GUIDE: Setting up Transmission with OpenVPN and PIA

[windyboi]

Hi guys, I implemented these steps and now can't seem to access my transmission via my OpenVPN server. Could anything in this guide have caused the issue?

I use OpenVPN server on my home router, so I can VPN into my home network when I am on the internet.

Transmission works swimmingly when I am at home, on my network, but when I am connected through VPN I cannot access transmission at 192.168.1.4. Plex at 192.168.1.5 works fine.. weird one I can't work it out

 

[Glorious1]

windyboi, you seem to be using a different setup with a different purpose than most people here. That said, have you specified the transmission remote control port, by default 9091? After the IP address you could try ':9091/transmission/web'

 

[windyboi]

windyboi, you seem to be using a different setup with a different purpose than most people here. That said, have you specified the transmission remote control port, by default 9091? After the IP address you could try ':9091/transmission/web'

I have indeed added :9091/transmission/web/ to the end but still isn't working. I'm struggling to think what else it could be, as I'm VPNed into my network I should be able to access this no problem like I can with Plex and my dd-wrt router settings and the freenas box itself :S

 

[Glorious1]

I had used IP addresses similar to yours, at the low end of the range. Then I found the router was screwing them up with DHCP. So I gave stuff like the FreeNAS, IPMI, transmission, IPs that started at x.x.x.100. That worked much better.

However, I still absent-mindedly try the old addresses, or the browser does, and I wonder why it doesn't work for a while. Just maybe, your router is fouling up your designated IPs, or you're trying to reach the wrong one?

 

[windyboi]

I had used IP addresses similar to yours, at the low end of the range. Then I found the router was screwing them up with DHCP. So I gave stuff like the FreeNAS, IPMI, transmission, IPs that started at x.x.x.100. That worked much better.

However, I still absent-mindedly try the old addresses, or the browser does, and I wonder why it doesn't work for a while. Just maybe, your router is fouling up your designated IPs, or you're trying to reach the wrong one?

My router actually only assigns DHCP clients in range .100 and upwards. Anything below that is statically defined by me. This is only the second time I have tried to connect via the VPN to transmission. The first time a couple of weeks ago was similar situation, easily get to my other services but just cannot to Transmission and I'm not overly technical so wasn't sure whether or not something I modified while applying the guidance from the OP could have messed things up for my vpn connectivity.

 

[Glorious1]

I just set a cron job to run it every 30 minutes. You need to, otherwise PIA will release your port and you'll lose port forwarding (make sure you run it once an hour at least). You can do that in the FreeNAS interface.

Wouldn't the cron job have to be set inside the jail? I'm not clear how that can be done in the FreeNAS GUI Tasks > Cron Jobs.

I ran the script manually and then checked the port every so often. It lasted over 24 hours before it closed. Still, I guess there is no harm in running it every hour.

 

[Nodja]

Wouldn't the cron job have to be set inside the jail? I'm not clear how that can be done in the FreeNAS GUI Tasks > Cron Jobs.

I ran the script manually and then checked the port every so often. It lasted over 24 hours before it closed. Still, I guess there is no harm in running it every hour.

You're absolutely right, I somehow thought freenas had an interface for cron jobs in jails. That said, you could also use the interface and do something like

Code:

jexec transmission_1 bash /scriptdir/portforward.sh

 

[Glorious1]

You're absolutely right, I somehow thought freenas had an interface for cron jobs in jails. That said, you could also use the interface and do something like

Code:

jexec transmission_1 bash /scriptdir/portforward.sh

That was simple - thank you.

 

[Modsa]

I am interested in using the port forward feature of PIA. I hacked together this script starting from the PIA script, and it seems to work (forwards port to Transmission). I am still learning FreeNAS and scripting so if anyone has a more elegant solution I would be interested.

(this runs inside the jail with OpenVPN and Transmission)

Code:

#! /usr/local/bin/bash
#
# Enable port forwarding
#
# Requirements:
#   your Private Internet Access user and password as arguments
#
# Usage:
#  ./port_forward.sh <user> <password>

error( )
{
  echo "$@" 1>&2
  exit 1
}

error_and_usage( )
{
  echo "$@" 1>&2
  usage_and_exit 1
}

usage( )
{
  echo "Usage: `dirname $0`/$PROGRAM <user> <password>"
}

usage_and_exit( )
{
  usage
  exit $1
}

version( )
{
  echo "$PROGRAM version $VERSION"
}


port_forward_assignment( )
{
  echo 'Loading port forward assignment information..'
  if [ "$(uname)" == "Linux" ]; then
    local_ip=`ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip`
    client_id=`head -n 100 /dev/urandom | md5sum | tr -d " -"`
  fi
  if [ "$(uname)" == "FreeBSD" ]; then
    local_ip=`ifconfig tun0 | grep "inet " | cut -d\  -f2|tee /tmp/vpn_ip`
    client_id=`head -n 100 /dev/urandom | md5 -r | tr -d " -"`
  fi
  json=`wget --no-check-certificate -q --post-data="user=$USER&pass=$PASSWORD&client_id=$client_id&local_ip=$local_ip" -O - 'https://www.privateinternetaccess.com/vpninfo/port_forward_assignment' | head -1`
  echo $json
  PORTNUM=`echo $json | grep -oE "[0-9]+"`
}

EXITCODE=0
PROGRAM=`basename $0`
VERSION=1.0
USER=$1
PASSWORD=$2

while test $# -lt 2
do
  case $1 in
  --usage | --help | -h )
    usage_and_exit 0
    ;;
  --version | -v )
    version
    exit 0
    ;;
  *)
    error_and_usage "Unrecognized option: $1"
    ;;
  esac
  shift
done

port_forward_assignment

transmission-remote -p $PORTNUM

exit 0

For the guys using port forwarding, I would like to let you know that the script on pg 2 is creating a new client id every time it runs, making PIA think you're using a different client, changing your port assignments.

To fix this run this in any terminal:

Code:

head -n 100 /dev/urandom | md5sum | tr -d " -"

Then replace the client_id value in lines 45 and 49 with the output of the command.

You will need to run the script at least once an hour so the port doesn't change. If you do this your port should only change if you get a new IP address assigned.

Here's my personal script, it is based on eric's but it reads credentials from a file. Where line 1 is username, line 2 is password and line 3 is the generated client id.

Code:

#! /usr/local/bin/bash
#
# Script based on Eric Rudd's script at https://forums.freenas.org/index.php?threads/guide-setting-up-transmission-with-openvpn-and-pia.24566/page-2#post-174778
#
# Make sure you have a file named piacreds in the same directory as the script
# 1st line of the file is pia username, 2nd password and third client id
#
# to generate a new client id run
#   head -n 100 /dev/urandom | md5sum | tr -d " -"
# in any terminal
#

SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"

PROGRAM=`basename $0`
USER=`head -n 1 $SCRIPTDIR/piacreds`
PASSWORD=`head -n 2 $SCRIPTDIR/piacreds | tail -1`
CLIENT_ID=`head -n 3 $SCRIPTDIR/piacreds | tail -1`

local_ip=`ifconfig tun0 | grep "inet " | cut -d\  -f2|tee /tmp/vpn_ip`
json=`wget --no-check-certificate -q --post-data="user=$USER&pass=$PASSWORD&client_id=$CLIENT_ID&local_ip=$local_ip" -O - "https://www.privateinternetaccess.com/vpninfo/port_forward_assignment"  | head -1`
PORTNUM=`echo $json | grep -oE "[0-9]+"`
echo $PORTNUM
transmission-remote -p $PORTNUM

exit 0

If you don't want to use a separate file you can just replace the values in the script.

Hi everyone, I apologise in advance as I am relatively new to this (and rarely post), but I am struggling to get port forwarding to work with PIA through transmission. I have tried to run both of the above scripts (copied and pasted into .sh files in transmission /tmp) to no avail. The latter script is used in conjunction with a created file called "piacreds" which is in the same directory and the former script is run outright as posted (except for the client id change suggested), yet both return the same output of "cut: bad delimiter" followed by an output of transmission commands. Within the transmission web gui, the port number is still the same and appears as closed and the following command also confirms this, with the result of "Port is open: No".

1. transmission-remote --port-test

I know little of coding so I'm not sure what to make of the output, or how to go about fixing the scripts.
Did the scripts have to be run in a certain directory? The only other variable which is generated is "local_ip"; could the error lie here?

 

[Nodja]

Try downloading the script file, according to the PM you sent me it seems the cut command got... cut somehow. http://pastebin.com/FQmwGQBJ (use the download button, don't copy paste).

Unfortunately the script is meant to be simple so that other people can understand what it does since the previous one was kinda messy (sorry Eric :p) allowing people to tune it for their own setup, but it does require people to be somewhat versed in bash. But by being so simple it doesn't do any checks or print error messages, etc. making it very user unfriendly.

Hope the download works for you.

 

[Modsa]

Try downloading the script file, according to the PM you sent me it seems the cut command got... cut somehow. http://pastebin.com/FQmwGQBJ (use the download button, don't copy paste).

Unfortunately the script is meant to be simple so that other people can understand what it does since the previous one was kinda messy (sorry Eric :p) allowing people to tune it for their own setup, but it does require people to be somewhat versed in bash. But by being so simple it doesn't do any checks or print error messages, etc. making it very user unfriendly.

Hope the download works for you.

Thanks so much for the reply Nodja. Sorry another nooby question - how do I run a downloaded script? or point freenas to download a script?

My copying and pasting produced a similar error yet again. I tested the output for local_ip (ifconfig tun0 | grep "inet " | cut -d\ -f2|tee /tmp/vpn_ip) and it produced an IP address so I know that that part is working...

 

[Nodja]

This should work.

Code:

wget http://pastebin.com/raw/FQmwGQBJ -O portforward.sh

 

[Modsa]

This should work.

Code:

wget http://pastebin.com/raw/FQmwGQBJ -O portforward.sh

Thanks Nodja, that did it. Unfortunately I have encountered a new problem. After not being able to get the code to run (./portforward.sh: command not found), I edited the code down to its barebones without the accompanying piacreds file (ie; I inputed UN, PW and client ID manually). This produced a new error of: ": not foundrd.sh:" and "exit: Illegal number: 0".

Finally I ran each part of the script separately to see where the problem lied, and lo behold, the error lied in the "json" variable (wget --no-check-certificate -q --post-data="user=$USER&pass=$PASSWORD&client_id=$CLIENT_ID&local_ip=$local_ip" -O - "https://www.privateinternetaccess.com/vpninfo/port_forward_assignment" | head -1). This command (substituting UN, PW, client ID and local IP), results in: "{"error":"Port forwarding not available for this region". Now apparently this error message can occur from other problems, but I suspect that the Australian server I'm on is not supported (PIA website says one of these gateways is required: CA Toronto, CA North York, Netherlands, Sweden, Switzerland, France, Germany, Russia, Romania, Israel).

So I'm guessing I will have to switch gateways for port forwarding to work. My new questions:
1. Which PIA server are you using with port forwarding?
2. Is it worth switching gateways (probably to sacrifice max speeds - I'm in Western Australia) to enable port forwarding (probably to increase average speeds)?
3. And how should I go about determining which gateway is the fastest from my location (through the client on my PC and speedtest?)?

Any help is greatly appreciated guys!

 

[Nodja]

I'm using the toronto server personally, but I live in the US.
Your best bet is to go here https://www.privateinternetaccess.com/pages/network/ and test all candidates, test all of gateways with port-forwarding and don't assume geographic distance = better speed since different gateways have different bandwidth and users. If you can find a gateway that's close enough to your internet speed then I would say it's worth switching, otherwise I wouldn't bother.

As far as the speed goes, everyone has a different opinion, most people say it has no effect on speed, and this is true for most torrents, since they usually have thousands of peers, if you find another peer without port-forwarding setup, your client will just try to connect to another one. I personally find it that you reach peak speeds faster with port forwarding, but it might as well be a placebo effect as I have not properly tested it. Most torrent client pages recommend you use it since it's a good idea to have the most amount people to be reachable.

 

[Glorious1]

Just FYI, I was using the Netherlands server. It was working great. Suddenly I started getting emails every hour from Cron, the cron job that runs port_forward.sh every hour, saying "invalid option". I traced it to the json/wget command - the server was returning either nothing or empty strings. The "invalid option" was the transmission-remote -P command with no port number or 0, I can't remember. I switched to another server and it began working.

 

[Modsa]

Thanks for the responses guys. After some speed tests that were consistently slower than the Australian server I have decided against port forwarding for now. I still get fast torrent speeds some of the time, allowing my downloads to complete - but my main concerns were the large portions of time when I couldn't connect to any trackers and thus download speeds remained mostly at 0kb/s (would jump up and then back down).
Would the lack of tracker connections (connection failed) affect the number of peers connected and thus explain such speeds? Weirdly enough they often jump back up after a restart of transmission.
Any thoughts about another workaround/fix if not port forwarding?

 

[gjonm]

Hi All,

I've sucessfully followed the initial thread and installed Transmission with OpenVPN and PIA. All appears to work ok, and I can see that OpenVPN is running in the jail via SHELL. However, just to be sure, is it possible to check that Transmission is actually using PIA within the Jail to download?

Thanks.

 

[joebad1]

Yes. Go to the shell in the Transmission jail and type: wget -qO- http://wtfismyip.com/text

It should return the IP address being used.

 

[gjonm]

wget -qO- http://wtfismyip.com/text

Perfect! Thanks mate.

 

[Glorious1]

. . . is it possible to check that Transmission is actually using PIA within the Jail to download?

Thanks.

Or you can just load a special torrent from one or both of these sites, then you can see the IP it is using in the transmission GUI. I leave these torrents in permanently for whenever I want to check. They don't actually download anything.
http://checkmytorrentip.net/
http://ipmagnet.services.cbcdn.com