Code Monkey home page Code Monkey logo

arch-sabnzbdvpn's Introduction

Application

SABnzbd
Privoxy
OpenVPN
WireGuard

Description

SABnzbd is an Open Source Binary Newsreader written in Python. It's totally free, incredibly easy to use, and works practically everywhere. SABnzbd makes Usenet as simple and streamlined as possible by automating everything we can. All you have to do is add an .nzb.

This Docker includes OpenVPN and WireGuard to ensure a secure and private connection to the Internet, including use of iptables to prevent IP leakage when the tunnel is down. It also includes Privoxy to allow unfiltered access to index sites, to use Privoxy please point your application at http://<host ip>:8118.

Build notes

Latest stable SABnzbd release from Arch Linux AUR.
Latest stable Privoxy release from Arch Linux repo.
Latest stable OpenVPN release from Arch Linux repo.
Latest stable WireGuard release from Arch Linux repo.

Usage

docker run -d \
    --cap-add=NET_ADMIN \
    -p 8080:8080 \
    -p 8090:8090 \
    -p 8118:8118 \
    --name=<container name> \
    -v <path for data files>:/data \
    -v <path for config files>:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=<yes|no> \
    -e VPN_USER=<vpn username> \
    -e VPN_PASS=<vpn password> \
    -e VPN_PROV=<pia|airvpn|protonvpn|custom> \
    -e VPN_CLIENT=<openvpn|wireguard> \
    -e VPN_OPTIONS=<additional openvpn cli options> \
    -e STRICT_PORT_FORWARD=<yes|no> \
    -e ENABLE_PRIVOXY=<yes|no> \
    -e ENABLE_STARTUP_SCRIPTS=<yes|no> \
    -e LAN_NETWORK=<lan ipv4 network>/<cidr notation> \
    -e NAME_SERVERS=<name server ip(s)> \
    -e VPN_INPUT_PORTS=<port number(s)> \
    -e VPN_OUTPUT_PORTS=<port number(s)> \
    -e DEBUG=<true|false> \
    -e UMASK=<umask for created files> \
    -e PUID=<uid for user> \
    -e PGID=<gid for user> \
    binhex/arch-sabnzbdvpn

  Please replace all user variables in the above command defined by <> with the correct values.

Access application

http://<host ip>:8080

Access Privoxy

http://<host ip>:8118

PIA example

docker run -d \
    --cap-add=NET_ADMIN \
    -p 8080:8080 \
    -p 8090:8090 \
    -p 8118:8118 \
    --name=sabnzbdvpn \
    -v /root/docker/data:/data \
    -v /root/docker/config:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_USER=myusername \
    -e VPN_PASS=mypassword \
    -e VPN_PROV=pia \
    -e VPN_CLIENT=openvpn \
    -e STRICT_PORT_FORWARD=no \
    -e ENABLE_PRIVOXY=yes \
    -e ENABLE_STARTUP_SCRIPTS=no \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1 \
    -e VPN_INPUT_PORTS=1234 \
    -e VPN_OUTPUT_PORTS=5678 \
    -e DEBUG=false \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
    binhex/arch-sabnzbdvpn

  AirVPN provider

AirVPN users will need to generate a unique OpenVPN configuration file by using the following link https://airvpn.org/generator/

  1. Please select Linux and then choose the country you want to connect to
  2. Save the ovpn file to somewhere safe
  3. Start the sabnzbdvpn docker to create the folder structure
  4. Stop sabnzbdvpn docker and copy the saved ovpn file to the /config/openvpn/ folder on the host
  5. Start sabnzbdvpn docker
  6. Check supervisor.log to make sure you are connected to the tunnel

AirVPN example

docker run -d \
    --cap-add=NET_ADMIN \
    -p 8080:8080 \
    -p 8090:8090 \
    -p 8118:8118 \
    --name=sabnzbdvpn \
    -v /root/docker/data:/data \
    -v /root/docker/config:/config \
    -v /etc/localtime:/etc/localtime:ro \
    -e VPN_ENABLED=yes \
    -e VPN_PROV=airvpn \
    -e VPN_CLIENT=openvpn \
    -e ENABLE_PRIVOXY=yes \
    -e ENABLE_STARTUP_SCRIPTS=no \
    -e LAN_NETWORK=192.168.1.0/24 \
    -e NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1 \
    -e VPN_INPUT_PORTS=1234 \
    -e VPN_OUTPUT_PORTS=5678 \
    -e DEBUG=false \
    -e UMASK=000 \
    -e PUID=0 \
    -e PGID=0 \
    binhex/arch-sabnzbdvpn

 

IMPORTANT
Please note 'VPN_INPUT_PORTS' is NOT to define the incoming port for the VPN, this environment variable is used to define port(s) you want to allow in to the VPN network when network binding multiple containers together, configuring this incorrectly with the VPN provider assigned incoming port COULD result in IP leakage, you have been warned!.

OpenVPN
Please note this Docker image does not include the required OpenVPN configuration file and certificates. These will typically be downloaded from your VPN providers website (look for OpenVPN configuration files), and generally are zipped.

PIA users - The URL to download the OpenVPN configuration files and certs is:-

https://www.privateinternetaccess.com/openvpn/openvpn.zip

Once you have downloaded the zip (normally a zip as they contain multiple ovpn files) then extract it to /config/openvpn/ folder (if that folder doesn't exist then start and stop the docker container to force the creation of the folder).

If there are multiple ovpn files then please delete the ones you don't want to use (normally filename follows location of the endpoint) leaving just a single ovpn file and the certificates referenced in the ovpn file (certificates will normally have a crt and/or pem extension).

WireGuard
If you wish to use WireGuard (defined via 'VPN_CLIENT' env var value ) then due to the enhanced security and kernel integration WireGuard will require the container to be defined with privileged permissions and sysctl support, so please ensure you change the following docker options:-

from

    --cap-add=NET_ADMIN \

to

    --sysctl="net.ipv4.conf.all.src_valid_mark=1" \
    --privileged=true \

PIA users - The WireGuard configuration file will be auto generated and will be stored in /config/wireguard/wg0.conf AFTER the first run, if you wish to change the endpoint you are connecting to then change the Endpoint line in the config file (default is Netherlands).

Other users - Please download your WireGuard configuration file from your VPN provider, start and stop the container to generate the folder /config/wireguard/ and then place your WireGuard configuration file in there.

Notes
Due to Google and OpenDNS supporting EDNS Client Subnet it is recommended NOT to use either of these NS providers. The list of default NS providers in the above example(s) is as follows:-

84.200.x.x = DNS Watch 37.235.x.x = FreeDNS 1.x.x.x = Cloudflare

User ID (PUID) and Group ID (PGID) can be found by issuing the following command for the user you want to run the container as:-

id <username>

The VPN_INPUT_PORTS environment variable is used to define ports that might be required for scripts run inside the container, if you want to define multiple ports then please use a comma to separate values.

If you appreciate my work, then please consider buying me a beer :D

PayPal donation

Documentation | Support forum

arch-sabnzbdvpn's People

Contributors

binhex avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar

Forkers

albertrdixon adamrbell cyberlooper tyrus-2 stonehz jeromebaronserver alonalbert jacquelinehyde raid-forks conradakunga

arch-sabnzbdvpn's Issues

DNS lookups broken

Good afternoon
I've found that builds post this one, dns lookups to my internal network DNS are not working
fa9910d

Adding the two firewall rules that you removed in this commit does indeed get them working again
This is true for both the sabnzbd and the deluge dockers

Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client

2018-03-11 11:17:12,512 DEBG 'start-script' stdout output:
Options error: --proto tcp is ambiguous in this context. Please specify --proto tcp-server or --proto tcp-client
Use --help for more information.
2018-03-11 11:17:12,513 DEBG 'start-script' stdout output:
[info] OpenVPN started
2018-03-11 11:17:12,513 DEBG 'start-script' stdout output:
[debug] Waiting for valid IP address from tunnel...
...
...
...

OpenVPN no longer allow "tcp" as a "proto" option. This first block of code is selecting the correct protocol based on the ovpn config with some nested ifs to cover configs without the proto being declared.

export VPN_PROTOCOL=$(cat "${VPN_CONFIG}" | grep -P -o -m 1 '(?<=^proto\s)[^\r\n]+' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
	if [[ ! -z "${VPN_PROTOCOL}" ]]; then
		echo "[info] VPN_PROTOCOL defined as '${VPN_PROTOCOL}'" | ts '%Y-%m-%d %H:%M:%.S'
	else
		export VPN_PROTOCOL=$(echo "${vpn_remote_line}" | grep -P -o -m 1 'udp|tcp-client|tcp$' | sed -e 's~^[ \t]*~~;s~[ \t]*$~~')
		if [[ ! -z "${VPN_PROTOCOL}" ]]; then
			echo "[info] VPN_PROTOCOL defined as '${VPN_PROTOCOL}'" | ts '%Y-%m-%d %H:%M:%.S'
		else
			echo "[warn] VPN_PROTOCOL not found in ${VPN_CONFIG}, assuming udp" | ts '%Y-%m-%d %H:%M:%.S'
			export VPN_PROTOCOL="udp"
		fi
	fi

Then this block overrides the VPN_PROTOCOL to "tcp" if "tcp-client" is selected. I assume tcp-client is not a valid protocol in iptables so this block protects against an iptables protocol error.

# required for use in iptables
if [[ "${VPN_PROTOCOL}" == "tcp-client" ]]; then
    export VPN_PROTOCOL="tcp"
fi

We therefore have a conflict...unless of course, I've misunderstood this code.

Very slow docker start

For some reason, this docker is super slow in starting up. It works fine, download speeds are fine as well. Unpacking can seem a bit slow maybe? But the startup of the docker is just..

Created by...
___.   .__       .__
\_ |__ |__| ____ |  |__   ____ ___  ___
 | __ \|  |/    \|  |  \_/ __ \\  \/  /
 | \_\ \  |   |  \   Y  \  ___/ >    <
 |___  /__|___|  /___|  /\___  >__/\_ \
     \/        \/     \/     \/      \/
   https://hub.docker.com/u/binhex/

2022-09-26 01:45:47.373355 [info] System information Linux 6de6286188a3 5.15.46-Unraid #1 SMP Fri Jun 10 11:08:41 PDT 2022 x86_64 GNU/Linux
2022-09-26 01:45:47.419925 [info] OS_ARCH defined as 'x86-64'
2022-09-26 01:45:47.451042 [info] PUID defined as '1000'
2022-09-26 01:45:59.230372 [info] PGID defined as '100'
2022-09-26 01:46:12.587982 [info] UMASK defined as '000'
2022-09-26 01:46:13.003205 [info] Permissions already set for '/config'
2022-09-26 01:46:13.481985 [info] Deleting files in /tmp (non recursive)...
2022-09-26 01:46:14.153743 [info] VPN_ENABLED defined as 'yes'
2022-09-26 01:46:14.186308 [info] VPN_CLIENT defined as 'wireguard'
2022-09-26 01:46:14.218447 [info] VPN_PROV defined as 'pia'
2022-09-26 01:46:24.425785 [info] VPN_CONFIG not defined (wireguard config doesnt file exists), defaulting to '/config/wireguard/wg0.conf'
2022-09-26 01:46:24.453929 [info] VPN_REMOTE_SERVER not defined (wireguard config doesnt file exists), defaulting to 'nl-amsterdam.privacy.network'
2022-09-26 01:46:25.618514 [info] VPN_REMOTE_PORT not defined (wireguard config file doesnt exists), identified port as '1337'
2022-09-26 01:46:25.651377 [info] VPN_DEVICE_TYPE defined as 'wg0'
2022-09-26 01:46:25.691588 [info] VPN_REMOTE_PROTOCOL defined as 'udp'
2022-09-26 01:46:25.724779 [info] LAN_NETWORK defined as '192.168.90.0/24,10.253.0.0/24'
2022-09-26 01:46:25.759491 [info] NAME_SERVERS defined as '84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
2022-09-26 01:46:25.791589 [info] VPN_USER defined as 'xxxxxxxx'
2022-09-26 01:46:25.822275 [info] VPN_PASS defined as 'yyyyyyyy'
2022-09-26 01:46:25.856505 [info] STRICT_PORT_FORWARD defined as 'yes'
2022-09-26 01:46:25.888317 [info] ENABLE_PRIVOXY defined as 'no'
2022-09-26 01:46:25.922267 [info] VPN_INPUT_PORTS not defined (via -e VPN_INPUT_PORTS), skipping allow for custom incoming ports
2022-09-26 01:46:25.963960 [info] VPN_OUTPUT_PORTS not defined (via -e VPN_OUTPUT_PORTS), skipping allow for custom outgoing ports

After that last line, it just seems to hang completely.

docker-compose:

  sabnzbd-vpn:
    <<: *common-keys-media # See EXTENSION FIELDS at the top
    image: binhex/arch-sabnzbdvpn
    container_name: sabnzbd
    privileged: true
    networks:
      t2_proxy:
        ipv4_address: ${T2_PROXY:-192.168.90}.24
    volumes:
      - $DOCKERDIR/sabnzbd/data:/data
      - $DOCKERDIR/sabnzbd/config:/config
      - /mnt/user/downloads:/downloads
      - /etc/localtime:/etc/localtime:ro
    environment:
      - PUID=$PUID
      - PGID=$PGID
      - VPN_ENABLED=yes
      - VPN_USER=xxxxxxxxx
      - VPN_PASS=yyyyyyyyy
      - VPN_PROV=pia
      - VPN_CLIENT=openvpn
      - STRICT_PORT_FORWARD=yes
      - ENABLE_PRIVOXY=no
      - LAN_NETWORK=192.168.90.0/24
      - NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1
      - sabnzbd_DAEMON_LOG_LEVEL=debug
      - sabnzbd_WEB_LOG_LEVEL=debug
      - DEBUG=true
      - UMASK=000

I'd expect more output then what i'm seeing now in the logs? But this is all i have in the docker logs -f sabnzbd command.

-edit-
In the compose i had vpn_client set to wireguard, only changed to that after i was having these issues.

-edit2-
I'm also running Deluge with VPN and setup Privoxy with VPN. Not sure if that matters but they both work fine.

-edit3-
Ran with binhex/arch-sabnzbdvpn:3.5.3-1-03, seems to work pretty well.

-edit4-
Spoke too soon i guess. Same behavior now.

-edit5-
Still going with binhex/arch-sabnzbdvpn:3.5.3-1-03 since that at least gives me a VPN connection now

Feature Request: nzbnotify integration (need nzbget)

First, thank-you for this and the delugevpn images, they are fantastic!

I want to enable telegram notifications, to do so I need nzbnotify, but the container does not contain nzbget. Any chance we could see nzbget added?

UNRaid Issue

Everytime sabnzbd starts the following error is logged and it wont download anything.
[18/Jun/2017:23:59:30] ENGINE Error in HTTPServer.tick Traceback (most recent call last): File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2024, in start self.tick() File "/opt/sabnzbd/cherrypy/wsgiserver/__init__.py", line 2091, in tick s, ssl_env = self.ssl_adapter.wrap(s) File "/opt/sabnzbd/cherrypy/wsgiserver/ssl_builtin.py", line 67, in wrap server_side=True) File "/usr/lib/python2.7/ssl.py", line 363, in wrap_socket _context=self) File "/usr/lib/python2.7/ssl.py", line 611, in __init__ self.do_handshake() File "/usr/lib/python2.7/ssl.py", line 840, in do_handshake self._sslobj.do_handshake() error: [Errno 0] Error

`dos2unix.sh` No such file or directory

When starting the container after recent update, I'm getting the following error in the logs:

/usr/local/bin/init.sh: line 145: /usr/local/bin/dos2unix.sh: No such file or directory which seems to be related to the change from the most recent commit.

Running on UnRaid 6.7.2, updating from a previous version.

Full log output:

Created by...
___. .__ .__
\_ |__ |__| ____ | |__ ____ ___ ___
| __ \| |/ \| | \_/ __ \\ \/ /
| \_\ \ | | \ Y \ ___/ > <
|___ /__|___| /___| /\___ >__/\_ \
\/ \/ \/ \/ \/
https://hub.docker.com/u/binhex/

2019-10-16 22:09:11.990963 [info] System information Linux 0a7a8d51bbe3 4.19.56-Unraid #1 SMP Tue Jun 25 10:19:34 PDT 2019 x86_64 GNU/Linux
2019-10-16 22:09:12.014746 [info] PUID defined as '99'
2019-10-16 22:09:12.310097 [info] PGID defined as '100'
2019-10-16 22:09:12.603285 [info] UMASK defined as '000'
2019-10-16 22:09:12.623040 [info] Permissions already set for volume mappings
2019-10-16 22:09:12.646245 [info] VPN_ENABLED defined as 'yes'
2019-10-16 22:09:12.671564 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/**_****-aes-128-cbc-udp-dns.ovpn
/usr/local/bin/init.sh: line 145: /usr/local/bin/dos2unix.sh: No such file or directory

Swarm Overlay network issues

Hello,

I found an issue with the image in which if you have a swarm and the container is in an overlay network.

It throws an error stating: write UDP: Operation not permitted

I've managed to find a workaround which is at the bottom of the issue.

Troubleshooting steps:

When a container is in an overlay network, the container is setup with 2 network drives:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        inet 10.0.1.48  netmask 255.255.255.0  broadcast 10.0.1.255
        ether 02:42:0a:00:01:30  txqueuelen 0  (Ethernet)
        RX packets 15  bytes 630 (630.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 172.18.0.13  netmask 255.255.0.0  broadcast 172.18.255.255
        ether 02:42:ac:12:00:0d  txqueuelen 0  (Ethernet)
        RX packets 85  bytes 24480 (23.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 60  bytes 8583 (8.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: overlay network
eth1: gwbridge automatically created by the swarm which is the one that has internet connection

I've checked the supervisord.log and this is the iptables that it is generating and as you can see, it is using the overlay network (eth0) ip range:

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 10.0.1.0/24 -d 10.0.1.0/24 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --sport 80 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i tun0 -j ACCEPT
-A OUTPUT -s 10.0.1.0/24 -d 10.0.1.0/24 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 80 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT

Workaround

1- While the container is running (even if it is throwing that write UDP error) connect to it's shell.
2- Copy the file /root/iptable.sh to a volume that you mounted
3- Edit the line in iptable.sh where it says docker_interface=$(netstat -ie | grep -vE "lo|tun|tap" | sed -n '1!p' | grep -P -o -m 1 '^[^:]+') to docker_interface=eth1 (in my case it's eth1 that has internet connection, might be different for others)
4- Mount this modified file as read only to the path /root/iptable.sh

I believe the best solution would be for this script to loop through the interfaces to check which one has internet connection or maybe using an env variable like DOCKER_BRIDGE_NETWORK=172.18.0.0/16, check the interface that uses this ip range and set it to the variable docker_interface in iptables.sh.

Fails to build with /var/cache/pacman/pkg/patch-2.7.6-7-x86_64.pkg.tar.xz is corrupted

When attempting to build the following errors occur:

.... (many package downloads) .... then:
**checking keyring...
checking package integrity...
:: File /var/cache/pacman/pkg/patch-2.7.6-7-x86_64.pkg.tar.xz is corrupted (invalid or corrupted package (PGP signature)).
Do you want to delete it? [Y/n] error: patch: signature from "Levente Polyak (anthraxx) [email protected]" is unknown trust
error: failed to commit transaction (invalid or corrupted package)

Errors occurred, no packages were upgraded.
The command '/bin/sh -c chmod +x /root/.sh /home/nobody/.sh && /bin/bash /root/install.sh' returned a non-zero code: 1**

Details from docker version:
Client: Docker Engine - Community
Version: 19.03.6
API version: 1.40
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:27:49 2020
OS/Arch: linux/amd64
Experimental: false

Server: Docker Engine - Community
Engine:
Version: 19.03.6
API version: 1.40 (minimum version 1.12)
Go version: go1.12.16
Git commit: 369ce74a3c
Built: Thu Feb 13 01:26:21 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: 1.2.12
GitCommit: 35bd7a5f69c13e1563af8a93431411cd9ecf5021
runc:
Version: 1.0.0-rc10
GitCommit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
docker-init:
Version: 0.18.0
GitCommit: fec3683

service won't start - TUN conflict

This is probably my fault but I can't figure out what I'm doing wrong so I thought I'd ask here.

I was caught up in a recent issue relating an unannounced change to authentication in NordVPN and fixed the issue according to the suggested solution, and it worked for my arch-delugevpn container, but for some reason when I tried to restart my arch-sabnzbdvpn container (and ever since) it doesn't start up and isn't reporting any useful information (so far as I can tell) in the logs as to why.

Here's my logs from a single attempt, maybe someone else can see something I can't?
https://pastebin.com/ZhyaFQNa

And just to reiterate, this is using the exact same credentials and ovpn config as my arch-delugevpn container, which is working fine.

Thanks for your help!

SSL Connection Error

sabnzbd is throwing an error:
"Secure (SSL) connections from SABnzbd to newsservers and HTTPS websites will be encrypted, however, validating a server's identity using its certificates is not possible. Python 2.7.9 or above, OpenSSL 1.0.2 or above and up-to-date local CA certificates are required."

curl on https Websites also just drops an error ( "OpenSSL SSL_connect: SSL_ERROR_SYSCALL" ) and the python package inside the container is Version 2.7.13. Maybe the packages are outdated but iam not an expert?

Synology - Root User

Hello,

I'm trying to configure this under DSM6.2. By default Synology DSM disables the root user. After looking at the logs, I'm seeing the following:

iptables v1.6.2: can't initialize iptables table `filter': Permission denied (you must be root)

Is there any way to make this docker container work without enabling the root user?

My PUID and PGID are 1026 and 101 (both are administrator groups).

Container doesn’t start on Synology

Hi, when I download the image through docker and try to start the container, it automatically switches the container back off. Am I missing something or do I have to use a specific setting? Regards Patrick

Hangs, same with other versions

Trying to re-install due to issues. Running this old version because I saw other had issues with later version ...

docker run -d --name=sabnzbdvpn --cap-add=NET_ADMIN -p 8080:8080 -p 8090:8090 -p 8118:8118 -v /mnt/data:/data -v /home/docker/sabnzbdvpn/config:/config -v /etc/localtime:/etc/localtime:ro -e VPN_ENABLED=yes -e VPN_USER=xxx -e VPN_PASS="xxx" -e VPN_PROV=custom -e VPN_CLIENT=openvpn -e STRICT_PORT_FORWARD=no -e ENABLE_PRIVOXY=no -e LAN_NETWORK=192.168.86.0/24 -e "NAME_SERVERS=1.1.1.1" -e DEBUG=true -e PUID=1010 -e PGID=1010 --restart unless-stopped binhex/arch-sabnzbdvpn:3.5.3-1-01

It hangs after this entry:

Created by...
. . ._
_ |__ || ____ | | ____ ___ ___
| __ | |/ | | _/ __ \ / /
| _\ \ | | \ Y \ / > <
| /|| /| /_ >__/_
/ / / / /
https://hub.docker.com/u/binhex/

2024-02-17 22:28:58.537359 [info] System information Linux 8dba0292d38f 5.18.13-100.fc35.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Jul 22 14:20:24 UTC 2022 x86_64 GNU/Linux
2024-02-17 22:28:58.645438 [info] OS_ARCH defined as 'x86-64'
2024-02-17 22:28:58.747188 [info] PUID defined as '1010'
2024-02-17 22:29:01.265297 [info] PGID defined as '1010'
2024-02-17 22:29:05.187917 [warn] UMASK not defined (via -e UMASK), defaulting to '000'
2024-02-17 22:29:05.284899 [info] Permissions already set for '/config'
2024-02-17 22:29:05.389598 [info] Deleting files in /tmp (non recursive)...
2024-02-17 22:29:05.517776 [info] VPN_ENABLED defined as 'yes'
2024-02-17 22:29:05.619949 [info] VPN_CLIENT defined as 'openvpn'
2024-02-17 22:29:05.722909 [info] VPN_PROV defined as 'custom'
2024-02-17 22:29:05.832414 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/ams-006.ovpn
2024-02-17 22:29:06.047108 [info] VPN remote server(s) defined as 'ams-006.vpn.privado.io,'
2024-02-17 22:29:06.134314 [info] VPN remote port(s) defined as '1194,'
2024-02-17 22:29:06.221540 [info] VPN remote protcol(s) defined as 'udp,'
2024-02-17 22:29:06.330829 [info] VPN_DEVICE_TYPE defined as 'tun0'
2024-02-17 22:29:06.427082 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2024-02-17 22:29:06.523360 [info] LAN_NETWORK defined as '192.168.86.0/24'
2024-02-17 22:29:06.622459 [info] NAME_SERVERS defined as '1.1.1.1'
2024-02-17 22:29:06.720815 [info] VPN_USER defined as 'xxx'
2024-02-17 22:29:06.819107 [info] VPN_PASS defined as 'xxx'
2024-02-17 22:29:06.915604 [info] ENABLE_PRIVOXY defined as 'no'
2024-02-17 22:29:07.025124 [info] VPN_INPUT_PORTS not defined (via -e VPN_INPUT_PORTS), skipping allow for custom incoming ports
2024-02-17 22:29:07.124337 [info] VPN_OUTPUT_PORTS not defined (via -e VPN_OUTPUT_PORTS), skipping allow for custom outgoing ports

<<<<<<<<

[2022-03-17T15:48:05+0000] [PACMAN] Running 'pacman -S --needed --noconfirm git python3 python-pyopenssl p7zip unrar unzip par2cmdline'
[2022-03-17T15:48:08+0000] [ALPM] transaction started
[2022-03-17T15:48:08+0000] [ALPM] installed perl-error (0.17029-3)
[2022-03-17T15:48:08+0000] [ALPM] installed perl-mailtools (2.21-5)
[2022-03-17T15:48:08+0000] [ALPM] installed git (2.35.1-1)
[2022-03-17T15:48:08+0000] [ALPM] installed python-pycparser (2.21-3)
[2022-03-17T15:48:08+0000] [ALPM] installed python-cffi (1.15.0-3)
[2022-03-17T15:48:08+0000] [ALPM] installed python-cryptography (36.0.1-1)
[2022-03-17T15:48:08+0000] [ALPM] installed python-pyopenssl (21.0.0-5)
[2022-03-17T15:48:08+0000] [ALPM] installed p7zip (1:17.04-3)
[2022-03-17T15:48:08+0000] [ALPM] installed par2cmdline (0.8.1-2)
[2022-03-17T15:48:08+0000] [ALPM] transaction completed
[2022-03-17T15:48:09+0000] [ALPM] running '20-systemd-sysusers.hook'...
[2022-03-17T15:48:09+0000] [ALPM-SCRIPTLET] Creating group 'git' with GID 973.
[2022-03-17T15:48:09+0000] [ALPM-SCRIPTLET] Creating user 'git' (git daemon user) with UID 973 and GID 973.
[2022-03-17T15:48:09+0000] [ALPM] running '30-systemd-daemon-reload.hook'...
[2022-03-17T15:48:09+0000] [ALPM-SCRIPTLET] Skipped: Current root is not booted.
[2022-03-17T15:48:09+0000] [ALPM] running '30-systemd-update.hook'...
[2022-03-17T15:48:09+0000] [ALPM] running 'detect-old-perl-modules.hook'...
[2022-03-17T15:48:09+0000] [PACMAN] Running 'pacman -S --needed --noconfirm python python-pip'
[2022-03-17T15:48:14+0000] [ALPM] transaction started
[2022-03-17T15:48:14+0000] [ALPM] installed python-msgpack (1.0.3-1)
[2022-03-17T15:48:14+0000] [ALPM] installed python-urllib3 (1.26.8-1)
[2022-03-17T15:48:14+0000] [ALPM] installed python-chardet (4.0.0-5)
[2022-03-17T15:48:14+0000] [ALPM] installed python-idna (3.3-4)
[2022-03-17T15:48:14+0000] [ALPM] installed python-requests (2.27.1-1)
[2022-03-17T15:48:14+0000] [ALPM] installed python-cachecontrol (1:0.12.6-4)
[2022-03-17T15:48:14+0000] [ALPM] installed python-colorama (0.4.4-6)
[2022-03-17T15:48:14+0000] [ALPM] installed python-contextlib2 (0.6.0.post1-6)
[2022-03-17T15:48:14+0000] [ALPM] installed python-distlib (0.3.4-1)
[2022-03-17T15:48:14+0000] [ALPM] installed python-distro (1.7.0-1)
[2022-03-17T15:48:14+0000] [ALPM] installed python-webencodings (0.5.1-9)
[2022-03-17T15:48:14+0000] [ALPM] installed python-html5lib (1.1-11)
[2022-03-17T15:48:14+0000] [ALPM] installed python-tomli (2.0.0-1)
[2022-03-17T15:48:14+0000] [ALPM] installed python-pep517 (0.12.0-4)
[2022-03-17T15:48:14+0000] [ALPM] installed python-progress (1.6-5)
[2022-03-17T15:48:14+0000] [ALPM] installed python-retrying (1.3.3-13)
[2022-03-17T15:48:14+0000] [ALPM] installed python-resolvelib (0.5.5-4)
[2022-03-17T15:48:14+0000] [ALPM] installed python-toml (0.10.2-7)
[2022-03-17T15:48:14+0000] [ALPM] installed python-pip (21.0-1)
[2022-03-17T15:48:14+0000] [ALPM] transaction completed
[2022-03-17T15:48:14+0000] [ALPM] running '30-systemd-update.hook'...
[2022-03-17T15:48:25+0000] [PACMAN] Running 'pacman -Ru --noconfirm file findutils gettext texinfo'
[2022-03-17T15:48:25+0000] [PACMAN] Running 'pacman -Ru --noconfirm dotnet-sdk yarn git yay-bin reflector gcc binutils'
[2022-03-17T15:48:25+0000] [PACMAN] Running 'pacman -Scc'
[2022-03-17T15:48:25+0000] [PACMAN] Running 'pacman --noconfirm -Rns'

Network seems to work fine.

[root@8dba0292d38f log]cat /etc/resolv.conf

Generated by NetworkManager

nameserver 8.8.8.8

[root@docker openvpn]# dig cnn.com

; <<>> DiG 9.16.30-RH <<>> cnn.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37814
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;cnn.com. IN A

;; ANSWER SECTION:
cnn.com. 31 IN A 151.101.131.5
cnn.com. 31 IN A 151.101.3.5
cnn.com. 31 IN A 151.101.195.5
cnn.com. 31 IN A 151.101.67.5

;; Query time: 32 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Feb 17 22:36:38 CET 2024
;; MSG SIZE rcvd: 100

Container breaks wireguard config

On start the container adds "," behind my address and allowedIps.
My config before I start the container:

[Interface]
PostUp = '/root/wireguardup.sh'
PostDown = '/root/wireguarddown.sh'
PrivateKey = ***
Address = 172.26.88.11/32
DNS = ****

[Peer]
PublicKey = ***
AllowedIPs = 0.0.0.0/0
Endpoint = my.example.domain:9929

My config after I started the container:

[Interface]
PostUp = '/root/wireguardup.sh'
PostDown = '/root/wireguarddown.sh'
PrivateKey = ***
Address = 172.26.88.11/32,
DNS = ****

[Peer]
PublicKey = ***
AllowedIPs = 0.0.0.0/0,
Endpoint = my.example.domain:9929

each time I have to manually adjust my wireguard configs and remove those "," after starting the container otherwise the container wouldn't start because the wireguard config is invalid.
I'm running on unraid and I'm using OVPN.com as my VPN-Provider.

Can't open Privoxy-WebGui

Thanks for your great project. I took your sample config for docker and it runs sabnzbd over port 8080. The IP is that of the OpenVPN file.

Unfortunately I can't call privoxy. Do you have any idea?
(error = Invalid header received from client.)

I just run this code:
docker run -d \ --cap-add=NET_ADMIN \ -p 8080:8080 \ -p 8090:8090 \ -p 8118:8118 \ --name=sabnzbdvpn \ -v /root/docker/data:/data \ -v /root/docker/config:/config \ -v /etc/localtime:/etc/localtime:ro \ -e VPN_ENABLED=yes \ -e VPN_USER=USERNAME \ -e VPN_PASS=PASSWORD \ -e VPN_PROV=pia \ -e VPN_CLIENT=openvpn \ -e STRICT_PORT_FORWARD=no \ -e ENABLE_PRIVOXY=yes \ -e LAN_NETWORK=192.168.178.0/24 \ -e NAME_SERVERS=209.222.18.222,84.200.69.80,37.235.1.174,1.1.1.1,209.222.18.218,37.235.1.177,84.200.70.40,1.0.0.1 \ -e ADDITIONAL_PORTS=1194 \ -e DEBUG=false \ -e UMASK=000 \ -e PUID=0 \ -e PGID=0 \ binhex/arch-sabnzbdvpn

Thanks for any help

Cannot build container (or any other vpn based container)

When trying to build this container, I get the following error message. I suspect that something is wrong in the pacman repositories, but I don't know how to fix it. The error occurs in the upd.sh script at the pacman call after the pacman -Syyu call

Sorry I couldn't find the correct repository that has that script, so I'm posting this issue here. Any help would be great. I'm trying to update my nzbget container to use your updated base image with wireguard.

( 6/11) Creating temporary files...
( 7/11) Reloading device manager configuration...
  Skipped: Device manager is not running.
( 8/11) Arming ConditionNeedsUpdate...
( 9/11) Reloading system bus configuration...
  Skipped: Current root is not booted.
(10/11) Warn about old perl modules
(11/11) Updating the info directory file...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   160    0   160    0     0    415      0 --:--:-- --:--:-- --:--:--   415
100 2425k  100 2425k    0     0  3141k      0 --:--:-- --:--:-- --:--:-- 17.7M
error: failed to initialise alpm library
(could not find or read directory: /var/lib/pacman/)
The command '/bin/sh -c chmod +x /root/*.sh /home/nobody/*.sh &&        /bin/bash /root/install.sh' returned a non-zero code: 255

sabnzbd 3.4.0 missing py package dependancy 'guessit'

Issue

After sabnzbd update, container failed to start with error: not found 'guessit'

From Sabnzbd 3.4.0 changelog:

  • Added additional pattern keys that can be used in the Sort String for Sorting, by using the guessit package internally for parsing.

Workaround was to install the package manually.

Expected

Container should include the newly required package.

either DNS or the network is blocked

i can start the services but either DNS or the network is blocked. I am seeing this is the log

modprobe: FATAL: Module tun not found in directory /lib/modules/4.19.76-linuxkit

insmod: ERROR: could not load module /lib/modules/tun.ko: No such file or directory

modprobe: FATAL: Module iptable_mangle not found in directory /lib/modules/4.19.76-linuxkit

what am I missing.

here is the container command. it also looks like Privoxy is not working, I get Invalid header received from client." at the 8118 port

docker run -d
--cap-add=NET_ADMIN
-p 8080:8080
-p 8090:8090
-p 8118:8118
--name=sabnzbdvpn
-v /Users/name/Downloads/torrents/Sabnzdb:/data
-v /Users/name/Documents/Sabnzbd/config:/config
-e VPN_ENABLED=yes
-e VPN_USER=
-e VPN_PASS=
-e VPN_PROV=pia
-e STRICT_PORT_FORWARD=no
-e ENABLE_PRIVOXY=yes
-e LAN_NETWORK=192.168.1.0/24
-e NAME_SERVERS=209.222.18.222,209.222.18.218
-e ADDITIONAL_PORTS=1234
-e DEBUG=false
-e PUID=501
-e PGID=20
binhex/arch-sabnzbdvpn

Error on startup after update

Hi,
I am running arch-sabnzbdvpn in a docker container on Ubuntu. Just upgraded to version 3.7.1 [479daf0] of sabnzbd,
Python 3.10.8 (main, Nov 1 2022, 14:18:21) [GCC 12.2.0] [UTF-8] and OpenSSL 3.0.7 1 Nov 2022.

On startup I see the following error in de webgui.

[19/Dec/2022:11:20:48] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/server.py", line 1807, in serve
self._connections.run(self.expiration_interval)
File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/connections.py", line 198, in run
self._run(expiration_interval)
File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/connections.py", line 241, in _run
new_conn = self._from_server_socket(self.server.socket)
File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/connections.py", line 295, in _from_server_socket
s, ssl_env = self.server.ssl_adapter.wrap(s)
File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 270, in wrap
s = self.context.wrap_socket(
File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLZeroReturnError: TLS/SSL connection has been closed (EOF) (_ssl.c:997)`3.7.1 [479daf0]

Trouble using wireguard instead of openvpn

I'm trying to use wireguard (with a config file from another provider) with this container like this:

docker run -d --name nzbgetvpn
--sysctl="net.ipv4.conf.all.src_valid_mark=1"
--privileged=true
-p 8080:8080
-p 8090:8090
-p 8118:8118
-v /nzbget/data:/data
-v /nzbget/config:/config
-v /etc/localtime:/etc/localtime:ro
-e VPN_ENABLED=yes
-e VPN_PROV=custom
-e VPN_CLIENT=wireguard
-e STRICT_PORT_FORWARD=no
-e ENABLE_PRIVOXY=yes
-e LAN_NETWORK=192.168.1.0/24
-e NAME_SERVERS=84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1
-e DEBUG=false
-e UMASK=000
-e PUID=0
-e PGID=0
binhex/arch-sabnzbdvpn

The container keeps wanting an ovpn configuration file "No OpenVPN config file located in /config/openvpn/ (ovpn extension), please download from your VPN provider and then restart this container, exiting..." I thought maybe I should specify VPN_ENABLED=no, but then I get "!!IMPORTANT!! VPN IS SET TO DISABLED', YOU WILL NOT BE SECURE"

How can I get the container to not look for an ovpn file but instead use my wireguard conf file? The doc says run the container and it will create a wireguard subdirectory in the config directory, but all it does is create an openvpn directory. I tried renaming that to wireguard, but that didn't change anything.

3.6.1 latest build seems to break Privoxy

My docker build on Unraid auto-updated to the latest build overnight. I noticed 12 hours later than anything relying on privoxy hadn't been connecting to the internet. The only thing in the logs I could spot was the docker saying that privoxy was not running. Rolling back to 3.6.0-2-01 appears to have fixed the problem.

Synology - Local Time

When loading configuring the Volume mounts, there's a requirement of:

-v /etc/localtime:/etc/localtime:ro \

Unfortunately the Synology docker GUI doesn't let you add system level directories (has to be under /volume1).

If this is a method to set the timezone, I believe the more common thing is:

-e TZ=America/Toronto \

A list of time-zone database codes can be found here:

https://en.wikipedia.org/wiki/List_of_tz_database_time_zones

Par2Cmdline-turbo not showing up as installed on AMD64 system

Par2cmdline-turbo: Not available Speed up repairs by installing par2cmdline-turbo, it is available for many platforms.

This alert appears from standard usage on a regular amd64 Docker Host. I was looking thru the code and see the call out about arm64 not supporting Par2cmdline-turbo, but this is a non-arm system acting like its not installed.

Usage of regular sabnbzd image from linuxserver/sabnzbd (without the VPN) shows it installed on the same setup. Hope this is enough info please let me know if you need anything else.

Routing Deluge via arch-sabnzbdvpn results in slow speeds

Routing Deluge via arch-sabnzbdvpn results in slow speeds. Deluge wont go past 70 KiB/s whilst SabNZBd is downloading and when Deluge does download it slows the SABNZBd download down to around 1.3MB/s from 13MB/S anyone have any ideas

Feature Request: Please make the Privoxy Port Configurable

I'm not sure with the ip table rule rework if it will take nicely to just switching the external port (i.e. "-p 8119:8118") . (Actually, if I may also sneak an additional feature request about some more details on privoxy and/or a "tl;dr" would have been very helpful.) I was going to activate it for that container but have a conflict. A quick look suggests it is just a quick fix in the iptable.sh script.

Completed Download Handling no longer working

My sonarr/radarr instances are able to send files to sabnzbd without issue, and the move the files properly, but they fail to clean-up after themselves, even though they are set to do so.  This worked before I moved to containers, and right now only sabnzbdvpn is the container, radarr/sonarr are not.

Any ideas on how to get this working again?

Updates past 3.6.0-2-01 will not start - web server error

Running system on version 3.6.0-2-01.

Upgrading to any version newer than that, causes the same error to appear.

2023-01-02 15:39:51,963::INFO::[notifier:123] Sending notification: Error - [02/Jan/2023:15:39:51] ENGINE Error in 'start' listener <bound method Server.start of <cherrypy._cpserver.Server object at 0x7f7b86a33400>>
Traceback (most recent call last):
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 99, in _loopback_for_cert
    thread.start()
  File "/usr/lib/python3.10/threading.py", line 935, in start
    _start_new_thread(self._bootstrap, ())
RuntimeError: can't start new thread

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cherrypy/process/wspbus.py", line 230, in publish
    output.append(listener(*args, **kwargs))
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cherrypy/_cpserver.py", line 179, in start
    self.httpserver, self.bind_addr = self.httpserver_from_self()
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cherrypy/_cpserver.py", line 170, in httpserver_from_self
    httpserver = _cpwsgi_server.CPWSGIServer(self)
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cherrypy/_cpwsgi_server.py", line 99, in __init__
    self.ssl_adapter = adapter_class(
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 225, in __init__
    _parse_cert(certificate, private_key, self.certificate_chain),
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 121, in _parse_cert
    return _loopback_for_cert(certificate, private_key, certificate_chain)
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 107, in _loopback_for_cert
    thread.join()
  File "/usr/lib/python3.10/threading.py", line 1091, in join
    raise RuntimeError("cannot join thread before it is started")
RuntimeError: cannot join thread before it is started
 (type=error, job_cat=None)
2023-01-02 15:39:51,963::ERROR::[_cplogging:213] [02/Jan/2023:15:39:51] ENGINE Error in 'start' listener <bound method Server.start of <cherrypy._cpserver.Server object at 0x7f7b86a33400>>
Traceback (most recent call last):
  File "/usr/lib/sabnzbd/venv/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 99, in _loopback_for_cert
    thread.start()
  File "/usr/lib/python3.10/threading.py", line 935, in start
    _start_new_thread(self._bootstrap, ())
RuntimeError: can't start new thread

This looked similar to the weak SSL cert failure described here:
Q3: https://github.com/binhex/documentation/blob/master/docker/faq/sabnzbdvpn.md

I have removed the self-signed cert files and they were regenerated, but the error persists and the web server does not start.

I also tried switching the enable_https property from 1 to 0 in sabnzbd.ini, but this setting does not stick - it always resets back to 1.

Rolling back to version 3.6.0-2-01 restores the application. It looks like whatever change was made before Sep 12 (tag 3.6.1-1-02) is the origin of this problem.

let me know if you need more info... thanks.

VPN Enabled cannot connect to webui

Hello there,

hope someone can help me with my issue. Have this container running fine on unraid on my local machine. Now moved alot of my services to a dedicated server to safe on electricity costs.

Basically copied all of the configs and folder structure to the dedicated server to just start everything up and have the same.
Problem is sabnzbdvpn is starting and the logs says everything is fine and connect to the vpn, but I cannot connect to the webui.
Trying to reverse proxy the webui aswell because security, same here. Funny thing is If I disable the vpn I can connect just fine.

So my guess is that is has to do with the LAN_NETWORK part. Because I am not quite sure what to enter here. Because it is "no" lan. Entered the docker network cidr and reverse proxy network cidr. But still cannot connect to the webui with vpn enabled.

have connected to the docker and tested it is connected to the vpn because ip is changed.

And have waited until it says "SABnzbd process is listening on port 8080"

Sorry if this is hard to understand but English is not my native language.

Log:

Created by...
___.   .__       .__
\_ |__ |__| ____ |  |__   ____ ___  ___
 | __ \|  |/    \|  |  \_/ __ \\  \/  /
 | \_\ \  |   |  \   Y  \  ___/ >    <
 |___  /__|___|  /___|  /\___  >__/\_ \
     \/        \/     \/     \/      \/
   https://hub.docker.com/u/binhex/

2023-10-01 12:30:08.401264 [info] System information Linux sabnzbd-vpn 5.15.0-84-generic #93-Ubuntu SMP Tue Sep 5 17:16:10 UTC 2023 x86_64 GNU/Linux
2023-10-01 12:30:08.424125 [info] PUID defined as '1000'
2023-10-01 12:30:08.509984 [info] PGID defined as '1000'
2023-10-01 12:30:08.561044 [info] UMASK defined as '000'
2023-10-01 12:30:08.586480 [info] Permissions already set for '/config'
2023-10-01 12:30:08.607120 [info] Deleting files in /tmp (non recursive)...
2023-10-01 12:30:08.631755 [info] VPN_ENABLED defined as 'yes'
2023-10-01 12:30:08.652156 [info] VPN_CLIENT defined as 'wireguard'
2023-10-01 12:30:08.671924 [info] VPN_PROV defined as 'pia'
2023-10-01 12:30:08.695117 [info] WireGuard config file (conf extension) is located at /config/wireguard/wg0.conf
2023-10-01 12:30:08.728565 [info] VPN_REMOTE_SERVER defined as 'nl-amsterdam.privacy.network'
2023-10-01 12:30:08.758737 [info] VPN_REMOTE_PORT defined as '1337'
2023-10-01 12:30:08.776462 [info] VPN_DEVICE_TYPE defined as 'wg0'
2023-10-01 12:30:08.793851 [info] VPN_REMOTE_PROTOCOL defined as 'udp'
modprobe: FATAL: Module ip6_tables not found in directory /lib/modules/5.15.0-84-generic
ip6tables v1.8.9 (legacy): can't initialize ip6tables table `filter': Table does not exist (do you need to insmod?)
Perhaps ip6tables or your kernel needs to be upgraded.
2023-10-01 12:30:08.935054 [warn] ip6tables default policies not available, skipping ip6tables drops
2023-10-01 12:30:09.009228 [info] LAN_NETWORK defined as '100.0.0.0/29,172.17.0.0/16'
2023-10-01 12:30:09.029718 [info] NAME_SERVERS defined as '84.200.69.80,37.235.1.174,1.1.1.1,37.235.1.177,84.200.70.40,1.0.0.1'
2023-10-01 12:30:09.050021 [info] VPN_USER defined as 'redacted'
2023-10-01 12:30:09.070293 [info] VPN_PASS defined as 'bNxQ7&redacted'
2023-10-01 12:30:09.090569 [info] STRICT_PORT_FORWARD defined as 'yes'
2023-10-01 12:30:09.110750 [info] ENABLE_PRIVOXY defined as 'no'
2023-10-01 12:30:09.133180 [info] VPN_INPUT_PORTS not defined (via -e VPN_INPUT_PORTS), skipping allow for custom incoming ports
2023-10-01 12:30:09.152829 [info] VPN_OUTPUT_PORTS not defined (via -e VPN_OUTPUT_PORTS), skipping allow for custom outgoing ports
2023-10-01 12:30:29.984760 [info] Starting Supervisor...
2023-10-01 12:30:30,114 INFO Included extra file "/etc/supervisor/conf.d/sabnzbdvpn.conf" during parsing
2023-10-01 12:30:30,114 INFO Set uid to user 0 succeeded
2023-10-01 12:30:30,116 INFO supervisord started with pid 7
2023-10-01 12:30:31,119 INFO spawned: 'start-script' with pid 255
2023-10-01 12:30:31,123 INFO spawned: 'watchdog-script' with pid 256
2023-10-01 12:30:31,123 INFO reaped unknown pid 8 (exit status 0)
2023-10-01 12:30:31,127 DEBG 'start-script' stdout output:
[info] VPN is enabled, beginning configuration of VPN

2023-10-01 12:30:31,128 INFO success: start-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2023-10-01 12:30:31,128 INFO success: watchdog-script entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2023-10-01 12:30:31,130 DEBG 'start-script' stdout output:
[info] Adding 84.200.69.80 to /etc/resolv.conf

2023-10-01 12:30:31,133 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.174 to /etc/resolv.conf

2023-10-01 12:30:31,135 DEBG 'start-script' stdout output:
[info] Adding 1.1.1.1 to /etc/resolv.conf

2023-10-01 12:30:31,139 DEBG 'start-script' stdout output:
[info] Adding 37.235.1.177 to /etc/resolv.conf

2023-10-01 12:30:31,142 DEBG 'start-script' stdout output:
[info] Adding 84.200.70.40 to /etc/resolv.conf

2023-10-01 12:30:31,144 DEBG 'start-script' stdout output:
[info] Adding 1.0.0.1 to /etc/resolv.conf

2023-10-01 12:30:31,354 DEBG 'start-script' stdout output:
[info] Token generated for PIA wireguard authentication

2023-10-01 12:30:31,357 DEBG 'start-script' stdout output:
[info] Trying to connect to the PIA WireGuard API on 'nl-amsterdam.privacy.network'...

2023-10-01 12:30:31,466 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2023-10-01 12:30:31,617 DEBG 'start-script' stdout output:
[info] Docker network defined as    172.17.0.0/16

2023-10-01 12:30:31,620 DEBG 'start-script' stdout output:
[info] Adding 100.0.0.0/29 as route via docker eth0

2023-10-01 12:30:31,624 DEBG 'start-script' stdout output:
[info] Adding 172.17.0.0/16 as route via docker eth0

2023-10-01 12:30:31,625 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2023-10-01 12:30:31,625 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2023-10-01 12:30:31,626 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0 
100.0.0.0/29 via 172.17.0.1 dev eth0 

2023-10-01 12:30:31,626 DEBG 'start-script' stdout output:
100.0.0.120/29 dev eth1 proto kernel scope link src 100.0.0.123 
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.7 
local 100.0.0.123 dev eth1 table local proto kernel scope host src 100.0.0.123 
broadcast 100.0.0.127 dev eth1 table local proto kernel scope link src 100.0.0.123 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
local 172.17.0.7 dev eth0 table local proto kernel scope host src 172.17.0.7 
broadcast 172.17.255.255 dev eth0 table local proto kernel scope link src 172.17.0.7 

2023-10-01 12:30:31,626 DEBG 'start-script' stdout output:
--------------------

2023-10-01 12:30:31,630 DEBG 'start-script' stdout output:
iptable_mangle         16384  0
ip_tables              32768  3 iptable_filter,iptable_raw,iptable_mangle
x_tables               53248  13 xt_conntrack,iptable_filter,nft_compat,xt_tcpudp,xt_addrtype,xt_nat,xt_comment,xt_connmark,iptable_raw,ip_tables,xt_MASQUERADE,iptable_mangle,xt_mark

2023-10-01 12:30:31,630 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2023-10-01 12:30:31,712 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2023-10-01 12:30:31,713 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 195.78.54.249/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.180/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.168/32 -i eth0 -j ACCEPT
-A INPUT -s 172.64.151.73/32 -i eth0 -j ACCEPT
-A INPUT -s 104.18.36.183/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.113.56/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.114.56/32 -i eth0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -s 195.78.54.249/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.180/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.168/32 -i eth0 -j ACCEPT
-A INPUT -s 172.64.151.73/32 -i eth0 -j ACCEPT
-A INPUT -s 104.18.36.183/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.113.56/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.114.56/32 -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8090 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A OUTPUT -d 195.78.54.249/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.180/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.168/32 -o eth0 -j ACCEPT
-A OUTPUT -d 172.64.151.73/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.36.183/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.113.56/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.114.56/32 -o eth0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -d 195.78.54.249/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.180/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.168/32 -o eth0 -j ACCEPT
-A OUTPUT -d 172.64.151.73/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.36.183/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.113.56/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.114.56/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8090 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT

2023-10-01 12:30:31,714 DEBG 'start-script' stdout output:
--------------------

2023-10-01 12:30:31,717 DEBG 'start-script' stdout output:
[info] Rerunning wireguard authentication...

2023-10-01 12:30:31,896 DEBG 'start-script' stdout output:
[info] Token generated for PIA wireguard authentication

2023-10-01 12:30:31,903 DEBG 'start-script' stdout output:
[info] Trying to connect to the PIA WireGuard API on 'nl-amsterdam.privacy.network'...

2023-10-01 12:30:32,023 DEBG 'start-script' stdout output:
[info] Default route for container is 172.17.0.1

2023-10-01 12:30:32,178 DEBG 'start-script' stdout output:
[info] Docker network defined as    172.17.0.0/16

2023-10-01 12:30:32,182 DEBG 'start-script' stdout output:
[info] Adding 100.0.0.0/29 as route via docker eth0

2023-10-01 12:30:32,183 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2023-10-01 12:30:32,186 DEBG 'start-script' stdout output:
[info] Adding 172.17.0.0/16 as route via docker eth0

2023-10-01 12:30:32,187 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2023-10-01 12:30:32,187 DEBG 'start-script' stdout output:
[info] ip route defined as follows...
--------------------

2023-10-01 12:30:32,188 DEBG 'start-script' stdout output:
default via 172.17.0.1 dev eth0 table 8080_sabnzbd 
default via 172.17.0.1 dev eth0 table 8090_sabnzbd 
default via 172.17.0.1 dev eth0 
100.0.0.0/29 via 172.17.0.1 dev eth0 

2023-10-01 12:30:32,188 DEBG 'start-script' stdout output:
100.0.0.120/29 dev eth1 proto kernel scope link src 100.0.0.123 
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.7 
local 100.0.0.123 dev eth1 table local proto kernel scope host src 100.0.0.123 
broadcast 100.0.0.127 dev eth1 table local proto kernel scope link src 100.0.0.123 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
local 172.17.0.7 dev eth0 table local proto kernel scope host src 172.17.0.7 
broadcast 172.17.255.255 dev eth0 table local proto kernel scope link src 172.17.0.7 

2023-10-01 12:30:32,189 DEBG 'start-script' stdout output:
--------------------

2023-10-01 12:30:32,193 DEBG 'start-script' stdout output:
iptable_mangle         16384  1
ip_tables              32768  5 iptable_filter,iptable_raw,iptable_mangle
x_tables               53248  13 xt_conntrack,iptable_filter,nft_compat,xt_tcpudp,xt_addrtype,xt_nat,xt_comment,xt_connmark,iptable_raw,ip_tables,xt_MASQUERADE,iptable_mangle,xt_mark

2023-10-01 12:30:32,193 DEBG 'start-script' stdout output:
[info] iptable_mangle support detected, adding fwmark for tables

2023-10-01 12:30:32,196 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2023-10-01 12:30:32,197 DEBG 'start-script' stderr output:
RTNETLINK answers: File exists

2023-10-01 12:30:32,277 DEBG 'start-script' stdout output:
[info] iptables defined as follows...
--------------------

2023-10-01 12:30:32,278 DEBG 'start-script' stdout output:
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -s 195.78.54.249/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.180/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.168/32 -i eth0 -j ACCEPT
-A INPUT -s 172.64.151.73/32 -i eth0 -j ACCEPT
-A INPUT -s 104.18.36.183/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.113.56/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.114.56/32 -i eth0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -s 195.78.54.249/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.180/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.168/32 -i eth0 -j ACCEPT
-A INPUT -s 172.64.151.73/32 -i eth0 -j ACCEPT
-A INPUT -s 104.18.36.183/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.113.56/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.114.56/32 -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8090 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A INPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A INPUT -s 195.78.54.249/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.180/32 -i eth0 -j ACCEPT
-A INPUT -s 143.244.41.168/32 -i eth0 -j ACCEPT
-A INPUT -s 172.64.151.73/32 -i eth0 -j ACCEPT
-A INPUT -s 104.18.36.183/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.113.56/32 -i eth0 -j ACCEPT
-A INPUT -s 104.16.114.56/32 -i eth0 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 8090 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 8090 -j ACCEPT
-A INPUT -p icmp -m icmp --icmp-type 0 -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i wg0 -j ACCEPT
-A OUTPUT -d 195.78.54.249/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.180/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.168/32 -o eth0 -j ACCEPT
-A OUTPUT -d 172.64.151.73/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.36.183/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.113.56/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.114.56/32 -o eth0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -d 195.78.54.249/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.180/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.168/32 -o eth0 -j ACCEPT
-A OUTPUT -d 172.64.151.73/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.36.183/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.113.56/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.114.56/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8090 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT
-A OUTPUT -s 172.17.0.0/16 -d 172.17.0.0/16 -j ACCEPT
-A OUTPUT -d 195.78.54.249/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.180/32 -o eth0 -j ACCEPT
-A OUTPUT -d 143.244.41.168/32 -o eth0 -j ACCEPT
-A OUTPUT -d 172.64.151.73/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.18.36.183/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.113.56/32 -o eth0 -j ACCEPT
-A OUTPUT -d 104.16.114.56/32 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8080 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 8090 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --sport 8090 -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o wg0 -j ACCEPT

2023-10-01 12:30:32,283 DEBG 'start-script' stdout output:
--------------------

2023-10-01 12:30:32,283 DEBG 'start-script' stdout output:
[info] Attempting to bring WireGuard interface 'up'...

2023-10-01 12:30:32,290 DEBG 'start-script' stderr output:
Warning: `/config/wireguard/wg0.conf' is world accessible

2023-10-01 12:30:32,295 DEBG 'start-script' stderr output:
[#] ip link add wg0 type wireguard

2023-10-01 12:30:32,297 DEBG 'start-script' stderr output:
[#] wg setconf wg0 /dev/fd/63

2023-10-01 12:30:32,299 DEBG 'start-script' stderr output:
[#] ip -4 address add 10.39.184.90 dev wg0

2023-10-01 12:30:32,303 DEBG 'start-script' stderr output:
[#] ip link set mtu 1420 up dev wg0

2023-10-01 12:30:32,310 DEBG 'start-script' stderr output:
[#] wg set wg0 fwmark 51820

2023-10-01 12:30:32,311 DEBG 'start-script' stderr output:
[#] ip -4 route add 0.0.0.0/0 dev wg0 table 51820

2023-10-01 12:30:32,312 DEBG 'start-script' stderr output:
[#] ip -4 rule add not fwmark 51820 table 51820

2023-10-01 12:30:32,313 DEBG 'start-script' stderr output:
[#] ip -4 rule add table main suppress_prefixlength 0

2023-10-01 12:30:32,316 DEBG 'start-script' stderr output:
[#] sysctl -q net.ipv4.conf.all.src_valid_mark=1

2023-10-01 12:30:32,317 DEBG 'start-script' stderr output:
[#] iptables-restore -n

2023-10-01 12:30:32,318 DEBG 'start-script' stderr output:
[#] '/root/wireguardup.sh'

2023-10-01 12:30:33,390 DEBG 'start-script' stdout output:
[info] Application does not require external IP address, skipping external IP address detection

2023-10-01 12:30:33,393 DEBG 'start-script' stdout output:
[info] WireGuard interface 'up'

2023-10-01 12:30:33,396 DEBG 'start-script' stdout output:
[info] Application does not require port forwarding, skipping incoming port assignment

2023-10-01 12:30:33,441 DEBG 'watchdog-script' stdout output:
[info] SABnzbd not running

2023-10-01 12:30:33,441 DEBG 'watchdog-script' stdout output:
[info] Attempting to start SABnzbd...

2023-10-01 12:30:34,058 DEBG 'watchdog-script' stdout output:
[info] SABnzbd process started
[info] Waiting for SABnzbd process to start listening on port 8080...

2023-10-01 12:30:34,179 DEBG 'watchdog-script' stdout output:
[info] SABnzbd process is listening on port 8080

Something's up with the latest docker image - ERROR: failed to negotiate cipher with server

Hi

As PIA shutdown their legacy service to force users like myself onto the new 'next-gen' network, I experienced weird behavior. I am running two instances of this container and as the first one refused to connect, I was pointed to the container error message about Q19 in the FAQ and downloading a new pia.conf. So I did. I tested it on one container. Worked fine so I copied the configuration to the next. And then problems arised:

2020-11-02 09:21:31 TCP/UDP: Preserving recently used remote address: [AF_INET]212.102.57.112:1198 2020-11-02 09:21:31,371 DEBG 'start-script' stdout output: 2020-11-02 09:21:31 UDP link local: (not bound) 2020-11-02 09:21:31 UDP link remote: [AF_INET]212.102.57.112:1198 2020-11-02 09:21:31,566 DEBG 'start-script' stdout output: 2020-11-02 09:21:31 [frankfurt406] Peer Connection Initiated with [AF_INET]212.102.57.112:1198 2020-11-02 09:21:32,714 DEBG 'start-script' stdout output: 2020-11-02 09:21:32 OPTIONS ERROR: failed to negotiate cipher with server. Add the server's cipher ('BF-CBC') to --data-ciphers (currently 'AES-256-GCM:AES-128-GCM:AES-128-CBC') if you want to connect to this server. 2020-11-02 09:21:32 ERROR: Failed to apply push options 2020-11-02 09:21:32 Failed to open tun/tap interface 2020-11-02 09:21:32,715 DEBG 'start-script' stdout output: 2020-11-02 09:21:32 SIGHUP[soft,process-push-msg-failed] received, process restarting 2020-11-02 09:21:32 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning. 2020-11-02 09:21:32,715 DEBG 'start-script' stdout output: 2020-11-02 09:21:32 OpenVPN 2.5.0 [git:makepkg/a73072d8f780e888+] x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 27 2020 2020-11-02 09:21:32 library versions: OpenSSL 1.1.1h 22 Sep 2020, LZO 2.10

After investigating, I realized that the first container was indeed not using the latest version of the docker image. However, it worked fine. And the newest doesn't.

I tried googling around and found a thread in the PIA reddit forum which I thought would help (https://www.reddit.com/r/PrivateInternetAccess/comments/iwvx3n/can_no_longer_connect_to_servers/) (the part about adding custom options to the android client. It didn't.

So now I'm lost.

Can you please help?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.