GUIDE: Setting up Transmission with OpenVPN and PIA

[Glorious1]

I type "jexec 2 tsch" and then I get the message "No such file or directory"

It's tcsh, not tsch. Also, a shortcut: your jail is called transmission_1, so you can skip the jls step and just type jexec transmission_1 tcsh

If you really need to delete the jail, you could try stopping the transmission plugin and stopping the jail before deleting.

 

[lals]

That's embarrassing.. So when I type the commands right I got to step 10, then I got this message.
​

root@transmission_1:/usr/ports/security/openvpn # make install clean
"/usr/ports/Mk/bsd.port.mk", line 1164: UNAME_r (10.3-STABLE) and OSVERSION (903000) do not agree on major version number.
root@transmission_1:/usr/ports/security/openvpn #

 

[Glorious1]

So when I type the commands right I got to step 10, then I got this message.

root@transmission_1:/usr/ports/security/openvpn # make install clean
"/usr/ports/Mk/bsd.port.mk", line 1164: UNAME_r (10.3-STABLE) and OSVERSION (903000) do not agree on major version number.
root@transmission_1:/usr/ports/security/openvpn #

Typical cryptic error. I guess your FreeNAS version is 9.10, because you seem to have FreeBSD 10.3? I don't know what the OSVERSION is referring to. I looked at that file and can't figure out where it's getting those numbers. You might try

Code:

portsnap fetch update

 

[lals]

yes I had FreeNas version 9.10 I tried the "portsnap fetch update" but it didn't work.

So I downgraded to 9.3 reinstalled the transmission plugin and startet all over again. this time I got the blue screen, but I don't have the option
"PW_Save Interactive passwords may be read from a file"

 

[Glorious1]

So I downgraded to 9.3 reinstalled the transmission plugin and startet all over again. this time I got the blue screen, but I don't have the option
"PW_Save Interactive passwords may be read from a file"

I looked in the Makefile and found these lines:
# The following feature is always enabled since 2.3.9 and no longer optional.
# PW_SAVE_DESC= Interactive passwords may be read from a file

So that step is apparently obsolete; no longer needed.

So it seems that the current openvpn port is not up-to-date with FreeNAS 9.10. You're very bold going back to 9.3. I don't know how that stuff works, presumably one would have to ask the port maintainer about it. This might be him:

Code:

[root@transmission_1 /usr/ports/security/openvpn]# cat Makefile
# Created by: Matthias Andree <mandree@FreeBSD.org>
# $FreeBSD: head/security/openvpn/Makefile 415116 2016-05-13 16:07:26Z mandree $

 

[XanALaOM00]

I hope I am not being a troll or whatever,

Frankly I don't see why you would want to do this within a Jail setup, it's over complicating things where a firewall would do a better job of handling this task... why not simply setup your Transmission client like normal with a specific IP address of your choosing for the jail and then on your firewall use policy-based-routing to route all traffic coming from your transmission client over the VPN tunnel which is terminated at your firewall; the firewall is more-than capable of doing this and is going to handle this scenario more gracefully given you have many more options with regards of how to handle this traffic in different scenarios.

PfSense can achieve the above very easily, there's guides out there everywhere for doing it with different providers and different scenarios given your use case.

 

[Glorious1]

I hope I am not being a troll or whatever,

Frankly I don't see why you would want to do this within a Jail setup, it's over complicating things where a firewall would do a better job of handling this task... why not simply setup your Transmission client like normal with a specific IP address of your choosing for the jail and then on your firewall use policy-based-routing to route all traffic coming from your transmission client over the VPN tunnel which is terminated at your firewall; the firewall is more-than capable of doing this and is going to handle this scenario more gracefully given you have many more options with regards of how to handle this traffic in different scenarios.

PfSense can achieve the above very easily, there's guides out there everywhere for doing it with different providers and different scenarios given your use case.

Sorry, I don't really follow what it is that you don't see why would want to do or is overcomplicating things. Are you referring to using openVPN? I could be wrong, but my impression is that it is required to use PIA (Private Internet Access) VPN.

I do use a firewall as well, the built-in ipfw, to ensure that transmission can only communicate through the VPN. It works perfectly, but I certainly am not an expert and there are probably other ways to do it. For most people to make use of your suggestion they would need a lot more details and step by step.

 

[Glorious1]

yes I had FreeNas version 9.10 I tried the "portsnap fetch update" but it didn't work. So I downgraded to 9.3

I created a second transmission plug-in jail for testing. I found that even in FreeNAS 9.10.1, I could use pkg to install OpenVPN without issue. I think in the original post, the whole reason for all the portsnap stuff and "make install clean" was so you could get the configuration screen and set it to use an external password file. That is no longer necessary, so I think all you need is "pkg install openvpn" and you're done. And no compatibility issue.

 

[lals]

Thank you so much for the help Glorious1! I really appreciate it!
I went back again to FreeNas version 9.10 and reinstalled the plugin. Started over again with "pkg install openvpn" on step 10, and was able to start OpenVPN, but when I check the IP address using https://torguard.net/checkmytorrentipaddress.php I still have the same IP address

 

[Glorious1]

lals, I'm not sure where you are in the process. Have you installed the PIA files and hooked them into OpenVPN with a pass.txt file with your PIA username and password? And set up an openvpn.conf file for the server you want to use? If not, you won't be getting a new IP address.

The OP had you do all that in one directory, then move them into the final directory, which is needless extra steps. I just do it in the final openvpn directory.

You'll have to clarify exactly what you have done so far. Also, after you've done some configuration, I suggest always restarting the jail in the FreeNAS webgui to make sure everything takes effect, before you decide there is a problem.

 

[lals]

I don't know what I did wrong, but I startet over again and it works now. Thank you so much for the help Glorious1!

 

[amorak]

Hi All - Looking for some advice here. I setup openvpn on my 9.3 server and it's been working fine - when I run an IPleak test on the Transmission plugin, I see my PIA VPN IP. However I continue to get copyright infringement notices from my ISP...

 

[Glorious1]

Hi All - Looking for some advice here. I setup openvpn on my 9.3 server and it's been working fine - when I run an IPleak test on the Transmission plugin, I see my PIA VPN IP. However I continue to get copyright infringement notices from my ISP...

They could be notices of data harvested long ago. But you don't mention if you have a firewall set up. If you don't, and the server or your openvpn go offline, transmission will happily start to use your own connection. You may miss such occurrences when you test the IP that shows with Transmission.

It's not hard. The built-in firewall is ipfw. Create a file with rules for ipfw. Mine is called ipfw_rules, and I put it in the /media/watch folder of the jail (that way I can access/edit it outside the jail too). Paste in the following, using your own subnet, and instead of tranny (my Transmission user), use your Transmission user (which by default I think is transmission).

Code:

add 00010 allow all from any to any via tun0 uid tranny
add 00101 allow all from me to 192.168.0.0/24 via epair* uid tranny
add 00102 allow all from 192.168.0.0/24 to me via epair* uid tranny
add 00107 deny all from any to any uid tranny

Then tell the jail to always use the firewall. Edit /etc/rc.conf to add the following lines

Code:

firewall_enable="YES"
firewall_type="/media/watch/ipfw_rules"

Then restart the jail. If you want to test it, go back into the jail via SSH and type service openvpn stop . Transmission should come to a screeching halt. Then service openvpn start and you're good to go.

 

[baconface]

I'm running FreeNAS 9.10, and the script all seems to install correctly, but when it finishes, I'm not getting a PIA IP address. I've deleted the jail and tried from a fresh plugin several times. I am most definitely a noob, but can anyone confirm that the script works on 9.10?

 

[Glorious1]

I'm running FreeNAS 9.10, and the script all seems to install correctly, but when it finishes, I'm not getting a PIA IP address. I've deleted the jail and tried from a fresh plugin several times. I am most definitely a noob, but can anyone confirm that the script works on 9.10?

Assuming the script is based on the commands in the OP, and I think it is, it is obsolete. I'm guessing your OpenVPN install is failing. I suggest you follow the manual steps with this modification:
https://forums.freenas.org/index.ph...ith-openvpn-and-pia.24566/page-17#post-304880. So no portsnap commands, just 'pkg install openvpn'.

 

[MADMDK]

I am having troubles starting the OpenVPN services, when I try to start them it ask for a username and password, I use my PIA credentials but the services doesn't start, I run a test through Transmission and it's still me IP.

EDIT:
Fixed the staring asking for Pass and User, but it still isn't starting the openvpn.

EDIT: FIXED IT. Changed PIA server and rebooted, works now.

EDIT: As it turns out this would keep happening after I tried creating a OpenVPN Jail for tunneling with this guide,

https://forums.freenas.org/index.ph...-6-with-access-to-remote-hosts-via-nat.22873/

I imagine it's because they are working on the same ports, not sure how to make a work around at the moment because I am still new to this, so any help would be appreciated.

 

[mjk79]

Guys,

So recently I noticed that my IP check torrent in the transmission plugin hasn't been working. I think it stopped recently. I've tried several different ip check torrents on my transmission client as well as on my pc (uTorrent to verify) and nothing has worked. I find it strange that all these torrent checkers are all broken.

Has anyone seen this?
Anyone know of another way to verify that the jail VPN is working properly?

 

[mjk79]

Guys,

So recently I noticed that my IP check torrent in the transmission plugin hasn't been working. I think it stopped recently. I've tried several different ip check torrents on my transmission client as well as on my pc (uTorrent to verify) and nothing has worked. I find it strange that all these torrent checkers are all broken.

Has anyone seen this?
Anyone know of another way to verify that the jail VPN is working properly?

Nevermind! Found the problem, for some reason my encryption was messing with the connection.

Changed the port number in openvpn.conf from 1196 back to 1194.
Removed "cipher AES-128-CBC" from the file.

root@transmission_1:~ # wget -qO - http://wtfismyip.com/text
81.xx.xx.xxx

 

[RagingBokky]

Hello All,

First time using FreeNAS (using 9.10) let alone first time using freeBSD, linux, unix etc in general but I'm ok at coding

I managed to get the VPN working but can't get port fordward feature to work as it returns with the following

(btw i'm using Nodja's script on page 10)

root@transmission_1:/ # ./port_forward.sh
Script started, output file is typescript

Then when typing in transmission-remote -pt it either hangs or returns port being not open

Am I doing anything wrong as I can't see the error what so ever

 

[RagingBokky]

Ok I have fixed my problem it turns out I was using the wrong client ID when using

head -n 100 /dev/urandom | md5 -r | tr -d " -"

which I believe might be giving me the wrong client ID so I did

head -n 100 /dev/urandom | md5 | tr -d " -"

which gave me another ID which I put in my piacred file

re run the script and works perfectly

also adding a kill switch was easy enough via this post on reddit

https://www.reddit.com/r/freenas/comments/41fhz3/configuration_guide_for_openvpn_and_ipfw_so_that/