rtorrent through openvpn

pia_swe.ovpn

client
dev tun

# "Allow calling of built-in executables and user-defined scripts." In other
# words, this must be specified for the `up` script to be executed.
script-security 2
route-nopull
up   vpn-up.sh
down vpn-down.sh

# A file containing a username and password. Not necessary, but handy.
# Set permissions appropriately!
auth-user-pass pia_login.conf

proto udp
remote sweden.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass
comp-lzo
verb 1
reneg-sec 0
crl-verify crl.pem

rtorrent_openvpn.md

Intro

Set up a VPN (in this case Private Internet Access and start & bind rtorrent on that tunnel Inspired by: http://www.ichimonji10.name/blog/1/

Note that only rtorrent traffic will be routed through the tunnel, everything else goes the normal way.

Prerequisite

Make sure that you have configured a routing table piatunnel on your system:

echo 200 piatunnel >> /etc/iproute2/rt_tables

Get the PIA openvpn.zip, extract it and make sure that the certs etc. are in the same directory as ; same goes for vpn-up/down.sh. Note that is derived from the sweden config file provided in that zip from pia.

start it

establish the vpn

sudo openvpn pia_swe.ovpn

start rtorrent with the bind option

./rtorrentvpnip.sh

Based on the configured tunnel, in example tun1, get the local IP for the established VPN and start rtorrent with the -b (bind) parameter to bind to the local VPN IP.

Read further

https://wiki.archlinux.org/index.php/RTorrent

Todo

• The openvpn resets itself every now and then, in this case the IP which rtorrent has been bind to is not valid anymore. Either re-execute or implement a script that tells rtorrent to bind to another IP
• update to figure out the openvpn tunnel itself
• enable PIA port-forwarding and configure rtorrent use the fwd'd-port

rtorrentvpnip.sh

#!/usr/bin/env sh

tun_dev="tun1"
bind2ip=`ip route get 8.8.8.8 oif "$tun_dev" | awk '{if ($5 == "") next;} {print $5}'`

if [ -z "$bind2ip" ]; then 
   echo "Unable to bind, couldn't get piatunnel ip"
   exit -1
fi
echo "Starting rtorrent bind to ip: $bind2ip"
exec rtorrent -b "$bind2ip"

vpn-down.sh

#!/usr/bin/env sh
# Tear down rules which implement split routing based on source IP. This
# script should be called by the `--down` option.

rt_table="piatunnel"

# make sure that rt table exits, e.g.
# echo 200 piatunnel >> /etc/iproute2/rt_tables

ip rule delete from "$ifconfig_local" table "$rt_table"
ip route flush table "$rt_table"

vpn-up.sh

#!/usr/bin/env sh
# Configure routing tables to implement split routing based on source IP.
# This script should be called by the `--up` option.

rt_table="piatunnel"

# make sure that rt table exits, e.g.
# echo 200 piatunnel >> /etc/iproute2/rt_tables

ip rule add from "$ifconfig_local" table "$rt_table"
ip route add table "$rt_table" default via "$ifconfig_remote"
ip route add table "$rt_table" "$ifconfig_remote" via "$ifconfig_local" dev "$dev"

I have one important thing to add :)
I just spent too much time to find out that the env var "ifconfig_remote" is ONLY set if "you're using 'dev tun' and
are not using 'topology subnet'" (see: https://groups.google.com/forum/#!topic/openvpn-users/JT-f1XzAFQs)
If your VPN provider is using 'topology subnet' your up-script keeps failing.
A simple way to fix this, is to calculate the first possible IP adress of your given subnet and set the ifconfig_remote variable to this IP before you execute the rest of the script.
It is not fail-prove, as the VPN gateway does not have to be the first IP, but in most cases it should be.

You say it needs to be started with "sudo openvpn swe_pia.ovpn" but you named the file pia_swe.ovpn!

You say it needs to be started with "sudo openvpn swe_pia.ovpn" but you named the file pia_swe.ovpn!

Fixed, thanks! :)

@bisam could you elaborate a bit more on your response? I'm running into the same issue but I'm not sure how to calculate the first possible IP. Also the google group for openvpn-users no longer exists 😢

@ahirschberg

These are actually passed as script variables:

tun_dev=$1
tun_mtu=$2
link_mtu=$3
ifconfig_local=$4
ifconfig_remote=$5