb 1
reneg-sec 0
redirect-gateway def1
disable-occ
fast-io
ca /vpn/vpn-ca.crt

As for how I'm checking the IP. If you use the torrent here: https://torguard.net/checkmytorrentipaddress.php It will give you an error message in your torrent client with your public IP and it also shows it on the website (each torrent is session specific I think so it can show you the IP address it sees).

mcrowson commented 5 years ago

This looks to be a protonvpn issue.

dperson / openvpn-client

Transmission GUI Not Responding #171