jjdunkel

In an attempt to still get this to work on the VPS server, I decided to try creating an OpenVpn connection to the server so that in theory I was addressing the WebUIs locally. I got the VPN up and running and I was able to access the WebUIs through the tunnel, but out of curiosity I tried again with the external IP of the server and the WebUIs worked that way too. I decided to go through the VPN install instructions to see what routing changes were made in the process and I just confirmed that the following instruction allowed the connection to work: IP Masquerading IP Masquerading is not available on BuyVM, however you can work around this limitation with the following command: iptables -t nat -A POSTROUTING ! -o <tun|ppp>+ -j SNAT --to-source YOURVPSIP Use tun for openvpn and ppp for PPTPd. I can now access the WebUIs through the VPN or through the external IP. What I don't know enough about however is if this effects how SabnzbdVpn and DelugeVpn lock the other traffic to always going through the VPN. Is there anything that you would suggest testing? Would you be willing to help me see if it's still secure? I just don't know enough about routing to feel secure in what I did. Frankly I would have felt better about my solution if it worked through the VPN but not with the external IP, but if we can figure out that it is still secure I guess this may allow more people to use these awesome containers on fairly cheap VPS servers to get files into cloud storage. Thanks!

Ok, thanks for looking into this. I was hoping to move some of the work your awesome containers in unraid are doing outside my home internet connection. Would what they are marketing as a root servers work any better. I really like that your containers have vpn included so I can choose which tools use vpn and which don't.

This is on a hosted VPS, so I am trying to access it from http://209.141.60.45:8080, which works with vpn disabled, but not enabled. The network is set as: inet addr:209.141.60.45 Bcast:209.141.60.255 Mask:255.255.255.0 And my run command is (mostly copied from my unraid installation): docker run -d \ --cap-add=NET_ADMIN \ -p 8080:8080 \ -p 8090:8090 \ -p 8119:8118 \ --name=sabnzbdvpn \ -v /mnt/disks/downloads:/data \ -v /apps/docker/sabnzbdvpn/config:/config \ -v /etc/localtime:/etc/localtime:ro \ -e VPN_ENABLED=yes \ -e VPN_USER=******** \ -e VPN_PASS=******** \ -e VPN_REMOTE=nl.privateinternetaccess.com \ -e VPN_PROV=pia \ -e STRICT_PORT_FORWARD=no \ -e ENABLE_PRIVOXY=yes \ -e LAN_NETWORK=209.141.60.0/24 \ -e NAME_SERVERS=209.222.18.222,37.235.1.174,8.8.8.8,209.222.18.218,37.235.1.177,8.8.4.4 \ -e ADDITIONAL_PORTS=8081 \ -e DEBUG=true \ -e UMASK=000 \ -e PUID=0 \ -e PGID=0 \ binhex/arch-sabnzbdvpn

Here's the contents of the log file, thanks for taking a look: Created by... ___. .__ .__ \_ |__ |__| ____ | |__ ____ ___ ___ | __ \| |/ \| | \_/ __ \\ \/ / | \_\ \ | | \ Y \ ___/ > < |___ /__|___| /___| /\___ >__/\_ \ \/ \/ \/ \/ \/ https://hub.docker.com/u/binhex/ 2018-02-09 06:10:07.844453 [info] System information Linux 9b39c1995d67 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 GNU/Linux 2018-02-09 06:10:07.872231 [info] PUID defined as '0' 2018-02-09 06:10:07.914180 [info] PGID defined as '0' 2018-02-09 06:10:07.953442 [info] UMASK defined as '000' 2018-02-09 06:10:07.977704 [info] Permissions already set for volume mappings 2018-02-09 06:10:08.005788 [info] VPN_ENABLED defined as 'yes' 2018-02-09 06:10:08.032551 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/Netherlands.ovpn dos2unix: converting file /config/openvpn/Netherlands.ovpn to Unix format... 2018-02-09 06:10:08.060948 [info] VPN remote line defined as 'nl.privateinternetaccess.com 1198' 2018-02-09 06:10:08.088172 [info] VPN_REMOTE defined as 'nl.privateinternetaccess.com' 2018-02-09 06:10:08.114875 [info] VPN_PORT defined as '1198' 2018-02-09 06:10:08.142328 [info] VPN_PROTOCOL defined as 'udp' 2018-02-09 06:10:08.169849 [info] VPN_DEVICE_TYPE defined as 'tun' 2018-02-09 06:10:08.199114 [info] VPN_PROV defined as 'pia' 2018-02-09 06:10:08.234954 [info] LAN_NETWORK defined as '209.141.60.0/24' 2018-02-09 06:10:08.259322 [info] ADDITIONAL_PORTS defined as '8081' 2018-02-09 06:10:08.283293 [info] NAME_SERVERS defined as '209.222.18.222,37.235.1.174,8.8.8.8,209.222.18.218,37.235.1.177,8.8.4.4' 2018-02-09 06:10:08.308208 [info] VPN_USER defined as '********' 2018-02-09 06:10:08.333311 [info] VPN_PASS defined as '********' 2018-02-09 06:10:08.358552 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS) 2018-02-09 06:10:08.383454 [info] ENABLE_PRIVOXY defined as 'yes' 2018-02-09 06:10:08.407858 [info] STRICT_PORT_FORWARD defined as 'no' 2018-02-09 06:10:08.454754 [info] Starting Supervisor... 2018-02-09 06:10:08,573 CRIT Set uid to user 0 2018-02-09 06:10:08,573 INFO Included extra file "/etc/supervisor/conf.d/sabnzbdvpn.conf" during parsing 2018-02-09 06:10:08,575 INFO supervisord started with pid 5 2018-02-09 06:10:09,578 INFO spawned: 'start-script' with pid 132 2018-02-09 06:10:09,580 INFO spawned: 'sabnzbd-script' with pid 133 2018-02-09 06:10:09,582 INFO spawned: 'privoxy-script' with pid 134 2018-02-09 06:10:09,596 INFO reaped unknown pid 6 2018-02-09 06:10:09,604 DEBG 'start-script' stdout output: [info] VPN is enabled, beginning configuration of VPN 2018-02-09 06:10:09,605 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2018-02-09 06:10:09,605 INFO success: sabnzbd-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2018-02-09 06:10:09,605 INFO success: privoxy-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs) 2018-02-09 06:10:09,608 DEBG 'privoxy-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:10:09,609 DEBG 'start-script' stdout output: [debug] Environment variables defined as follows 2018-02-09 06:10:09,609 DEBG 'start-script' stdout output: ADDITIONAL_PORTS=8081 2018-02-09 06:10:09,610 DEBG 'start-script' stdout output: BASH=/bin/bash 2018-02-09 06:10:09,610 DEBG 'start-script' stdout output: BASHOPTS=cmdhist:complete_fullquote:extquote:force_fignore:hostcomplete:interactive_comments:progcomp:promptvars:sourcepath 2018-02-09 06:10:09,610 DEBG 'start-script' stdout output: BASH_ALIASES=() 2018-02-09 06:10:09,611 DEBG 'start-script' stdout output: C=() 2018-02-09 06:10:09,611 DEBG 'start-script' stdout output: V=() 2018-02-09 06:10:09,611 DEBG 'start-script' stdout output: S=() 2018-02-09 06:10:09,612 DEBG 'start-script' stdout output: BASH_LINENO=([0]="0") 2018-02-09 06:10:09,613 DEBG 'start-script' stdout output: BASH_SOURCE=([0]="/root/start.sh") BASH_VERSINFO=([0]="4" [1]="4" [2]="12" [3]="1" [4]="release" [5]="x86_64-unknown-linux-gnu") BASH_VERSION='4.4.12(1)-release' DEBUG=true DIRSTACK=() ENABLE_PRIVOXY=yes EUID=0 ) HOME=/home/nobody HOSTNAME=9b39c1995d67 HOSTTYPE=x86_64 t\n' LANG=en_GB.UTF-8 LAN_NETWORK=209.141.60.0/24 MACHTYPE=x86_64-unknown-linux-gnu NAME_SERVERS=209.222.18.222,37.235.1.174,8.8.8.8,209.222.18.218,37.235.1.177,8.8.4.4 OPTERR=1 OPTIND=1 OSTYPE=linux-gnu PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin PGID=0 PIPESTATUS=([0]="0") PPID=5 PS4='+ ' PUID=0 PWD=/ SHELL=/bin/bash SHELLOPTS=braceexpand:hashall:interactive-comments SHLVL=1 STRICT_PORT_FORWARD=no SUPERVISOR_ENABLED=1 SUPERVISOR_GROUP_NAME=start-script SUPERVISOR_PROCESS_NAME=start-script TERM=xterm UID=0 0 VPN_CONFIG=/config/openvpn/Netherlands.ovpn VPN_DEVICE_TYPE=tun VPN_ENABLED=yes ONS= VPN_PASS=******** VPN_PORT=1198 VPN_PROTOCOL=udp =pia VPN_REMOTE=nl.privateinternetaccess.com VPN_USER=******** _='[debug] Environment variables defined as follows' vpn_remote_line='nl.privateinternetaccess.com 1198' [debug] Directory listing of files in /config/openvpn as follows 2018-02-09 06:10:09,614 DEBG 'sabnzbd-script' stdout output: [info] VPN is enabled, checking VPN tunnel local ip is valid 2018-02-09 06:10:09,614 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:10:09,628 DEBG 'start-script' stdout output: total 24 drwxrwxr-x 2 root root 4096 Feb 9 06:10 . drwxrwxr-x 7 root root 4096 Feb 9 06:10 .. -rwxrwxr-x 1 root root 2025 Feb 8 16:01 ca.rsa.2048.crt -rwxrwxr-x 1 root root 20 Feb 9 06:08 credentials.conf -rwxrwxr-x 1 root root 869 Feb 8 16:02 crl.rsa.2048.pem -rwxrwxr-x 1 root root 277 Feb 9 06:10 Netherlands.ovpn 2018-02-09 06:10:09,649 DEBG 'start-script' stdout output: [warn] Password contains characters which could cause authentication issues, please consider changing this if possible 2018-02-09 06:10:09,666 DEBG 'start-script' stdout output: [debug] Contents of ovpn file /config/openvpn/Netherlands.ovpn as follows... 2018-02-09 06:10:09,666 DEBG 'start-script' stdout output: remote nl.privateinternetaccess.com 1198 client dev tun p resolv-retry infinite nobind persist-key cipher aes-128-cbc 1 tls-client remote-cert-tls server auth-user-pass credentials.conf comp-lzo verb 1 crl-verify crl.rsa.2048.pem ca ca.rsa.2048.crt disable-occ 2018-02-09 06:10:09,688 DEBG 'start-script' stdout output: [info] Default route for container is 172.17.0.1 2018-02-09 06:10:09,692 DEBG 'start-script' stdout output: [info] Adding 209.222.18.222 to /etc/resolv.conf 2018-02-09 06:10:09,696 DEBG 'start-script' stdout output: [info] Adding 37.235.1.174 to /etc/resolv.conf 2018-02-09 06:10:09,700 DEBG 'start-script' stdout output: [info] Adding 8.8.8.8 to /etc/resolv.conf 2018-02-09 06:10:09,704 DEBG 'start-script' stdout output: [info] Adding 209.222.18.218 to /etc/resolv.conf 2018-02-09 06:10:09,708 DEBG 'start-script' stdout output: [info] Adding 37.235.1.177 to /etc/resolv.conf 2018-02-09 06:10:09,711 DEBG 'start-script' stdout output: [info] Adding 8.8.4.4 to /etc/resolv.conf 2018-02-09 06:10:09,807 DEBG 'start-script' stdout output: [debug] Show name servers defined for container 2018-02-09 06:10:09,808 DEBG 'start-script' stdout output: nameserver 209.222.18.222 nameserver 37.235.1.174 nameserver 8.8.8.8 nameserver 209.222.18.218 nameserver 37.235.1.177 nameserver 8.8.4.4 2018-02-09 06:10:09,808 DEBG 'start-script' stdout output: [debug] Show name resolution for VPN endpoint nl.privateinternetaccess.com 2018-02-09 06:10:09,885 DEBG 'start-script' stdout output: ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 36642 ;; flags: qr rd ra ; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;; nl.privateinternetaccess.com. IN A ;; ANSWER SECTION: nl.privateinternetaccess.com. 299 IN A 46.166.138.159 nl.privateinternetaccess.com. 299 IN A 46.166.190.226 nl.privateinternetaccess.com. 299 IN A 109.201.154.144 nl.privateinternetaccess.com. 299 IN A 46.166.188.207 nl.privateinternetaccess.com. 299 IN A 46.166.188.223 nl.privateinternetaccess.com. 299 IN A 46.166.188.235 nl.privateinternetaccess.com. 299 IN A 109.201.154.179 nl.privateinternetaccess.com. 299 IN A 46.166.190.222 nl.privateinternetaccess.com. 299 IN A 46.166.188.231 nl.privateinternetaccess.com. 299 IN A 46.166.188.233 nl.privateinternetaccess.com. 299 IN A 46.166.186.249 nl.privateinternetaccess.com. 299 IN A 109.201.152.225 nl.privateinternetaccess.com. 299 IN A 185.107.44.29 ;; AUTHORITY SECTION: ;; ADDITIONAL SECTION: ;; Query time: 69 msec ;; SERVER: 8.8.4.4 ;; WHEN: Fri Feb 9 06:10:09 2018 ;; MSG SIZE rcvd: 254 2018-02-09 06:10:09,886 DEBG 'start-script' stdout output: [debug] Show contents of hosts file 2018-02-09 06:10:09,887 DEBG 'start-script' stdout output: 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters 172.17.0.3 9b39c1995d67 109.201.152.230 nl.privateinternetaccess.com 2018-02-09 06:10:09,897 DEBG 'start-script' stdout output: [info] Adding 209.141.60.0/24 as route via docker eth0 2018-02-09 06:10:09,898 DEBG 'start-script' stdout output: [info] ip route defined as follows... -------------------- 2018-02-09 06:10:09,900 DEBG 'start-script' stdout output: default via 172.17.0.1 dev eth0 2018-02-09 06:10:09,900 DEBG 'start-script' stdout output: 172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.3 2018-02-09 06:10:09,901 DEBG 'start-script' stdout output: 209.141.60.0/24 via 172.17.0.1 dev eth0 2018-02-09 06:10:09,902 DEBG 'start-script' stdout output: -------------------- [debug] Modules currently loaded for kernel 2018-02-09 06:10:09,904 DEBG 'start-script' stdout output: Module Size Used by xt_mark 16384 0 xt_nat 16384 4 xt_tcpudp 16384 12 veth 16384 0 ipt_MASQUERADE 16384 5 nf_nat_masquerade_ipv4 16384 1 ipt_MASQUERADE nf_conntrack_netlink 40960 0 nfnetlink 16384 2 nf_conntrack_netlink xfrm_user 32768 1 xfrm_algo 16384 1 xfrm_user xt_addrtype 16384 2 iptable_filter 16384 1 xt_conntrack 16384 1 br_netfilter 24576 0 bridge 126976 1 br_netfilter stp 16384 1 bridge llc 16384 2 stp,bridge overlay 49152 2 input_leds 16384 0 serio_raw 16384 0 joydev 20480 0 mac_hid 16384 0 ib_iser 49152 0 rdma_cm 49152 1 ib_iser iw_cm 45056 1 rdma_cm ib_cm 45056 1 rdma_cm ib_sa 36864 2 rdma_cm,ib_cm ib_mad 49152 2 ib_cm,ib_sa ib_core 106496 6 rdma_cm,ib_cm,ib_sa,iw_cm,ib_mad,ib_iser ib_addr 20480 2 rdma_cm,ib_core iscsi_tcp 20480 0 libiscsi_tcp 24576 1 iscsi_tcp libiscsi 53248 3 libiscsi_tcp,iscsi_tcp,ib_iser scsi_transport_iscsi 98304 4 iscsi_tcp,ib_iser,libiscsi iptable_nat 16384 1 nf_conntrack_ipv4 16384 2 nf_defrag_ipv4 16384 1 nf_conntrack_ipv4 nf_nat_ipv4 16384 1 iptable_nat nf_nat 24576 3 nf_nat_ipv4,xt_nat,nf_nat_masquerade_ipv4 nf_conntrack 106496 6 nf_nat,nf_nat_ipv4,xt_conntrack,nf_nat_masquerade_ipv4,nf_conntrack_netlink,nf_conntrack_ipv4 iptable_mangle 16384 0 ip_tables 28672 3 iptable_filter,iptable_mangle,iptable_nat x_tables 36864 9 xt_mark,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_conntrack,xt_nat,iptable_filter,iptable_mangle,xt_addrtype autofs4 40960 2 btrfs 987136 0 raid10 49152 0 raid456 110592 0 async_raid6_recov 20480 1 raid456 async_memcpy 16384 2 raid456,async_raid6_recov async_pq 16384 2 raid456,async_raid6_recov async_xor 16384 3 async_pq,raid456,async_raid6_recov async_tx 16384 5 async_pq,raid456,async_xor,async_memcpy,async_raid6_recov xor 24576 2 btrfs,async_xor raid6_pq 102400 4 async_pq,raid456,btrfs,async_raid6_recov libcrc32c 16384 1 raid456 raid1 36864 0 raid0 20480 0 multipath 16384 0 linear 16384 0 hid_generic 16384 0 usbhid 49152 0 hid 118784 2 hid_generic,usbhid crct10dif_pclmul 16384 0 crc32_pclmul 16384 0 cirrus 28672 1 ttm 98304 1 cirrus aesni_intel 167936 0 drm_kms_helper 139264 1 cirrus syscopyarea 16384 1 drm_kms_helper sysfillrect 16384 1 drm_kms_helper aes_x86_64 20480 1 aesni_intel lrw 16384 1 aesni_intel gf128mul 16384 1 lrw glue_helper 16384 1 aesni_intel ablk_helper 16384 1 aesni_intel cryptd 20480 2 aesni_intel,ablk_helper sysimgblt 16384 1 drm_kms_helper fb_sys_fops 16384 1 drm_kms_helper psmouse 126976 0 drm 360448 4 ttm,drm_kms_helper,cirrus e1000 135168 0 pata_acpi 16384 0 2018-02-09 06:10:09,910 DEBG 'start-script' stdout output: [info] iptable_mangle support detected, adding fwmark for tables 2018-02-09 06:10:09,923 DEBG 'start-script' stdout output: [debug] Docker interface defined as eth0 2018-02-09 06:10:09,927 DEBG 'start-script' stdout output: [debug] Docker IP defined as 172.17.0.3 2018-02-09 06:10:09,930 DEBG 'start-script' stdout output: [debug] Docker netmask defined as 255.255.0.0 2018-02-09 06:10:09,938 DEBG 'start-script' stdout output: [info] Docker network defined as 172.17.0.0/16 2018-02-09 06:10:09,960 DEBG 'start-script' stdout output: [info] Adding additional incoming port 8081 for eth0 2018-02-09 06:10:10,018 DEBG 'start-script' stdout output: [info] Adding additional outgoing port 8081 for eth0 2018-02-09 06:10:10,037 DEBG 'start-script' stdout output: [info] iptables defined as follows... -------------------- 2018-02-09 06:10:10,040 DEBG 'start-script' stdout output: -P INPUT DROP -P FORWARD ACCEPT -P OUTPUT DROP -A INPUT -i tun0 -j ACCEPT -A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --sport 1198 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8090 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8090 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --dport 8081 -j ACCEPT -A INPUT -i eth0 -p tcp -m tcp --sport 8081 -j ACCEPT -A INPUT -s 209.141.60.0/24 -d 172.17.0.0/16 -i eth0 -p tcp -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT -A INPUT -i lo -j ACCEPT -A OUTPUT -o tun0 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT -A OUTPUT -o eth0 -p udp -m udp --dport 1198 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8090 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8090 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --dport 8081 -j ACCEPT -A OUTPUT -o eth0 -p tcp -m tcp --sport 8081 -j ACCEPT -A OUTPUT -s 172.17.0.0/16 -d 209.141.60.0/24 -o eth0 -p tcp -j ACCEPT -A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A OUTPUT -o lo -j ACCEPT 2018-02-09 06:10:10,041 DEBG 'start-script' stdout output: -------------------- 2018-02-09 06:10:10,041 DEBG 'start-script' stdout output: [debug] OpenVPN command line:- /usr/bin/openvpn --cd /config/openvpn --config '/config/openvpn/Netherlands.ovpn' --daemon --reneg-sec 0 --mute-replay-warnings --auth-nocache --setenv VPN_PROV 'pia' --setenv DEBUG 'true' --setenv VPN_DEVICE_TYPE 'tun' --setenv VPN_REMOTE 'nl.privateinternetaccess.com' --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --remap-usr1 SIGHUP --log-append /dev/stdout --pull-filter ignore 'up' --pull-filter ignore 'down' --pull-filter ignore 'route-ipv6' --pull-filter ignore 'ifconfig-ipv6' --pull-filter ignore 'tun-ipv6' --pull-filter ignore 'persist-tun' --pull-filter ignore 'reneg-sec' --keepalive 10 60 --setenv STRICT_PORT_FORWARD 'no' --disable-occ --auth-user-pass credentials.conf [info] Starting OpenVPN... 2018-02-09 06:10:10,048 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 WARNING: file 'credentials.conf' is group or others accessible 2018-02-09 06:10:10,048 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 OpenVPN 2.4.4 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 26 2017 2018-02-09 06:10:10,048 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 library versions: OpenSSL 1.1.0f 25 May 2017, LZO 2.10 2018-02-09 06:10:10,049 DEBG 'start-script' stdout output: [info] OpenVPN started [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:10:10,054 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts 2018-02-09 06:10:10,055 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]109.201.152.230:1198 2018-02-09 06:10:10,055 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 UDP link local: (not bound) 2018-02-09 06:10:10,055 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 UDP link remote: [AF_INET]109.201.152.230:1198 2018-02-09 06:10:10,709 DEBG 'start-script' stdout output: Fri Feb 9 06:10:10 2018 [a01e34b0bf4a0b34f76adb7bbb3874e0] Peer Connection Initiated with [AF_INET]109.201.152.230:1198 2018-02-09 06:10:11,950 DEBG 'start-script' stdout output: Fri Feb 9 06:10:11 2018 auth-token received, disabling auth-nocache for the authentication token Fri Feb 9 06:10:11 2018 TUN/TAP device tun0 opened Fri Feb 9 06:10:11 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Fri Feb 9 06:10:11 2018 /usr/bin/ip link set dev tun0 up mtu 1500 2018-02-09 06:10:11,954 DEBG 'start-script' stdout output: Fri Feb 9 06:10:11 2018 /usr/bin/ip addr add dev tun0 local 10.17.10.6 peer 10.17.10.5 2018-02-09 06:10:11,957 DEBG 'start-script' stdout output: Fri Feb 9 06:10:11 2018 /root/openvpnup.sh tun0 1500 1558 10.17.10.6 10.17.10.5 init 2018-02-09 06:10:11,965 DEBG 'start-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:10:11,967 DEBG 'start-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:10:11,973 DEBG 'start-script' stdout output: Fri Feb 9 06:10:11 2018 Initialization Sequence Completed 2018-02-09 06:10:12,092 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:10:12,100 DEBG 'sabnzbd-script' stdout output: [info] SABnzbd not running [info] Attempting to start SABnzbd... 2018-02-09 06:10:12,117 DEBG 'start-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' [debug] Port forwarding disabled, skipping incoming port detection 2018-02-09 06:10:12,122 DEBG 'start-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' [debug] Attempting to get external IP using Name Server 'ns1.google.com'... 2018-02-09 06:10:12,124 DEBG 'start-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:10:12,143 DEBG 'privoxy-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' [info] Configuring Privoxy... 2018-02-09 06:10:12,186 DEBG 'privoxy-script' stdout output: [info] All checks complete, starting Privoxy... 2018-02-09 06:10:12,190 DEBG 'privoxy-script' stderr output: 2018-02-09 06:10:12.190 7fd015eb80c0 Info: Privoxy version 3.0.26 2018-02-09 06:10:12,190 DEBG 'privoxy-script' stderr output: 2018-02-09 06:10:12.190 7fd015eb80c0 Info: Program name: /usr/bin/privoxy 2018-02-09 06:10:12,512 DEBG 'start-script' stdout output: [info] Successfully retrieved external IP address 212.92.105.147 2018-02-09 06:10:12,910 DEBG 'sabnzbd-script' stdout output: [info] SABnzbd started [debug] VPN IP is 10.17.10.6 2018-02-09 06:10:42,911 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:10:43,062 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:10:43,070 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:11:13,072 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:11:13,214 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:11:13,221 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:11:43,222 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:11:43,345 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:11:43,348 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:12:13,351 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:12:13,477 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:12:13,480 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:12:43,484 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:12:43,608 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:12:43,611 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:13:13,613 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:13:13,736 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:13:13,740 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:13:43,742 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:13:43,865 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:13:43,868 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:14:13,870 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:14:13,999 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:14:14,003 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:14:44,005 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:14:44,127 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:14:44,130 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6 2018-02-09 06:15:14,131 DEBG 'sabnzbd-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2018-02-09 06:15:14,254 DEBG 'sabnzbd-script' stdout output: [debug] Valid IP address from tunnel acquired '10.17.10.6' 2018-02-09 06:15:14,257 DEBG 'sabnzbd-script' stdout output: [debug] VPN IP is 10.17.10.6

Took care of the restart clearing iptable_mangle by adding the entry into etc/modules. Still no webui.

It seems that restarting the server cleared the iptable_mangle entry, so i reran the modprobe command on the host and now the warning has disappeared from the log. Unfortunately, still no webui.

So, I realized in true noob fashion, i forgot to copy the .crt and .pem files from the pia openvpn.zip file that I got the .ovpn file from. Afterwards, i ran /sbin/modprobe iptable_mangle and restarted the host. I still have no webui with vpn enabled. The iptable_mangle warning is still in the logs, but the .crt and .pem errors are gone. My other thought is that i didn't setup the LAN_NETWORK key correctly, I set it as 209.141.60.0/24 to match the entries in enp0s3 of ifconfig: docker0 Link encap:Ethernet HWaddr 02:42:8e:f2:25:c7 inet addr:172.17.0.1 Bcast:172.17.255.255 Mask:255.255.0.0 inet6 addr: fe80::42:8eff:fef2:25c7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1522 errors:0 dropped:0 overruns:0 frame:0 TX packets:1296 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:2627701 (2.6 MB) TX bytes:305003 (305.0 KB) enp0s3 Link encap:Ethernet HWaddr 00:16:72:e3:29:93 inet addr:209.141.60.45 Bcast:209.141.60.255 Mask:255.255.255.0 inet6 addr: fe80::216:72ff:fee3:2993/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2956 errors:0 dropped:0 overruns:0 frame:0 TX packets:2994 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:692948 (692.9 KB) TX bytes:3308334 (3.3 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:176 errors:0 dropped:0 overruns:0 frame:0 TX packets:176 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:13296 (13.2 KB) TX bytes:13296 (13.2 KB)

I've used this container on unraid for quite some time, thanks binhex! Because it's worked soo well, I decided to try it on a fresh install of ubuntu 16.04 with docker and I'm getting some errors in the log and no webui with vpn enable. At first the container wouldn't start due to the missing ovpn file which i downloaded and placed the one i need in config/openvpn which kept it running, but the errors I see in the log are the following: 2018-02-08 09:25:01,569 DEBG 'start-script' stdout output: [warn] 'iptable_mangle' kernel module not available, you will not be able to connect to the applications Web UI or Privoxy outside of your LAN [info] unRAID users: Please attempt to load the module by executing the following on your host:- '/sbin/modprobe iptable_mangle' [info] Ubuntu users: Please attempt to load the module by executing the following on your host:- '/sbin/modprobe iptable_mangle' [info] Synology users: Please attempt to load the module by executing the following on your host:- 'insmod /lib/modules/iptable_mangle.ko' AND [info] Starting OpenVPN... 2018-02-08 09:25:01,686 DEBG 'start-script' stdout output: Options error: --ca fails with 'ca.rsa.2048.crt': No such file or directory (errno=2) 2018-02-08 09:25:01,686 DEBG 'start-script' stdout output: Options error: --crl-verify fails with 'crl.rsa.2048.pem': No such file or directory (errno=2) 2018-02-08 09:25:01,687 DEBG 'start-script' stdout output: Thu Feb 8 09:25:01 2018 WARNING: file 'credentials.conf' is group or others accessible 2018-02-08 09:25:01,687 DEBG 'start-script' stdout output: Options error: Please correct these errors. 2018-02-08 09:25:01,687 DEBG 'start-script' stdout output: Use --help for more information. 2018-02-08 09:25:01,689 DEBG 'start-script' stdout output: [info] OpenVPN started It's probably something I'm not doing correctly or something I didn't setup on the install (the same issue is happening in the delugevpn container too) but any assistance would be greatly appreciated. Thanks!

I did mine a little different, I have: nohup /usr/bin/mongod --dbpath /mnt/user/appdata/plexdrive/mongodb/ & in the beginning of my rclone mount script (which I run at array start), and /usr/bin/mongod --dbpath /mnt/user/appdata/plexdrive/mongodb/ --shutdown in my rclone unmount script (which I run at array stop). This line shuts down mongodb cleanly

Use an endpoint that supports it: https://helpdesk.privateinternetaccess.com/hc/en-us/articles/219460187-How-do-I-enable-port-forwarding-on-my-VPN- Here's a list of their networks: https://www.privateinternetaccess.com/pages/network/#

Thanks, your quick response and a search for PIA port forwarding endpoints got me up and running again. Switched my endpoint for SabnzbdVpn too while I was at it.

I just upgraded to the latest version of the docker and the webui doesn't start, I made no changes other than the update. I'm using PIA. Seems to get into a loop of restarting and terminating OpenVPN. Please let me know if you need more of the log to help me figure out what's going on. Thanks! 2017-06-23 13:40:48,397 DEBG 'start-script' stdout output: -------------------- 2017-06-23 13:40:48,398 DEBG 'start-script' stdout output: [debug] OpenVPN command line '/usr/bin/openvpn --cd /config/openvpn --config /config/openvpn/openvpn.ovpn --daemon --dev tun0 --remote us-midwest.privateinternetaccess.com 1198 --proto udp --reneg-sec 0 --mute-replay-warnings --auth-nocache --keepalive 10 60 --setenv VPN_PROV pia --script-security 2 --up /root/openvpnup.sh --up-delay --up-restart --writepid /root/openvpn.pid --auth-user-pass credentials.conf --disable-occ --remap-usr1 SIGHUP --auth-user-pass credentials.conf --log-append /config/supervisord.log' 2017-06-23 13:40:48,398 DEBG 'start-script' stdout output: [info] Starting OpenVPN... 2017-06-23 13:40:48,470 DEBG 'start-script' stdout output: [info] OpenVPN started 2017-06-23 13:40:48,470 DEBG 'start-script' stdout output: [debug] Waiting for valid IP address from tunnel... 2017-06-23 13:40:57,209 DEBG 'deluge-script' stdout output: [debug] Valid IP address from tunnel acquired '10.71.10.6' 2017-06-23 13:40:57,213 DEBG 'start-script' stdout output: [debug] Valid IP address from tunnel acquired '10.71.10.6' 2017-06-23 13:40:57,238 DEBG 'deluge-script' stdout output: [info] Deluge not running 2017-06-23 13:40:57,238 DEBG 'deluge-script' stdout output: [info] Deluge listening interface IP 0.0.0.0 and VPN provider IP 10.71.10.6 different, marking for reconfigure [debug] Waiting for file '/home/nobody/vpn_incoming_port.txt' to be generated (contains PIA API generated incoming port number)... 2017-06-23 13:43:27,255 DEBG 'start-script' stdout output: [warn] OpenVPN process terminated, restarting OpenVPN... 2017-06-23 13:43:27,259 DEBG 'start-script' stdout output: [info] OpenVPN restarted 2017-06-23 13:45:57,282 DEBG 'start-script' stdout output: [warn] OpenVPN process terminated, restarting OpenVPN... 2017-06-23 13:45:57,291 DEBG 'start-script' stdout output: [info] OpenVPN restarted 2017-06-23 13:48:27,319 DEBG 'start-script' stdout output: [warn] OpenVPN process terminated, restarting OpenVPN... 2017-06-23 13:48:27,329 DEBG 'start-script' stdout output: [info] OpenVPN restarted 2017-06-23 13:50:57,355 DEBG 'start-script' stdout output: [warn] OpenVPN process terminated, restarting OpenVPN... 2017-06-23 13:50:57,365 DEBG 'start-script' stdout output: [info] OpenVPN restarted 2017-06-23 13:50:57,355 DEBG 'start-script' stdout output: [warn] OpenVPN process terminated, restarting OpenVPN... 2017-06-23 13:50:57,365 DEBG 'start-script' stdout output: [info] OpenVPN restarted

Well, I started playing around and it looks like mongodb is installed but needs a command like mongod --dbpath /mnt/user/appdata/plexdrive/ to start mongodb. I don't know if this would best be done in the mount script or user script scheduled at array startup, etc.

Just trying to clarify before switching plugins, is either or both of the plexdrive 4 plugins working (starbix's or publicENEMY's)? Thanks in advance.

I'm having the same issue. TheTVDB and TVRage both time out when searching for a new show. I'm on needo's latest. It's probably an issue with SickRage itself.