The script assumes that
openvpn
and
transmission
are running in the same jail and that you are using
ipfw
(or something like it) to keep transmission from accessing the outside world except through the vpn (there are the
rules for that in there too); the rules for that are based on restricting what a given user (transmission) can do. So any user that is restricted to accessing the outside world through the vpn is fine.
Thank you so much for your help so far. I've managed to setup a OpenVPN connection using the nextgen servers by using the PIA configuration files
as provided here. I chose the 4th generation servers with strong encryption. I also managed to get your port forwarding script to work, I had to make some adjustments because I'm using a username and password for my Transmission.
I do have a couple of warnings and errors in the log from OpenVPN that I'd like to fix. Here are they:
Code:
Nov 3 12:55:34 transmission2 openvpn[99294]: GDG6: problem writing to routing socket: No such process (errno=3)
Nov 3 12:55:34 transmission2 openvpn[99294]: TUN/TAP device /dev/tun0 opened
Nov 3 12:55:34 transmission2 openvpn[99294]: /sbin/ifconfig tun0 xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx mtu 1500 netmask 255.255.255.0 up
Nov 3 12:55:34 transmission2 openvpn[99294]: WARNING: OpenVPN was configured to add an IPv6 route. However, no IPv6 has been configured for tun0, therefore the route installation may fail or may not work as expected.
Nov 3 12:55:34 transmission2 openvpn[99294]: add_route_ipv6(2000::/3 -> :: metric -1) dev tun0
And unfortunately after a couple of minutes I started to see a bunch of error in the log and suddenly the port was no longer open again in Transmission. Maybe it's due to the IPv6 errors.
Many of both these types of errors. Do you have any idea how I can fix this?
Code:
Nov 3 12:26:18 transmission2 transmission-daemon[21795]: Couldn't connect socket 53 to 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, port xxxxx (errno 49 - Can't assign requested address) (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-3.00/libtransmission/net.c:340)
Nov 3 12:26:21 transmission2 transmission-daemon[21795]: Couldn't connect socket 50 to 2001:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx, port xxxxx (errno 49 - Can't assign requested address) (/wrkdirs/usr/ports/net-p2p/transmission-daemon/work/transmission-3.00/libtransmission/net.c:340)
Nov 3 12:26:22 transmission2 openvpn[96198]: AEAD Decrypt error: bad packet ID (may be a replay): [ #808615 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
Nov 3 12:26:22 transmission2 openvpn[96198]: AEAD Decrypt error: bad packet ID (may be a replay): [ #808616 ] -- see the man page entry for --no-replay and --replay-window for more info or silence this warning with --mute-replay-warnings
With regard to IPFW, I tested and saw that I have that command available in my Jail so I assume that is a feature that is enabled/available by default, is that correct?
I'm not using any firewall on the Jail right now to prevent Transmission from accessing the Internet when the OpenVPN connection goes down. This has been on my to-do list for a while.
Is all I need your IPFW script and change the variables to match my Jail?
If I run that script, are those changes permanent or will it reset to what I have now after I restart the Jail?