You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Firewall is not aware of the peer port set in transmission configuration ; it requires the TRANSMISSION_PEER_PORT docker environment variable. With only ENABLE_UFW=true and a custom port set through the web ui, the port is closed.
Expected Behavior
Either make firewall aware of transmission configuration, or write a warning in the documentation that TRANSMISSION_PEER_PORT is required for custom ports
How have you tried to solve the problem?
Either set ENABLE_UFW=false and set peer port in the web ui
Or set ENABLE_UFW=true and specify peer port through additional TRANSMISSION_PEER_PORT docker environment variable
Log output
Starting container with revision: 07f5a2b
TRANSMISSION_HOME is currently set to: /config/transmission-home
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Will get configs from https://github.com/haugene/vpn-configs-contrib.git
Repository is already cloned, checking for update
Already up to date.
Already on 'main'
Your branch is up to date with 'origin/main'.
Found configs for WINDSCRIBE in /config/vpn-configs-contrib/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Starting OpenVPN using config Marseille-LaMarseillaise-tcp.ovpn
Modifying /etc/openvpn/windscribe/Marseille-LaMarseillaise-tcp.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Modification: Updating status for config failure detection
Setting OpenVPN credentials...
enabling firewall
Firewall is active and enabled on system startup
allowing 172.17.0.1 through the firewall to port 9091
Rule added
adding route to local network 192.168.1.0/24 via 172.17.0.1 dev eth0
allowing 192.168.1.0/24 through the firewall to port 9091
Rule added
2024-03-20 21:31:31 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2024-03-20 21:31:31 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-03-20 21:31:31 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-03-20 21:31:31 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-03-20 21:31:31 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-20 21:31:31 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-20 21:31:31 TCP/UDP: Preserving recently used remote address: [AF_INET]149.102.245.66:1194
2024-03-20 21:31:31 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-03-20 21:31:31 Attempting to establish TCP connection with [AF_INET]149.102.245.66:1194 [nonblock]
2024-03-20 21:31:31 TCP connection established with [AF_INET]149.102.245.66:1194
2024-03-20 21:31:31 TCP_CLIENT link local: (not bound)
2024-03-20 21:31:31 TCP_CLIENT link remote: [AF_INET]149.102.245.66:1194
2024-03-20 21:31:31 TLS: Initial packet from [AF_INET]149.102.245.66:1194, sid=7567e969 83e213d6
2024-03-20 21:31:31 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-03-20 21:31:31 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
2024-03-20 21:31:31 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
2024-03-20 21:31:31 VERIFY KU OK
2024-03-20 21:31:31 Validating certificate extended key usage
2024-03-20 21:31:31 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-03-20 21:31:31 VERIFY EKU OK
2024-03-20 21:31:31 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mrs-411.windscribe.com
2024-03-20 21:31:31 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mrs-411.windscribe.com
2024-03-20 21:31:31 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2024-03-20 21:31:31 [mrs-411.windscribe.com] Peer Connection Initiated with [AF_INET]149.102.245.66:1194
2024-03-20 21:31:32 SENT CONTROL [mrs-411.windscribe.com]: 'PUSH_REQUEST' (status=1)
2024-03-20 21:31:32 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,rcvbuf 0,sndbuf 0,route-gateway 10.130.148.1,topology subnet,ping 5,ping-restart 60,dhcp-option DNS 10.255.255.3,ifconfig 10.130.148.14 255.255.252.0,peer-id 0,cipher AES-256-GCM'
2024-03-20 21:31:32 OPTIONS IMPORT: timers and/or timeouts modified
2024-03-20 21:31:32 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2024-03-20 21:31:32 Socket Buffers: R=[131072->131072] S=[87040->87040]
2024-03-20 21:31:32 OPTIONS IMPORT: --ifconfig/up options modified
2024-03-20 21:31:32 OPTIONS IMPORT: route options modified
2024-03-20 21:31:32 OPTIONS IMPORT: route-related options modified
2024-03-20 21:31:32 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-03-20 21:31:32 OPTIONS IMPORT: peer-id set
2024-03-20 21:31:32 OPTIONS IMPORT: adjusting link_mtu to 1626
2024-03-20 21:31:32 OPTIONS IMPORT: data channel crypto options modified
2024-03-20 21:31:32 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-03-20 21:31:32 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-03-20 21:31:32 net_route_v4_best_gw query: dst 0.0.0.0
2024-03-20 21:31:32 net_route_v4_best_gw result: via 172.17.0.1 dev eth0
2024-03-20 21:31:32 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02
2024-03-20 21:31:32 TUN/TAP device tun0 opened
2024-03-20 21:31:32 net_iface_mtu_set: mtu 1500 for tun0
2024-03-20 21:31:32 net_iface_up: set tun0 up
2024-03-20 21:31:32 net_addr_v4_add: 10.130.148.14/22 dev tun0
2024-03-20 21:31:32 net_route_v4_add: 149.102.245.66/32 via 172.17.0.1 dev [NULL] table 0 metric -1
2024-03-20 21:31:32 net_route_v4_add: 0.0.0.0/1 via 10.130.148.1 dev [NULL] table 0 metric -1
2024-03-20 21:31:32 net_route_v4_add: 128.0.0.0/1 via 10.130.148.1 dev [NULL] table 0 metric -1
Up script executed with device=tun0 ifconfig_local=10.130.148.14
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.130.148.14
Using Flood for Transmission UI, overriding TRANSMISSION_WEB_HOME
Transmission will run as
User name: root
User uid: 0
User gid: 0
Updating Transmission settings.json with values from env variables
Attempting to use existing settings.json for Transmission
Successfully used existing settings.json /config/transmission-home/settings.json
Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.130.148.14
Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /data/completed
Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /data/incomplete
Overriding rpc-password because TRANSMISSION_RPC_PASSWORD is set to [REDACTED]
Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091
Overriding rpc-username because TRANSMISSION_RPC_USERNAME is set to
Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /data/watch
sed'ing True to true
STARTING TRANSMISSION
Transmission startup script complete.
2024-03-20 21:31:32 Initialization Sequence Completed
HW/SW Environment
- OS:debian 12
- Docker: 25.0.4, build 1a576c5
Anything else?
No response
The text was updated successfully, but these errors were encountered:
Is there a pinned issue for this?
Is there an existing or similar issue/discussion for this?
Is there any comment in the documentation for this?
Is this related to a provider?
Are you using the latest release?
Have you tried using the dev branch latest?
Docker run config used
docker run --cap-add=NET_ADMIN -d
--name transmission
--restart=unless-stopped
-v /DATA/Torrents:/data
-v /DATA/Transmission:/config
-e OPENVPN_PROVIDER=WINDSCRIBE
-e OPENVPN_CONFIG=Marseille-LaMarseillaise-tcp
-e OPENVPN_USERNAME=nice
-e OPENVPN_PASSWORD=try
-e LOCAL_NETWORK=192.168.1.0/24
-e ENABLE_UFW=true
-e TRANSMISSION_WEB_UI=flood-for-transmission
-e TRANSMISSION_PEER_PORT=10398
--log-driver json-file
--log-opt max-size=10m
-p 9091:9091
haugene/transmission-openvpn
Current Behavior
Firewall is not aware of the peer port set in transmission configuration ; it requires the TRANSMISSION_PEER_PORT docker environment variable. With only ENABLE_UFW=true and a custom port set through the web ui, the port is closed.
Expected Behavior
Either make firewall aware of transmission configuration, or write a warning in the documentation that TRANSMISSION_PEER_PORT is required for custom ports
How have you tried to solve the problem?
Either set ENABLE_UFW=false and set peer port in the web ui
Or set ENABLE_UFW=true and specify peer port through additional TRANSMISSION_PEER_PORT docker environment variable
Log output
Starting container with revision: 07f5a2b
TRANSMISSION_HOME is currently set to: /config/transmission-home
Creating TUN device /dev/net/tun
Using OpenVPN provider: WINDSCRIBE
Running with VPN_CONFIG_SOURCE auto
No bundled config script found for WINDSCRIBE. Defaulting to external config
Will get configs from https://github.com/haugene/vpn-configs-contrib.git
Repository is already cloned, checking for update
Already up to date.
Already on 'main'
Your branch is up to date with 'origin/main'.
Found configs for WINDSCRIBE in /config/vpn-configs-contrib/openvpn/windscribe, will replace current content in /etc/openvpn/windscribe
Starting OpenVPN using config Marseille-LaMarseillaise-tcp.ovpn
Modifying /etc/openvpn/windscribe/Marseille-LaMarseillaise-tcp.ovpn for best behaviour in this container
Modification: Point auth-user-pass option to the username/password file
Modification: Change ca certificate path
Modification: Change ping options
Modification: Update/set resolv-retry to 15 seconds
Modification: Change tls-crypt keyfile path
Modification: Set output verbosity to 3
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
Modification: Updating status for config failure detection
Setting OpenVPN credentials...
enabling firewall
Firewall is active and enabled on system startup
allowing 172.17.0.1 through the firewall to port 9091
Rule added
adding route to local network 192.168.1.0/24 via 172.17.0.1 dev eth0
allowing 192.168.1.0/24 through the firewall to port 9091
Rule added
2024-03-20 21:31:31 Note: Treating option '--ncp-ciphers' as '--data-ciphers' (renamed in OpenVPN 2.5).
2024-03-20 21:31:31 OpenVPN 2.5.9 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
2024-03-20 21:31:31 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
2024-03-20 21:31:31 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2024-03-20 21:31:31 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-20 21:31:31 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2024-03-20 21:31:31 TCP/UDP: Preserving recently used remote address: [AF_INET]149.102.245.66:1194
2024-03-20 21:31:31 Socket Buffers: R=[131072->131072] S=[16384->16384]
2024-03-20 21:31:31 Attempting to establish TCP connection with [AF_INET]149.102.245.66:1194 [nonblock]
2024-03-20 21:31:31 TCP connection established with [AF_INET]149.102.245.66:1194
2024-03-20 21:31:31 TCP_CLIENT link local: (not bound)
2024-03-20 21:31:31 TCP_CLIENT link remote: [AF_INET]149.102.245.66:1194
2024-03-20 21:31:31 TLS: Initial packet from [AF_INET]149.102.245.66:1194, sid=7567e969 83e213d6
2024-03-20 21:31:31 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2024-03-20 21:31:31 VERIFY OK: depth=2, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X1
2024-03-20 21:31:31 VERIFY OK: depth=1, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=Windscribe Node CA X2
2024-03-20 21:31:31 VERIFY KU OK
2024-03-20 21:31:31 Validating certificate extended key usage
2024-03-20 21:31:31 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2024-03-20 21:31:31 VERIFY EKU OK
2024-03-20 21:31:31 VERIFY X509NAME OK: C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mrs-411.windscribe.com
2024-03-20 21:31:31 VERIFY OK: depth=0, C=CA, ST=ON, L=Toronto, O=Windscribe Limited, OU=Systems, CN=mrs-411.windscribe.com
2024-03-20 21:31:31 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA256
2024-03-20 21:31:31 [mrs-411.windscribe.com] Peer Connection Initiated with [AF_INET]149.102.245.66:1194
2024-03-20 21:31:32 SENT CONTROL [mrs-411.windscribe.com]: 'PUSH_REQUEST' (status=1)
2024-03-20 21:31:32 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,rcvbuf 0,sndbuf 0,route-gateway 10.130.148.1,topology subnet,ping 5,ping-restart 60,dhcp-option DNS 10.255.255.3,ifconfig 10.130.148.14 255.255.252.0,peer-id 0,cipher AES-256-GCM'
2024-03-20 21:31:32 OPTIONS IMPORT: timers and/or timeouts modified
2024-03-20 21:31:32 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2024-03-20 21:31:32 Socket Buffers: R=[131072->131072] S=[87040->87040]
2024-03-20 21:31:32 OPTIONS IMPORT: --ifconfig/up options modified
2024-03-20 21:31:32 OPTIONS IMPORT: route options modified
2024-03-20 21:31:32 OPTIONS IMPORT: route-related options modified
2024-03-20 21:31:32 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2024-03-20 21:31:32 OPTIONS IMPORT: peer-id set
2024-03-20 21:31:32 OPTIONS IMPORT: adjusting link_mtu to 1626
2024-03-20 21:31:32 OPTIONS IMPORT: data channel crypto options modified
2024-03-20 21:31:32 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-03-20 21:31:32 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2024-03-20 21:31:32 net_route_v4_best_gw query: dst 0.0.0.0
2024-03-20 21:31:32 net_route_v4_best_gw result: via 172.17.0.1 dev eth0
2024-03-20 21:31:32 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02
2024-03-20 21:31:32 TUN/TAP device tun0 opened
2024-03-20 21:31:32 net_iface_mtu_set: mtu 1500 for tun0
2024-03-20 21:31:32 net_iface_up: set tun0 up
2024-03-20 21:31:32 net_addr_v4_add: 10.130.148.14/22 dev tun0
2024-03-20 21:31:32 net_route_v4_add: 149.102.245.66/32 via 172.17.0.1 dev [NULL] table 0 metric -1
2024-03-20 21:31:32 net_route_v4_add: 0.0.0.0/1 via 10.130.148.1 dev [NULL] table 0 metric -1
2024-03-20 21:31:32 net_route_v4_add: 128.0.0.0/1 via 10.130.148.1 dev [NULL] table 0 metric -1
Up script executed with device=tun0 ifconfig_local=10.130.148.14
Updating TRANSMISSION_BIND_ADDRESS_IPV4 to the ip of tun0 : 10.130.148.14
Using Flood for Transmission UI, overriding TRANSMISSION_WEB_HOME
Transmission will run as
User name: root
User uid: 0
User gid: 0
Updating Transmission settings.json with values from env variables
Attempting to use existing settings.json for Transmission
Successfully used existing settings.json /config/transmission-home/settings.json
Overriding bind-address-ipv4 because TRANSMISSION_BIND_ADDRESS_IPV4 is set to 10.130.148.14
Overriding download-dir because TRANSMISSION_DOWNLOAD_DIR is set to /data/completed
Overriding incomplete-dir because TRANSMISSION_INCOMPLETE_DIR is set to /data/incomplete
Overriding rpc-password because TRANSMISSION_RPC_PASSWORD is set to [REDACTED]
Overriding rpc-port because TRANSMISSION_RPC_PORT is set to 9091
Overriding rpc-username because TRANSMISSION_RPC_USERNAME is set to
Overriding watch-dir because TRANSMISSION_WATCH_DIR is set to /data/watch
sed'ing True to true
STARTING TRANSMISSION
Transmission startup script complete.
2024-03-20 21:31:32 Initialization Sequence Completed
HW/SW Environment
Anything else?
No response
The text was updated successfully, but these errors were encountered: