Search the Community
Showing results for tags 'raspbian'.
nojohnny101 posted a topic in Member TutorialsHey everyone, This is my first post so please be kind. I waned to post a tutorial about how I got a kill switch system working on my raspberry pi using openvpn and connecting through TorGuard. For my purposes, this kill switch is customizable to kill any applications' connections to the internet if the VPN goes down for whatever reason. This method also attempts to reconnect to alternative servers and when connection is established again, it relaunches the application(s) you originally killed. I couldn't find a tutorial for a killswitch that was specific to raspberry pi and torguard. NOTE: I am a novice, through and through. I know this probably can be done easier and more elegantly by someone with any amount of experience. This method currently serves my needs, but if you have constructive feedback, please do share! Credit: This post is a conglomeration of tutorials and instruction from various sites including: OpenVPN with deluge and PIA various other google searches to solve problems that I ran into NOTES: - if you already have deluge setup and openvpn installed, skip to step step 18 for killswitch ASSUMPTIONS: - you are logged in as a non-root user 1) sudo apt-get update 2) sudo apt-get upgrade 3) install deluge: sudo apt-get install deluged sudo apt-get install deluge-console 4) run deluge to create configuration file: deluged 5) kill deluge while we make changes sudo pkill deluged 6) *OPTIONAL: make a backup of the configuration file before we modify it: sudo cp ~/.config/deluge/auth ~/.config/deluge/auth.bkp 7) open the configuration file in an editor: sudo nano ~/.config/deluge/auth 8) add this to the end of the configuration file user:password:level NOTE: user is whatever user account you want the deluge to run under; password is the password for the account; and level 10 gives full administrative privileges to deluge mine: I set mine as user "pi" (no quotes) 9) exit the editor by pressing "ctrl+x" then "y" then "enter" 10) start deluge again: deluged 10) let's one up deluge's console to make some changes: deluge-console 11) the code below will allow the thin client to access deluge: config -s allow_remote True then config allow_remote then exit the console: exit 12) let's restart deluge again: sudo pkill deluged then deluged TEST: let's make sure that you can connect to the deluge daemon on your raspberry pi. open another computer on the same local network as your raspberry pi and download the application deluge from their official website (http://deluge-torrent.org). After finishing installing that on your other computer, open the deluge client application on your computer (not the raspberry pi) 13) we need to change one setting in the deluge client in order for it to connect to deluge on the raspberry pi open up the preferences of the deluge client and go to "Interface" then uncheck the box "classic mode/enabled" 14) go ahead and restart the deluge client app on your non-raspberry pi computer 15) this time it will prompt you with a connection manager window. follow the steps: - click "add" - hostname: enter static IP address of your raspberry pi - username: enter the username you selected in step 8 - password: enter the password you created in step 8 - leave the port as default 16) while you are in the preferences of the deluge client app on your non-raspberry pi, you should set the folder where your torrents download to. look under the "downloads" section of the preferences to set this TEST: let's make sure you can download torrents. go ahead and grab a legal copy of a torrent (any of these: http://whirlpool.net.au/wiki/test_torrents)and drag it onto the deluge client app on your non-raspberry pi computer to see if it starts downloading it; 17) install openvpn with the corresponding torguard .ovpn files by following this tutorial: https://torguard.net/knowledgebase.php?action=displayarticle&id=174 18) let's modify one part of that tutorial (step 17). we are going to change a command that was outlined in that tutorial. do the following: cd /etc/openvpn/ crontab -e - choose whatever editor you want if it prompts you (I use nano) - modify this line: @reboot sudo openvpn --daemon --cd /etc/openvpn --config TorGuard.Canada.ovpn and replace it with: @reboot sudo openvpn --daemon --cd /etc/openvpn --config mastervpn.ovpn we will create this "matervpn.ovpn file in a bit, don't worry, it doesn't exist yet NOTE: before you start this next part, make sure you have killed the openvpn process: sudo killall -9 openvpn KILLSWITCH PART After you have openvpn installed, let's setup the killswitch that will: - immediately kill deluge on your raspberry pi if the VPN connection goes down - attempt to reconnect to alternative VPN servers - when a successful connection is established, it will restart deluge 19) first let's create our master .ovpn file that we are going to use to connect to torgaurd's VPN server(s) cd /etc/openvpn/ sudo mkdir mastervpn.ovpn you can call the file whatever you want, I named it "mastervpn.ovpn" in this case 20) next let's make it executable: sudo chmod u+x,g+x,o+x mastervpn.ovpn 21) first let's copy the configuration file of any of the other servers, preferably one of the ones you want to connect to: nano TorGuard.USA-CHICAGO.ovpn - highlight everything in that window and copy it press "crtl+x" then to exit the editor 22) now open up the mastervpn.ovpn file and paste the code you just copied: sudo nano mastervpn.ovpn 23) we are going to add some additional things you can insert them anywhere, I inserted mine just before the torguard server name. here an example of the my mastervpn.ovpn file: clientdev tun proto udp route-up route-up.sh down down.sh remote chi.central.usa.torguardvpnaccess.com 1912 remote ny.east.usa.torguardvpnaccess.com 1912 remote la.west.usa.torguardvpnaccess.com 1912 remote lon.uk.torguardvpnaccess.com 1912 resolv-retry 300 nobind persist-key persist-tun ca ca.crt tls-auth ta.key 1 auth SHA256 cipher AES-128-CBC remote-cert-tls server auth-user-pass user.txt comp-lzo verb 1 reneg-sec 0 fast-io # Uncomment these directives if you have speed issues ;sndbuf 393216 ;rcvbuf 393216 ;push "sndbuf 393216" ;push "rcvbuf 393216" almost all of this is the default, the only parts I added were the things in red: - the route-up route-up.sh line tells the VPN that when it successfully establishes a VPN connection, to execute the route-up.sh script (we haven't created that yet, we will soon) - the down down.sh similarity tells openvpn to execute the down.sh script when the VPN connection drops for whatever reason - those servers are just a list of servers that I want openvpn to connect to. you can replace these with whatever servers you want, just pull the names from the other .ovpn files that you got from torguard when you installed openvpn. if you have multiple listed like I do, openvpn will attempt to connect to the first one, and if successful will use that one. if for some reason it can't connect or drops a connection and can't reconnect, it will try the next one, and so on and so forth. you can list as many as you want. 24) let's save this file - press "ctrl x" then "y" then "enter" 25) now let's create our scripts, first "route-up.sh": cd /etc/openvpn/ sudo nano route-up.sh 26) copy and paste the following text into the blank window: sudo ip rule add from xx.x.x.x table 10 sudo ip route add default via yy.y.y.y table 10 sudo iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE sudo -u pi deluged PID=$! sleep 3 kill -2 $PID 2>/dev/null - the first and second lines allow you to still SSH into your raspberry pi while it is connected to the VPN. replace the "xx.x.x.x" with the static IP address of your raspberry pi and "yy.y.y.y" is the IP address of your router - the third line add the appropriate iptables rules that will route all traffic through your VPN tunnel - the last couple of lines starts deluge on your raspberry pi (the last 3 lines is get around a problem of the wrong lib torrent version being incompatible with deluge) 27) save that file press "ctrl x" then "y" then "enter" 28) let's create the "down.sh" sudo nano down.sh 29) post the following code into the blank window: sudo pkill deluged sudo iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE this will kill deluge on your raspberry pi if the VPN goes down and then removes the routing table so that when connected from the internet, you still have internet on your raspberry pi 30) save that file press "ctrl x" then "y" then "enter" 31) now let's make sure they are executable: sudo chmod u+x,g+x,o+x down.sh sudo chmod u+x,g+x,o+x route-up.sh Everything should work now. you can test by manually running your down.sh and route-up.sh scripts to see if they properly quit and restart deluge on your raspberry pi. Thanks!