Closed antakar closed 6 years ago
By the way, it is better to start the container using the console on QNAP. There is currently no way to set --restart=always using the Container Station GUI.
I use such standard command:
docker run --privileged -d \
-v /share/Download/:/data \
-v /etc/localtime:/etc/localtime:ro \
--env-file=/share/homes/admin/docker-transmission.env \
--name=transmission-openvpn \
-p 9091:9091 \
--restart=always \
haugene/transmission-openvpn
I use the full env variables list from DockerEnv file from the repo root. It's important to have these two lines in your .env file
LOCAL_NETWORK=192.168.1.0/24
OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60
(of course LOCAL_NETWORK should be your network!)
Such container should be visible normally in Container Station, like any other, will be restarting when connection to VPN is lost. To make it perfect open container setting and enable autostart.
hello, I'm getting mad since two days with all this stuffs... I just achieved my env file. I have one question.
-v /share/Download/:/data \
-v /etc/localtime:/etc/localtime:ro \
thanks for your answer, I'm a linux noob ;)
-v X:Y means mounting X host directory as a Y volume in docker container. In that case first line basically means that when container saves to /data/ folder, it will save to /share/Download folder. On QNAP /share/Download is one of the share folders created by default.
That second -v binding means passing the localtime to container in readonly(ro) mode. To be honest I don't know if it's necessary, I copied it from the docs.
I suggest going through https://docs.docker.com/engine/tutorials/dockerizing/ . Container Station is veeeery limited, docker commands are nice and pretty easy.
ok the container work but I've got a problem in transmission, all the download stop after few seconds and I've got an error message:
Error: No space left on device (/share/CACHEDEV1_DATA/Download/transmission/completed/XXXXXXXXX
Is usually means that target folder is invalid.
Looking at your error you've modified some env. variables which shouldn't be touched. I'm afraid you have changed:
TRANSMISSION_DOWNLOAD_DIR=/share/CACHEDEV1_DATA/Download/transmission/completed/
It should stay as /data/completed/
Just in case, could you paste here the command you're using?
Turban0, thank you very much for your most helpful answers.
Can you please explain how the container will avoid leaking the IP? How can i make sure, confirm the IP is not being leaked?
Transmission process is "sandboxed" inside openvpn connection, you may notice it's decreased torrent performance and some trackers unavailable because of that.
Only way it may leak the IP is to your LOCAL_NETWORK which you set in the settings - but I guess it's not a problem.
You can check your Transmission IP using such site: http://checkmytorrentip.upcoil.com , your IP should appear on trackers list.
It seems the container hasno inet connection. Here is my config:
docker run --privileged -d \ -v /share/CACHEDEV1_DATA/Download/Transmission-Docker/:/data \ -v /etc/localtime:/etc/localtime:ro \ --env-file=/share/CACHEDEV1_DATA/Download/QNAP/DockerEnv \ --name=transmission-openvpn \ -e "OPENVPN_PROVIDER=HIDEME" \ -e "OPENVPN_CONFIG=Haarlem" \ -e "OPENVPN_USERNAME=mylogin@trans" \ -e "OPENVPN_PASSWORD=mypass" \ -p 9091:9091 \ --restart=always \ haugene/transmission-openvpn
I do not know how to use openvpn config file. Hence i try to provide all details here, including the server: "OPENVPN_CONFIG=Haarlem" \
I am not sure whats not working here. When i test the port within the Transmission, it say its Closed. I have Transmission installed on the same server, when i run that instance of the transmission, port test is passing. Hence i think container not establishing the VPN/internet connection.
Please advise.
P.S. When running the container, within QNAP console i can see:
Console
-------------------------------------
STARTING TRANSMISSION
NO PORT UPDATER FOR THIS PROVIDER
Transmission startup script complete.
Tue Dec 27 19:14:13 2016 /sbin/ip route add 85.17.25.11/32 via 10.0.3.1
Tue Dec 27 19:14:13 2016 /sbin/ip route del 0.0.0.0/0
Tue Dec 27 19:14:13 2016 /sbin/ip route add 0.0.0.0/0 via 10.3.126.133
Tue Dec 27 19:14:13 2016 Initialization Sequence Completed
I am not sure where id 10.x.x.x came from. I have specified within the env file:
LOCAL_NETWORK=192.168.0.0/24
If trully container is setting up network 10.x.x.x, and routing to it with VPN traffic as per 85.17.25.11/32 via 10.0.3.1, then my gateway is blocking everyting on 10. as crazy.
I am buffled.
Ok you're right with env. variables TRANSMISSION_DOWNLOAD_DIR=/data/completed/
I tried yesterday and it work for 3 hours fine then all my current torrents displays:
error: could not connect to tracker
... I really don't want to delete my actual container because of the huge torrent verification time... please help
my log is below
log container sta.txt
hum it seem to work now... very strange... how can I modify the parameters of openvpn and transmitssion on the fly?
To configure Transmission, either you can use the web gui: yourIP:9091 Or you can use a windows app to connect to your server and then configure it: https://sourceforge.net/projects/transgui/
edit: I'm wrong... you can configure transmission by the remote gui... thanks the problem remain for openvpn configuration ... edit2: you can't actually change parameters from gui... the settings does not save...
Ok, I made it work. then, the connection dropped and hasnt been restored, or something. the pointis all torrents stopped, and none of them could conect to the tracker. so i restarted the container. which threw some errors and fails at me. i removed it. since then, i am unable to reconstruct the container. here is what i get:
Using OpenVPN provider: HIDEME
Starting OpenVPN using config Haarlem.ovpn
Setting OPENVPN credentials...
adding route to local network 192.168.1.0/24 via 10.0.3.1 dev eth0
Thu Dec 29 19:19:31 2016 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built
on Dec 1 2014
Thu Dec 29 19:19:31 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Dec 29 19:19:31 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Dec 29 19:19:31 2016 UDPv4 link local: [undef]
Thu Dec 29 19:19:31 2016 UDPv4 link remote: [AF_INET]109.201.143.204:3478
Thu Dec 29 19:19:31 2016 TLS: Initial packet from [AF_INET]109.201.143.204:3478, sid=17e00e94 0f6208e8
Thu Dec 29 19:19:31 2016 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent t
his
Thu Dec 29 19:19:31 2016 VERIFY ERROR: depth=1, error=unable to get local issuer certificate: C=US, O=DigiCert Inc, CN=DigiCer
t SHA2 Secure Server CA
Thu Dec 29 19:19:31 2016 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE
:certificate verify failed
Thu Dec 29 19:19:31 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Dec 29 19:19:31 2016 TLS Error: TLS handshake failed
Thu Dec 29 19:19:31 2016 SIGUSR1[soft,tls-error] received, process restarting
Thu Dec 29 19:19:31 2016 Restart pause, 2 second(s)
Thu Dec 29 19:19:33 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Dec 29 19:19:33 2016 Socket Buffers: R=[212992->131072] S=[212992->131072]
Thu Dec 29 19:19:33 2016 UDPv4 link local: [undef]
Thu Dec 29 19:19:33 2016 UDPv4 link remote: [AF_INET]109.201.143.204:3478
Thu Dec 29 19:20:34 2016 [UNDEF] Inactivity timeout (--ping-exit), exiting
Thu Dec 29 19:20:34 2016 SIGTERM[soft,ping-exit] received, process exiting
when I had the "could conect to the tracker" error I delete the container and change the .ovpn by one of an other country (the UDP one) I change some parameters in transmission (DHT disable and encryption enable) and I built a new container, since then (2 days) everything works great.
Thank you. I have done that. And more changes in the env file - none of it worked. where do you change the .ovpn file? where is it?
I use purevpn as provider, so I change in the env file the OPENVPN_CONFIG=XXXX to OPENVPN_CONFIG=YYYY. You maybe already know but certain VPN location don't alow P2P traffic (according the country law)... you have to look at your vpn provider for more information.
Oh, i have done that. And i only use p2p friendly serevrs with udp. Cant even open transmission web gui.
I have run container with CLI in it. I can ping from it 8.8.8.8. It looks like the network works. Only IP of the container is 10.0.3.2. my settings are: LOCAL_NETWORK=192.168.1.0/24
I have no clue what is going on.
The error TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE :certificate verify failed
suggests an invalid cerificate. Hideme was added as a provider 9 months ago, they might have changed their certificate. Download new configs and compare the certificate to what's in the container. We might need to update it. Should add more locations as well, only Haarlem at the moment.
I have only .pem files. ca.pem and StaticKey.pem. Their cointent is different. Also, when compared with the Haarlem on git, they are different.
I will be happy to share the certs, i hope it is legal.
What shall we do next?
So, should i give you guys the pem files?
Ok, i do have ovpn files for hide.me. Where can i upload them? I dont not have push access.
You can either fork this repo, add the configurations and pem file there and then submit a pull request back to this repo. Or provide a link for the config files so that I can download them and add them.
How can I access the GUI outside my home network? Iv'e port forwarded to 9091 to the localhost but this doesn't seem to be enough. Iv'e googled exhaustively and can't find any combination of env variables or docker run commands that would seem to assist.
It appears to be working using the build command --net=host... Is this going to have any sort of bad consequences?
Cleaning old issues. Re-open or create a new issue if it's still a problem. Remember logs and steps to reproduce.
Hello, Great work.
Is it possible to add proper steps how to set this up on QNAP, including: