Convalesco

Current revision: 0.4

Last update: 2017-03-22 18:42:09 +0200 UTC

The hottest places in Hell are reserved for those who, in times of moral crisis, preserved their neutrality.

D. Alighieri , The Divine Comedy: Inferno - 1320 A.D.


Raspberry Pi seedbox with Transmission and TorGuard

Date: 08/06/2015, 18:47

Category: technology



1.0 Introduction

The Raspberry Pi is a small, yet fairly powerful, fanless single-board computer. The RPi can be easily turned into a headless seedbox. A seedbox is a private server for uploading and downloading digital content via BitTorrent protocol.

1.1 Prerequisites

In order to create a seedbox you are going to need the following hardware:

Basic command line knowledge is recommended. You should be able to connect to your Raspberry Pi via SSH in order to proceed. Make sure you change the default password the first you connect via SSH.

In case you have an external USB hard drive, you can find setup instructions on ModMyPi.

2.0 Transmission Setup

Transmission is a lightweight BitTorrent client which can run on any UNIX based computer, like a Raspberry Pi. In order to install transmission, connect via SSH and run the following commands:


$ sudo apt-get update
$ sudo apt-get install transmission-daemon

The configuration file for Transmission is /etc/transmission-daemon/settings.json. There you can setup the download directory and several other options.

This is a good point to create the downloads and incomplete directories. Transmission used the incomplete directory to keep files until they are fully downloaded. Once the files are ready to use, it moves them to the downloads directory. Let’s assume that the downloads directory path will be /mnt/data/torrents/downloads/ and the incomplete directory path will be /mnt/data/torrents/incomplete/. These directories must owned by user pi.


$ sudo mkdir -p /mnt/data/{downloads,incomplete}
$ sudo chown pi:pi /mnt/data/{downloads,incomplete}

To access transmission via web, enable RPC authentication. Edit these options from /etc/transmission-daemon/settings.json:


"download-dir": "/mnt/data/torrents/downloads/",
[...]
"incomplete-dir": "/mnt/data/torrents/incomplete/",
[...]
"rpc-authentication-required": true,
"rpc-bind-address": "127.0.0.1",
"rpc-enabled": true,
"rpc-password": "password",
"rpc-port": 9091,
"rpc-url": "/transmission/",
"rpc-username": "username",

Transmission will change the password with a hash algorithm right after your start transmission. Other options can be tweaked by the web interface.

Then changed the USER under which Transmission runs and set it up as pi which is the default Raspbian user. Open the file /etc/init.d/transmission-daemon with your favorite editor and change the USER variable in line 13. It must look like USER=pi.

Now start transmission to make sure everything works as planned:


$ sudo service transmission-daemon

Connect to http://raspberry-ip-address:9091 and login to your Transmission installation!

At this point you’re basically ready to start uploading and downloading torrents. If you want a more advanced setup, keep reading!

3.0 TorGuard OpenVPN setup

To keep our connection private, we can use a VPN service. Torguard is a popular, privacy-aware, anonymous VPN service that does not keep logs. A comprehensive review on VPN services can be found on TorrentFreak. TorGuard offers an OpenVPN configuration file for $ 9.99 per month. See details about the service on their website.

TIP: Although TorGuard is my VPN service of choice, you can apply this guide to any VPN service that supports OpenVPN.

Once you subscribe to TorGuard, you can download the OpenVPN servers. TorGuard offers several countries through which you can proxy your connection.

TIP: It’s better to avoid countries which have strict internet and file sharing laws, no matter what kind of content you choose to download or upload.

In the example below, I picked Switzerland as a proxy. Your /etc/openvpn/torguard.conf file should look like this:


client
dev tun
proto udp
# Switzerland Proxy
remote-random
remote 141…
remote 46…
remote 31…
remote 81…
remote 46…
resolv-retry 5
nobind
fast-io
tun-mtu 1500
tun-mtu-extra 32
tls-client
remote-cert-tls server
mssfix 1450
persist-key
persist-tun
ca swissca.crt
auth-user-pass pass.txt
comp-lzo
route-delay 5 30
script-security 3 system
up /etc/openvpn/up.sh
ping-restart 0
mute-replay-warnings
verb 3
status /var/log/openvpn-status.log
log /var/log/openvpn.log
log-append /var/log/openvpn.log

That’s about it. Switzerland was chsen as an exit for connections. This means that we must copy the file swissca.crt, supplied by TorGuard, to the /etc/openvpn/ directory.

Now we must create the file /etc/openvpn/pass.txt and use put your username and password supplied by TorGuard for OpenVPN connections. The file should look like this:


username
password

TorGuard’s OpenVPN connection will route all your outgoing connections through the VPN. However, if for any reason, the VPN goes down, your connection will keep floating from the standard gateway! But we sure don’t want that. It would be good if could route Transmission connections through tun0 only!

Unfortunately Transmission does not allow us to bind a specific network interfaces, like tun0. We can only bind IPv4 or IPv6 addresses.

We are going to run a script when TorGuard OpenVPN starts. The script will change Transmission’s bind IPv4 address. In order to do this we need to create the file /etc/openvpn/up.sh adding the following:


#!/bin/sh
/usr/sbin/transmission_fix_ip

Install ruby:


$ sudo apt-get install ruby

Now we need to create the /usr/sbin/transmission_fix_ip ruby script. Here is the code:


#!/usr/bin/env ruby
require 'json'
require 'logger'

# config
vpn_interface = 'tun0'
log_file = '/tmp/transmission_fix_ip.log'
log = Logger.new(log_file, 10, 1024000)
log.info("running 'transmission_fix_ip' now")
log.info("tun device is #{vpn_interface}")

# exit if uid != 0
unless Process.uid == 0
  log.fatal('transmission_fix_ip must be run as root! Exiting...')
  raise 'Must run as root'
end

# stop transmission service
log.debug("stop transmission-daemon")
if system("/etc/init.d/transmission-daemon", "stop")
    sleep 15 # wait for transmission to come down
    # Grab VPN interface info and replace
    external, netmask, interface = `ip addr show dev #{vpn_interface}`.split(' ').values_at(13, 15, 18)
    config = '/etc/transmission-daemon/settings.json'
    file = File.read(config)
    data = JSON.parse(file)
    data['bind-address-ipv4'] = external
    File.open(config, 'w') do |f|
     f.write(JSON.pretty_generate(data))
    end

    # start transmission
    log.debug("start transmission-daemon")
    system("/etc/init.d/transmission-daemon", "start")
else
  log.fatal("Something happend on the way to heaven!")
end

The above script will change the IPv4 bind address of the /etc/transmission-daemon/settings.json file to the current one used by OpenVPN. Turn the script into executable:

$ sudo chmod +x /usr/sbin/transmission_fix_ip

Every time your OpenVPN goes up, it uses a different IP address, so we need to change the IPv4 bind address.

NOTE: This script takes for granted that tun0 is used by TorGuard. If you use tun1 for TorGuard, you have to change tun0 with tun1 in the script, line 10.

Bonus: installing an HTTP Proxy

If the RaspberryPi sits on your home network, it’s fairly easy and quite useful to install an HTTP proxy for anonymous internet browsing. By running:

$ sudo apt-get install polipo

All you need to do is configure a browser to use the RPis’ IP and port ‘81234’ to browse anonymously!

TIP: It’s a good idea to configure a second, non-default browser to use the HTTP proxy. Launch the second browser when you require anonymity. Firefox and Opera are excellent choices. Firefox can be combined with a nice plugin to add torrents on your seedbox easily.

Keep in mind that in most countries downloading copyright protected material is illegal and enjoy!