Network Settings "Interface"? Error

General support for problems installing or using Deluge
Post Reply
dom11990
New User
New User
Posts: 2
Joined: Sat Oct 26, 2019 6:46 pm

Network Settings "Interface"? Error

Post by dom11990 »

hi all,

I'm running deluge on a pi with a vpn using interface tun0. I have iptables in place to prevent any traffic circumventing the vpn tunnel. Should I still set the interface field in the settings to tun0? Whenever I try to enter something I get the following error:

(for example, here I used tun0 which is what ifconfig tells me the vpn is on)

Code: Select all

Unhandled Error
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/deluge/main.py", line 241, in start_daemon
    Daemon(options, args)
  File "/usr/lib/python2.7/dist-packages/deluge/core/daemon.py", line 180, in __init__
    reactor.run()
  File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 1267, in run
    self.mainLoop()
  File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 1276, in mainLoop
    self.runUntilCurrent()
--- <exception caught here> ---
  File "/usr/lib/python2.7/dist-packages/twisted/internet/base.py", line 902, in runUntilCurrent
    call.func(*call.args, **call.kw)
  File "/usr/lib/python2.7/dist-packages/deluge/core/preferencesmanager.py", line 267, in _on_set_listen_interface
    self._on_set_random_port("random_port", self.config["random_port"])
  File "/usr/lib/python2.7/dist-packages/deluge/core/preferencesmanager.py", line 285, in _on_set_random_port
    self.session.listen_on(listen_ports[0], listen_ports[1], str(self.config["listen_interface"]).strip())
exceptions.RuntimeError: Invalid argument
thanks for any insights!

cheers
dom
Top
boredazfcuk
Member
Member
Posts: 22
Joined: Sun Jun 16, 2019 10:08 pm

Re: Network Settings "Interface"? Error

Post by boredazfcuk »

I have iptables in place to prevent any traffic circumventing the vpn tunnel.
I'm gonna guess you've configured a default policy to block all outgoing traffic that doesn't have a matching iptables rule?

If you have, do your iptables rules allow Deluge's outbound traffic to go out via the tun0 device?

I have the tun0 adapter set as my outgoing adapter and it works fine for me (Deluge 2.0.3 though). My iptables rules are configured like this:

These are added before the tunnel comes up

Code: Select all

echo "$(date '+%c') Adding pre-tunnel incoming and outgoing rules for Deluge"
LANIP="$(hostname -i)"
LANADAPTER="$(ip a | grep eth.$ | awk '{print $7}')"
LANIPSUBNET="$(ip -4 r | grep "${LANIP}" | awk '{print $1}')"
iptables -A INPUT -i "${LANADAPTER}" -s "${LANIPSUBNET}" -d "${LANIP}" -p tcp --dport 8112 -j ACCEPT
iptables -A OUTPUT -m owner --gid-owner "${DELUGEGID}" -j ACCEPT
These are added after the tunnel is up (as it needs the dynamically assigned VPN IP Address)

Code: Select all

echo "$(date '+%c') Adding post-tunnel incoming and outgoing rules for Deluge"
VPNIP="$(ip a | grep tun.$ | awk '{print $2}')"
VPNADAPTER="$(ip a | grep tun.$ | awk '{print $7}')"
iptables -A INPUT -i "${VPNADAPTER}" -d "${VPNIP}" -p tcp --dport 44444:55555 -j ACCEPT
iptables -A OUTPUT -o "${VPNADAPTER}" -s "${VPNIP}" -p tcp --sport 44444:55555 -j ACCEPT
iptables -A INPUT -i "${VPNADAPTER}" -d "${VPNIP}" -p udp --dport 53160 -j ACCEPT
iptables -A INPUT -i "${VPNADAPTER}" -s "${VPNIP}" -p udp --dport 6771 -j ACCEPT
Top
dom11990
New User
New User
Posts: 2
Joined: Sat Oct 26, 2019 6:46 pm

Re: Network Settings "Interface"? Error

Post by dom11990 »

Hey,

Why do you need the IP of your VPN adapter? Is it not sufficient to restrict the traffic to tun? It is as you said, my default policy is drop with exceptions for tun and local traffic (the XXX.XXX.XXX.0 entry below). These tables are persistent so I don't need to make any changes on reboot. After the VPN goes up I call a script to get a forwarded port from my VPN with which I start deluged. If My VPN goes out intermittently, traffic drops immediately. The two ports I allow are needed for my VPN connection. Did I oversee something? I get a green light when I click "Test Active Port" and I have no problem connecting to peers. I was just curious about what the purpose of the interface field is. So it is to bind deluge traffic to a specific network interface?

iptables for comparison

Code: Select all

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -s XXX.XXX.XXX.0/24 -j ACCEPT
-A INPUT -p udp -m udp --sport 53 -j ACCEPT
-A INPUT -p udp -m udp --sport 1198 -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d XXX.XXX.XXX.0/24 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 1198 -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT

As per the error I'm getting... I'm still on 1.3.15, maybe this has something to do with it?
Top
boredazfcuk
Member
Member
Posts: 22
Joined: Sun Jun 16, 2019 10:08 pm

Re: Network Settings "Interface"? Error

Post by boredazfcuk »

dom11990 wrote: Why do you need the IP of your VPN adapter? Is it not sufficient to restrict the traffic to tun? It is as you said, my default policy is drop with exceptions for tun and local traffic (the XXX.XXX.XXX.0 entry below). These tables are persistent so I don't need to make any changes on reboot. After the VPN goes up I call a script to get a forwarded port from my VPN with which I start deluged. If My VPN goes out intermittently, traffic drops immediately. The two ports I allow are needed for my VPN connection. Did I oversee something? I get a green light when I click "Test Active Port" and I have no problem connecting to peers. I was just curious about what the purpose of the interface field is. So it is to bind deluge traffic to a specific network interface?

As per the error I'm getting... I'm still on 1.3.15, maybe this has something to do with it?
I use the IP and the adapter in my rules because it matches the traffic more accurately. The more accurate the match, the more secure it will be.

I have my iptables default policies set to ACCEPT, but rules to direct unmatched traffic to logging chains:

Code: Select all

   echo "$(date '+%c') Create logging chains"
   iptables -N LOG_IN
   iptables -N LOG_FW
   iptables -N LOG_OUT

   echo "$(date '+%c') Create chain rules"
   iptables -A LOG_IN -j NFLOG --nflog-group 0 --nflog-prefix "IN DENY  : "
   iptables -A LOG_IN -j DROP
   iptables -A LOG_FW -j NFLOG --nflog-group 0 --nflog-prefix "FW DENY  : "
   iptables -A LOG_FW -j DROP
   iptables -A LOG_OUT -j NFLOG --nflog-group 0 --nflog-prefix "OUT ALLOW: "
   iptables -A LOG_OUT -j ACCEPT

   echo "$(date '+%c') Enable chains"
   iptables -A INPUT -j LOG_IN
   iptables -A FORWARD -j LOG_FW
   iptables -A OUTPUT -j LOG_OUT
Helps a lot when building a highly specific rule-set. Also might show you if there's a specific type of traffic which is triggering your issue.
Top
boredazfcuk
Member
Member
Posts: 22
Joined: Sun Jun 16, 2019 10:08 pm

Re: Network Settings "Interface"? Error

Post by boredazfcuk »

I call a script to get a forwarded port from my VPN
Quick one, can I have a nosey at this script?

I want to do the same but haven't looked into it yet and it could save me a fair bit of time.
Top
Post Reply

Return to “Support”