Plex and Transmission Security

itskando

Contributor
Joined
Apr 30, 2018
Messages
172
Intro:

I followed @Bibi40k's great guides to install OpenVPN and to install [Plex and Transmission].
I wanted to confirm the applications of these guides from a more high-level perspective, for clarity.

Hey, totes feel welcome to clarify any of this too,
I just wanted to open the questions up to everyone on the forum,
so I don't feel like I'm putting the burden of answering all the newb questions solely on you ;D

If both guides are followed, openVPN is installed in a jail and
plex and transmission are installed in a separate jail.
• I am able to remotely connect to freeNAS and my file system through ssh via openVPN.
• I am able to run plex and/or transmission without issue, even with openVPN running.

However, I've seen several openVPN + transmission guides mentioning killswitches, and
I've seen the ipfw configurations vary between each guide.
(I'm not sure if this is because the guides are for older versions of freeNAS OS or openVPN
or if a killswitch only applies to when involving a private VPN.)

(I've also seen the routines change as freeNAS OS has evolved,
which could be the reason for the varying ipfw.rules.) So,

Bibi40k:
@Bibi40k : Your [install OpenVPN] guide mentions how to setup VPN and this [install Plex and Transmission] guide mentions how to install a jail with plex and transmission. Is any further action necessary to make the media jail in this guide interface with the openVPN jail setup in your prior guide?

• Does IPFW need to change at all for transmission to appropriately work with it?
• Do you recommend a paid/3rd party VPN rather than a hosted openVPN server?
And they responded:
Hi itskando,
You don't need to change anything.
OpenVPN works ok but i plan to buy a router with hardware VPN on it just because my old one is dying, otherwise i'd keep OpenVPN.

My question left some grey area, however, since it could have been read as,

"Will any of these programs adversely affect another when all of them are running simultaneously (but independently)?"

But I meant:

Actual Questions:

"Does the installation of openVPN (as presented in the Bibi40k install OpenVPN guide)
supplement the security of plex and/or transmission, and, if not,
could the installation/configuration be modified to do so
more easily than starting from scratch with another guide?
"

I think the answer is no, and I think I might wane to incorporate a private VPN.

If I understand correctly, Plex handles its own networking routines,
so I shouldn't need to worry about that, or so I thought until I read:
I personally use VPN all the time, even to connect to my Plex server
Is it typical to modify Plex to route through your VPN and, if so,
is there a well verfified guide for this?

[I don't think this is covered by default in Bibi40k's guides.]

If I want to incorporate a "killswitch",
can I build off of what is suggested by Bibi40k's openVPN guide
?

For example, can I keep everything from the Bibi40k install OpenVPN guide, but
replace the ipfw.rules:
# nano /usr/local/etc/ipfw.rules :

Code:
#!/bin/sh
EPAIR=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep epair)
ipfw -q -f flush
ipfw -q nat 1 config if ${EPAIR}
ipfw -q add nat 1 all from 10.8.0.0/24 to any out via ${EPAIR}
ipfw -q add nat 1 all from any to any in via ${EPAIR}

TUN=$(/sbin/ifconfig -l | tr " " "\n" | /usr/bin/grep tun)
ifconfig ${TUN} name tun0

with the ipfw.rules in the Killswitch section of
this install VPN client jail guide by danjacques (seen suggested by Jahava here).

Does using a killswitch on a self-hosted VPN get me anything?

If not, is the obvious conclusion to also incorporate
from the same danjacques install VPN client jail guide (seen suggested by Jahava on reddit)
the Private Internet Access section?


Would follow everything thereafter without a hitch?
[Does any part of this seem like a bad idea?]
 

itskando

Contributor
Joined
Apr 30, 2018
Messages
172

drinking12many

Contributor
Joined
Apr 8, 2012
Messages
148
Security wise no not really, does it protect you somewhat from your ISP yes. I have such a kill switch built into my Transmission jail and it does work well for its purpose. You do have to enable the TUN on the jail under advanced settings and it does take a reboot of the freenas box to fully take effect.
 
Top