GUIDE: Setting up Transmission with OpenVPN and PIA

Tango

Cadet
Joined
Nov 2, 2014
Messages
5
*****************************************************
**NEWEST WORKING GUIDE IN 2017!! Freenas 11 U02**
****************************************************

adapted from this post: https://forums.freenas.org/index.ph...ith-openvpn-and-pia.24566/page-24#post-404858
Thanks Fizassist!

Install transmission via the webgui.

Have the following info ready:
USERNAME = UUUUUUUU
Password=PPPPPPPPPP

Code:
##Step 1: SSH into freenas. (I use PuTTy)

##Step 2: Get a list of jails
root@freenas ~# jls
JID	IP Address	Hostname			 Path
4		-		   transmission_1	   /mnt/<volumename>/jails/transmission_1

##Step 3: jexec into the jail (mine happens to be 4 - yours may vary)

root@freenas ~# jexec 4 tcsh

root@transmisssion_1:/ #

##run the following commands (say yes after any prompts):
pkg update
pkg install wget
pkg install openvpn

##Type the following verbatim commands and press enter after each:
cat > /etc/rc.conf.d/openvpn <<HERE
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
HERE

cd /tmp
mkdir openvpn ; cd openvpn
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate
unzip openvpn.zip

##Note (don't type this line) - if you want to use a different PIA portal, change the "US\ West.ovpn" portion to whatever ovpn you want.
sed -i .bak 's/auth-user-pass/auth-user-pass pass.txt/' US\ West.ovpn
printf "UUUUUUUU\nPPPPPPPPPP\n" > pass.txt
mkdir /usr/local/etc/openvpn
cp ca.rsa.2048.crt crl.rsa.2048.pem pass.txt /usr/local/etc/openvpn/
cp US\ West.ovpn /usr/local/etc/openvpn/openvpn.conf


Restart your Jail via the Web GUI
Now to test:
Code:
type: "wget -qO - http://wtfismyip.com/text"

if its different than your public ip (via a web browser on your computer) you're good.

Next is the Firewall portion so Transmission Only Connects to the internet via PIA.
See Step 3 & 4 from This Reddit link: https://www.reddit.com/r/freenas/comments/41fhz3/configuration_guide_for_openvpn_and_ipfw_so_that/


DON'T FOLLOW THE BELOW _ LEAVING IT FOR REFERENCES WILL NOT WORK 05 Oct 2017
**********************************************************************







*** 3 Years later edit:
1st) This has blown up! Thanks for all the support from everyone fixing issues with my original post.
2nd) Please see here:
OpenVPN doesn't need to do Portsnap any more


**EDIT - The great people on this forum have created an easy to use script (Link to Script by Jafrey) that automates what I outline below. I'd recommend doing it the 'hard way' once to understand what's happening, then use the automated script from then on. Thanks Jafrey!

Here's my first attempt at making an actual guide for PrivateInternetAccess (PIA) and OpenVPN.

I'm going to assume you are:
  • A subscriber to PIA
  • Have a username (hence forth USER1)
  • Have a password (hence forth PASSWRD)
  • Have transmission set up with storages attached. (probably add this portion later but check out here until then: Awesome Link
    Note - you don't have to add the DLNA, Sickbeard or Couchpotato for the following guide to work.
  • Can get Transmission to download items by adding a torrent in some manner.
  • Want Transmission to use OpenVPN to connect to the PIA servers

You'll need this URL: https://www.privateinternetaccess.com/openvpn/openvpn.zip
FYI - it's the files we're going to download in the jail.

Basically we're going to install OpenVPN creating a Portsnap OpenVPN version that allows us to save our username (USER1) and password (PASSWRD) to a txt file that will be used everytime the OpenVPN service is started.

HERE WE GO!
Code:
##Step 1: SSH into freenas. (I use PuTTy)

##Step 2: Get a list of jails
root@freenas ~# jls
JID	IP Address	Hostname			 Path
4		-		   transmission_1	   /mnt/<volumename>/jails/transmission_1

##Step 3: jexec into the jail (mine happens to be 4 - yours may vary)
root@freenas ~# jexec 4 tsch
root@transmisssion_1:/ #

##Step 4: install bash. May be prompted several times - reply Y then press enter each time.
root@transmission_1:/ # pkg install bash

##step 5: install nano. Again, may be prompted several times. Reply Y each time.
root@transmission_1:/ # pkg install nano

##Step 6: move to the /etc folder.
root@transmission_1:/ # cd /etc
root@transmission_1:/etc #

##Step 7: Fetch Portsnap via portsnap fetch
root@transmission_1:/etc # portsnap fetch

## This will take a while to download and ask for several prompts -
you know the drill.

Code:
##Step 8: Extract Ports to /usr/ports
root@transmission_1:/etc # portsnap extract

## This will also take a long time and A LOT of scrolling will happen. It's normal.

##Step 9: Navigate to /usr/ports/security/openvpn
root@transmission_1:/etc # cd /usr/ports/security/openvpn
root@transmission_1:/usr/ports/security/openvpn #

##Step 10: Make a clean install which allows us to set the option of a password file.
root@transmission_1:/usr/ports/security/openvpn # make install clean

## Blue screen should appear. Press the DOWN arrow and the SPACE bar to
ensure the [ ] next to PW_Save ( 5th option down) has an X in it.
## should look this:
x+[X] PW_Save   Interactive passwords may be read from a file
## then press enter. Lots of things should happen now -
and it will look like it's hanging. It's not. Just taking a while.

We've successfully created OpenVPN that will have an interactive passwords read from a file.
Yeay!
Now to set it up.

Code:
##Step 11: go to root directory of the transmission_1 jail.
root@tranmission_1:/usr/ports/security/openvpn # cd /
root@transmission_1:/ #

##Step 12: Enter Bash
root@transmission_1:/ bash
[root@transmission_1 /]#
##Step 13: Make a directory for OpenVPN & our files we download from PIA
[root@transmission_1 /]# mkdir /usr/local/etc/openvpn
##Step 14: Add lines to the rc.conf so OpenVPN starts when the jail starts.
[root@transmission_1 /]# cd / etc
##note - use Ctrl+o will write the file and Ctrl+X will exit.
[root@transmission_1 /etc]# nano rc.conf

##File is open.
##Add the following (can copy/paste using ctrl+C then right clicking in the shell)

openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"

##Write via Ctrl+O. Press Enter
##Exit via Ctrl+X.
Code:
##Step 15: Move to a new folder (helps me keep things straight)
[root@transmission_1 /etc]# cd /media/
[root@transmission_1 /media]#

##Step 16: wget the PIA files, you'll likely need to add --no-check-certificate so it will actually download.
[root@tranmission_1 /media]# wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate

##Step 17: unzip the PIA openvpn files.
[root@tranmission_1 /media]# unzip openvpn.zip

##Step 18: make a pass.txt file to hold your username and password.
[root@tranmission_1 /media]# nano pass.txt

##Nano will pop up. ONLY type in the following (substituting your REAL username and password of course)
USER1
PASSWRD

##Press Ctrl+o. call it pass.txt. then enter. then Ctrl+X

##Step 19: Configure the .ovpn file of your selected server. (I did UK London)
[root@tranmission_1 /media]# nano "UK London.ovpn"

## On the auth-user-pass line add pass.txt after it like so:
auth-user-pass pass.txt

####Press Ctrl+o. call it UK London.ovpn. then enter. then Ctrl+X

Getting very close to being done.
Code:
##Step 20: skipped.

##Step 21: Move the fixed PIA files into the correct folder we just created
##The actual OpenVPN files we created earlier.
##ca.crt next
[root@transmission_1 /media]# cp /media/ca.crt /usr/local/etc/openvpn/ca.crt
##crl.pem next
[root@transmission_1 /media]# cp /media/crl.pem /usr/local/etc/openvpn/crl.pem
##our pass.txt file we created
[root@transmission_1 /media]# cp /media/pass.txt /usr/local/etc/openvpn/pass.txt
##finally renaming the <Server>.ovpn file to .conf file --- You'll have to use "" around the name if there is a space in it.
[root@transmission_1 /media]# cp /media/"UK London.ovpn" /usr/local/etc/openvpn/openvpn.conf

Now to see if it works!!
Code:
[root@transmission_1 /]# /usr/local/etc/rc.d/openvpn start
Starting OpenVPN

WORKED FOR ME (5 times).

Also - shoutout to a LOT of people on here. There are several works I used to make this:
LIKE this amazing post by mjws00
 
Last edited:

madmax

Explorer
Joined
Aug 31, 2012
Messages
64
Great guide! Thank you! Could I suggest some modification to your guide? Could you combine step 14 onto one line of code? Also, do we need to mkdir '/usr/local/etc/openvpn' twice, steps 13 and 20?

Additionally, any thoughts on firewall rules and/or DNS leaking prevention?

Thanks again for your effort.
 

Bmck26

Dabbler
Joined
Dec 9, 2013
Messages
48
Has anyone tried this with 9.3?

It works the same with 9.3 from what I've seen. I had it running a few days ago. I'm having a different problem with transmission now though so I had the delete the plugin and I haven't re-installed the vpn yet.
 
Joined
Mar 6, 2014
Messages
686
Additionally, any thoughts on firewall rules and/or DNS leaking prevention?

Would like to have some insights on that ones too :)
 

Tango

Cadet
Joined
Nov 2, 2014
Messages
5
Thansk for all the replies.

Madmax - you are correct, you could combing Step 14 and 15 into one line. I don't due to me not knowing linux in anyway. Second suggestion - Great Catch! Removing Step 20.

As for DNS leak prevention and firewall things - I wasn't able to get that working, BUT I know I connect to PIA with using a CheckMyTorrentIp.png file.

If you hear of anything let me know!
 
Last edited:

Bmck26

Dabbler
Joined
Dec 9, 2013
Messages
48
What sort of issues are you having with Transmission now? I just set mine up a few days ago using Zufallsheld's excellent guide here.

It's not placing my downloaded files in to the source folder and not picking up torrents placed in my watch directory. This just started a few weeks ago. I've been using transmission for about a year now and I've installed and uninstalled several times playing with different settings but I've never had this happen. It does the same thing even after I delete the plugin and re-install it. Usually, when I install transmission it works fine without having to change much after setting up the jail storage and setting the download and watch directories. It would just lock down the folders and not give my permission to change them so I would have to set unmask to 0 in the settings.json file which is will known to anyone who has been using transmission for awhile.
 

jespergc

Cadet
Joined
Jul 18, 2014
Messages
5
Thank you very much for this guide!

I FINALLY got my openvpn working automatic login info. Thank you!

I use another VPN provider. I use Ipredator.se. The setup is pretty much the same, but i just wanted to let you know what made it work for a noob like me.

Ipredator do not use a .pem file, so just skip that step.
I got it working with using their IPredator-Windows-Password.ovpn file (not the .conf file or the two mac and ubuntu .ovpn files).
When copying the .ovpn in step 21. Do not change the file extension to .conf. Keep it an .ovpn file. That is what got it working for me.
This is what got it working for me with Ipredator.

BTW, i had problems with installing bash. Got it working after running Pkg Upgrade. I'm running Freenas 9.2.1.8.

Again, thank you very much for an easy guide like this!
 

Carolina

Cadet
Joined
Dec 5, 2014
Messages
6
I got it working on this:

Code:
FreeBSD freenas.lan 9.3-RELEASE-p5 FreeBSD 9.3-RELEASE-p5 #1 f8ed4e8: Fri Dec 19 20:25:35 PST 2014


It's straight forward enough of a tutorial I may try to write a script.

Please post if you do :)
 

Carolina

Cadet
Joined
Dec 5, 2014
Messages
6
0) Full script on gist. I made this for myself to automate a boring and long process. If you don't know what you're doing you should probably do it the 'hard' way first so you understand at least what the script is doing. It's also just for Private Internet Access (PIA) because I have PIA.

1) Tested on my: 9.3-RELEASE-p5 FreeBSD 9.3-RELEASE-p5 #1 f8ed4e8: Fri Dec 19 20:25:35 PST 2014

2) Not responsible for this losing your data, formatting your drives or your wife leaving you. This is supposed to be run inside the jail. It requires at least curl or wget to be installed. Tested with Transmission plugin jail &

3) Code should work like this:

Code:
jls
jexec [JAILID] tcsh
cd /tmp
wget --quiet --no-check-certificate -O pia.sh https://gist.githubusercontent.com/jedediahfrey/6d475dcc34c710f62a7c/raw/d9e2c8f26da0da5ba4e347df1c0210fde42884a8/pia.sh
chmod +x pia.sh
./pia.sh


rgATVw2.png

7Oje25t.png


The end of the script should show you this:

Code:
Starting openvpn.
Waiting 10 seconds for OpenVPN to spin up
If these are different, OpenVPN is working
Old IP: 68.[x].[x].[x]
New IP: 179.[x].[x].[x]

Worked like a charm. Thanks for posting.
 

Colly222

Dabbler
Joined
Dec 31, 2014
Messages
24
This is great and I have this working. One question, my provider (TorGuard) has plenty of .ovpn files. Picking one works well. Is there anyway to choose more than 1 incase one is down?

Basically, have OpenVPN within the jail try the first .ovpn then move on if not returning an IP address? (I'm very new)

Thanks in advance
Colly
 

Colly222

Dabbler
Joined
Dec 31, 2014
Messages
24
You could script that. I've just never had PIA down such that it mattered. Does TorGuard go down that often?

I'm not sure if it's the way I've setup OpenVPN or TorGuard, but I;m guessing the first. What happens is that Transmission stops downloading, and then when I enter the Transmission jail (ssh), OpenVPN is still running but I cannot get an IP or ping www.google.co.uk.
If I stop OpenVPN then start it again immediately it all works. (until it stops again a bit later [not sure how long])

I'm going to delete my volume, jails, plugins etc and then start again using your original instructions. See if it works any better

If the symptoms I've outlined above screams of an obvious rookie mistake let me know please - hugely appreciated
 

Colly222

Dabbler
Joined
Dec 31, 2014
Messages
24
I'm not sure if it's the way I've setup OpenVPN or TorGuard, but I;m guessing the first. What happens is that Transmission stops downloading, and then when I enter the Transmission jail (ssh), OpenVPN is still running but I cannot get an IP or ping www.google.co.uk.
If I stop OpenVPN then start it again immediately it all works. (until it stops again a bit later [not sure how long])

I'm going to delete my volume, jails, plugins etc and then start again using your original instructions. See if it works any better

If the symptoms I've outlined above screams of an obvious rookie mistake let me know please - hugely appreciated

Found time to set this up and it works really well. Thank you for the guide. Not sure what was different but I have this working perfectly with TorGuard - just miss the crl.pem step as this file isn't needed/provided
 

mjk79

Explorer
Joined
Nov 4, 2014
Messages
67
Is there a way to verify that it's connected to the vpn?
 
Joined
Mar 6, 2014
Messages
686
Is there a way to verify that it's connected to the vpn?
Sure, just check your interfaces. Since it will probably tun0:
Code:
root@vpn:/ # ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
    options=80000<LINKSTATE>
    inet 10.xx.xx.xx --> 10.xx.xx.xx netmask 0xffffffff
    nd6 options=1<PERFORMNUD>
    Opened by PID 22806
root@vpn:/ #
 

mjk79

Explorer
Joined
Nov 4, 2014
Messages
67
Thanks to both of you, that's very helpful.
 

Eric Ruud

Cadet
Joined
Jan 31, 2015
Messages
4
I am interested in using the port forward feature of PIA. I hacked together this script starting from the PIA script, and it seems to work (forwards port to Transmission). I am still learning FreeNAS and scripting so if anyone has a more elegant solution I would be interested.

(this runs inside the jail with OpenVPN and Transmission)

Code:
#! /usr/local/bin/bash
#
# Enable port forwarding
#
# Requirements:
#   your Private Internet Access user and password as arguments
#
# Usage:
#  ./port_forward.sh <user> <password>

error( )
{
  echo "$@" 1>&2
  exit 1
}

error_and_usage( )
{
  echo "$@" 1>&2
  usage_and_exit 1
}

usage( )
{
  echo "Usage: `dirname $0`/$PROGRAM <user> <password>"
}

usage_and_exit( )
{
  usage
  exit $1
}

version( )
{
  echo "$PROGRAM version $VERSION"
}


port_forward_assignment( )
{
  echo 'Loading port forward assignment information..'
  if [ "$(uname)" == "Linux" ]; then
    local_ip=`ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip`
    client_id=`head -n 100 /dev/urandom | md5sum | tr -d " -"`
  fi
  if [ "$(uname)" == "FreeBSD" ]; then
    local_ip=`ifconfig tun0 | grep "inet " | cut -d\  -f2|tee /tmp/vpn_ip`
    client_id=`head -n 100 /dev/urandom | md5 -r | tr -d " -"`
  fi
  json=`wget --no-check-certificate -q --post-data="user=$USER&pass=$PASSWORD&client_id=$client_id&local_ip=$local_ip" -O - 'https://www.privateinternetaccess.com/vpninfo/port_forward_assignment' | head -1`
  echo $json
  PORTNUM=`echo $json | grep -oE "[0-9]+"`
}

EXITCODE=0
PROGRAM=`basename $0`
VERSION=1.0
USER=$1
PASSWORD=$2

while test $# -lt 2
do
  case $1 in
  --usage | --help | -h )
    usage_and_exit 0
    ;;
  --version | -v )
    version
    exit 0
    ;;
  *)
    error_and_usage "Unrecognized option: $1"
    ;;
  esac
  shift
done

port_forward_assignment

transmission-remote -p $PORTNUM

exit 0
 
Joined
Mar 6, 2014
Messages
686
Port forwarding on vpn service? Huh? Wot?
 
Top