Torrenting Virtual Machine with Debian and OpenVPN
Nov 27, 2015
I take no responsibility for how this information is used.
- Debian 8.0+ Virtual Machine
- OpenVPN server
Static IP Address
Set a static IP address so it doesn’t change DNS servers to your ISPs or uses your local router’s DNS server.
auto eth0 iface eth0 inet static address ADDRESS netmask NET_MASK broadcast BROADCAST gateway GATEWAY_IP dns-nameservers 126.96.36.199 188.8.131.52
nameserver 184.108.40.206 nameserver 220.127.116.11
Transmission is a fantastic BitTorrent client for Linux that also has a web interface.
apt-get install transmission-daemon
Stop the service.
systemctl stop transmission-daemon.service
- Edit the config
/etc/transmission-daemon/settings.jsonThese two must be changed so that you may login to the web interface:
"rpc-authentication-required": false "rpc-bind-address": "LOCAL LAN IP"
Three more that you might want to change:
"blocklist-enabled": true, "blocklist-url": "http://john.bitsurge.net/public/biglist.p2p.gz", "encryption": 2
systemctl start transmission-daemon.service
apt-get install openvpn
Copy your OpenVPN client configs to
/etc/openvpn. The file extension must be
.conffor the config file.
systemctl enable openvpn@CONFIG_NAME.service
systemctl start openvpn@CONFIG_NAME.service
Verify that you are now utilizing the VPN.
This final part will be to configure
iptables to only allow inbound/outbound connections to the VPN tunnel interface based on the transmission user group. This will prevent transmission from communicating before the VPN starts.
Some VPN providers allow you to use an API to open up a port for your current tunnel IP. This is very handy if you wish to also seed torrents more effectively. PrivateInternetAccess allows this in certain regions. For PIA, the port will always be different so you will need to implement it into your firewall script.
Be sure to edit the
INBOUND_PORT text, otherwise remove it if you are not planning to open a port.
# Transmission web UI iptables -A INPUT -p tcp --dport 9091 -m state --state NEW -i eth0 -j ACCEPT # Allow inbound connections through the tunnel interface (change the port) iptables -A INPUT -p tcp --dport INBOUND_PORT -m state --state NEW -i tun0 -j ACCEPT iptables -A INPUT -p udp --dport INBOUND_PORT -m state --state NEW -i tun0 -j ACCEPT # Prevent transmission from communicating on anything but the VPN tunnel interface iptables -A OUTPUT -p tcp -m owner --gid-owner debian-transmission --sport 9091 ! -o tun0 -j ACCEPT iptables -A OUTPUT -m owner --gid-owner debian-transmission ! -o tun0 -j REJECT
DNS Leak Test
If you installed a GUI on your VM you can check to make sure you are not leaking any DNS requests. Assuming you’ve changed your DNS servers and do not see your own IP you should not need to worry about leaking DNS queries.