Add installation steps for QNAP

[antakar]

Hello, Great work.

Is it possible to add proper steps how to set this up on QNAP, including:

• a step how to prevent any leaks?
• a step with example of use of the line to restart container if connection is lost ?

[turban0]

By the way, it is better to start the container using the console on QNAP. There is currently no way to set --restart=always using the Container Station GUI.

I use such standard command:

docker run --privileged  -d \
      -v /share/Download/:/data \
      -v /etc/localtime:/etc/localtime:ro \
      --env-file=/share/homes/admin/docker-transmission.env \
      --name=transmission-openvpn \
      -p 9091:9091 \
      --restart=always \
      haugene/transmission-openvpn             

I use the full env variables list from DockerEnv file from the repo root. It's important to have these two lines in your .env file

LOCAL_NETWORK=192.168.1.0/24
OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60

(of course LOCAL_NETWORK should be your network!)

Such container should be visible normally in Container Station, like any other, will be restarting when connection to VPN is lost. To make it perfect open container setting and enable autostart.

[nicomarti83]

hello, I'm getting mad since two days with all this stuffs... I just achieved my env file. I have one question.

• what is the purpose of these two commands: -v /share/Download/:/data \ -v /etc/localtime:/etc/localtime:ro \

thanks for your answer, I'm a linux noob ;)

[turban0]

-v X:Y means mounting X host directory as a Y volume in docker container. In that case first line basically means that when container saves to /data/ folder, it will save to /share/Download folder. On QNAP /share/Download is one of the share folders created by default.

That second -v binding means passing the localtime to container in readonly(ro) mode. To be honest I don't know if it's necessary, I copied it from the docs.

I suggest going through https://docs.docker.com/engine/tutorials/dockerizing/ . Container Station is veeeery limited, docker commands are nice and pretty easy.

[nicomarti83]

ok the container work but I've got a problem in transmission, all the download stop after few seconds and I've got an error message:

Error: No space left on device (/share/CACHEDEV1_DATA/Download/transmission/completed/XXXXXXXXX

[turban0]

Is usually means that target folder is invalid. Looking at your error you've modified some env. variables which shouldn't be touched. I'm afraid you have changed: TRANSMISSION_DOWNLOAD_DIR=/share/CACHEDEV1_DATA/Download/transmission/completed/ It should stay as /data/completed/

Just in case, could you paste here the command you're using?

[antakar]

Turban0, thank you very much for your most helpful answers.

Can you please explain how the container will avoid leaking the IP? How can i make sure, confirm the IP is not being leaked?

[turban0]

Transmission process is "sandboxed" inside openvpn connection, you may notice it's decreased torrent performance and some trackers unavailable because of that.

Only way it may leak the IP is to your LOCAL_NETWORK which you set in the settings - but I guess it's not a problem.

You can check your Transmission IP using such site: http://checkmytorrentip.upcoil.com , your IP should appear on trackers list.

[antakar]

It seems the container hasno inet connection. Here is my config:

docker run --privileged -d \ -v /share/CACHEDEV1_DATA/Download/Transmission-Docker/:/data \ -v /etc/localtime:/etc/localtime:ro \ --env-file=/share/CACHEDEV1_DATA/Download/QNAP/DockerEnv \ --name=transmission-openvpn \ -e "OPENVPN_PROVIDER=HIDEME" \ -e "OPENVPN_CONFIG=Haarlem" \ -e "OPENVPN_USERNAME=mylogin@trans" \ -e "OPENVPN_PASSWORD=mypass" \ -p 9091:9091 \ --restart=always \ haugene/transmission-openvpn

I do not know how to use openvpn config file. Hence i try to provide all details here, including the server: "OPENVPN_CONFIG=Haarlem" \

I am not sure whats not working here. When i test the port within the Transmission, it say its Closed. I have Transmission installed on the same server, when i run that instance of the transmission, port test is passing. Hence i think container not establishing the VPN/internet connection.

Please advise.

P.S. When running the container, within QNAP console i can see:

Console
-------------------------------------                                                                                            

STARTING TRANSMISSION                                                                                                            
NO PORT UPDATER FOR THIS PROVIDER                                                                                                
Transmission startup script complete.                                                                                            
Tue Dec 27 19:14:13 2016 /sbin/ip route add 85.17.25.11/32 via 10.0.3.1                                                          
Tue Dec 27 19:14:13 2016 /sbin/ip route del 0.0.0.0/0                                                                            
Tue Dec 27 19:14:13 2016 /sbin/ip route add 0.0.0.0/0 via 10.3.126.133                                                           
Tue Dec 27 19:14:13 2016 Initialization Sequence Completed   

I am not sure where id 10.x.x.x came from. I have specified within the env file: LOCAL_NETWORK=192.168.0.0/24

If trully container is setting up network 10.x.x.x, and routing to it with VPN traffic as per 85.17.25.11/32 via 10.0.3.1, then my gateway is blocking everyting on 10. as crazy.

I am buffled.

[nicomarti83]

Ok you're right with env. variables TRANSMISSION_DOWNLOAD_DIR=/data/completed/ I tried yesterday and it work for 3 hours fine then all my current torrents displays: error: could not connect to tracker... I really don't want to delete my actual container because of the huge torrent verification time... please help my log is below log container sta.txt

[nicomarti83]

hum it seem to work now... very strange... how can I modify the parameters of openvpn and transmitssion on the fly?

[antakar]

To configure Transmission, either you can use the web gui: yourIP:9091 Or you can use a windows app to connect to your server and then configure it: https://sourceforge.net/projects/transgui/

[nicomarti83]

edit: I'm wrong... you can configure transmission by the remote gui... thanks the problem remain for openvpn configuration ... edit2: you can't actually change parameters from gui... the settings does not save...

[antakar]

Ok, I made it work. then, the connection dropped and hasnt been restored, or something. the pointis all torrents stopped, and none of them could conect to the tracker. so i restarted the container. which threw some errors and fails at me. i removed it. since then, i am unable to reconstruct the container. here is what i get:

Using OpenVPN provider: HIDEME                                                                                                                                                                                                                                 
Starting OpenVPN using config Haarlem.ovpn                                                                                                                                                                                                                     
Setting OPENVPN credentials...                                                                                                                                                                                                                                 
adding route to local network 192.168.1.0/24 via 10.0.3.1 dev eth0                                                                                                                                                                                             
Thu Dec 29 19:19:31 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built                                                                                                                                 
 on Dec  1 2014                                                                                                                                                                                                                                                
Thu Dec 29 19:19:31 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts                                                                                                                                 
Thu Dec 29 19:19:31 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]                                                                                                                                                                                 
Thu Dec 29 19:19:31 2016 UDPv4 link local: [undef]                                                                                                                                                                                                             
Thu Dec 29 19:19:31 2016 UDPv4 link remote: [AF_INET]109.201.143.204:3478                                                                                                                                                                                      
Thu Dec 29 19:19:31 2016 TLS: Initial packet from [AF_INET]109.201.143.204:3478, sid=17e00e94 0f6208e8                                                                                                                                                         
Thu Dec 29 19:19:31 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent t                                                                                                                                 
his                                                                                                                                                                                                                                                            
Thu Dec 29 19:19:31 2016 VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=US, O=DigiCert Inc, CN=DigiCer                                                                                                                                 
t SHA2 Secure Server CA                                                                                                                                                                                                                                        
Thu Dec 29 19:19:31 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE                                                                                                                                 
:certificate verify failed                                                                                                                                                                                                                                     
Thu Dec 29 19:19:31 2016 TLS Error: TLS object -> incoming plaintext read error                                                                                                                                                                                
Thu Dec 29 19:19:31 2016 TLS Error: TLS handshake failed                                                                                                                                                                                                       
Thu Dec 29 19:19:31 2016 SIGUSR1[soft,tls-error] received, process restarting                                                                                                                                                                                  
Thu Dec 29 19:19:31 2016 Restart pause, 2 second(s)                                                                                                                                                                                                            
Thu Dec 29 19:19:33 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts                                                                                                                                 
Thu Dec 29 19:19:33 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]                                                                                                                                                                                 
Thu Dec 29 19:19:33 2016 UDPv4 link local: [undef]                                                                                                                                                                                                             
Thu Dec 29 19:19:33 2016 UDPv4 link remote: [AF_INET]109.201.143.204:3478                                                                                                                                                                                      
Thu Dec 29 19:20:34 2016 [UNDEF] Inactivity timeout (--ping-exit), exiting                                                                                                                                                                                     
Thu Dec 29 19:20:34 2016 SIGTERM[soft,ping-exit] received, process exiting     

[nicomarti83]

when I had the "could conect to the tracker" error I delete the container and change the .ovpn by one of an other country (the UDP one) I change some parameters in transmission (DHT disable and encryption enable) and I built a new container, since then (2 days) everything works great.

[antakar]

Thank you. I have done that. And more changes in the env file - none of it worked. where do you change the .ovpn file? where is it?

[nicomarti83]

I use purevpn as provider, so I change in the env file the OPENVPN_CONFIG=XXXX to OPENVPN_CONFIG=YYYY. You maybe already know but certain VPN location don't alow P2P traffic (according the country law)... you have to look at your vpn provider for more information.

[antakar]

Oh, i have done that. And i only use p2p friendly serevrs with udp. Cant even open transmission web gui.

I have run container with CLI in it. I can ping from it 8.8.8.8. It looks like the network works. Only IP of the container is 10.0.3.2. my settings are: LOCAL_NETWORK=192.168.1.0/24

I have no clue what is going on.

[haugene]

The error TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE :certificate verify failed suggests an invalid cerificate. Hideme was added as a provider 9 months ago, they might have changed their certificate. Download new configs and compare the certificate to what's in the container. We might need to update it. Should add more locations as well, only Haarlem at the moment.

[antakar]

I have only .pem files. ca.pem and StaticKey.pem. Their cointent is different. Also, when compared with the Haarlem on git, they are different.

I will be happy to share the certs, i hope it is legal.

What shall we do next?

[antakar]

So, should i give you guys the pem files?

[antakar]

Ok, i do have ovpn files for hide.me. Where can i upload them? I dont not have push access.

[haugene]

You can either fork this repo, add the configurations and pem file there and then submit a pull request back to this repo. Or provide a link for the config files so that I can download them and add them.

[hh043a]

How can I access the GUI outside my home network? Iv'e port forwarded to 9091 to the localhost but this doesn't seem to be enough. Iv'e googled exhaustively and can't find any combination of env variables or docker run commands that would seem to assist.

It appears to be working using the build command --net=host... Is this going to have any sort of bad consequences?

[haugene]

Cleaning old issues. Re-open or create a new issue if it's still a problem. Remember logs and steps to reproduce.