1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

running transmission on a VLAN

Discussion in 'Tomato Firmware' started by Tim Sudall, Oct 11, 2017.

  1. Tim Sudall

    Tim Sudall Reformed Router Member

    Is it possible to run the built in transmission via a VLAN?

    I am running Tomato Firmware 1.28.0000 -2017.2-kille72- K26ARM USB AIO-64K

    So far I have worked out how to create a VLAN and bridge that VLAN to my LAN but I can't work out how I can get the built in transmission client to work behind my VLAN.

    Steps so far:

    Created VLAN 192.168.0.1
    Bridged VLAN 192.168.0.1 too br1
    I have binded transmission to 192.168.0.1 in settings.json.

    Any idea how I can get internet traffic freely to 192.1.0.1? I have searched the internet for days, tried various NAT rules through IP tables but I can't get it to work.

    Most of the documentation online seems to point to running transmission on a server behind a tomato router, I am running transmission on the router itself!

    I'm not sure if its worth mentioning but I am not running my R7000 as a gateway, it is behind a modem and router and acting only as an access point.

    Code:
    Chain INPUT (policy DROP)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere           
    DROP       all  --  anywhere             anywhere             state INVALID
    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
    shlimit    tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW
    ACCEPT     all  --  anywhere             anywhere           
    ACCEPT     all  --  anywhere             anywhere           
    ACCEPT     all  --  anywhere             anywhere           
    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:51515
    
    Chain FORWARD (policy DROP)
    target     prot opt source               destination         
    ACCEPT     all  --  anywhere             anywhere           
               all  --  anywhere             anywhere            account: network/netmask: 192.168.1.0/255.255.255.0 name: lan
               all  --  anywhere             anywhere            account: network/netmask: 192.168.0.0/255.255.255.0 name: lan1
    ACCEPT     all  --  anywhere             anywhere           
    ACCEPT     all  --  anywhere             anywhere           
    DROP       all  --  anywhere             anywhere             state INVALID
    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
    DROP       all  --  anywhere             anywhere           
    DROP       all  --  anywhere             anywhere           
    wanin      all  --  anywhere             anywhere           
    wanout     all  --  anywhere             anywhere           
    ACCEPT     all  --  anywhere             anywhere           
    ACCEPT     all  --  anywhere             anywhere           
    
    Chain OUTPUT (policy ACCEPT)
    target     prot opt source               destination         
    
    Chain shlimit (1 references)
    target     prot opt source               destination         
               all  --  anywhere             anywhere             recent: SET name: shlimit side: source
    DROP       all  --  anywhere             anywhere             recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
    
    Chain wanin (1 references)
    target     prot opt source               destination         
    
    Chain wanout (1 references)
    target     prot opt source               destination         
    My goal is to run transmission behind a VLAN and link that VLAN to my VPN interface tun11.

    Any help to put me out of my misery welcome!
     
  2. Tim Sudall

    Tim Sudall Reformed Router Member

    I managed to work around my problem by instead using openvps custom config to both stop and start transmission as the VPN goes up and down.

    Effectively it makes it a killswitch..which is nice to have. Plus I didn't have to bother with VLANs or routes.
     
  3. Tim Sudall

    Tim Sudall Reformed Router Member

    Just to update I still can't get Tomato not to dns leak. I wonder if routing via a separate VLAN is indeed the better option.
    1. I run transmission on my Netgear R7000 router, it is running the fork (v2017.2) of Tomato shibby by Kille72.
    2. My router is not a gateway, it is set up as an access point behind a dedicated router/modem and is on the same subnet. It is not even a DHCP server.
    3. My router is configured with an ip of 192.168.1.251
    My goals:

    1. I want to route all of my transmission traffic through the OpenVPN client of my router without a DNS leak.

    2. I want to use port forwarding of my VPN with transmission to successfully forward the assigned port in transmission the client. I am looking to tie the assigned port in transmission with the change of port by my VPN.
    What I know so far:

    1. The limitations of running a cut-down linx system in Tomato seem to cause me issues with running scripts that other people have made online.
    2. I managed to run this script to successfully request my port from privateinterentaccess.com but I can't seem to find a working script to send this port automatically to transmission. In the link (or script) you can see the API Private internet access have created to request the port.
    3. I have found various other scripts, including another in the link above that does not work, I get regex errors when running the script.
    4. I have tried also this script which looks tailored for my use but it doesn't work. After modifying the script I get:
      Code:
      awk: cmd. line:1: Unexpected token awk: cmd. line:1: Unexpected token awk: cmd. line:1: Unexpected token ping: bad address '””' awk: cmd. line:1: Unexpected token
    5. I have very limited linux knowledge but I am keen to learn and have found this very interesting.
    6. Most of the info online seems points to people running transmission on a client running behind a router (probably a NAS). This seems to make it harder for me since I need to forward traffic only from the server I am running both transmission and openVPN on.
    Some notes

    1. I noticed that because Tomato wasn't running bash or sha256sum I had to find a way to install them for the script to request a port to work. I downloaded them from the optware repository.
    2. There is a routing policy tab in the OpenVPN section of tomato but it seems to be very buggy and I can't work out how to use it without a DNS leak. The only way I don't leak is if I choose the option: redirect internet traffic. Here are bugs that have been found in the routing policy and here are screenshots of the options I have in OpenVPN+my current custom config:
    [​IMG]
    [​IMG]
    [​IMG]
    Does anyone have any suggestions for the best way I can achieve my goals?

    Thanks for taking the time to read!
     
  4. Tim Sudall

    Tim Sudall Reformed Router Member

    Okay I've managed to combine two scripts but I'm still having difficulty with a regex error. Here is my current script:
    Code:
    #!/usr/bin/env bash
    #
    # Enable port forwarding when using Private Internet Access
    #
    # Usage:
    #  ./port_forwarding.sh
    
    TRANSUSER=thenames
    TRANSPASS=Jamesbond007
    TRANSHOST=localhost
    
    error( )
    {
      echo "$@" 1>&2
      exit 1
    }
    
    error_and_usage( )
    {
      echo "$@" 1>&2
      usage_and_exit 1
    }
    
    usage( )
    {
      echo "Usage: `dirname $0`/$PROGRAM"
    }
    
    usage_and_exit( )
    {
      usage
      exit $1
    }
    
    version( )
    {
      echo "$PROGRAM version $VERSION"
    }
    
    
    port_forward_assignment( )
    {
      client_id_file="/etc/openvpn/pia_client_id"
      if [ ! -f "$client_id_file" ]; then
        if hash shasum 2>/dev/null; then
          head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > "$client_id_file"
        elif hash sha256sum 2>/dev/null; then
          head -n 100 /dev/urandom | sha256sum | tr -d " -" > "$client_id_file"
        else
          echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
          exit 1
        fi
      fi
      client_id=`cat "$client_id_file"`
      json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
      if [ "$json" == "" ]; then
        json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
      fi
    
      echo $json
    }
    
    #trim VPN forwarded port from JSON
    PORT=$(echo $json | awk 'BEGIN{r=1;FS="{|:|}"} /port/{r=0; print $3} END{exit r}')
    #echo $PORT
    
    #change transmission port on the fly
    
    CURLOUT=$(curl -u $TRANSUSER:$TRANSPASS ${TRANSHOST}:9091/transmission/rpc 2>/dev/null)
    REGEX='X-Transmission-Session-Id\: (\w*)'
     
    if [[ $CURLOUT =~ $REGEX ]]; then
        SESSIONID=${BASH_REMATCH[1]}
    else
        exit 1
    fi
    
    DATA='{"method": "session-set", "arguments": { "peer-port" :'$port' } }'
     
    curl -u $TRANSUSER:$TRANSPASS http://${TRANSHOST}:9091/transmission/rpc -d "$DATA" -H "X-Transmission-Session-Id: $SESSIONID"
    
    
    EXITCODE=0
    PROGRAM=`basename $0`
    VERSION=2.1
    
    while test $# -gt 0
    do
      case $1 in
      --usage | --help | -h )
        usage_and_exit 0
        ;;
      --version | -v )
        version
        exit 0
        ;;
      *)
        error_and_usage "Unrecognized option: $1"
        ;;
      esac
      shift
    done
    
    port_forward_assignment
    
    exit 0
    It returns the port correctly but the last part of the code fails passing the port to transmission. I get the following error:
    Code:
    awk: bad regex '{|:|}': Invalid preceding regular expression
    {"arguments":{},"result":"success"}
    {"port":37482}
    
    Anyone know what it means?
     
  5. Tim Sudall

    Tim Sudall Reformed Router Member

    I'm determined to not let this lay! I want to try and figure out how I can take the port number from the json and place the given port number into a running transmission daemon. Here is the json API provided by my VPN:
    https://www.privateinternetaccess.co...warding-api/p1
     
  6. Tim Sudall

    Tim Sudall Reformed Router Member

    Success! Working script below:
    Dependencies:
    transmission-remote - you can install the transmission-remote-openssl package through optware.
    sha256sum - optware package coreutils-sha256sum
    Code:
    #!/usr/bin/env bash
    #
    # Enable port forwarding when using Private Internet Access
    #
    # Usage:
    #  ./port_forwarding.sh
    # script must be run within 2 mins of connecting to vpn server. Do not forget to reconnect/connect
    # fill in your transmission username, password and hostname/ip below:
    TRANSUSER=xxxxx
    TRANSPASS=xxxxx
    TRANSHOST=localhost
    #now let the script do the work
    Sleep 20
    echo pausing to wait for vpn to connect and transmission to start
    error( )
    {
      echo "$@" 1>&2
      exit 1
    }
    error_and_usage( )
    {
      echo "$@" 1>&2
      usage_and_exit 1
    }
    usage( )
    {
      echo "Usage: `dirname $0`/$PROGRAM"
    }
    usage_and_exit( )
    {
      usage
      exit $1
    }
    version( )
    {
      echo "$PROGRAM version $VERSION"
    }
    port_forward_assignment( )
    {
      client_id_file="/etc/openvpn/pia_client_id"
      if [ ! -f "$client_id_file" ]; then
        if hash shasum 2>/dev/null; then
          head -n 100 /dev/urandom | shasum -a 256 | tr -d " -" > "$client_id_file"
        elif hash sha256sum 2>/dev/null; then
          head -n 100 /dev/urandom | sha256sum | tr -d " -" > "$client_id_file"
        else
          echo "Please install shasum or sha256sum, and make sure it is visible in your \$PATH"
          exit 1
        fi
      fi
      client_id=`cat "$client_id_file"`
      json=`curl "http://209.222.18.222:2000/?client_id=$client_id" 2>/dev/null`
      if [ "$json" == "" ]; then
        json='Port forwarding is already activated on this connection, has expired, or you are not connected to a PIA region that supports port forwarding'
      fi
      echo server returned: $json
    #trim VPN forwarded port from JSON
    PORT=$(echo $json | awk 'BEGIN{r=1;FS="[{}\":]+"} /port/{r=0; print $3} END{exit r}')
    echo if successful, trimmed port is:$PORT
    #change transmission port on the fly
    transmission-remote $TRANSHOST --auth $TRANSUSER:$TRANSPASS -p "$PORT"
    echo here are your transmission credentials: host:$TRANSHOST username:$TRANSUSER password:$TRANSPASS
    }
    echo remember to run no longer than 2 mins after reconnecting/connecting to vpn server.
    EXITCODE=0
    PROGRAM=`basename $0`
    VERSION=2.1
    while test $# -gt 0
    do
      case $1 in
      --usage | --help | -h )
        usage_and_exit 0
        ;;
      --version | -v )
        version
        exit 0
        ;;
      *)
        error_and_usage "Unrecognized option: $1"
        ;;
      esac
      shift
    done
    port_forward_assignment
    exit 0
    
    Hope this helps someone!
     

Share This Page