• Set up Torguard VPN for Transmission on Freenas 9.10 – updated 1/23/17

    by  • July 13, 2015 • Computing • 11 Comments

    Nowadays, it is prudent to protect your privacy when downloading torrents on the net.  A few lawsuits have recently been brought against ISP’s by businesses seeking damages from users allegedly downloading illegal content. Many of these lawsuits have centered on trying to get the ISP’s to release lists of customer IP addresses along with their associated activity logs. For many years I successfully used NAS4Free  with Transmission using a VPN tunnel which I previously detailed in this post.

    However,  I ran in to many problems trying to successfully re-install my VPN service with Version 10 of Nas4Free (N4F) and I pinned it down to the fact that N4F is out of date when it comes to FreeBSD libraries. Combine this with the almost complete lack of support for old versions on FreeBSD and it gets hard to keep your older systems running effectively. Since I could not make this process work with N4F in version 10 at all, I have switched back to Free Nas which has come a long way since I last used it.

    Using the Sick Rage, Transmission and Couch Potato plugins, my system is better than it has ever been and despite what they say on the FreeNas website, it WILL work fine with 2GBS of ram. I was also able to import my ZFS raid disks from my old N4F server with no problems. By following this post carefully you will easily be able to get OpenVPN installed and working though the FreeNAS Transmission jail to ensure only protected traffic is tunneled through our BT client. In my experience, this process is WAY easier that the setup required for N4F and I have setup 3 systems now with no problems using this method! Just so we’re clear, this post is NOT meant to be a tutorial on how to set up FreeNas. There are many ways to configure the FN server that depend largely on your system architecture – so head on over to the FN forums if you have basic operational questions. Here is a great article on configuring SickRage, SickBeard (seriously – who names this stuff??!!) and CouchPotato.

    This how-to is adapted from a post in the FN forums by Tango and I have modified it to work with Torguard though it might work with other VPN providers as well (your mileage may vary). This tutorial assumes you have your Freenas server setup and working correctly and that you have installed and tested the Transmission plugin to your satisfaction. I am currently using Torguard for VPN and I can highly recommend them.  They offer many locations worldwide, are reasonably priced and have excellent customer service when you need it.  Here are the steps I followed to get VPN working on my FreeNas 9.2 server:

    • You will need a VPN provider in order to get this going.  Click here to try Torguard.
    • SSH into freenas. (I use PuTTy)
    • Get a list of jails:
      root@freenas ~# jls
      JID    IP Address      Hostname              Path
      3      –  192.168.1.50  transmission_1    /mnt/<volumename>/jails/transmission_1
    • jexec into the jail (mine happens to be 3 – yours may vary)
      root@freenas ~# jexec 3 tsch (if you are having trouble try- sudo jexec 3 /bin/sh)
      root@transmisssion_1:/ #
    • Install bash. May be prompted several times – reply Y then press enter each time.
      root@transmission_1:/ # pkg install bash
    • Install nano. Again, may be prompted several times. Reply Y each time.
      root@transmission_1:/ # pkg install nano
    • Move to the /etc folder.
      root@transmission_1:/ # cd /etc
      root@transmission_1:/etc #
    • Fetch Portsnap via portsnap fetch:
      root@transmission_1:/etc # portsnap fetch
      **This will take a while to download and ask for several prompts – you know the drill.
    • Extract Ports to /usr/ports
      root@transmission_1:/etc # portsnap extract
      **This will also take a long time and A LOT of scrolling will happen. It’s normal.
    • Navigate to /usr/ports/security/openvpn
      root@transmission_1:/etc # cd /usr/ports/security/openvpn
      root@transmission_1:/usr/ports/security/openvpn #
    • Make a clean install which allows us to set the option of a password file.
      root@transmission_1:/usr/ports/security/openvpn # make install clean
      **Blue screen should appear. Press the DOWN arrow and the SPACE bar to ensure the [ ] next to PW_Save ( 5th option down) has an X in it. Should look this:
      x+[X] PW_Save   Interactive passwords may be read from a file
      (On latest versions of openvpn (Mar. 2016) you MAY NOT get an option #5 as described above, but openvpn appears to read passwords from a textfile anyways so you can safely skip this step.)
      **then press enter. Lots of things should happen now…
    • Go to root directory of the transmission_1 jail:
      root@tranmission_1:/usr/ports/security/openvpn # cd /
      root@transmission_1:/ #
    • Enter Bash
      root@transmission_1:/# bash
      root@transmission_1 /#
    • Make a directory for OpenVPN & our files that we will download from Torguard:
      root@transmission_1 /# mkdir /usr/local/etc/openvpn
    • Add lines to the rc.conf so OpenVPN starts when the jail starts:
      root@transmission_1 /# cd /etc
      **Note – use Ctrl+o will write the file and Ctrl+X will exit.
      root@transmission_1 /etc# nano rc.conf
      **File is open.
      **Add the following (can copy/paste using ctrl+C then right clicking in the shell)
      openvpn_enable=”YES”
      openvpn_configfile=”/usr/local/etc/openvpn/openvpn.conf”
      **Write via Ctrl+O. Press Enter
      **Exit via Ctrl+X.
    • Move to a new folder (helps me keep things straight):
      root@transmission_1 /etc# cd /media/
      root@transmission_1 /media#
    • Grab the Torguard files, you’ll likely need to grab them manually and install them through the FreeNas GUI as Torguard does not allow wget file transfers. If you have created your Transmission jail storage correctly (see link at beginning of article) you should be able to drag the Torguard files into your shared NAS ‘downloads’ directory and see them symlinked in your jail’s ‘/media’ directory.
      You will need a login CLICK HERE to check out Torguard. Here is the link once you are logged in: https://torguard.net/downloads.php. You will want to grab the ‘Standard TCP Configs” in the “OpenVPN Config Files and Scripts” section (near the bottom).
    • Unzip the Torguard openvpn files into the ‘Media’ folder:
      root@transmission_1 /media# unzip TorguardPRO.zip
    • Make a pass.txt file to hold your username and password.
      root@tranmission_1 /media# nano pass.txt
      **Nano will pop up. ONLY type in the following (substituting your REAL username and password of course)
      USER
      PASSWRD
      **Press Ctrl+o. call it pass.txt. then enter. then Ctrl+X
    • Configure the .ovpn file of your selected server. (I used a Canadian-based.ovpn’ as it is still legal to torrent in Canada at this time. Torguard asks that you NOT use US-based servers for torrenting)
      root@tranmission_1 /media# nano ‘Your_Selected.ovpn
      ** On the auth-user-pass line add pass.txt after it like so:
      auth-user-pass pass.txt
      **Press Ctrl+o. call it Your_Selected.ovpn. then enter. then Ctrl+X
    • Move the fixed Torguard files into the correct folder we just created
      **The actual OpenVPN files we created earlier.
      **ca.crt next:
      root@transmission_1 /media# cp /media/ca.crt /usr/local/etc/openvpn/ca.crt
      **our pass.txt file we created:
      root@transmission_1 /media# cp /media/pass.txt /usr/local/etc/openvpn/pass.txt
      **finally renaming the <Server>.ovpn file to .conf file (You’ll have to use “” around the name if there is a space in it.)
      root@transmission_1 /media# cp /media/Your_Selected.ovpn /usr/local/etc/openvpn/openvpn.conf
    • Start your OpenVPN server:
      root@transmission_1 /# /usr/local/etc/rc.d/openvpn start
    • Check your install. You should be able to query the VPN tunnel:
      root@tranmission_1 /media# ifconfig tun0
      **You should see a printout like:
      # ifconfig tun0
      tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
      options=80000<LINKSTATE>
      inet 10.9.0.22 –> 10.9.0.21 netmask 0xffffffff
      nd6 options=1<PERFORMNUD>
      Opened by PID 7036
      ***Or something similar…
    • Congratulations! Your Transmission packets are now using Torguard!
    • One caveat worth mentioning here:  You probably won’t be able to automagically update the Transmission client from the GUI as I have never been able to get it to successfully update itself. Whether that is the fault of our modifications or just a bug in Freenas I am not sure. To update, just make a note of your Transmission jail’s storage structure and delete the plugin and re-install according to the guide again. It’s a bit of a PITA – but for now, it is the only way.

    Not Working? Check out these useful commands and troubleshooting tips.

    Useful Open VPN Commands:

    #Stop openvpn
    root@transmission_1 /# /usr/local/etc/rc.d/openvpn stop

    #Start openvpn
    root@transmission_1 /# /usr/local/etc/rc.d/openvpn start

    #Restart openvpn
    root@transmission_1 /# /usr/local/etc/rc.d/openvpn restart

    #Query Secure network VPN tunnel
    root@tranmission_1 /# ifconfig tun0

    #Query whole Freenas network
    root@transmission_1 /# ifconfig

    # stop all openvpn processes
    root@transmission_1 /# killall -TERM openvpn

    Still not working as you expect? Check out the log files in Freenas before you post a comment.

    #Check log files for clues
    root@transmission_1 /# less /var/log/messages
    root@transmission_1 /# less /var/log/messages
    root@transmission_1 /# more -f /var/log/messages
    root@transmission_1 /# cat /var/log/messages
    root@transmission_1 /# tail -f /var/log/messages
    root@transmission_1 /# grep -i error /var/log/messages **This one is good as it will filter the log for error messages.

    Still not working? Check this post for clues (it’s a good troubleshooting primer as well).  Just telling me it’s not working does not provide enough information to troubleshoot your problem. You wouldn’t take your car into the garage and say, “my car doesn’t work!” – you need to give me some clues to help you fix your problem. Check your steps carefully, every command has to be issued as it is shown in the how to.  If you find any mistakes please let me know and I will fix them right away.

    11 Responses to Set up Torguard VPN for Transmission on Freenas 9.10 – updated 1/23/17

    1. Dane Nguyen
      July 13, 2015 at 23:02

      Where did you find the crl.pem file? all i have is a ca.crt and a lot of ovpn’s. When i run /usr/local/etc/rc.d/openvpn start i get Starting openvpn. then nothing. i check ifconfig and does not show tun0

      • July 14, 2015 at 07:10

        Actually, Torguard does not need the crl.pem file so I have removed it from the how-to. Your /usr/local/etc/openvpn/ directory should include the following 3 items: ca.crt, openVPN.conf and pass.txt. Check your log entries in Freenas to find out what is not working. I just revised the post to add a section on troubleshooting for you.

    2. Mark
      July 19, 2015 at 07:24

      Great guide, works awesomely with TorGuard 🙂

      Thankyou

    3. Nick
      May 14, 2016 at 18:59

      Followed your guide and it works great, but I’m having issues with transmission claiming its port is closed despite being forwarded on my router. Do I have to request the port forward with torguard directly and which IP do I provide? For example, you show 10.9.0.22 –> 10.9.0.21. Would I use .22 or .21?

    4. Moandain
      May 18, 2016 at 00:33

      portmap_enable=”NO”
      sshd_enable=”NO”
      sendmail_enable=”NO”
      sendmail_submit_enable=”NO”
      sendmail_outbound_enable=”NO”
      sendmail_msp_queue_enable=”NO”
      hostname=”transmission_1″ devfs_enable=”YES”
      devfs_system_ruleset=”devfsrules_common”
      transmission_download_dir=””
      transmission_enable=”YES”
      transmission_conf_dir=”/var/db/transmission”
      openvpn_enable=”YES”
      openvpn_configfile=”/usr/local/etc/openvpn/openvpn.conf”

      did I do something wrong in the rc.conf?

      • Moandain
        May 18, 2016 at 00:36

        /usr/local/etc/rc.d/openvpn: WARNING: ”/usr/local/etc/openvpn/openvpn.conf” is n
        ot readable.
        /usr/local/etc/rc.d/openvpn: WARNING: failed precmd routine for openvpn
        root@transmission_1:/ #

        this is what I get every time.

        • Moandain
          May 18, 2016 at 01:22

          YAY for dumb mistakes in my rc.conf file

    5. Josh
      June 16, 2016 at 21:48

      Just as note I had a previous setup from Torguard blog that worked initially but then would die after a while and not come back. So using this guide does work, but I did have to reboot the server to get openvpn to open tun0 in my jail.

      One thing you can add though is from this thread take his firewall rules and everything but transmission traffic goes out the tun. You do lose the possibility of remote transmission access but I also run flex get in my transmission jail so it uses normal pathway.

      https://www.reddit.com/r/freenas/comments/41fhz3/configuration_guide_for_openvpn_and_ipfw_so_that/

    6. Ric
      July 20, 2016 at 00:23

      root@transmission_1:/ # pkg install bash

      Operation timed out repository FreeBSD has no meta file, using default settings

    7. Wilson
      August 28, 2016 at 00:29

      Thanks for the write up…saved me a lot of time 🙂

    8. Erick
      October 16, 2016 at 13:47

      I’shaving a problem starting the vpn. I get this message when i check the logs

      “transmission_1 openvpn[55027]: Options error: You must define TUN/TAP device (–dev)”
      any help would be appreciated!

    Leave a Reply

    Your email address will not be published. Required fields are marked *