adamthepolak Posted March 10, 2014 Author Share Posted March 10, 2014 fixed the duplicate and transmission location. I have no idea about transmission so ill just switch the two cables. Quote Link to comment
adamthepolak Posted March 14, 2014 Author Share Posted March 14, 2014 unevent what else do i have to do on my end so we can continue with the set up?? Quote Link to comment
unevent Posted March 14, 2014 Share Posted March 14, 2014 I am using arbitrary IP addresses to aide the explanation: 192.168.0.2 is the IP assigned to unRAID from your main router/existing internal network 192.168.1.2 is the IP assigned to unRAID by the VPN router (which does the NAT/firewall for the VPN tunnel Also assuming the plugin/software you want to run over VPN on unRAID cannot bind to a specific interface (eth1 vs eth0). These steps will make all Internet access on unRAID go through the VPN tunnel. If you can bind to specific interface, just swap the eth0/1 connection and config. To recap, you have your new router set up with openVPN client and the basic router setup configured for the 192.168.1.x subnet and have tested the VPN connection and know it works. Before disconnecting network cable from eth0, and no network cable is connected to eth1 (your add-in card): Bring up eth1 using telnet/SSH to unRAID: ifconfig eth1 192.168.0.2 netmask 255.255.255.0 up [*]Disconnect all network cables from your unRAID server [*]Connect a cable from eth1 on unRAID (your add-in card) to a LAN port on your main router At this point you have restored local network access to unRAID (now on eth1 instead of eth0). If you used the same IP as you used before it should be seamless and should come up immediately with no changes to hosts/DNS. After normal local access is working: [*]Connect a cable from the WAN port of the VPN router to a LAN port on your main router (the router that connects to the Internet) [*]Connect a cable from the eth0 interface on unRAID to a LAN port on your VPN router [*]The unRAID networking setup should match your VPN router setup (static or DHCP assigned 192.168.1.2 IP) [*]Note: unRAID network setup in //tower/Settings/NetworkSettings is now for the VPN router, not your main router [*]Configure VPN router WAN for DHCP or static, depending on your main router config - VPN router WAN IP is assigned by main router [*]If everything is correct to this point you should have Internet access on unRAID [*]Bring the VPN client online in the VPN router [*]If the VPN start was successful, you should have a connection via VPN to Internet [*]Verify using telnet/SSH to unRAID: curl -s http://geoip.hidemyass.com | grep -A 1 "ISP:" If the VPN is up, the result is what your VPN ISP/Server is as reported by http://geoip.hidemyass.com. Go to this site on another computer (not via VPN) and it should show your real ISP and should be different than what was on unRAID. If the ISP is the same then the VPN is not connected on the VPN router or the openVPN client is not configured properly. Fix before continuing. Last steps: [*]On your main router, block all ports except the port used by your VPN (443 for TCP, 53 for UDP, as example), for the VPN router IP. Also make sure no plugins/programs on unRAID you want to use with the VPN don't use the same port as the VPN. Blocking all used ports except the VPN port will prevent Internet access for unRAID if your VPN goes down [*]Once you get everything working, add the ifconfig command to your go script so it is brought up on every start [*]UDP vs. TCP VPN is up to you. I do QOS on my main router so I use TCP. [*]You can add the following to the custom config in openVPN to help keep things connected: ping 5 persist-tun persist-key ping-restart 120 Quote Link to comment
adamthepolak Posted March 16, 2014 Author Share Posted March 16, 2014 so i got it all to work up until blocking the ports on my main router so that vpn ports are only open. I have a rogers modem/ router and i cant find the option anywhere. im getting about 330 kb/s downloads in transmission but cpu usage isnt showing on my tomato router. is there a way to turn it on? Quote Link to comment
unevent Posted March 16, 2014 Share Posted March 16, 2014 Running the RT-N12 router? That is about the speed to expect with 300MHz cpu, see post #9. Which build of tomato are you running? For sysload on Tomato, it is typically under under Status->Overview. You can see what it looks like in the pics at post #35. What is the brand/model number of the rogers modem/router? You may be limited in what you can do on the cable ISP modems/routers. They don't offer a lot of features. If you upgrade your VPN router you can use the RT-N12 as your main router and place the rogers device in bridge mode. Quote Link to comment
adamthepolak Posted March 17, 2014 Author Share Posted March 17, 2014 Running the RT-N12 router? Which build of tomato are you running? What is the brand/model number of the rogers modem/router? RT-N12 Tomato build5x-116-EN shibby rogers router is http://www.hitrontech.com/en/cable_detail.php?id=64 Quote Link to comment
unevent Posted March 17, 2014 Share Posted March 17, 2014 For the rogers, may be called IP filtering in the firewall section. Quote Link to comment
adamthepolak Posted March 17, 2014 Author Share Posted March 17, 2014 no such option here are the security options Quote Link to comment
adamthepolak Posted March 17, 2014 Author Share Posted March 17, 2014 so far running smooth with speeds on transmission topping off at 420kb/s. Going to try adding my proxy to transmission later today. DNS does not work on this router either. tried putting in my own and got nothing, stayed on the rogers ones. Quote Link to comment
unevent Posted March 18, 2014 Share Posted March 18, 2014 so far running smooth with speeds on transmission topping off at 420kb/s. Going to try adding my proxy to transmission later today. DNS does not work on this router either. tried putting in my own and got nothing, stayed on the rogers ones. Are you using DHCP on the VPN router? If so , you can set static DNS server addresses under basic->network in Tomato, then advanced->DHCP/DNS, tick 'intercept DNS port'. Verify 'Use received DNS with user-entered DNS' is not ticked. Using your ISP DNS defeats the purpose of a VPN, if your concern is masking traffic. Once you change it you will need to request a new lease on unRAID. Simplest way is to unplug the network cable wait 5-10 seconds then reconnect. If you are static, you will need to change the DNS servers in the network config at //tower/Settings/NetworkSettings as well. Use a public DNS like openDNS or whatever your VPN pushes. Quote Link to comment
roland Posted March 22, 2015 Share Posted March 22, 2015 Hello, I was just wondering if the steps here are still the best way to hide my transmission traffic a bit? My current setup is Tower ---- Switch ---- Netgear (Access Point) -- wifi -- Belkin Router Modem Can I set it up like this? Tower eth0 -- Tomato Router (vpn)-----\ Tower eth1 ------------------------------- Switch ---- Netgear (Access Point) -- wifi -- Belkin Router Modem (very old, might need a new one) Any suggestion on the Tomato Router to buy? Thanks Roland Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.