Jump to content
TorGuard
Sign in to follow this  
nojohnny101

OpenVPN Killswitch method for Raspberry Pi 3 (deluge)

Rate this topic

Recommended Posts

nojohnny101

Hey everyone,

This is my first post so please be kind. I waned to post a tutorial about how I got a kill switch system working on my raspberry pi using openvpn and connecting through TorGuard. For my purposes, this kill switch is customizable to kill any applications' connections to the internet if the VPN goes down for whatever reason. This method also attempts to reconnect to alternative servers and when connection is established again, it relaunches the application(s) you originally killed. I couldn't find a tutorial for a killswitch that was specific to raspberry pi and torguard.

 

NOTE: I am a novice, through and through. I know this probably can be done easier and more elegantly by someone with any amount of experience. This method currently serves my needs, but if you have constructive feedback, please do share!

 

Credit: This post is a conglomeration of tutorials and instruction from various sites including:

OpenVPN with deluge and PIA

various other google searches to solve problems that I ran into

 

NOTES:

- if you already have deluge setup and openvpn installed, skip to step step 18 for killswitch

 

ASSUMPTIONS:

- you are logged in as a non-root user

 

1)

sudo apt-get update

2)

sudo apt-get upgrade

3) install deluge:

sudo apt-get install deluged
sudo apt-get install deluge-console

4) run deluge to create configuration file:

deluged

5) kill deluge while we make changes

sudo pkill deluged

6) *OPTIONAL: make a backup of the configuration file before we modify it:

sudo cp ~/.config/deluge/auth ~/.config/deluge/auth.bkp

7) open the configuration file in an editor:

sudo nano ~/.config/deluge/auth

8) add this to the end of the configuration file

user:password:level

NOTE: user is whatever user account you want the deluge to run under; password is the password for the account; and level 10 gives full administrative privileges to deluge

mine: I set mine as user "pi" (no quotes)

 

9) exit the editor by pressing "ctrl+x" then "y" then "enter"

 

10) start deluge again:

deluged

10) let's one up deluge's console to make some changes:

deluge-console

11) the code below will allow the thin client to access deluge:

config -s allow_remote True

then

config allow_remote

then exit the console:

exit

12) let's restart deluge again:

sudo pkill deluged

then

deluged

TEST:

let's make sure that you can connect to the deluge daemon on your raspberry pi. open another computer on the same local network as your raspberry pi and download the application deluge from their official website (http://deluge-torrent.org).

 

After finishing installing that on your other computer, open the deluge client application on your computer (not the raspberry pi)

 

13) we need to change one setting in the deluge client in order for it to connect to deluge on the raspberry pi

open up the preferences of the deluge client and go to "Interface" then uncheck the box "classic mode/enabled"

14) go ahead and restart the deluge client app on your non-raspberry pi computer

 

15) this time it will prompt you with a connection manager window. follow the steps:

- click "add"
- hostname: enter static IP address of your raspberry pi
- username: enter the username you selected in step 8
- password: enter the password you created in step 8
- leave the port as default

16) while you are in the preferences of the deluge client app on your non-raspberry pi, you should set the folder where your torrents download to. look under the "downloads" section of the preferences to set this

 

 

TEST:

let's make sure you can download torrents. go ahead and grab a legal copy of a torrent (any of these: http://whirlpool.net.au/wiki/test_torrents)and drag it onto the deluge client app on your non-raspberry pi computer to see if it starts downloading it;

 

17) install openvpn with the corresponding torguard .ovpn files by following this tutorial:

https://torguard.net/knowledgebase.php?action=displayarticle&id=174

18) let's modify one part of that tutorial (step 17). we are going to change a command that was outlined in that tutorial. do the following:

cd /etc/openvpn/
crontab -e
- choose whatever editor you want if it prompts you (I use nano)
- modify this line:
@reboot sudo openvpn --daemon --cd /etc/openvpn --config TorGuard.Canada.ovpn
and replace it with:
@reboot sudo openvpn --daemon --cd /etc/openvpn --config mastervpn.ovpn

we will create this "matervpn.ovpn file in a bit, don't worry, it doesn't exist yet

 

 

 

NOTE: before you start this next part, make sure you have killed the openvpn process:

sudo killall -9 openvpn

KILLSWITCH PART

After you have openvpn installed, let's setup the killswitch that will:

- immediately kill deluge on your raspberry pi if the VPN connection goes down

- attempt to reconnect to alternative VPN servers

- when a successful connection is established, it will restart deluge

 

19) first let's create our master .ovpn file that we are going to use to connect to torgaurd's VPN server(s)

cd /etc/openvpn/
sudo mkdir mastervpn.ovpn

you can call the file whatever you want, I named it "mastervpn.ovpn" in this case

 

20) next let's make it executable:

sudo chmod u+x,g+x,o+x mastervpn.ovpn

21) first let's copy the configuration file of any of the other servers, preferably one of the ones you want to connect to:

nano TorGuard.USA-CHICAGO.ovpn
- highlight everything in that window and copy it
press "crtl+x" then to exit the editor

22) now open up the mastervpn.ovpn file and paste the code you just copied:

sudo nano mastervpn.ovpn

23) we are going to add some additional things you can insert them anywhere, I inserted mine just before the torguard server name. here an example of the my mastervpn.ovpn file:

clientdev tun
proto udp
route-up route-up.sh
down down.sh
remote chi.central.usa.torguardvpnaccess.com 1912
remote ny.east.usa.torguardvpnaccess.com 1912
remote la.west.usa.torguardvpnaccess.com 1912
remote lon.uk.torguardvpnaccess.com 1912
resolv-retry 300
nobind
persist-key
persist-tun
ca ca.crt
tls-auth ta.key 1
auth SHA256
cipher AES-128-CBC
remote-cert-tls server
auth-user-pass user.txt
comp-lzo
verb 1
reneg-sec 0
fast-io
# Uncomment these directives if you have speed issues
;sndbuf 393216
;rcvbuf 393216
;push "sndbuf 393216"
;push "rcvbuf 393216"

almost all of this is the default, the only parts I added were the things in red:

- the route-up route-up.sh line tells the VPN that when it successfully establishes a VPN connection, to execute the route-up.sh script (we haven't created that yet, we will soon)

- the down down.sh similarity tells openvpn to execute the down.sh script when the VPN connection drops for whatever reason

- those servers are just a list of servers that I want openvpn to connect to. you can replace these with whatever servers you want, just pull the names from the other .ovpn files that you got from torguard when you installed openvpn. if you have multiple listed like I do, openvpn will attempt to connect to the first one, and if successful will use that one. if for some reason it can't connect or drops a connection and can't reconnect, it will try the next one, and so on and so forth. you can list as many as you want.

 

24) let's save this file

- press "ctrl x" then "y" then "enter"

25) now let's create our scripts, first "route-up.sh":

cd /etc/openvpn/
sudo nano route-up.sh

26) copy and paste the following text into the blank window:

sudo ip rule add from xx.x.x.x table 10
sudo ip route add default via yy.y.y.y table 10
sudo iptables -t nat -I POSTROUTING -o tun0 -j MASQUERADE
sudo -u pi deluged
PID=$!
sleep 3
kill -2 $PID 2>/dev/null
- the first and second lines allow you to still SSH into your raspberry pi while it is connected to the VPN. replace the "xx.x.x.x" with the static IP address of your raspberry pi and "yy.y.y.y" is the IP address of your router
- the third line add the appropriate iptables rules that will route all traffic through your VPN tunnel
- the last couple of lines starts deluge on your raspberry pi (the last 3 lines is get around a problem of the wrong lib torrent version being incompatible with deluge)
 
27) save that file
press "ctrl x" then "y" then "enter"

28) let's create the "down.sh"

 

sudo nano down.sh

29) post the following code into the blank window:

sudo pkill deluged
sudo iptables -t nat -D POSTROUTING -o tun0 -j MASQUERADE

this will kill deluge on your raspberry pi if the VPN goes down and then removes the routing table so that when connected from the internet, you still have internet on your raspberry pi

 

30) save that file

press "ctrl x" then "y" then "enter"

31) now let's make sure they are executable:

sudo chmod u+x,g+x,o+x down.sh
sudo chmod u+x,g+x,o+x route-up.sh

Everything should work now. you can test by manually running your down.sh and route-up.sh scripts to see if they properly quit and restart deluge on your raspberry pi.

 

 

Thanks!

Share this post


Link to post
Share on other sites
Torad

regarding:

 

"the third line add the appropriate iptables rules that will route all traffic through your VPN tunnel"

 

how do i find the appropiate iptables rules?

 

thanks!

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...