Tomato, Transmission, OpenVPN and Port Forwarding

0

My network configuration:

  1. I run transmission on my Netgear R7000 router, it is running a fork (v2017.2) of [Tomato shibby by Kille72][1].
  2. My router is not a gateway, it is set up as an access point behind a dedicated router/modem and is on the same subnet. It is not even a DHCP server.
  3. My router is configured with an ip of 192.168.1.251

My goals:

  1. I want to route all of my transmission traffic through the OpenVPN client of my router without DNS leak.

  2. I want to use port forwarding of my VPN with transmission to successfully forward the assigned port in transmission the client. I am looking to tie the assigned port in transmission with the change of port by my VPN.

What I know so far:

  1. The limitations of running a cut-down linx system in Tomato seem to cause me issues with running scripts that other people have made online.
  2. I managed to [run this script][2] to successfully request my port from privateinterentaccess.com but I can't seem to find a working script to send this port automatically to transmission. In the link (or script) you can see the API Private internet access have created to request the port.
  3. I have found various other scripts, including [another in the link above][3] that does not work, I get regex errors when running the script.
  4. I have tried also [this script][4] which looks tailored for my use but it doesn't work. After modifying the script I get:

awk: cmd. line:1: Unexpected token awk: cmd. line:1: Unexpected token awk: cmd. line:1: Unexpected token ping: bad address '””' awk: cmd. line:1: Unexpected token

  1. I have very limited linux knowledge but I am keen to learn and have found this very interesting.
  2. Most of the info online seems points to people running transmission on a client running behind a router (probably a NAS). This seems to make it harder since I need to forward traffic only from the server I am running both transmission and openVPN on.

Some notes

  1. I noticed that because Tomato wasn't running bash or sha256sum I had to find a way to install them for the script to request a port to work. I downloaded them from the optware repository.
  2. There is a routing policy tab in the OpenVPN section of tomato but it seems to be very buggy and I can't work out how to use it without a DNS leak. The only way I don't leak is if I choose the option: redirect internet traffic. [Here are bugs that have been found][5] in the routing policy and here are screenshots of the options I have in open VPN+my current custom config:

Does anyone have any suggestions for the best way I can achieve my goals?

Thanks for taking the time to read!

I have had to remove my links as I do not have a reputation high enough to post more than two. You can view them here: https://pastebin.com/UzdM0fjj

Dodgexander

Posted 2017-10-13T15:22:37.903

Reputation: 1

Answers

0

Success! Working script below:

Dependencies: transmission-remote - you can install the transmission-remote-openssl package through optware. sha256sum - optware package coreutils-sha256sum

#!/usr/bin/env bash
#
# Enable port forwarding when using Private Internet Access
#
# Usage:
#  ./port_forwarding.sh
# script must be run within 2 mins of connecting to vpn server. Do not forget to reconnect/connect
# fill in your transmission username, password and hostname/ip below:

TRANSUSER=xxxxx
TRANSPASS=xxxxx
TRANSHOST=localhost
#now let the script do the work

Sleep 20
echo pausing to wait for vpn to connect and transmission to start

error( )
{
  echo "$@" 1>&2
  exit 1
}

error_and_usage( )
{
  echo "$@" 1>&2
  usage_and_exit 1
}

usage( )
{
  echo "Usage: `dirname $0`/$PROGRAM"
}

usage_and_exit( )
{
  usage
  exit $1
}

version( )
{
  echo "$PROGRAM version $VERSION"
}


port_forward_assignment( )
{
  client_id_file="/etc/openvpn/pia_client_id"
  if [ ! -f "$client_id_file" ]; then
    if hash shasum 2>/dev/null; then
      head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > "$client_id_file"
    elif hash sha256sum 2>/dev/null; then
      head -n 100 /dev/urandom | sha256sum | tr -d " -" > "$client_id_file"
    else
      echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
      exit 1
    fi
  fi
  client_id=`cat "$client_id_file"`
  json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
  if [ "$json" == "" ]; then
    json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
  fi

  echo server returned: $json

#trim VPN forwarded port from JSON
PORT=$(echo $json | awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
echo if successful, trimmed port is:$PORT

#change transmission port on the fly

transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
echo here are your transmission credentials: host:$TRANSHOST username:$TRANSUSER password:$TRANSPASS
}
echo remember to run no longer than 2 mins after reconnecting/connecting to vpn server.

EXITCODE=0
PROGRAM=`basename $0`
VERSION=2.1

while test $# -gt 0
do
  case $1 in
  --usage | --help | -h )
    usage_and_exit 0
    ;;
  --version | -v )
    version
    exit 0
    ;;
  *)
    error_and_usage "Unrecognized option: $1"
    ;;
  esac
  shift
done

port_forward_assignment

exit 0

Dodgexander

Posted 2017-10-13T15:22:37.903

Reputation: 1

Asked: 2017-10-13T15:22:37.903

Viewed: 473 times

Active: 2017-10-21T04:19:39.810