GUIDE: Setting up Transmission with OpenVPN and PIA

Dudde

Explorer
Joined
Oct 5, 2015
Messages
77
I ended up with the following rules, they work for me.
Code:
ipfw -f flush

ipfw -q add 00010 allow ip from any to any via tun0

ipfw -q add 00101 allow ip from me to 10.0.0.0/24 via epair0b uid transmission
ipfw -q add 00102 allow ip from 10.0.0.0/24 to me via epair0b uid transmission
ipfw -q add 00103 deny ip from any to any via epair0b uid transmission

In my case im running transmission under the media user so i changed the uid to media
 

denist

Contributor
Joined
Jan 28, 2013
Messages
188
In the end use the one that works and block transmission when openvpn goes down and will start up again when openvpn goes up. I would like to use the other one in the link but I have transmission jail with sabnzbd sickrage couch potato plugins installed in that jail and not sure if the guide in the link would work for me.


Sent from my iPhone using Tapatalk
 

MrUnknownEMC

Explorer
Joined
Feb 20, 2016
Messages
55
This should work with others VPN provides? If they provides the Public/Private Key and additional verification such as username/password?
 
Last edited:

mike360x1

Contributor
Joined
Dec 25, 2012
Messages
107
I've just followed your guide and I'm having a hard time connecting to the transmission GUI. Is it because the OPENVPN is directing all the traffic through the tunnel and thus I cannot communicate with transmission on the local network? In this case, do I need to setup a firewall rule to permit localhost( on the jail ) Port 9091 to access local traffic?
 

denist

Contributor
Joined
Jan 28, 2013
Messages
188
I have never had that issue as the open vpn and firewall rule don't lock down the local network.


Sent from my iPhone using Tapatalk
 

mike360x1

Contributor
Joined
Dec 25, 2012
Messages
107
mmm, strange. when I installed Openvpn I used
Code:
pkg install openvpn

and I tried with both the transmission port and the plugin. Neither worked.

well I do have transmission server on a different network than my computer so maybe I'll try that.
 

mike360x1

Contributor
Joined
Dec 25, 2012
Messages
107
I figured it out, Apparently, when connected to OpenVPN, transmission does not allow connections from outside its subnet.

My computer resides on 192.168.10.* while the jail is on 192.168.20.* is there any way to allow connection after VPN is initiated without using a tunnel to get to 192.168.20.*?
 

Bob Dylan

Cadet
Joined
Jun 8, 2017
Messages
3
Hello all,

Hope you guys can help me, usually i brute force my way through things till i get it right. But after trying for 9 hours i finally give up.

I had this working before i moved states. But now when i got to Colorado its no longer working.

So the issue is i get it all installed after following the rules to this post.

But when i start OpenVPN it starts but i can't ping out of the network.

I don't have the ipfw on.

but i tried countless things. updating to Freenas 11, then booting back down to 9.3.
multiple different PIA config files:
https://helpdesk.privateinternetacc...een-the-OpenVPN-config-files-on-your-website-

port forwarding 1198 to the freenas server and then tried forwarding it to the transmission jail.

Still nothing. the Jail pings out fine without openvpn running...
 

Bob Dylan

Cadet
Joined
Jun 8, 2017
Messages
3
Well i feel stupid, Comcast's DNS was blocking it.

Did a nano /etc/resolv.conf and found Comcast set its DNS for the default "75.75.75.75" even though my server is set differently.

Changing it to google's solved my issue.

# Generated by resolvconf
nameserver 8.8.8.8
nameserver 8.8.4.4
 

Jeka28

Cadet
Joined
Oct 15, 2016
Messages
4
Thank you for this great tutorial. After following your steps (twice to make sure I didn't screw it up the first time), I have run in to the same issue. My Transmission client can download from seeders and peers but cannot upload to other peers.

I have verified that transmission is using the openvpn tunnel for communication by using torguard.net. Unfortunately I am not experienced enough with openvpn or freebsd to find out why my transmission client cannot upload.

My entire jail / transmission / vpn setup is unaltered from initial setup except for running your tutorial. I am running on the most recent version of FreeNAS 11.

I would appreciate any help that anyone could give.

Edited to add more information:

I can ping google from within the jail using my tunnel:
root@transmission_1:/usr/local/etc/openvpn # ping -S 10.15.10.6 -c 5 google.com
PING google.com (172.217.9.***) from 10.15.10.6: 56 data bytes
64 bytes from 172.217.9.***: icmp_seq=0 ttl=56 time=45.271 ms
64 bytes from 172.217.9.***: icmp_seq=1 ttl=56 time=44.063 ms
64 bytes from 172.217.9.***: icmp_seq=2 ttl=56 time=44.279 ms
64 bytes from 172.217.9.***: icmp_seq=3 ttl=56 time=43.992 ms
64 bytes from 172.217.9.***: icmp_seq=4 ttl=56 time=42.712 ms

--- google.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 42.712/44.063/45.271/0.817 ms
root@transmission_1:/usr/local/etc/openvpn #
 
Last edited:

MrUnknownEMC

Explorer
Joined
Feb 20, 2016
Messages
55
After hours of troubleshooting and reinstall the jail, i have face an issues where i cannot complete the setup using the original OP guide. The openvpn file from PIA doesn't seem to include ca.crt or crl.pem instead it rename. So alter the command to suit what is available at that directory. But than openvpn failed to start.

Code:
##Step 21: Move the fixed PIA files into the correct folder we just created
##The actual OpenVPN files we created earlier.
##ca.crt next
[root@transmission_1 /media]# cp /media/ca.crt /usr/local/etc/openvpn/ca.crt
##crl.pem next
[root@transmission_1 /media]# cp /media/crl.pem /usr/local/etc/openvpn/crl.pem
##our pass.txt file we created


Than i thought i would try the script @jafrey which worked the first time but the problem is, how do i switch the server to an Australia one? What is proper way to change the script? I thought it is

Code:
echo 'openvpn_configfile="/usr/local/etc/openvpn/Switzerland.ovpn"' >> /etc/rc.conf


and replace it with something along this line.

Code:
echo 'openvpn_configfile="/usr/local/etc/openvpn/Au Sydney.ovpn"' >> /etc/rc.conf


From what i understand it copy the username and passoword to each of the ovpn profile, so how do i switch to a different profile.
 

zhorax

Cadet
Joined
Aug 19, 2017
Messages
1
After hours of troubleshooting and reinstall the jail, i have face an issues where i cannot complete the setup using the original OP guide. The openvpn file from PIA doesn't seem to include ca.crt or crl.pem instead it rename. So alter the command to suit what is available at that directory. But than openvpn failed to start.

Code:
##Step 21: Move the fixed PIA files into the correct folder we just created
##The actual OpenVPN files we created earlier.
##ca.crt next
[root@transmission_1 /media]# cp /media/ca.crt /usr/local/etc/openvpn/ca.crt
##crl.pem next
[root@transmission_1 /media]# cp /media/crl.pem /usr/local/etc/openvpn/crl.pem
##our pass.txt file we created


Than i thought i would try the script @jafrey which worked the first time but the problem is, how do i switch the server to an Australia one? What is proper way to change the script? I thought it is

Code:
echo 'openvpn_configfile="/usr/local/etc/openvpn/Switzerland.ovpn"' >> /etc/rc.conf


and replace it with something along this line.

Code:
echo 'openvpn_configfile="/usr/local/etc/openvpn/Au Sydney.ovpn"' >> /etc/rc.conf


From what i understand it copy the username and passoword to each of the ovpn profile, so how do i switch to a different profile.

Don't forget to point to ca.crt and crl.pem in your openvpn's .conf file! (/usr/local/etc/openvpn/openvpn.conf after following this tutorial).

But agreed, both the tutorial and script need updating now.
 

MrUnknownEMC

Explorer
Joined
Feb 20, 2016
Messages
55
Don't forget to point to ca.crt and crl.pem in your openvpn's .conf file! (/usr/local/etc/openvpn/openvpn.conf after following this tutorial).

But agreed, both the tutorial and script need updating now.
I fix the problem by manually importing both CA and crl as they changed the file name in current openvpn and in conf.

Does anyone have a stable script/cron jobs to keep the VPN running, when i check in morning the ip seem to changed to normal one and openvpn seem to crashed or stop and i had to start it again and working again. I simple script to make sure it running or a killswitch would do.
 

fizassist

Cadet
Joined
Aug 20, 2017
Messages
5
Thanks! Here's what I did under FreeNAS-11.0-U2 following your recipe. UUUUUUUU/PPPPPPPPPP is my Private Internet Access login. It worked great, as verified with https://torguard.net/checkmytorrentipaddress.php.

Code:
pkg install openvpn

cat > /etc/rc.conf.d/openvpn <<HERE
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
HERE

cd /tmp
mkdir openvpn ; cd openvpn
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate
unzip openvpn.zip
sed -i .bak 's/auth-user-pass/auth-user-pass pass.txt/' US\ West.ovpn
printf "UUUUUUUU\nPPPPPPPPPP\n" > pass.txt
mkdir /usr/local/etc/openvpn
cp ca.rsa.2048.crt crl.rsa.2048.pem pass.txt  /usr/local/etc/openvpn/
cp US\ West.ovpn /usr/local/etc/openvpn/openvpn.conf


Then restarted jail. openvpn connected and worked great.
 

lkh5650

Cadet
Joined
Sep 8, 2017
Messages
4
Thanks! Here's what I did under FreeNAS-11.0-U2 following your recipe. UUUUUUUU/PPPPPPPPPP is my Private Internet Access login. It worked great, as verified with https://torguard.net/checkmytorrentipaddress.php.

Code:
pkg install openvpn

cat > /etc/rc.conf.d/openvpn <<HERE
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
HERE

cd /tmp
mkdir openvpn ; cd openvpn
wget https://www.privateinternetaccess.com/openvpn/openvpn.zip --no-check-certificate
unzip openvpn.zip
sed -i .bak 's/auth-user-pass/auth-user-pass pass.txt/' US\ West.ovpn
printf "UUUUUUUU\nPPPPPPPPPP\n" > pass.txt
mkdir /usr/local/etc/openvpn
cp ca.rsa.2048.crt crl.rsa.2048.pem pass.txt  /usr/local/etc/openvpn/
cp US\ West.ovpn /usr/local/etc/openvpn/openvpn.conf


Then restarted jail. openvpn connected and worked great.


SO I installed it, and also made sure to change the name for the ca.rsa.2048.crt file and crl.rsa.2048.pem file. I didn't yet sign up for PIA
Is there anyway I can check if my setting works before signing up for PIA?
IF not, after signing up for PIA, and changing my username/password in the pass.txt (do i just change the pass.txt file in the /usr/local/etc/openvpn/ directory only?
how can I check if it works?
 

fizassist

Cadet
Joined
Aug 20, 2017
Messages
5
SO I installed it, and also made sure to change the name for the ca.rsa.2048.crt file and crl.rsa.2048.pem file. I didn't yet sign up for PIA
Is there anyway I can check if my setting works before signing up for PIA?
IF not, after signing up for PIA, and changing my username/password in the pass.txt (do i just change the pass.txt file in the /usr/local/etc/openvpn/ directory only?
how can I check if it works?

Notice in my version of the recipe, I didn't need to rename the crt/pem files. I don't know how to check it without actually signing up for PIA. Once you do, you can visit https://torguard.net/checkmytorrentipaddress.php, right click the big green "Download Now" button and copy the link address (a magnet link). Then click "open torrent" in the transmission web gui and paste the magent link in the URL box. Transmission should report an "error" that contains your IP address. You then verify that IP address is PIA's, not yours.
 
Top