My VPN'd torrent-wielding NAS

[Nexy]

Any suggestions for improvements would be appreciated. My instructions are written with the assumption of common sense. If you're trying to download some and you're prompted to confirm the download, then confirm the download. If you're editing a file, save it when you're done.

You need to already know how to use a torrent client. Deluge is what I'm using because you can connect the GUI to a remote machine and configure it like it's local. The GUI I'm using is on Windows, the actually torrenting is done by Deluged on the Pi. I don't really cover the connecting bit in great detail, but there are pointers at the end. It's not difficult, and check the list of websites for the Deluge one if you need more help. Or post here.

This also assumes you're using a VPN, highly recommended in the UK at least. I'm using Mullvad (I don't get commission or anything) but any OpenVPN supplier should work, you'll just have to adapt the instructions. Torrentfreak have a good list, Mullvad aren't the *best* but they seem to be the *best value*. It means your ISP can't sniff through your traffic and anyone else you're peered with can't see your home IP address.

I delete the network's default gateway once the VPN is set up, otherwise if the VPN drops you start spewing torrent traffic from your home IP. Obviously *we'll only* be getting *Linux ISOs*, but if you want to hide your Linux-loving identity from Microsoft or anyone else, use a VPN and delete your default gateway.

There are almost certainly better ways of doing what I'm doing, but this got me up and running.

I'm assuming you know how to use (or can figure out) "nano", it's a basic text editor. If you prefer vi or emacs or whatever, feel free to use those instead.

I've incorporated the R-Pi NAS instructions into mine (as I didn't bother making a backup when I did it, and didn't bother with security.)

I figured most of this out myself before actually finding the sources, so if there's any conflict, probably best to follow the sources instead of what I've done here.

Sources:
http://elinux.org/RPi_Adding_USB_Drives
http://www.samba.org/samba/docs/man/man ... onf.5.html
http://mullvad.net/en/openvpn_conf.php
http://dev.deluge-torrent.org/wiki/UserGuide/ThinClient

Write your Raspbian image to your SD card.

Boot your Pi.

SSH into the Pi (username: pi password: raspberry ) or plug in a keyboard and display and do it locally.

Run the Raspberry Pi configuration tool.

Code: Select all

sudo raspi-config

In the config tool do the Update, then configure your Pi to your tastes. I'd recommend changing to the 224MB RAM split and expand to fill the SD card.

If it asks to reboot, reboot then SSH back in.

Update and upgrade the install to the latest versions in the repository. This is the Linux equivalent of Windows Update, only better.

Code: Select all

sudo apt-get update
sudo apt-get upgrade

Now we want to put in our storage and get it mounted. Plug in your USB storage (in my case, an external USB HDD harddrive)

Change to the /dev directory so we can find out what your device has been labeled as.

Code: Select all

cd /dev
ls

For me, it's "sda" and the first partition on it is "sda1".

Create an empty directory in /mnt to point the drive at.

Code: Select all

sudo mkdir /mnt/usbhdd

Open up /etc/fstab which tells Linux where and how to mount things. You can use any editor you like, but I like nano.

Code: Select all

sudo nano /etc/fstab

Add a new line for your device. In my case I used

Code: Select all

/dev/sda1       /mnt/usbhdd     auto    defaults          0       0

The options are explained here:

http://www.tuxfiles.org/linuxhelp/fstab.html

Now we want to check it worked by telling "mount" to mount all the stuff in fstab.

Code: Select all

sudo mount -a

Now let's see if it's mounted the drive.

Code: Select all

cd /mnt/usbhdd
ls

It's worked for me, I can see all my files! Now let's install Samba so we can access the files over the network.

Code: Select all

sudo apt-get install samba

Backup the Samba configuration file in case we mess it up.

Code: Select all

sudo cp /etc/samba/smb.conf /etc/samba/smb.conf.old

Install some extra bits and bobs for Samba that we'll use.

Code: Select all

sudo apt-get install samba-common-bin

Now let's open up the Samba config.

Code: Select all

sudo nano /etc/samba/smb.conf

My changes are:

Code: Select all

[usbhdd]
   comment = Iomega Ext USB HDD
   valid users = @users
   force group = users
   create mask = 0660
   directory mask = 0771
   read only = no
   locking = no
   path = /mnt/usbhdd

Restart Samba to use our changes.

Code: Select all

sudo /etc/init.d/samba restart

Setup the pi user for Samba.

Code: Select all

sudo smbpasswd -a pi

I used the same password as the normal login.

Check you can log in to the share from your Windows machine. If it works, that's NAS sorted!

Next up, OpenVPN and the Mullvad connection.

First, see what your external (public) IP is so that we know if it changes!

Code: Select all

curl ifconfig.me

Now we'll install OpenVPN and resolvconf.

Code: Select all

sudo apt-get install openvpn resolvconf

Next, go back to your home directory and download your Mullvad OpenVPN configuration file.
Replace 1122334455 with your customer number.

Code: Select all

cd ~	
wget http://mullvad.net/custgen.php?id=[u]1122334455[/u]

Rename the file something sensible like mullvadconf.zip

Code: Select all

mv custgen.php?id=[u]1122334455[/u] mullvadconf.zip

Unzip the config.

Code: Select all

unzip mullvadconf.zip

This will unpack a directory with the name as your customer number. Go into it.
Replace 1122334455 with your customer number.

Code: Select all

cd [u]1122334455[/u]

Copy the contents into your OpenVPN folder.
It'll complain

"cp: omitting directory `OSX'"

which is fine because we don't want the OSX directory.

Code: Select all

sudo cp * /etc/openvpn/

Restart OpenVPN.

Code: Select all

sudo /etc/init.d/openvpn restart

It should say:

[ ok ] Stopping virtual private network daemon:.
[ ok ] Starting virtual private network daemon: mullvad_linux.

Check it worked by checking your new external IP against the one you got earlier.

Code: Select all

curl ifconfig.me

Remove the default gateway so that if the VPN drops, you don't start leaking traffic outside of your VPN.
Replace 192.168.1.1 with whatever your router's internal address is. Don't forget, this will stop you reestablishing your VPN if it drops!

Code: Select all

sudo route del default gw 192.168.1.1 dev eth0

That's your VPN sorted. Go back to your home directory.

Code: Select all

cd ~

Now install your torrent client! I like Deluge, and I control it from a Windows machine. We also want the console UI so we can configure and test it easily.

Code: Select all

sudo apt-get install deluged
sudo apt-get install deluge-console

Run Deluged

Code: Select all

deluged

Backup your Deluged config file.

Code: Select all

cp ~/.config/deluge/auth cp ~/.config/deluge/auth.old

Edit your auth file to add a user to remotely connect with.

Code: Select all

nano ~/.config/deluge/auth

Add a new line for your new user. Make sure there are no trailing new lines.

Code: Select all

pi:raspberry:10

Start up the console version of Deluge.

Code: Select all

deluge-console

Inside deluge-console set the config to allow remote connections:

Code: Select all

config -s allow_remote True

Exit with:

Code: Select all

exit

Kill the existing Deluged and start it up again (to reload the config).

Code: Select all

pkill deluged
deluged

Connect using your Deluge client from Windows. I'm not covering using Deluge in Windows, but the main bit is edit -> preferences -> Interface. Uncheck "Enable" in "Classic Mode". Then use Connection Manager to connect to deluged on your Pi.
Don't forget:

1)Change your directories to /mnt/usbhdd or whatever.
2)Disable UPnP and NAT-PMP
3)Add an incoming port to your Mullvad connection and change deluge to use it (instead of random incoming).

(If you need to put the default gateway back, for example if your VPN drops, stop all your torrent traffic then use

Code: Select all

sudo route add default gw 192.168.1.1 dev eth0

. Don't forget to delete it again before starting up your torrents!)[/b]

[lumeno]

This is fantastic! Thank you so much for an excellent, detailed guide -- I've saved this in my bookmarks

The throughput I'm getting when the VPN is up is deplorable though -- much less than I get on my laptop. I have a thread here http://www.raspberrypi.org/phpBB3/viewt ... =30911&e=0 detailing my problems. I wonder if you've had any problems with bandwidth on your NAS?

[jcampbell]

Thanks, your instructions are fantastic! One question, is there any way to automate deleting the default gateway after starting OpenVPN, or do I need to do it manually each time?

[Nexy]

Sorry guys, I seem to have turned off my notifications for this thread. Oops! I only noticed when someone PM'd me about it.

@PM re: DNS: I didn't notice that, but I usually have my DNS set to 8.8.8.8 (Google) anyway as Virgin Media's DNS servers are rubbish. You could set it to your VPN provider's DNS server without too much problem.

@lumeno: That wasn't a problem I had, but my Pi did struggle a bit CPU-wise. I think the line I was on was the limiting factor at the time, so it's possible I was having the same problem and it was just masked by the slow connection anyway. Perhaps PPTP would be better?

@jcampbell: In theory, there are ways to automate deleting the default gateway after starting OpenVPN.
You can put the code into the script that's run on connection, but I couldn't get it to work reliably. That is, most likely, my failure rather than anything else. This is probably worth a look: http://askubuntu.com/questions/28733/ho ... ccessfully

You could also setup a program that automates it, and maybe also watches for connectivity issues and rebuilds the connection when required, and shuts down the torrent software to stop it leaking.

I must confess though, I've reallocated my Pi for other purposes now so I don't have this set-up to test with.

[SyncingFeeling]

I plead guilty to noobism, but how do you change the DNS servers that the pi uses? :/

[Nexy]

Easiest thing is to set it in the DHCP stuff on your router. There's no cause to use Virgin Media's DNS for anything tbh.

[bob_binz]

I plead guilty to noobism, but how do you change the DNS servers that the pi uses? :/

edit /etc/resolv.conf:

Code: Select all

sudo nano /etc/resolv.conf

and add a new entries add required:

Code: Select all

nameserver 8.8.8.8
nameserver 8.8.8.4

and save/exit (ctrl-x, y)

[SyncingFeeling]

resolv.conf doesn't save the changes: as it says in the file it wipes at every reboot . Nor does editing the 'base' file seem to work in changing it.

I did what Nex suggested and changed the DNS in the router, but ideally I'd like to set particular DNS for the pi so it will be 'proof' when I take it somewhere else.

[frankiemac]

Hi
I coped well with this description right up to the point where you say:

1)Change your directories to /mnt/usbhdd or whatever.
2)Disable UPnP and NAT-PMP
3)Add an incoming port to your Mullvad connection and change deluge to use it (instead of random incoming).

I've spent days trying to find out how to "Add an incoming port to your Mullvad connection" and have given up all hope! I am using OpenVPN in the Pi configured with the Mullvad config file, I am able to use the internet (outward) but am getting no incoming connections on Deluge, help please!

Thanks

[cardboard]

I've spent days trying to find out how to "Add an incoming port to your Mullvad connection" and have given up all hope!

You didn't read their FAQ? https://www.mullvad.net/guides/port-for ... d-mullvad/

[mfa298]

I've spent days trying to find out how to "Add an incoming port to your Mullvad connection" and have given up all hope!

You didn't read their FAQ? https://www.mullvad.net/guides/port-for ... d-mullvad/

Thread necromancy is a dangerous art best practised by professionals.
I would assume frankiemac might have found a solution in the 3 1/2 years since he posted question