Open popeadam opened 2 months ago
Hi, thanks for your interest in the project,
I switched to token authentification a while ago as login password failed from time to time. The image supports login/password creds, may be , nordvpn is not accepting anymore that kind of authentification.
Without the log it difficult to understand what is going on. setting DEBUG to true will give more information.
when connected, this kind of line should be logged:
nordtrans | current technology: nordlynx
nordtrans | current protocol: udp
nordtrans | transfer: 764 b received, 628 b sent
nordtrans | uptime: 7 seconds according to nordvpn.
since nordvpn 3.17.0, privileged is require. At the moment, I'm downgrading to version 3.16.9. That version does not require elevated rights.(NORDVPN_VERSION=3.16.9)
Thank you, edgd1er, I've updated the variables to use NordVPN creds and debug to true, here's the log...
if you already have added the capabilities, could your show your docker command or docker compose file removing login/password/token or any other personnal information ?
Added Net_Admin, same issue , container exits at 'could not fetch rule set generation id'. Gah. Here's the JSON export of the container settings...:
Noticed sys_module is also required if Technology=NordLync, so enabled that with the same result. Hunted about on the internets, seems other containers are having a similar issue, not sure how we might resolve it in Nordlynx-Transmission however...:
https://www.google.com/search?q="synology"+"could+not+fetch+rule+set+generation+id"
Synology has an history of particuliar docker implementation causing problems...
Could you try to switch to iptables legacy in the container ? update-alternatives --set iptables /usr/sbin/iptables-legacy after setting the alternate, iptables should give you that header:
root@04590f1cdfa0:/app# iptables -h
iptables v1.8.9 (legacy)
Usage: iptables -[ACD] chain rule-specification [options]
restart the container or execute /app/start_vpn.sh
Thanks again for your assistance, Edgd1er. I'm not sure how to specify update-alternatives in the container using either the Synology Container Manager or the more customisable Portainer application however.
Is this an env variable I can apply? I can't see it as a capability, and the syntax doesn't match that of a label. Or might I need to change the network from 'bridge' to 'host' or 'none' or some such? I tried appending it to the 'Command' of '/usr/bin/supervisord' '-c' '/etc/supervisor/supervisord.conf' which borked the container annoyingly.
Gah, sorry, I feel like such a novice despite my peers thinking I'm a whizz!
Just noticed there's an environment variable for IP_LEGACY which I've set to Y. Is that new? Progress!
Now hitting a NORDLYNX No wireguard private key found error. I'll work on fixing that so it's aligned with the readme.
Just noticed there's an environment variable for IP_LEGACY which I've set to Y. Is that new? Progress!
yes brand new, just for you ;)
Now hitting a NORDLYNX No wireguard private key found error. I'll work on fixing that so it's aligned with the readme.
I was more expecting something as "Info: NORDLYNX: no wireguard private key found, connecting with nordvpn client." which is an info saying that you will be using nordvpn tool. your container should be up and running.
Copy paste your log, to ease the debug process.
Yup, that was the error indeed. I had set the NORDVPN_CREDS and NORDVPN_PRIVKEY directly as variables as I couldn't figure out how to add the secrets in Portainer. Then I tried adding them to a folder, binding the /data volume to it, and removing the variables. Same error.
date | stream | content |
---|---|---|
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32,227 WARN exited: start_vpn (exit status 1; not expected) |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32: ERROR: NORDVPN: ** |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32: ERROR: NORDVPN: empty user or token |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32: ERROR: NORDVPN: ** |
15/05/2024 23:10 | stdout | + set +x |
15/05/2024 23:10 | stdout | + startNordVpn |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32: Info: NORDLYNX: no wireguard private key found, connecting with nordvpn client. |
15/05/2024 23:10 | stdout | + echo '2024-05-15 22:10:32: Info: NORDLYNX: no wireguard private key found, connecting with nordvpn client.' |
15/05/2024 23:10 | stdout | ++ date '+%Y-%m-%d %T' |
15/05/2024 23:10 | stdout | + log 'Info: NORDLYNX: no wireguard private key found, connecting with nordvpn client.' |
15/05/2024 23:10 | stdout | + [[ 1 -eq 1 ]] |
15/05/2024 23:10 | stdout | + [[ -f /run/secrets/NORDVPN_PRIVKEY ]] |
15/05/2024 23:10 | stdout | + iptables -P OUTPUT ACCEPT |
15/05/2024 23:10 | stdout | + iptables -P FORWARD ACCEPT |
15/05/2024 23:10 | stdout | + iptables -P INPUT ACCEPT |
15/05/2024 23:10 | stdout | + iptables -x |
15/05/2024 23:10 | stdout | + iptables -F |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32: INFO: setting iptables policy to ACCEPT |
15/05/2024 23:10 | stdout | + echo '2024-05-15 22:10:32: INFO: setting iptables policy to ACCEPT' |
15/05/2024 23:10 | stdout | ++ date '+%Y-%m-%d %T' |
15/05/2024 23:10 | stdout | + log 'INFO: setting iptables policy to ACCEPT' |
15/05/2024 23:10 | stdout | + actionACCEPT |
15/05/2024 23:10 | stdout | + set_iptables ACCEPT |
15/05/2024 23:10 | stdout | + iptables -P OUTPUT DROP |
15/05/2024 23:10 | stdout | + iptables -P FORWARD DROP |
15/05/2024 23:10 | stdout | + iptables -P INPUT DROP |
15/05/2024 23:10 | stdout | + iptables -x |
15/05/2024 23:10 | stdout | + iptables -F |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32: INFO: setting iptables policy to DROP |
15/05/2024 23:10 | stdout | + echo '2024-05-15 22:10:32: INFO: setting iptables policy to DROP' |
15/05/2024 23:10 | stdout | ++ date '+%Y-%m-%d %T' |
15/05/2024 23:10 | stdout | + log 'INFO: setting iptables policy to DROP' |
15/05/2024 23:10 | stdout | + actionDROP |
15/05/2024 23:10 | stdout | + set_iptables DROP |
15/05/2024 23:10 | stdout | + update-alternatives --set iptables /usr/sbin/iptables-legacy |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:32: INFO: use iptable-legacy: https://developers.redhat.com/blog/2020/08/18/iptables-the-two-variants-and-their-relationship-with-nftables# |
15/05/2024 23:10 | stdout | + echo '2024-05-15 22:10:32: INFO: use iptable-legacy: https://developers.redhat.com/blog/2020/08/18/iptables-the-two-variants-and-their-relationship-with-nftables#' |
15/05/2024 23:10 | stdout | ++ date '+%Y-%m-%d %T' |
15/05/2024 23:10 | stdout | + log 'INFO: use iptable-legacy: https://developers.redhat.com/blog/2020/08/18/iptables-the-two-variants-and-their-relationship-with-nftables#' |
15/05/2024 23:10 | stdout | + [[ Y ! \N ]] |
15/05/2024 23:10 | stdout | + UNP_IP92.41.176.18 |
15/05/2024 23:10 | stdout | ++ echo 92.41.176.18 |
15/05/2024 23:10 | stdout | ++ [[ -n 92.41.176.18 ]] |
15/05/2024 23:10 | stdout | ++ myIp92.41.176.18 |
15/05/2024 23:10 | stdout | +++ curl -s -m 5 ifconfig.me/ip |
15/05/2024 23:10 | stdout | ++ getCurrentWanIp |
15/05/2024 23:10 | stdout | + chmod 600 /dev/net/tun |
15/05/2024 23:10 | stdout | + mknod /dev/net/tun c 10 200 |
15/05/2024 23:10 | stdout | + mkdir -P /dev/net |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:31: INFO: OVPN: Creating tun interface /dev/net/tun |
15/05/2024 23:10 | stdout | + echo '2024-05-15 22:10:31: INFO: OVPN: Creating tun interface /dev/net/tun' |
15/05/2024 23:10 | stdout | ++ date '+%Y-%m-%d %T' |
15/05/2024 23:10 | stdout | + log 'INFO: OVPN: Creating tun interface /dev/net/tun' |
15/05/2024 23:10 | stdout | + '[' '!' -c /dev/net/tun ']' |
15/05/2024 23:10 | stdout | + mkTun |
15/05/2024 23:10 | stdout | + [[ ! -d /run/nordvpn/ ]] |
15/05/2024 23:10 | stdout | + [[ -z uk ]] |
15/05/2024 23:10 | stdout | + '[' 1 -le 0 ']' |
15/05/2024 23:10 | stdout | ++ pgrep -c nordvpnd |
15/05/2024 23:10 | stdout | + unset CREDS |
15/05/2024 23:10 | stdout | + '[' 1 -le 0 ']' |
15/05/2024 23:10 | stdout | Try `pgrep -f' option to match against the complete command line. |
15/05/2024 23:10 | stdout | pgrep: pattern that searches for process name longer than 15 characters will result in zero matches |
15/05/2024 23:10 | stdout | ++ pgrep -c transmission-daemon |
15/05/2024 23:10 | stdout | + container_ip172.17.0.7 |
15/05/2024 23:10 | stdout | ++ jq -r '.[] |select(.ifname"eth0")| .addr_info[].local' |
15/05/2024 23:10 | stdout | ++ ip -j a |
15/05/2024 23:10 | stdout | ++ getEthIp |
15/05/2024 23:10 | stdout | + CREDS'-n "username:password"' |
15/05/2024 23:10 | stdout | + [[ -n password ]] |
15/05/2024 23:10 | stdout | + [[ -n username ]] |
15/05/2024 23:10 | stdout | + stop_transmission |
15/05/2024 23:10 | stdout | + OBFUSCATEoff |
15/05/2024 23:10 | stdout | + TECHNOLOGYnordlynx |
15/05/2024 23:10 | stdout | + [[ 3.18.1 ~ 3.17.[0-9] ]] |
15/05/2024 23:10 | stdout | + [[ 3.18.1 ! \3.\1\8.\1 ]] |
15/05/2024 23:10 | stdout | + NEW3.18.1 |
15/05/2024 23:10 | stdout | + installed3.18.1 |
15/05/2024 23:10 | stdout | ++ apt-cache policy nordvpn |
15/05/2024 23:10 | stdout | ++ grep -oP 'Install.*: \K.+' |
15/05/2024 23:10 | stdout | + MAXVER3.18.1 |
15/05/2024 23:10 | stdout | ++ grep -oP 'Candidat.*: \K.+' |
15/05/2024 23:10 | stdout | ++ apt-cache policy nordvpn |
15/05/2024 23:10 | stdout | + installedRequiredNordVpnClient |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:29: INFO: No update needed for nordvpn (3.18.1) |
15/05/2024 23:10 | stdout | + echo '2024-05-15 22:10:29: INFO: No update needed for nordvpn (3.18.1)' |
15/05/2024 23:10 | stdout | ++ date '+%Y-%m-%d %T' |
15/05/2024 23:10 | stdout | + log 'INFO: No update needed for nordvpn (3.18.1)' |
15/05/2024 23:10 | stdout | + [[ 3.18.1 ! 3.18.1 ]] |
15/05/2024 23:10 | stdout | + CANDIDATE3.18.1 |
15/05/2024 23:10 | stdout | + CANDIDATE3.18.1 |
15/05/2024 23:10 | stdout | ++ grep -oP 'Candidate: \K.+' |
15/05/2024 23:10 | stdout | ++ apt-cache policy nordvpn |
15/05/2024 23:10 | stdout | + VERSION3.18.1 |
15/05/2024 23:10 | stdout | ++ grep -oP 'Installed: \K.+' |
15/05/2024 23:10 | stdout | ++ apt-cache policy nordvpn |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:27,648 INFO success: start_vpn entered RUNNING state, process has stayed up for > than 1 seconds (startsecs) |
15/05/2024 23:10 | stdout | Reading package lists... |
15/05/2024 23:10 | stdout | Hit:4 https://repo.nordvpn.com/deb/nordvpn/debian stable InRelease |
15/05/2024 23:10 | stdout | Hit:3 http://deb.debian.org/debian-security bookworm-security InRelease |
15/05/2024 23:10 | stdout | Hit:2 http://deb.debian.org/debian bookworm-updates InRelease |
15/05/2024 23:10 | stdout | Hit:1 http://deb.debian.org/debian bookworm InRelease |
15/05/2024 23:10 | stdout | + apt-get update |
15/05/2024 23:10 | stdout | + checkLatestApt |
15/05/2024 23:10 | stdout | + return |
15/05/2024 23:10 | stdout | + [[ Etc/UTC Etc/UTC ]] |
15/05/2024 23:10 | stdout | ++ cat /etc/timezone |
15/05/2024 23:10 | stdout | + setTimeZone |
15/05/2024 23:10 | stdout | + echo 'nameserver 1.1.1.1' |
15/05/2024 23:10 | stdout | + GROUP'--group P2P' |
15/05/2024 23:10 | stdout | + [[ -n P2P ]] |
15/05/2024 23:10 | stdout | + [[ '' ~ ^[0-9]+$ ]] |
15/05/2024 23:10 | stdout | + CONNECTuk |
15/05/2024 23:10 | stdout | + [[ -z uk ]] |
15/05/2024 23:10 | stdout | + [[ -n Albania ]] |
15/05/2024 23:10 | stdout | + NOIPV6off |
15/05/2024 23:10 | stdout | + GROUPP2P |
15/05/2024 23:10 | stdout | + CONNECTuk |
15/05/2024 23:10 | stdout | + COUNTRYAlbania |
15/05/2024 23:10 | stdout | + ANALYTICS1 |
15/05/2024 23:10 | stdout | + RDIR/run/nordvpn/ |
15/05/2024 23:10 | stdout | + TSEC5 |
15/05/2024 23:10 | stdout | + set -x |
15/05/2024 23:10 | stdout | + [[ true \t\r\u\e ]] |
15/05/2024 23:10 | stdout | ++ [[ -z adampope ]] |
15/05/2024 23:10 | stdout | ++ nordvpn_apihttps://api.nordvpn.com |
15/05/2024 23:10 | stdout | ++ export nordvpn_apihttps://api.nordvpn.com |
15/05/2024 23:10 | stdout | ++ export INT |
15/05/2024 23:10 | stdout | ++ export GW |
15/05/2024 23:10 | stdout | +++ INTeth0 |
15/05/2024 23:10 | stdout | +++ GW172.17.0.1 |
15/05/2024 23:10 | stdout | ++ eval GW172.17.0.1 INTeth0 |
15/05/2024 23:10 | stdout | +++ awk '{if($5!"tun0"){print "GW"$3"\nINT"$5; exit}}' |
15/05/2024 23:10 | stdout | +++ /sbin/ip route list match 0.0.0.0 |
15/05/2024 23:10 | stdout | ++ DANTE_ERRORLOG/dev/null |
15/05/2024 23:10 | stdout | ++ DANTE_LOGLEVELerror |
15/05/2024 23:10 | stdout | ++ DANTE_LOGLEVELerror |
15/05/2024 23:10 | stdout | ++ DANTE_DEBUG9 |
15/05/2024 23:10 | stdout | ++ NORDVPN_DEBUGTRUE |
15/05/2024 23:10 | stdout | ++ export NORDVPN_DEBUGTRUE |
15/05/2024 23:10 | stdout | ++ TRANSMISSION_DEBUGTRUE |
15/05/2024 23:10 | stdout | ++ export TRANSMISSION_DEBUGTRUE |
15/05/2024 23:10 | stdout | ++ DANTE_DEBUG1 |
15/05/2024 23:10 | stdout | ++ export DANTE_DEBUG1 |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:25,705 INFO spawned: 'start_vpn' with pid 7 |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:24,702 INFO supervisord started with pid 1 |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:24,702 CRIT Server 'unix_http_server' running without any HTTP authentication checking |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:24,702 INFO RPC interface 'supervisor' initialized |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:24,698 INFO Set uid to user 0 succeeded |
15/05/2024 23:10 | stdout | 2024-05-15 22:10:24,698 INFO Included extra file \/etc/supervisor/conf.d/transmission.conf\" during parsing |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 INFO Included extra file \"/etc/supervisor/conf.d/tinyproxy.conf\" during parsing | |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 INFO Included extra file \"/etc/supervisor/conf.d/nordvpnd.conf\" during parsing | |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 INFO Included extra file \"/etc/supervisor/conf.d/dante.conf\" during parsing | |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 WARN For [program:transmission] | AUTO logging used for stderr_logfile without rollover |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 WARN For [program:tinyproxy] | AUTO logging used for stderr_logfile without rollover |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 WARN For [program:start_vpn] | AUTO logging used for stderr_logfile without rollover |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 WARN For [program:nordvpnd] | AUTO logging used for stderr_logfile without rollover |
2024/05/15 23:10:24,stdout,2024-05-15 22:10:24 | 698 WARN For [program:dante] | AUTO logging used for stderr_logfile without rollover |
Hi Edgd1er, I've been using Haugene's repo to run transmission, but wanted to switch to Nordlynx to enable active torrenting.
When attempting to run v4 of this container the log suggests it exits just after:
iptables v1.8.9 (nf_tables): could not fetch rule set generation id
...and it also throws a 'unknown environment 'supervisord' error before it gets to that.
Possible causes might be: