mullvad-up.shas called fromopenvpn.confwould be unnecessary if openvpn would fork after setting up thetuninterface, for then its contents could be realized with a few systemdExecStartPost-directives.- Some means of automatically detecting and stopping/reconnecting a broken connection would be nice.
- Due to libcurl being buggy, transmission-daemon leaks DNS requests. I don't mind, if you do, consider using a couple of iptables rules to route any packets coming from transmission's UID through a special routing table.
Created
April 28, 2014 10:55
-
-
Save jaseg/11368375 to your computer and use it in GitHub Desktop.
systemd service file for running a transmission-daemon through OpenVPN
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # /etc/openvpn/mullvad-up.sh | |
| #Routing table setup | |
| /usr/sbin/ip route flush table transmission | |
| /usr/sbin/ip route add 10.8.0.0/24 dev "$dev" src "$ifconfig_local" table transmission | |
| /usr/sbin/ip route add default via "$ifconfig_remote" table transmission | |
| #Routing rule setup | |
| /usr/sbin/ip rule del lookup transmission | |
| /usr/sbin/ip rule del lookup transmission | |
| /usr/sbin/ip rule add to "$ifconfig_local" lookup transmission | |
| /usr/sbin/ip rule add from "$ifconfig_local" lookup transmission | |
| #Firewall setup | |
| #iptables -A OUTPUT -o %i -m owner --uid-owner transmission -j ACCEPT | |
| #iptables -A OUTPUT -o lo -m owner --uid-owner transmission -j ACCEPT | |
| #iptables -A OUTPUT -m owner --uid-owner transmission -j DROP | |
| systemctl start transmission-vpn@$ifconfig_local |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/mullvad-vpn.service | |
| [Unit] | |
| Description=OpenVPN connection to Mullvad | |
| After=network.target | |
| #StopWhenUnneeded=true | |
| [Service] | |
| Type=forking | |
| ExecStart=/usr/sbin/openvpn --cd /etc/openvpn --config /etc/openvpn/mullvad.conf --daemon mullvad-vpn --writepid /var/run/openvpn-mullvad.pid | |
| PIDFile=/var/run/openvpn-mullvad.pid | |
| ExecStopPost=/usr/sbin/ip rule del lookup transmission | |
| ExecStopPost=/usr/sbin/ip rule del lookup transmission | |
| ExecStopPost=/usr/sbin/ip route flush table transmission | |
| [Install] | |
| WantedBy=network.target |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/openvpn/mullvad.conf | |
| # Notice to Mullvad customers: | |
| # | |
| # Apart from openvpn, you also need to install the | |
| # package "resolvconf", available via apt, e.g. | |
| # | |
| # For those of you behind very restrictive firewalls, | |
| # you can use our tunnels on tcp port 443, as well as | |
| # on udp port 53. | |
| client | |
| dev tun | |
| user nobody | |
| group nobody | |
| proto udp | |
| #proto tcp | |
| #remote openvpn.mullvad.net 1194 | |
| #remote openvpn.mullvad.net 443 | |
| #remote openvpn.mullvad.net 53 | |
| remote se.mullvad.net # Servers in Sweden | |
| #remote nl.mullvad.net # Servers in the Netherlands | |
| # Keep trying indefinitely to resolve the | |
| # host name of the OpenVPN server. Very useful | |
| # on machines which are not permanently connected | |
| # to the internet such as laptops. | |
| resolv-retry infinite | |
| # Most clients don't need to bind to | |
| # a specific local port number. | |
| nobind | |
| # Try to preserve some state across restarts. | |
| persist-key | |
| persist-tun | |
| # Enable compression on the VPN link. | |
| comp-lzo | |
| # Set log file verbosity. | |
| verb 3 | |
| remote-cert-tls server | |
| ping-restart 20 | |
| # Allow calling of built-in executables and user-defined scripts. | |
| script-security 2 | |
| up /etc/openvpn/mullvad-up.sh | |
| # Parses DHCP options from openvpn to update resolv.conf | |
| #up /etc/openvpn/update-resolv-conf | |
| #down /etc/openvpn/update-resolv-conf | |
| ping 10 | |
| ca master.mullvad.net.crt | |
| cert mullvad.crt | |
| key mullvad.key | |
| route-nopull |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/iproute2/rt_tables | |
| # Adapt for your needs | |
| 255 local | |
| 254 main | |
| 253 default | |
| 23 transmission | |
| 0 unspec |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # /etc/systemd/system/transmission-vpn@.service | |
| [Unit] | |
| Description=Transmission BitTorrent Daemon over Mulvard Openvpn | |
| Requires=mullvad-vpn.service | |
| [Service] | |
| Type=simple | |
| User=transmission | |
| WorkingDirectory=/mnt/storage/torrent | |
| ExecStart=/usr/bin/transmission-daemon -c torrents --foreground -ep -gsr 2.0 --incomplete-dir incomplete --no-portmap --bind-address-ipv4 %i --bind-address-ipv6 ::1 --dht --rpc-bind-address 127.0.0.1 --utp --download-dir download --log-error | |
| [Install] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment