PIA next gen servers change

[Manichee]

The latest haugene/docker-transmission-openvpn does not contain the server opvn anymore. As such when running this docker it complains that it can't find the openvpn config file:
ERROR: Could not find OpenVPN configuration "US East" for provider PIA

The changes are referenced in haugene/docker-transmission-openvpn#1334

[gurmukhp]

I'm also having this problem, no matter what value I set for OPENVPN_CONFIG, I get the following error:

ERROR: Could not find OpenVPN configuration "FRANCE" for provider PIA
[cont-init.d] 02-setup-openvpn: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

[Nephim]

There is a temporary fix for this, you can create your own ovpn config. This is mine for reference

$config.ovpn
client
dev tun
proto udp
remote de-frankfurt.privateinternetaccess.com 1198
resolv-retry infinite
nobind
persist-key
persist-tun
cipher aes-128-cbc
auth sha1
tls-client
remote-cert-tls server

auth-user-pass /config/openvpn/openvpn-credentials.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify /config/openvpn/certs/crl.rsa.2048.pem
ca /config/openvpn/certs/ca.rsa.2048.crt
disable-occ

ca.rsa and crl.rsa are available from PIA.

auth-user-pass shouldnt be nessecary as you already fed it those arguments when you made the container.

[gurmukhp]

Please can you elaborate where those commands should be entered?

[Nephim]

If you download this there is the config for all the different locations along with the encryption files. Make the opvpn point at the ca and crl files as i have done.
https://www.privateinternetaccess.com/openvpn/openvpn.zip

You need to go into super user and move the files into your config.

Remember to change the ovpn config's name into config.ovpn. This needs to be in the config folder where you mount the docker image. Along with the crl and ca files. Aditionally you may need to make a openvpn-credentials.txt file in the same location. containing your PIA user name and pw. Im unsure if the docker image can grab the username and pw from the docker arguments.

You just run the docker image lige so and it should work.

$ docker run --cap-add=NET_ADMIN -d
-v /your/storage/path/:/downloads
-v /path/to/config/directory:/config
-v /etc/localtime:/etc/localtime:ro
-e OPENVPN_PROVIDER=
-e OPENVPN_USERNAME=user
-e OPENVPN_PASSWORD=pass
-e PUID=1000
-e PGID=1000
-e LAN=192.168.0.0/16
-p 8080:8080
guillaumedsde/alpine-qbittorrent-openvpn:latest

Hope it helps you guys, and that my typings make sense.
If you have any other questions fell free to ask.

[gurmukhp]

Thank you that helped. I needed to move the crl and ca files to the certs/ folder and created a config.ovpn file in the same folder like yours.

[Nephim]

Thats the way I did it however you can pretty much place them wherever as long as you point the .ovpn to them :) Great to hear that it helped

[guillaumedsde]

hi, I've implemented a fix, see my comment here #33

[Ungrady]

Looks like its working, but seems that there is still problem with port forwarding... Any idea if its my fault or...?

I am using guillaumedsde/alpine-qbittorrent-openvpn:development

Thanks.. Log below

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing...
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing...
Sun Nov 15 18:13:43 2020 TUN/TAP device tun0 opened
Sun Nov 15 18:13:43 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: PIA
A    pia
A    pia/configure-openvpn.sh
A    pia/update-port.sh
Exported revision 2552.
Provider PIA has a custom startup script, executing it
Downloading OpenVPN config bundle openvpn-nextgen into temporary file /tmp/tmp.MHCNla
Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
Modify configs for this container
INFO: Found OpenVPN configuration: "Israel" for provider "PIA" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing...
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Sun Nov 15 18:13:49 2020 OpenVPN 2.4.9 aarch64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Sun Nov 15 18:13:49 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Sun Nov 15 18:13:49 2020 CRL: loaded 1 CRLs from file [[INLINE]]
Sun Nov 15 18:13:49 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]185.77.248.12:1198
Sun Nov 15 18:13:49 2020 UDP link local: (not bound)
Sun Nov 15 18:13:49 2020 UDP link remote: [AF_INET]185.77.248.12:1198
Sun Nov 15 18:13:49 2020 [jerusalem401] Peer Connection Initiated with [AF_INET]185.77.248.12:1198
Sun Nov 15 18:13:51 2020 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gteway or --ifconfig-ipv6 options
Sun Nov 15 18:13:51 2020 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Sun Nov 15 18:13:51 2020 TUN/TAP device tun1 opened
Sun Nov 15 18:13:51 2020 /usr/sbin/ip-su link set dev tun1 up mtu 1500
Sun Nov 15 18:13:51 2020 /usr/sbin/ip-su addr add dev tun1 10.3.112.128/24 broadcast 10.3.112.255
Sun Nov 15 18:13:51 2020 WARNING: OpenVPN was configured to add an IPv6 route over tun1. However, no IPv6 has been configured for this interface, therefor the route installation may fail or may not work as expected.
Sun Nov 15 18:13:51 2020 Initialization Sequence Completed
INFO: configuring port forwarding for PIA
Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding

******** Information ********
To control qBittorrent, access the Web UI at http://localhost:8080

[PcInfamy]

I'm having the same issues with port forwarding and PIA. Using the development branch as well, but it wasn't working for me in the latest branch either.

[guillaumedsde]

I've tried updating the port forwarding script based on haugene's updates in commit 3f4b8ad in the development branch if you can try it out, hopefully its fixed, but its hard to debug without a PIA subscription

[PcInfamy]

I just pulled the new image and tested it but got an error about missing the openvpn-credentials.txt file:

Tue Nov 17 02:05:11 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Tue Nov 17 02:05:11 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Tue Nov 17 02:05:11 2020 CRL: loaded 1 CRLs from file [[INLINE]]
Tue Nov 17 02:05:11 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]156.146.34.242:1198
Tue Nov 17 02:05:11 2020 UDP link local: (not bound)
Tue Nov 17 02:05:11 2020 UDP link remote: [AF_INET]156.146.34.242:1198
Tue Nov 17 02:05:11 2020 [tokyo404] Peer Connection Initiated with [AF_INET]156.146.34.242:1198
Tue Nov 17 02:05:13 2020 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Tue Nov 17 02:05:13 2020 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Tue Nov 17 02:05:13 2020 TUN/TAP device tun1 opened
Tue Nov 17 02:05:13 2020 /usr/sbin/ip-su link set dev tun1 up mtu 1500
Tue Nov 17 02:05:13 2020 /usr/sbin/ip-su addr add dev tun1 10.49.112.114/24 broadcast 10.49.112.255
Tue Nov 17 02:05:13 2020 WARNING: OpenVPN was configured to add an IPv6 route over tun1. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Tue Nov 17 02:05:13 2020 Initialization Sequence Completed
INFO: configuring port forwarding for PIA
sed: /config/openvpn-credentials.txt: No such file or directory
sed: /config/openvpn-credentials.txt: No such file or directory
/usr/sbin/pia_port.sh: line 18: jq: not found
curl: (23) Failed writing body (0 != 27)
Failed to acquire new auth token

******** Information ********
To control qBittorrent, access the Web UI at http://localhost:8080

[Ungrady]

exactly same for me

[PcInfamy]

I've submitted a pull request (#37) that fixes port forwarding with PIA, but there are still some errors I'm not sure how to solve.

[gurmukhp]

Thanks

I can confirm that I'm unable to get port forwarding to work either.

[PcInfamy]

It will be fixed in the development branch once my pull request is approved.

[guillaumedsde]

Thanks for the PR 🙂, I'll look it over this weekend

[guillaumedsde]

@everyone I've merged @PcInfamy 's PR, let me know if that fixes it for you :) thanks for the PR

[gurmukhp]

Thanks! I downloaded the :development build, and whilst the logs are showing no errors (I think), all downloads on qBittorrent start at around 300kbps, then get slower until they are 'stalled'. It doesn't seem to be fixed :(

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.[s6-init] ensuring user provided files have correct perms...exited 0.[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing... 
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing... 
Sat Nov 21 18:15:50 2020 TUN/TAP device tun0 opened
Sat Nov 21 18:15:50 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: PIA
A    pia
A    pia/configure-openvpn.sh
A    pia/update-port.sh
Exported revision 2581.
Provider PIA has a custom startup script, executing it
Downloading OpenVPN config bundle openvpn-nextgen into temporary file /tmp/tmp.nEALjl
Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
INFO: Found OpenVPN configuration: "" for provider "PIA" using it
[cont-init.d] 02-setup-openvpn: exited 0.
[cont-init.d] 03-setup-iptables: executing... 
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Sat Nov 21 18:15:55 2020 OpenVPN 2.4.9 armv7-alpine-linux-musleabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Sat Nov 21 18:15:55 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
Sat Nov 21 18:15:55 2020 CRL: loaded 1 CRLs from file [[INLINE]]
Sat Nov 21 18:15:55 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]194.37.96.21:1198
Sat Nov 21 18:15:55 2020 UDP link local: (not bound)
Sat Nov 21 18:15:55 2020 UDP link remote: [AF_INET]194.37.96.21:1198
Sat Nov 21 18:15:55 2020 [manchester409] Peer Connection Initiated with [AF_INET]194.37.96.21:1198
Sat Nov 21 18:15:56 2020 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Sat Nov 21 18:15:56 2020 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Sat Nov 21 18:15:56 2020 TUN/TAP device tun1 opened
Sat Nov 21 18:15:56 2020 /usr/sbin/ip-su link set dev tun1 up mtu 1500
Sat Nov 21 18:15:56 2020 /usr/sbin/ip-su addr add dev tun1 10.4.112.166/24 broadcast 10.4.112.255
Sat Nov 21 18:15:56 2020 WARNING: OpenVPN was configured to add an IPv6 route over tun1. However, no IPv6 has been configured for this interface, therefore the route installation may fail or may not work as expected.
Sat Nov 21 18:15:56 2020 Initialization Sequence Completed
INFO: configuring port forwarding for PIA



yes: Broken pipe
curl: (3) URL using bad/illegal format or missing URL
port is 43578
curl: (3) URL using bad/illegal format or missing URL
the port has been bound to 43578  Sat Nov 21 18:15:57 GMT 2020
Got new port 43578 from PIA

******** Information ********
To control qBittorrent, access the Web UI at http://localhost:8080

[gurmukhp]

Could the issue be related to this bit in the log?

INFO: configuring port forwarding for PIA
yes: Broken pipe
curl: (3) URL using bad/illegal format or missing URL
port is 56326
curl: (3) URL using bad/illegal format or missing URL

[Ungrady]

Everything is working fine for me now, thanks all :)

Could the issue be related to this bit in the log?

It looks like that you have just problem with storage patch(permissions etc.) and qbito cannot write files there...

[gurmukhp]

Thanks Ungrady, which part of the log file suggests this?

Qbitt is now saying "Free Space: Unknown" which it never used to.

[PcInfamy]

everyone I've merged @PcInfamy 's PR, let me know if that fixes it for you :) thanks for the PR

You're welcome! :)

[PcInfamy]

@gurmukhp

Thanks Ungrady, which part of the log file suggests this?

Qbitt is now saying "Free Space: Unknown" which it never used to.

My free space is showing properly:

I'm guessing there are permission issues on your host. This won't show in the docker logs necessarily, but if you can't see free space that means the docker can't read the mount locations. Check your mount locations on the host using ls -la /path/to/mount to see the ownership and permissions.

[gurmukhp]

Thanks Tony,

Something has changed since the latest build. I have reverted to Linuxservers qbittorrent and the downloads work as expected and the free space is shown. However in the development build this isn't the case. I'm not sure it's to do with my setup, but more a recent update.

[Ungrady]

I am really sorry for bothering you guys again, but is it still working for you? I had to restart server, and I cannot run it anymore

Log below

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing...
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing...
Wed Nov 25 13:33:55 2020 TUN/TAP device tun0 opened
Wed Nov 25 13:33:55 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: PIA
A    pia
A    pia/configure-openvpn.sh
A    pia/update-port.sh
Exported revision 2590.
Provider PIA has a custom startup script, executing it
Downloading OpenVPN config bundle openvpn into temporary file /tmp/tmp.FljJcJ
Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
ERROR: Could not find OpenVPN configuration "France" for provider PIA
[cont-init.d] 02-setup-openvpn: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

[Ungrady]

Ok, its because of this

haugene/docker-transmission-openvpn#1548

[haugene]

Came across this now that you linked it to my container repo. As you've noticed we're trying to move away from having all the configs checked into the repo. They will be replaced by scripts to download the configs on startup where that is possible, and whatever configs has to be fetched from some logged in pages will be moved out into a separate repo for configs only.

There is a pattern here. Any provider that has a configure-openvpn.sh script will be run at startup. The downloaded configs will not be correctly modified to run in the container setup we have so there is another script for that which will run for the config that gets chosen.

I can help out with suggestions and standardizing this if you want this project to piggy-back on the config-fetching as keeping them up to date has proven to be a continuous effort - and I welcome a collaborative effort to fix this problem for both projects. Let me know if anyone is up to the task and I can assist 😄

[PcInfamy]

I am really sorry for bothering you guys again, but is it still working for you? I had to restart server, and I cannot run it anymore

Log below

[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] 01-setup-permissions: executing...
[cont-init.d] 01-setup-permissions: exited 0.
[cont-init.d] 02-setup-openvpn: executing...
Wed Nov 25 13:33:55 2020 TUN/TAP device tun0 opened
Wed Nov 25 13:33:55 2020 Persist state set to: ON
INFO: Trying to use OpenVPN provider: PIA
A    pia
A    pia/configure-openvpn.sh
A    pia/update-port.sh
Exported revision 2590.
Provider PIA has a custom startup script, executing it
Downloading OpenVPN config bundle openvpn into temporary file /tmp/tmp.FljJcJ
Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
ERROR: Could not find OpenVPN configuration "France" for provider PIA
[cont-init.d] 02-setup-openvpn: exited 1.
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
[s6-finish] sending all processes the KILL signal and exiting.

@Ungrady, have you tried changing it from France to france?

[PcInfamy]

@gurmukhp I would recommend opening another issue for the problem you're having. Use the bug report form so we can see your environment better.

[Nephim]

Use this formatting for the PIA server name. https://www.privateinternetaccess.com/openvpn/openvpn.zip

[Ungrady]

Use this formatting for the PIA server name. https://www.privateinternetaccess.com/openvpn/openvpn.zip

lol, its working now

many thanks

[guillaumedsde]

Hi @haugene thanks for all your efforts, maintaining such a large repo of VPN provider configs is certainly an impressive feat :) .
I saw your new repo dedicated to the VPN configs, looking forward to that!

I've been quite busy, but if I'm able to contribute 'upstream' while developing this image, I will certainly submit a PR to your repo :)

as for the the issue, it looks like its fixed for @Ungrady so I've merged the fix into master and I'll close the issue, but feel free to reopen you encounter any problems :)