As there have been no responses as of yet, I am updating this post with some progress that I've made today...
My success so far:
- I am currently running FreeNAS 11.2-U6 and the jail is an iocage 11.2-RELEASE.
- All packages are the latest as per pkg update and upgrade, and the FreeBSD.conf file is set for the "latest" (not quarterly or annually or whatever the heck the default was...)
- Transmission is running great through PIA & openvpn and using the Switzerland 2048 crt and pem files for the installation
- Using ipMagnet I can confirm that the IP address is different that my ISP's WAN address.
- Using my ipfw rules I can confirm that when I manually stop the openvpn service, Transmission slowly dies down (over about two or three minutes) and no further data flows until I restart the openvpn service.
- When I remote into my backup server (which just happens to be a Windows 10 OS) I am able to successfully fire up the Transmission Remote GUI, so I know it successfully connects on the local LAN.
- My transmission-port-forward.sh script properly creates the port and updates the transmission-remote. I have also got it writing the openvpn WAN IP (the address for the tun0 device) into a log file every time it runs and updates the transmission-remote. (Instead of filling up my jail with useless data, it only writes to the file when it updated the transmission-remote file.
Here are the source code files I'm working with:
transmission-port-forward.sh:
Code:
#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
# install the following in order to run
# - pkg install curl
# - pkg install bash
# - pkg install jq
# - pkg install -y p5-Digest-SHA
#
# Usage:
# ./usr/local/etc/openvpn/transmission-port-forward.sh
#Declare the variables for the script
TRANSUSER=myuserid
TRANSPASS=mypassword
TRANSHOST=192.168.2.xxx
error( )
{
echo "$@" 1>&2
exit 1
}
error_and_usage( )
{
echo "$@" 1>&2
usage_and_exit 1
}
usage( )
{
echo "Usage: `dirname $0`/$PROGRAM"
}
usage_and_exit( )
{
usage
exit $1
}
version( )
{
echo "$PROGRAM version $VERSION"
}
port_forward_assignment( )
{
#Loading port forward assignment information
if [ "$(uname)" == "Linux" ]; then
client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
fi
if [ "$(uname)" == "FreeBSD" ]; then
client_id=`head -n 100 /dev/urandom | shasum -a 256 | tr -d " -"`
fi
#Retreive port information
json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
#What to do if port forward is already active or if connection has failed
if [ "$json" == "" ]; then
#Write to the log file as follows
#Uncomment this line for troubleshooting while working on stuff as needed.....
#echo As of $(date) port forwarding is already activated on the connection or has expired. Restart the jail... >> /usr/local/etc/openvpn/transmission-port-forward.log 2>&1
exit 0
fi
#Show the returned port number
echo server returned "$json"
#trim VPN forwarded port from JSON
PORT=$(echo $json | awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
echo if successful, trimmed port is:"$PORT"
#Get the openvpn WAN IP Address
OPENVPNIP=`curl "ifconfig.me" 2>/dev/null`
#json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
#write the port number to a log file
echo As of $(date) the transmission-remote access is "$OPENVPNIP:$PORT" >> /usr/local/etc/openvpn/transmission-port-forward.log 2>&1
#change transmission port on the fly
transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
echo remember to run no longer than 2 mins after reconnecting/connecting to vpn server.
}
EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1
while test $# -gt 0
do
case $1 in
--usage | --help | -h )
usage_and_exit 0
;;
--version | -v )
version
exit 0
;;
*)
error_and_usage "Unrecognized option: $1"
;;
esac
shift
done
port_forward_assignment
exit 0
ipfw.rules
Code:
#####################################################################################
# Enter the following rules, replacing "tun0" with your VPN tunnel. Also replace
# "192.168.1.0/24" with your LAN network and subnet
######################################################################################
#!/bin/bash
# Flush out the list before we begin
ipfw -q -f flush
# Set rules command prefix
cmd="ipfw -q add"
vpn="tun0"
# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0
# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn
# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 192.168.2.1/24 uid transmission
$cmd 00102 allow all from 192.168.2.1/24 to me uid transmission
# deny any Transmission connection outside LAN that does not use VPN
$cmd 00103 deny all from any to any uid transmission
rc.conf
Code:
host_hostname="Transmission"
cron_flags="$cron_flags -J 15"
# Disable Sendmail by default
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
# Run secure syslog
syslogd_flags="-c -ss"
# Enable IPv6
ipv6_activate_all_interfaces="YES"
transmission_enable="YES"
#OpenVPN enable an configuration
openvpn_enable="YES"
openvpn_configfile="/usr/local/etc/openvpn/openvpn.conf"
# Firewall
firewall_enable="YES"
firewall_script="/etc/ipfw.rules"
crontab:
Code:
# /etc/crontab - root's crontab for FreeBSD
#
# $FreeBSD: releng/11.2/etc/crontab 194170 2009-06-14 06:37:19Z brian $
#
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin
#
#minute hour mday month wday who command
#
*/5 * * * * root /usr/libexec/atrun
#
# Save some entropy so that /dev/random can re-seed on boot.
*/11 * * * * operator /usr/libexec/save-entropy
#
# Rotate log files every hour, if necessary.
0 * * * * root newsyslog
#
# Perform daily/weekly/monthly maintenance.
1 3 * * * root periodic daily
15 4 * * 6 root periodic weekly
30 5 1 * * root periodic monthly
#
# Adjust the time zone if the CMOS clock keeps local time, as opposed to
# UTC time. See adjkerntz(8) for details.
1,31 0-5 * * * root adjkerntz -a
#
# Generate the port forward for openvpn and update Transmission Remote
*/2 * * * * root /usr/local/bin/bash /usr/local/etc/openvpn/transmission-port-forward.sh >> /usr/local/etc/openvpn/transmission-port-forward-cron.log 2>&1
transmission's settings.json file:
Code:
{
"alt-speed-down": 50,
"alt-speed-enabled": false,
"alt-speed-time-begin": 540,
"alt-speed-time-day": 127,
"alt-speed-time-enabled": false,
"alt-speed-time-end": 1020,
"alt-speed-up": 50,
"bind-address-ipv4": "0.0.0.0",
"bind-address-ipv6": "::",
"blocklist-enabled": false,
"blocklist-url": "http://www.example.com/blocklist",
"cache-size-mb": 4,
"dht-enabled": true,
"download-dir": "/media/Downloads/03 - Completed",
"download-queue-enabled": true,
"download-queue-size": 20,
"encryption": 1,
"idle-seeding-limit": 5,
"idle-seeding-limit-enabled": true,
"incomplete-dir": "/media/Downloads/02 - In Progress",
"incomplete-dir-enabled": true,
"lpd-enabled": false,
"message-level": 2,
"peer-congestion-algorithm": "",
"peer-id-ttl-hours": 6,
"peer-limit-global": 200,
"peer-limit-per-torrent": 50,
"peer-port": 26916,
"peer-port-random-high": 65535,
"peer-port-random-low": 49152,
"peer-port-random-on-start": false,
"peer-socket-tos": "default",
"pex-enabled": true,
"pidfile": "/var/run/transmission/daemon.pid",
"port-forwarding-enabled": true,
"preallocation": 1,
"prefetch-enabled": true,
"queue-stalled-enabled": true,
"queue-stalled-minutes": 30,
"ratio-limit": 0,
"ratio-limit-enabled": true,
"rename-partial-files": true,
"rpc-authentication-required": true,
"rpc-bind-address": "0.0.0.0",
"rpc-enabled": true,
"rpc-host-whitelist": "",
"rpc-host-whitelist-enabled": false,
"rpc-password": "mypassword",
"rpc-port": 9091,
"rpc-url": "/transmission/",
"rpc-username": "transmission",
"rpc-whitelist": "127.0.0.1",
"rpc-whitelist-enabled": false,
"scrape-paused-torrents-enabled": true,
"script-torrent-done-enabled": false,
"script-torrent-done-filename": "",
"seed-queue-enabled": false,
"seed-queue-size": 10,
"speed-limit-down": 100,
"speed-limit-down-enabled": false,
"speed-limit-up": 1,
"speed-limit-up-enabled": true,
"start-added-torrents": true,
"trash-original-torrent-files": false,
"umask": 18,
"upload-slots-per-torrent": 14,
"utp-enabled": true,
"watch-dir": "/media/Downloads/01 - Manual",
"watch-dir-enabled": true
}
And getting to the point...
Problem 1 - Port Forwarding Script Writing To A Log: -> SOLVED
Problem 2 - Port number log... can it be done? -> SOLVED
Problem 3 - Transmission Remote GUI not connecting from outside my local LAN
When not at home, I use Transmission Remote GUI on my laptop. When I check out my log for the latest tun0 IP address and port number and use them within the Transmission Remote GUI, I am getting the message "Unexpected Server Response" message returned and I am not able to connect. Also, when I remote into another Windoze 10 computer on my LAN, I am able to run the Transmission Remote GUI on that computer, which connects to transmission with no issues at all, using the local LAN IP for my transmission iocage jail.
1. Can someone please confirm if I'm supposed to be using the PIA WAN IP and the script generated port, or should I still be using something else?
2. Since I am using the PIA 2048 encryption crt and pem files, do I somehow need to add a certificate to my Windows 10 laptop, or Transmission Remote GUI configuration somewhere, in order for it to connect through the VPN port?
3. Or as an alternate all together, would it be better to just setup another reverse proxy jail, run something like nginx combines with a no-ip service and see if I can somehow get my laptop to communicate to my transmission jail as if if was on the local network? *shrug*
4. Or, if the problem more simple and located within the ipfw.rules file? (Truthfully, this is where my gut says it is, but I'm not experienced enough with firewall configurations to know...)
If interested, once done I will gladly post my installation procedure from start to finish in s very organized and concise way that will be for the latest FreeNAS 11.2-U# at the time... Thanks again in advance for everyone here!!!!! :)