Transmission (transmission-daemon) + OpenVPN + Private Internet Access (PIA) automatic port forwarding when VPN connects

up.sh

#!/usr/bin/env bash

# This script sets the Transmission port to a port that is dynamically
# opened by PIA when we access their port forwarding API at 209.222.18.222.
#
# Don't forget to set your Transmission username and password and to
# make this script executable! `$ chmod +x up.sh`
#
# Dependencies:
# - jq (`apt install jq`)
# - transmission-remote
# 
# Reference:
# - https://www.privateinternetaccess.com/forum/discussion/23431/
# - https://www.privateinternetaccess.com/installer/port_forwarding.sh

transmission_username=xxxxxxxx
transmission_password=xxxxxxxxxxx
log_file=/etc/openvpn/up.sh.log

# Fetch a port and perform the actual transmission-daemon port set
# in a background subshell because the network isn't available as
# long as the OpenVPN up script has not returned.
(
  # Wait for the API to be reachable AND for transmission-daemon  to be started
  # Dont set this too high else you risk going past the 2-minute window during
  # which the port forwarding API can be reached!
  sleep 45

  client_id=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
  result=$(curl http://209.222.18.222:2000/?client_id=$client_id)
  echo "Got response '$result'" | tee -a $log_file
  if [ -z "$result" ]; then
    echo "Empty response, skipping port forward"
    exit 0
  fi

  port=$(echo $result | jq ".port")
  if [ -z "$port" ]; then
    echo "Could not extract port from response, skipping port forward"
    exit 0
  fi

  echo "Forwarding port '$port'" | tee -a $log_file
  transmission-remote --auth="$transmission_username:$transmission_password" --port=$port | tee -a $log_file
) > /dev/null 2>&1 &

vpn.conf

# Add the following to your VPN .conf file
# to tell OpenVPN to run `up.sh` when it connects.

script-security 2
up /etc/openvpn/up.sh