Transmission plugin and Cloudflare, SNI SSL / TLS extension, any updates?

alykalanany

Dabbler
Joined
Feb 13, 2015
Messages
19
This past year many bittorrent trackers, both public and private, have been DDoSed heavily, and therefore turned to Cloudflare for protection. In the process they also have turned on SSL / TLS for the announce URL. The problem is, the Transmission plugin does not seem to support this with Cloudflares version of SSL / TLS, or rather the Server Name Indication (SNI) TLS extension.

The error message from Transmission when this is the case is a simple "Could not connect to tracker". However Transmission seems to work with SNI on other platforms, providing the system is up to date in other aspects as shown below.

So my question is, are there any plans to update the Transmission plugin to work with this? Is there anything a simple user can do to fix it? Is it maybe already fixed in Freenas 11 or Corrall? This is all based on FreeNAS 9.10 STABLE release, currently 9.10.2-U3.

Here are some suggested reasons for failure, from the forum of one of the many trackers that are now operating behind Cloudflare.

  • outdated openssl version not supporting SNI
  • outdated version of libtorrent (For Linux)
  • outdated CA certificates list (usually the case for Let's Encrypt CA certs that were added not that long ago)
  • rtorrent/OS not configured properly to locate file containing CA certs
  • outdated client version not supporting SNI
  • outdated version of curl

Useful links:

 

joeschmuck

Old Man
Moderator
Joined
May 28, 2011
Messages
10,972
This problem is not a FreeNAS issue, it's the transmission port to FreeBSD, as seen in FreshPorts. Now if the Linux version of transmission has this fix then you could create a VM for Linux (your favorite flavor) and install transmission and enjoy the upgrade.

So an update would occur for the plugin once an update shows up on FreshPorts, and someone tells the developers the update is available.
 

alykalanany

Dabbler
Joined
Feb 13, 2015
Messages
19
Well it seems then that there is an update to the Transmission port that is not in the latest available Transmission plugin.

I found on FreshPorts that the port has been updated two times this year.
https://www.freshports.org/net-p2p/transmission-daemon/

so I did the following to update the Transmission package:
jls
(show jails)
jexec N csh
(open shell in transmission jail N=jail number)
pkg update && pkg upgrade
(Update repository and install any updates)
pkg install -f transmission-daemon
(force reinstall of transmission-daemon)
this also (re)installed some other packages as well, like transmission-web, bittorrent-libutp, libevent, etc..

Now it works! Maybe it is time to update the plugin then?

Also, thanks for pointing me to FreshPorts through which I found the solution :)
 
Last edited:

joeschmuck

Old Man
Moderator
Joined
May 28, 2011
Messages
10,972
Now it works! Maybe it is time to update the plugin then?
Absolutely. Please submit a bug report to document the issue on why an upgrade should be done so the developers will take action. It should be an easy fix for them, they just need to know about it and they don't always read the forums.

Also, thanks for pointing me to FreshPorts through which I found the solution :)
I'm glad it was documented there.
 

dakta

Cadet
Joined
Jan 23, 2017
Messages
6
The bug report has been closed and this issue will not hope to be fixed until a later release.

In the mean time, the work-around has changed. Based on https://forum.transmissionbt.com/viewtopic.php?t=17886 we learn that Transmission relies on curl for tracker connection and in turn on OpenSSL. Reinstalling transmission is not enough, you must force upgrade openssl and curl first. So the directions look so:

Code:
pkg install -f openssl curl transmission-daemon


Also note at this time that the above will break some webgui and command-line functionality for interacting with transmission-daemon. The service command will no longer validate the PID file, so you can start the daemon from
Code:
service transmission start
, but you cannot query status or stop it. I believe this is a permissions issue with the PID file, but I'm not sure.
 

dakta

Cadet
Joined
Jan 23, 2017
Messages
6
Update: I was mistaken, the above does not solve the issue, as libcurl provided by package `curl` is `libcurl.so.4.5.0` which is not patched for SNI.

I am also unable to solve this issue with env TR_CURL_SSL_VERIFY, which makes me think some funky business is going on. IDK, I've wasted enough hours on this already.

I have completely abandoned transmission under FreeNAS and am running it now under a Ubuntu Server VM on the same host. This is extremely disappointing.
 

alykalanany

Dabbler
Joined
Feb 13, 2015
Messages
19
I cannot tell exactly what package needs updating (there's curl, wget, ca_root_nss..), but the method above still works fine with FreeNAS-9.10.2-U6 and Transmission 2.93 plugin. After doing this it works again on fresh install of the plugin.

Take backup of your transmission configuration, torrents and resume files, so you can restore in case you screw something up and need to reinstall the plugin/jail. They should be located here: <Jail Root>/transmission_1/var/db/transmission/*

Backup: tar cfz <safe location>/transmissin_bak.tar.gz <Jail Root>/transmission_1/var/db/transmission/*
Restore: tar xvfz <safe location>/transmissin_bak.tar.gz
(check the paths to make sure that you restore to same location)

Here are a list of packages affected:
pkg update && pkg upgrade
Code:
New packages to be INSTALLED:
		libidn2: 2.0.4
		libunistring: 0.9.9
		utf8proc: 2.1.0
		liblz4: 1.8.1.2,1
		readline: 7.0.3_1

Installed packages to be UPGRADED:
		wget: 1.16.3_1 -> 1.19.4_2
		subversion: 1.9.3_3 -> 1.10.0
		sqlite3: 3.11.1 -> 3.23.1
		serf: 1.3.8_1 -> 1.3.9_3
		python27: 2.7.11_1 -> 2.7.14_1
		pkgconf: 0.9.12_1 -> 1.4.2,1
		perl5: 5.20.3_8 -> 5.26.2
		pcre: 8.38 -> 8.40_1
		m4: 1.4.17_1,1 -> 1.4.18,1
		lzo2: 2.09 -> 2.10_1
		libxml2: 2.9.3 -> 2.9.7
		libidn: 1.31 -> 1.33_1
		libiconv: 1.14_9 -> 1.14_11
		libffi: 3.2.1 -> 3.2.1_2
		indexinfo: 0.2.4 -> 0.3.1
		gettext-tools: 0.19.7 -> 0.19.8.1
		gettext-runtime: 0.19.7 -> 0.19.8.1_1
		gettext: 0.19.7 -> 0.19.8.1
		gdbm: 1.11_2 -> 1.13_1
		expat: 2.1.0_3 -> 2.2.5
		db5: 5.3.28_3 -> 5.3.28_6
		compat9x-amd64: 9.3.903000.20160128 -> 9.3.903000.20170608
		ca_root_nss: 3.22.2 -> 3.36.1
		apr: 1.5.2.1.5.4 -> 1.6.3.1.6.1_1

Installed packages to be REINSTALLED:
		iconv-2.0_4 (direct dependency changed: perl5)


pkg install -f transmission-daemon
Code:
New packages to be INSTALLED:
		transmission-daemon: 2.93
		transmission-web: 2.93
		miniupnpc: 2.0.20170509
		bittorrent-libutp: 0.20130514_1
		libnatpmp: 20150609
		curl: 7.59.0
		libnghttp2: 1.31.1
		libevent: 2.1.8_1
		dht: 0.22
		libb64: 1.2.1
 
Top