GUIDE: Setting up Transmission with OpenVPN and PIA

[Glorious1]

It's not in that directory and I am not sure why..So I ran the script as I could not find my issue and after running script same problems
same error openvpn does not exist in directory

I don't have access to my server for a few days so can't look at that directory. But I think rc.d holds scripts for starting and stopping services. I imagine there should be an openvpn script there.

My guess is that something got fouled up in your first attempt, and the effects survive redoing it. Grasping at straws, but you might try deleting /var/db/ports/security_openvpn/options and then try rebuilding openvpn as in step 10 of the original post (don't worry about the password option if you don't see it).

 

[d_mega_one]

Thanks for replying, I have not tried any thing since my last post as not sure how to start over..
I think I have an issue on step 10 where you do a clean install of open vpn..i have errors

1. ##Step 10: Make a clean install which allows us to set the option of a password file.
2. root@transmission_1:/usr/ports/security/openvpn # make install clean

I have attached a couple of photo's that dictate errors..hopefully someone see's what I am doing wrong..

Thanks for all the help much appreciated

 

[Glorious1]

I can't see the whole width there and not sure of the context. Can you just copy and paste the text from your terminal? Anyway, clearly openvpn installation is failing. There's something there about reporting it to the openvpn user list - I would try that.

If worse comes to worst you could just start over with a new jail and follow steps carefully. I bet that would work.

 

[Eric Hendriks]

Anyone a clue for the following error during the make install step:

make check-TESTS
./t_client.sh: cannot find 't_client.rc' in build dir ('..')
./t_client.sh: or source directory ('.'). SKIPPING TEST.
SKIP: t_client.sh
Shared object "liblzo2.so.2" not found, required by "openvpn"
Shared object "liblzo2.so.2" not found, required by "openvpn"
FAIL: t_lpback.sh
The following test will take about two minutes.
If the addresses are in use, this test will retry up to two times.
Shared object "liblzo2.so.2" not found, required by "openvpn"
Shared object "liblzo2.so.2" not found, required by "openvpn"
FAIL: t_cltsrv.sh
====================================================
2 of 2 tests failed
(1 test was not run)
Please report to openvpn-users@lists.sourceforge.net
====================================================
*** [check-TESTS] Error code 1
1 error
*** [check-am] Error code 2
1 error
*** [check-recursive] Error code 1
1 error
*** [check] Error code 2
1 error
*** [post-build] Error code 2
Stop in /usr/ports/security/openvpn.
*** [install] Error code 1
Stop in /usr/ports/security/openvpn.

A find for liblzo2.so.2 results in:
/usr/local/lib/liblzo2.so.2

 

[Eric Hendriks]

Fixed! Had to do with 777 permissions on my /usr/local/lib directory. Setting them to 755 and performing ldconfig fixed this issue.

 

[d_mega_one]

Hello,

Anyone seen this error looks close to Eric Hendriks but not sure if the same as not exact.. Any help would be great..

Fri Jan 15 21:26:17 2016 OpenVPN 2.3.10 amd64-portbld-freebsd9.2 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jan 15 2016
Fri Jan 15 21:26:17 2016 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Fri Jan 15 21:26:17 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 15 21:26:17 2016 OpenVPN 2.3.10 amd64-portbld-freebsd9.2 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jan 15 2016
Fri Jan 15 21:26:17 2016 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Fri Jan 15 21:26:17 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 15 21:26:17 2016 WARNING: file 'sample-keys/client.key' is group or others accessible
Fri Jan 15 21:26:17 2016 Socket Buffers: R=[42080->42080] S=[9216->9216]
Fri Jan 15 21:26:17 2016 UDPv6 link local (bound): [AF_INET6]::1:16101
Fri Jan 15 21:26:17 2016 UDPv6 link remote: [AF_INET6]::1:16100
Fri Jan 15 21:26:17 2016 Diffie-Hellman initialized with 2048 bit key
Fri Jan 15 21:26:17 2016 WARNING: file 'sample-keys/server.key' is group or others accessible
Fri Jan 15 21:27:17 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 15 21:27:17 2016 TLS Error: TLS handshake failed
Fri Jan 15 21:27:17 2016 Closing TUN/TAP interface
Fri Jan 15 21:27:17 2016 /sbin/ifconfig null destroy
ifconfig: interface null does not exist
Fri Jan 15 21:27:17 2016 FreeBSD 'destroy tun interface' failed (non-critical): external program exited with error status: 1
Fri Jan 15 21:27:17 2016 ../tests/t_cltsrv-down.sh null 1500 1541 init
Fri Jan 15 21:27:17 2016 SIGTERM[soft,tls-error] received, process exiting
FAIL: t_cltsrv.sh
====================================================
1 of 2 tests failed
(1 test was not run)
Please report to openvpn-users@lists.sourceforge.net
====================================================
*** [check-TESTS] Error code 1
1 error
*** [check-am] Error code 2
1 error
*** [check-recursive] Error code 1
1 error
*** [check] Error code 2
1 error
*** [post-build] Error code 2

Stop in /usr/ports/security/openvpn.
*** [install] Error code 1

Stop in /usr/ports/security/openvpn.

 

[joebad1]

I'm sure I'm missing something basic, since my experience with the command line is limited; but suggestions are welcome . . .

I can't get past Step 4: Installing bash. I'm using tmux on a MacBook Pro. I have ssh'd as root into the FreeNAS server, and successfully entered the transmission jail with the jexec command. When I try the next step, I get the following messages:

root@transmission_1:/ # pkg install bash
Updating FreeBSD repository catalogue...
pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
pkg: http://pkg.FreeBSD.org/freebsd:9:x86:64/latest/meta.txz: No address record
pkg: repository FreeBSD has no meta file, using default settings
pkg: http://pkg.FreeBSD.org/freebsd:9:x86:64/latest/packagesite.txz: No address record
pkg: Unable to update repository FreeBSD
All repositories are up-to-date.
pkg: Repository FreeBSD has a wrong packagesite, need to re-create database
pkg: Repository FreeBSD cannot be opened. 'pkg update' required
pkg: No packages available to install matching 'bash' have been found in the repositories
root@transmission_1:/ #

Is there a config file I need to update? It seems to be looking in the wrong location, or unable to find a location for the repository . . .

 

[joebad1]

Just figured it out. I changed my sub-net and gleefully thought all I'd have to do is change the settings in the jail. Turns out the transmission jail wasn't getting out to the internet; so it was reporting those errors listed above. After many attempts at making corrections, I ended up deleting the transmission jail and reinstalling. Weirdly, I had to edit the rc.conf file to set transmission_enable="YES" (it somehow defaulted to "NO" with the new install and wouldn't let me get to the WebGUI). Bash is installing now as I type this.

 

[Glorious1]

. Any help would be great..

You don't mention trying any of the suggestions that have been made. This discourages people from putting more effort into helping you.

 

[d_mega_one]

You don't mention trying any of the suggestions that have been made. This discourages people from putting more effort into helping you.

Hello,

Sorry I have not mentioned what I tried.. tried what Eric Hendriks posted as it seemed similar to my issues but did not help.

Also tried email openvpn via that link in the steps and it's not allowing me

So I just reinstalled the transmission jail..

started the install manually again and this the first issue
pkg: http://pkg.FreeBSD.org/freebsd:9:x86:64/latest/All/nano-2.2.6.txz: Not Found.

If i goto that url, that file is not there but nano-2.4.3.txz is so how do I install that or get 2.2.6.txz

 

[d_mega_one]

Just figured it out. I changed my sub-net and gleefully thought all I'd have to do is change the settings in the jail. Turns out the transmission jail wasn't getting out to the internet; so it was reporting those errors listed above. After many attempts at making corrections, I ended up deleting the transmission jail and reinstalling. Weirdly, I had to edit the rc.conf file to set transmission_enable="YES" (it somehow defaulted to "NO" with the new install and wouldn't let me get to the WebGUI). Bash is installing now as I type this.

Did you get a nano error like this after Bash

pkg: http://pkg.FreeBSD.org/freebsd:9:x86:64/latest/All/nano-2.2.6.txz: Not Found

 

[d_mega_one]

th

Hello,

Sorry I have not mentioned what I tried.. tried what Eric Hendriks posted as it seemed similar to my issues but did not help.

Also tried email openvpn via that link in the steps and it's not allowing me

So I just reinstalled the transmission jail..

started the install manually again and this the first issue
pkg: http://pkg.FreeBSD.org/freebsd:9:x86:64/latest/All/nano-2.2.6.txz: Not Found.

If i goto that url, that file is not there but nano-2.4.3.txz is so how do I install that or get 2.2.6.txz

this is step 5..so not sure how to pull the new file as it generates the pkg url automatically

 

[d_mega_one]

So got the update pkg's and bash, nano are installed and updated.. so able to get to step 10 and not working..

Just now stuck at the openvpn, clean install.. step 10

Fri Jan 15 21:26:17 2016 OpenVPN 2.3.10 amd64-portbld-freebsd9.2 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jan 15 2016
Fri Jan 15 21:26:17 2016 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Fri Jan 15 21:26:17 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 15 21:26:17 2016 OpenVPN 2.3.10 amd64-portbld-freebsd9.2 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jan 15 2016
Fri Jan 15 21:26:17 2016 library versions: OpenSSL 0.9.8y 5 Feb 2013, LZO 2.09
Fri Jan 15 21:26:17 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 15 21:26:17 2016 WARNING: file 'sample-keys/client.key' is group or others accessible
Fri Jan 15 21:26:17 2016 Socket Buffers: R=[42080->42080] S=[9216->9216]
Fri Jan 15 21:26:17 2016 UDPv6 link local (bound): [AF_INET6]::1:16101
Fri Jan 15 21:26:17 2016 UDPv6 link remote: [AF_INET6]::1:16100
Fri Jan 15 21:26:17 2016 Diffie-Hellman initialized with 2048 bit key
Fri Jan 15 21:26:17 2016 WARNING: file 'sample-keys/server.key' is group or others accessible
Fri Jan 15 21:27:17 2016 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Fri Jan 15 21:27:17 2016 TLS Error: TLS handshake failed
Fri Jan 15 21:27:17 2016 Closing TUN/TAP interface
Fri Jan 15 21:27:17 2016 /sbin/ifconfig null destroy
ifconfig: interface null does not exist
Fri Jan 15 21:27:17 2016 FreeBSD 'destroy tun interface' failed (non-critical): external program exited with error status: 1
Fri Jan 15 21:27:17 2016 ../tests/t_cltsrv-down.sh null 1500 1541 init
Fri Jan 15 21:27:17 2016 SIGTERM[soft,tls-error] received, process exiting
FAIL: t_cltsrv.sh
====================================================
1 of 2 tests failed
(1 test was not run)
Please report to openvpn-users@lists.sourceforge.net
====================================================
*** [check-TESTS] Error code 1
1 error
*** [check-am] Error code 2
1 error
*** [check-recursive] Error code 1
1 error
*** [check] Error code 2
1 error
*** [post-build] Error code 2

Stop in /usr/ports/security/openvpn.
*** [install] Error code 1

Stop in /usr/ports/security/openvpn.

 

[joebad1]

Did you get a nano error like this after Bash

pkg: http://pkg.FreeBSD.org/freebsd:9:x86:64/latest/All/nano-2.2.6.txz: Not Found

I don't believe so (at least I don't remember seeing that). Nano loaded fine after I made the corrections and the jail could see the internet again. Is there a log file I can check to see that?

 

[Glorious1]

Here's my personal script, it is based on eric's but it reads credentials from a file. Where line 1 is username, line 2 is password and line 3 is the generated client id.

This is a much simplified script. I had earlier spent hours modifying the script PIA provides so it would work on FreeBSD, but this is better.

I have a question though. Normally my router blocks incoming ports. So before VPN/port forwarding, I would forward the Transmission listening port from the router to Transmission. If I don't do that, the Transmission remote app tells me the port is closed when I test it.

Now, with VPN port forwarding, the port number is out of my control. Is there any way to add something to the script that would tell the router to forward that same port? It's a Motorola SBG6580, I don't know if it has any controls other than the web gui.

Or am I missing something entirely? I don't see anyone else mentioning this problem. Now that I check again, Transmission reports the port is open even when I disable the router forwarding.

 

[UF8FF]

For the guys using port forwarding, I would like to let you know that the script on pg 2 is creating a new client id every time it runs, making PIA think you're using a different client, changing your port assignments.

To fix this run this in any terminal:

Code:

head -n 100 /dev/urandom | md5sum | tr -d " -"

Then replace the client_id value in lines 45 and 49 with the output of the command.

You will need to run the script at least once an hour so the port doesn't change. If you do this your port should only change if you get a new IP address assigned.

Here's my personal script, it is based on eric's but it reads credentials from a file. Where line 1 is username, line 2 is password and line 3 is the generated client id.

Code:

#! /usr/local/bin/bash
#
# Script based on Eric Rudd's script at https://forums.freenas.org/index.php?threads/guide-setting-up-transmission-with-openvpn-and-pia.24566/page-2#post-174778
#
# Make sure you have a file named piacreds in the same directory as the script
# 1st line of the file is pia username, 2nd password and third client id
#
# to generate a new client id run
#   head -n 100 /dev/urandom | md5sum | tr -d " -"
# in any terminal
#

SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

PROGRAM=`basename $0`
USER=`head -n 1 $SCRIPTDIR/piacreds`
PASSWORD=`head -n 2 $SCRIPTDIR/piacreds | tail -1`
CLIENT_ID=`head -n 3 $SCRIPTDIR/piacreds | tail -1`

local_ip=`ifconfig tun0 | grep "inet " | cut -d\  -f2|tee /tmp/vpn_ip`
json=`wget --no-check-certificate -q --post-data="user=$USER&pass=$PASSWORD&client_id=$CLIENT_ID&local_ip=$local_ip" -O - "https://www.privateinternetaccess.com/vpninfo/port_forward_assignment"  | head -1`
PORTNUM=`echo $json | grep -oE "[0-9]+"`
echo $PORTNUM
transmission-remote -p $PORTNUM

exit 0

If you don't want to use a separate file you can just replace the values in the script.

Is there an easy way to make this run on boot? I'm new to FreeBSD but my spidey-sense is saying it has something to do with rc.conf.

 

[Nodja]

Or am I missing something entirely? I don't see anyone else mentioning this problem. Now that I check again, Transmission reports the port is open even when I disable the router forwarding

You don't need to open the port in the router, incoming connections are trying to connect to the VPN's external IP, this means that all packets come through the VPN tunnel, the port forwarding needs to be done on the VPN's "router" which is what the wget in the script does.

Is there an easy way to make this run on boot? I'm new to FreeBSD but my spidey-sense is saying it has something to do with rc.conf.

I just set a cron job to run it every 30 minutes. You need to, otherwise PIA will release your port and you'll lose port forwarding (make sure you run it once an hour at least). You can do that in the FreeNAS interface. I don't restart my FreeNAS often, but if I do I just run the script manually or wait the 30 minutes. If you still want to run this on boot the best way to go about it is to edit /usr/local/etc/rc.d/transmission and under the line that says start_precmd=transmission_prestart put

Code:

 start_postcmd="sh /yourscriptsdir/portforward.sh" 

you'll also need to edit the portforward script itself to hardcode some stuff because rc.d won't use the PATH.

 

[Glorious1]

. . . . otherwise PIA will release your port and you'll lose port forwarding . . .

Thanks Nodja, good info. How do you tell if port forwarding is actually working, or if PIA is forwarding or has released your port?

 

[Nodja]

You can double check by running

Code:

transmission-remote --port-test

on the jail.

 

[Glorious1]

You can double check by running

Code:

transmission-remote --port-test

on the jail.

OK, that must be the same as testing the port using Transmission Remote GUI. I had no idea that would work for a remote forward. Thanks!