GUIDE: Setting up Transmission with OpenVPN and PIA

[Glorious1]

For the guys using port forwarding . . .

Do you find that doing this makes a distinct difference in performance? I find speeds are quite good without it. I don't know if I'm connecting to everyone possible, but in the end that's not what's important.

 

[Nodja]

It depends on the torrent. If you're just using sonarr to download the most recent episodes or whatever it won't matter much as you'll find plenty of peers with ports open, but when you're looking for old seasons/eps of shows and they only have a couple seeders it does because they're often seeded by people that didn't bother setting up port forwarding. Setting this up will ensure you'll connect to everyone.

 

[Nodja]

Here's a script to force transmission to only use the vpn. I haven't tested it long term as I just finished the script but let me know if it works for you guys.

Code:

#! /usr/local/bin/bash

IP=`ifconfig tun0 2>/dev/null|awk '/inet/ {print $2}'|xargs`
OLDIP=`sed -n -e 's/\("bind-address-ipv4":\) "\(.*\)",/\2/p' /var/db/transmission/settings.json|xargs`

if [ "$IP" != "$OLDIP" ]
then
  service transmission stop
  sed -i .bak 's/\("bind-address-ipv4":\).*,/\1 "'$IP'",/' /var/db/transmission/settings.json
  service transmission start
  echo New IP $IP
fi

This assumes your vpn is assigned the device name tun0.
Run it in with a cron job every hour or so and you should be golden.

edit: if the script borks your downloads, shut down transmission, open /var/db/transmission/settings.json and set the bind-address-ipv4 value to 0.0.0.0 then start transmission back up
edit2: fixed the script to restart transmission if the tun0 ip differs from the settings one, the old method simply changed the config file and reloaded, but this caused problems if you change settings with transmission-remote or in the web interface, they wouldn't persist if the script ran again . So now we shut down transmission before we change the file.

Cheers.

 

[dedeaux]

Thanks for this guide. I was able to get a jail up and running using Torguard instead of PIA using this guide.

First, how often should I update this jail, if at all? What would that process be? Wouldn't using pkg update/upgrade break some/all of the configuration?

Next question... My ISP here in Madagascar filters/throttles/blocks all sorts of things during the day (7AM - 7PM). If I access torrents through the VPN I can download, but it appears the ISP is throttling my VPN maybe??? (I don't claim to know if that is even possible) *ANY* download during the day is always locked at 250KB/sec download. If I attempt a torrent outside the VPN during the day, they don't work at all.

All this to say... I don't see any reason to have the VPN up as I won't usually download torrents during the day. So, is a 'on demand' scenario feasible? If so, how? Or... Would it be easier to have the VPN come up and go down during those hours where I know I can download things? How could I accomplish this? I think I can figure out how to set Transmission to download during certain hours -- and than I can always throw torrents at it which will just get queued if it is outside of allowed download times.

I hope I make sense in my questions. I appreciate the help.

Sent from my SM-T800 using Tapatalk

 

[STREBLO]

While rereading thread I decided to try changing my resolve.conf like mentioned earlier in the thread to Google's 8.8.8.8, pinged out and was able to get a connection. Why would this make a difference? Why where my original values not working when they were working fine before starting OpenVPN? Also, will this change on its own? Do I need to do something extra to keep my DNS set to Google?

Anyone have any advice on where I should go from here? Am I ok just leaving it at Google's 8.8.8.8 or will freenas overwrite it?

 

[Joey S]

I think something changed with openvpn which broke the setup. When you perform the "make install clean" the PW_save field you're supposed to see is not there. I looked up the changelog for openvpn and found "[the new version] Removes the PW_SAVE option, the upstream code always permits saving
passwords to files now (so the feature is always enabled)." So after I did the "make install clean" I just pressed enter to continue. After I finished the setup, the interface is missing when I run ifconfig which leads me to believe the VPN is not running. I just followed this guide yesterday for another jail and it worked like a charm. Can anyone offer any tips? Thanks!

EDIT:
I looked at the /var/log/messages log and found this:

Code:

Dec 20 21:05:21 transmission_1 openvpn[28810]: TUN/TAP device /dev/tun0 opened
Dec 20 21:05:21 transmission_1 openvpn[28810]: do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Dec 20 21:05:21 transmission_1 openvpn[28810]: /sbin/ifconfig tun0 X.X.X.6 X.X.X.5 mtu 1500 netmask 255.255.255.255 up
Dec 20 21:05:21 transmission_1 openvpn[28810]: FreeBSD ifconfig failed: external program exited with error status: 1
Dec 20 21:05:21 transmission_1 openvpn[28810]: Exiting due to fatal error

So it looks like it starts but then quits due to a "fatal error." Hmmmm.

EDIT2:
I'm starting to think it has something to do with the fact that I have another jail also configured using openvpn. I tired shutting down both jails and then restarting the jail I'm having issues with but that still didn't work. Can you have two jails configured using openvpn?

 

[amorak]

How do I change to a different server? I ran the sript that was so graciously provided, but I want to use Seattle's server for speed reasons... Any comments on how I do so?

 

[Glorious1]

How do I change to a different server? I ran the sript that was so graciously provided, but I want to use Seattle's server for speed reasons... Any comments on how I do so?

See the first post, starting step 19.

 

[amorak]

See the first post, starting step 19.

Thanks - That worked.

Second question: My jail usually downloads frmo SABNZD, etc at 8MBs - but with either seattle or the Zurich option that is in the script, I get 1.5-3MBps.... Are there any settings I can tweak for more speed? my server has a dual core processor so it should have no problem running the VPN I thought....

 

[Glorious1]

Thanks - That worked.

Second question: My jail usually downloads frmo SABNZD, etc at 8MBs - but with either seattle or the Zurich option that is in the script, I get 1.5-3MBps.... Are there any settings I can tweak for more speed? my server has a dual core processor so it should have no problem running the VPN I thought....

That's still pretty fast. You can try different servers. I think PIA has a list of servers with the bandwidth that may give an idea which is faster.

 

[PainCorp]

Has anybody set this up using VPNHT instead of PIA? Having problems with the firewall rules and the ip range.

 

[Syner9y]

I saw a couple examples of setting up a killswitch with this, but am not having luck. No matter what I try, stopping my OpenVPN service only briefly interrupts my Transmission downloads, which then continue on downloading using my actual IP. I have successfully set up almost everything else and would really appreciate any assistance on ensuring I am protected on my FreeNAS box. Thanks!

 

[Glorious1]

I saw a couple examples of setting up a killswitch with this, but am not having luck. No matter what I try, stopping my OpenVPN service only briefly interrupts my Transmission downloads, which then continue on downloading using my actual IP. I have successfully set up almost everything else and would really appreciate any assistance on ensuring I am protected on my FreeNAS box. Thanks!

You don't say what you have tried, but it should work if you set up an IPFW firewall using rules as described by @nickt
https://forums.freenas.org/index.ph...-connects-to-the-vpn.18669/page-6#post-191684

This has worked perfectly for me. I've tested repeatedly and, with the firewall, transmission can't get out if openvpn stops.

 

[d_mega_one]

So started this process and this step 10:
ensure the [ ] next to PW_Save ( 5th option down) has an X in it.

I do not see this option in the list on the blue window. I am doing it manually to try it, so wondering if anyone has had this problem. I did have to update my ports mgmt before I could see the window and I followed the prompts of what they told me to do but now can not proceed properly

Thanks for the help

 

[Syner9y]

You don't say what you have tried, but it should work if you set up an IPFW firewall using rules as described by @nickt
https://forums.freenas.org/index.ph...-connects-to-the-vpn.18669/page-6#post-191684

This has worked perfectly for me. I've tested repeatedly and, with the firewall, transmission can't get out if openvpn stops.

I tried some of the scripts to update the bind address/etc which never seemed to work, however after much trial and error with the link above, I do think I got it working perfectly so thank you very much for this!

 

[Syner9y]

So started this process and this step 10:
ensure the [ ] next to PW_Save ( 5th option down) has an X in it.

I do not see this option in the list on the blue window. I am doing it manually to try it, so wondering if anyone has had this problem. I did have to update my ports mgmt before I could see the window and I followed the prompts of what they told me to do but now can not proceed properly

Thanks for the help

I also just followed these instructions the other day and did not see this option either. I decided to push on and in the end, everything worked following the instructions minus this step. Hope it works for you as well!

 

[d_mega_one]

I also just followed these instructions the other day and did not see this option either. I decided to push on and in the end, everything worked following the instructions minus this step. Hope it works for you as well!

Thanks for the reply, will carry on..

So my ssh session ended as I started lastnight so can I just start where I left off and start in the correct directory or do I need to start over?

 

[d_mega_one]

So finished manually doing the config and went to test and got this..what am I missing, will try search the error as well


[root@transmission_1 ~]# /usr/local/etc/rc.d/openvpn start
bash: /usr/local/etc/rc.d/openvpn: No such file or directory

Thanks for the help

 

[Glorious1]

That means there is no openvpn in that directory. You can look at directory contents to confirm.

 

[d_mega_one]

That means there is no openvpn in that directory. You can look at directory contents to confirm.

Thanks for getting back to me..

It's not in that directory and I am not sure why..So I ran the script as I could not find my issue and after running script same problems

same error openvpn does not exist in directory