-
Important Announcement for the TrueNAS Community.
The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums
GUIDE: Setting up Transmission with OpenVPN and PIA
- Thread starter Tango
- Start date
There might also be confusion in regards to the paths as I use /sabnzbd/scripts
This might confuse everyone as this needs to reflect the right path in freenas GUI under jails and under transmission_1 I created a folder link for the root of the jail. I might edit the script to go into another folder to make it easier for everyone that wants to give it a go. Which openvpn guide to you guys use.
Sent from my iPhone using Tapatalk
This might confuse everyone as this needs to reflect the right path in freenas GUI under jails and under transmission_1 I created a folder link for the root of the jail. I might edit the script to go into another folder to make it easier for everyone that wants to give it a go. Which openvpn guide to you guys use.
Sent from my iPhone using Tapatalk
I seem to have an issue with the rules file having the "add" and when the ipfw service starts, it doesn't know what to do with this. Is there more to the rules file that needs to exist than what's being written in the file?
I know in a previous version of the rules file I had, it called some things such as ipfw -q -f flush, also set up cmd to be ipfw - q add and used "$cmd" in the calls.... It seems the above pia.py script doesn't do any of that.
Ok, seems my rc.conf was set to a script vs a type (above issue)
Also instead of having the IPs set to the 10.0.0.0/8 values, would it make more sense to use any IP and the "via tun0" method to restrict it to be thru the VPN interface? (ie allow all from any to any via tun0)
Last question, any reason not to just run both chron jobs from the jail vs running the one from freenas?
I know in a previous version of the rules file I had, it called some things such as ipfw -q -f flush, also set up cmd to be ipfw - q add and used "$cmd" in the calls.... It seems the above pia.py script doesn't do any of that.
Ok, seems my rc.conf was set to a script vs a type (above issue)
Also instead of having the IPs set to the 10.0.0.0/8 values, would it make more sense to use any IP and the "via tun0" method to restrict it to be thru the VPN interface? (ie allow all from any to any via tun0)
Last question, any reason not to just run both chron jobs from the jail vs running the one from freenas?
Last edited:
You can run both scripts from jail I just set it up like that but have not done it yet as it was working so did not want to mess with it. In regards to the script in how to simplify it that is above my head as I was not the one who created it I got if someone earlier in the thread and just changed some values and it did what it was supposed to do. I am sure there is a way to simplify and clean it up but not to sure how so I left it as is as it was working.
Sent from my iPhone using Tapatalk
Sent from my iPhone using Tapatalk
This is the last script i used for just transmission to open the ports.
I just edited the part where it says how to use curl so it looked cleaner.
I just edited the part where it says how to use curl so it looked cleaner.
Code:
#!/usr/local/bin/bash
# Cronable port forwarding script for PIA/transmission running on
# FreeNAS
#
# Requires bash, jq (JSON parser) and curl
# pkg install -y jq bash curl
# Assumes tunnel is tun0 if different change below
#
# Your PrivateInternetAccess credentials
PIA_USER=username
PIA_PASS=password
# Export path for when you use this in cron
export PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin"
# echo date/time for logging
echo "Transmission Port Forward $(date +%Y-%m-%d-%H:%M:%S)"
get_new_port( ) {
if ! [ -x /usr/local/bin/curl ]; then
echo "Curl not installed/not executable"
exit 0
fi
# get the local tunnel ip
local_ip=$(ifconfig tun0 | grep "inet " | cut -d\ -f2)
#client_id seems to want random data
client_id=$(head -n 100 /dev/urandom | md5 -r | tr -d " -")
port=$(curl --silent --data "user=$PIA_USER&pass=$PIA_PASS&client_id=$client_id&local_ip=$local_ip" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment | jq .port)
if ! [[ $port =~ ^[0-9]+$ ]]; then
echo "Garbled data: $port"
exit 0
fi
transmission-remote -p $port
}
is_port_forwarded( ) {
# -pt tests for open port.
json=$(transmission-remote -pt)
if [[ $json == "Port is open: No" ]]; then
echo "Closed port detected"
get_new_port
elif [[ $json == "Port is open: Yes" ]]; then
echo "Open port detected"
exit 1
fi
}
check_for_connectivity( ) {
if nc -zw 1 google.com 80; then
echo "VPN connection up."
else
echo "VPN connection down. Exiting."
exit 1
fi
}
check_for_connectivity
is_port_forwarded
exit 1
Now it seems my system is generating a bunch of extra rules when I enable IPFW...
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
Any ideas on why? This also seems to possible be making it so the VPN can't connect when it restarts. Right now with the script, it seems to stop/start everything and generate the rule, but loads these extra rules and the VPN doesn't seem to have the ability to connect to the server.
Maybe I'm wrong, it seems its connecting now, maybe the server was having issues at times.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny ip from any to ::1
00500 deny ip from ::1 to any
00600 allow ipv6-icmp from :: to ff02::/16
00700 allow ipv6-icmp from fe80::/10 to fe80::/10
00800 allow ipv6-icmp from fe80::/10 to ff02::/16
00900 allow ipv6-icmp from any to any ip6 icmp6types 1
01000 allow ipv6-icmp from any to any ip6 icmp6types 2,135,136
Any ideas on why? This also seems to possible be making it so the VPN can't connect when it restarts. Right now with the script, it seems to stop/start everything and generate the rule, but loads these extra rules and the VPN doesn't seem to have the ability to connect to the server.
Maybe I'm wrong, it seems its connecting now, maybe the server was having issues at times.
Last edited:
Wisdom
Explorer
- Joined
- Oct 15, 2016
- Messages
- 71
Gave this a shot, returned:
Code:
root@transmission_1:/ # ./port_forward.sh declare -x BLOCKSIZE="K" declare -x EDITOR="vi" declare -x GROUP="wheel" declare -x HOME="/root" declare -x HOST="transmission_1" declare -x HOSTTYPE="FreeBSD" declare -x LOGNAME="root" declare -x LSCOLORS="ExGxFxdxCxegedabagExEx" declare -x MACHTYPE="x86_64" declare -x MAIL="/var/mail/root" declare -x OLDPWD declare -x OSTYPE="FreeBSD" declare -x PAGER="more" declare -x PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin" declare -x PWD="/" declare -x REMOTEHOST="192.168.0.xxx" declare -x SHELL="/bin/csh" declare -x SHLVL="3" declare -x SSH_CLIENT="192.168.0.xxx xxxxx xx" declare -x SSH_CONNECTION="192.168.0.xxx xxxxx 192.168.0.xxx xx" declare -x SSH_TTY="/dev/pts/0" declare -x TERM="xterm" declare -x USER="root" declare -x VENDOR="amd" Transmission Port Forward 2017-01-17-14:37:10 Connection to google.com 80 port [tcp/http] succeeded! VPN connection up. Closed port detected curl: option --data: requires parameter curl: try 'curl --help' or 'curl --manual' for more information ./port_forward.sh: line 37: user=XXXXXXXXX&pass=XXXXXXXXX&client_id=908e32596c072acccff7a0d4ad238161&local_ip=10.63.10.6: command not found ./port_forward.sh: line 38: https://www.privateinternetaccess.com/vpninfo/port_forward_assignment: No such file or directory Garbled data: root@transmission_1:/ #
With minor edits (x's) for security.
Edit:
Thanks for the help with clarifying the esc wq! issue - I realize it's a pretty silly thing to have a problem with. I gave it another shot, but it's now claiming that
Code:
q isn't a vi command
and just makes a little pinging noise when I hit w or !, so I'm not sure what's missing there.
Last edited:
Ok i have zipped all my notes and scripts into a zip file and uploaded them to dropbox. Link below. might be easier than to copy and pasting in here less messy. If anyone has other ideas in making in more streamlined be my gest and edit and share on here you outcomes. I will be changing the way i implement the Kill Switch and to use the Jail cron instead of the Freenas GUI Cron, and will try and use the pia folders for all scripts to make it easier for others to use the guide.
https://www.dropbox.com/s/2zvthd615mp3quz/OpenVpn Install.7z?dl=0
https://www.dropbox.com/s/2zvthd615mp3quz/OpenVpn Install.7z?dl=0
The reason i was not using the cron for the Kill switch as it would not work for some reason. It worked when i manullay ran the command python2.7 /sabnzbd/scripts/pia.py but in the Jail cron this did not execute properly so i left it in the GUI Cron for now. When i have time ill look into it more. If others have success please share. In regards to using a universal folder instead of creating a new one for scripts and ipfw_rules was thinking using this one "/usr/local/etc/pia_openvpn" as this is the folder for all the OpenVpn config stuff. We could use this as ipfw_rules, pia.py, and port_forward.sh and then change all paths to reflect this. Need to thank everyone on this thread and the other thread as with all the help here i would not have got this to work.
When you type the below
#crontab -e
then type i
Paste the command then
#press Esc button
Type :wq
#press enter
then it should save.
Wisdom
Explorer
- Joined
- Oct 15, 2016
- Messages
- 71
This was really helpful, thank you.
I'm pretty sure I have the kill switch running now.
Running
Code:
wget http://smart-ip.net/myip -O - -q ; echo
I also got the cron job running, thank you for clarifying the commands. Again, I realize it's a really dumb thing to have issues with, but I'm just not that familiar with all this yet. I appreciate you spelling it out for me.
After updating my port_forward.sh and running it manually, it returned the following:
Code:
root@transmission_1:/ # ./port_forward.sh ./port_forward.sh: line 8: tun0: command not found Transmission Port Forward 2017-01-17-20:46:15 Connection to google.com 80 port [tcp/http] succeeded! VPN connection up. Closed port detected cut: bad delimiter Garbled data: null root@transmission_1:/
This doesn't look like quite what I think it's supposed to print, but again, I may be wrong. I had to edit some of the lines manually to clean up the spacing (when copying from notepad++ some of the wrapping was weird, but I made sure they looked the same after updating all the paths and addresses. I'll take another look at it, but wasn't sure if there was anything specific that needed to be pointed out. (e.g., the issue with line 8 was a wrapping problem that has since been corrected.)
Using transmission in practice, I've been able to hit my peak speeds, albeit not consistently (though I suspect this has more to do with a lack of seeders than any other issues!). However, my ports are still claiming they're closed, due to a firewall issue, despite having updated rc.conf to reflect the new ipfw_rules.
When checking pia.log, all it contains is three lines of
Code:
/usr/local/bin/bash: /transmission_1/port_forward.sh: No such file or directory found
However, I do have port_forward.sh in the root folder for transmission_1, as evidenced by:
Code:
root@transmission_1:/ # ls .cshrc boot media rescue usr .plugins dev mnt root var .profile etc port_forward.sh sbin COPYRIGHT lib portforward.sh sys bin libexec proc tmp root@transmission_1:/ #
So I'm not sure what's up with that.
EDIT: I updated the cron job that write to pia.log to reflect it's actual location. I think I was initially trying to point to transmission_1/transmission_1/port_forward.sh, rather than just transmission_1/port_forward.sh. So I guess that's one issue fixed.
As always, a huge thanks for helping me get this far!
Last edited:
Wisdom
Explorer
- Joined
- Oct 15, 2016
- Messages
- 71
Follow-up: getting an error on pia.py, the job returns:
This references the definition of "url", which for me I changed to "Switzerland.privateinternetaccess.com"
Not only does this server match the default installation settings for OpenVPN using the script on the second page of this thread, but it also supports port forwarding (according to PIA's page). I double checked I spelled Switzerland correctly. I'm not sure how/if this is supposed to resolve, but I can't directly navigate to this address in my browser, but I don't expect that's supposed to be the case anyway.
---
Edit: this (below) is now an old problem. Leaving for others.
Fixed this. Line-wrapping disasters continue.
Thoughts?
Code:
ping: cannot resolve Switzerland.privateinternetaccess.com: Unknown host Traceback (most recent call last): File "/etc/pia.py", line 19, in <module> hostname, aliaslist, ipaddrlist = socket.gethostbyname_ex(url) socket.gaierror: [Errno 8] hostname nor servname provided, or not known
This references the definition of "url", which for me I changed to "Switzerland.privateinternetaccess.com"
Not only does this server match the default installation settings for OpenVPN using the script on the second page of this thread, but it also supports port forwarding (according to PIA's page). I double checked I spelled Switzerland correctly. I'm not sure how/if this is supposed to resolve, but I can't directly navigate to this address in my browser, but I don't expect that's supposed to be the case anyway.
---
Edit: this (below) is now an old problem. Leaving for others.
Fixed this. Line-wrapping disasters continue.
Code:
File "/etc/pia.py", line 12 subprocess.check_output(['ping', '-c', '1', url]) except ^ SyntaxError: invalid syntax
Thoughts?
Last edited:
Ok it looks like the address above is not valid anymore. If you check the openvpn folder and fine the Switzerland.ovpn and open it the address is different now it is swiss.privateinternetaccess.com you will need to change this to the scipts and openvpn.
Wisdom
Explorer
- Joined
- Oct 15, 2016
- Messages
- 71
Duly noted, thanks for catching that. I updated mine, forced the cron job to run, and didn't get an error email. Looks good!
Now to figure out the port forwarding xD
Edit:
So I poked around in port_forward.sh and figured out the delimiter it's unhappy about is in line 27:
Code:
local_ip=$(ifconfig tun0 | grep "inet " | cut -d\ -f2)
What does this mean? I don't know. But I removed it anyway and ran the script again, but besides not getting
Code:
cut: bad delimiter
like in my earlier failed output, nothing else changed. So yeah. I wish I knew enough about this to be able to tell why this is a problem, but I thought at least I could try to point you to what seems to be the issue.
Last edited:
Similar threads
- Locked
