March 31, 201313 yr meh that sounds too much like work and my track record with such things is less than perfect. I would be absolutely terrified of messing that hard with unRaid, especially when i have a current working solution as it is... I went a little heavy on my build just so I could run multiple vms on top of unRaid anyways. I would, however, be interested in looking at the script to see how you went about it. If nothing else for the learning so I wont be so intimidated by such undertakings in the future. Thanks for the answer too!
April 10, 201313 yr While now it works like a charm, i can't access remotely to mserver anymore. I have port open and redirection in order to acess to the server interface, subsonic, etc. They all are unreachable now. Moreover, even my android app Dsub (using subsonic) can't connect to the server. I wonder what happened since i installed OpenVPN and turned it on. I thought i could access to the server with the IP (my very own IP). FYR, it doesn't ping too for the open ports (like 80.60.123.32:5000), it only pings with the IP only (like 80.60.123.32) *80.60.123.32 random IP i typed, not mine huh I had a similar problem instead, my unRAID box is in a 192.168.5.x subnet connected to a second router in a 192.168.4.x subnet (the 5.x router is configure to be a router not gateway, both using tomato firmware). The issue would arise because the first router (4.x) has a vpn server running so establishing a connect via the vpn would not work accessing my unRAID box in the 5.x zone. Long story short, I believe by installing the openvpn plugin, it modifies the routing table on your unRAID box and as such you might need to add a static route to be able to access it remotely.
April 10, 201313 yr Just installed the latest version and running into some problems. I wouldn't work at all then after reading about the spaces in the .ovpn file name I fixed that part now I get this. Wed Apr 10 19:17:49 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013 Wed Apr 10 19:17:49 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible Wed Apr 10 19:17:49 2013 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Wed Apr 10 19:17:49 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Wed Apr 10 19:17:49 2013 Socket Buffers: R=[163840->131072] S=[163840->131072] Wed Apr 10 19:17:49 2013 UDPv4 link local: [undef] Wed Apr 10 19:17:49 2013 UDPv4 link remote: [AF_INET]192.30.83.214:1443 Basically stops there and the service wont start. .ovpn file from proxy.sh client dev tun proto udp remote-random remote 192.30.83.214 1443 resolv-retry infinite nobind persist-key persist-remote-ip persist-tun ca proxysh.crt verb 3 route-method exe explicit-exit-notify 2 route-delay 2 comp-lzo auth-user-pass /boot/config/openvpn/password.txt status /tmp/openvpn/openvpn-status.log Confirmed that password.txt contaons correct info. Also wondering if the "WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible" is something to worry about. I did do a chmod 700 on the file earlier but it seems to have reverted.
April 15, 201313 yr Have installed the 2.6.6, now getting this: Sun Apr 14 22:36:28 2013 DEPRECATED OPTION: --tls-remote, please update your configuration Sun Apr 14 22:36:28 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013 Sun Apr 14 22:36:28 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible Sun Apr 14 22:36:28 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sun Apr 14 22:36:28 2013 Deprecated TLS cipher name 'DHE-RSA-AES256-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA' Sun Apr 14 22:36:28 2013 No valid translation found for TLS cipher 'DHE-DSS-AES256-SHA:AES256-SHA' Sun Apr 14 22:36:28 2013 Failed to set restricted TLS cipher list, too long (>4095). (OpenSSL) Sun Apr 14 22:36:28 2013 Exiting due to fatal error Anyone enlighten me? UPDATE: Replaced the cipher name in my OVPN file with the name listed "TLS-DHE-RSA-WITH-AES-256-CBC-SHA" and everything went according to plan.
April 18, 201313 yr Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection?
April 19, 201313 yr Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection? Ya, I have essentially the same question. Wanting to exclude the plex port. Anyone? Thanks, Steve Btw: plugin works great with privateinternetaccess. Thanks!
April 19, 201313 yr Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection? Ya, I have essentially the same question. Wanting to exclude the plex port. Anyone? Thanks, Steve Btw: plugin works great with privateinternetaccess. Thanks! I'm on PIA as well. Maybe I'll have to make a script that punches a hole in the vpn so we can get a port.
April 24, 201313 yr Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection? Ya, I have essentially the same question. Wanting to exclude the plex port. Anyone? Thanks, Steve Btw: plugin works great with privateinternetaccess. Thanks! I'm on PIA as well. Maybe I'll have to make a script that punches a hole in the vpn so we can get a port. I'm not sure this answers your question and I'm not sure what kind of services you have running on your unRAID box, but I wanted a way to selectively control what ips/services go through the vpn. One way I figured to do this is by essentially establishing the vpn connection at the router level (router supporting the tomato firmware) and with a little iptables magic you can selectively assign ip address or services that you'd like to use the vpn.
May 7, 201313 yr hi another Private Internet Access user here and I am looking for a similar solution,but I want to open the incoming transmission port for seeding . I tried the router level vpn but that doesn't work for me (yet) because I have a pptp vpn server running on my router, and if i start the client on the router it gives me multiple nat error and I can't access my lan via ddns. Is there a way to get around the multiple nat and ddns issue? that would be the best way so that every device behind my main router goes through the vpn client, and I could still access my lan remotely via my vpn server. But then i would still need to figure out how to port forward the incoming port for transmission . how can I port forward with this plugin would this work on unraid ?https://www.privateinternetaccess.com/forum/index.php?p=/discussion/180/port-forwarding-without-the-application-advanced-users I would really appreciate any help on this. thanks sorry if this is the wrong place to post this maybe I should have put it in the user customizations, but this seemed fitting. Looks like a few people have asked and there's not really a good way to do it but I'll ask anyway. I want to keep my subsonic server from being behind the vpn which is located at localhost:4040. Is there anyway from keeping it's traffic routed through the vpn connection? Ya, I have essentially the same question. Wanting to exclude the plex port. Anyone? Thanks, Steve Btw: plugin works great with privateinternetaccess. Thanks! I'm on PIA as well. Maybe I'll have to make a script that punches a hole in the vpn so we can get a port. I'm not sure this answers your question and I'm not sure what kind of services you have running on your unRAID box, but I wanted a way to selectively control what ips/services go through the vpn. One way I figured to do this is by essentially establishing the vpn connection at the router level (router supporting the tomato firmware) and with a little iptables magic you can selectively assign ip address or services that you'd like to use the vpn.
May 7, 201313 yr I am using Private Internet Access with this OpenVPN plugin. Occasionally I use Transmission for a torrent & this is what I did to get it working for me. My router is not involved with the VPN; the OpenVPN plugin is on my unRAID server. PIA has 4 servers that allow port forwarding: Canada, Netherlands, Romania & Switzerland. There are good instructions on how to get the plugin to connect in this thread, so skipping that part... if you need help, just ask. Instructions below are for once you are connected, how to set port forwarding through PIA with Transmission. Once connected to one of the 4 port forward servers via the plugin, telnet into your server to create the file ".pia_client_id": head -n 100 /dev/urandom | md5sum | tr -d " -" > /mnt/cache/.custom/openvpn/.pia_client_id This command to create "/mnt/cache/.custom/openvpn/.pia_client_id" should only need to be created once. The Port forwarding without the application page says to use the $HOME / ~ directory, but since the ~ directory is in RAM, use your cache drive (or somewhere on the flash drive or on the parity protected array... this file will be accessed hourly). If you use another directory, make sure to change the path everywhere below where ".pia_client_id" is called. The curl command needs to be run once an hour to keep the port open (according to PIA). I created a bash script at /mnt/cache/.custom/openvpn/port_open.sh (make sure to chmod +x the script). Include the following lines (substitute USERNAME_HERE for your username, PASSWORD_HERE for your password... & "/mnt/cache/.custom/openvpn/.pia_client_id" to the location of the .pia_client_id you created in the first command, if you are using a different path). #!/bin/bash ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash Now, to run the script hourly, execute the following line as root: echo "25 * * * * /mnt/cache/.custom/openvpn/port_open.sh" >> /var/spool/cron/crontabs/root You can add this line to "/boot/config/go" so that the cron job will persist through reboots.
May 7, 201313 yr The above should allow you to keep a port open through PIA for Transmission. I like to go an extra step to have Transmission bound to the IP address given by PIA (so if the tunnel goes down, my server does not try to use another connection). I have manually been editing the "bind-address-ipv4" variable in the settings.json file for Transmission... but wanted to come up with a way that does not require me to manually edit the file. I have not fully tested this method & welcome improvements / suggestions. I edited the above "/mnt/cache/.custom/openvpn/port_open.sh" file with the following: #!/bin/bash ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash ps -ef |grep "transmission-daemon -i" |grep -v grep > /tmp/vpn_ps VPNPS=$(awk '{print $10;}' /tmp/vpn_ps) VPNIP=$(cat /tmp/vpn_ip) if [[ $VPNPS != $VPNIP ]] ; then kill $(awk '{print $2;}' /tmp/vpn_ps) awk '{print "/usr/bin/transmission-daemon -i "$0;}' /tmp/vpn_ip |bash fi As above, substitute USERNAME_HERE for your username, PASSWORD_HERE for your password... & "/mnt/cache/.custom/openvpn/.pia_client_id" to the location of the .pia_client_id you created in the first command, if you are using a different path.
May 7, 201313 yr I have installed version 2.6.6 and am struggling to get connect to privateinternetaccess.com. Here are my files: .opvn: client dev tun proto udp remote us-texas.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-remote-ip persist-tun ca ca.crt tls-client remote-cert-tls server comp-lzo verb 1 reneg-sec 0 auth-user-pass /boot/openvpn/password.txt Error Log: Tue May 7 11:02:35 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013 Tue May 7 11:02:35 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible Tue May 7 11:02:35 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 7 11:02:35 2013 UDPv4 link local: [undef] Tue May 7 11:02:35 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194 Tue May 7 11:02:35 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue May 7 11:02:35 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Tue May 7 11:02:35 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Tue May 7 11:02:35 2013 TLS Error: TLS object -> incoming plaintext read error Tue May 7 11:02:35 2013 TLS Error: TLS handshake failed Tue May 7 11:02:35 2013 SIGUSR1[soft,tls-error] received, process restarting Tue May 7 11:02:37 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 7 11:02:37 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.114.158:1194 Tue May 7 11:02:37 2013 UDPv4 link local: [undef] Tue May 7 11:02:37 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194 Tue May 7 11:02:38 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Tue May 7 11:02:38 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Tue May 7 11:02:38 2013 TLS Error: TLS object -> incoming plaintext read error Tue May 7 11:02:38 2013 TLS Error: TLS handshake failed Tue May 7 11:02:38 2013 SIGUSR1[soft,tls-error] received, process restarting Tue May 7 11:02:40 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 7 11:02:40 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.114.158:1194 Tue May 7 11:02:40 2013 UDPv4 link local: [undef] Tue May 7 11:02:40 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194 Tue May 7 11:02:40 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Tue May 7 11:02:40 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Tue May 7 11:02:40 2013 TLS Error: TLS object -> incoming plaintext read error Tue May 7 11:02:40 2013 TLS Error: TLS handshake failed Tue May 7 11:02:40 2013 SIGUSR1[soft,tls-error] received, process restarting Tue May 7 11:02:42 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 7 11:02:42 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.114.158:1194 Tue May 7 11:02:42 2013 UDPv4 link local: [undef] Tue May 7 11:02:42 2013 UDPv4 link remote: [AF_INET]23.29.114.158:1194 Tue May 7 11:02:42 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Tue May 7 11:02:42 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Tue May 7 11:02:42 2013 TLS Error: TLS object -> incoming plaintext read error Tue May 7 11:02:42 2013 TLS Error: TLS handshake failed Tue May 7 11:02:42 2013 SIGUSR1[soft,tls-error] received, process restarting I get the error that tun0 is not established. What am I doing wrong? Thanks, Adam
May 7, 201313 yr @lainie wow thank you so much !!!! that is excellent , exactly what i needed and more ! will try it later tonight and thanks for the info on binding the ip in transmission that is very useful. One question , what does the period in the code do? for example " /mnt/cache/.custom/openvpn/.pia_client_id" I've seen it in other places before and was curious about it, I'm guessing something to do with cache folders or files?. thanks again for the great info and help! @adamrobles hi I don't know if this will help but it's what had me tripped up when starting, I saw somewhere in this thread that you have to remove the space in the .ovpn file name, so if you're trying to use texas server then instead of the file name "US Texas.ovpn" in your openvpn folder you would need to change it to "USTexas.ovpn" thats what worked for me ,hope it helps.
May 7, 201313 yr Thanks @Breakline but my file name is just config.ovpn so there is no space in the filename. Can anyone else help? I am at a loss here
May 7, 201313 yr @adamrobles - Do you have 2 password.txt files? I notice you list "auth-user-pass /boot/openvpn/password.txt" in your ovpn file, but the 2nd line of your log shows '/boot/config/openvpn/password.txt' (slightly different path to the password.txt file). @ breakline - Having a period at the beginning of a file or directory name makes the file or directory hidden. If you have a directory containing some hidden files & some regular / non-hidden files & run the "ls" command (to list the contents of the directory), you will only see the non-hidden / regular files. However, if you instead use the "ls -a" command, all files (both hidden & non-hidden) will be displayed. In some unRAID versions (think it is 4.x & under), if you wanted to run an application from the cache drive, you needed to create a hidden directory for the application (or else the mover script would move it to the parity protected array when the mover script runs nightly). Newer unRAID versions (think all the 5 betas & RCs) have the option to create "cache only" shares without using a period at the beginning of the file/directory name. When I first installed several of the apps on my server, I followed directions that recommended creating a "/mnt/cache/.custom" directory for apps. Later, I found more updated instructions & plugins... but what I had worked so I have not changed it. As for the ".pia_client_id" file, the Port forwarding w/o the app page used that name. I think PIA chose for it to be hidden since once it has been created there is not much reason to see it or mess with it again. You can put the .pia_client_id file wherever you like. The file needs to be accessed hourly to keep the port open... because of the frequent access, placing it on the flash drive will shorten the time your flash drive lasts... or placing it on the parity protected array will spin up the disk hourly... so if you have a cache drive or SNAP drive that stays spun up, that will be the best location for the .pia_client_id file. Just make sure to update the path to the .pia_client_id along with your username & password in the commands that call it.
May 7, 201313 yr ok that is now fixed: ovpn: client dev tun proto udp remote us-texas.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-remote-ip persist-tun ca ca.crt tls-client remote-cert-tls server comp-lzo verb 1 reneg-sec 0 auth-user-pass /boot/config/openvpn/password.txt status /tmp/openvpn/openvpn-status.log Log: Tue May 7 15:39:23 2013 OpenVPN 2.3.1 i486-slackware-linux-gnu [sSL (OpenSSL)] [LZO] [EPOLL] [eurephia] [MH] [iPv6] built on Mar 30 2013 Tue May 7 15:39:23 2013 WARNING: file '/boot/config/openvpn/password.txt' is group or others accessible Tue May 7 15:39:23 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 7 15:39:23 2013 UDPv4 link local: [undef] Tue May 7 15:39:23 2013 UDPv4 link remote: [AF_INET]23.29.120.218:1194 Tue May 7 15:39:23 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue May 7 15:39:24 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Tue May 7 15:39:24 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Tue May 7 15:39:24 2013 TLS Error: TLS object -> incoming plaintext read error Tue May 7 15:39:24 2013 TLS Error: TLS handshake failed Tue May 7 15:39:24 2013 SIGUSR1[soft,tls-error] received, process restarting Tue May 7 15:39:26 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 7 15:39:26 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.120.218:1194 Tue May 7 15:39:26 2013 UDPv4 link local: [undef] Tue May 7 15:39:26 2013 UDPv4 link remote: [AF_INET]23.29.120.218:1194 Tue May 7 15:39:29 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Tue May 7 15:39:29 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Tue May 7 15:39:29 2013 TLS Error: TLS object -> incoming plaintext read error Tue May 7 15:39:29 2013 TLS Error: TLS handshake failed Tue May 7 15:39:29 2013 SIGUSR1[soft,tls-error] received, process restarting Tue May 7 15:39:31 2013 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Tue May 7 15:39:31 2013 TCP/UDP: Preserving recently used remote address: [AF_INET]23.29.120.218:1194 Tue May 7 15:39:31 2013 UDPv4 link local: [undef] Tue May 7 15:39:31 2013 UDPv4 link remote: [AF_INET]23.29.120.218:1194 Tue May 7 15:39:31 2013 VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=US, ST=OH, L=Columbus, O=Private Internet Access, CN=Private Internet Access CA, [email protected] Tue May 7 15:39:31 2013 TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed Tue May 7 15:39:31 2013 TLS Error: TLS object -> incoming plaintext read error Tue May 7 15:39:31 2013 TLS Error: TLS handshake failed Tue May 7 15:39:31 2013 SIGUSR1[soft,tls-error] received, process restarting I still get the same error. How do I create this tun0 device in ifconfig? Adam
May 9, 201313 yr there is a bug Options error: --auth-user-pass fails with '/boot/config/openvpn/password.txtstatus': No such file or directory Options error: Please correct these errors. Use --help for more information. This i get after install latest 2.6.6 when i change password.txt on password.txtstatus - then start working
May 10, 201313 yr I am using Private Internet Access with this OpenVPN plugin. Occasionally I use Transmission for a torrent & this is what I did to get it working for me. My router is not involved with the VPN; the OpenVPN plugin is on my unRAID server. PIA has 4 servers that allow port forwarding: Canada, Netherlands, Romania & Switzerland. There are good instructions on how to get the plugin to connect in this thread, so skipping that part... if you need help, just ask. Instructions below are for once you are connected, how to set port forwarding through PIA with Transmission. Once connected to one of the 4 port forward servers via the plugin, telnet into your server to create the file ".pia_client_id": head -n 100 /dev/urandom | md5sum | tr -d " -" > /mnt/cache/.custom/openvpn/.pia_client_id This command to create "/mnt/cache/.custom/openvpn/.pia_client_id" should only need to be created once. The Port forwarding without the application page says to use the $HOME / ~ directory, but since the ~ directory is in RAM, use your cache drive (or somewhere on the flash drive or on the parity protected array... this file will be accessed hourly). If you use another directory, make sure to change the path everywhere below where ".pia_client_id" is called. The curl command needs to be run once an hour to keep the port open (according to PIA). I created a bash script at /mnt/cache/.custom/openvpn/port_open.sh (make sure to chmod +x the script). Include the following lines (substitute USERNAME_HERE for your username, PASSWORD_HERE for your password... & "/mnt/cache/.custom/openvpn/.pia_client_id" to the location of the .pia_client_id you created in the first command, if you are using a different path). #!/bin/bash ifconfig tun0|grep -oE "inet addr: *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash Now, to run the script hourly, execute the following line as root: echo "25 * * * * /mnt/cache/.custom/openvpn/port_open.sh" >> /var/spool/cron/crontabs/root You can add this line to "/boot/config/go" so that the cron job will persist through reboots. awesome! thank you again for taking the time to help me with this, very informative . so i implemented the port_open.sh script that you posted but how can i tell if its working? when i open Transmission Remote GUI and go to >tools>transmission options>network>test port it still says port closed , and in my system log i keep getting a lot of " Scrape error: Could not connect to tracker" . and a whole lot of Saved "/mnt/disk/apps/transmission/stats.json" (bencode.c:1733) like every few minutes. I have my transmission port set as 36424 here is what i get when i run: lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rpc.portm 937 bin 4u IPv4 551 0t0 UDP *:111 rpc.portm 937 bin 5u IPv4 552 0t0 TCP *:111 (LISTEN) rpc.statd 941 root 5u IPv4 4376 0t0 UDP *:703 rpc.statd 941 root 7u IPv4 4385 0t0 UDP *:52456 rpc.statd 941 root 8u IPv4 4388 0t0 TCP *:33174 (LISTEN) inetd 951 root 4u IPv4 566 0t0 TCP *:37 (LISTEN) inetd 951 root 5u IPv4 567 0t0 UDP *:37 inetd 951 root 6u IPv4 568 0t0 TCP *:21 (LISTEN) inetd 951 root 7u IPv4 569 0t0 TCP *:23 (LISTEN) ntpd 958 root 16u IPv4 578 0t0 UDP *:123 ntpd 958 root 17u IPv4 582 0t0 UDP 127.0.0.1:123 ntpd 958 root 18u IPv4 583 0t0 UDP 192.168.0.4:123 ntpd 958 root 20u IPv4 1161117 0t0 UDP 10.171.1.6:123 transmiss 7776 nobody 9u IPv4 1212618 0t0 UDP *:43503 transmiss 7776 nobody 10u IPv4 1212622 0t0 TCP *:9091 (LISTEN) transmiss 7776 nobody 11u IPv4 1212623 0t0 TCP *:36424 (LISTEN) transmiss 7776 nobody 12u IPv4 1212625 0t0 UDP *:36424 transmiss 7776 nobody 16u IPv4 1938323 0t0 TCP 10.171.1.6:45473->203.219.131.165:51413 (ESTABLISHED) smbd 10612 root 29u IPv4 1914558 0t0 TCP 192.168.0.4:445->192.168.0.6:58744 (ESTABLISHED) awk 12387 root 3u IPv4 1938715 0t0 TCP *:8080 (LISTEN) python 17748 unraid-plex 7u IPv4 1934815 0t0 TCP *:42591 (LISTEN) emhttp 17948 root 3u IPv4 24840 0t0 TCP *:80 (LISTEN) nmbd 18003 root 9u IPv4 24893 0t0 UDP *:137 nmbd 18003 root 10u IPv4 24894 0t0 UDP *:138 nmbd 18003 root 11u IPv4 24896 0t0 UDP 192.168.0.4:137 nmbd 18003 root 12u IPv4 24897 0t0 UDP 192.168.0.255:137 nmbd 18003 root 13u IPv4 24898 0t0 UDP 192.168.0.4:138 nmbd 18003 root 14u IPv4 24899 0t0 UDP 192.168.0.255:138 smbd 18005 root 25u IPv4 24924 0t0 TCP *:445 (LISTEN) smbd 18005 root 26u IPv4 24926 0t0 TCP *:139 (LISTEN) in.telnet 19292 root 0u IPv4 1938761 0t0 TCP 192.168.0.4:23->192.168.0.6:59912 (ESTABLISHED) in.telnet 19292 root 1u IPv4 1938761 0t0 TCP 192.168.0.4:23->192.168.0.6:59912 (ESTABLISHED) in.telnet 19292 root 2u IPv4 1938761 0t0 TCP 192.168.0.4:23->192.168.0.6:59912 (ESTABLISHED) openvpn 24754 root 4u IPv4 1159659 0t0 UDP *:36071 Plex 24841 unraid-plex 21u IPv4 35267 0t0 TCP *:32400 (LISTEN) Plex 24841 unraid-plex 37u IPv4 1918416 0t0 TCP 192.168.0.4:32400->192.168.0.98:54288 (ESTABLISHED) Plex 24841 unraid-plex 42u IPv4 34808 0t0 UDP *:32414 Plex 24841 unraid-plex 43u IPv4 34809 0t0 UDP *:32410 Plex 24841 unraid-plex 45u IPv4 34811 0t0 UDP *:32413 Plex 24841 unraid-plex 46u IPv4 34812 0t0 UDP 127.0.0.1:58065 Plex 24841 unraid-plex 47u IPv4 34813 0t0 UDP 192.168.0.4:56252 Plex 24841 unraid-plex 48u IPv4 34814 0t0 UDP 127.0.0.1:52163 Plex 24841 unraid-plex 49u IPv4 34815 0t0 UDP 192.168.0.4:36454 lighttpd 24874 root 4u IPv4 35436 0t0 TCP *:81 (LISTEN) lighttpd 24874 root 5u IPv4 1938767 0t0 TCP 192.168.0.4:81->192.168.0.6:59913 (ESTABLISHED) Plex 24982 unraid-plex 11u IPv4 35854 0t0 UDP *:1900 Plex 24982 unraid-plex 14u IPv4 35857 0t0 TCP *:1677 (LISTEN) Plex 24982 unraid-plex 17u IPv4 35862 0t0 UDP *:12422 Plex 24982 unraid-plex 20u IPv4 35865 0t0 UDP *:4738 Plex 24982 unraid-plex 23u IPv4 35868 0t0 TCP *:32469 (LISTEN) Plex 24982 unraid-plex 26u IPv4 35521 0t0 TCP 127.0.0.1:37249->127.0.0.1:52577 (CLOSE_WAIT) Plex 24982 unraid-plex 28u IPv4 35553 0t0 UDP *:34114 Plex 24982 unraid-plex 32u IPv4 35556 0t0 UDP *:60846 Plex 24982 unraid-plex 40u IPv4 34805 0t0 UDP 192.168.0.4:36067->192.168.0.1:53 Plex 24982 unraid-plex 41u IPv4 34806 0t0 UDP 10.141.1.6:46753->10.141.1.5:5351 vboxwebsr 28892 root 12u IPv4 1617540 0t0 TCP 192.168.0.4:18083 (LISTEN) maybe thats not the right command ( I tried a few) but what i found. and one other thing when i edit settings.json file to bind transmission to ipv4 adress all my torrents go red and unable to connect , should i make sure there are no torrents in transmission when i implement the bind ipv4 adress?
May 10, 201313 yr so i implemented the port_open.sh script that you posted but how can i tell if its working? What output do you get from these 2 commands? cat /tmp/vpn_ip cat /tmp/vpn_port_opened vpn_ip should be an ip address starting with 10.x.x.x. vpn_port_opened should be the port Transmission is set to use. In the port_open.sh script, the "ifconfig" line checks for your PIA local IP address & saves it to /tmp/vpn_ip. The "curl" command opens the port & saves it to /tmp/vpn_port_opened. The awk command sets the port opened in Transmission (without having to edit the settings file or restart Transmission). when i open Transmission Remote GUI and go to >tools>transmission options>network>test port it still says port closed , and in my system log i keep getting a lot of " Scrape error: Could not connect to tracker" . and a whole lot of Saved "/mnt/disk/apps/transmission/stats.json" (bencode.c:1733) like every few minutes. I am using the web GUI instead of remote GUI, not sure of the differences. When working, the Transmission web GUI should show port opened & the port should be the same as /tmp/vpn_port_opened. My syslog shows lots of stats saved & torrent resumed messages. I have my transmission port set as 36424 here is what i get when i run: lsof -i -n -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME rpc.portm 937 bin 4u IPv4 551 0t0 UDP *:111 rpc.portm 937 bin 5u IPv4 552 0t0 TCP *:111 (LISTEN) rpc.statd 941 root 5u IPv4 4376 0t0 UDP *:703 rpc.statd 941 root 7u IPv4 4385 0t0 UDP *:52456 rpc.statd 941 root 8u IPv4 4388 0t0 TCP *:33174 (LISTEN) transmiss 7776 nobody 9u IPv4 1212618 0t0 UDP *:43503 transmiss 7776 nobody 10u IPv4 1212622 0t0 TCP *:9091 (LISTEN) transmiss 7776 nobody 11u IPv4 1212623 0t0 TCP *:36424 (LISTEN) transmiss 7776 nobody 12u IPv4 1212625 0t0 UDP *:36424 transmiss 7776 nobody 16u IPv4 1938323 0t0 TCP 10.171.1.6:45473->203.219.131.165:51413 (ESTABLISHED) Looks like Transmission is running on port 36424. Is that the port reported opened in /tmp/vpn_port_opened? and one other thing when i edit settings.json file to bind transmission to ipv4 adress all my torrents go red and unable to connect , should i make sure there are no torrents in transmission when i implement the bind ipv4 adress? Whenever you edit the settings.json file, Transmission has to be stopped & restarted (else it overwrites your settings). Should not have to empty out existing torrents though.
May 17, 201313 yr ok so i finally had some time to play around with this a little bit and its working almost perfect, after i run the script it shows the ip and port forward but only when I manually enter the port forward in transmission it works , I go to test incoming port and it shows "incoming port tested successfully" should I set it to random port on daemon launch? but , when i run the port_open.sh script I get this ---->> Unexpected response: <h1>401: Unauthorized</h1>Unauthorized Usere: application/x-www-form-urlencoded and after so long it changes the port forward , I'm not sure if this is because of PIA changing it every so often or because i stop and restart openvpn and transmission. I tried with both scripts port forward and port forward + binding that you posted but same results. thanks again lainie for helping with this I think once it gets worked out it should be stickied because I'm sure I'm not the only one finding this very beneficial. if I can help you in any way let me know.
May 17, 201313 yr ok so i finally had some time to play around with this a little bit and its working almost perfect, after i run the script it shows the ip and port forward but only when I manually enter the port forward in transmission it works , I go to test incoming port and it shows "incoming port tested successfully" should I set it to random port on daemon launch? awk '{print "/usr/bin/transmission-remote --port "$0;}' /tmp/vpn_port_opened |bash This command uses the port number from previous commands, saved in /tmp/vpn_port_opened, to change the port in Transmission. The port should not need to be changed manually. No, you do not want a random port... you want the port set by /usr/bin/transmission-remote. It might not matter once the script runs correctly... the script should change the port while Transmission is running without you having to restart Transmission... I left "Random Port" unchecked on mine. but , when i run the port_open.sh script I get this ---->> Unexpected response: <h1>401: Unauthorized</h1>Unauthorized Usere: application/x-www-form-urlencoded This looks like a problem authenticating the "curl" command line to PIA. Did you change USERNAME_HERE for your PIA username, PASSWORD_HERE for your PIA password? If this "curl" command is not authenticating correctly with PIA, the "awk" command discussed above will not work... All 3 commands have to be run sequentially & correctly as each command uses information obtained from a previous command. and after so long it changes the port forward , I'm not sure if this is because of PIA changing it every so often or because i stop and restart openvpn and transmission. I tried with both scripts port forward and port forward + binding that you posted but same results. If you stop & restart openvpn, you will get a new IP (at least I seem to get a new one every time I disconnect & reconnect)... until the script runs, no port will be open for the new IP. How often do you have port_open.sh set to run in cron? Stopping & restarting Transmission will not change the IP & port from PIA... however, if Transmission is not running when the "awk" command of the script is executed & for some reason the port has changed, you will not have the new port assigned until the script runs again. I think the problem is you are getting "Unauthorized User" from the script. Double, triple & quadruple check the curl -d "user=USERNAME_HERE&pass=PASSWORD_HERE&client_id=$(cat /mnt/cache/.custom/openvpn/.pia_client_id)&local_ip=$(cat /tmp/vpn_ip)" https://www.privateinternetaccess.com/vpninfo/port_forward_assignment 2>/dev/null|grep -oE "[0-9]+"|tee /tmp/vpn_port_opened command to make sure your information is correct. thanks again lainie for helping with this I think once it gets worked out it should be stickied because I'm sure I'm not the only one finding this very beneficial. if I can help you in any way let me know. I wonder if it is easier to port forward with other VPN providers. I might write up something for a web page & create a sub-domain for it on my site like I did with VirtualBox... have not had the time so far. Glad it is helpful to you & that you are making progress with it.
May 31, 201313 yr Hi everyone, I just subscribed to PIA, and got it set up with this plugin thanks to you all. You guys are awesome! I also have transmission on my unraid box. I'm just curious what the advantage is for port forwarding. I just added a couple torrents last night, and it seems like my seeding is OK. Currently the torrents have 1 of 2 or 2 of 2 peers seeding to. This makes me wonder if I truly am utilizing the VPN, because I thought I wouldn't be able to seed behind the VPN. Can anyone explain this to me? Is there a way to confirm that my traffic is being routed through PIA? Thanks in advance. Sorry for the noob questions, I've been on usenet and haven't used bittorrent for quite some time.
June 19, 201313 yr root@Icarus:~# /etc/rc.d/rc.openvpn start ca.crt Netherlands.ovpn Your ovpn file already have the option --> /boot/config/openvpn/password.txt Your ovpn file already have the option --> persist-remote-ip Your ovpn file already have the option --> status /tmp/openvpn/openvpn-status.log Starting Openvpn Tunnel: wait ......... nohup: redirecting stderr to stdout The OpenVPN Client is running with Process 21505 Not connected! tun0 don't established, check your account settings!!! Stoping Openvpn Tunnel..... ... OK The OpenVPN Client is running with Process 21505 Writing to the plugin config file.... root@Icarus:~# any thoughts?
Archived
This topic is now archived and is closed to further replies.