Configuring transmission plugin too run through OpenVPN using PIA with username and password auth

[zorrobyte]

Important note:
When you modify the user/pass file
(nano /usr/local/etc/openvpn/pswd.txt)

Do not setup as:

Code:

user USERNAME
password PASSWORD

Instead setup as:

Code:

USERNAME
PASSWORD

Faught with this for an hour over but now all is working.

 

[unca_NAS]

Using the second option. The plugin is working allright. Only headache is the lack of port-fwd -option.

 

[mjws00]

There are some threads on setting up port-forwarding manually. Haven't tried it, but it doesn't look too bad. They broke something in the client not long ago as well. This thread has nice links. Supposedly fixed in a recent client update, but I haven't verified.

 

[lonewolf]

I'm gonna set up OpenVPN only. Specifically for Private Internet Access (which uses user/pass auth).

Transmission is a plug-in there are lots of threads on it.

Lets get started:

I created a dataset for my jail. Named openvpn.
I shared it just to make things dead simple.

Configure jails: point to your dataset. /mnt/tank/openvpn

I added a jail named 'openvpn'. All defaults except uncheck vanilla.
I set the IP to 192.168.1.180, but use whatever works on your local subnet.

View attachment 5045

View attachment 5046

Now we need to jump into the jail and get started. ssh to your freenas box.

Grab a list of your jails.

Code:

Welcome to FreeNAS
[root@freenas] ~# jls

Get a command prompt from your jail (N) is the JID of your jail:

Code:

[root@freenas] ~# jexec (N) tcsh

We'll install bash and nano to keep things dead simple.

Code:

root@openvpn:/ # pkg install bash
root@openvpn:/ # pkg install nano
root@openvpn:/ # bash

Now comes the work. We need to get and update ports in our jail. These can take a while.

Code:

[root@openvpn /]# portsnap fetch
[root@openvpn /]# portsnap extract

First gotcha: We need to update pkg, force the delete, make clean pkg-1.3.8 or openvpn build will fail. Be patient there is lots of work going on here.

Code:

[root@openvpn /]# pkg delete -f pkg
[root@openvpn /]# cd /usr/ports/ports-mgmt/pkg
[root@openvpn /]# make clean install

On to compiling openvpn with our PW_SAVE flag. Let it work.

Code:

[root@openvpn /]# cd /usr/ports/security/openvpn
[root@openvpn /]# make clean install

** Select PW_SAVE option. Click OK / Enter.

We are now fully installed and just need to configure openvpn to use PIA.

Edit /etc/rc.conf to include (or used attached rc.conf):

Code:

[root@openvpn /]# nano /etc/rc.conf

** add**
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"

Build our directory and add the certificates, conf, and password file.

Code:

[root@openvpn /]# mkdir /usr/local/etc/openvpn

Extract the contents of pia_ovpn.zip to /usr/local/etc/openvpn
You will have 6 files: ca.crt, crl.pem, openvpn.conf, pswd.txt, rc.conf, README.txt
If you cheated like me. You can just drag and drop to the share. ;)

YOU MUST ADD YOUR OWN USER NAME AND PASSWORD IN THE 'pswd.txt' file.

Code:

[root@openvpn /]# nano /usr/local/etc/openvpn/pswd.txt

That's it. You are ready to start the service. Or reboot the jail.

Code:

[root@openvpn /]# /usr/local/etc/rc.d/openvpn start

Lets test:

Code:

[root@openvpn /etc]# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:8c:75:00:06:0b
        inet 192.168.1.180 netmask 0xffffff00 broadcast 192.168.1.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet 10.150.1.6 --> 10.150.1.5 netmask 0xffffffff
        nd6 options=1<PERFORMNUD>
        Opened by PID 40682

You should have a tun0 interface with a valid internal PIA IP address.
Confirm your vpn is working correctly by hitting a site that will echo your ip back.

Code:

[root@openvpn /etc]# wget http://smart-ip.net/myip -O - -q ; echo
50.23.131.244

If it looks anything like this you have done it!
Set up your firewall rules if you need a killswitch and/or transmission. User/pass auth is kind of poor security at the end of day... but it is what we get. You can encrypt and worry about that on your own.
You can select your server by changing 'remote us-seattle.privateinternetaccess.com 1194'
in /usr/local/etc/openvpn/openvpn.conf

Good luck. This is really derivative of other works around here. I just navigated a few new hurdles. Enjoy.

First of thanks for a really good guide, my only problem at the moment is when i attempt to unzip the file into the openvpn folder i get permission denied. i change the permissions and it continues to happen, the only way i manage to get the files in is by changing permissions recursively on the jail, doing so breaks the jails.

what am i doing wrong , is there any other method to getting the .zip into the openvpn folder ?

 

[Mike1980]

has anyone had issues in getting the tunnel interface to work? I'm getting the following error. Any idea's? Do I need to create a tunnel interface outside of the jail?

Sun Apr 12 03:40:15 2015 Could not retrieve default gateway from route socket:: No such process (errno=3)
Sun Apr 12 03:40:15 2015 Cannot allocate TUN/TAP dev dynamically
Sun Apr 12 03:40:15 2015 Exiting due to fatal error

 

[Mike1980]

has anyone had issues in getting the tunnel interface to work? I'm getting the following error. Any idea's? Do I need to create a tunnel interface outside of the jail?

Sun Apr 12 03:40:15 2015 Could not retrieve default gateway from route socket:: No such process (errno=3)
Sun Apr 12 03:40:15 2015 Cannot allocate TUN/TAP dev dynamically
Sun Apr 12 03:40:15 2015 Exiting due to fatal error

I fixed my problem, I forgot to enable VIMAGE in my jail... oops

 

[Clinderw]

Uber dumb question - how do you simple drag and drop to the share?

Thanks

 

[ovizii]

I'm a bit late to the party but found this set of scripts to help: https://github.com/amussey/FreeNAS-Transmission-OpenVPN
but even without the scripts, check out the description further down on that page it seems to describe a setup without user/password and seems to be using certificates instead.

P.S. I haven't tried it yet, still deciding upon the best VPN provider for running my transmission jail through it.

###edit###
looks like at some stage, the script asks for your user/passwd