Jump to content
Not connected, Your IP: 18.191.195.180
princesskenny

Hummingbird unofficial Docker image

Recommended Posts

Hi @Snuffy2!

You have to REPLACE the part

<hummingbird-command-options>
in the samples with whatever options you want to pass to the hummingbird client. Everything specified after the image name of the docker run command will be passed through to the client starting inside the container.

I have no clue though, where and how those options are specified in a docker-compose file… but if you use Google to search for „specifying options for entrypoint in docker-compose“ you might find out, how that is accomplished!

Regards, Frank

Share this post


Link to post
@fschaeck

iirc i was just referring to the fact that the vpn network did not have proper external firewall rules.  if you have examined the wg wan firewall to your satisfaction you can disregard that comment.

Share this post


Link to post
Posted ... (edited)
On 4/7/2022 at 11:33 AM, fschaeck said:

I updated the Docker image to use Hummingbird 1.2.0 that was just released!

See https://github.com/fschaeck/AirVPN-hummingbird-docker for details and https://hub.docker.com/repository/docker/fschaeckermann/airvpn-hummingbird for ready-to-use docker images.

 

On 1/9/2022 at 5:43 PM, gaywallet said:

Wrote up a quick guide on how to get this working on synology dsm 7. I get slightly better up/down using this method than built 2.4.9 client


Thank you both for your work!
I'm quite a newbie with Docker, I've tried to follow yours instructions but I think I would need some help...

Both AirVPN-Hummingbird and Jackett containers are working:
docker run -ti \
  --cap-add=NET_ADMIN \
  --sysctl net.ipv6.conf.all.disable_ipv6=0 \
  --cap-add=SYS_MODULE \
  --device /dev/net:/dev/net \
  -p 9117:9117 \
  -v /lib/modules:/lib/modules:ro \
  -v /home/media/docker/appdata/airvpn/config.ovpn:/config.ovpn:ro \
  --name=airvpn-hummingbird \
  fschaeckermann/airvpn-hummingbird \
  --verbose config.ovpn

docker run \
  --name=jackett \
  --restart unless-stopped \
  -e PUID=2120 \
  -e PGID=2020 \
  -e TZ=Americas/Toronto \
  --net=container:airvpn-hummingbird \
  -v /home/media/docker/appdata/Jackett:/config \
  -v /media/storage/downloads/torrents:/downloads \
  linuxserver/jackett
I can see Jackett is reaching the internet through VPN:
root@seedbox:~# docker exec -it jackett bash

root@7b365d31901e:/# curl checkip.amazonaws.com
79.142.69.160
But I cannot access the Jackett web page at http://192.168.1.5:9117

In my case, Docker is on Ubuntu 22.04 Server VM running on Proxmox 7 host, pfSense firewall running also as a VM on the same Proxmox host.
Any help would be appreciated, thank you!

Update 6/27/22
Currently the problem is solved by using NPM combined with the pfSense DNS Resolver, it works perfect since two weeks.
The Docker image of Hummingbird is just great!!

Edited ... by R4Rb78o4Pw6gT6
reformulate after some study :)

Share this post


Link to post

Unfortunately I am running into the same issue as well but with a service that cannot be routed through nginx. I am trying to run a privoxy service that I can use as a web proxy so my browser can access the web with the same ip as my remote server. It's been done in other "service+vpn" containers and I'll look into forking and trying myself but an environment variable to define a list of "exposed ports" or ports available to the host would make this container perfect. 

On 5/24/2022 at 9:21 PM, R4Rb78o4Pw6gT6 said:

 

But I cannot access the Jackett web page at http://192.168.1.5:9117


 

Share this post


Link to post

Does anybody have a deployed Portainer Stack using this container?

Portainer is my preference, but even using the command line I haven't been successful communicating with another container's web ui via airvpn-hummingbird. I'd like to get an idea of how the performance using Hummingbird compares to what I'm doing via another docker VPN client.

Using a stack like this, I can get both containers to launch, but Firefox is inaccessible on port 3000:
 

version: '3.7'

services:
    hummingbird:
        image: fschaeckermann/airvpn-hummingbird
        container_name: hummingbird
        command: --verbose config.ovpn 
        cap_add:
            - NET_ADMIN
            - SYS_MODULE
        sysctls:
            - net.ipv6.conf.all.disable_ipv6=0
        ports:
            - 3000:3000 # Firefox
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=America/Denver
        volumes:
            - /lib/modules:/lib/modules:ro
            - /dev/net:/dev/net
            - /data/hummingbird/config.ovpn:/config.ovpn

    firefox:
        image: lscr.io/linuxserver/firefox:latest
        container_name: firefox
        environment:
            - PUID=1000
            - PGID=1000
            - TZ=America/Denver
        volumes:
            - /data/firefox:/config
        shm_size: '1gb'
        network_mode: 'service:hummingbird'
        depends_on:
            - hummingbird
Adding a command like --bypass-vpn 192.168.110.0/24 allows me to ping devices on my LAN from the hummingbird container's sh console, but I still can't reach port 3000 -- which should allow me to access the web ui of my Firefox container.
 

Share this post


Link to post

Hello,


I installed the docker image with:
docker run -ti -p 9117:9117 --cap-add=NET_ADMIN --sysctl net.ipv6.conf.all.disable_ipv6=0 --cap-add=SYS_MODULE -v /lib/modules:/lib/modules:ro --device /dev/net:/dev/net -v config:/config:ro --name=airvpn-hummingbird fschaeckermann/airvpn-hummingbird --network-lock --ncp-disable --cipher CHACHA20-POLY1305 /config/config.ovpn


The image is installed correctly but it doesn't look like its works as testing from docker with the command :
 
curl ipconfig.me


gives my regular IP and not the VPN ones.

On the logs I see :
 
failed with return code 256 (return code not 0)

Mon Jan  9 20:35:39.360 2023 ERROR: Cannot allow system DNS to pass through network filter

Mon Jan  9 20:35:39.362 2023 Resolved server ca3.vpn.airdns.org into IPv4 184.75.221.181

Mon Jan  9 20:35:39.362 2023 Adding IPv4 server 184.75.221.181 to network filter

iptables-restore: line 1 failed

exec_process: /sbin/iptables-legacy-restore

with input:

-A OUTPUT -d 192.168.1.1 -j ACCEPT

-A OUTPUT -d 184.75.221.181/32 -j ACCEPT

-A OUTPUT -d 192.168.1.1 -j ACCEPT

-A OUTPUT -d 184.75.221.181/32 -j ACCEPT

-A OUTPUT -d 192.168.1.1 -j ACCEPT

-A OUTPUT -d 184.75.221.181/32 -j ACCEPT

-A OUTPUT -d 192.168.1.1 -j ACCEPT

-A OUTPUT -d 184.75.221.181/32 -j ACCEPT

-A OUTPUT -d 192.168.1.1 -j ACCEPT

-A OUTPUT -d 184.75.221.181/32 -j ACCEPT

-A OUTPUT -d 192.168.1.1 -j ACCEPT

-A OUTPUT -d 184.75.221.181/32 -j ACCEPT

-A OUTPUT -j DROP

COMMIT


Iptable-restore and iptable-legacy-restore are available in /sbin

I am using Debian 11 to run the container.

Share this post


Link to post
@Rebelyouth

Hello!

We're not sure here, but one of the problems we see on your message might be a direct consequence of the infamous "translation" problem between iptables and nftables in a system based on nftables where rules are applied through iptables-nftables. In a few words, iptables-save-legacy generates a file which is wrong (some rules are translated with syntax errors). When iptables-save-restore reads the file, it detects the syntax error. Try to force Hummingbird to use nftables for the Network Lock feature with option --network-lock nftables (note: utility nft must be available to Hummingbird)

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...