running transmission traffic through HideMyAss VPN

[adamthepolak]

Hey guys, i want to run my torrent traffic through my vpn but im not sure how to go about this. I have a HideMyAss account for watching American Netflix as im in Canada. I need to hide this traffic as im killing about 1.5-2 TB of bandwidth a month so im just waiting for my ISP to start logging the traffic. Here are my ideas;

 

1) Can I use the OpenVPN plugin?? Im away from my server till sunday but im planning out ahead of time how to do this.

 

2) get a dual gigabit motherboard and another router. i could configure the VPN on the router and run all the torrent traffic through one port to the VPN router and the other port on the mobo would be used to share the media data with my local network

 

3) install linux and VM unraid. have HMA on the linux and try to route the transmission traffic through HMA ass then. I have no idea how to do this though, if this is a good idea ill research it.

 

Any suggestions or ideas would be awesome. Thanks guys

 

[unevent]

1) Can I use the OpenVPN plugin?? Im away from my server till sunday but im planning out ahead of time how to do this.

 

2) get a dual gigabit motherboard and another router. i could configure the VPN on the router and run all the torrent traffic through one port to the VPN router and the other port on the mobo would be used to share the media data with my local network

 

3) install linux and VM unraid. have HMA on the linux and try to route the transmission traffic through HMA ass then. I have no idea how to do this though, if this is a good idea ill research it.

 

Any suggestions or ideas would be awesome. Thanks guys

 

1) You can if you want to expose your unRAID server to the wide open Internet (to what your VPN provider does not NAT or filter).  HMA does not NAT their VPN.  Opening the tunnel on unRAID bypasses any other security you have in place outside of unRAID.

 

2) This is sort of what I have as a setup.  I added a second network adapter card to my unRAID server, eth1, and bring it up in the go script.  By default everything on eth0 goes through VPN which I use a Netgear WNR3500L running Tomato (openVPN) and the WAN port on that connects to my main router  The VPN router is on different subnet as well.  eth1 is how I access the server from my local network for streaming etc..  I use QOS on my main router (Asus RT-N66U running Toastman Tomato) and also block all ports for the programs I use accept 443 which is the VPN.  I set the apps on unRAID to use ports other than 443 so I can block them on my main router if VPN drops.  If the VPN goes down there is no Internet for eth0.

 

3) Sounds like something than can be realized in 6.x.

[itimpi]

Hey guys, i want to run my torrent traffic through my vpn but im not sure how to go about this. I have a HideMyAss account for watching American Netflix as im in Canada. I need to hide this traffic as im killing about 1.5-2 TB of bandwidth a month so im just waiting for my ISP to start logging the traffic. Here are my ideas;

Just a check - are you trying to hide what the traffic is, or the fact that traffic happening at all?  Your ISP will always be able to measure the total traffic volume even if you use a VPN to hide its destination.

[adamthepolak]

Just a check - are you trying to hide what the traffic is, or the fact that traffic happening at all?  Your ISP will always be able to measure the total traffic volume even if you use a VPN to hide its destination.

I want to hide what the traffic is. I know they can log the total amount of traffic no matter what.

 

1) You can if you want to expose your unRAID server to the wide open Internet (to what your VPN provider does not NAT or filter).  HMA does not NAT their VPN.  Opening the tunnel on unRAID bypasses any other security you have in place outside of unRAID.

2) This is sort of what I have as a setup.  I added a second network adapter card to my unRAID server, eth1, and bring it up in the go script.  By default everything on eth0 goes through VPN which I use a Netgear WNR3500L running Tomato (openVPN) and the WAN port on that connects to my main router  The VPN router is on different subnet as well.  eth1 is how I access the server from my local network for streaming etc..  I use QOS on my main router (Asus RT-N66U running Toastman Tomato) and also block all ports for the programs I use accept 443 which is the VPN.  I set the apps on unRAID to use ports other than 443 so I can block them on my main router if VPN drops.  If the VPN goes down there is no Internet for eth0.

3) Sounds like something than can be realized in 6.x.

1) Im looking into switching to a different VPN such as PIA or BT Guard, do these two function as NAT?? Or should i just get a proxy from BT Guard and just run transmission through that? Ill be speed testing all three to compare and will post all the results once that happens.

And would HMA be an alright temporary solution? I dont keep any private information on the server as of now.

2) Ill keep this in mind then if i cant figure out a cheaper work around.

3) Ill be waiting for 6.x, but i rather not have to VM my OS

 

Did a bit more reading and im going to do both VPN and Proxy. This way i can VPN into my own network for work related things and proxy the torrent traffic without having to worry about VPN drops. This is a great site for others looking into this;

http://www.best-bittorrent-vpn.com/

[NAS]

Be careful. A VPN will hide your IP because of the way IP and routing works. I will not however do a single thing at the upper OSI layers

 

i.e. if some funky torrent protocol pushes your IP out inside a application packet the VPN will let it pass happily.

 

This is normally not a concern as most applications dont send IPs back and forth as part of the application itself but torrent is different and does this literally all the time

 

Throw in all sorts of interpretations on spec and new stuff like uTP, DHT etc I would almost expect that at some point your real IP will leak.

 

Dont get me wrong a VPN will make a vast difference but there is a difference between 100% and not

[adamthepolak]

 

2) This is sort of what I have as a setup.  I added a second network adapter card to my unRAID server, eth1, and bring it up in the go script.  By default everything on eth0 goes through VPN which I use a Netgear WNR3500L running Tomato (openVPN) and the WAN port on that connects to my main router  The VPN router is on different subnet as well.  eth1 is how I access the server from my local network for streaming etc..  I use QOS on my main router (Asus RT-N66U running Toastman Tomato) and also block all ports for the programs I use accept 443 which is the VPN.  I set the apps on unRAID to use ports other than 443 so I can block them on my main router if VPN drops.  If the VPN goes down there is no Internet for eth0.

 

so i found my old dlink dir-400, im going to load with dd-wrt and probably switch to torgaurd for vpn. found a pci ethernet card for 15 dollars as well so cant go wrong with that. Do you know of any good tutorials on how to modify the go script for this??

[dgaschk]

You'll need to add an ifconfig command to the go script.

[unevent]

so i found my old dlink dir-400, im going to load with dd-wrt and probably switch to torgaurd for vpn. found a pci ethernet card for 15 dollars as well so cant go wrong with that. Do you know of any good tutorials on how to modify the go script for this??

 

That dlink router you have may not get you the throughput you want, but it should get you a start.  To bring the add-in card up assuming it was detected on boot and a driver was available (check syslog), add:

 

#Enable second NIC eth1
ifconfig eth1 <ip address> netmask 255.255.255.0 up

Where <ip address> is a static or static DHCP from your main router.  This adapter is how your regular network will access the server, so it can be the same IP as was assigned to eth0 (without < >).  Adjust netmask for whatever class IP you end up using.

 

To keep it simple (which will direct all Internet traffic from unRAID through the VPN) you can plug eth0 into one of your dir-400 LAN ports and plug the dir-400 WAN port into a LAN port on your main router which connects to the Internet.  Connect another patch cable from your new eth1 to your main router LAN port.  This is how you will maintain access to your server from the rest of the network.  If you have it at the same IP as it was before, should be seamless change.  Set up the dir-400 with a unique subnet than that of your main network.  If your main network is 192.168.1.x then use 192.168.2.x, as an example.  Configure openVPN on the dir-400.  Set up your apps on unRAID - transmisison, sab, etc to not use port 443.  Should be other options available for SSL without using 443, if applicable.  On your main router, block all ports from the dir-400 VPN router that the apps you want to prevent leaks from use.  Make sure you do not use your ISP DNS servers and either have the VPN push their servers or use openDNS or similar public servers.

 

Once your all running, if your download speed fluctuates wildly, try reducing the bandwidth - that dir-400 should be good for 100-300KB/s before becoming unstable.  Watch the sysload on that router - try to keep it under 0.7-0.8.  Disable all other functions/features on the dir-400 to give all CPU time to openVPN as the encryption takes a lot of cpu.

[adamthepolak]

That dlink router you have may not get you the throughput you want, but it should get you a start.  To bring the add-in card up assuming it was detected on boot and a driver was available (check syslog), add:

 

ya that router wasnt supported by dd-wrt or tomato. instead i grabbed an asus RT-N12 for 30 and flashed it to tomato. Im about to install the new ethernet card into the server and get onto the following part.

 

Current problem is that when i have the new card inserted into the mobo i tower boots but i get no ethernet conneciton. Suggestions?

[unevent]

That dlink has an Atheros chipset so no tomato.  DD-WRT should work (though not as easy as flash and go), but it would have been dog slow for VPN duty.  openVPN requires a lot of cpu so you should start with what your goal or expectations for throughput should be.  If you're happy with <=~300KB/s then the RT-12 would be fine.  <=~500-650KB/s a 450-500MHz class cpu is in order.  Pushing 1MB/s+ then a 600MHz+ cpu is in order.  Anything faster you need a PC or other dedicated device.  Speeds assuming sysloads held reasonable at 0.6-0.7 max.  I don't run torrents, so can't comment on that performance.

[adamthepolak]

That dlink has an Atheros chipset so no tomato.  DD-WRT should work (though not as easy as flash and go), but it would have been dog slow for VPN duty.  openVPN requires a lot of cpu so you should start with what your goal or expectations for throughput should be.  If you're happy with <=~300KB/s then the RT-12 would be fine.  <=~500-650KB/s a 450-500MHz class cpu is in order.  Pushing 1MB/s+ then a 600MHz+ cpu is in order.  Anything faster you need a PC or other dedicated device.  Speeds assuming sysloads held reasonable at 0.6-0.7 max.  I don't run torrents, so can't comment on that performance.

 

Im tight on cash now ill have to stick with the r12, will be able to do a better upgrade once the summer comes around.

 

Right now im thinking that the TL card i picked up isn't linux compatible, anyone know if thats the case?

Im looking at ordering an intel card instead off of newegg. Can anyone recommend a Ethernet card that works for sure?

[unevent]

TL as in TP-Link?  Which model?

 

[adamthepolak]

#Enable second NIC eth1
ifconfig eth1 <ip address> netmask 255.255.255.0 up

Where <ip address> is a static or static DHCP from your main router.  This adapter is how your regular network will access the server, so it can be the same IP as was assigned to eth0 (without < >).  Adjust netmask for whatever class IP you end up using.

 

Where am i adding this code in? at the end of the /go file or at the end of config/network?

 

TL as in TP-Link?  Which model?

TP-Link tg-3468

[dgaschk]

Intel NIC will work.

[adamthepolak]

Intel NIC will work.

 

http://www.newegg.ca/Product/Product.aspx?Item=N82E16833106036CVF?

 

And idk what happened but my transmission wont connect from my desktop to the server, i get a "connection refused" error

 

I had changed the settings in config/network to:

"# Generated network settings

USE_DHCP=no

IPADDR=xxx.xxx.xxx.xxx

NETMASK=xxx.xxx.xxx

GATEWAY=xxx.xxx.xxx

"

the ip was the same as the ip i reserved on my router for the mac address, netmask and gateway were both correct. I put it back to the default values but still not getting a connection, any idea what may have happened?

 

wait I did change the default password for "root", could that have messed up my transmission?

[unevent]

#Enable second NIC eth1
ifconfig eth1 <ip address> netmask 255.255.255.0 up

Where <ip address> is a static or static DHCP from your main router.  This adapter is how your regular network will access the server, so it can be the same IP as was assigned to eth0 (without < >).  Adjust netmask for whatever class IP you end up using.

 

Where am i adding this code in? at the end of the /go file or at the end of config/network?

 

The ifconfig line goes in the go file after you have things configured, tested and running.

 

 

TL as in TP-Link?  Which model?

TP-Link tg-3468

 

That card is Realtek based so pretty good chances it will be supported.

[unevent]

And idk what happened but my transmission wont connect from my desktop to the server, i get a "connection refused" error

 

I had changed the settings in config/network to:

"# Generated network settings

USE_DHCP=no

IPADDR=xxx.xxx.xxx.xxx

NETMASK=xxx.xxx.xxx

GATEWAY=xxx.xxx.xxx

"

the ip was the same as the ip i reserved on my router for the mac address, netmask and gateway were both correct. I put it back to the default values but still not getting a connection, any idea what may have happened?

 

wait I did change the default password for "root", could that have messed up my transmission?

 

I don't run transmission, but hope it does not run under root.  Regardless, was it working before you changed things?  Post a full syslog and better describe what you have done so far.

[adamthepolak]

I don't run transmission, but hope it does not run under root.  Regardless, was it working before you changed things?  Post a full syslog and better describe what you have done so far.

checked and no its not running under root

 

That card is Realtek based so pretty good chances it will be supported.

 

i saw linux drivers on the website, is it possible to install from http://www.tp-link.com/ca/support/download/?model=TG-3468&version=V1? sorry if thats a stupid question but im still new to unraid

 

heres the syslog from boot, and then the last line repeats for each file

 

/usr/bin/tail -f /var/log/syslog

Feb 24 21:23:04 Tower transmission-daemon[4315]: UDP Please add the line "net.core.wmem_max = 1048576" to /etc/sysctl.conf (tr-udp.c:93)

Feb 24 21:23:04 Tower transmission-daemon[4315]: DHT Generating new id (tr-dht.c:309)

Feb 24 21:23:04 Tower transmission-daemon[4315]: Using settings from "/mnt/user/Torrents/data" (daemon.c:517)

Feb 24 21:23:04 Tower transmission-daemon[4315]: Changed open file limit from 40960 to 1024 (fdlimit.c:541)

Feb 24 21:23:04 Tower transmission-daemon[4315]: DHT Attempting bootstrap from dht.transmissionbt.com (tr-dht.c:247)

Feb 24 21:23:04 Tower transmission-daemon[4315]: Saved "/mnt/user/Torrents/data/settings.json" (bencode.c:1733)

Feb 24 21:23:04 Tower transmission-daemon[4315]: Saved pidfile "/var/run/transmission/transmission.pid" (daemon.c:529)

Feb 24 21:23:04 Tower transmission-daemon[4315]: Loaded 37 torrents (session.c:1943)

Feb 24 21:23:12 Tower transmission-daemon[4315]: Happily N'Ever After (2007) (Audio Engels,Ned)(2Lions-Team) Scrape error: Could not connect to tracker (announcer.c:1259)

[unevent]

I think there is some confusion here with the two network adapters.  If the on-board network adapter is not connected as explained earlier you will have no Internet.  No network traffic, by default, will go out eth1 (your TP-Link).  You also do not want eth0 and eth1 connected to the same router.  You cannot complete the configuration of option 2 in the posts above until you have your new router and it is configured for openVPN.  Until then, you should plug your main router into eth0 and leave eth1 disconnected.  Regarding drivers, the OS will detect and install a driver on boot if the card is supported.

 

For future use, follow these directions to get a copy of syslog for posting.

[adamthepolak]

I think there is some confusion here with the two network adapters.  If the on-board network adapter is not connected as explained earlier you will have no Internet.  No network traffic, by default, will go out eth1 (your TP-Link).  You also do not want eth0 and eth1 connected to the same router.  You cannot complete the configuration of option 2 in the posts above until you have your new router and it is configured for openVPN.  Until then, you should plug your main router into eth0 and leave eth1 disconnected.  Regarding drivers, the OS will detect and install a driver on boot if the card is supported.

 

For future use, follow these directions to get a copy of syslog for posting.

 

here is the syslog for a boot without the card in

syslog.txt

[unevent]

Looks like you have the transmission plugin installed in two places - /boot/plugins and /boot/config/plugins.  Should only be in /boot/config/plugins.  Correct and reboot, then post a new syslog.

 

[adamthepolak]

Looks like you have the transmission plugin installed in two places - /boot/plugins and /boot/config/plugins.  Should only be in /boot/config/plugins.  Correct and reboot, then post a new syslog.

here is the syslog

 

I got as far as i could with finishing the vpn on the router but ive hit a snag. i have all the information put in but cant launch the openvpn client. have tried every tutorial and looked at every forum on torgaurd but nothing. i left them a msg on live support and will figure it out tomorrow once they are open.

syslog.txt

[adamthepolak]

heres a log that i also managed to recover from a run with the card inserted. i had the card in but an ethernet cable only going to the port on the mobo. the system wouldn't connect to the network.

syslog-20140225-012402.zip

[unevent]

heres a log that i also managed to recover from a run with the card inserted. i had the card in but an ethernet cable only going to the port on the mobo. the system wouldn't connect to the network.

 

Log shows DHCP connection on eth0 to 192.168.0.11, but no Internet access.  Something on your router is blocking Internet.  Suggest getting basic Internet access working before converting over to VPN.  Start with verifying network settings in the unRAID GUI and configure for DHCP or edit the network.cfg and make it look like this:

# Generated settings:
USE_DHCP=yes
IPADDR=
NETMASK=
GATEWAY=

 

Do that and reboot and post new syslog.  Perhaps something you changed on the router has affected your Internet access.  If you are attempting to change over to VPN, those changes have to all occur at the same time or nothing works.  Suggest reverting any changes you have made in an attempt to go VPN until all your hardware arrives and can be properly configured.

[adamthepolak]

This has been all done with only my normal router plugged in. The vpn router was not being used in any of these tests. Ive been configuring it on the network but it is not being used yet at all.

 

The network config file is as you posted, that was changed at the beginning and then i returned it to normal values. these are the current network settings in the unraid menu. It was on active back up and i just switched it to balance but i cant restart for another 45 minutes cause there's a pariaty check going on from last night. Once that's done ill see if changing the bonding mode fixes it. When i looked it up it said that active backup would turn off the second connection if the first was stable.

 

Got the VPN service working properly on the router now. unplugged and have it sitting on the side for the time being.