code-is-art
commented
3 years ago I'd like to try it out. Is this a pre-start script or is there a different way to add it to the container?
Closed haugene closed 3 years ago
code-is-art
commented
3 years ago I'd like to try it out. Is this a pre-start script or is there a different way to add it to the container?
jameson71
commented
3 years ago I could also try it
talondnb
commented
3 years ago @kperinga @zjorsie i have a custom updatePort.sh working at the moment which is allowing me to connect and port forward on the next gen servers. it needs alot of tidying up and testing but my seedbox has been sharing away fine for a bit now
Please share! :)
asilva54
commented
3 years ago PIA - Toronto doing the port 56 error. Israel so far so good.
mizzi0n
commented
3 years ago @talondnb @jscoys @code-is-art @jameson71
guys i have uploaded my temp script to github, it works fine on my connection and my mates connectioin for day, just stick to end points that allow port forwarding. its not the prettiest code but it works, it also assumes you havent heavily moddified the container via your docker-compose.yml file, such as renamming tun0. i think i have covered everything in the notes, let me know how you get on .
gwenl
commented
3 years ago @mizzi0n : works fine for me ! Thank you very much. Will keep it running for a while to see if port remains open in the long run.
talondnb
commented
3 years ago @mizzi0n also working fine here. Had to chmod a+x the script but besides that, great interim solution 👍
edit: just monitored it for a while and got this:
initial setup complete! curl: (28) Connection timed out after 15000 milliseconds Thu Oct 8 06:36:02 AWST 2020: bindPort error /etc/transmission/updatePort.sh: line 54: fatal_error: command not found curl: (28) Connection timed out after 15001 milliseconds Thu Oct 8 06:53:47 AWST 2020: bindPort error /etc/transmission/updatePort.sh: line 54: fatal_error: command not found curl: (28) Connection timed out after 15000 milliseconds Thu Oct 8 07:11:32 AWST 2020: bindPort error /etc/transmission/updatePort.sh: line 54: fatal_error: command not found curl: (28) Connection timed out after 15001 milliseconds Thu Oct 8 07:29:17 AWST 2020: bindPort error /etc/transmission/updatePort.sh: line 54: fatal_error: command not found
mizzi0n
commented
3 years ago @mizzi0n : works fine for me ! Thank you very much. Will keep it running for a while to see if port remains open in the long run.
have you had any issues?
gwenl
commented
3 years ago Nope, so far it's working fine. Transmission still reports that the port is open.
talondnb
commented
3 years ago I'm not sure what is different but after a restart of the host, it has now held onto that port for over 24hrs.
mizzi0n
commented
3 years ago I'm not sure what is different but after a restart of the host, it has now held onto that port for over 24hrs.
Mines has been fine, I think it needs alot better error handling though. I also read their documentation today, your token lasts 7 days and the port bind can last 2 months regardless of changing IP so the rebind that is set to 15 minutes like the app is, probably doesn't need to be that strict
haugene
commented
3 years ago Hey guys. I'm sorry I've been afk in this project for a while. I don't always manage to stay up-to-date here and I've recently started a new job so time has been limited.
Anyways. Big thanks to @mizzi0n and @zjorsie that have taken things into their own hands here. Merging their contributions seems to be all we need to do :clap: And we need to get it done by the end of October before all the legacy servers are shut down.
But before we get going. We have several sets of configs for PIA today. The ones in the default folder are udp configs, and then we have folders for strong, ip, tcp and tcp-strong. Now we're talking about adding nextgen. But if I understand this correctly then all else than nextgen will be shut down by the end of the month? If that's the case then we should use this opportunity to clean up a bit.
Also. We're doing other cleanup on the dev branch currently. One of the changes I want to see in this repo is to remove the checked in .ovpn files and instead have scripts that fetch them. That will remove the need for the constant updates to config files. There is an outline of this in dev already. It checks for a configure-openvpn.sh script within each provider and run it if it exists. Can we change your PR to add such a script instead @zjorsie? I've also started a modify-openvpn-config.sh script that will do necessary modifications to the configs in order to work inside the container (like changing auth-user-pass line).
Are you up for adding your script as a PR @mizzi0n? If you make the PR to the dev branch I think it can be merged. The old script doesn't work anyways so let's get it in there :smile:
zjorsie
commented
3 years ago @haugene offcourse! I was thinking the same about fetching vpn profiles dynamically, but didn't have much time lately either to implement something (congrats on the job btw!).
But with the news that pia only uses nextgen shortly, my pull request has become unnecessary, since port forwarding does not work anymore so it's probably best to dismiss it. If I have time I will look into a config that could use wireguard (if it isn't already implemented by then)..
mizzi0n
commented
3 years ago Hey guys. I'm sorry I've been afk in this project for a while. I don't always manage to stay up-to-date here and I've recently started a new job so time has been limited.
Anyways. Big thanks to @mizzi0n and @zjorsie that have taken things into their own hands here. Merging their contributions seems to be all we need to do 👏 And we need to get it done by the end of October before all the legacy servers are shut down.
But before we get going. We have several sets of configs for PIA today. The ones in the default folder are
udpconfigs, and then we have folders forstrong,ip,tcpandtcp-strong. Now we're talking about addingnextgen. But if I understand this correctly then all else thannextgenwill be shut down by the end of the month? If that's the case then we should use this opportunity to clean up a bit.Also. We're doing other cleanup on the
devbranch currently. One of the changes I want to see in this repo is to remove the checked in .ovpn files and instead have scripts that fetch them. That will remove the need for the constant updates to config files. There is an outline of this in dev already. It checks for aconfigure-openvpn.shscript within each provider and run it if it exists. Can we change your PR to add such a script instead @zjorsie? I've also started amodify-openvpn-config.shscript that will do necessary modifications to the configs in order to work inside the container (like changing auth-user-pass line).Are you up for adding your script as a PR @mizzi0n? If you make the PR to the dev branch I think it can be merged. The old script doesn't work anyways so let's get it in there 😄
I am currently workings on tidying the script up and adding some error handling, shall I do that first?
haugene
commented
3 years ago That sounds good @mizzi0n. Meanwhile I will have a look at adding the nextgen servers.
vinceh31
commented
3 years ago Hello guys,
first at all thanks a lot @haugene for your great work on this docker setup, I was using it a long time ago and went to it again since a couple of weeks, changing from nordvpn to pia for the port forwarding ability.
I confirm I was also blocked with the port forwarding issue with PIA, trying a couple of solutions and finally just tried right now Israel server => port open again, yes :+1:
When I'll be blocked, I'll take a look as well on the @mizzi0n workaround - thanks for that!
Kindly, Vince
haugene
commented
3 years ago Nextgen config are now merged to dev and can be tested. Two things remain for this issue to be closed.
anon905
commented
3 years ago Hello guys,
first at all thanks a lot @haugene for your great work on this docker setup, I was using it a long time ago and went to it again since a couple of weeks, changing from nordvpn to pia for the port forwarding ability.
I confirm I was also blocked with the port forwarding issue with PIA, trying a couple of solutions and finally just tried right now Israel server => port open again, yes 👍
When I'll be blocked, I'll take a look as well on the @mizzi0n workaround - thanks for that!
Kindly, Vince
I used the indicated server and the port was indeed opened. Now I get the message "transmission auth required" followed by this error: "Unexpected response:
In the web client the port was set to the previous port which was closed. I changed it to the new port in the web client and it verified it was open.
Everything seems to work fine when I disable the transmission auth, username and password variables in my compose file. Does the port changing script not support authentication? I thought it had before.
edit: looking at updatePort.sh, it appears that it's getting the username and password from /config/transmission-credentials.txt and not from the environment variables, which is where I'm providing them? I'm pretty new to docker so I'm not sure.
haugene
commented
3 years ago Just to clarify @anon905, the port forwarding script is not working at the moment. Hence point nr 1 of my last post, we need to fix the port forwarding script. Or are you running with the workaround proposed by @mizzi0n?
Whatever you pass inn as transmission credentials will be persisted to /config/transmission-credentials.txt so that's correct.
I need to see your docker run ... command and logs if I should be able to help you. But it seems you just have to sit tight until we've merged the new script into this project and released it.
haugene
commented
3 years ago @mizzi0n If you don't have time to do cleanup of the script before it's added that's ok as well. Todays script no longer works after I merged new configs, so anything is better than nothing at this point :smile: There's a couple of weeks left of October and then we have some time to test before they shut down the old servers. We should have merged to master(/:latest) by then.
anon905
commented
3 years ago I must have misunderstood mizzi0n. I just changed the openvpn_config to Israel and it fetched the port without a problem, it just wouldn't change to that port because of the authentication error. When I disabled authentication it worked fine. I thought it might be relevant for someone else who was having the same issue, and since you were working on the new script if it had an issue with the way it handled authentication you might want to know.
I'm content to sit tight till you get the new script working. I don't want to take up any more of your time on something that will work soon anyway.
mizzi0n
commented
3 years ago @haugene i have been running my own version of the scrpt which was cleaned up a bit but upon checking my docker logs i can see there has been some issues. i have made some changes tonight as well as adding some more verbosity to the output from the functions so it should be clearer to see what has went wrong when. if all goes well i can just replace the code i have up now with that
haugene
commented
3 years ago Sounds great @mizzi0n. Whenever you feel ready to add it to a PR it will be easier for others here to test it as well. But I understand that you want to see if you find the last issues first. Thanks again for taking the time here :+1:
@anon905 Yeah, Israel did work for a while. And the script should work with authentication as well. I might have misunderstood you as well. But let's see when we get it merged in here and then work out any issues we get after that.
mizzi0n
commented
3 years ago Sounds great @mizzi0n. Whenever you feel ready to add it to a PR it will be easier for others here to test it as well. But I understand that you want to see if you find the last issues first. Thanks again for taking the time here 👍
@anon905 Yeah, Israel did work for a while. And the script should work with authentication as well. I might have misunderstood you as well. But let's see when we get it merged in here and then work out any issues we get after that.
hey haugene i have uploaded a new version of the file i have been using for days, it happlily ticked over and rebound every 15 minutes but the other night i had a bind issue which became intermittant but i can replicate the error. as you say maybe its best to incude it, let people run with it and see if we can work out why it happens. i personally think rebuinding every 15 mionutes it to frequent
haugene
commented
3 years ago I understand. Yes, just add it as it is now and then more people can test it and we can get more results and experiences :+1:
mizzi0n
commented
3 years ago I understand. Yes, just add it as it is now and then more people can test it and we can get more results and experiences 👍
other than me uploading it to my git which i have, do you need me to do anything? im not too clued up on git
haugene
commented
3 years ago I can grab the code from your repo and add it here. But you made it so I don't want to steal your code ;) It's quite simple to just create a PR here on Github and then you don't have to do any git magic on the command line.
Just go here: https://github.com/haugene/docker-transmission-openvpn/edit/dev/openvpn/pia/update-port.sh and just replace the script with yours and then choose "create a new branch and start pull request" or whatever that option says for you (might be a bit different). That should be it :smile:
If not. Let me know and I can add it for you.
mizzi0n
commented
3 years ago I can grab the code from your repo and add it here. But you made it so I don't want to steal your code ;) It's quite simple to just create a PR here on Github and then you don't have to do any git magic on the command line.
Just go here: https://github.com/haugene/docker-transmission-openvpn/edit/dev/openvpn/pia/update-port.sh and just replace the script with yours and then choose "create a new branch and start pull request" or whatever that option says for you (might be a bit different). That should be it 😄
If not. Let me know and I can add it for you.
i think its done lol
haugene
commented
3 years ago I see that the file in your repo is 13 days old so you haven't updated it with your latest fixes? Should I just grab the file as it is and add it to this project? Then we can do tweaks from there?
mizzi0n
commented
3 years ago I see that the file in your repo is 13 days old so you haven't updated it with your latest fixes? Should I just grab the file as it is and add it to this project? Then we can do tweaks from there?
i suggested changes to yours and i didnt update my file correctly ( git n00b) so should all be ok now
haugene
commented
3 years ago I see that you updated the script in your repo. But no pull-request is submitted here yet?
mizzi0n
commented
3 years ago I see that you updated the script in your repo. But no pull-request is submitted here yet?
did you see the request since?
haugene
commented
3 years ago Yes, I see #1408. Thanks for creating it. Been a busy day so I'll try to have a look and merge tomorrow :+1:
superkrups20056
commented
3 years ago Excited to try the merge!
haugene
commented
3 years ago Well now it's merged. Hope that as many as possible can test it and give feedback on how it works. Remember that it's only available on the dev tag for now and that a new version has to be pulled to get any updates or fixes going forward.
jscoys
commented
3 years ago Yeahhhh so far so good as you can see on the picture. I switched the Israel server for the France one.
justin-peacock
commented
3 years ago After starting the container mine seems to be getting stuck here:
Could be unrelated though.
Edit: added screenshot.
biggeeus
commented
3 years ago The good news is if I use the dev image port forwarding works on France etc, the bad news is the downloding torrents start paused and if I resume them they stay idle. Also I can't connect to tinyproxy.
jameson71
commented
3 years ago For some reason the dev container is unable to resolve www.privateinternetaccess.com on boot. The regular container I can start bash and resolve it fine soon after boot.
Using OpenVPN provider: PIA Provider PIA has a custom startup script, executing it Downloading OpenVPN config bundle openvpn-nextgen into temporary file /tmp/tmp.bIbGBB curl: (6) Could not resolve host: www.privateinternetaccess.com
haugene
commented
3 years ago @jscoys :rocket: :tada:
@mrdink You can either try to run the container with environment variable DEBUG=true (be prepared for a lot of logs) or try to exec into the container and run just the modification script with debug like this: DEBUG=true find /etc/openvpn/pia -type f -name "*.ovpn" -exec /etc/openvpn/modify-openvpn-config.sh {} \;. Will also generate a ton of logs so alternative 1 is probably easier :smile:
@Biggus-Geeus Please provide your logs, and preferably also your docker run ... command if you have it
@jameson71 Are you running with --dns flags? If not try --dns 8.8.8.8. I have been thinking of adding environment variables to do a more "hard override" of the DNS servers as I'm not impressed by the Docker --dns setting always (though I don't understand why that isn't working as expected at times).
biggeeus
commented
3 years ago @Biggus-Geeus Please provide your logs, and preferably also your docker run ... command if you have it
Also any downloading torrents start like this
Here is my docker compose transmission-openvpn: image: haugene/transmission-openvpn:dev container_name: transmission-openvpn volumes:
STARTING TRANSMISSION Provider PIA has a script for automatic port forwarding. Will run it now. If you want to disable this, set environment variable DISABLE_PORT_UPDATER=yes Transmission startup script complete. STARTING TINYPROXY Found config file /etc/tinyproxy/tinyproxy.conf, updating settings. Setting tinyproxy port to 8888
yes: Broken pipe port is 58791 the port has been bound to 58791 Thu Oct 22 20:23:10 BST 2020 transmission auth not required waiting for transmission to become responsive transmission became responsive 88 100% 254.1 MB Done 0.0 0.0 17.4 Stopped xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Sum: 299.0 GB 0.0 0.0 setting transmission port to 58791 localhost:9091/transmission/rpc/ responded: "success" Checking port... Port is open: Yes
initial setup complete!
waiting for rebind loop................. token expiry 1608794544 remaining = 5399943
haugene
commented
3 years ago @Biggus-Geeus Aha... So, several things to unpack here. I don't know why tinyproxy isn't working. Have to look into that later.
But the dev branch also brings persistent settings so the whole handling of environment variables has changed but it should be backwards compatible. When this happens though I remember a bug that still exists. Can you check the contents of /data/transmission-home/settings.json after the container has started? Especially the variables that the logs reference with "Overriding some-property because XYZ is set to lala". Some of those might look weird. You can now modify them directly and they will not be overridden unless you specify them as environment variables. I would still like to know which ones failed though, so that I can try to fix it.
Hopefully that's the problem. If not then I'll have to dig deeper :thinking: :smile:
jscoys
commented
3 years ago Hum don't know if it's related but seems downloads still in queuing without starting. If I force a resume it looks like it starts and then sometimes after it just stops again.
GabrielJean
commented
3 years ago Hello @haugene, thanks a lot everyone for fixing the PIA issues with the ports and the nextgen servers. I tested the dev image this evening and I had the same issue where the files wouldn't start downloading even though they had plenty of seed available. I investigate a little and the transmission.log file was complaining about not being able to reach the trackers.
I'm not sure how it's related to the errors in the log, but I had these two environment variables in my docker-compose file, and removing them fixed the issue. I was able to replicate the bug multiple times and removing these two fixed it every time:
- TRANSMISSION_PEER_LIMIT_GLOBAL=9999
- TRANSMISSION_PEER_LIMIT_PER_TORRENT=9999You can find my complete docker-compose file here if you want to try it out.
https://github.com/GabrielJean/Homelab-Automation/blob/master/Docker/Plex-Stack.yml
Using OpenVPN provider: PIA
Provider PIA has a custom startup script, executing it
Downloading OpenVPN config bundle openvpn-nextgen into temporary file /tmp/tmp.LPkmcE
Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
Modify configs for this container
Starting OpenVPN using config CA Toronto.ovpn
Setting OpenVPN credentials...
adding route to local network 10.0.0.0/24 via 192.168.112.1 dev eth0
adding route to local network 172.30.224.0/20 via 192.168.112.1 dev eth0
Fri Oct 23 00:47:00 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Fri Oct 23 00:47:00 2020 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Fri Oct 23 00:47:00 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Oct 23 00:47:00 2020 CRL: loaded 1 CRLs from file [[INLINE]]
Fri Oct 23 00:47:00 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]66.115.142.14:1198
Fri Oct 23 00:47:00 2020 UDP link local: (not bound)
Fri Oct 23 00:47:00 2020 UDP link remote: [AF_INET]66.115.142.14:1198
Fri Oct 23 00:47:00 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Fri Oct 23 00:47:00 2020 [toronto402] Peer Connection Initiated with [AF_INET]66.115.142.14:1198
Fri Oct 23 00:47:01 2020 TUN/TAP device tun0 opened
Fri Oct 23 00:47:01 2020 /sbin/ip link set dev tun0 up mtu 1500
Fri Oct 23 00:47:01 2020 /sbin/ip addr add dev tun0 10.12.112.4/24 broadcast 10.12.112.255
Fri Oct 23 00:47:01 2020 /etc/openvpn/tunnelUp.sh tun0 1500 1558 10.12.112.4 255.255.255.0 init
Up script executed with tun0 1500 1558 10.12.112.4 255.255.255.0 init
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.12.112.4
Using Transmission Web Control UI, overriding TRANSMISSION_WEB_HOME
Updating Transmission settings.json with values from env variables
Generating settings.json for Transmission from environment and defaults /etc/transmission/default-settings.json
Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.12.112.4
Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /downloads/Torrent
Overriding download-queue-enabled because TRANSMISSION_DOWNLOAD_QUEUE_ENABLED is set to false
Overriding incomplete-dir-enabled because TRANSMISSION_INCOMPLETE_DIR_ENABLED is set to false
Overriding ratio-limit because TRANSMISSION_RATIO_LIMIT is set to 0
Overriding ratio-limit-enabled because TRANSMISSION_RATIO_LIMIT_ENABLED is set to true
sed'ing True to true
-------------------------------------
Transmission will run as
-------------------------------------
User name: root
User uid: 0
User gid: 0
-------------------------------------
STARTING TRANSMISSION
Provider PIA has a script for automatic port forwarding. Will run it now.
If you want to disable this, set environment variable DISABLE_PORT_UPDATER=yes
Transmission startup script complete.
Fri Oct 23 00:47:01 2020 Initialization Sequence Completed
yes: Broken pipe
port is 49113
the port has been bound to 49113 Fri Oct 23 00:47:07 UTC 2020
transmission auth not required
waiting for transmission to become responsive
transmission became responsive
ID Done Have ETA Up Down Ratio Status Name
Sum: None 0.0 0.0
setting transmission port to 49113
localhost:9091/transmission/rpc/ responded: "success"
Checking port...
Port is open: Yes
initial setup complete!
waiting for rebind loop.................
token expiry 1608813488
remaining = 5399451
@haugene When you say "persistence" do you mean that the settings will stay once you turn the container off and back on again? Because that totally does not work for me. I lose my scheduling and everything when I turn off the container. I can post my docker compose file later.
biggeeus
commented
3 years ago @Biggus-Geeus Aha... So, several things to unpack here. I don't know why tinyproxy isn't working. Have to look into that later.
But the dev branch also brings persistent settings so the whole handling of environment variables has changed but it should be backwards compatible. When this happens though I remember a bug that still exists. Can you check the contents of /data/transmission-home/settings.json after the container has started? Especially the variables that the logs reference with "Overriding some-property because XYZ is set to lala". Some of those might look weird. You can now modify them directly and they will not be overridden unless you specify them as environment variables. I would still like to know which ones failed though, so that I can try to fix it.
Hopefully that's the problem. If not then I'll have to dig deeper 🤔 😄
I compared settings.json with the dev docker and the following settings I define in my docker compose file are set to zero
"speed-limit-up" :1250 "peer-limit-per-torrent": 50 "peer-limit-global": 200 "download-queue-size": 30 "alt-speed-up": 100 "alt-speed-down": 1000
As @GabrielJean pointed out commenting out the 2 peer-limit settings allowed downloads to work. Obviously this hasn't had any impact on tinyproxy not working.
jameson71
commented
3 years ago @haugene Looks like if I change it to net=host it works. Maybe it is something with my local docker? Anyway, thank you for all you do!
StellaTerra
commented
3 years ago I switched over to the dev image, and was able to connect no problem, and port forwarding is working. Thank you so much @haugene & @mizzi0n !
haugene
commented
3 years ago @Biggus-Geeus @jscoys @GabrielJean Just merged #1413 that should fix the issue of torrents not starting when specifying TRANSMISSION_PEER_LIMIT_GLOBAL, TRANSMISSION_MAX_PEERS_GLOBAL, etc. I'm just assuming this also solves your problem @jscoys. Please provide your docker-compose/docker run command and logs if it doesn't.
@superkrups20056 Yes. If you run the dev tag of the image (will be merged before the end of the month) then these settings should stay put through restarts. If they don't, please share your compose file as you say.
@jameson71 If you run with --net=host you're not running the VPN inside the container and your whole host will be behind VPN. If that works for you, then I guess you're good to go. For many users though, they want only Transmission inside the container to be on VPN and the rest of the host networking to be untouched.
EDIT: I just added this commit @jameson71. It gives another way to set DNS servers directly in the container. So you can try running the container with these variables to use Google DNS:
OVERRIDE_DNS_1=8.8.8.8
OVERRIDE_DNS_2=8.8.4.4
kperinga
commented
3 years ago Hi all. I seem to be having the same issue as @mrdink - https://github.com/haugene/docker-transmission-openvpn/issues/1334#issuecomment-714499721 - essentially the container starts up, stays up, but also doesn't initiate the OpenVPN profile. Using debug as suggested by @haugene , log shows that it gets stuck in an endless loop trying to "modify configs for this container" - extract: haugene_transmissionopenvpn_dev_log.txt. Any ideas appreciated.
Which provider? PIA
Where are the configs? Should probably update to the next gen servers.
https://www.privateinternetaccess.com/helpdesk/news/posts/august-19th-2020-important-updated-server-changes-and-related-issues