Torrenting Virtual Machine with Debian and OpenVPN

Nov 27, 2015

I take no responsibility for how this information is used.

Requirements

• Debian 8.0+ Virtual Machine
• OpenVPN server

Static IP Address

1. Set a static IP address so it doesn’t change DNS servers to your ISPs or uses your local router’s DNS server.

   /etc/network/interfaces

   auto eth0
   iface eth0 inet static
        address ADDRESS
        netmask NET_MASK
        broadcast BROADCAST
        gateway GATEWAY_IP
        dns-nameservers 8.8.8.8 8.8.4.4
   

2. Edit /etc/resolv.conf

   nameserver 8.8.8.8
   nameserver 8.8.4.4
   

3. Reboot.

Transmission

Transmission is a fantastic BitTorrent client for Linux that also has a web interface.

1. Install transmission. apt-get install transmission-daemon

2. Stop the service. systemctl stop transmission-daemon.service

3. Edit the config /etc/transmission-daemon/settings.json These two must be changed so that you may login to the web interface:

   "rpc-authentication-required": false
   "rpc-bind-address": "LOCAL LAN IP"
   

   Three more that you might want to change:

   "blocklist-enabled": true,
   "blocklist-url": "http://john.bitsurge.net/public/biglist.p2p.gz",
   "encryption": 2
   

4. Start. systemctl start transmission-daemon.service

OpenVPN

1. Install OpenVPN. apt-get install openvpn

2. Copy your OpenVPN client configs to /etc/openvpn. The file extension must be .conf for the config file.

3. Start OpenVPN. systemctl enable openvpn@CONFIG_NAME.service systemctl start openvpn@CONFIG_NAME.service

4. Verify that you are now utilizing the VPN. ip a curl icanhazip.com

IPTables

This final part will be to configure iptables to only allow inbound/outbound connections to the VPN tunnel interface based on the transmission user group. This will prevent transmission from communicating before the VPN starts.

Some VPN providers allow you to use an API to open up a port for your current tunnel IP. This is very handy if you wish to also seed torrents more effectively. PrivateInternetAccess allows this in certain regions. For PIA, the port will always be different so you will need to implement it into your firewall script.

Be sure to edit the INBOUND_PORT text, otherwise remove it if you are not planning to open a port.

# Transmission web UI
iptables -A INPUT -p tcp --dport 9091 -m state --state NEW -i eth0 -j ACCEPT

# Allow inbound connections through the tunnel interface (change the port)
iptables -A INPUT -p tcp --dport INBOUND_PORT -m state --state NEW -i tun0 -j ACCEPT
iptables -A INPUT -p udp --dport INBOUND_PORT -m state --state NEW -i tun0 -j ACCEPT

# Prevent transmission from communicating on anything but the VPN tunnel interface
iptables -A OUTPUT -p tcp -m owner --gid-owner debian-transmission --sport 9091 ! -o tun0 -j ACCEPT
iptables -A OUTPUT -m owner --gid-owner debian-transmission ! -o tun0 -j REJECT

DNS Leak Test

If you installed a GUI on your VM you can check to make sure you are not leaking any DNS requests. Assuming you’ve changed your DNS servers and do not see your own IP you should not need to worry about leaking DNS queries.

• https://www.dnsleaktest.com/
• https://ipleak.net/

linux Related

• Linux 4G LTE Failover

  Aug 22, 2020

• Backing Up VM Images to Wasabi (or S3, B2, etc.)

  May 20, 2020

• Headless Fluxbox / TightVNC

  Apr 21, 2019

• Backup Disks Using Netcat

  Nov 3, 2018

• Benchmarking KVM/ZFS on Ubuntu 18.04 (raidz2)

  Oct 29, 2018

• EZ Arch Encrypted Installation

  Sep 1, 2018

• Hiding Symbols in ELF Binaries

  Jul 4, 2018

Comments