GUIDE: Setting up Transmission with OpenVPN and PIA

[verinas]

I am not sure if this is an issue that I have caused or what has caused it at all but I followed the guide and it seemed to work but I woke up today and found out that none of my torrents were seeding at all. "ifconfig" showed that the tunnel was still active so I dunno.

If anyone knows how to maybe troubleshoot this I wouldn't mind knowing :)

Restart the jail. It's probably the same problem I have with mine that no one seems to be able to solve. It loses hostname resolution after a few hours. I just make a cron job to restart it every 3 hours.
warden stop transmission_1 (or whatever yours is called)
warden start transmission_1

 

[verinas]

I tried that. But, it looks like it requires starting it from CLI. I'd like a solution that boots up ready to go. I imagine it's pretty easy for someone to set up who knows the os.

It doesn't exist. Best to ditch FreeNAS and go with a windows box if that's what you are after. Took weeks to get mine working.

 

[lazybones]

Restart the jail. It's probably the same problem I have with mine that no one seems to be able to solve. It loses hostname resolution after a few hours. I just make a cron job to restart it every 3 hours.
warden stop transmission_1 (or whatever yours is called)
warden start transmission_1

Ok then that problem is solved :)

Anyone knows how to port forward on PIA?, since it's run in CLI i have no clue how to fix that.

 

[verinas]

Ok then that problem is solved :)

Anyone knows how to port forward on PIA?, since it's run in CLI i have no clue how to fix that.

You have to setup a cron job for that too. See page 13 onwards. There's a script in one of my posts that I updated and wrote some comments in so others could use it. If you can't use the CLI FreeNAS probably isn't for you - it requires a lot of tweaking.

 

[lazybones]

You have to setup a cron job for that too. See page 13 onwards. There's a script in one of my posts that I updated and wrote some comments in so others could use it. If you can't use the CLI FreeNAS probably isn't for you - it requires a lot of tweaking.

Thank you, I will have a look at it, I have no problem using CLI but I don't have much experience with scripting thats all :)

 

[verinas]

Thank you, I will have a look at it, I have no problem using CLI but I don't have much experience with scripting thats all :)

Script is done you just need to change the parts mentioned in the comments to suit your setup.

 

[lazybones]

Script is done you just need to change the parts mentioned in the comments to suit your setup.

I use Deluge, is it possible to tailor the script accordingly?

 

[verinas]

I use Deluge, is it possible to tailor the script accordingly?

Probably but you should do that in a different thread as this threads for transmission. Deluge will be a lot harder as there's no plugin.

 

[keynas]

is 30-50% cpu usage normal? seems high 4.5MB/s download speed. core i3 4150 3.5Ghz.

The script worked great!

 

[Janky Jay]

Hrm. It looks like this script (or getting openvpn working inside a jail) has been pretty successful. I'm on the latest version of FreeNAS and I can't get this to work at all. What device are you guys using (tun/tap)? I'm trying to use tun but it doesn't exist unless I create it manually outside the jail int he host. Once I do, when OpenVPN starts up, I get the following error every time:

Code:

Sat Jul 23 18:18:17 2016 OpenVPN 2.3.11 amd64-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jun  6 2016
Sat Jul 23 18:18:17 2016 library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.09
Sat Jul 23 18:18:17 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jul 23 18:18:17 2016 Control Channel Authentication: tls-auth using INLINE static key file
Sat Jul 23 18:18:17 2016 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jul 23 18:18:17 2016 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jul 23 18:18:17 2016 Socket Buffers: R=[42080->524288] S=[9216->524288]
Sat Jul 23 18:18:17 2016 UDPv4 link local: [undef]
Sat Jul 23 18:18:17 2016 UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1195
Sat Jul 23 18:18:17 2016 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1195, sid=1fd8b08c 3c11b001
Sat Jul 23 18:18:18 2016 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Sat Jul 23 18:18:18 2016 VERIFY OK: nsCertType=SERVER
Sat Jul 23 18:18:18 2016 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server, emailAddress=support@expressvpn.com
Sat Jul 23 18:18:18 2016 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server, emailAddress=support@expressvpn.com
Sat Jul 23 18:18:18 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 23 18:18:18 2016 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jul 23 18:18:18 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jul 23 18:18:18 2016 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jul 23 18:18:18 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Sat Jul 23 18:18:18 2016 [Server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1195
Sat Jul 23 18:18:20 2016 SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
Sat Jul 23 18:18:20 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.13.0.1,route 10.13.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.13.3.138 10.13.3.137'
Sat Jul 23 18:18:20 2016 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jul 23 18:18:20 2016 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jul 23 18:18:20 2016 OPTIONS IMPORT: route options modified
Sat Jul 23 18:18:20 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jul 23 18:18:20 2016 Could not retrieve default gateway from route socket:: No such process (errno=3)
Sat Jul 23 18:18:20 2016 ROUTE: default_gateway=UNDEF
Sat Jul 23 18:18:20 2016 Cannot allocate TUN/TAP dev dynamically
Sat Jul 23 18:18:20 2016 Exiting due to fatal error

Am I just simply missing something? Anyone have any ideas?

 

[Glorious1]

I'm no expert, but I think you're doing something wrong. You don't create tun at all; it gets created or used when openVPN starts. It always uses tun0 as far as I can see. The only reason it's helpful to know that is for firewall rules if you use a firewall.

You might also find this thread helpful:
https://forums.freenas.org/index.ph...-a-jail-so-it-only-connects-to-the-vpn.18669/

 

[Janky Jay]

I'm no expert, but I think you're doing something wrong. You don't create tun at all; it gets created or used when openVPN starts. It always uses tun0 as far as I can see. The only reason it's helpful to know that is for firewall rules if you use a firewall.

You might also find this thread helpful:
https://forums.freenas.org/index.ph...-a-jail-so-it-only-connects-to-the-vpn.18669/

Hello and thanks for the reply.

Hrm. That is somewhat misleading. Does this setup also require adding firewall rules to make it work? According to the documentation on Github (linked earlier: https://github.com/amussey/FreeNAS-Transmission-OpenVPN ), this should work from within the jail without any firewall rules... Either way, I started from scratch just to be sure I hadn't tainted anything previously. From within the jail (and not first creating the "tun0" device on the host), when I run the "/etc/rc.d/transmissionvpn start" command (after the successful "make"), I get the following:

Code:

Fri Jul 29 18:26:29 2016 OpenVPN 2.3.11 amd64-portbld-freebsd9.3 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Jun  6 2016
Fri Jul 29 18:26:29 2016 library versions: OpenSSL 0.9.8za-freebsd 5 Jun 2014, LZO 2.09
Fri Jul 29 18:26:29 2016 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jul 29 18:26:29 2016 Control Channel Authentication: tls-auth using INLINE static key file
Fri Jul 29 18:26:29 2016 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 29 18:26:29 2016 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 29 18:26:29 2016 Socket Buffers: R=[42080->524288] S=[9216->524288]
Fri Jul 29 18:26:29 2016 UDPv4 link local: [undef]
Fri Jul 29 18:26:29 2016 UDPv4 link remote: [AF_INET]XX.XX.XX.XX:1195
Fri Jul 29 18:26:29 2016 TLS: Initial packet from [AF_INET]XX.XX.XX.XX:1195, sid=9acc2653 8edee136
Fri Jul 29 18:26:29 2016 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Fri Jul 29 18:26:29 2016 VERIFY OK: nsCertType=SERVER
Fri Jul 29 18:26:29 2016 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server, emailAddress=support@expressvpn.com
Fri Jul 29 18:26:29 2016 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server, emailAddress=support@expressvpn.com
Fri Jul 29 18:26:30 2016 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jul 29 18:26:30 2016 Data Channel Encrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 29 18:26:30 2016 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Fri Jul 29 18:26:30 2016 Data Channel Decrypt: Using 512 bit message hash 'SHA512' for HMAC authentication
Fri Jul 29 18:26:30 2016 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Fri Jul 29 18:26:30 2016 [Server] Peer Connection Initiated with [AF_INET]XX.XX.XX.XX:1195
Fri Jul 29 18:26:32 2016 SENT CONTROL [Server]: 'PUSH_REQUEST' (status=1)
Fri Jul 29 18:26:32 2016 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.13.0.1,route 10.13.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.13.4.102 10.13.4.101'
Fri Jul 29 18:26:32 2016 OPTIONS IMPORT: timers and/or timeouts modified
Fri Jul 29 18:26:32 2016 OPTIONS IMPORT: --ifconfig/up options modified
Fri Jul 29 18:26:32 2016 OPTIONS IMPORT: route options modified
Fri Jul 29 18:26:32 2016 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Fri Jul 29 18:26:32 2016 Could not retrieve default gateway from route socket:: No such process (errno=3)
Fri Jul 29 18:26:32 2016 ROUTE: default_gateway=UNDEF
Fri Jul 29 18:26:32 2016 Cannot allocate TUN/TAP dev dynamically
Fri Jul 29 18:26:32 2016 Exiting due to fatal error

So, it seems it's the same with or without the tun0 device created on the host. I'm pretty much stumped.

 

[Glorious1]

No, you don't need a firewall to make it work. It's just added protection so that transmission can only communicate through the VPN. Otherwise, if the VPN stops working, transmission will just switch to the direct internet connection.

What is "transmissionvpn"? That doesn't sound like something I've seen in these threads. But there are so many variations, I think you would have to list all the steps you did before someone could figure out what the problem is. For starters, you could post these (inside jail) to see if anything obvious is amiss:
Long file list for /usr/local/etc/openvpn
Contents of the file /etc/rc.conf

Did you turn on the transmission plugin in the FreeNAS WebGUI?
Here's what I do inside the jail command line to start or stop things:
openvpn: service openvpn start/stop
transmission: service transmission start/stop/restart

 

[Trapizomba]

Script not working at FreeNAS-9.10-STABLE-201606270534 (dd17351)...

root@transmission_1:/ # service -e
/etc/rc.d/cleanvar
/etc/rc.d/newsyslog
/etc/rc.d/syslogd
/etc/rc.d/virecover
/usr/local/etc/rc.d/transmission
/etc/rc.d/motd
/etc/rc.d/cron

My rc.conf of the transmission jail:

Code:

portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="transmission_1"
hostname="transmission_1"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"
transmission_download_dir=""
transmission_enable="YES"
transmission_conf_dir="/var/db/transmission"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/Brazil.ovpn"

root@transmission_1:/ # service openvpn status
openvpn does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)
root@transmission_1:/ # service openvpn start
openvpn does not exist in /etc/rc.d or the local startup
directories (/usr/local/etc/rc.d)
root@transmission_1:/ #

 

[Glorious1]

I suggest nuking the jail and starting over, going through the individual steps instead of the script. Then you may see problems.

But before that, did you turn off and back on the jail in the FreeNAS webgui after you installed everything?

 

[Janky Jay]

No, you don't need a firewall to make it work. It's just added protection so that transmission can only communicate through the VPN. Otherwise, if the VPN stops working, transmission will just switch to the direct internet connection.

What is "transmissionvpn"? That doesn't sound like something I've seen in these threads. But there are so many variations, I think you would have to list all the steps you did before someone could figure out what the problem is. For starters, you could post these (inside jail) to see if anything obvious is amiss:
Long file list for /usr/local/etc/openvpn
Contents of the file /etc/rc.conf

Did you turn on the transmission plugin in the FreeNAS WebGUI?
Here's what I do inside the jail command line to start or stop things:
openvpn: service openvpn start/stop
transmission: service transmission start/stop/restart

I figured this much about the VPN and that makes sense. I have a separate firewall in front of all this and once I get it working I'll likely deny non-VPN traffic out from the jail. Thanks for the info.

As for the rest, the "transmissionvpn" is part of the setup that I had mentioned earlier (https://github.com/amussey/FreeNAS-Transmission-OpenVPN). Essentially it automatically installs OpenVPN in the jail, sets up some startup scripts and you're on your way. However, I don't see any difference in this setup than just simply installing OpenVPN and enabling it in the /etc/rc.conf file. Either way, it's complaining.

I actually turned off the transmission plugin in the FreeNAS WebGUI. I figured it would be best to do as you suggested and started the processes manually.

Below are the file list and contents of /etc/rc.conf as you'd requested. Thanks for the assistance!

Contents of /usr/local/etc/openvpn:

Code:

root@transmission_1:~ # ls -l /usr/local/etc/openvpn/
total 19
-rw-------  1 root  wheel  6078 Aug  4 19:14 openvpn.conf
root@transmission_1:~ #

Contents of /etc/rc.conf file:

Code:

portmap_enable="NO"
sshd_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="transmission_1"
hostname="transmission_1"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"
transmission_download_dir=""
transmission_conf_dir="/var/db/transmission"
transmissionvpn_enable="YES"
transmission_enable="NO"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
openvpn_dir="/usr/local/etc/openvpn"

 

[Janky Jay]

Script not working at FreeNAS-9.10-STABLE-201606270534 (dd17351)...



My rc.conf of the transmission jail:

Code:

portmap_enable="NO"
sshd_enable="NO"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="transmission_1"
hostname="transmission_1"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"
transmission_download_dir=""
transmission_enable="YES"
transmission_conf_dir="/var/db/transmission"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/Brazil.ovpn"

It doesn't look like you have OpenVPN installed at all. Or, at least, not from ports/pkg. What does "pkg info openvpn" return? If nothing, try "pkg install openvpn" and then try again.

 

[Janky Jay]

I figured this much about the VPN and that makes sense. I have a separate firewall in front of all this and once I get it working I'll likely deny non-VPN traffic out from the jail. Thanks for the info.

As for the rest, the "transmissionvpn" is part of the setup that I had mentioned earlier (https://github.com/amussey/FreeNAS-Transmission-OpenVPN). Essentially it automatically installs OpenVPN in the jail, sets up some startup scripts and you're on your way. However, I don't see any difference in this setup than just simply installing OpenVPN and enabling it in the /etc/rc.conf file. Either way, it's complaining.

I actually turned off the transmission plugin in the FreeNAS WebGUI. I figured it would be best to do as you suggested and started the processes manually.

Below are the file list and contents of /etc/rc.conf as you'd requested. Thanks for the assistance!

Contents of /usr/local/etc/openvpn:

Code:

root@transmission_1:~ # ls -l /usr/local/etc/openvpn/
total 19
-rw-------  1 root  wheel  6078 Aug  4 19:14 openvpn.conf
root@transmission_1:~ #

Contents of /etc/rc.conf file:

Code:

portmap_enable="NO"
sshd_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
hostname="transmission_1"
hostname="transmission_1"
devfs_enable="YES"
devfs_system_ruleset="devfsrules_common"
inet6_enable="YES"
ip6addrctl_enable="YES"
transmission_download_dir=""
transmission_conf_dir="/var/db/transmission"
transmissionvpn_enable="YES"
transmission_enable="NO"
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
openvpn_dir="/usr/local/etc/openvpn"

Okay. So, this whole time my problem was that I didn't have VIMAGE enabled... I'm an idiot...

 

[Glorious1]

Okay. So, this whole time my problem was that I didn't have VIMAGE enabled... I'm an idiot...

Apparently you used quite a different approach to installing things than I did, and I don't have time at the moment to read and understand that approach. I've never heard of VIMAGE, and my openvpn works fine.

Something strange is that your /usr/local/etc/openvpn is empty, except for openvpn.conf. When you install openvpn, all the files should end up in that directory. At a minimum, there are a couple of key files I think, and your pass.txt file with your PIA username and password. And all the server-specific files if you want to change configuration to another server. Apparently you got it to work anyway, so I wonder, where is all that stuff?

Yes, I looked over that github link, and it does things very differently. I won't be any help.

 

[lals]

Hi.

Can somebody please help me? I can't get past step 3, I type "jexec 2 tsch" and then I get the message "No such file or directory"
So I tried to delete the jail, but then I got this message "mnt/FreeNas/jails/transmission_1': Device busy"

I am logged in as root