GUIDE: Setting up Transmission with OpenVPN and PIA

denist

Contributor
Joined
Jan 28, 2013
Messages
188
You would need replace the transmission-remote section with the above and add your username and password. Hope this helps.


Sent from my iPhone using Tapatalk
 

PrzemekD

Cadet
Joined
Mar 29, 2018
Messages
5
I based on the above to get Transmission and OpenVPN running and everything is working correctly. However, I wanted to automate the port forwarding thing so that the moment OpenVPN service starts, a script checks the port and assigns it to Transmission - basically something similar to what @denist wrote. However, I'm having some problems on this line:
Code:
transmission-remote --auth rpc_user:rpc_pass' -p $port

In short, the call to transmission-remote binary ends with a segfault, if the script was called by OpenVPN during its launch. I get:
Code:
/usr/local/etc/openvpn/test.sh: line 5: 24493 Segmentation fault	transmission-remote -n 'rpc_user:rpc_pass' -p 12345 > output.txt

The output.txt file is empty. Now, the really strange thing is that whenever I execute this script manually (via SSH as root), everything works and the port is set.
I've asked this on stackoverflow and one hint that I got was that it had something to do with chroot (so, I figure, the jail system itself), but while I'm not new to linux, I have no idea what's going on in BSD's jail execution. Does anyone have any ideas or reading suggestions for me?
 

jasemo

Dabbler
Joined
Mar 15, 2018
Messages
30
Is the guide at the start still current?

I followed all the steps listed before heading off to the Reddit thread and was concerned the wget line used to test was returning my normal IP even when checked from within my jail (root@transmission:~ #). This may be the same problem samwade was describing in his question back in September.

I did some digging Further checking revealed that the openvpn service, once started only persists for a few seconds before disappearing. I've tried restarting the services, the jail and rebboting FreeNAS.

Does anyone know why this would be? or a way to fix it?

I'm using FreeNAS 11.1-U5 and Transmission is running in an iocage jail.
 

alwu

Dabbler
Joined
Jan 24, 2018
Messages
36
i think the guide is still current. i just followed it and it worked for me, but i'm running freenas 11.1-U4. i installed transmission as a plugin, so it's in a warden jail.

there have been issues reported with networking in iocage jails in U5. maybe that's why openvpn disappeared after a few seconds. some info in this thread. http://forums.freenas.org/index.php?threads/anyone-try-u5-yet.64111

when i looked at /var/log/messages, i saw these warnings. they also showed up in other people's logs in this thread.
Jun 18 02:00:55 transmission_1 openvpn[79898]: WARNING: file 'pass.txt' is group or others accessible
Jun 18 02:00:55 transmission_1 openvpn[79899]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

the first warning about pass.txt can be taken care of by changing the permissions. after executing.

Code:
printf "UUUUUUUU\nPPPPPPPPPP\n" > pass.txt

do this

Code:
chmod 400 pass.txt


the second warning can be taken care of too with a different sed command. instead of

Code:
sed -i .bak 's/auth-user-pass/auth-user-pass pass.txt/' US\ West.ovpn


run this

Code:
sed -i .bak 's/auth-user-pass/auth-user-pass pass.txt\\
auth-nocache/' US\ West.ovpn


i tried these changes and openvpn and transmission still run fine and the warnings are gone from /var/log/messages.
 
Joined
Jul 14, 2018
Messages
1
Denist, thanks a ton for this script!

I seem to be getting the error:
Code:
ifconfig: groups: bad value

Tried changing "tun" to "tun0", and now I'm getting
Code:
http://localhost:9091/transmission/rpc/) timeout was reached


Nevermind! Just switched servers, I thought Netherlands supported port-forwarding, switched to Sweden, all good now.

Thanks!
 
Last edited:

vcaprigno

Cadet
Joined
Dec 23, 2017
Messages
2
Just so that everyone knows... I attempted the original script with a few adjustments on the latest Beta release of FreeNAS 11.2


Code:
jls
jexec [JAILID] tcsh
cd /tmp
fetch  https://gist.githubusercontent.com/jed-frey/6d475dcc34c710f62a7c/raw/fcf18484225b0676fe0c556e7798cc08cdc7a631/pia.sh
chmod +x pia.sh
./pia.sh



Enter username and password from PIA that you generated. Login to PIA and generate a PPTP/L2TP/SOCKS Username and Password
Just hit enter every time you get prompted for the install of any of the components... (blue screens).
Give it about 15 min and you are good...


Once complete you'll be presented with a openvpn result.

If these are different, OpenVPN is working

Old IP: XXX.XXX.XXX.XXX
New IP: XXX.XX.XXX.XX

The IP addresses that I was presented with were different. Works amazingly.
 

vcaprigno

Cadet
Joined
Dec 23, 2017
Messages
2
For clarification. I am running the Beta release of FreeNAS-11.2-BETA1

This was not my code, all I did was remove wget and changed it to fetch... works like a charm.
 

bitola1970

Dabbler
Joined
Aug 7, 2016
Messages
14
hi

has anyone managed to get port forwarding to work on an iocage jail. i've tried to use the most recent scripts with no success. this is what im getting after executing the script.

Code:
Transmission Port Forward 2018-08-08-00:02:01
Connection to google.com 80 port [tcp/http] succeeded!
VPN connection up
Closed port detected
Loading port forward assignment information...
Please install shasum or sha256sum, and make sure it is visible in your $PATH
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
This guide is great, however I cannot, for the life of me, get the port forwarding to work

Reminder, port forwarding is only available on the following gateways or you will get the error "Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding".
  • CA Toronto
  • CA Montreal
  • CA Vancouver
  • Netherlands
  • Switzerland
  • Sweden
  • France
  • Germany
  • Romania
  • Israel


I have tried all of those locations and am getting

Code:
Loading port forward assignment information...
{"error":"bad client_id"}


or
Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding


Also shasum sha1sum sha256sum are not installed and cannot be found by pkg and I have coreutils installed. sha265 seems to do something but the script still fails.
 
Last edited:

bitola1970

Dabbler
Joined
Aug 7, 2016
Messages
14
Does anyone know if transmission keeps old ports used for port forwarding in any configuration file. All works fine including openvpn and port forwarding but I get constant error messages that a socket cant connect to a port but the port mentioned is no longer in use. I'll post the error messages when I get home later today.
 

nathank1989

Contributor
Joined
Aug 29, 2016
Messages
103
Final Port script that work. Above there was an error.

Code:
#!/usr/local/bin/bash
# Cronable port forwarding script for PIA/transmission running on FreeNAS
#
# Requires bash, jq (JSON parser) and curl
# pkg install -y jq bash curl
#

# Export path for when you use this in cron
export PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/root/bin"

# echo date/time for logging
echo "Transmission Port Forward $(date +%Y-%m-%d-%H:%M:%S)"

get_new_port( )
{

   echo 'Loading port forward assignment information...'

  # Check if curl is installed
  if ! [ -x /usr/local/bin/curl ]; then
   echo "Curl not installed/not executable"
   exit 1
  fi
  # dynamically figure out the tunnel adapter name
  tunnel_adapter=`ifconfig | grep "tun" | cut -d ":" -f1`
  local_ip=$(ifconfig $tunnel_adapter | grep "inet " | cut -d\  -f2)
  
  # client_id seems to want shasum/sha256sum data
  client_id_file="/usr/local/etc/openvpn/pia_client_id"
  if [ ! -f "$client_id_file" ]; then
   if hash shasum 2>/dev/null; then
	   head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > "$client_id_file"
  elif hash sha256sum 2>/dev/null; then
	   head -n 100 /dev/urandom | sha256sum | tr -d " -" > "$client_id_file"
   else
	   echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
	   exit 1
   fi
  fi
 
  # port_forward_assignment
  client_id=`cat "$client_id_file"`
  json=$(curl --interface $tunnel_adapter "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null)
  if [ "$json" == "" ]; then
	json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
  fi

  # trim VPN forwarded port from JSON
  port=$(echo $json | awk 'BEGIN{r=1;FS="{|:|}"} /port/{r=0; print $3} END{exit r}')
 
  # test to make sure that the port is actually a number
  if ! [[ $port =~ ^[0-9]+$ ]]; then
   echo $json
   exit 1
  fi
 
  transmission-remote -p $port
 
   echo 'Port forward successful'
   echo $local_ip:$port
   exit 1
  
}

is_port_forwarded( ) {
  # -pt tests for open port.
  json=$(transmission-remote -pt)
  
  if [[ $json == "Port is open: No" ]]; then
   echo "Closed port detected"
  get_new_port
   elif [[ $json == "Port is open: Yes" ]]; then
   echo "Open port detected"
   exit 1

  fi
}

check_for_connectivity( ) {
  if nc -zw 1 google.com 80; then
  echo "VPN connection up"
  is_port_forwarded
  else
  echo "VPN connection down"
	exit 1

  fi
}

check_for_connectivity
is_port_forwarded

exit 1


Doesn't work....

Code:
root@transmission:/etc # bash portforward.sh
Transmission Port Forward 2018-08-17-10:39:40
Connection to google.com 80 port [tcp/http] succeeded!
VPN connection up
Unexpected response: <h1>401: Unauthorized</h1>Unauthorized User
Unexpected response: <h1>401: Unauthorized</h1>Unauthorized User

 

jellydonut2

Cadet
Joined
Sep 3, 2018
Messages
1
Hello friends,

Does anyone know why this occurs?


root@transmission_1:/usr/ports/security/openvpn # make install clean
===> Building/installing dialog4ports as it is required for the config dialog
===> Cleaning for dialog4ports-0.1.6
===> Skipping 'config' as NO_DIALOG is defined
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[3]: stopped in /usr/ports/ports-mgmt/dialog4ports
*** Error code 1

Stop.
make[2]: stopped in /usr/ports/ports-mgmt/dialog4ports
===> Options unchanged
/!\ ERROR: /!\

Ports Collection support for your FreeBSD version has ended, and no ports are
guaranteed to build on this system. Please upgrade to a supported release.

No support will be provided if you silence this message by defining
ALLOW_UNSUPPORTED_SYSTEM.

*** Error code 1

Stop.
make[1]: stopped in /usr/ports/security/openvpn
*** Error code 1

Stop.
make: stopped in /usr/ports/security/openvpn



This is my first time using a FreeBSD derivative so I am clueless. It sounds to me like either my system (FreeNAS-11.1-U6) is too old or new, or this ports collection that I literally just downloaded is too new or old. Neither makes sense to me.
 

alwu

Dabbler
Joined
Jan 24, 2018
Messages
36
i think it means that your ports collection is newer and may not be compatible with the version of freebsd that your jail is running. if you're using iocage jails, you can specify what freebsd release to use with -r option. i don't know if there's a way to change the freebsd version if you're creating warden jails via the gui. i ran into a similar problem when i was installing logitech media server in a warden jail. i got around it by setting the ALLOW_UNSUPPORTED_SYSTEM environment variable. LMS installed and is running, but it's a totally different beast. i don't know what will happen if you try that with openvpn.
 

alwu

Dabbler
Joined
Jan 24, 2018
Messages
36
i followed this guide and transmission and openvpn have been working for me. i don't have port forwarding enabled but am still able to seed. i've had a minor issue occur twice and that was losing the vpn connection. both times, the openvpn service randomly stopped and i don't know why. where can i find the openvpn logs so i can try to figure out what happened? the fix was easy. i ssh'ed into the jail, confirmed that the openvpn service wasn't running, and restarted it.

the good news is that the ipfw rules work. when the opevnpn service stopped, all my torrents had error messages that they couldn't connect to the tracker. restarting the openvpn service fixed this. also, the daily security run output emails warned me of the problem when they said that tun0 link state changed to down.

UPDATE: it turns out my i was losing my openvpn connection due to an inactivity timeout. when openvpn tried to reconnect, it got an authentication error. i found a fix for this which was to add 'pull-filter ignore "auth-token"' to /usr/local/etc/openvpn/openvpn.conf.
 
Last edited:

twk95

Dabbler
Joined
Oct 27, 2015
Messages
15
This broke for me updating from 11.2 Beta 3 to RC1. Seems like I can ping the web from the jail but not able to connect to peers.

Edit: also my traffic isn't being routed through the VPN. Still getting my own WAN IP. Investigating...
 
Last edited:

thijsjek

Dabbler
Joined
Aug 12, 2017
Messages
19
This broke for me updating from 11.2 Beta 3 to RC1. Seems like I can ping the web from the jail but not able to connect to peers.

Edit: also my traffic isn't being routed through the VPN. Still getting my own WAN IP. Investigating...

it broke aswell for me, after I did upgrade from an older working iocage jail from 11.1-release-p3 to 11.2-RELEASE-p4 and stopped working. from tail: /var/log/messages cannot allocate tun0 (or dynamically)

Edit:

-Manually creating tun* in shell does not resolve the problem. (ifconfig tun create) error: no such file or directory (errn=2)

-Used old fix, stopped jail, devfs rule -s 4 add path 'tun*' unhide new error:
FreeBSD ifconfig failed: external program exited with error status: 1
 
Last edited:

Baenwort

Explorer
Joined
Feb 19, 2015
Messages
93
So this was working in 11.1-U6 but updating to RC2 breaks it. No VPN is functioning in the jail. Anyone gotten this functional on a 11.2 release? The exact same jail that worked before is now showing my WAN IP. I tried rebuilding and still no dice on getting VPN to work.
 

Baenwort

Explorer
Joined
Feb 19, 2015
Messages
93

Supa

Patron
Joined
Jan 10, 2014
Messages
204
Just did the steps in the OP and it worked on 9.10 stable. Mine had broken I realized.

You can also verify through adding a magnet link: http://ipmagnet.services.cbcdn.com

Only step I was confused about is:

openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
HERE

Are you supposed to type 'HERE'?

FZZgRmb.png



I followed your guide and everything works. I failed at the Reddit steps #3/4 and I was wondering once I am setup how do you switch PIA servers? Can you write in your own words how to do the step 3/4 and changing the PIA server once configured?

I don't even think you're supposed to do those reddit steps... Half of them were a repeat of the OP's guide.
 
Last edited:

RagingBokky

Cadet
Joined
Sep 2, 2016
Messages
9
Has anyone got problems with 11.2-release-u1 (I think it was can't remember due to being at work) to get openvpn working? I have tried the work around of the bug and still no success. The things I done

1. Change the FreeBSD repo from no to yes
2. Install Openvpn
3. add that allow tun command
4. do a standard openvpn

And yes I have done the reboot as instruction says and my openvpn either doesn't connect or has a tun interface made. I can't find any other source of fix other than the bug fix or the repo's setting change
 
Top