PIA vpn script: transmission-remote can't find RPC URL "Unexpected response: <h1>301: Moved Permanently</h1>"

wtfpeter commented 1 year ago

Is there a pinned issue for this?

[X] I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

[X] I have searched the existing issues
[X] I have searched the existing discussions

Is there any comment in the documentation for this?

[X] I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

[X] I have checked the provider repo for issues
[X] My issue is NOT related to a provider

Are you using the latest release?

[X] I am using the latest release

Have you tried using the dev branch latest?

[X] I have tried using dev branch

Docker run config used

Docker Compose file

services:
  transmission:
    image: haugene/transmission-openvpn
    container_name: transmission
    cap_add:
      - NET_ADMIN
    security_opt:
      - seccomp:unconfined
    devices:
      - /dev/net/tun
    restart: always
    ports:
      - "9091:9091"
    dns:
      - 9.9.9.9
    networks:
      - bt
    mem_limit: 2g
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data/data:/data
      - ./data/scripts:/scripts
      - ./config:/config
      - /mnt:/mnt
    labels:
      com.centurylinklabs.watchtower.enable: "true"
    environment:
      - OPENVPN_PROVIDER=PIA
      - OPENVPN_USERNAME=username
      - OPENVPN_PASSWORD=password
      - OPENVPN_CONFIG=some_location
      - OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 360 --mute-replay-warnings
      - LOCAL_NETWORK=192.168.0.0/24
      - PUID=1034
      - PGID=65538
      - UMASK=002
      - GLOBAL_APPLY_PERMISSIONS=false
      - DISABLE_PORT_UPDATER=false
      - TRANSMISSION_DHT_ENABLED=false
      - TRANSMISSION_DOWNLOAD_DIR=/mnt/downloads/complete
      - TRANSMISSION_DOWNLOAD_QUEUE_SIZE=100
      - TRANSMISSION_INCOMPLETE_DIR=/mnt/downloads/incomplete
      - TRANSMISSION_PORT_FORWARDING_ENABLED=true
      - TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
      - TRANSMISSION_RPC_ENABLED=true
      - TRANSMISSION_RPC_HOST_WHITELIST="*"
      - TRANSMISSION_RPC_HOST_WHITELIST_ENABLED=true
      - TRANSMISSION_RPC_PASSWORD=rpcpass
      - TRANSMISSION_RPC_PORT=9091
      - TRANSMISSION_RPC_URL=/transmission/rpc
      - TRANSMISSION_RPC_USERNAME=rpcuser
      - TRANSMISSION_RPC_WHITELIST="*"
      - TRANSMISSION_RPC_WHITELIST_ENABLED=true
      - TRANSMISSION_UMASK=2
      - TRANSMISSION_WATCH_DIR=/mnt/downloads/blackhole

networks:
  bt:
    external:
      name: bt

Current Behavior

Running the container with above config (docker compose file) results in below output, see log file, and subsequent infinite loop of RPC not being reachable. The error message says: Unexpected response: <h1>301: Moved Permanently</h1>. This occurred only with last update(s) and I suspect some transmission logic was changed.

Expected Behavior

I expect the container being able to reach transmission via rpc and finish the port forwarding routine successfully.

How have you tried to solve the problem?

1) Tried rollback to older version (2.3.4), unsuccessful. This produced a similar behaviour, but with error 404 instead. 2) Tried all combinations of RPC whitelist and RPC host whitelist being enabled/disabled and with different settings. 3) Tried deleting the transmission-config.json file and using only environment variables. 4) Tried using dev branch, unsuccessful.

Log output

transmission    | TRANSMISSION_HOME is currently set to: /config/transmission-home
transmission    | WARNING: Deprecated. Found old default transmission-home folder at /data/transmission-home, setting this as TRANSMISSION_HOME. This might break in future versions.
transmission    | We will fallback to this directory as long as the folder exists. Please consider moving it to /config/transmission-home
transmission    | Creating TUN device /dev/net/tun
transmission    | Using OpenVPN provider: PIA
transmission    | Running with VPN_CONFIG_SOURCE auto
transmission    | Provider PIA has a bundled setup script. Defaulting to internal config
transmission    | Executing setup script for PIA
transmission    | Downloading OpenVPN config bundle openvpn into temporary file /tmp/tmp.VdoccXYDSS
transmission    | Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
transmission    | Starting OpenVPN using config some_location.ovpn
transmission    | Modifying /etc/openvpn/pia/some_location.ovpn for best behaviour in this container
transmission    | Modification: Point auth-user-pass option to the username/password file
transmission    | Modification: Change ca certificate path
transmission    | Modification: Change ping options
transmission    | Modification: Update/set resolv-retry to 15 seconds
transmission    | Modification: Change tls-crypt keyfile path
transmission    | Modification: Set output verbosity to 3
transmission    | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
transmission    | Modification: Updating status for config failure detection
transmission    | Setting OpenVPN credentials...
transmission    | adding route to local network 192.168.0.0/24 via 172.30.0.1 dev eth0
transmission    | 2023-05-06 14:24:52 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
transmission    | 2023-05-06 14:24:52 OpenVPN 2.5.5 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jul 14 2022
transmission    | 2023-05-06 14:24:52 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
transmission    | 2023-05-06 14:24:52 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
transmission    | 2023-05-06 14:24:52 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
[...]
transmission    | -----END X509 CRL-----
transmission    | 
transmission    | 2023-05-06 14:24:54 TCP/UDP: Preserving recently used remote address: [AF_INET]1.2.3.4:1198
transmission    | 2023-05-06 14:24:54 Socket Buffers: R=[212992->212992] S=[212992->212992]
transmission    | 2023-05-06 14:24:54 UDP link local: (not bound)
transmission    | 2023-05-06 14:24:54 UDP link remote: [AF_INET]1.2.3.4:1198
transmission    | 2023-05-06 14:24:54 TLS: Initial packet from [AF_INET]1.2.3.4:1198, sid=6e9f9a0b 52009236
transmission    | 2023-05-06 14:24:54 VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, emailAddress=secure@privateinternetaccess.com
transmission    | 2023-05-06 14:24:54 VERIFY KU OK
transmission    | 2023-05-06 14:24:54 Validating certificate extended key usage
transmission    | 2023-05-06 14:24:54 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
transmission    | 2023-05-06 14:24:54 VERIFY EKU OK
transmission    | 2023-05-06 14:24:54 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=some_location, name=some_location
transmission    | 2023-05-06 14:24:54 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA512
transmission    | 2023-05-06 14:24:54 [some_location] Peer Connection Initiated with [AF_INET]1.2.3.4:1198
transmission    | 2023-05-06 14:24:54 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.11.112.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.11.112.156 255.255.255.0,peer-id 7,cipher AES-128-GCM'
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: timers and/or timeouts modified
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: compression parms modified
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: --ifconfig/up options modified
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: route options modified
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: route-related options modified
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: peer-id set
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: adjusting link_mtu to 1625
transmission    | 2023-05-06 14:24:54 OPTIONS IMPORT: data channel crypto options modified
transmission    | 2023-05-06 14:24:54 Data Channel: using negotiated cipher 'AES-128-GCM'
transmission    | 2023-05-06 14:24:54 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
transmission    | 2023-05-06 14:24:54 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
transmission    | 2023-05-06 14:24:54 net_route_v4_best_gw query: dst 0.0.0.0
transmission    | 2023-05-06 14:24:54 net_route_v4_best_gw result: via 172.30.0.1 dev eth0
transmission    | 2023-05-06 14:24:54 ROUTE_GATEWAY 172.30.0.1/255.255.0.0 IFACE=eth0 HWADDR=00:00:00:00:00:00
transmission    | 2023-05-06 14:24:54 GDG6: remote_host_ipv6=n/a
transmission    | 2023-05-06 14:24:54 net_route_v6_best_gw query: dst ::
transmission    | 2023-05-06 14:24:54 sitnl_send: rtnl: generic error (-101): Network is unreachable
transmission    | 2023-05-06 14:24:54 ROUTE6: default_gateway=UNDEF
transmission    | 2023-05-06 14:24:54 TUN/TAP device tun0 opened
transmission    | 2023-05-06 14:24:54 net_iface_mtu_set: mtu 1500 for tun0
transmission    | 2023-05-06 14:24:54 net_iface_up: set tun0 up
transmission    | 2023-05-06 14:24:54 net_addr_v4_add: 10.11.112.156/24 dev tun0
transmission    | 2023-05-06 14:24:54 net_route_v4_add: 1.2.3.4/32 via 172.30.0.1 dev [NULL] table 0 metric -1
transmission    | 2023-05-06 14:24:54 net_route_v4_add: 0.0.0.0/1 via 10.11.112.1 dev [NULL] table 0 metric -1
transmission    | 2023-05-06 14:24:54 net_route_v4_add: 128.0.0.0/1 via 10.11.112.1 dev [NULL] table 0 metric -1
transmission    | 2023-05-06 14:24:54 WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
transmission    | 2023-05-06 14:24:54 add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
transmission    | 2023-05-06 14:24:54 net_route_v6_add: 2000::/3 via :: dev tun0 table 0 metric -1
transmission    | 2023-05-06 14:24:54 sitnl_send: rtnl: generic error (-13): Permission denied
transmission    | 2023-05-06 14:24:54 ERROR: Linux IPv6 route can't be added
transmission    | Up script executed with device=tun0 ifconfig_local=10.11.112.156
transmission    | Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.11.112.156
transmission    | Enforcing ownership on transmission directories
transmission    | Applying permissions to transmission directories
transmission    | 
transmission    | -------------------------------------
transmission    | Transmission will run as
transmission    | -------------------------------------
transmission    | User name:   abc
transmission    | User uid:    1034
transmission    | User gid:    65538
transmission    | -------------------------------------
transmission    | 
transmission    | Updating Transmission settings.json with values from env variables
transmission    | Attempting to use existing settings.json for Transmission
transmission    | Successfully used existing settings.json /data/transmission-home/settings.json
transmission    | Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.11.112.156
transmission    | Overriding dht-enabled because TRANSMISSION_DHT_ENABLED is set to false
transmission    | Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /mnt/downloads/complete
transmission    | Overriding download-queue-size because TRANSMISSION_DOWNLOAD_QUEUE_SIZE is set to 100
transmission    | Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /mnt/downloads/incomplete
transmission    | Overriding port-forwarding-enabled because TRANSMISSION_PORT_FORWARDING_ENABLED is set to true
transmission    | Overriding rpc-authentication-required because TRANSMISSION_RPC_AUTHENTICATION_REQUIRED is set to true
transmission    | Overriding rpc-enabled because TRANSMISSION_RPC_ENABLED is set to true
transmission    | Overriding rpc-host-whitelist because TRANSMISSION_RPC_HOST_WHITELIST is set to *
transmission    | Overriding rpc-host-whitelist-enabled because TRANSMISSION_RPC_HOST_WHITELIST_ENABLED is set to true
transmission    | Overriding rpc-password because TRANSMISSION_RPC_PASSWORD is set to [REDACTED]
transmission    | Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091
transmission    | Overriding rpc-url because TRANSMISSION_RPC_URL is set to /transmission/rpc
transmission    | Overriding rpc-username because TRANSMISSION_RPC_USERNAME is set to rpcuser
transmission    | Overriding rpc-whitelist because TRANSMISSION_RPC_WHITELIST is set to *
transmission    | Overriding rpc-whitelist-enabled because TRANSMISSION_RPC_WHITELIST_ENABLED is set to true
transmission    | Overriding umask because TRANSMISSION_UMASK is set to 2
transmission    | Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /mnt/downloads/blackhole
transmission    | sed'ing True to true
transmission    | STARTING TRANSMISSION
transmission    | Provider PIA has a script for automatic port forwarding. Will run it now.
transmission    | If you want to disable this, set environment variable DISABLE_PORT_UPDATER=true
transmission    | Transmission startup script complete.
transmission    | 2023-05-06 14:24:54 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
transmission    | 2023-05-06 14:24:54 Initialization Sequence Completed
transmission    | Running functions for token based port fowarding
transmission    | Reserved Port: 57047  Sat May  6 14:25:00 2023
transmission    | transmission auth required
transmission    | waiting for transmission to become responsive
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
[...]
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>

From this point on the container seems stuck.

HW/SW Environment

- OS: Ubuntu 20.04.5 LTS (GNU/Linux 5.4.0-137-generic x86_64)
- Docker: Docker version 23.0.1, build a5ee5b1

Anything else?

No response

pkishino commented 1 year ago

This is the PIA script throwing this error..if you re-created the container from scratch and this stil occurs then try a different vpn location..or your docker network has some issue I guess

wtfpeter commented 1 year ago

Thank you, just to be sure though, the last log message before the Unexpected response loop is waiting for transmission to become responsive, which is why I interpreted this as a container bug, i.e. Unexpected response: <h1>301: Moved Permanently</h1> being the response to the RPC call. I tried different vpn locations as well.

Next thing to try would be to start from 0 which I was hestitant until now, since I don't want to lose my seeds.

Thanks again for your help, it's greatly appreciated

pkishino commented 1 year ago

If you want to keep your seeds you could just keep your transmission-home folder but wipe the settings.json file before starting a fresh container

On Sun, 7 May 2023 at 20:51, wtfpeter @.***> wrote:

Thank you, just to be sure though, the last log message before the Unexpected response loop is waiting for transmission to become responsive, which is why I interpreted this as a container bug, i.e. Unexpected response:
301: Moved Permanently
being the response to the RPC call. I tried different vpn locations as well.

Next thing to try would be to start from 0 which I was hestitant until now, since I don't want to lose my seeds.

Thanks again for your help, it's greatly appreciated

— Reply to this email directly, view it on GitHub https://github.com/haugene/vpn-configs-contrib/issues/210#issuecomment-1537420857, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7OFYUE5EZQCBDOFKRH43LXE6EFDANCNFSM6AAAAAAXYUD4LU . You are receiving this because you modified the open/close state.Message ID: @.***>

wtfpeter commented 1 year ago

Thank you pkishino, I was able to create a new runtime of the container, removing all old configs and slimming down the compose file to this:

version: '3.3'
services:
  transmission:
    image: haugene/transmission-openvpn
    container_name: transmission
    cap_add:
      - NET_ADMIN
    ports:
      - "9091:9091"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data/data:/data
      - ./config:/config
      - ./mnt:/mnt
    environment:
      - OPENVPN_PROVIDER=PIA
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - OPENVPN_CONFIG=some_location
      - LOCAL_NETWORK=192.168.0.0/24
      - DEBUG=true
      - TRANSMISSION_DOWNLOAD_DIR=/mnt/downloads/complete
      - TRANSMISSION_INCOMPLETE_DIR=/mnt/downloads/incomplete
      - TRANSMISSION_PORT_FORWARDING_ENABLED=true
      - TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true
      - TRANSMISSION_RPC_ENABLED=true
      - TRANSMISSION_RPC_HOST_WHITELIST="*"
      - TRANSMISSION_RPC_HOST_WHITELIST_ENABLED=true
      - TRANSMISSION_RPC_PASSWORD=rpcpass
      - TRANSMISSION_RPC_PORT=9091
      - TRANSMISSION_RPC_URL=/transmission/rpc
      - TRANSMISSION_RPC_USERNAME=rpcuser
      - TRANSMISSION_RPC_WHITELIST="*"
      - TRANSMISSION_RPC_WHITELIST_ENABLED=true
      - TRANSMISSION_WATCH_DIR=/mnt/downloads/blackhole

I found the DEBUG option in the docs which prompted me to see what the output looks like and from this, I am not so sure if this is really a provider related issue. The way I understand the log output is that the container successfully runs the token related calls to PIA, then reserves a port (38654) and tries to set this port in the transmission settings, using RPC via transmission-daemon. Which is where the container can not process the 301 reply of transmission itself. Please see below.

[...]
transmission    | Running functions for token based port fowarding
transmission    | + echo 'Running functions for token based port fowarding'
transmission    | + get_auth_token
transmission    | ++ curl --silent --show-error --request POST --max-time 15 --user user:pass https://www.privateinternetaccess.com/gtoken/generateToken
transmission    | ++ jq -r .token
transmission    | + tok=zbcARxbmlX4+uRasdf123AidujhRJ3VwX7bAeXvhwv5twHUHAJAz8kEiLlME=
transmission    | + '[' 0 -ne 0 ']'
transmission    | + get_sig
transmission    | ++ curl --insecure --get --silent --show-error --retry 5 --retry-delay 15 --max-time 15 --data-urlencode token=zbcARxbmlX4asdf123vtwXlA6jcqJXBJgwBpb0Gd48GAidujhRJ3VwX7bAeXvhwv5twHUHAJAz8kEiLlME= https://10.24.112.1:19999/getSignature
transmission    | + pf_getsig='{
transmission    |     "status": "OK",
transmission    |     "payload": "eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDasdf123mh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9",
transmission    |     "signature": "aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ=="
transmission    | }'
transmission    | ++ echo '{' '"status":' '"OK",' '"payload":' '"eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDQ4asdf123mh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9",' '"signature":' '"aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ=="' '}'
transmission    | ++ jq -r .status
transmission    | + '[' OK '!=' OK ']'
transmission    | ++ echo '{' '"status":' '"OK",' '"payload":' '"eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDQ4R0Fpasdf123mh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9",' '"signature":' '"aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ=="' '}'
transmission    | ++ jq -r .payload
transmission    | + pf_payload=eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHasdf123M1Z3WDdiQWVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9
transmission    | ++ echo '{' '"status":' '"OK",' '"payload":' '"eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDQ4R0Fasdf123ODMzNTA5NjYxWiJ9",' '"signature":' '"aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ=="' '}'
transmission    | ++ jq -r .signature
transmission    | + pf_getsignature=aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ==
transmission    | ++ echo eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBasdf123FJKM1Z3WDdiQWVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9
transmission    | ++ base64 -d
transmission    | ++ jq -r .port
transmission    | + pf_port=38654
transmission    | ++ echo eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZasdf123JKM1Z3WDdiQWVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9
transmission    | ++ base64 -d
transmission    | ++ jq -r .expires_at
transmission    | + pf_token_expiry_raw=2023-07-09T00:47:46.833509661Z
transmission    | + date --help /dev/null
transmission    | + grep -i busybox
transmission    | ++ date --date=2023-07-09T00:47:46.833509661Z +%s
transmission    | + pf_token_expiry=1688863666
transmission    | + bind_port
transmission    | ++ curl --insecure --get --silent --show-error --retry 5 --retry-delay 15 --max-time 15 --data-urlencode payload=eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpasdf1234WVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9 --data-urlencode signature=aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ== https://10.24.112.1:19999/bindPort
transmission    | + pf_bind='{
transmission    |     "status": "OK",
transmission    |     "message": "port scheduled for add"
transmission    | }'
transmission    | ++ echo '{' '"status":' '"OK",' '"message":' '"port' scheduled for 'add"' '}'
transmission    | ++ jq -r .status
transmission    | + '[' OK = OK ']'
transmission    | ++ date
transmission    | + echo 'Reserved Port: 38654  Sun May  7 14:47:47 CEST 2023'
transmission    | Reserved Port: 38654  Sun May  7 14:47:47 CEST 2023
transmission    | + bind_trans
transmission    | + new_port=38654
transmission    | ++ grep 'rpc-authentication-required\"' /config/transmission-home/settings.json
transmission    | ++ grep -oE 'true|false'
transmission    | + auth_enabled=true
transmission    | + [[ true = \t\r\u\e ]]
transmission    | + echo 'transmission auth required'
transmission    | + myauth='--auth rpcuser:rpcpass'
transmission    | transmission auth required
transmission    | + echo 'waiting for transmission to become responsive'
transmission    | waiting for transmission to become responsive
transmission    | ++ transmission-remote 9091 --auth rpcuser:rpcpass -l
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | + torrent_list=
transmission    | + sleep 10
transmission    | ++ transmission-remote 9091 --auth rpcuser:rpcpass -l
transmission    | Unexpected response: <h1>301: Moved Permanently</h1>
transmission    | + torrent_list=
transmission    | + sleep 10

pkishino commented 1 year ago

Please change rpc_url to /transmission/ and try again

On Sun, 7 May 2023 at 22:05, wtfpeter @.***> wrote:

Thank you pkishino, I was able to create a new runtime of the container, removing all old configs and slimming down the compose file to this:

version: '3.3' services: transmission: image: haugene/transmission-openvpn container_name: transmission cap_add:

NET_ADMIN ports:

"9091:9091" volumes:

/etc/localtime:/etc/localtime:ro

./data/data:/data

./config:/config

./mnt:/mnt environment:

OPENVPN_PROVIDER=PIA

OPENVPN_USERNAME=user

OPENVPN_PASSWORD=pass

OPENVPN_CONFIG=some_location

LOCAL_NETWORK=192.168.0.0/24

DEBUG=true

TRANSMISSION_DOWNLOAD_DIR=/mnt/downloads/complete

TRANSMISSION_INCOMPLETE_DIR=/mnt/downloads/incomplete

TRANSMISSION_PORT_FORWARDING_ENABLED=true

TRANSMISSION_RPC_AUTHENTICATION_REQUIRED=true

TRANSMISSION_RPC_ENABLED=true

TRANSMISSION_RPC_HOST_WHITELIST="*"

TRANSMISSION_RPC_HOST_WHITELIST_ENABLED=true

TRANSMISSION_RPC_PASSWORD=rpcpass

TRANSMISSION_RPC_PORT=9091

TRANSMISSION_RPC_URL=/transmission/rpc

TRANSMISSION_RPC_USERNAME=rpcuser

TRANSMISSION_RPC_WHITELIST="*"

TRANSMISSION_RPC_WHITELIST_ENABLED=true

TRANSMISSION_WATCH_DIR=/mnt/downloads/blackhole

I found the DEBUG option in the docs which prompted me to see what the output looks like and from this, I am not so sure if this is really a provider related issue. The way I understand the log output is that the container successfully runs the token related calls to PIA, then reserves a port (38654) and tries to set this port in the transmission settings, using RPC via transmission-daemon. Which is where the container can not process the 301 reply of transmission itself. Please see below.

[...] transmission | Running functions for token based port fowarding transmission | + echo 'Running functions for token based port fowarding' transmission | + get_auth_token transmission | ++ curl --silent --show-error --request POST --max-time 15 --user user:pass https://www.privateinternetaccess.com/gtoken/generateToken transmission | ++ jq -r .token transmission | + tok=zbcARxbmlX4+uRasdf123AidujhRJ3VwX7bAeXvhwv5twHUHAJAz8kEiLlME= transmission | + '[' 0 -ne 0 ']' transmission | + get_sig transmission | ++ curl --insecure --get --silent --show-error --retry 5 --retry-delay 15 --max-time 15 --data-urlencode token=zbcARxbmlX4asdf123vtwXlA6jcqJXBJgwBpb0Gd48GAidujhRJ3VwX7bAeXvhwv5twHUHAJAz8kEiLlME= https://10.24.112.1:19999/getSignature transmission | + pf_getsig='{ transmission | "status": "OK", transmission | "payload": "eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDasdf123mh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9", transmission | "signature": "aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ==" transmission | }' transmission | ++ echo '{' '"status":' '"OK",' '"payload":' '"eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDQ4asdf123mh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9",' '"signature":' '"aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ=="' '}' transmission | ++ jq -r .status transmission | + '[' OK '!=' OK ']' transmission | ++ echo '{' '"status":' '"OK",' '"payload":' '"eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDQ4R0Fpasdf123mh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9",' '"signature":' '"aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ=="' '}' transmission | ++ jq -r .payload transmission | + pf_payload=eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHasdf123M1Z3WDdiQWVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9 transmission | ++ echo '{' '"status":' '"OK",' '"payload":' '"eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZDQ4R0Fasdf123ODMzNTA5NjYxWiJ9",' '"signature":' '"aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ=="' '}' transmission | ++ jq -r .signature transmission | + pf_getsignature=aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ== transmission | ++ echo eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBasdf123FJKM1Z3WDdiQWVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9 transmission | ++ base64 -d transmission | ++ jq -r .port transmission | + pf_port=38654 transmission | ++ echo eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpnd0JwYjBHZasdf123JKM1Z3WDdiQWVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9 transmission | ++ base64 -d transmission | ++ jq -r .expires_at transmission | + pf_token_expiry_raw=2023-07-09T00:47:46.833509661Z transmission | + date --help /dev/null transmission | + grep -i busybox transmission | ++ date --date=2023-07-09T00:47:46.833509661Z +%s transmission | + pf_token_expiry=1688863666 transmission | + bind_port transmission | ++ curl --insecure --get --silent --show-error --retry 5 --retry-delay 15 --max-time 15 --data-urlencode payload=eyJ0b2tlbiI6InpiY0FSeGJtbFg0K3VSQkJScWNKSVpnb2I3ZERuelpSekxvY2h3OGUxTXZic2dGMk1mWlZqM2I1RHYwdnR3WGxBNmpjcUpYQkpasdf1234WVYdmh3djV0d0hVSEFKQXo4a0VpTGxNRT0iLCJwb3J0IjozODY1NCwiZXhwaXJlc19hdCI6IjIwMjMtMDctMDlUMDA6NDc6NDYuODMzNTA5NjYxWiJ9 --data-urlencode signature=aqF93V5b82xeuGgbr+A9dSJA7LTjUzwFYHHVUbeBnZQ6lL5BuXzxNbCZeiqYo1oJWumeemmVd1DNum8t5pBOBQ== https://10.24.112.1:19999/bindPort transmission | + pf_bind='{ transmission | "status": "OK", transmission | "message": "port scheduled for add" transmission | }' transmission | ++ echo '{' '"status":' '"OK",' '"message":' '"port' scheduled for 'add"' '}' transmission | ++ jq -r .status transmission | + '[' OK = OK ']' transmission | ++ date transmission | + echo 'Reserved Port: 38654 Sun May 7 14:47:47 CEST 2023' transmission | Reserved Port: 38654 Sun May 7 14:47:47 CEST 2023 transmission | + bind_trans transmission | + new_port=38654 transmission | ++ grep 'rpc-authentication-required\"' /config/transmission-home/settings.json transmission | ++ grep -oE 'true|false' transmission | + auth_enabled=true transmission | + [[ true = \t\r\u\e ]] transmission | + echo 'transmission auth required' transmission | + myauth='--auth rpcuser:rpcpass' transmission | transmission auth required transmission | + echo 'waiting for transmission to become responsive' transmission | waiting for transmission to become responsive transmission | ++ transmission-remote 9091 --auth rpcuser:rpcpass -l transmission | Unexpected response:
301: Moved Permanently
transmission | + torrent_list= transmission | + sleep 10 transmission | ++ transmission-remote 9091 --auth rpcuser:rpcpass -l transmission | Unexpected response:
301: Moved Permanently
transmission | + torrent_list= transmission | + sleep 10

— Reply to this email directly, view it on GitHub https://github.com/haugene/vpn-configs-contrib/issues/210#issuecomment-1537437754, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7OFYTYLMEZN2SLW3KSHQLXE6MY5ANCNFSM6AAAAAAXYUD4LU . You are receiving this because you modified the open/close state.Message ID: @.***>

wtfpeter commented 1 year ago

Thanks again pkishino, I made some progress with removing the /rpc path from the RPC URL setting, as you suggested. The port is now being set and from a port forwarding view there seems to be no more issues. However I have another issue now, please see below.

Currently used docker-compose file

version: '3.3'
services:
  transmission:
    image: haugene/transmission-openvpn
    container_name: transmission
    cap_add:
      - NET_ADMIN
    ports:
      - "9091:9091"
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - ./data/data:/data
      - ./data/scripts:/scripts
      - ./config:/config
      - ./mnt:/mnt
    environment:
      - OPENVPN_PROVIDER=PIA
      - OPENVPN_USERNAME=user
      - OPENVPN_PASSWORD=pass
      - OPENVPN_CONFIG=some_location
      - LOCAL_NETWORK=192.168.0.0/24
      - DEBUG=true

Here is the current output of the debug-enabled log

transmission    | + bind_port
transmission    | ++ curl --insecure --get --silent --show-error --retry 5 --retry-delay 15 --max-time 15 --data-urlencode payload=eyJ0b2tlbiI                                                                                                            6ImhQNTJYSGViN05oYWxVbm5PWFdzMmF5M1M3dXdkZlE0aHZoQ0luNHBmaERMOFoxMk12SkFmR3JvciswbW1URllhTGpyWncwdktPejB6VXQyS29WekI2cTBYbE5zQ2w4WDJ2REdfMTliO                                                                                                            EZsRlpSU0RmdTFtRFFIam12WT0iLCJwb3J0IjoyNzkyMiwiZXhwaXJlc19hdCI6IjIwMjMtMDctMTZUMDI6NTc6MjYuMTk0MDM3NDc5WiJ9 --data-urlencode signature=Jy5IN6h                                                                                                            B8OwlKdlrFRVlPc/7/ccwPQldc7wpYTomlzAXM9fpB4Ur7WsNjeFzkkOHC+7Hp0cJTAj6yM/5qCpEBQ== https://10.21.112.1:19999/bindPort
transmission    | + pf_bind='{
transmission    |     "status": "OK",
transmission    |     "message": "port scheduled for add"
transmission    | }'
transmission    | ++ echo '{' '"status":' '"OK",' '"message":' '"port' scheduled for 'add"' '}'
transmission    | ++ jq -r .status
transmission    | + '[' OK = OK ']'
transmission    | ++ date
transmission    | + echo 'Reserved Port: 27922  Sun May 14 16:57:26 CEST 2023'
transmission    | + bind_trans
transmission    | Reserved Port: 27922  Sun May 14 16:57:26 CEST 2023
transmission    | + new_port=27922
transmission    | ++ grep 'rpc-authentication-required\"' /config/transmission-home/settings.json
transmission    | ++ grep -oE 'true|false'
transmission    | + auth_enabled=false
transmission    | transmission auth not required
transmission    | waiting for transmission to become responsive
transmission    | + [[ true = \f\a\l\s\e ]]
transmission    | + echo 'transmission auth not required'
transmission    | + myauth=
transmission    | + echo 'waiting for transmission to become responsive'
transmission    | ++ transmission-remote 9091 -l
transmission    | + torrent_list='    ID   Done       Have  ETA           Up    Down  Ratio  Status       Name
transmission    | Sum:                None               0.0     0.0'
transmission    | + echo 'transmission became responsive'
transmission    | transmission became responsive
transmission    | ++ echo '    ID   Done       Have  ETA           Up    Down  Ratio  Status       Name
transmission    | Sum:                None               0.0     0.0'
transmission    | ++ tail -n 2
transmission    |     ID   Done       Have  ETA           Up    Down  Ratio  Status       Name
transmission    | Sum:                None               0.0     0.0
transmission    | + output='    ID   Done       Have  ETA           Up    Down  Ratio  Status       Name
transmission    | Sum:                None               0.0     0.0'
transmission    | + echo '    ID   Done       Have  ETA           Up    Down  Ratio  Status       Name
transmission    | Sum:                None               0.0     0.0'
transmission    | ++ transmission-remote 9091 -si
transmission    | ++ grep Listenport
transmission    | ++ grep -oE '[0-9]+'
transmission    | setting transmission port to 27922
transmission    | + transmission_peer_port=51413
transmission    | + [[ 27922 != \5\1\4\1\3 ]]
transmission    | + [[ true = \f\a\l\s\e ]]
transmission    | + echo 'setting transmission port to 27922'
transmission    | + transmission-remote 9091 -p 27922
transmission    | localhost:9091/transmission/rpc/ responded: success
transmission    | Checking port...
transmission    | + echo 'Checking port...'
transmission    | + sleep 10
transmission    | + transmission-remote 9091 -pt
transmission    | Port is open: Yes
transmission    | ++ date -d @1689476246
transmission    | #######################
transmission    |         SUCCESS
transmission    | #######################
transmission    | Port: 27922
transmission    | Expiration Sun Jul 16 04:57:26 CEST 2023
transmission    | + format_expiry='Sun Jul 16 04:57:26 CEST 2023'
transmission    | + echo '#######################'
transmission    | + echo '        SUCCESS        '
transmission    | + echo '#######################'
transmission    | + echo 'Port: 27922'
transmission    | + echo 'Expiration Sun Jul 16 04:57:26 CEST 2023'
transmission    | + echo '#######################'
transmission    | + echo 'Entering infinite while loop'
transmission    | + echo 'Every 15 minutes, check port status'
transmission    | + pf_minreuse=604800
transmission    | #######################
transmission    | Entering infinite while loop
transmission    | Every 15 minutes, check port status
transmission    | ++ date +%s
transmission    | + pf_remaining=5399989
transmission    | + true
transmission    | ++ date +%s
transmission    | + pf_remaining=5399989
transmission    | + '[' 5399989 -lt 604800 ']'
transmission    | + wait 133
transmission    | + sleep 900

My new issue is now that I can not reach the transmission web interface via 9091. As you can see in the compose file there is no docker network attached and the port is passed through to outside of docker. On the host system I see the port 9091 in listen state, but when trying to access the web URL http://localhost:9091 I just get a time out. Also from the host system I can not reach it when using curl. I receive a TCP connect timeout. Do you have an idea how to proceed?

Edit: Just to add to my previous comment, here is the output of ss:

>> sudo ss -tulpen | grep 9091
tcp    LISTEN  0       4096                 0.0.0.0:9091          0.0.0.0:*      users:(("docker-proxy",pid=46526,fd=4)) ino:667975 sk:83 <->
tcp    LISTEN  0       4096                    [::]:9091             [::]:*      users:(("docker-proxy",pid=46533,fd=4)) ino:663545 sk:a4 v6only:1 <->

wtfpeter commented 1 year ago

Checking further, when testing different target host notations with curl from the host system I get different results:

>> curl -L http://192.168.178.84:9091/transmission/web
curl: (28) Failed to connect to 192.168.178.84 port 9091: Connection timed out

>> curl -L http://localhost:9091/transmission/web
<!DOCTYPE html>
<html lang="en" xml:lang="en">
  <head>
[...]

I believe this may be the right start to solve my issue. Does it warrant a new issue in the main repo? No problem for me to create one.

pkishino commented 1 year ago

Your local_network is incorrect.. If your up range is .178.0 you should set 192.168.178.0/24

wtfpeter commented 1 year ago

Alright, that solved my issues. Embarassing, but thank you so much for your support and patience. It's greatly appreciated.

haugene / vpn-configs-contrib