Closed JaWas2019 closed 3 years ago
I had this issue, restoring the TUN.sh task and file from various guides (example below) fixed it for me.
it used to be in the documentation but I couldn't see it anymore
I am having the exact same error on a raspberry pi kubernetes cluster.
Tue Dec 8 17:32:53 2020 [romania407] Peer Connection Initiated with [AF_INET]143.244.54.172:1198
Tue Dec 8 17:32:54 2020 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Tue Dec 8 17:32:54 2020 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Tue Dec 8 17:32:54 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Tue Dec 8 17:32:54 2020 Exiting due to fatal error
But you solved, right @11jwolfe2. Ref #1548
Have you gotten any further here @JaWas2019? I'm thinking we probably have to put the TUN.sh script info back into the docs. Was really hoping that the CREATE_TUN_DEVICE stuff was supposed to work though :disappointed:
I have a DS1621+ and had the same issue. I got it to work by initializing the VPN connection once. Go to "Control Panel" => "Network" => "Network Interface" and create a new VPN Profile with your OpenVPN settings. Make the connection once.
Important: Do make sure to do this on your local network because all traffic from and to your NAS will go through this VPN-connection now. So you will only be able connect to it with your local IP. You can now stop the VPN connection after which you can start the docker container. The fatal error is gone. This feels like a temporary fix because after a reboot of your NAS you have to follow the same procedure again. Hopefully someone will come up with a better solution.
I had the same error on my Synology. I managed to make the container to work by simply creating the TUN device on the host/synology first. After that the error was gone and I was able to run the container on the Docker app on the synology:
This is to execute on your synology:
#!/bin/sh
# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
if ( [ ! -d /dev/net ] ); then
mkdir -m 755 /dev/net
fi
mknod /dev/net/tun c 10 200
chmod 0755 /dev/net/tun
fi
# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
insmod /lib/modules/tun.ko
fi
it used to be as simple as installing the Synology VPN server app. Now running that script at boot up (scheduled task) is the key.
I'm still getting this same error even after running the above script and setting it to always run at NAS boot up. What gives?
Hey guys, sorry for going MIA - somehow all replies to this ended up in my Spam folder unnoticed. I can fix the issue temporarily by ssh*ing onto my NAS and manually sudo executing the TUN.sh file. For some reason, not even the "run on startup" task seems to do the job - thinking it might be because of the sudo permissions - without it I get a Permission denied error. However, this still has to be repeated after every reboot.
Here's an explanation for non-tech-savvy people:
chmod 0755 TUN.sh
(I can't remember if I had to do this the first time, too long ago)sudo ./TUN.sh
from the directory with the fileHope this helps anyone who's never done anything with SSH, took me a while to gather
I have a DS1621+ and had the same issue. I got it to work by initializing the VPN connection once. Go to "Control Panel" => "Network" => "Network Interface" and create a new VPN Profile with your OpenVPN settings. Make the connection once.
Important: Do make sure to do this on your local network because all traffic from and to your NAS will go through this VPN-connection now. So you will only be able connect to it with your local IP. You can now stop the VPN connection after which you can start the docker container. The fatal error is gone. This feels like a temporary fix because after a reboot of your NAS you have to follow the same procedure again. Hopefully someone will come up with a better solution.
Thanks, this is working great on DS920+
Making the NAS do the work by itself is the best approach i think. I belive it's the best way to not interfere with synology processes.
Hey guys, sorry for going MIA - somehow all replies to this ended up in my Spam folder unnoticed. I can fix the issue temporarily by ssh*ing onto my NAS and manually sudo executing the TUN.sh file. For some reason, not even the "run on startup" task seems to do the job - thinking it might be because of the sudo permissions - without it I get a Permission denied error. However, this still has to be repeated after every reboot.
Here's an explanation for non-tech-savvy people:
- Create the file listed by batlley above on your NAS and memorize where you put it
- Download PuTTY or any other SSH tool (I think on mac/linux you can do it directly, I'm on Windows)
- Enter your NAS IP and port (standard is 20) into the connection field
- authenticate yourself with your admin profile
- type sudo
- authenticate yourself again
- navigate to the folder with the file (you need to go into /volume1/ usually before seeing your normal folders)(type cd and a folder name to go to a different directory, cd .. to go up a folder or ls to see a list of folders in your current directory)
- make the file executable with
chmod 0755 TUN.sh
(I can't remember if I had to do this the first time, too long ago)- run the file by typing
sudo ./TUN.sh
from the directory with the fileHope this helps anyone who's never done anything with SSH, took me a while to gather
Thank you for this. I am very new to SSH and am having some difficulty with this unfortunately. Firstly when I enter "sudo", it just brings up a load of different letters and I'm not sure which one to use. I looked up a Synology SSH guide it had "sudo -i" so that is what I used, and managed to navigate to the directory of my TUN.sh (cd /volume1/docker/transmission)
However when I typed "sudo ./TUN.sh", it said "sudo: unable to execute ./TUN.sh: No such file or directory". Do you know how exactly I should be doing this please? I did try the "chmod 0755 TUN.sh" command but that didn't seem to do anything.
EDIT: Nvm, got it working again by doing another restart of my Synology...classic!
Hi,
just for the sake of completeness. Like someone already suggested you do not necessarily need the TUN.sh script. Maybe the more easier way if you are unfamiliar with SSH is: Install the VPN Server Application on your Synology. Start it and make sure it's active (this will create the device for you every reboot). Then add "cap-add=NET_ADMIN" and "device=/dev/net/tun" to your Docker run command and it should also work fine.
I have a DS1621+ and had the same issue. I got it to work by initializing the VPN connection once. Go to "Control Panel" => "Network" => "Network Interface" and create a new VPN Profile with your OpenVPN settings. Make the connection once.
Important: Do make sure to do this on your local network because all traffic from and to your NAS will go through this VPN-connection now. So you will only be able connect to it with your local IP. You can now stop the VPN connection after which you can start the docker container. The fatal error is gone. This feels like a temporary fix because after a reboot of your NAS you have to follow the same procedure again. Hopefully someone will come up with a better solution.
This worked for me. Hopefully not need to reboot the NAS much. :)
fixed
I didn't try the tun.sh script, but the other solutions on this thread did not work for me on a DS920+ running Synology DSM7. It's possible that they work on DSM6. Can anyone comment if they've found a solution for DSM7?
I did my testing with the following configuration:
Test 1 (pchristod's solution):
Installed VPN Server, and then started the Docker container from the GUI.
--> Result: "Exiting due to fatal error"
Test 2 (Beholder1984's solution): Created a VPN network device, connected successfully to it once, disconnected, and then started the Docker container from the GUI. --> Result: "Exiting due to fatal error"
Test 3 (high privileges workaround -- not desirable due to security): Uninstalled the VPN Server application. Deleted the VPN network device in Control Panel. Enabled "Execute container using high privilege". Started the Docker container from the GUI. --> Result: Loaded fine, rock solid connection for days.
if it works with high privilege then all I can say is this is a problem with synology then and something they should fix on their end..
So this this container doesn't require the "--privilege" or "--device" flags on non-Synology systems? Interesting.
I did some more reading more about the "with high privilege" checkbox on Synology DSM's Docker GUI:
Based on this Reddit thread, I believe the Synology checkbox is turning on the "--privileged" flag. This will "enable access to all devices on the host" according to the docker docs.
With regular Docker, it is possible enable privileged access to a specific device using the "--device" flag, but that's not available through the DSM GUI. It's probably possible to start docker with the "--device" flag using a startup script as described here, but I didn't bother. I'm happy using the "with high privilege" checkbox for now.
no, there should be no need for privilege or device so not sure why Synology has that problem..
Hi, we talked a bit about creating the TUN Device within the Container on a Synology NAS in this Issue https://github.com/haugene/docker-transmission-openvpn/issues/1449#issuecomment-726622078 Also never got that to work, Synology seems to be a bit special with these things as pkishino noted.
I think there are various solutions to do this, however I just wanted to clarify how I do it because I believe you misunderstood it a bit. It does work without --privileged (or High privilege as it is called in the GUI). However the GUI is pretty limited I would highly suggest you use the CLI with SSH (simply connect via SSH to your NAS and do a "sudo su"), you can run docker commands then.
1) installed the VPN Server Application and started OpenVPN, the start part is important because otherwise the Device is not created. This will also work through reboots, other then Beholder1984`s solution because the VPN Server will start automatically with every reboot. Alternatively you can still use the TUN.sh script I guess but I never liked that solution. It achieves the same in the end -> create a Device you can use in the next step.
2) I use Docker run to run it, not a startup script:
docker run --restart=always --name "transmission" --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -d \
This is just a snippet of the first line from the command I use, you need to mount volumes and configure environment variables depending on your needs of course. Additionally you can change/remove the IPv6 command if you don't need it.
In this case I at least do not need the high privileges. But I am using the device command you also mentioned. In the end it depends on personal preference I guess which approach you want to choose. If anyone knows how to reliably create the TUN device within the container this would probably be a more ideal solution.
Edit: I do this on DSM 6, not 7, just FYI.
thanks for the input. @haugene I'll add a link to this comment in the documentation for now..
@pchristod Thank you for the additional details! I was able to get it working on DSM7 using "docker run" from an SSH terminal, based on your instructions.
As a bonus, this created a new entry in the Docker GUI. I was able to start/stop/delete the container from the GUI. I was also able to monitor the log and create a terminal for troubleshooting from the GUI. However, editing any parameters from the GUI (e.g. changing the port) broke the configuration and I had to delete it and then recreate from SSH or the script below.
I then created a startup script as described below.
Overall, here's what I did:
Created an OpenVPN network device as described by Beholder1984. Connected successfully to it once, then disconnected, and deleted the connection. I'm not sure this was necessary, or if it was Step 2, below, that resulted in a persistent device at /dev/net/tun.
Installed the "VPN Server" application from Synology Package Center, and then immediately uninstalled the VPN Server application. I'm not sure this was necessary, or if Step 1 did the job. In any case, I now have a persistent device at /dev/net/tun.
Created a script called "run-transmission-docker.sh" that is executable and owned by root. It is located in a folder called /volume1/docker/bootscripts
Created a startup event (Task Scheduler --> Create --> Triggered Task --> User-defined script) to run the script at boot time. Importantly, I found that my DS920+ needed ~30 seconds after booting to allow the docker service to wake up before running this command, so I added a "sleep 30" command.
User: root
Event: Boot-up
Pre-task: leave empty
User-defined script:
sleep 30;bash /volume1/docker/bootscripts/run-transmission-docker.sh
Here is the script, with some details scrubbed:
#!/bin/bash
docker run -d --restart=always \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
--name "transmission" \
-p 9091:9091 \
--mount type=bind,src=/volume1/docker,dst=/docker \
--mount type=bind,src=/volume1/data,dst=/data \
-e PUID="*** your Synology docker user's UID ***" \
-e PGID="*** your Synology docker user's GID ***" \
-e OPENVPN_USERNAME="*** your VPN username ***" \
-e OPENVPN_PASSWORD="*** your VPN password ***" \
-e OPENVPN_PROVIDER="*** your VPN provider ***" \
-e OPENVPN_CONFIG="*** your VPN config ***" \
-e LOCAL_NETWORK="*** your local network subnet ***" \
-e TZ="*** your time zone ***" \
-e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
-e GLOBAL_APPLY_PERMISSIONS="true" \
-e TRANSMISSION_HOME="/docker/transmission-home" \
-e TRANSMISSION_RPC_PORT="9091" \
-e TRANSMISSION_DOWNLOAD_DIR="/data/downloads/completed" \
-e TRANSMISSION_INCOMPLETE_DIR="/data/downloads/incomplete" \
-e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \
-e CREATE_TUN_DEVICE="true" \
-e DROP_DEFAULT_ROUTE="" \
-e WEBPROXY_ENABLED="false" \
-e WEBPROXY_PORT="8888" \
-e WEBPROXY_USERNAME="" \
-e WEBPROXY_PASSWORD="" \
-e LOG_TO_STDOUT="false" \
-e HEALTH_CHECK_HOST="google.com" \
-e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \
haugene/transmission-openvpn
@esimonds Sounds great, really happy you got it working :smile:
I think in your case it was 1) but it doesn't matter anyways as long as you have a persistent device. I cannot remember if I ever tried to uninstall the VPN Server application but I think I did, which resulted in losing the TUN Device. So I simply kept it active and running. Might need to try that again at some point
One thing I saw: I don't believe the Task Scheduler is even necessary. Your container is set to restart always so it should come up automatically anyways after a reboot. You would only need the run command again if you removed and re-created the container. You can try that if you want to see if I'm really right.
Additionally I would also like to give you the tip to look for another Docker Container "Portainer". Setup is pretty simple and straightforward. It's an easy way to manage Docker via GUI, without the limited Synology Docker GUI. Amongst managing Logs etc. you can easily update Container to new images and re-creating them with one step.
I had the same error on my Synology. I managed to make the container to work by simply creating the TUN device on the host/synology first. After that the error was gone and I was able to run the container on the Docker app on the synology:
This is to execute on your synology:
#!/bin/sh # Create the necessary file structure for /dev/net/tun if ( [ ! -c /dev/net/tun ] ); then if ( [ ! -d /dev/net ] ); then mkdir -m 755 /dev/net fi mknod /dev/net/tun c 10 200 chmod 0755 /dev/net/tun fi # Load the tun module if not already loaded if ( !(lsmod | grep -q "^tun\s") ); then insmod /lib/modules/tun.ko fi
Thanks!
This worked for me
I had the same error on my Synology. I managed to make the container to work by simply creating the TUN device on the host/synology first. After that the error was gone and I was able to run the container on the Docker app on the synology: This is to execute on your synology:
#!/bin/sh # Create the necessary file structure for /dev/net/tun if ( [ ! -c /dev/net/tun ] ); then if ( [ ! -d /dev/net ] ); then mkdir -m 755 /dev/net fi mknod /dev/net/tun c 10 200 chmod 0755 /dev/net/tun fi # Load the tun module if not already loaded if ( !(lsmod | grep -q "^tun\s") ); then insmod /lib/modules/tun.ko fi
Thanks!
This worked for me
It worked for me too! I put it in "boot-up" triggered task. How do you ensure that the container starts after the task ?
Hello All,
I've tried your solution but the container still doesn't boot.
I'm on synology DSM 6.2.4-25556
here is the output log:
2021-07-28 15:31:36 net_route_v6_best_gw query: dst :: 2021-07-28 15:31:36 net_route_v6_best_gw result: via :: dev lo 2021-07-28 15:31:36 ROUTE6_GATEWAY :: ON_LINK IFACE=lo 2021-07-28 15:31:36 TUN/TAP device tun0 opened 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up mtu 1500 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up 2021-07-28 15:31:36 /sbin/ip addr add dev tun0 100.120.41.244/24 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up mtu 1500 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up 2021-07-28 15:31:36 /sbin/ip -6 addr add 2001:db8:123::2/64 dev tun0 RTNETLINK answers: Permission denied 2021-07-28 15:31:36 Linux ip -6 addr add failed: external program exited with error status: 2 2021-07-28 15:31:36 Exiting due to fatal error
This was working just fine for me for a couple weeks solid, and then suddenly today it keeps stopping in docker. I don't know if it's the same issue, but here's the logs (from the container, not docker) `
2021-10-27 21:04:26 | stdout | Use --help for more information. |
---|---|---|
2021-10-27 21:04:26 | stdout | Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn |
2021-10-27 21:04:26 | stdout | Setting OpenVPN credentials... |
2021-10-27 21:04:26 | stdout | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop |
2021-10-27 21:04:26 | stdout | Modification: Set output verbosity to 3 |
2021-10-27 21:04:26 | stdout | Modification: Change tls-crypt keyfile path |
2021-10-27 21:04:26 | stdout | Modification: Update/set resolv-retry to 15 seconds |
2021-10-27 21:04:26 | stdout | Modification: Change ping options |
2021-10-27 21:04:26 | stdout | Modification: Change ca certificate path |
2021-10-27 21:04:26 | stdout | Modification: Point auth-user-pass option to the username/password file |
2021-10-27 21:04:26 | stdout | Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container |
2021-10-27 21:04:26 | stdout | Starting OpenVPN using config default.ovpn |
2021-10-27 21:04:26 | stdout | 2021-10-27 21:04:25 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8257.nordvpn.com.udp.ovpn |
2021-10-27 21:04:26 | stdout | 2021-10-27 21:04:25 Downloading config: default.ovpn |
2021-10-27 21:04:26 | stdout | 2021-10-27 21:04:25 Best server : us8257.nordvpn.com |
2021-10-27 21:04:26 | stdout | 2021-10-27 21:04:25 Searching for technology: openvpn_udp |
2021-10-27 21:04:26 | stdout | 2021-10-27 21:04:25 Searching for group: legacy_p2p |
2021-10-27 21:04:25 | stdout | 2021-10-27 21:04:25 Selecting the best server... |
2021-10-27 21:04:25 | stdout | 2021-10-27 21:04:25 Removing existing configs |
2021-10-27 21:04:25 | stdout | 2021-10-27 21:04:25 Checking curl installation |
2021-10-27 21:04:25 | stdout | Executing setup script for NORDVPN |
2021-10-27 21:04:25 | stdout | Provider NORDVPN has a bundled setup script. Defaulting to internal config |
2021-10-27 21:04:25 | stdout | Running with VPN_CONFIG_SOURCE auto |
2021-10-27 21:04:25 | stdout | Using OpenVPN provider: NORDVPN |
2021-10-27 21:04:25 | stdout | mknod: /dev/net/tun: File exists |
2021-10-27 21:04:25 | stdout | Creating TUN device /dev/net/tun |
2021-10-27 21:04:25 | stdout | Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800 |
`
Yeah, Have you updated your nas in the mean time? Look at the last row in the time stamp order.. can’t open the ovpn config file… Probably permission problem
On Thu, Oct 28, 2021 at 6:10 Andrew Hoeveler @.***> wrote:
This was working just fine for me for a couple weeks solid, and then suddenly today it keeps stopping in docker. I don't know if it's the same issue, but here's the logs (from the container, not docker) ` 2021-10-27 21:04:26 stdout Use --help for more information. 2021-10-27 21:04:26 stdout Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn 2021-10-27 21:04:26 stdout Setting OpenVPN credentials... 2021-10-27 21:04:26 stdout Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2021-10-27 21:04:26 stdout Modification: Set output verbosity to 3 2021-10-27 21:04:26 stdout Modification: Change tls-crypt keyfile path 2021-10-27 21:04:26 stdout Modification: Update/set resolv-retry to 15 seconds 2021-10-27 21:04:26 stdout Modification: Change ping options 2021-10-27 21:04:26 stdout Modification: Change ca certificate path 2021-10-27 21:04:26 stdout Modification: Point auth-user-pass option to the username/password file 2021-10-27 21:04:26 stdout Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container 2021-10-27 21:04:26 stdout Starting OpenVPN using config default.ovpn 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8257.nordvpn.com.udp.ovpn 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Downloading config: default.ovpn 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Best server : us8257.nordvpn.com 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Searching for technology: openvpn_udp 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Searching for group: legacy_p2p 2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Selecting the best server... 2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Removing existing configs 2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Checking curl installation 2021-10-27 21:04:25 stdout Executing setup script for NORDVPN 2021-10-27 21:04:25 stdout Provider NORDVPN has a bundled setup script. Defaulting to internal config 2021-10-27 21:04:25 stdout Running with VPN_CONFIG_SOURCE auto 2021-10-27 21:04:25 stdout Using OpenVPN provider: NORDVPN 2021-10-27 21:04:25 stdout mknod: /dev/net/tun: File exists 2021-10-27 21:04:25 stdout Creating TUN device /dev/net/tun 2021-10-27 21:04:25 stdout Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800
`
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/haugene/docker-transmission-openvpn/issues/1542#issuecomment-953314747, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7OFYVXUASDJAMFXFG5KMTUJBTFTANCNFSM4T6ROK3Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
I've not updated anything manually but I cannot speak to auto-updates... what is the "pension" problem?
Permission problem lol.. can you check inside the container what permissions are set on the default.ovpn file please?
Sorry, I don't know how to do anything "inside" the container if the container won't run?
I don't see the container crashing in the logs, so it should be up and running. If you are using portainer you can simple check the console and view the system inside.. otherwise you can exec into the container from terminal. https://docs.docker.com/engine/reference/commandline/exec/ would be useful to see the permissions in the /etc/openvpn/nordvpn folder (using ls -haltr)
I'm not sure what's going on then, because when I start the container, Synology stops it and gives the above error. Here are the logs that error says to look at: ` haugene-transmission-openvpn date stream content 2021-10-28 16:54:40 stdout Use --help for more information. 2021-10-28 16:54:40 stdout Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn 2021-10-28 16:54:40 stdout Setting OpenVPN credentials... 2021-10-28 16:54:40 stdout Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2021-10-28 16:54:40 stdout Modification: Set output verbosity to 3 2021-10-28 16:54:40 stdout Modification: Change tls-crypt keyfile path 2021-10-28 16:54:40 stdout Modification: Update/set resolv-retry to 15 seconds 2021-10-28 16:54:40 stdout Modification: Change ping options 2021-10-28 16:54:40 stdout Modification: Change ca certificate path 2021-10-28 16:54:40 stdout Modification: Point auth-user-pass option to the username/password file 2021-10-28 16:54:40 stdout Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container 2021-10-28 16:54:40 stdout Starting OpenVPN using config default.ovpn 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8930.nordvpn.com.udp.ovpn 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Downloading config: default.ovpn 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Best server : us8930.nordvpn.com 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Searching for technology: openvpn_udp 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Searching for group: legacy_p2p 2021-10-28 16:54:39 stdout 2021-10-28 16:54:39 Selecting the best server... 2021-10-28 16:54:39 stdout 2021-10-28 16:54:39 Removing existing configs 2021-10-28 16:54:39 stdout 2021-10-28 16:54:39 Checking curl installation 2021-10-28 16:54:39 stdout Executing setup script for NORDVPN 2021-10-28 16:54:39 stdout Provider NORDVPN has a bundled setup script. Defaulting to internal config 2021-10-28 16:54:39 stdout Running with VPN_CONFIG_SOURCE auto 2021-10-28 16:54:39 stdout Using OpenVPN provider: NORDVPN 2021-10-28 16:54:39 stdout mknod: /dev/net/tun: File exists 2021-10-28 16:54:39 stdout Creating TUN device /dev/net/tun 2021-10-28 16:54:39 stdout Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800 2021-10-28 16:53:09 stdout Use --help for more information. 2021-10-28 16:53:09 stdout Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn 2021-10-28 16:53:09 stdout Setting OpenVPN credentials... 2021-10-28 16:53:09 stdout Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2021-10-28 16:53:09 stdout Modification: Set output verbosity to 3 2021-10-28 16:53:09 stdout Modification: Change tls-crypt keyfile path 2021-10-28 16:53:09 stdout Modification: Update/set resolv-retry to 15 seconds 2021-10-28 16:53:09 stdout Modification: Change ping options 2021-10-28 16:53:09 stdout Modification: Change ca certificate path 2021-10-28 16:53:09 stdout Modification: Point auth-user-pass option to the username/password file 2021-10-28 16:53:09 stdout Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container 2021-10-28 16:53:09 stdout Starting OpenVPN using config default.ovpn 2021-10-28 16:53:09 stdout 2021-10-28 16:53:08 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8930.nordvpn.com.udp.ovpn 2021-10-28 16:53:09 stdout 2021-10-28 16:53:08 Downloading config: default.ovpn 2021-10-28 16:53:09 stdout 2021-10-28 16:53:08 Best server : us8930.nordvpn.com 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Searching for technology: openvpn_udp 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Searching for group: legacy_p2p 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Selecting the best server... 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Removing existing configs 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Checking curl installation 2021-10-28 16:53:08 stdout Executing setup script for NORDVPN 2021-10-28 16:53:08 stdout Provider NORDVPN has a bundled setup script. Defaulting to internal config 2021-10-28 16:53:08 stdout Running with VPN_CONFIG_SOURCE auto 2021-10-28 16:53:08 stdout Using OpenVPN provider: NORDVPN 2021-10-28 16:53:08 stdout mknod: /dev/net/tun: File exists 2021-10-28 16:53:08 stdout Creating TUN device /dev/net/tun 2021-10-28 16:53:07 stdout Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800
`
I'm wondering if the settings in the run-transmission-docker.sh
I used from above are not set correctly for my install?
For example, I have no /volume1/data/ directory, so I created a new shared folder /volume1/docker-data/ and made that change below.
BUT the other entries, such as -e TRANSMISSION_HOME="/docker/transmission-home" \
don't make sense to me because in my file structure "/transmission-home" lives inside of "/volume1/Downloads"
Same thing with -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \
- why would that not actually be alongside the other transmission folders such as "/data/downloads/incomplete"?
It seems like this .sh script that was posted above was edited quite a bit beyond the defaults of this project. Could someone please post a corrected one that adheres to the default installation?
#!/bin/bash docker run -d --restart=always \ --cap-add=NET_ADMIN \ --device=/dev/net/tun \ --name "transmission" \ -p 9091:9091 \ --mount type=bind,src=/volume1/docker,dst=/docker \ --mount type=bind,src=/volume1/docker-data,dst=/data \ -e PUID="1027" \ -e PGID="100" \ -e OPENVPN_USERNAME="REDACTED" \ -e OPENVPN_PASSWORD="REDACTED" \ -e OPENVPN_PROVIDER="NORDVPN" \ -e OPENVPN_CONFIG="US" \ -e LOCAL_NETWORK="REDACTED" \ -e TZ="America/Los_Angeles" \ -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ -e GLOBAL_APPLY_PERMISSIONS="true" \ -e TRANSMISSION_HOME="/docker/transmission-home" \ -e TRANSMISSION_RPC_PORT="9091" \ -e TRANSMISSION_DOWNLOAD_DIR="/data/downloads/completed" \ -e TRANSMISSION_INCOMPLETE_DIR="/data/downloads/incomplete" \ -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ -e CREATE_TUN_DEVICE="true" \ -e DROP_DEFAULT_ROUTE="" \ -e WEBPROXY_ENABLED="false" \ -e WEBPROXY_PORT="8888" \ -e WEBPROXY_USERNAME="" \ -e WEBPROXY_PASSWORD="" \ -e LOG_TO_STDOUT="false" \ -e HEALTH_CHECK_HOST="google.com" \ -e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \ haugene/transmission-openvpn
Are you using synologies docker app?? If so, stop. Try using portainer. I believe the synology app doesn’t work well.
On Fri, Oct 29, 2021 at 3:45 Andrew Hoeveler @.***> wrote:
I'm wondering if the settings in the run-transmission-docker.sh I used from above are not set correctly for my install? For example, I have no /volume1/data/ directory, so I created a new shared folder /volume1/docker-data/ and made that change below. BUT the other entries, such as -e TRANSMISSION_HOME="/docker/transmission-home" \ don't make sense to me because in my file structure "/transmission-home" lives inside of "/volume1/Downloads" Same thing with -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ - why would that not actually be alongside the other transmission folders such as "/data/downloads/incomplete"?
It seems like this .sh script that was posted above was edited quite a bit beyond the defaults of this project. Could someone please post a corrected one that adheres to the default installation?
!/bin/bash docker run -d --restart=always \ --cap-add=NET_ADMIN \
--device=/dev/net/tun \ --name "transmission" \ -p 9091:9091 \ --mount type=bind,src=/volume1/docker,dst=/docker \ --mount type=bind,src=/volume1/docker-data,dst=/data \ -e PUID="1027" \ -e PGID="100" \ -e OPENVPN_USERNAME="REDACTED" \ -e OPENVPN_PASSWORD="REDACTED" \ -e OPENVPN_PROVIDER="NORDVPN" \ -e OPENVPN_CONFIG="US" \ -e LOCAL_NETWORK="REDACTED" \ -e TZ="America/Los_Angeles" \ -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ -e GLOBAL_APPLY_PERMISSIONS="true" \ -e TRANSMISSION_HOME="/docker/transmission-home" \ -e TRANSMISSION_RPC_PORT="9091" \ -e TRANSMISSION_DOWNLOAD_DIR="/data/downloads/completed" \ -e TRANSMISSION_INCOMPLETE_DIR="/data/downloads/incomplete" \ -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ -e CREATE_TUN_DEVICE="true" \ -e DROP_DEFAULT_ROUTE="" \ -e WEBPROXY_ENABLED="false" \ -e WEBPROXY_PORT="8888" \ -e WEBPROXY_USERNAME="" \ -e WEBPROXY_PASSWORD="" \ -e LOG_TO_STDOUT="false" \ -e HEALTH_CHECK_HOST="google.com" \ -e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \ haugene/transmission-openvpn
— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/haugene/docker-transmission-openvpn/issues/1542#issuecomment-954106842, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7OFYTDUDD36X5FAWORC6LUJGK4LANCNFSM4T6ROK3Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
Also, keep it simple and stick with the defaults until it works. The default compose should be fine, just edit the /data mount to whatever you use locally
Thanks! I was digging around other open and closed issues here and found that DSM 7 has a problem with the Synology Docker app like you mentioned. The temporary fix is to flip the "Execute container using high privilege" switch, click "apply", click "edit" again, flip the switch again and repeat until the switch is on and the container doesn't stop itself from running.
Any solution to this if I am using docker swarm? Device is not supported when deploying in a swarm..
Was also having this problem, turns out my TUN.sh had windows file endings when I tried the following it worked for me
"The problem is that your file is using DOS (Windows) file endings (cr/lf). By changing it over to UNIX file endings (only lf) it should not work.
You can do this in VIM with “:set ff=unix”. Or in Notepad++ by clicking on the “Windows (CR + LF)” text in the bottom right and setting it to “Unix (LF)” - Onmar
Hi.Successful because I set up vpn on the network and restarted it several times.
Thanks! I was digging around other open and closed issues here and found that DSM 7 has a problem with the Synology Docker app like you mentioned. The temporary fix is to flip the "Execute container using high privilege" switch, click "apply", click "edit" again, flip the switch again and repeat until the switch is on and the container doesn't stop itself from running.
thanks, that worked for me!
I found that installing the VPN Server application and then checking enabling OpenVPN allowed me to run my OpenVPN server via docker-compose.
Just to add my 2 pence to this thread.
I managed to install it on Synology dsm using this setup. It is an updated version of what has been posted above. Main change is the mounting of volumes.
docker run -d --restart=always \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
--name "transmission" \
-v /volume1/docker/transmission/data/:/data \
-v /volume1/docker/transmission/config/:/config \
-p 9091:9091 \
-e PUID="YOUR dockers users UID" \
-e PGID="YOUR dockers users GID" \
-e OPENVPN_USERNAME="YOUR USERNAME" \
-e OPENVPN_PASSWORD="YOUR PASSWORD" \
-e OPENVPN_PROVIDER="YOURPROVIDER" \
-e OPENVPN_CONFIG="dummy" \ # will give you a list of available profiles in the log
-e LOCAL_NETWORK="192.168.1.0/24" \
-e TZ="YOUR TIMEZONE" \
-e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
-e GLOBAL_APPLY_PERMISSIONS="true" \
-e CREATE_TUN_DEVICE="true" \
-e DROP_DEFAULT_ROUTE="" \
-e WEBPROXY_ENABLED="false" \
-e WEBPROXY_PORT="8888" \
-e WEBPROXY_USERNAME="" \
-e WEBPROXY_PASSWORD="" \
-e LOG_TO_STDOUT="false" \
-e HEALTH_CHECK_HOST="google.com" \
-e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \
haugene/transmission-openvpn`
Iam not sure what exactly was the last step which lead me to a working config, i tried a lot of things. The last thing i had to do was to update my docker-compose config file and add this device command/line. I also entered the script above into /usr/local/etc/rc.d/tun.sh and gave it the proper rights to execute.
version: '3.8'
services:
netbird:
image: netbirdio/netbird:latest
container_name: netbird-name
hostname: netbird-name
cap_add:
- NET_ADMIN
- SYS_ADMIN
- SYS_RESOURCE
devices:
- /dev/net/tun
environment:
- NB_SETUP_KEY=<setup-key>
volumes:
- /volume1/docker/netbird-client:/etc/netbird
restart: always
Maybe this helps somebody reading this thread...
Hey guys, I'm sorry if I'm just stupid and missing something here, I don't have too much experience with docker, and even less with docker on my new Synology DS920+
I downloaded this container through the built-in docker registry. I set up all my variables, however, the container is crashing on every startup. The logs don't make sense to me, as the TUN creation as well as establishing the VPN connection seem to be working fine, it's only crashing once it's trying to open TUN. I've read that you could use the --device flag to fix this, but as I'm executing from the registry directly, I don't think I can add any flags to the startup?
Please excuse the order of the logfiles (highest=newest), this is how Synology exports it.
Any help would be highly appreciated!
`