Fix CUSTOM provider (example with CyberGhost)

[mateiandrei94]

=== My VPN Provider === CyberGhost VPN generates "Configurations" on the fly per user/slot. It then provides username/password and a zip file which (when unzipped) contains

openvpn.ovpn 
ca.crt
client.crt
client.key

=== My Expectations ===

Initially I expected it would be enough to place all the files in container folder /etc/openvpn/custom i.e.:

/etc/openvpn/custom/openvpn.ovpn 
/etc/openvpn/custom/ca.crt
/etc/openvpn/custom/client.crt
/etc/openvpn/custom/client.key

And then configure environment variables

OPENVPN_PROVIDER=CUSTOM
OPENVPN_USERNAME=myUsername
OPENVPN_PASSWORD=myPassword

It didn't work.

=== The cause of problem 1/3 === The container automatically looks for a file named default.ovpn however cyberghost is openvpn.ovpn To solve this I had to rename the file from openvpn.ovpn to default.ovpn.

=== The cause of problem 2/3 === Upon inspecting of the ovpn file auth-user-pass is declared without a value. With GUI clients this is not a problem, however from the command line, if value is omitted, username/password will be prompted from the console. To solve this I edited the ovpn file

auth-user-pass /config/openvpn-credentials.txt

Then I created a file /config/openvpn-credentials.txt (3rd line is empty)

myUsername
myPassword

=== The cause of problem 3/3 === Another thing that doesn't work is ca.crt client.crt client.key which are declared in the ovpn like this

ca ca.crt
cert client.crt
key client.key

For some reason file paths relative to the ovpn file don't work. To solve this I edited the ovpn file

ca /etc/openvpn/custom/ca.crt
cert /etc/openvpn/custom/client.crt
key /etc/openvpn/custom/client.key

Describe the solution you'd like See My Expectations above

My personal solution/suggestion for problem 1

• accept any name instead of only default.ovpn
• e.g. list all files with ovpn extension, pick first.

My personal solution/suggestion for problem 2

• automatically generate /config/openvpn-credentials.txt from environment variables at container startup
• replace line auth-user-pass .* or add new one if it doesn't already exist auth-user-pass /config/openvpn-credentials.txt

My personal solution/suggestion for problem 3

• edit ovpn : replace if exists likes ca cert key with full path

Describe alternatives you've considered Manually edit files. If it wasn't for the fact that my vpn providers likes to torture me and force me to re-generate new credentials/ovpn files (because old ones don't work anymore) I would've not opened this ticked and continued editing files manually.

Additional context There isn't any.

[xoverride]

Hi, I believe most (if not all) of the issues you encounter have been addressed in the documentation (https://haugene.github.io/docker-transmission-openvpn/supported-providers/) under the Using a custom provider section. Thanks for your feedback.

[mateiandrei94]

I see, perhaps i missed that part of the documentation. Either way, it would be nice if all of it was automatic, and I didn't have to edit the .ovpn file. The renaming of the ovpn can be fixed with volume mount and the openvpn-credentials.txt is automatically generated. There is still the fact that I have to enter the full path to (ca, client and key) which I think can be automated.

[vlaquest]

Hi, I struggled a bit to make it work with cyberghost, the custom provider documentation is not very easy, especially when you're a newcomer like me with all those pieces of software. And I'm making it work on a synology NAS which adds even more steps to follow.

[xoverride]

@vlaquest Would you mind open a new issue and post your setting, config, logs, issues, etc. there. We can take a look and try to help.

[JohnBassHard]

@vlaquest Hi, what did you do to make it work with your synology. I have follow the instruction here (tried to), but I struglle to make it work. I don't really understand much of what i'm doing....

[DuvelCorp]

This helped me a lot with my cyberghost config. I couldnt find a clearer or simpler information on how to manage the custom vpn in the official documentation, I notably found the "fork and edit the code" way.... a bit too much for just passing variables and files to the container. so thank you @mateiandrei94

[mateiandrei94]

@JohnBassHard I also use a Synology NAS First of all read the official docker app documentation from Synology.

To get openvpn working either from within or outside of a docker container both DSM 6 and 7 require enabling kernel tun/tap (or so I'm told, not sure though) I recommend creating a shared folder "startup_scripts" only the super administrator should have write access to this shared folder Place this script on startup, it will enable tun/tap I don't remember where I got this from, but it's out there on the internet somewhere

TUN.sh

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
    if ( [ ! -d /dev/net ] ); then
        mkdir -m 755 /dev/net
    fi
    mknod /dev/net/tun c 10 200
    chmod 0755 /dev/net/tun
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
    insmod /lib/modules/tun.ko
fi

You might also want resolv.conf

nameserver 1.1.1.1
nameserver 8.8.8.8

Open settings app -> task scheduler -> create -> triggered task -> user defined script -> task name = Start TUN Device driver user = root event = Boot-up enabled = yes task settings -> run command /volume1/startup_scripts/TUN.sh Here my shared folder is on volume1, i'm sure you can figure out where yours is

take a look at kernel.org for more details on tun/tap

next is docker app go to image tab select image -> launch -> advanced settings volume tab -> map data, resolv.conf, custom_vpn, and openvpn-credentials network use bridge map static ports, (no idea why automatic ones even exist)

in environment set OPENVPN_PROVIDER=CUSTOM set CREATE_TUN_DEVICE=true set TRANSMISSION_RPC_PASSWORD=be_creative_don'tcopypaste

if you're not using default "docker" shared folder, create a new user for transmission, get it's pid and uid and set PUID PGID

!! do not run the container when finished !!

reboot your synology NAS

At this point, after you configure the ovpn file and credentials etc... Try to start the container, it should fail.

edit container -> check execute container using high privilege it should work

I think this is a Synology BUG, but every time you start/stop this particular container, you should do this to make it work: 1) edit -> uncheck "execute container using high privilege" 2) start container, it should fail 3) edit -> check "execute container using high privilege" 4) start container, it should work

[JohnBassHard]

Thanks for your message Andrei. When I find some time I will try again using the extra information you gave me. Cheers

[canache]

This help me a lot! Thanks