RPi2 with OMV, OpenVPN and Transmission firewall settings.

  • hmm what is happening is after 20 secs of inactivity the vpn is restarting

    Code
    Tue Sep 15 20:20:56 2015 [ugauyeighaew.openvpn.ipredator.se] Inactivity timeout (--ping-restart), restarting


    after the restart the second route has gone and the vpn ip address can also change.


    This is because I'm not running the script from "up"

  • I put the script back into the .conf and removed the route-nopull, now there are no restarts and the second route stays even during restarting openvpn.


    DHT is working but Trackers are not and the checkMyTorrentIp.png torrent doesn't show any IP address.


    Oh and because of the route-nopull being removed the OMV Update manager is using the vpn

  • Well, I say I have no idea then. You should look at the logs before the restart, maybe there is something else, but is alway better to look at the server log, which in this case is not possible.


    flush the iptables of you want the transmission to start traffickin again you have rUles from the script there

  • ok, i went to ask for a testing account there and i found this service quite different from other ones. I was chatting in IRC with some people there.


    So you need to modify the script a little bit, because the connection needs a route to the vpn server through the non-vpn connection. In this case instead of route-nopull use route-noexec (this is to pass env vars to script) and use route-up for the iptables script


    In the link is the modified script
    http://sprunge.us/EOhF


    Then you will also need a down script with ip route del $route_network_1 just to clean the main table after vpn is down.


    The disconnection was because the server is configured send a restart signal if no activity (normal policy), without the route mentioned before there wasn't any activity, that's why.


    Hope this works

  • You have really gone above and beyond what I would say is the "normal" level of help and I thank you very much :-)


    I have made the changes but ran into a little question regarding the scripts.
    The ipredator.conf runs the following to add in their DNS servers

    Code
    script-security 2
    up /etc/openvpn/update-resolv-conf
    down /etc/openvpn/update-resolv-conf


    I was reading you cannot have multiple up or down lines in this .conf


    The update-resolv-conf is


    Is it ok to add the lines 49 & 53 as I have done? There doesn't appear to be any errors when openvpn starts or stops with # openvpn --config /etc/openvpn/IPredator-CLI-Password.conf

  • This is what I get not running any torrents in transmission usingh iftop -i eth0 -P -n -N

    Code
    192.168.0.255:54915 => 192.168.0.4:54915
    192.168.0.12:2122 => 192.168.0.4:50016
    192.168.0.12:37306 => 46.246.62.2:1194


    and with iftop -i tun0 -P -n -N

    Code
    46.246.62.75:51413 => 72.226.0.10:16017
    239.255.255.250:1900 => 46.246.62.46:60477
    46.246.62.75:51413 => 107.209.165.34:48874
    46.246.62.75:51413 => 78.139.209.117:43437
    46.246.62.75:51413 => 175.137.225.48:6881
    46.246.62.75:51413 => 93.71.192.123:29253
    46.246.62.75:51413 => 162.144.80.134:51413
    46.246.62.75:56216 => 112.210.9.231:52681


    The ip addresses change frequently

  • You can try múltiple up lines (don't know if it works), if you put multiple scripts in one line there will be treated as arguments or vars.


    or as you want you can paste the resolv script inside the iptables script. That should work also, I guess.

  • I stopped and restarted openvpn during a torrent download then checked tun0. I was surprised to see the lines with connections to 192.168.0.12 is that normal?


    the lines with 192.168.0.12 eventually disappeared

  • I'm a little confused.
    If 176.9.62.182:64403 is sending data to 192.168.0.12:51413 is that connecting via my real ip address? because if tun0 is down then the default gateway is used, is that right? If the default gateway is used then 176.9.62.182 is seeing my real ip address so a Input rule won't stop that.

  • Stopped transmission and openvpn services
    iptables -F
    ip route flush table vpn
    ip route flush cache
    Started transmission and 51413 was open. Trackers and DHT working through my real IP


    Removed script and route-noexec from .conf
    Started openvpn and transmission. Port 51413 was open. Trackers and DHT working through my vpn IP


    Reinstated script and route-noexec from .conf
    Started openvpn and transmission. Port 51413 was closed. Trackers and DHT not working through my vpn IP


    Restarted transmission and port 51413 was closed but Trackers and DHT working
    Tried this a number of times and whether the Trackers are working is a bit intermittent.

Participate now!

Don’t have an account yet? Register yourself now and be a part of our community!