My VPN'd torrent-wielding NAS


9 posts
by Nexy » Tue Jul 31, 2012 3:16 pm
Any suggestions for improvements would be appreciated. My instructions are written with the assumption of common sense. If you're trying to download some and you're prompted to confirm the download, then confirm the download. If you're editing a file, save it when you're done.

You need to already know how to use a torrent client. Deluge is what I'm using because you can connect the GUI to a remote machine and configure it like it's local. The GUI I'm using is on Windows, the actually torrenting is done by Deluged on the Pi. I don't really cover the connecting bit in great detail, but there are pointers at the end. It's not difficult, and check the list of websites for the Deluge one if you need more help. Or post here.

This also assumes you're using a VPN, highly recommended in the UK at least. I'm using Mullvad (I don't get commission or anything) but any OpenVPN supplier should work, you'll just have to adapt the instructions. Torrentfreak have a good list, Mullvad aren't the *best* but they seem to be the *best value*. It means your ISP can't sniff through your traffic and anyone else you're peered with can't see your home IP address.

I delete the network's default gateway once the VPN is set up, otherwise if the VPN drops you start spewing torrent traffic from your home IP. Obviously *we'll only* be getting *Linux ISOs*, but if you want to hide your Linux-loving identity from Microsoft or anyone else, use a VPN and delete your default gateway.

There are almost certainly better ways of doing what I'm doing, but this got me up and running.

I'm assuming you know how to use (or can figure out) "nano", it's a basic text editor. If you prefer vi or emacs or whatever, feel free to use those instead.

I've incorporated the R-Pi NAS instructions into mine (as I didn't bother making a backup when I did it, and didn't bother with security.)

I figured most of this out myself before actually finding the sources, so if there's any conflict, probably best to follow the sources instead of what I've done here.

Sources:
http://elinux.org/RPi_Adding_USB_Drives
http://www.samba.org/samba/docs/man/man ... onf.5.html
http://mullvad.net/en/openvpn_conf.php
http://dev.deluge-torrent.org/wiki/UserGuide/ThinClient

Write your Raspbian image to your SD card.

Boot your Pi.

SSH into the Pi (username: pi password: raspberry ) or plug in a keyboard and display and do it locally.

Run the Raspberry Pi configuration tool.

Code: Select all
sudo raspi-config


In the config tool do the Update, then configure your Pi to your tastes. :) I'd recommend changing to the 224MB RAM split and expand to fill the SD card.

If it asks to reboot, reboot then SSH back in.

Update and upgrade the install to the latest versions in the repository. This is the Linux equivalent of Windows Update, only better.

Code: Select all
sudo apt-get update
sudo apt-get upgrade


Now we want to put in our storage and get it mounted. Plug in your USB storage (in my case, an external USB HDD harddrive)

Change to the /dev directory so we can find out what your device has been labeled as.

Code: Select all
cd /dev
ls


For me, it's "sda" and the first partition on it is "sda1".

Create an empty directory in /mnt to point the drive at.

Code: Select all
sudo mkdir /mnt/usbhdd


Open up /etc/fstab which tells Linux where and how to mount things. You can use any editor you like, but I like nano.

Code: Select all
sudo nano /etc/fstab


Add a new line for your device. In my case I used

Code: Select all
/dev/sda1       /mnt/usbhdd     auto    defaults          0       0


The options are explained here:

http://www.tuxfiles.org/linuxhelp/fstab.html

Now we want to check it worked by telling "mount" to mount all the stuff in fstab.

Code: Select all
sudo mount -a


Now let's see if it's mounted the drive.

Code: Select all
cd /mnt/usbhdd
ls


It's worked for me, I can see all my files! Now let's install Samba so we can access the files over the network.

Code: Select all
sudo apt-get install samba


Backup the Samba configuration file in case we mess it up.

Code: Select all
sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.old


Install some extra bits and bobs for Samba that we'll use.

Code: Select all
sudo apt-get install samba-common-bin


Now let's open up the Samba config.

Code: Select all
sudo nano /etc/samba/smb.conf


My changes are:

Code: Select all
[usbhdd]
   comment = Iomega Ext USB HDD
   valid users = @users
   force group = users
   create mask = 0660
   directory mask = 0771
   read only = no
   locking = no
   path = /mnt/usbhdd


Restart Samba to use our changes.

Code: Select all
sudo /etc/init.d/samba restart


Setup the pi user for Samba.

Code: Select all
sudo smbpasswd -a pi


I used the same password as the normal login.

Check you can log in to the share from your Windows machine. If it works, that's NAS sorted!

Next up, OpenVPN and the Mullvad connection.

First, see what your external (public) IP is so that we know if it changes!

Code: Select all
curl ifconfig.me


Now we'll install OpenVPN and resolvconf.

Code: Select all
sudo apt-get install openvpn resolvconf


Next, go back to your home directory and download your Mullvad OpenVPN configuration file.
Replace 1122334455 with your customer number.

Code: Select all
cd ~   
wget http://mullvad.net/custgen.php?id=[u]1122334455[/u]


Rename the file something sensible like mullvadconf.zip

Code: Select all
mv custgen.php?id=[u]1122334455[/u] mullvadconf.zip


Unzip the config.

Code: Select all
unzip mullvadconf.zip


This will unpack a directory with the name as your customer number. Go into it.
Replace 1122334455 with your customer number.

Code: Select all
cd [u]1122334455[/u]


Copy the contents into your OpenVPN folder.
It'll complain
"cp: omitting directory `OSX'"
which is fine because we don't want the OSX directory.

Code: Select all
sudo cp * /etc/openvpn/


Restart OpenVPN.

Code: Select all
sudo /etc/init.d/openvpn restart


It should say:

[ ok ] Stopping virtual private network daemon:.
[ ok ] Starting virtual private network daemon: mullvad_linux.


Check it worked by checking your new external IP against the one you got earlier.

Code: Select all
curl ifconfig.me


Remove the default gateway so that if the VPN drops, you don't start leaking traffic outside of your VPN.
Replace 192.168.1.1 with whatever your router's internal address is. Don't forget, this will stop you reestablishing your VPN if it drops!

Code: Select all
sudo route del default gw 192.168.1.1 dev eth0


That's your VPN sorted. Go back to your home directory.

Code: Select all
cd ~


Now install your torrent client! I like Deluge, and I control it from a Windows machine. We also want the console UI so we can configure and test it easily.


Code: Select all
sudo apt-get install deluged
sudo apt-get install deluge-console



Run Deluged

Code: Select all
deluged


Backup your Deluged config file.

Code: Select all
cp ~/.config/deluge/auth cp ~/.config/deluge/auth.old


Edit your auth file to add a user to remotely connect with.

Code: Select all
nano ~/.config/deluge/auth


Add a new line for your new user. Make sure there are no trailing new lines.

Code: Select all
pi:raspberry:10


Start up the console version of Deluge.

Code: Select all
deluge-console


Inside deluge-console set the config to allow remote connections:

Code: Select all
config -s allow_remote True


Exit with:

Code: Select all
exit


Kill the existing Deluged and start it up again (to reload the config).

Code: Select all
pkill deluged
deluged


Connect using your Deluge client from Windows. I'm not covering using Deluge in Windows, but the main bit is edit -> preferences -> Interface. Uncheck "Enable" in "Classic Mode". Then use Connection Manager to connect to deluged on your Pi.
Don't forget:

1)Change your directories to /mnt/usbhdd or whatever.
2)Disable UPnP and NAT-PMP
3)Add an incoming port to your Mullvad connection and change deluge to use it (instead of random incoming).

(If you need to put the default gateway back, for example if your VPN drops, stop all your torrent traffic then use
Code: Select all
sudo route add default gw 192.168.1.1 dev eth0
. Don't forget to delete it again before starting up your torrents!)
Posts: 72
Joined: Sun Oct 09, 2011 9:03 pm
by lumeno » Fri Jan 25, 2013 4:24 am
This is fantastic! Thank you so much for an excellent, detailed guide -- I've saved this in my bookmarks :)

The throughput I'm getting when the VPN is up is deplorable though -- much less than I get on my laptop. I have a thread here http://www.raspberrypi.org/phpBB3/viewtopic.php?f=28&t=30911&e=0 detailing my problems. I wonder if you've had any problems with bandwidth on your NAS?
Posts: 9
Joined: Thu Jan 24, 2013 1:48 am
by jcampbell » Fri Mar 01, 2013 7:48 pm
Thanks, your instructions are fantastic! One question, is there any way to automate deleting the default gateway after starting OpenVPN, or do I need to do it manually each time?
Posts: 3
Joined: Fri Mar 01, 2013 7:45 pm
by Nexy » Sun May 12, 2013 6:06 pm
Sorry guys, I seem to have turned off my notifications for this thread. Oops! I only noticed when someone PM'd me about it.

@PM re: DNS: I didn't notice that, but I usually have my DNS set to 8.8.8.8 (Google) anyway as Virgin Media's DNS servers are rubbish. You could set it to your VPN provider's DNS server without too much problem.

@lumeno: That wasn't a problem I had, but my Pi did struggle a bit CPU-wise. I think the line I was on was the limiting factor at the time, so it's possible I was having the same problem and it was just masked by the slow connection anyway. Perhaps PPTP would be better?

@jcampbell: In theory, there are ways to automate deleting the default gateway after starting OpenVPN.
You can put the code into the script that's run on connection, but I couldn't get it to work reliably. That is, most likely, my failure rather than anything else. This is probably worth a look: http://askubuntu.com/questions/28733/ho ... ccessfully

You could also setup a program that automates it, and maybe also watches for connectivity issues and rebuilds the connection when required, and shuts down the torrent software to stop it leaking.

I must confess though, I've reallocated my Pi for other purposes now so I don't have this set-up to test with.
Posts: 72
Joined: Sun Oct 09, 2011 9:03 pm
by SyncingFeeling » Sun May 12, 2013 7:47 pm
I plead guilty to noobism, but how do you change the DNS servers that the pi uses? :/
Posts: 43
Joined: Thu Jan 03, 2013 9:15 pm
by Nexy » Mon May 13, 2013 1:25 pm
Easiest thing is to set it in the DHCP stuff on your router. There's no cause to use Virgin Media's DNS for anything tbh.
Posts: 72
Joined: Sun Oct 09, 2011 9:03 pm
by bob_binz » Mon May 13, 2013 4:23 pm
SyncingFeeling wrote:I plead guilty to noobism, but how do you change the DNS servers that the pi uses? :/


edit /etc/resolv.conf:

Code: Select all
sudo nano /etc/resolv.conf


and add a new entries add required:

Code: Select all
nameserver 8.8.8.8
nameserver 8.8.8.4


and save/exit (ctrl-x, y)
User avatar
Posts: 367
Joined: Thu Feb 02, 2012 7:58 pm
Location: Stockport, UK
by SyncingFeeling » Mon May 13, 2013 10:03 pm
resolv.conf doesn't save the changes: as it says in the file it wipes at every reboot :(. Nor does editing the 'base' file seem to work in changing it.

I did what Nex suggested and changed the DNS in the router, but ideally I'd like to set particular DNS for the pi so it will be 'proof' when I take it somewhere else.
Posts: 43
Joined: Thu Jan 03, 2013 9:15 pm
by frankiemac » Fri Jun 28, 2013 6:58 pm
Hi
I coped well with this description right up to the point where you say:

1)Change your directories to /mnt/usbhdd or whatever.
2)Disable UPnP and NAT-PMP
3)Add an incoming port to your Mullvad connection and change deluge to use it (instead of random incoming).

I've spent days trying to find out how to "Add an incoming port to your Mullvad connection" and have given up all hope! I am using OpenVPN in the Pi configured with the Mullvad config file, I am able to use the internet (outward) but am getting no incoming connections on Deluge, help please!

Thanks
Posts: 1
Joined: Fri Jun 28, 2013 6:51 pm