[Support] binhex - DelugeVPN

By switching VPN_ENABLED to no = I'm getting good speeds.

By switching VPN_ENABLED to no = I'm getting good speeds.

I'm going to take a wild guess that you are on the Rogers network, like I am. I ran into speed issues as well and had to convert to TCP instead of UDP.

By switching VPN_ENABLED to no = I'm getting good speeds.

 

I'm going to take a wild guess that you are on the Rogers network, like I am. I ran into speed issues as well and had to convert to TCP instead of UDP.

Teksavvy who just resells Bell and Rogers but mine is Bell.

When I tried to change VPN_PROTOCOL to tcp I am no longer able to access the webgui. I have to change it back to udp for it to work.

Fixed.

In case anyone else has the same issue -- the problem was caused by firewall being set to protect against UDP flooding. Turning off UDP Flood Protection immediately got my speeds up to normal.

Fixed.

 

In case anyone else has the same issue -- the problem was caused by firewall being set to protect against UDP flooding. Turning off UDP Flood Protection immediately got my speeds up to normal.

Thanks for following up I'll try that with mine

Rather than just disable UDP Flood Protection completely I instead made an exception for both the destination and source port. For now that is working just as well as disabling it completely but not sure if when the docker is restarted if the ports will be the same. If they are not static then I'll have to go back to complete disable.

I hate that I'm so useless when it comes to this but can someone direct me to how I install plugins? I'm just looking to add scheduler but all I get is a popup asking me to select an egg file. The plugins directory is empty. I haven't been able to find anything to download which seems appropriate from the Deluge site.

Deluge comes with a scheduler. Just enable it, Preferences>Plug-Ins check off scheduler. It works well as I used the scheduler when I was with teksavvy to force my downloads to 2am to 8am in their unlimited bandwidth window.

Thanks -- I had tried that earlier and it didn't work but when I went now before even doing anything schedule was there

I have DelugeVPN working great on one of my Ubuntu 16.04 Servers but I've tried to setup a new docker on a different server and no go.  I'm getting the following errors in the logs:

2016-09-07 19:26:59,982 DEBG 'start-script' stdout output:
Wed Sep  7 19:26:59 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Wed Sep  7 19:26:59 2016 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Wed Sep  7 19:26:59 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep  7 19:26:59 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Sep  7 19:26:59 2016 TLS Error: TLS handshake failed

Docker looks like this:

docker create \
--cap-add=NET_ADMIN \
-p 8112:8112 \
-p 8118:8118 \
--name=delugevpn \
-v /storage/downloads:/data \
-v /docker/containers/delugevpn/config:/config \
-v /etc/localtime:/etc/localtime:ro \
-e VPN_ENABLED=yes \
-e VPN_USER=<username> \
-e VPN_PASS=<password> \
-e VPN_REMOTE=us-east.privateinternetaccess.com \
-e VPN_PORT=1194 \
-e VPN_PROTOCOL=udp \
-e VPN_PROV=pia \
-e STRONG_CERTS=no \
-e ENABLE_PRIVOXY=no \
-e LAN_NETWORK=10.0.10.0/24 \
-e DEBUG=false \
-e PUID=1000 \
-e PGID=1000 \
binhex/arch-delugevpn

Any thoughts?  I've even tried rsyncing the config over from my working docker but that's a no go either.  It appears the old docker used a ca.crt where as the new docker is using a ca.rsa.2048.crt (same goes for the .pem file).

I have DelugeVPN working great on one of my Ubuntu 16.04 Servers but I've tried to setup a new docker on a different server and no go.  I'm getting the following errors in the logs:

 

2016-09-07 19:26:59,982 DEBG 'start-script' stdout output:
Wed Sep  7 19:26:59 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Wed Sep  7 19:26:59 2016 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Wed Sep  7 19:26:59 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep  7 19:26:59 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Sep  7 19:26:59 2016 TLS Error: TLS handshake failed

 

 

Docker looks like this:

 

docker create \
--cap-add=NET_ADMIN \
-p 8112:8112 \
-p 8118:8118 \
--name=delugevpn \
-v /storage/downloads:/data \
-v /docker/containers/delugevpn/config:/config \
-v /etc/localtime:/etc/localtime:ro \
-e VPN_ENABLED=yes \
-e VPN_USER=<username> \
-e VPN_PASS=<password> \
-e VPN_REMOTE=us-east.privateinternetaccess.com \
-e VPN_PORT=1194 \
-e VPN_PROTOCOL=udp \
-e VPN_PROV=pia \
-e STRONG_CERTS=no \
-e ENABLE_PRIVOXY=no \
-e LAN_NETWORK=10.0.10.0/24 \
-e DEBUG=false \
-e PUID=1000 \
-e PGID=1000 \
binhex/arch-delugevpn

 

 

Any thoughts?  I've even tried rsyncing the config over from my working docker but that's a no go either.  It appears the old docker used a ca.crt where as the new docker is using a ca.rsa.2048.crt (same goes for the .pem file).

Wrong port, it should be 1198 not 1194

Sent from my SM-G900F using Tapatalk

I have DelugeVPN working great on one of my Ubuntu 16.04 Servers but I've tried to setup a new docker on a different server and no go.  I'm getting the following errors in the logs:

 

2016-09-07 19:26:59,982 DEBG 'start-script' stdout output:
Wed Sep  7 19:26:59 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Wed Sep  7 19:26:59 2016 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Wed Sep  7 19:26:59 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep  7 19:26:59 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Sep  7 19:26:59 2016 TLS Error: TLS handshake failed

 

 

Docker looks like this:

 

docker create \
--cap-add=NET_ADMIN \
-p 8112:8112 \
-p 8118:8118 \
--name=delugevpn \
-v /storage/downloads:/data \
-v /docker/containers/delugevpn/config:/config \
-v /etc/localtime:/etc/localtime:ro \
-e VPN_ENABLED=yes \
-e VPN_USER=<username> \
-e VPN_PASS=<password> \
-e VPN_REMOTE=us-east.privateinternetaccess.com \
-e VPN_PORT=1194 \
-e VPN_PROTOCOL=udp \
-e VPN_PROV=pia \
-e STRONG_CERTS=no \
-e ENABLE_PRIVOXY=no \
-e LAN_NETWORK=10.0.10.0/24 \
-e DEBUG=false \
-e PUID=1000 \
-e PGID=1000 \
binhex/arch-delugevpn

 

 

Any thoughts?  I've even tried rsyncing the config over from my working docker but that's a no go either.  It appears the old docker used a ca.crt where as the new docker is using a ca.rsa.2048.crt (same goes for the .pem file).

Wrong port, it should be 1198 not 1194

 

Sent from my SM-G900F using Tapatalk

Did that changed recently?

I have DelugeVPN working great on one of my Ubuntu 16.04 Servers but I've tried to setup a new docker on a different server and no go.  I'm getting the following errors in the logs:

 

2016-09-07 19:26:59,982 DEBG 'start-script' stdout output:
Wed Sep  7 19:26:59 2016 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected]
Wed Sep  7 19:26:59 2016 OpenSSL: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
Wed Sep  7 19:26:59 2016 TLS_ERROR: BIO read tls_read_plaintext error
Wed Sep  7 19:26:59 2016 TLS Error: TLS object -> incoming plaintext read error
Wed Sep  7 19:26:59 2016 TLS Error: TLS handshake failed

 

 

Docker looks like this:

 

docker create \
--cap-add=NET_ADMIN \
-p 8112:8112 \
-p 8118:8118 \
--name=delugevpn \
-v /storage/downloads:/data \
-v /docker/containers/delugevpn/config:/config \
-v /etc/localtime:/etc/localtime:ro \
-e VPN_ENABLED=yes \
-e VPN_USER=<username> \
-e VPN_PASS=<password> \
-e VPN_REMOTE=us-east.privateinternetaccess.com \
-e VPN_PORT=1194 \
-e VPN_PROTOCOL=udp \
-e VPN_PROV=pia \
-e STRONG_CERTS=no \
-e ENABLE_PRIVOXY=no \
-e LAN_NETWORK=10.0.10.0/24 \
-e DEBUG=false \
-e PUID=1000 \
-e PGID=1000 \
binhex/arch-delugevpn

 

 

Any thoughts?  I've even tried rsyncing the config over from my working docker but that's a no go either.  It appears the old docker used a ca.crt where as the new docker is using a ca.rsa.2048.crt (same goes for the .pem file).

Wrong port, it should be 1198 not 1194

 

Sent from my SM-G900F using Tapatalk

Did that changed recently?

fairly recently yes, about 3 weeks ago, its a change of vpn remote port at PIA, i think im getting a bit bored of repeating the same fix so im going to put some code in to do it and spit out a warning to the user.

fairly recently yes, about 3 weeks ago, its a change of vpn remote port at PIA, i think im getting a bit bored of repeating the same fix so im going to put some code in to do it and spit out a warning to the user.

Got it.  Thanks for the quick reply.

EDIT: I just created the docker with 1198 and I'm still getting the same error.

Did you transfer certs from your ubuntu install to the docker by chance?

Did you transfer certs from your ubuntu install to the docker by chance?

I've tried both ways.  I've tried setting up a fresh docker with an empty config folder.  Then I tried (with the dockers stopped) rsyncing the config data from my working docker over to the new one.  Each time I've tried I'm doing a 'rm -r /docker/containers/delugevpn' to be sure there are no remnants.  No dice.

ok firstly, ensure you are currently on the "clean state" way of things (i.e. the certs are NOT from your ubuntu install).

If you have ANY doubt about this, delete the config folder for delugevpn from unRAID, remote and delete the container image and start fresh, installing it from the Community Applications plugin.

ok firstly, ensure you are currently on the "clean state" way of things (i.e. the certs are NOT from your ubuntu install).

 

If you have ANY doubt about this, delete the config folder for delugevpn from unRAID, remote and delete the container image and start fresh, installing it from the Community Applications plugin.

I'm not using UnRAID for this.  Both servers are running Ubuntu Server 16.04.  I will try and delete the container image though off the new server and see if that helps as I've yet to try that.

Completely deleted the container, image, and directory.  Then re-created the docker again which downloaded a fresh image.  Still no dice.  This is what I'm getting.

2016-09-08 11:48:48,343 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:48 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Sep  8 11:48:48 2016 TLS Error: TLS handshake failed
Thu Sep  8 11:48:48 2016 SIGUSR1[soft,tls-error] received, process restarting

2016-09-08 11:48:50,346 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 UDPv4 link local: [undef]
Thu Sep  8 11:48:50 2016 UDPv4 link remote: [AF_INET]66.55.144.249:1198

2016-09-08 11:48:50,350 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-09-08 11:48:50,363 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=fbcdd2db3aed3ca636064dcd947f98b4, name=fbcdd2db3aed3ca636064dcd947f98b4

Completely deleted the container, image, and directory.  Then re-created the docker again which downloaded a fresh image.  Still no dice.  This is what I'm getting.

 

2016-09-08 11:48:48,343 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:48 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Sep  8 11:48:48 2016 TLS Error: TLS handshake failed
Thu Sep  8 11:48:48 2016 SIGUSR1[soft,tls-error] received, process restarting

2016-09-08 11:48:50,346 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 UDPv4 link local: [undef]
Thu Sep  8 11:48:50 2016 UDPv4 link remote: [AF_INET]66.55.144.249:1198

2016-09-08 11:48:50,350 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-09-08 11:48:50,363 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=fbcdd2db3aed3ca636064dcd947f98b4, name=fbcdd2db3aed3ca636064dcd947f98b4

ok something odd is going on here, it looks like you have a mismatch between the certs and the port your connecting on, this shouldnt happen as the image has both the ovpn and certs included.

ok can you please do a ls -al on your /config/openvpn folder and post the results, i want to see what files are in there., also can you post the contents of the ovpn file located in the same folder,

Completely deleted the container, image, and directory.  Then re-created the docker again which downloaded a fresh image.  Still no dice.  This is what I'm getting.

 

2016-09-08 11:48:48,343 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:48 2016 TLS Error: TLS object -> incoming plaintext read error
Thu Sep  8 11:48:48 2016 TLS Error: TLS handshake failed
Thu Sep  8 11:48:48 2016 SIGUSR1[soft,tls-error] received, process restarting

2016-09-08 11:48:50,346 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 UDPv4 link local: [undef]
Thu Sep  8 11:48:50 2016 UDPv4 link remote: [AF_INET]66.55.144.249:1198

2016-09-08 11:48:50,350 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 WARNING: file 'credentials.conf' is group or others accessible

2016-09-08 11:48:50,363 DEBG 'start-script' stdout output:
Thu Sep  8 11:48:50 2016 VERIFY ERROR: depth=0, error=unable to get local issuer certificate: C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=fbcdd2db3aed3ca636064dcd947f98b4, name=fbcdd2db3aed3ca636064dcd947f98b4

 

ok something odd is going on here, it looks like you have a mismatch between the certs and the port your connecting on, this shouldnt happen as the image has both the ovpn and certs included.

 

ok can you please do a ls -al on your /config/openvpn folder and post the results, i want to see what files are in there., also can you post the contents of the ovpn file located in the same folder,

Here you go.

ls -la /docker/containers/delugevpn/config/openvpn
total 24
drwxrwxrwx 2 spe spe 4096 Sep  8 11:48 .
drwxrwxr-x 3 spe spe 4096 Sep  8 11:48 ..
-rwxrwxrwx 1 spe spe 2719 Sep  8 11:48 ca.rsa.4096.crt
-rwxrwxrwx 1 spe spe   20 Sep  8 11:48 credentials.conf
-rwxrwxrwx 1 spe spe 1214 Sep  8 11:48 crl.rsa.4096.pem
-rwxrwxrwx 1 spe spe  240 Sep  8 11:48 openvpn.ovpn

Here you go.

 

ls -la /docker/containers/delugevpn/config/openvpn
total 24
drwxrwxrwx 2 spe spe 4096 Sep  8 11:48 .
drwxrwxr-x 3 spe spe 4096 Sep  8 11:48 ..
-rwxrwxrwx 1 spe spe 2719 Sep  8 11:48 ca.rsa.4096.crt
-rwxrwxrwx 1 spe spe   20 Sep  8 11:48 credentials.conf
-rwxrwxrwx 1 spe spe 1214 Sep  8 11:48 crl.rsa.4096.pem
-rwxrwxrwx 1 spe spe  240 Sep

ok so two issues spring out at me, firstly the cert and pem are for the "strong" variant as in 4096 vs 2048, so unless you specify STTRONG_CERTS=yes then there is your first issue, i can only assume you copied these files here manually? or had switched from having strong certs to not, your docker create command certainly defined strong certs as no.

the second issue is, where is your ovpn file?, again this should be auto created in that folder, very odd that its missing, have you deleted this perhaps?.

so to fix this firstly stop the container, and make sure you dont have any other vpn dockers writing to the same folder, once your sure of this then simply delete all files in /config/openvpn, then start the container, you should then see the crt, pem, conf and ovpn file appear in that folder, if not then check the supervisord.log file again and post back here.

Here you go.

 

ls -la /docker/containers/delugevpn/config/openvpn
total 24
drwxrwxrwx 2 spe spe 4096 Sep  8 11:48 .
drwxrwxr-x 3 spe spe 4096 Sep  8 11:48 ..
-rwxrwxrwx 1 spe spe 2719 Sep  8 11:48 ca.rsa.4096.crt
-rwxrwxrwx 1 spe spe   20 Sep  8 11:48 credentials.conf
-rwxrwxrwx 1 spe spe 1214 Sep  8 11:48 crl.rsa.4096.pem
-rwxrwxrwx 1 spe spe  240 Sep

 

ok so two issues spring out at me, firstly the cert and pem are for the "strong" variant as in 4096 vs 2048, so unless you specify STTRONG_CERTS=yes then there is your first issue, i can only assume you copied these files here manually? or had switched from having strong certs to not, your docker create command certainly defined strong certs as no.

 

the second issue is, where is your ovpn file?, again this should be auto created in that folder, very odd that its missing, have you deleted this perhaps?.

 

so to fix this firstly stop the container, and make sure you dont have any other vpn dockers writing to the same folder, once your sure of this then simply delete all files in /config/openvpn, then start the container, you should then see the crt, pem, conf and ovpn file appear in that folder, if not then check the supervisord.log file again and post back here.

The opvn file missing was just a copy paste issue on my part, I just missed that part of the screen grab.  I fixed it in my previous post.

As for the 4096, I am indeed using the STRONG_CERTS=yes variable.  Should I just try removing the variable and see if I have better luck?

Are the permissions correct here? spe/spe ?

Also I think strong certs use a different port then 1198,  no?

Are the permissions correct here? spe/spe ?

Yes, that is the user that matches the PUID=1000 that I have set for all my Dockers.

Also I think strong certs use a different port then 1198,  no?

You are correct.  I just checked this on PIA.com and it's port 1197.  Let me give that a shot.