pro_trouble
Dabbler
- Joined
- Oct 2, 2014
- Messages
- 10
I've been doing a lot of searching around this forum and the internet and haven't found a good solution for implementing a VPN killswitch with Transmission when using Private Internet Access (PIA) as a provider. I have come up with a hack solution that strangely seems to work well by picking through various posts. Feel free to pick it apart or provide suggestions for enhancement - I'm not an expert by any means, so I may have found an especially roundabout solution. Hopefully it can help somebody out.
I made this guide using Freenas 9.3.
First, follow this post for installing OpenVPN to work with PIA:
GUIDE: Setting up Transmission with OpenVPN and PIA
https://forums.freenas.org/index.ph...g-up-transmission-with-openvpn-and-pia.24566/
The only things I did differently from the above guide was use vim instead of nano. Nano's formatting was giving me a headache.
At this point you should have Transmission working through your OpenVPN connection. Also note, that if you stop OpenVPN:
Transmission will momentarily pause then pick right back up again... which is exactly what we don't want.
The way to fix this is to set the "bind-address-ipv4" setting in Transmission's settings.json file match to the IP in the tun0 interface setup by OpenVPN. I made a script to do this:
/media/update_bind.sh
This script gets the correct address to bin from the tun0 interface, then updates Transmission's settings.json file with this address. If OpenVPN isn't running, then it returns the localhost IP for the bind address, effectively blocking Transmission. I made this script executable by anyone, mainly because I couldn't be bothered to figure out the correct permissions:
The only issue left now is that the update doesn't work if Transmission is already running. Since I wanted this to be automatically done whenever transmission was restarted, I modified
/usr/pbi/transmission-amd64/etc/rc.d/transmission
and added the following line just before the final curly brace in transmission_prestart()
Now whenever I start or restart Transmission the settings.json file is updated with the correct bind address and Transmission stops functioning if the OpenVPN connection is lost.
The only issue here is that I haven't dealt with the order that things services start in the jail. So if transmission starts before OpenVPN, you'll have re manually restart it. Fixing that is a project for another day.
I have no expectation that this will continue to function through an upgrade to the jail or the system overall so use at your own risk.
I hope this was helpful.
I made this guide using Freenas 9.3.
First, follow this post for installing OpenVPN to work with PIA:
GUIDE: Setting up Transmission with OpenVPN and PIA
https://forums.freenas.org/index.ph...g-up-transmission-with-openvpn-and-pia.24566/
The only things I did differently from the above guide was use vim instead of nano. Nano's formatting was giving me a headache.
At this point you should have Transmission working through your OpenVPN connection. Also note, that if you stop OpenVPN:
Code:
#service stop openvpn
Transmission will momentarily pause then pick right back up again... which is exactly what we don't want.
The way to fix this is to set the "bind-address-ipv4" setting in Transmission's settings.json file match to the IP in the tun0 interface setup by OpenVPN. I made a script to do this:
/media/update_bind.sh
Code:
#!/usr/local/bin/bash VPNADDR=`ifconfig | grep -A 5 "tun" | grep "inet" | cut -f2 -d" "` if [ -z "$VPNADDR" ]; then VPNADDR=127.0.0.1 fi cat /usr/pbi/transmission-amd64/etc/transmission/home/settings.json | sed "s/.*bind-address-ipv4.*/ \"bind-address-ipv4\"\: \"$VPNADDR\",/g" > /media/settings.json chmod 600 /media/settings.json chown transmission:transmission /media/settings.json mv /media/settings.json /usr/pbi/transmission-amd64/etc/transmission/home/settings.json
This script gets the correct address to bin from the tun0 interface, then updates Transmission's settings.json file with this address. If OpenVPN isn't running, then it returns the localhost IP for the bind address, effectively blocking Transmission. I made this script executable by anyone, mainly because I couldn't be bothered to figure out the correct permissions:
Code:
chmod 755 /media/update_bind.sh
The only issue left now is that the update doesn't work if Transmission is already running. Since I wanted this to be automatically done whenever transmission was restarted, I modified
/usr/pbi/transmission-amd64/etc/rc.d/transmission
and added the following line just before the final curly brace in transmission_prestart()
Code:
/media/update_bind.sh
Now whenever I start or restart Transmission the settings.json file is updated with the correct bind address and Transmission stops functioning if the OpenVPN connection is lost.
The only issue here is that I haven't dealt with the order that things services start in the jail. So if transmission starts before OpenVPN, you'll have re manually restart it. Fixing that is a project for another day.
I have no expectation that this will continue to function through an upgrade to the jail or the system overall so use at your own risk.
I hope this was helpful.